[T106][ZXW-22]7520V3SCV2.01.01.02P42U09_VEC_V0.8_AP_VEC origin source commit
Change-Id: Ic6e05d89ecd62fc34f82b23dcf306c93764aec4b
diff --git a/ap/lib/libwolfssl/install/bin/wolfssl-config b/ap/lib/libwolfssl/install/bin/wolfssl-config
new file mode 100755
index 0000000..8b046bf
--- /dev/null
+++ b/ap/lib/libwolfssl/install/bin/wolfssl-config
@@ -0,0 +1,117 @@
+#! /bin/sh
+
+package="wolfssl"
+version="4.8.1"
+libs="-lwolfssl -lpthread"
+
+prefix="/home/zhouguopo/code2/v3t/ap/project/zx297520v3/prj_mdl/build/../../../../lib/libwolfssl/install"
+exec_prefix="${prefix}"
+bindir="${exec_prefix}/bin"
+sbindir="${exec_prefix}/sbin"
+libexecdir="${exec_prefix}/libexec"
+datadir="${datarootdir}"
+sysconfdir="${prefix}/etc"
+sharedstatedir="${prefix}/com"
+localstatedir="${prefix}/var"
+libdir="${exec_prefix}/lib"
+infodir="${datarootdir}/info"
+mandir="${datarootdir}/man"
+includedir="${prefix}/include"
+target="arm-unknown-linux-gnu"
+host="arm-unknown-linux-gnu"
+build="x86_64-unknown-linux-gnu"
+
+if test "$#" -eq 0; then
+ cat <<EOF
+Usage: $package-config OPTIONS
+Options:
+ --prefix=DIR) : \$prefix
+ --package) : \$package
+ --version) : \$version
+ --cflags) : -I\$includedir
+ --libs) : -L\$libdir -l\$package
+ --help) print all the options (not just these)
+EOF
+fi
+
+o=""
+h=""
+for i in "$@"; do
+ case $i in
+ --prefix=*) prefix=`echo $i | sed -e "s/--prefix=//"` ;;
+ --prefix) o="$o $prefix" ;;
+ --package) o="$o $package" ;;
+ --version) o="$o $version" ;;
+ --cflags) if test "_$includedir" != "_/usr/include"
+ then o="$o -I$includedir" ; fi
+ ;;
+ --libs) o="$o -L$libdir $libs" ;;
+ --exec_prefix|--eprefix) o="$o $exec_prefix" ;;
+ --bindir) o="$o $bindir" ;;
+ --sbindir) o="$o $sbindir" ;;
+ --libexecdir) o="$o $libexecdir" ;;
+ --datadir) o="$o $datadir" ;;
+ --datainc) o="$o -I$datadir" ;;
+ --datalib) o="$o -L$datadir" ;;
+ --sysconfdir) o="$o $sysconfdir" ;;
+ --sharedstatedir) o="$o $sharedstatedir" ;;
+ --localstatedir) o="$o $localstatedir" ;;
+ --libdir) o="$o $libdir" ;;
+ --libadd) o="$o -L$libdir" ;;
+ --infodir) o="$o $infodir" ;;
+ --mandir) o="$o $mandir" ;;
+ --target) o="$o $target" ;;
+ --host) o="$o $host" ;;
+ --build) o="$o $build" ;;
+ --data) o="$o -I$datadir/$package" ;;
+ --pkgdatadir) o="$o $datadir/$package" ;;
+ --pkgdatainc) o="$o -I$datadir/$package" ;;
+ --pkgdatalib) o="$o -L$datadir/$package" ;;
+ --pkglibdir) o="$o $libdir/$package" ;;
+ --pkglibinc) o="$o -I$libinc/$package" ;;
+ --pkglibadd) o="$o -L$libadd/$package" ;;
+ --pkgincludedir) o="$o $includedir/$package" ;;
+ --help) h="1" ;;
+ -?//*|-?/*//*|-?./*//*|//*|/*//*|./*//*)
+ v=`echo $i | sed -e s://:\$:g`
+ v=`eval "echo $v"`
+ o="$o $v" ;;
+ esac
+done
+
+o=`eval "echo $o"`
+o=`eval "echo $o"`
+eval "echo $o"
+
+if test ! -z "$h" ; then
+cat <<EOF
+ --prefix=xxx) (what is that for anyway?)
+ --prefix) \$prefix $prefix
+ --package) \$package $package
+ --version) \$version $version
+ --cflags) -I\$includedir unless it is /usr/include
+ --libs) -L\$libdir -l\$PACKAGE \$LIBS
+ --exec_prefix) or...
+ --eprefix) \$exec_prefix $exec_prefix
+ --bindir) \$bindir $bindir
+ --sbindir) \$sbindir $sbindir
+ --libexecdir) \$libexecdir $libexecdir
+ --datadir) \$datadir $datadir
+ --sysconfdir) \$sysconfdir $sysconfdir
+ --sharedstatedir) \$sharedstatedir$sharedstatedir
+ --localstatedir) \$localstatedir $localstatedir
+ --libdir) \$libdir $libdir
+ --infodir) \$infodir $infodir
+ --mandir) \$mandir $mandir
+ --target) \$target $target
+ --host) \$host $host
+ --build) \$build $build
+ --data) -I\$datadir/\$package
+ --pkgdatadir) \$datadir/\$package
+ --pkglibdir) \$libdir/\$package
+ --pkgincludedir) \$includedir/\$package
+ --help) generated by ax_create_generic_config.m4
+ -I//varname and other inc-targets like --pkgdatainc supported
+ -L//varname and other lib-targets, e.g. --pkgdatalib or --libadd
+EOF
+fi
diff --git a/ap/lib/libwolfssl/install/include/cyassl/callbacks.h b/ap/lib/libwolfssl/install/include/cyassl/callbacks.h
new file mode 100644
index 0000000..7a1c1d4
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/callbacks.h
@@ -0,0 +1,23 @@
+/* callbacks.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/callbacks.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/certs_test.h b/ap/lib/libwolfssl/install/include/cyassl/certs_test.h
new file mode 100644
index 0000000..c8465ac
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/certs_test.h
@@ -0,0 +1,10 @@
+/* certs_test.h */
+
+#include <wolfssl/certs_test.h>
+
+#ifndef CYASSL_CERTS_TEST_H
+ #define CYASSL_CERTS_TEST_H WOLFSSL_CERTS_TEST_H
+#else
+ #undef CYASSL_CERTS_TEST_H
+ #define CYASSL_CERTS_TEST_H WOLFSSL_CERTS_TEST_H
+#endif
diff --git a/ap/lib/libwolfssl/install/include/cyassl/crl.h b/ap/lib/libwolfssl/install/include/cyassl/crl.h
new file mode 100644
index 0000000..a883879
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/crl.h
@@ -0,0 +1,23 @@
+/* crl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/crl.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/aes.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/aes.h
new file mode 100644
index 0000000..3973c8f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/aes.h
@@ -0,0 +1,61 @@
+/* aes.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_AES
+
+#ifndef CTAO_CRYPT_AES_H
+#define CTAO_CRYPT_AES_H
+
+#include <wolfssl/wolfcrypt/aes.h>
+#define AesSetKey wc_AesSetKey
+#define AesSetIV wc_AesSetIV
+#define AesCbcEncrypt wc_AesCbcEncrypt
+#define AesCbcDecrypt wc_AesCbcDecrypt
+#define AesCbcDecryptWithKey wc_AesCbcDecryptWithKey
+
+/* AES-CTR */
+#ifdef WOLFSSL_AES_COUNTER
+ #define AesCtrEncrypt wc_AesCtrEncrypt
+#endif
+/* AES-DIRECT */
+#if defined(WOLFSSL_AES_DIRECT)
+ #define AesEncryptDirect wc_AesEncryptDirect
+ #define AesDecryptDirect wc_AesDecryptDirect
+ #define AesSetKeyDirect wc_AesSetKeyDirect
+#endif
+#ifdef HAVE_AESGCM
+ #define AesGcmSetKey wc_AesGcmSetKey
+ #define AesGcmEncrypt wc_AesGcmEncrypt
+ #define AesGcmDecrypt wc_AesGcmDecrypt
+ #define GmacSetKey wc_GmacSetKey
+ #define GmacUpdate wc_GmacUpdate
+#endif /* HAVE_AESGCM */
+#ifdef HAVE_AESCCM
+ #define AesCcmSetKey wc_AesCcmSetKey
+ #define AesCcmEncrypt wc_AesCcmEncrypt
+ #define AesCcmDecrypt wc_AesCcmDecrypt
+#endif /* HAVE_AESCCM */
+
+#endif /* CTAO_CRYPT_AES_H */
+#endif /* NO_AES */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/arc4.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/arc4.h
new file mode 100644
index 0000000..ff7440c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/arc4.h
@@ -0,0 +1,36 @@
+/* arc4.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef CTAO_CRYPT_ARC4_H
+#define CTAO_CRYPT_ARC4_H
+
+/* for arc4 reverse compatibility */
+#ifndef NO_RC4
+#include <wolfssl/wolfcrypt/arc4.h>
+ #define Arc4Process wc_Arc4Process
+ #define Arc4SetKey wc_Arc4SetKey
+ #define Arc4AsyncInit wc_Arc4AsyncInit
+ #define Arc4AsyncFree wc_Arc4AsyncFree
+#endif
+
+#endif /* CTAO_CRYPT_ARC4_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/asn.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/asn.h
new file mode 100644
index 0000000..5ee090f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/asn.h
@@ -0,0 +1,48 @@
+/* asn.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef NO_ASN
+
+#ifndef CTAO_CRYPT_ASN_H
+#define CTAO_CRYPT_ASN_H
+
+/* pull in compatibility for each include */
+#include <cyassl/ctaocrypt/dh.h>
+#include <cyassl/ctaocrypt/dsa.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/md5.h>
+#include <cyassl/ctaocrypt/asn_public.h> /* public interface */
+#ifdef HAVE_ECC
+ #include <cyassl/ctaocrypt/ecc.h>
+#endif
+
+
+#include <wolfssl/wolfcrypt/asn.h>
+
+#ifndef NO_FILESYSTEM
+ #define CyaSSL_PemCertToDer wc_PemCertToDer
+#endif
+
+#endif /* CTAO_CRYPT_ASN_H */
+
+#endif /* !NO_ASN */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/asn_public.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/asn_public.h
new file mode 100644
index 0000000..b4dc6da
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/asn_public.h
@@ -0,0 +1,79 @@
+/* asn_public.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_ASN_PUBLIC_H
+#define CTAO_CRYPT_ASN_PUBLIC_H
+
+/* pull in compatibility for each of the includes */
+#include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ctaocrypt/ecc.h>
+#ifdef WOLFSSL_CERT_GEN
+ #include <cyassl/ctaocrypt/rsa.h>
+#endif
+
+#include <wolfssl/wolfcrypt/asn_public.h>
+#ifdef WOLFSSL_CERT_GEN
+ #define InitCert wc_InitCert
+ #define MakeCert wc_MakeCert
+
+ #ifdef WOLFSSL_CERT_REQ
+ #define MakeCertReq wc_MakeCertReq
+#endif
+
+ #define SignCert wc_SignCert
+ #define MakeSelfCert wc_MakeSelfCert
+ #define SetIssuer wc_SetIssuer
+ #define SetSubject wc_SetSubject
+
+ #ifdef WOLFSSL_ALT_NAMES
+ #define SetAltNames wc_SetAltNames
+#endif
+
+ #define SetIssuerBuffer wc_SetIssuerBuffer
+ #define SetSubjectBuffer wc_SetSubjectBuffer
+ #define SetAltNamesBuffer wc_SetAltNamesBuffer
+ #define SetDatesBuffer wc_SetDatesBuffer
+
+ #ifdef HAVE_NTRU
+ #define MakeNtruCert wc_MakeNtruCert
+ #endif
+
+#endif /* WOLFSSL_CERT_GEN */
+
+ #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
+ #define DerToPem wc_DerToPem
+#endif
+
+#ifdef HAVE_ECC
+ /* private key helpers */
+ #define EccPrivateKeyDecode wc_EccPrivateKeyDecode
+ #define EccKeyToDer wc_EccKeyToDer
+#endif
+
+ /* DER encode signature */
+ #define EncodeSignature wc_EncodeSignature
+ #define GetCTC_HashOID wc_GetCTC_HashOID
+
+#endif /* CTAO_CRYPT_ASN_PUBLIC_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2-impl.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2-impl.h
new file mode 100644
index 0000000..aa34a81
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2-impl.h
@@ -0,0 +1,43 @@
+/*
+ BLAKE2 reference source code package - reference C implementations
+
+ Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+/* blake2-impl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAOCRYPT_BLAKE2_IMPL_H
+#define CTAOCRYPT_BLAKE2_IMPL_H
+
+#include <cyassl/ctaocrypt/types.h>
+#include <wolfssl/wolfcrypt/blake2-impl.h>
+
+#endif /* CTAOCRYPT_BLAKE2_IMPL_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2-int.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2-int.h
new file mode 100644
index 0000000..062de2f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2-int.h
@@ -0,0 +1,44 @@
+/*
+ BLAKE2 reference source code package - reference C implementations
+
+ Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+/* blake2-int.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+#ifndef CTAOCRYPT_BLAKE2_INT_H
+#define CTAOCRYPT_BLAKE2_INT_H
+
+#include <cyassl/ctaocrypt/types.h>
+#include <wolfssl/wolfcrypt/blake2-int.h>
+
+#endif /* CTAOCRYPT_BLAKE2_INT_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2.h
new file mode 100644
index 0000000..377a515
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/blake2.h
@@ -0,0 +1,45 @@
+/* blake2.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifdef HAVE_BLAKE2
+
+#ifndef CTAOCRYPT_BLAKE2_H
+#define CTAOCRYPT_BLAKE2_H
+
+#include <wolfssl/wolfcrypt/blake2.h>
+
+/* for blake2 reverse compatibility */
+#ifndef HAVE_FIPS
+ #define InitBlake2b wc_InitBlake2b
+ #define Blake2bUpdate wc_Blake2bUpdate
+ #define Blake2bFinal wc_Blake2bFinal
+#else
+ /* name for when fips hmac calls blake */
+ #define wc_InitBlake2b InitBlake2b
+ #define wc_Blake2bUpdate Blake2bUpdate
+ #define wc_Blake2bFinal Blake2bFinal
+#endif /* HAVE_FIPS */
+
+#endif /* CTAOCRYPT_BLAKE2_H */
+#endif /* HAVE_BLAKE2 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/camellia.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/camellia.h
new file mode 100644
index 0000000..8db4a45
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/camellia.h
@@ -0,0 +1,39 @@
+/* camellia.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef CTAO_CRYPT_CAMELLIA_H
+#define CTAO_CRYPT_CAMELLIA_H
+
+
+/* for camellia reverse compatibility */
+#ifdef HAVE_CAMELLIA
+ #include <wolfssl/wolfcrypt/camellia.h>
+ #define CamelliaSetKey wc_CamelliaSetKey
+ #define CamelliaSetIV wc_CamelliaSetIV
+ #define CamelliaEncryptDirect wc_CamelliaEncryptDirect
+ #define CamelliaDecryptDirect wc_CamelliaDecryptDirect
+ #define CamelliaCbcEncrypt wc_CamelliaCbcEncrypt
+ #define CamelliaCbcDecrypt wc_CamelliaCbcDecrypt
+#endif
+
+#endif /* CTAO_CRYPT_CAMELLIA_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/chacha.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/chacha.h
new file mode 100644
index 0000000..0ad52ba
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/chacha.h
@@ -0,0 +1,36 @@
+/* chacha.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef CTAO_CRYPT_CHACHA_H
+#define CTAO_CRYPT_CHACHA_H
+
+
+/* for chacha reverse compatibility */
+#ifdef HAVE_CHACHA
+ #include <wolfssl/wolfcrypt/chacha.h>
+ #define Chacha_Process wc_Chacha_Process
+ #define Chacha_SetKey wc_Chacha_SetKey
+ #define Chacha_SetIV wc_Chacha_SetIV
+#endif
+
+#endif /* CTAO_CRYPT_CHACHA_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/coding.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/coding.h
new file mode 100644
index 0000000..7b433c7
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/coding.h
@@ -0,0 +1,30 @@
+/* coding.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_CODING_H
+#define CTAO_CRYPT_CODING_H
+
+#include <wolfssl/wolfcrypt/coding.h>
+
+#endif /* CTAO_CRYPT_CODING_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/compress.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/compress.h
new file mode 100644
index 0000000..f1f8cb3
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/compress.h
@@ -0,0 +1,38 @@
+/* compress.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifdef HAVE_LIBZ
+
+#ifndef CTAO_CRYPT_COMPRESS_H
+#define CTAO_CRYPT_COMPRESS_H
+
+#include <wolfssl/wolfcrypt/compress.h>
+
+/* reverse compatibility */
+#define Compress wc_Compress
+#define DeCompress wc_DeCompress
+
+#endif /* CTAO_CRYPT_COMPRESS_H */
+
+#endif /* HAVE_LIBZ */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/des3.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/des3.h
new file mode 100644
index 0000000..94fd5ea
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/des3.h
@@ -0,0 +1,49 @@
+/* des3.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_DES3
+
+#ifndef CTAO_CRYPT_DES3_H
+#define CTAO_CRYPT_DES3_H
+
+
+#include <wolfssl/wolfcrypt/des3.h>
+#define Des_SetKey wc_Des_SetKey
+#define Des_SetIV wc_Des_SetIV
+#define Des_CbcEncrypt wc_Des_CbcEncrypt
+#define Des_CbcDecrypt wc_Des_CbcDecrypt
+#define Des_EcbEncrypt wc_Des_EcbEncrypt
+#define Des_CbcDecryptWithKey wc_Des_CbcDecryptWithKey
+#define Des3_SetKey wc_Des3_SetKey
+#define Des3_SetIV wc_Des3_SetIV
+#define Des3_CbcEncrypt wc_Des3_CbcEncrypt
+#define Des3_CbcDecrypt wc_Des3_CbcDecrypt
+#define Des3_CbcDecryptWithKey wc_Des3_CbcDecryptWithKey
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #define Des3AsyncInit wc_Des3AsyncInit
+ #define Des3AsyncFree wc_Des3AsyncFree
+#endif
+
+#endif /* NO_DES3 */
+#endif /* CTAO_CRYPT_DES3_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/dh.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/dh.h
new file mode 100644
index 0000000..5cf5849
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/dh.h
@@ -0,0 +1,42 @@
+/* dh.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_DH
+
+#ifndef CTAO_CRYPT_DH_H
+#define CTAO_CRYPT_DH_H
+
+/* for dh reverse compatibility */
+#include <wolfssl/wolfcrypt/dh.h>
+#define InitDhKey wc_InitDhKey
+#define FreeDhKey wc_FreeDhKey
+#define DhGenerateKeyPair wc_DhGenerateKeyPair
+#define DhAgree wc_DhAgree
+#define DhKeyDecode wc_DhKeyDecode
+#define DhSetKey wc_DhSetKey
+#define DhParamsLoad wc_DhParamsLoad
+
+#endif /* CTAO_CRYPT_DH_H */
+
+#endif /* NO_DH */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/dsa.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/dsa.h
new file mode 100644
index 0000000..60c8159
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/dsa.h
@@ -0,0 +1,33 @@
+/* dsa.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_DSA
+
+#ifndef CTAO_CRYPT_DSA_H
+#define CTAO_CRYPT_DSA_H
+
+#include <wolfssl/wolfcrypt/dsa.h>
+
+#endif /* CTAO_CRYPT_DSA_H */
+#endif /* NO_DSA */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/ecc.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/ecc.h
new file mode 100644
index 0000000..6e1e1dc
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/ecc.h
@@ -0,0 +1,69 @@
+/* ecc.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_ECC
+
+#ifndef CTAO_CRYPT_ECC_H
+#define CTAO_CRYPT_ECC_H
+
+#include <wolfssl/wolfcrypt/ecc.h>
+
+/* includes for compatibility */
+#include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ctaocrypt/integer.h>
+#include <cyassl/ctaocrypt/random.h>
+
+/* for ecc reverse compatibility */
+#ifdef HAVE_ECC
+ #define ecc_make_key wc_ecc_make_key
+ #define ecc_shared_secret wc_ecc_shared_secret
+ #define ecc_sign_hash wc_ecc_sign_hash
+ #define ecc_verify_hash wc_ecc_verify_hash
+ #define ecc_init wc_ecc_init
+ #define ecc_free wc_ecc_free
+ #define ecc_fp_free wc_ecc_fp_free
+ #define ecc_export_x963 wc_ecc_export_x963
+ #define ecc_size wc_ecc_size
+ #define ecc_sig_size wc_ecc_sig_size
+ #define ecc_export_x963_ex wc_ecc_export_x963_ex
+ #define ecc_import_x963 wc_ecc_import_x963
+ #define ecc_import_private_key wc_ecc_import_private_key
+ #define ecc_rs_to_sig wc_ecc_rs_to_sig
+ #define ecc_import_raw wc_ecc_import_raw
+ #define ecc_export_private_only wc_ecc_export_private_only
+
+#ifdef HAVE_ECC_ENCRYPT
+ /* ecc encrypt */
+ #define ecc_ctx_new wc_ecc_ctx_new
+ #define ecc_ctx_free wc_ecc_ctx_free
+ #define ecc_ctx_reset wc_ecc_ctx_reset
+ #define ecc_ctx_get_own_salt wc_ecc_ctx_get_own_salt
+ #define ecc_ctx_set_peer_salt wc_ecc_ctx_set_peer_salt
+ #define ecc_ctx_set_info wc_ecc_ctx_set_info
+ #define ecc_encrypt wc_ecc_encrypt
+ #define ecc_decrypt wc_ecc_decrypt
+#endif /* HAVE_ECC_ENCRYPT */
+#endif
+
+#endif /* CTAO_CRYPT_ECC_H */
+#endif /* HAVE_ECC */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/error-crypt.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/error-crypt.h
new file mode 100644
index 0000000..061de02
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/error-crypt.h
@@ -0,0 +1,33 @@
+/* error-crypt.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_ERROR_H
+#define CTAO_CRYPT_ERROR_H
+
+/* for name change and fips compatibility @wc_fips */
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#define CTaoCryptErrorString wc_ErrorString
+#define CTaoCryptGetErrorString wc_GetErrorString
+
+#endif /* CTAO_CRYPT_ERROR_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/fips_test.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/fips_test.h
new file mode 100644
index 0000000..561da88
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/fips_test.h
@@ -0,0 +1,59 @@
+/* fips_test.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_FIPS_TEST_H
+#define CTAO_CRYPT_FIPS_TEST_H
+
+#include <cyassl/ctaocrypt/types.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Known Answer Test string inputs are hex, internal */
+CYASSL_LOCAL int DoKnownAnswerTests(char*, int);
+
+
+/* FIPS failure callback */
+typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash);
+
+/* Public set function */
+CYASSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
+
+/* Public get status functions */
+CYASSL_API int wolfCrypt_GetStatus_fips(void);
+CYASSL_API const char* wolfCrypt_GetCoreHash_fips(void);
+
+#ifdef HAVE_FORCE_FIPS_FAILURE
+ /* Public function to force failure mode for operational testing */
+ CYASSL_API int wolfCrypt_SetStatus_fips(int);
+#endif
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* CTAO_CRYPT_FIPS_TEST_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/hc128.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/hc128.h
new file mode 100644
index 0000000..3783893
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/hc128.h
@@ -0,0 +1,40 @@
+/* hc128.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_HC128
+
+#ifndef CTAO_CRYPT_HC128_H
+#define CTAO_CRYPT_HC128_H
+
+#include <wolfssl/wolfcrypt/hc128.h>
+
+/* for hc128 reverse compatibility */
+#ifdef HAVE_HC128
+ #define Hc128_Process wc_Hc128_Process
+ #define Hc128_SetKey wc_Hc128_SetKey
+#endif
+
+#endif /* CTAO_CRYPT_HC128_H */
+
+#endif /* HAVE_HC128 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/hmac.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/hmac.h
new file mode 100644
index 0000000..04fb6fb
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/hmac.h
@@ -0,0 +1,45 @@
+/* hmac.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_HMAC
+
+#ifndef CTAO_CRYPT_HMAC_H
+#define CTAO_CRYPT_HMAC_H
+
+#include <wolfssl/wolfcrypt/hmac.h>
+#define HmacSetKey wc_HmacSetKey
+#define HmacUpdate wc_HmacUpdate
+#define HmacFinal wc_HmacFinal
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #define HmacAsyncInit wc_HmacAsyncInit
+ #define HmacAsyncFree wc_HmacAsyncFree
+#endif
+#define CyaSSL_GetHmacMaxSize wolfSSL_GetHmacMaxSize
+#ifdef HAVE_HKDF
+ #define HKDF wc_HKDF
+#endif /* HAVE_HKDF */
+
+#endif /* CTAO_CRYPT_HMAC_H */
+
+#endif /* NO_HMAC */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/integer.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/integer.h
new file mode 100644
index 0000000..2ee59a3
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/integer.h
@@ -0,0 +1,35 @@
+/* integer.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/*
+ * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
+ * http://math.libtomcrypt.com
+ */
+
+
+#ifndef CTAO_CRYPT_INTEGER_H
+#define CTAO_CRYPT_INTEGER_H
+
+#include <wolfssl/wolfcrypt/integer.h>
+
+#endif /* CTAO_CRYPT_INTEGER_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/logging.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/logging.h
new file mode 100644
index 0000000..37dc576
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/logging.h
@@ -0,0 +1,41 @@
+/* logging.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* submitted by eof */
+
+
+#ifndef CYASSL_LOGGING_H
+#define CYASSL_LOGGING_H
+
+/* for fips compatibility @wc_fips */
+#include <wolfssl/wolfcrypt/logging.h>
+#define CYASSL_LEAVE WOLFSSL_LEAVE
+#define CYASSL_ERROR WOLFSSL_ERROR
+#define CYASSL_ENTER WOLFSSL_ENTER
+#define CYASSL_MSG WOLFSSL_MSG
+/* check old macros possibly declared */
+#if defined(DEBUG_CYASSL) && !defined(DEBUG_WOLFSSL)
+ #define DEBUG_WOLFSSL
+#endif
+
+#endif /* CYASSL_LOGGING_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md2.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md2.h
new file mode 100644
index 0000000..b01cc6e
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md2.h
@@ -0,0 +1,43 @@
+/* md2.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* check for old macro */
+#if !defined(CYASSL_MD2) && defined(WOLFSSL_MD2)
+ #define CYASSL_MD2
+#endif
+
+#ifdef CYASSL_MD2
+
+#ifndef CTAO_CRYPT_MD2_H
+#define CTAO_CRYPT_MD2_H
+
+#include <wolfssl/wolfcrypt/md2.h>
+
+#define InitMd2 wc_InitMd2
+#define Md2Update wc_Md2Update
+#define Md2Final wc_Md2Final
+#define Md2Hash wc_Md2Hash
+
+#endif /* CTAO_CRYPT_MD2_H */
+#endif /* CYASSL_MD2 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md4.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md4.h
new file mode 100644
index 0000000..463a68d
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md4.h
@@ -0,0 +1,38 @@
+/* md4.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_MD4
+
+#ifndef CTAO_CRYPT_MD4_H
+#define CTAO_CRYPT_MD4_H
+
+#include <wolfssl/wolfcrypt/md4.h>
+
+#define InitMd4 wc_InitMd4
+#define Md4Update wc_Md4Update
+#define Md4Final wc_Md4Final
+
+#endif /* CTAO_CRYPT_MD4_H */
+
+#endif /* NO_MD4 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md5.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md5.h
new file mode 100644
index 0000000..77d99ae
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/md5.h
@@ -0,0 +1,45 @@
+/* md5.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef NO_MD5
+
+#ifndef CTAO_CRYPT_MD5_H
+#define CTAO_CRYPT_MD5_H
+
+#include <wolfssl/wolfcrypt/md5.h>
+
+#ifndef HAVE_FIPS
+ #define InitMd5 wc_InitMd5
+ #define Md5Update wc_Md5Update
+ #define Md5Final wc_Md5Final
+ #define Md5Hash wc_Md5Hash
+#else
+ /* redfined name so that hmac is calling same function names with fips */
+ #define wc_InitMd5 InitMd5
+ #define wc_Md5Update Md5Update
+ #define wc_Md5Final Md5Final
+ #define wc_Md5Hash Md5Hash
+#endif
+
+#endif /* CTAO_CRYPT_MD5_H */
+#endif /* NO_MD5 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/memory.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/memory.h
new file mode 100644
index 0000000..0084be7
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/memory.h
@@ -0,0 +1,42 @@
+/* memory.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* submitted by eof */
+
+
+#ifndef CYASSL_MEMORY_H
+#define CYASSL_MEMORY_H
+
+
+#include <wolfssl/wolfcrypt/memory.h>
+#define CyaSSL_Malloc_cb wolfSSL_Malloc_cb
+#define CyaSSL_Free_cb wolfSSL_Free_cb
+#define CyaSSL_Realloc_cb wolfSSL_Realloc_cb
+#define CyaSSL_SetAllocators wolfSSL_SetAllocators
+
+/* Public in case user app wants to use XMALLOC/XFREE */
+#define CyaSSL_Malloc wolfSSL_Malloc
+#define CyaSSL_Free wolfSSL_Free
+#define CyaSSL_Realloc wolfSSL_Realloc
+
+#endif /* CYASSL_MEMORY_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/misc.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/misc.h
new file mode 100644
index 0000000..f311fc9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/misc.h
@@ -0,0 +1,30 @@
+/* misc.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_MISC_H
+#define CTAO_CRYPT_MISC_H
+
+#include <wolfssl/wolfcrypt/misc.h>
+
+#endif /* CTAO_CRYPT_MISC_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/mpi_class.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/mpi_class.h
new file mode 100644
index 0000000..134b714
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/mpi_class.h
@@ -0,0 +1,24 @@
+/* mpi_class.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/wolfcrypt/mpi_class.h>
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/mpi_superclass.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/mpi_superclass.h
new file mode 100644
index 0000000..3a5d80e
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/mpi_superclass.h
@@ -0,0 +1,27 @@
+/* mpi_superclass.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* super class file for PK algos */
+
+#include <wolfssl/wolfcrypt/mpi_superclass.h>
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/pkcs7.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/pkcs7.h
new file mode 100644
index 0000000..3760567
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/pkcs7.h
@@ -0,0 +1,53 @@
+/* pkcs7.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifdef HAVE_PKCS7
+
+#ifndef CTAO_CRYPT_PKCS7_H
+#define CTAO_CRYPT_PKCS7_H
+
+/* pull in compatibility for old includes */
+#include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ctaocrypt/asn.h>
+#include <cyassl/ctaocrypt/asn_public.h>
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/des3.h>
+
+#include <wolfssl/wolfcrypt/pkcs7.h>
+
+/* for pkcs7 reverse compatibility */
+#define SetContentType wc_SetContentType
+#define GetContentType wc_GetContentType
+#define CreateRecipientInfo wc_CreateRecipientInfo
+#define PKCS7_InitWithCert wc_PKCS7_InitWithCert
+#define PKCS7_Free wc_PKCS7_Free
+#define PKCS7_EncodeData wc_PKCS7_EncodeData
+#define PKCS7_EncodeSignedData wc_PKCS7_EncodeSignedData
+#define PKCS7_VerifySignedData wc_PKCS7_VerifySignedData
+#define PKCS7_EncodeEnvelopedData wc_PKCS7_EncodeEnvelopedData
+#define PKCS7_DecodeEnvelopedData wc_PKCS7_DecodeEnvelopedData
+
+#endif /* CTAO_CRYPT_PKCS7_H */
+
+#endif /* HAVE_PKCS7 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/poly1305.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/poly1305.h
new file mode 100644
index 0000000..e44be6c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/poly1305.h
@@ -0,0 +1,39 @@
+/* poly1305.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifdef HAVE_POLY1305
+
+#ifndef CTAO_CRYPT_POLY1305_H
+#define CTAO_CRYPT_POLY1305_H
+
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+/* for poly1305 reverse compatibility */
+#define Poly1305SetKey wc_Poly1305SetKey
+#define Poly1305Update wc_Poly1305Update
+#define Poly1305Final wc_Poly1305Final
+
+#endif /* CTAO_CRYPT_POLY1305_H */
+
+#endif /* HAVE_POLY1305 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/pwdbased.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/pwdbased.h
new file mode 100644
index 0000000..75df424
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/pwdbased.h
@@ -0,0 +1,37 @@
+/* pwdbased.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_PWDBASED
+
+#ifndef CTAO_CRYPT_PWDBASED_H
+#define CTAO_CRYPT_PWDBASED_H
+
+/* for pwdbased reverse compatibility */
+#include <wolfssl/wolfcrypt/pwdbased.h>
+#define PBKDF1 wc_PBKDF1
+#define PBKDF2 wc_PBKDF2
+#define PKCS12_PBKDF wc_PKCS12_PBKDF
+
+#endif /* CTAO_CRYPT_PWDBASED_H */
+#endif /* NO_PWDBASED */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/rabbit.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/rabbit.h
new file mode 100644
index 0000000..365e4ba
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/rabbit.h
@@ -0,0 +1,40 @@
+/* rabbit.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_RABBIT
+
+#ifndef CTAO_CRYPT_RABBIT_H
+#define CTAO_CRYPT_RABBIT_H
+
+#include <wolfssl/wolfcrypt/rabbit.h>
+
+/* for rabbit reverse compatibility */
+#ifndef NO_RABBIT
+ #define RabbitProcess wc_RabbitProcess
+ #define RabbitSetKey wc_RabbitSetKey
+#endif
+
+#endif /* CTAO_CRYPT_RABBIT_H */
+
+#endif /* NO_RABBIT */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/random.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/random.h
new file mode 100644
index 0000000..44ca532
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/random.h
@@ -0,0 +1,39 @@
+/* random.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_RANDOM_H
+#define CTAO_CRYPT_RANDOM_H
+
+ /* for random.h compatibility */
+ #include <wolfssl/wolfcrypt/random.h>
+ #define InitRng wc_InitRng
+ #define RNG_GenerateBlock wc_RNG_GenerateBlock
+ #define RNG_GenerateByte wc_RNG_GenerateByte
+ #define FreeRng wc_FreeRng
+
+ #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+ #define RNG_HealthTest wc_RNG_HealthTest
+ #endif /* HAVE_HASHDRBG || NO_RC4 */
+
+#endif /* CTAO_CRYPT_RANDOM_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/ripemd.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/ripemd.h
new file mode 100644
index 0000000..b9c2fee
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/ripemd.h
@@ -0,0 +1,38 @@
+/* ripemd.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+#ifndef CTAO_CRYPT_RIPEMD_H
+#define CTAO_CRYPT_RIPEME_H
+
+#include <wolfssl/wolfcrypt/ripemd.h>
+
+/* for ripemd reverse compatibility */
+#ifdef WOLFSSL_RIPEMD
+ #define InitRipeMd wc_InitRipeMd
+ #define RipeMdUpdate wc_RipeMdUpdate
+ #define RipeMdFinal wc_RipeMdFinal
+#endif
+
+#endif /* CTAO_CRYPT_RIPEMD_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/rsa.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/rsa.h
new file mode 100644
index 0000000..6a8b643
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/rsa.h
@@ -0,0 +1,58 @@
+/* rsa.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef NO_RSA
+
+#ifndef CTAO_CRYPT_RSA_H
+#define CTAO_CRYPT_RSA_H
+
+#include <wolfssl/wolfcrypt/rsa.h>
+/* includes for their compatibility */
+#include <cyassl/ctaocrypt/integer.h>
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/settings.h>
+
+#define InitRsaKey wc_InitRsaKey
+#define FreeRsaKey wc_FreeRsaKey
+#define RsaPublicEncrypt wc_RsaPublicEncrypt
+#define RsaPrivateDecryptInline wc_RsaPrivateDecryptInline
+#define RsaPrivateDecrypt wc_RsaPrivateDecrypt
+#define RsaSSL_Sign wc_RsaSSL_Sign
+#define RsaSSL_VerifyInline wc_RsaSSL_VerifyInline
+#define RsaSSL_Verify wc_RsaSSL_Verify
+#define RsaEncryptSize wc_RsaEncryptSize
+#define RsaFlattenPublicKey wc_RsaFlattenPublicKey
+
+#ifdef WOLFSSL_KEY_GEN
+ #define MakeRsaKey wc_MakeRsaKey
+ #define RsaKeyToDer wc_RsaKeyToDer
+ #define CheckProbablePrime wc_CheckProbablePrime
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #define RsaAsyncInit wc_RsaAsyncInit
+ #define RsaAsyncFree wc_RsaAsyncFree
+#endif
+
+#endif /* CTAO_CRYPT_RSA_H */
+
+#endif /* NO_RSA */
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/settings.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/settings.h
new file mode 100644
index 0000000..adac2b4
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/settings.h
@@ -0,0 +1,725 @@
+/* settings.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* Place OS specific preprocessor flags, defines, includes here, will be
+ included into every file because types.h includes it */
+
+
+#ifndef CTAO_CRYPT_SETTINGS_H
+#define CTAO_CRYPT_SETTINGS_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Uncomment next line if using IPHONE */
+/* #define IPHONE */
+
+/* Uncomment next line if using ThreadX */
+/* #define THREADX */
+
+/* Uncomment next line if using Micrium ucOS */
+/* #define MICRIUM */
+
+/* Uncomment next line if using Mbed */
+/* #define MBED */
+
+/* Uncomment next line if using Microchip PIC32 ethernet starter kit */
+/* #define MICROCHIP_PIC32 */
+
+/* Uncomment next line if using Microchip TCP/IP stack, version 5 */
+/* #define MICROCHIP_TCPIP_V5 */
+
+/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
+/* #define MICROCHIP_TCPIP */
+
+/* Uncomment next line if using PIC32MZ Crypto Engine */
+/* #define CYASSL_MICROCHIP_PIC32MZ */
+
+/* Uncomment next line if using FreeRTOS */
+/* #define FREERTOS */
+
+/* Uncomment next line if using FreeRTOS Windows Simulator */
+/* #define FREERTOS_WINSIM */
+
+/* Uncomment next line if using RTIP */
+/* #define EBSNET */
+
+/* Uncomment next line if using lwip */
+/* #define CYASSL_LWIP */
+
+/* Uncomment next line if building CyaSSL for a game console */
+/* #define CYASSL_GAME_BUILD */
+
+/* Uncomment next line if building CyaSSL for LSR */
+/* #define CYASSL_LSR */
+
+/* Uncomment next line if building CyaSSL for Freescale MQX/RTCS/MFS */
+/* #define FREESCALE_MQX */
+
+/* Uncomment next line if using STM32F2 */
+/* #define CYASSL_STM32F2 */
+
+/* Uncomment next line if using QL SEP settings */
+/* #define CYASSL_QL */
+
+/* Uncomment next line if building for EROAD */
+/* #define CYASSL_EROAD */
+
+/* Uncomment next line if building for IAR EWARM */
+/* #define CYASSL_IAR_ARM */
+
+/* Uncomment next line if using TI-RTOS settings */
+/* #define CYASSL_TIRTOS */
+
+/* Uncomment next line if building with PicoTCP */
+/* #define CYASSL_PICOTCP */
+
+/* Uncomment next line if building for PicoTCP demo bundle */
+/* #define CYASSL_PICOTCP_DEMO */
+
+#include <cyassl/ctaocrypt/visibility.h>
+
+#ifdef IPHONE
+ #define SIZEOF_LONG_LONG 8
+#endif
+
+
+#ifdef CYASSL_USER_SETTINGS
+ #include <user_settings.h>
+#endif
+
+/* for reverse compatibility after name change */
+#include <cyassl/ctaocrypt/settings_comp.h>
+
+#ifdef THREADX
+ #define SIZEOF_LONG_LONG 8
+#endif
+
+#ifdef HAVE_NETX
+ #include "nx_api.h"
+#endif
+
+#if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */
+ #define CYASSL_LWIP
+ #define NO_WRITEV
+ #define SINGLE_THREADED
+ #define CYASSL_USER_IO
+ #define NO_FILESYSTEM
+#endif
+
+#if defined(CYASSL_IAR_ARM)
+ #define NO_MAIN_DRIVER
+ #define SINGLE_THREADED
+ #define USE_CERT_BUFFERS_1024
+ #define BENCH_EMBEDDED
+ #define NO_FILESYSTEM
+ #define NO_WRITEV
+ #define CYASSL_USER_IO
+ #define BENCH_EMBEDDED
+#endif
+
+#ifdef MICROCHIP_PIC32
+ /* #define CYASSL_MICROCHIP_PIC32MZ */
+ #define SIZEOF_LONG_LONG 8
+ #define SINGLE_THREADED
+ #define CYASSL_USER_IO
+ #define NO_WRITEV
+ #define NO_DEV_RANDOM
+ #define NO_FILESYSTEM
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+#endif
+
+#if defined(CYASSL_MICROCHIP_PIC32MZ) || defined(WOLFSSL_MICROCHIP_PIC32MZ)
+ #ifndef NO_PIC32MZ_CRYPT
+ #define WOLFSSL_PIC32MZ_CRYPT
+ #endif
+ #ifndef NO_PIC32MZ_RNG
+ #define WOLFSSL_PIC32MZ_RNG
+ #endif
+ #ifndef NO_PIC32MZ_HASH
+ #define WOLFSSL_PIC32MZ_HASH
+ #endif
+
+ #define CYASSL_AES_COUNTER
+ #define HAVE_AESGCM
+ #define NO_BIG_INT
+#endif
+
+#ifdef MICROCHIP_TCPIP_V5
+ /* include timer functions */
+ #include "TCPIP Stack/TCPIP.h"
+#endif
+
+#ifdef MICROCHIP_TCPIP
+ /* include timer, NTP functions */
+ #ifdef MICROCHIP_MPLAB_HARMONY
+ #include "tcpip/tcpip.h"
+ #else
+ #include "system/system_services.h"
+ #include "tcpip/sntp.h"
+ #endif
+#endif
+
+#ifdef MBED
+ #define CYASSL_USER_IO
+ #define NO_FILESYSTEM
+ #define NO_CERTS
+ #define USE_CERT_BUFFERS_1024
+ #define NO_WRITEV
+ #define NO_DEV_RANDOM
+ #define NO_SHA512
+ #define NO_DH
+ #define NO_DSA
+ #define NO_HC128
+ #define HAVE_ECC
+ #define NO_SESSION_CACHE
+ #define CYASSL_CMSIS_RTOS
+#endif
+
+
+#ifdef CYASSL_EROAD
+ #define FREESCALE_MQX
+ #define FREESCALE_MMCAU
+ #define SINGLE_THREADED
+ #define NO_STDIO_FILESYSTEM
+ #define CYASSL_LEANPSK
+ #define HAVE_NULL_CIPHER
+ #define NO_OLD_TLS
+ #define NO_ASN
+ #define NO_BIG_INT
+ #define NO_RSA
+ #define NO_DSA
+ #define NO_DH
+ #define NO_CERTS
+ #define NO_PWDBASED
+ #define NO_DES3
+ #define NO_MD4
+ #define NO_RC4
+ #define NO_MD5
+ #define NO_SESSION_CACHE
+ #define NO_MAIN_DRIVER
+#endif
+
+#ifdef CYASSL_PICOTCP
+ #define errno pico_err
+ #include "pico_defines.h"
+ #include "pico_stack.h"
+ #include "pico_constants.h"
+ #define CUSTOM_RAND_GENERATE pico_rand
+#endif
+
+#ifdef CYASSL_PICOTCP_DEMO
+ #define CYASSL_STM32
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define XMALLOC(s, h, type) PICO_ZALLOC((s))
+ #define XFREE(p, h, type) PICO_FREE((p))
+ #define SINGLE_THREADED
+ #define NO_WRITEV
+ #define CYASSL_USER_IO
+ #define NO_DEV_RANDOM
+ #define NO_FILESYSTEM
+#endif
+
+#ifdef FREERTOS_WINSIM
+ #define FREERTOS
+ #define USE_WINDOWS_API
+#endif
+
+
+/* Micrium will use Visual Studio for compilation but not the Win32 API */
+#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
+ && !defined(EBSNET) && !defined(CYASSL_EROAD) && !defined(INTIME_RTOS)
+ #define USE_WINDOWS_API
+#endif
+
+
+#if defined(CYASSL_LEANPSK) && !defined(XMALLOC_USER)
+ #include <stdlib.h>
+ #define XMALLOC(s, h, type) malloc((s))
+ #define XFREE(p, h, type) free((p))
+ #define XREALLOC(p, n, h, t) realloc((p), (n))
+#endif
+
+#if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
+ #undef XMALLOC
+ #define XMALLOC yaXMALLOC
+ #undef XFREE
+ #define XFREE yaXFREE
+ #undef XREALLOC
+ #define XREALLOC yaXREALLOC
+#endif
+
+
+#ifdef FREERTOS
+ #ifndef NO_WRITEV
+ #define NO_WRITEV
+ #endif
+ #ifndef NO_SHA512
+ #define NO_SHA512
+ #endif
+ #ifndef NO_DH
+ #define NO_DH
+ #endif
+ #ifndef NO_DSA
+ #define NO_DSA
+ #endif
+ #ifndef NO_HC128
+ #define NO_HC128
+ #endif
+
+ #ifndef SINGLE_THREADED
+ #include "FreeRTOS.h"
+ #include "semphr.h"
+ #endif
+#endif
+
+#ifdef CYASSL_TIRTOS
+ #define SIZEOF_LONG_LONG 8
+ #define NO_WRITEV
+ #define NO_CYASSL_DIR
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define NO_DEV_RANDOM
+ #define NO_FILESYSTEM
+ #define USE_CERT_BUFFERS_2048
+ #define NO_ERROR_STRINGS
+ #define USER_TIME
+
+ #ifdef __IAR_SYSTEMS_ICC__
+ #pragma diag_suppress=Pa089
+ #elif !defined(__GNUC__)
+ /* Suppress the sslpro warning */
+ #pragma diag_suppress=11
+ #endif
+
+ #include <ti/ndk/nettools/mytime/mytime.h>
+#endif
+
+#ifdef EBSNET
+ #include "rtip.h"
+
+ /* #define DEBUG_CYASSL */
+ #define NO_CYASSL_DIR /* tbd */
+
+ #if (POLLOS)
+ #define SINGLE_THREADED
+ #endif
+
+ #if (RTPLATFORM)
+ #if (!RTP_LITTLE_ENDIAN)
+ #define BIG_ENDIAN_ORDER
+ #endif
+ #else
+ #if (!KS_LITTLE_ENDIAN)
+ #define BIG_ENDIAN_ORDER
+ #endif
+ #endif
+
+ #if (WINMSP3)
+ #undef SIZEOF_LONG
+ #define SIZEOF_LONG_LONG 8
+ #else
+ #if !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
+ #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG
+ #endif
+ #endif
+
+ #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC))
+ #define XFREE(p, h, type) (rtp_free(p))
+ #define XREALLOC(p, n, h, t) realloc((p), (n))
+
+#endif /* EBSNET */
+
+#ifdef CYASSL_GAME_BUILD
+ #define SIZEOF_LONG_LONG 8
+ #if defined(__PPU) || defined(__XENON)
+ #define BIG_ENDIAN_ORDER
+ #endif
+#endif
+
+#ifdef CYASSL_LSR
+ #define HAVE_WEBSERVER
+ #define SIZEOF_LONG_LONG 8
+ #define CYASSL_LOW_MEMORY
+ #define NO_WRITEV
+ #define NO_SHA512
+ #define NO_DH
+ #define NO_DSA
+ #define NO_HC128
+ #define NO_DEV_RANDOM
+ #define NO_CYASSL_DIR
+ #define NO_RABBIT
+ #ifndef NO_FILESYSTEM
+ #define LSR_FS
+ #include "inc/hw_types.h"
+ #include "fs.h"
+ #endif
+ #define CYASSL_LWIP
+ #include <errno.h> /* for tcp errno */
+ #define CYASSL_SAFERTOS
+ #if defined(__IAR_SYSTEMS_ICC__)
+ /* enum uses enum */
+ #pragma diag_suppress=Pa089
+ #endif
+#endif
+
+#ifdef CYASSL_SAFERTOS
+ #ifndef SINGLE_THREADED
+ #include "SafeRTOS/semphr.h"
+ #endif
+
+ #include "SafeRTOS/heap.h"
+ #define XMALLOC(s, h, type) pvPortMalloc((s))
+ #define XFREE(p, h, type) vPortFree((p))
+ #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
+#endif
+
+#ifdef CYASSL_LOW_MEMORY
+ #undef RSA_LOW_MEM
+ #define RSA_LOW_MEM
+ #undef CYASSL_SMALL_STACK
+ #define CYASSL_SMALL_STACK
+ #undef TFM_TIMING_RESISTANT
+ #define TFM_TIMING_RESISTANT
+#endif
+
+#ifdef FREESCALE_MQX
+ #define SIZEOF_LONG_LONG 8
+ #define NO_WRITEV
+ #define NO_DEV_RANDOM
+ #define NO_RABBIT
+ #define NO_CYASSL_DIR
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define FREESCALE_K70_RNGA
+ /* #define FREESCALE_K53_RNGB */
+ #include "mqx.h"
+ #ifndef NO_FILESYSTEM
+ #include "mfs.h"
+ #include "fio.h"
+ #endif
+ #ifndef SINGLE_THREADED
+ #include "mutex.h"
+ #endif
+
+ #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s))
+ #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));}
+ /* Note: MQX has no realloc, using fastmath above */
+#endif
+
+#ifdef CYASSL_STM32F2
+ #define SIZEOF_LONG_LONG 8
+ #define NO_DEV_RANDOM
+ #define NO_CYASSL_DIR
+ #define NO_RABBIT
+ #define STM32F2_RNG
+ #define STM32F2_CRYPTO
+ #define KEIL_INTRINSICS
+#endif
+
+#ifdef MICRIUM
+
+ #include "stdlib.h"
+ #include "net_cfg.h"
+ #include "ssl_cfg.h"
+ #include "net_secure_os.h"
+
+ #define CYASSL_TYPES
+
+ typedef CPU_INT08U byte;
+ typedef CPU_INT16U word16;
+ typedef CPU_INT32U word32;
+
+ #if (NET_SECURE_MGR_CFG_WORD_SIZE == CPU_WORD_SIZE_32)
+ #define SIZEOF_LONG 4
+ #undef SIZEOF_LONG_LONG
+ #else
+ #undef SIZEOF_LONG
+ #define SIZEOF_LONG_LONG 8
+ #endif
+
+ #define STRING_USER
+
+ #define XSTRLEN(pstr) ((CPU_SIZE_T)Str_Len((CPU_CHAR *)(pstr)))
+ #define XSTRNCPY(pstr_dest, pstr_src, len_max) \
+ ((CPU_CHAR *)Str_Copy_N((CPU_CHAR *)(pstr_dest), \
+ (CPU_CHAR *)(pstr_src), (CPU_SIZE_T)(len_max)))
+ #define XSTRNCMP(pstr_1, pstr_2, len_max) \
+ ((CPU_INT16S)Str_Cmp_N((CPU_CHAR *)(pstr_1), \
+ (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
+ #define XSTRSTR(pstr, pstr_srch) \
+ ((CPU_CHAR *)Str_Str((CPU_CHAR *)(pstr), \
+ (CPU_CHAR *)(pstr_srch)))
+ #define XMEMSET(pmem, data_val, size) \
+ ((void)Mem_Set((void *)(pmem), (CPU_INT08U) (data_val), \
+ (CPU_SIZE_T)(size)))
+ #define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \
+ (void *)(psrc), (CPU_SIZE_T)(size)))
+ #define XMEMCMP(pmem_1, pmem_2, size) \
+ (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), (void *)(pmem_2), \
+ (CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES)
+ #define XMEMMOVE XMEMCPY
+
+#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
+ #define MICRIUM_MALLOC
+ #define XMALLOC(s, h, type) ((void *)NetSecure_BlkGet((CPU_INT08U)(type), \
+ (CPU_SIZE_T)(s), (void *)0))
+ #define XFREE(p, h, type) (NetSecure_BlkFree((CPU_INT08U)(type), \
+ (p), (void *)0))
+ #define XREALLOC(p, n, h, t) realloc((p), (n))
+#endif
+
+ #if (NET_SECURE_MGR_CFG_FS_EN == DEF_ENABLED)
+ #undef NO_FILESYSTEM
+ #else
+ #define NO_FILESYSTEM
+ #endif
+
+ #if (SSL_CFG_TRACE_LEVEL == CYASSL_TRACE_LEVEL_DBG)
+ #define DEBUG_CYASSL
+ #else
+ #undef DEBUG_CYASSL
+ #endif
+
+ #if (SSL_CFG_OPENSSL_EN == DEF_ENABLED)
+ #define OPENSSL_EXTRA
+ #else
+ #undef OPENSSL_EXTRA
+ #endif
+
+ #if (SSL_CFG_MULTI_THREAD_EN == DEF_ENABLED)
+ #undef SINGLE_THREADED
+ #else
+ #define SINGLE_THREADED
+ #endif
+
+ #if (SSL_CFG_DH_EN == DEF_ENABLED)
+ #undef NO_DH
+ #else
+ #define NO_DH
+ #endif
+
+ #if (SSL_CFG_DSA_EN == DEF_ENABLED)
+ #undef NO_DSA
+ #else
+ #define NO_DSA
+ #endif
+
+ #if (SSL_CFG_PSK_EN == DEF_ENABLED)
+ #undef NO_PSK
+ #else
+ #define NO_PSK
+ #endif
+
+ #if (SSL_CFG_3DES_EN == DEF_ENABLED)
+ #undef NO_DES3
+ #else
+ #define NO_DES3
+ #endif
+
+ #if (SSL_CFG_AES_EN == DEF_ENABLED)
+ #undef NO_AES
+ #else
+ #define NO_AES
+ #endif
+
+ #if (SSL_CFG_RC4_EN == DEF_ENABLED)
+ #undef NO_RC4
+ #else
+ #define NO_RC4
+ #endif
+
+ #if (SSL_CFG_RABBIT_EN == DEF_ENABLED)
+ #undef NO_RABBIT
+ #else
+ #define NO_RABBIT
+ #endif
+
+ #if (SSL_CFG_HC128_EN == DEF_ENABLED)
+ #undef NO_HC128
+ #else
+ #define NO_HC128
+ #endif
+
+ #if (CPU_CFG_ENDIAN_TYPE == CPU_ENDIAN_TYPE_BIG)
+ #define BIG_ENDIAN_ORDER
+ #else
+ #undef BIG_ENDIAN_ORDER
+ #define LITTLE_ENDIAN_ORDER
+ #endif
+
+ #if (SSL_CFG_MD4_EN == DEF_ENABLED)
+ #undef NO_MD4
+ #else
+ #define NO_MD4
+ #endif
+
+ #if (SSL_CFG_WRITEV_EN == DEF_ENABLED)
+ #undef NO_WRITEV
+ #else
+ #define NO_WRITEV
+ #endif
+
+ #if (SSL_CFG_USER_RNG_SEED_EN == DEF_ENABLED)
+ #define NO_DEV_RANDOM
+ #else
+ #undef NO_DEV_RANDOM
+ #endif
+
+ #if (SSL_CFG_USER_IO_EN == DEF_ENABLED)
+ #define CYASSL_USER_IO
+ #else
+ #undef CYASSL_USER_IO
+ #endif
+
+ #if (SSL_CFG_DYNAMIC_BUFFERS_EN == DEF_ENABLED)
+ #undef LARGE_STATIC_BUFFERS
+ #undef STATIC_CHUNKS_ONLY
+ #else
+ #define LARGE_STATIC_BUFFERS
+ #define STATIC_CHUNKS_ONLY
+ #endif
+
+ #if (SSL_CFG_DER_LOAD_EN == DEF_ENABLED)
+ #define CYASSL_DER_LOAD
+ #else
+ #undef CYASSL_DER_LOAD
+ #endif
+
+ #if (SSL_CFG_DTLS_EN == DEF_ENABLED)
+ #define CYASSL_DTLS
+ #else
+ #undef CYASSL_DTLS
+ #endif
+
+ #if (SSL_CFG_CALLBACKS_EN == DEF_ENABLED)
+ #define CYASSL_CALLBACKS
+ #else
+ #undef CYASSL_CALLBACKS
+ #endif
+
+ #if (SSL_CFG_FAST_MATH_EN == DEF_ENABLED)
+ #define USE_FAST_MATH
+ #else
+ #undef USE_FAST_MATH
+ #endif
+
+ #if (SSL_CFG_TFM_TIMING_RESISTANT_EN == DEF_ENABLED)
+ #define TFM_TIMING_RESISTANT
+ #else
+ #undef TFM_TIMING_RESISTANT
+ #endif
+
+#endif /* MICRIUM */
+
+
+#ifdef CYASSL_QL
+ #ifndef CYASSL_SEP
+ #define CYASSL_SEP
+ #endif
+ #ifndef OPENSSL_EXTRA
+ #define OPENSSL_EXTRA
+ #endif
+ #ifndef SESSION_CERTS
+ #define SESSION_CERTS
+ #endif
+ #ifndef HAVE_AESCCM
+ #define HAVE_AESCCM
+ #endif
+ #ifndef ATOMIC_USER
+ #define ATOMIC_USER
+ #endif
+ #ifndef CYASSL_DER_LOAD
+ #define CYASSL_DER_LOAD
+ #endif
+ #ifndef KEEP_PEER_CERT
+ #define KEEP_PEER_CERT
+ #endif
+ #ifndef HAVE_ECC
+ #define HAVE_ECC
+ #endif
+ #ifndef SESSION_INDEX
+ #define SESSION_INDEX
+ #endif
+#endif /* CYASSL_QL */
+
+
+#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
+ !defined(CYASSL_LEANPSK) && !defined(NO_CYASSL_MEMORY)
+ #define USE_CYASSL_MEMORY
+#endif
+
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+ #undef KEEP_PEER_CERT
+ #define KEEP_PEER_CERT
+#endif
+
+
+/* stream ciphers except arc4 need 32bit alignment, intel ok without */
+#ifndef XSTREAM_ALIGNMENT
+ #if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
+ #define NO_XSTREAM_ALIGNMENT
+ #else
+ #define XSTREAM_ALIGNMENT
+ #endif
+#endif
+
+
+/* FreeScale MMCAU hardware crypto has 4 byte alignment */
+#ifdef FREESCALE_MMCAU
+ #define CYASSL_MMCAU_ALIGNMENT 4
+#endif
+
+/* if using hardware crypto and have alignment requirements, specify the
+ requirement here. The record header of SSL/TLS will prvent easy alignment.
+ This hint tries to help as much as possible. */
+#ifndef CYASSL_GENERAL_ALIGNMENT
+ #ifdef CYASSL_AESNI
+ #define CYASSL_GENERAL_ALIGNMENT 16
+ #elif defined(XSTREAM_ALIGNMENT)
+ #define CYASSL_GENERAL_ALIGNMENT 4
+ #elif defined(FREESCALE_MMCAU)
+ #define CYASSL_GENERAL_ALIGNMENT CYASSL_MMCAU_ALIGNMENT
+ #else
+ #define CYASSL_GENERAL_ALIGNMENT 0
+ #endif
+#endif
+
+
+#ifdef __INTEL_COMPILER
+ #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
+#endif
+
+
+/* Place any other flags or defines here */
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* CTAO_CRYPT_SETTINGS_H */
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/settings_comp.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/settings_comp.h
new file mode 100644
index 0000000..8565e1a
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/settings_comp.h
@@ -0,0 +1,72 @@
+/* settings_comp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef CTAO_CRYPT_SETTINGS_C_H
+#define CTAO_CRYPT_SETTINGS_C_H
+
+
+/* since fips overrides rsa.h map compatibility here */
+#if !defined(NO_RSA)
+ #ifdef WOLFSSL_KEY_GEN
+ #define RsaKeyToDer wc_RsaKeyToDer
+ #endif
+
+ #define RsaPrivateKeyDecode wc_RsaPrivateKeyDecode
+ #define RsaPublicKeyDecode wc_RsaPublicKeyDecode
+ #define RsaPublicKeyDecodeRaw wc_RsaPublicKeyDecodeRaw
+#endif /* have rsa and HAVE_FIPS */
+
+/* Macro redefinitions for compatibility */
+#ifdef HAVE_NTRU
+ #define MakeNtruCert wc_MakeNtruCert
+#endif
+#if defined(WOLFSSL_SHA512) && !defined(CYASSL_SHA512)
+ #define CYASSL_SHA512
+#endif
+#if defined(WOLFSSL_SHA384) && !defined(CYASSL_SHA384)
+ #define CYASSL_SHA384
+#endif
+#if defined(WOLFSSL_LEANPSK) && !defined(CYASSL_LEANPSK)
+ #define CYASSL_LEANPSK
+#endif
+#if defined(NO_WOLFSSL_MEMORY) && !defined(NO_CYASSL_MEMORY)
+ #define NO_CYASSL_MEMORY
+#endif
+#if defined(WOLFSSL_KEY_GEN) && !defined(CYASSL_KEY_GEN)
+ #define CYASSL_KEY_GEN
+#endif
+
+/* AES */
+#if defined(WOLFSSL_AES_DIRECT) && !defined(CYASSL_AES_DIRECT)
+ #define CYASSL_AES_DIRECT
+#endif
+#if defined(WOLFSSL_AES_COUNTER) && !defined(CYASSL_AES_COUNTER)
+ #define CYASSL_AES_COUNTER
+#endif
+
+/* DES */
+#if defined(WOLFSSL_DES_ECB) && !defined(CYASSL_DES_ECB)
+ #define CYASSL_DES_ECB
+#endif
+
+#endif /* CTAO_CRYPT_SETTINGS_C_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha.h
new file mode 100644
index 0000000..78b9342
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha.h
@@ -0,0 +1,37 @@
+/* sha.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef NO_SHA
+
+#ifndef CTAO_CRYPT_SHA_H
+#define CTAO_CRYPT_SHA_H
+
+#include <wolfssl/wolfcrypt/sha.h>
+#define InitSha wc_InitSha
+#define ShaUpdate wc_ShaUpdate
+#define ShaFinal wc_ShaFinal
+#define ShaHash wc_ShaHash
+
+#endif /* CTAO_CRYPT_SHA_H */
+#endif /* NO_SHA */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha256.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha256.h
new file mode 100644
index 0000000..a2fb7c0
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha256.h
@@ -0,0 +1,46 @@
+/* sha256.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+
+#ifndef NO_SHA256
+
+#ifndef CTAO_CRYPT_SHA256_H
+#define CTAO_CRYPT_SHA256_H
+
+#include <wolfssl/wolfcrypt/sha256.h>
+#define InitSha256 wc_InitSha256
+#define Sha256Update wc_Sha256Update
+#define Sha256Final wc_Sha256Final
+#define Sha256Hash wc_Sha256Hash
+
+#ifdef WOLFSSL_SHA224
+ #define InitSha224 wc_InitSha224
+ #define Sha224Update wc_Sha224Update
+ #define Sha224Final wc_Sha224Final
+ #define Sha224Hash wc_Sha224Hash
+#endif
+
+#endif /* CTAO_CRYPT_SHA256_H */
+#endif /* NO_SHA256 */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha512.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha512.h
new file mode 100644
index 0000000..cc679a5
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/sha512.h
@@ -0,0 +1,41 @@
+/* sha512.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_SHA512_H
+#define CTAO_CRYPT_SHA512_H
+
+#include <wolfssl/wolfcrypt/sha512.h>
+#define InitSha512 wc_InitSha512
+#define Sha512Update wc_Sha512Update
+#define Sha512Final wc_Sha512Final
+#define Sha512Hash wc_Sha512Hash
+
+#if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
+ #define InitSha384 wc_InitSha384
+ #define Sha384Update wc_Sha384Update
+ #define Sha384Final wc_Sha384Final
+ #define Sha384Hash wc_Sha384Hash
+#endif /* WOLFSSL_SHA384 */
+
+#endif /* CTAO_CRYPT_SHA512_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/tfm.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/tfm.h
new file mode 100644
index 0000000..3037934
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/tfm.h
@@ -0,0 +1,42 @@
+/* tfm.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/*
+ * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
+ * http://math.libtomcrypt.com
+ */
+
+
+/**
+ * Edited by Moisés Guimarães (moises.guimaraes@phoebus.com.br)
+ * to fit CyaSSL's needs.
+ */
+
+
+#ifndef CTAO_CRYPT_TFM_H
+#define CTAO_CRYPT_TFM_H
+
+#include <wolfssl/wolfcrypt/tfm.h>
+
+#endif /* CTAO_CRYPT_TFM_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/types.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/types.h
new file mode 100644
index 0000000..e865062
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/types.h
@@ -0,0 +1,39 @@
+/* types.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_TYPES_H
+#define CTAO_CRYPT_TYPES_H
+
+#include <cyassl/ctaocrypt/wc_port.h>
+#include <cyassl/ctaocrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+/* compatibility macros */
+#define CYASSL_WORD_SIZE WOLFSSL_WORD_SIZE
+#define CYASSL_BIT_SIZE WOLFSSL_BIT_SIZE
+#define CYASSL_MAX_16BIT WOLFSSL_MAX_16BIT
+#define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ
+#define cyassl_word wolfssl_word
+
+#endif /* CTAO_CRYPT_TYPES_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/visibility.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/visibility.h
new file mode 100644
index 0000000..51e2ca9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/visibility.h
@@ -0,0 +1,73 @@
+/* visibility.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* Visibility control macros */
+
+#ifndef CTAO_CRYPT_VISIBILITY_H
+#define CTAO_CRYPT_VISIBILITY_H
+
+/* fips compatibility @wc_fips */
+#ifndef HAVE_FIPS
+ #include <wolfssl/wolfcrypt/visibility.h>
+ #define CYASSL_API WOLFSSL_API
+ #define CYASSL_LOCAL WOLFSSL_LOCAL
+#else
+/* CYASSL_API is used for the public API symbols.
+ It either imports or exports (or does nothing for static builds)
+
+ CYASSL_LOCAL is used for non-API symbols (private).
+*/
+
+#if defined(BUILDING_WOLFSSL)
+ #if defined(HAVE_VISIBILITY) && HAVE_VISIBILITY
+ #define CYASSL_API __attribute__ ((visibility("default")))
+ #define CYASSL_LOCAL __attribute__ ((visibility("hidden")))
+ #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550)
+ #define CYASSL_API __global
+ #define CYASSL_LOCAL __hidden
+ #elif defined(_MSC_VER)
+ #ifdef CYASSL_DLL
+ #define CYASSL_API extern __declspec(dllexport)
+ #else
+ #define CYASSL_API
+ #endif
+ #define CYASSL_LOCAL
+ #else
+ #define CYASSL_API
+ #define CYASSL_LOCAL
+ #endif /* HAVE_VISIBILITY */
+#else /* BUILDING_WOLFSSL */
+ #if defined(_MSC_VER)
+ #ifdef CYASSL_DLL
+ #define CYASSL_API extern __declspec(dllimport)
+ #else
+ #define CYASSL_API
+ #endif
+ #define CYASSL_LOCAL
+ #else
+ #define CYASSL_API
+ #define CYASSL_LOCAL
+ #endif
+#endif /* BUILDING_WOLFSSL */
+#endif /* HAVE_FIPS */
+#endif /* CTAO_CRYPT_VISIBILITY_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/wc_port.h b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/wc_port.h
new file mode 100644
index 0000000..b330803
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ctaocrypt/wc_port.h
@@ -0,0 +1,32 @@
+/* port.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef CTAO_CRYPT_PORT_H
+#define CTAO_CRYPT_PORT_H
+
+#include <cyassl/ctaocrypt/visibility.h>
+#include <wolfssl/wolfcrypt/wc_port.h>
+#define CyaSSL_Mutex wolfSSL_Mutex
+
+#endif /* CTAO_CRYPT_PORT_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/error-ssl.h b/ap/lib/libwolfssl/install/include/cyassl/error-ssl.h
new file mode 100644
index 0000000..13fd5d6
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/error-ssl.h
@@ -0,0 +1,23 @@
+/* error-ssl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/error-ssl.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ocsp.h b/ap/lib/libwolfssl/install/include/cyassl/ocsp.h
new file mode 100644
index 0000000..bb11e56
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ocsp.h
@@ -0,0 +1,23 @@
+/* ocsp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/ocsp.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/asn1.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/asn1.h
new file mode 100644
index 0000000..35be23f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/asn1.h
@@ -0,0 +1,3 @@
+/* asn1.h for openssl */
+
+#include <wolfssl/openssl/asn1.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/bio.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/bio.h
new file mode 100644
index 0000000..8f52983
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/bio.h
@@ -0,0 +1,4 @@
+/* bio.h for openssl */
+
+#include <wolfssl/openssl/bio.h>
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/bn.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/bn.h
new file mode 100644
index 0000000..e14f4e2
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/bn.h
@@ -0,0 +1,3 @@
+/* bn.h for openssl */
+
+#include <wolfssl/openssl/bn.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/conf.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/conf.h
new file mode 100644
index 0000000..4005ea9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/conf.h
@@ -0,0 +1,3 @@
+/* conf.h for openssl */
+
+#include <wolfssl/openssl/conf.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/crypto.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/crypto.h
new file mode 100644
index 0000000..32e1108
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/crypto.h
@@ -0,0 +1,4 @@
+/* crypto.h for openSSL */
+
+#include <wolfssl/openssl/crypto.h>
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/des.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/des.h
new file mode 100644
index 0000000..79a06b7
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/des.h
@@ -0,0 +1,28 @@
+/* des.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* des.h defines mini des openssl compatibility layer
+ *
+ */
+
+#include <wolfssl/openssl/des.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/dh.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/dh.h
new file mode 100644
index 0000000..6fd8e36
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/dh.h
@@ -0,0 +1,4 @@
+/* dh.h for openSSL */
+
+
+#include <wolfssl/openssl/dh.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/dsa.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/dsa.h
new file mode 100644
index 0000000..39ddf8c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/dsa.h
@@ -0,0 +1,12 @@
+/* dsa.h for openSSL */
+
+#ifndef CYASSL_OPENSSL_DSA
+#define CYASSL_OPENSSL_DSA
+
+#define CyaSSL_DSA_LoadDer wolfSSL_DSA_LoadDer
+#define CyaSSL_DSA_do_sign wolfSSL_DSA_do_sign
+
+#include <cyassl/openssl/ssl.h>
+#include <wolfssl/openssl/dsa.h>
+#endif
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ec.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ec.h
new file mode 100644
index 0000000..1ce8aa9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ec.h
@@ -0,0 +1,3 @@
+/* ec.h for openssl */
+
+#include <wolfssl/openssl/ec.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ec25519.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ec25519.h
new file mode 100644
index 0000000..6ee8945
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ec25519.h
@@ -0,0 +1,3 @@
+/* ec25519.h */
+
+#include <wolfssl/openssl/ec25519.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ec448.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ec448.h
new file mode 100644
index 0000000..c3fe4c3
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ec448.h
@@ -0,0 +1,3 @@
+/* ec448.h */
+
+#include <wolfssl/openssl/ec448.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ecdh.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ecdh.h
new file mode 100644
index 0000000..b774bf0
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ecdh.h
@@ -0,0 +1,3 @@
+/* ecdh.h for openssl */
+
+#include <wolfssl/openssl/ecdh.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ecdsa.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ecdsa.h
new file mode 100644
index 0000000..9a1c02b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ecdsa.h
@@ -0,0 +1,3 @@
+/* ecdsa.h for openssl */
+
+#include <wolfssl/openssl/ecdsa.h>
\ No newline at end of file
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ed25519.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ed25519.h
new file mode 100644
index 0000000..240cbca
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ed25519.h
@@ -0,0 +1,3 @@
+/* ed25519.h */
+
+#include <wolfssl/openssl/ed25519.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ed448.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ed448.h
new file mode 100644
index 0000000..ebb9c61
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ed448.h
@@ -0,0 +1,3 @@
+/* ed448.h */
+
+#include <wolfssl/openssl/ed448.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/engine.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/engine.h
new file mode 100644
index 0000000..fcce4bd
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/engine.h
@@ -0,0 +1,5 @@
+/* engine.h for libcurl */
+
+#include <wolfssl/openssl/engine.h>
+
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/err.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/err.h
new file mode 100644
index 0000000..3611117
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/err.h
@@ -0,0 +1,3 @@
+/* err.h for openssl */
+
+#include <wolfssl/openssl/err.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/evp.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/evp.h
new file mode 100644
index 0000000..af81c10
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/evp.h
@@ -0,0 +1,41 @@
+/* evp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* evp.h defines mini evp openssl compatibility layer
+ *
+ */
+
+#ifndef CYASSL_OPENSSL_EVP
+#define CYASSL_OPENSSL_EVP
+
+#define CyaSSL_StoreExternalIV wolfSSL_StoreExternalIV
+#define CyaSSL_SetInternalIV wolfSSL_SetInternalIV
+#define CYASSL_EVP_MD WOLFSSL_EVP_MD
+#define CyaSSL_EVP_X_STATE wolfSSL_EVP_X_STATE
+#define CyaSSL_EVP_X_STATE_LEN wolfSSL_EVP_X_STATE_LEN
+#define CyaSSL_3des_iv wolfSSL_3des_iv
+#define CyaSSL_aes_ctr_iv wolfSSL_aes_ctr_iv
+
+#include <wolfssl/openssl/evp.h>
+#endif
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/hmac.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/hmac.h
new file mode 100644
index 0000000..c93ef8d
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/hmac.h
@@ -0,0 +1,28 @@
+/* hmac.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* hmac.h defines mini hamc openssl compatibility layer
+ *
+ */
+
+#include <wolfssl/openssl/hmac.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/lhash.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/lhash.h
new file mode 100644
index 0000000..6285f6a
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/lhash.h
@@ -0,0 +1,3 @@
+/* lhash.h for openSSL */
+
+#include <wolfssl/openssl/lhash.h>
\ No newline at end of file
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/md4.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/md4.h
new file mode 100644
index 0000000..fb0d437
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/md4.h
@@ -0,0 +1,3 @@
+/* md4.h for libcurl */
+
+#include <wolfssl/openssl/md4.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/md5.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/md5.h
new file mode 100644
index 0000000..f3dd4e4
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/md5.h
@@ -0,0 +1,5 @@
+/* md5.h for openssl */
+
+
+#include <wolfssl/openssl/md5.h>
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ocsp.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ocsp.h
new file mode 100644
index 0000000..8c0f468
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ocsp.h
@@ -0,0 +1,3 @@
+/* ocsp.h for libcurl */
+
+#include <wolfssl/openssl/ocsp.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/opensslconf.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/opensslconf.h
new file mode 100644
index 0000000..7f21cd9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/opensslconf.h
@@ -0,0 +1,3 @@
+/* opensslconf.h for openSSL */
+
+#include <wolfssl/openssl/opensslconf.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/opensslv.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/opensslv.h
new file mode 100644
index 0000000..d119f82
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/opensslv.h
@@ -0,0 +1,3 @@
+/* opensslv.h compatibility */
+
+#include <wolfssl/openssl/opensslv.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ossl_typ.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ossl_typ.h
new file mode 100644
index 0000000..5e6e627
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ossl_typ.h
@@ -0,0 +1,3 @@
+/* ossl_typ.h for openssl */
+
+#include <wolfssl/openssl/ossl_typ.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/pem.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/pem.h
new file mode 100644
index 0000000..a07b912
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/pem.h
@@ -0,0 +1,3 @@
+/* pem.h for openssl */
+
+#include <wolfssl/openssl/pem.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/pkcs12.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/pkcs12.h
new file mode 100644
index 0000000..1fb089f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/pkcs12.h
@@ -0,0 +1,3 @@
+/* pkcs12.h for openssl */
+
+#include <wolfssl/openssl/pkcs12.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/rand.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/rand.h
new file mode 100644
index 0000000..5bd77b6
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/rand.h
@@ -0,0 +1,3 @@
+/* rand.h for openSSL */
+
+#include <wolfssl/openssl/ssl.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ripemd.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ripemd.h
new file mode 100644
index 0000000..b25de78
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ripemd.h
@@ -0,0 +1,3 @@
+/* ripemd.h for openssl */
+
+#include <wolfssl/openssl/ripemd.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/rsa.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/rsa.h
new file mode 100644
index 0000000..f4f24b8
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/rsa.h
@@ -0,0 +1,12 @@
+/* rsa.h for openSSL */
+
+#ifndef CYASSL_OPENSSL_RSA
+#define CYASSL_OPENSSL_RSA
+
+#define CyaSSL_RSA_GenAdd wolfSSL_RSA_GenAdd
+#define CyaSSL_RSA_LoadDer wolfSSL_RSA_LoadDer
+
+#include <cyassl/openssl/ssl.h>
+#include <wolfssl/openssl/rsa.h>
+#endif
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/sha.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/sha.h
new file mode 100644
index 0000000..ced3ca1
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/sha.h
@@ -0,0 +1,3 @@
+/* sha.h for openssl */
+
+#include <wolfssl/openssl/sha.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ssl.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ssl.h
new file mode 100644
index 0000000..3f2f3e3
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ssl.h
@@ -0,0 +1,34 @@
+/* ssl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* ssl.h defines openssl compatibility layer
+ *
+ */
+#ifndef CYASSL_OPENSSL_H_
+#define CYASSL_OPENSSL_H_
+
+#include <cyassl/ssl.h>
+#include <wolfssl/openssl/ssl.h>
+
+#endif
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ssl23.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ssl23.h
new file mode 100644
index 0000000..a91524b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ssl23.h
@@ -0,0 +1,3 @@
+/* ssl23.h for openssl */
+
+#include <wolfssl/openssl/ssl23.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/stack.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/stack.h
new file mode 100644
index 0000000..831502f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/stack.h
@@ -0,0 +1,3 @@
+/* stack.h for openssl */
+
+#include <wolfssl/openssl/stack.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/ui.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/ui.h
new file mode 100644
index 0000000..b1f4042
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/ui.h
@@ -0,0 +1,3 @@
+/* ui.h for openssl */
+
+#include <wolfssl/openssl/ui.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/x509.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/x509.h
new file mode 100644
index 0000000..9d13002
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/x509.h
@@ -0,0 +1,3 @@
+/* x509.h for openssl */
+
+#include <wolfssl/openssl/ssl.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/openssl/x509v3.h b/ap/lib/libwolfssl/install/include/cyassl/openssl/x509v3.h
new file mode 100644
index 0000000..2a5240d
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/openssl/x509v3.h
@@ -0,0 +1,3 @@
+/* x509v3.h for openssl */
+
+#include <wolfssl/openssl/x509v3.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/options.h b/ap/lib/libwolfssl/install/include/cyassl/options.h
new file mode 100644
index 0000000..81caa63
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/options.h
@@ -0,0 +1,378 @@
+/* cyassl options.h
+ * generated from wolfssl/options.h
+ */
+/* wolfssl options.h
+* generated from configure options
+*
+* Copyright (C) 2006-2020 wolfSSL Inc.
+*
+* This file is part of wolfSSL. (formerly known as CyaSSL)
+*
+*/
+
+#ifndef CYASSL_OPTIONS_H
+#define CYASSL_OPTIONS_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#undef WOLFSSL_TLS13
+#define WOLFSSL_TLS13
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef HAVE_FFDHE_2048
+#define HAVE_FFDHE_2048
+
+#undef HAVE_EXT_CACHE
+#define HAVE_EXT_CACHE
+
+#undef WOLFSSL_VERIFY_CB_ALL_CERTS
+#define WOLFSSL_VERIFY_CB_ALL_CERTS
+
+#undef WOLFSSL_EXTRA_ALERTS
+#define WOLFSSL_EXTRA_ALERTS
+
+#undef OPENSSL_EXTRA
+#define OPENSSL_EXTRA
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef OPENSSL_ALL
+#define OPENSSL_ALL
+
+#undef WOLFSSL_EITHER_SIDE
+#define WOLFSSL_EITHER_SIDE
+
+#undef WC_RSA_NO_PADDING
+#define WC_RSA_NO_PADDING
+
+#undef WC_RSA_PSS
+#define WC_RSA_PSS
+
+#undef WOLFSSL_PSS_LONG_SALT
+#define WOLFSSL_PSS_LONG_SALT
+
+#ifndef WOLFSSL_OPTIONS_IGNORE_SYS
+#undef _POSIX_THREADS
+#define _POSIX_THREADS
+#endif
+
+#undef HAVE_THREAD_LS
+#define HAVE_THREAD_LS
+
+#undef TFM_TIMING_RESISTANT
+#define TFM_TIMING_RESISTANT
+
+#undef ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#undef TEST_IPV6
+#define TEST_IPV6
+
+#undef WOLFSSL_IPV6
+#define WOLFSSL_IPV6
+
+#undef WOLFSSL_WPAS
+#define WOLFSSL_WPAS
+
+#undef HAVE_SECRET_CALLBACK
+#define HAVE_SECRET_CALLBACK
+
+#undef WOLFSSL_PUBLIC_ECC_ADD_DBL
+#define WOLFSSL_PUBLIC_ECC_ADD_DBL
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_ALWAYS_KEEP_SNI
+#define WOLFSSL_ALWAYS_KEEP_SNI
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef HAVE_EXT_CACHE
+#define HAVE_EXT_CACHE
+
+#undef WOLFSSL_EITHER_SIDE
+#define WOLFSSL_EITHER_SIDE
+
+#undef OPENSSL_EXTRA_X509_SMALL
+#define OPENSSL_EXTRA_X509_SMALL
+
+#undef WOLFSSL_PUBLIC_MP
+#define WOLFSSL_PUBLIC_MP
+
+#undef WOLFSSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
+
+#undef ATOMIC_USER
+#define ATOMIC_USER
+
+#undef WOLFSSL_KEY_GEN
+#define WOLFSSL_KEY_GEN
+
+#undef WOLFSSL_DES_ECB
+#define WOLFSSL_DES_ECB
+
+#undef FORTRESS
+#define FORTRESS
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_COUNTER
+
+#undef WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_DIRECT
+
+#undef WOLFSSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
+
+#undef WOLFSSL_KEY_GEN
+#define WOLFSSL_KEY_GEN
+
+#undef HAVE_AESCCM
+#define HAVE_AESCCM
+
+#undef WOLFSSL_USE_ALIGN
+#define WOLFSSL_USE_ALIGN
+
+#undef WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef SESSION_CERTS
+#define SESSION_CERTS
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef HAVE_HKDF
+#define HAVE_HKDF
+
+#undef HAVE_ECC
+#define HAVE_ECC
+
+#undef TFM_ECC256
+#define TFM_ECC256
+
+#undef ECC_SHAMIR
+#define ECC_SHAMIR
+
+#undef HAVE_COMP_KEY
+#define HAVE_COMP_KEY
+
+#undef WOLFSSL_ALLOW_TLSV10
+#define WOLFSSL_ALLOW_TLSV10
+
+#undef WC_RSA_PSS
+#define WC_RSA_PSS
+
+#undef HAVE_ANON
+#define HAVE_ANON
+
+#undef WOLFSSL_CMAC
+#define WOLFSSL_CMAC
+
+#undef WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_DIRECT
+
+#undef NO_HC128
+#define NO_HC128
+
+#undef NO_RABBIT
+#define NO_RABBIT
+
+#undef HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef HAVE_ONE_TIME_AUTH
+#define HAVE_ONE_TIME_AUTH
+
+#undef HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef HAVE_OCSP
+#define HAVE_OCSP
+
+#undef HAVE_OPENSSL_CMD
+#define HAVE_OPENSSL_CMD
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_CERTIFICATE_STATUS_REQUEST
+#define HAVE_CERTIFICATE_STATUS_REQUEST
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+#define HAVE_CERTIFICATE_STATUS_REQUEST_V2
+
+#undef HAVE_CRL
+#define HAVE_CRL
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SNI
+#define HAVE_SNI
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SESSION_TICKET
+#define HAVE_SESSION_TICKET
+
+#undef HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SNI
+#define HAVE_SNI
+
+#undef HAVE_MAX_FRAGMENT
+#define HAVE_MAX_FRAGMENT
+
+#undef HAVE_TRUNCATED_HMAC
+#define HAVE_TRUNCATED_HMAC
+
+#undef HAVE_ALPN
+#define HAVE_ALPN
+
+#undef HAVE_TRUSTED_CA
+#define HAVE_TRUSTED_CA
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef HAVE_LIGHTY
+#define HAVE_LIGHTY
+
+#undef HAVE_WOLFSSL_SSL_H
+#define HAVE_WOLFSSL_SSL_H 1
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef OPENSSL_ALL
+#define OPENSSL_ALL
+
+#undef OPENSSL_NO_SSL2
+#define OPENSSL_NO_SSL2
+
+#undef OPENSSL_NO_COMP
+#define OPENSSL_NO_COMP
+
+#undef OPENSSL_NO_SSL3
+#define OPENSSL_NO_SSL3
+
+#undef SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_ALWAYS_KEEP_SNI
+#define WOLFSSL_ALWAYS_KEEP_SNI
+
+#undef KEEP_OUR_CERT
+#define KEEP_OUR_CERT
+
+#undef KEEP_PEER_CERT
+#define KEEP_PEER_CERT
+
+#undef HAVE_EXT_CACHE
+#define HAVE_EXT_CACHE
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ENCRYPT_THEN_MAC
+
+#undef WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_EXT
+
+#undef HAVE_STUNNEL
+#define HAVE_STUNNEL
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_ALWAYS_KEEP_SNI
+#define WOLFSSL_ALWAYS_KEEP_SNI
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef WOLFSSL_DES_ECB
+#define WOLFSSL_DES_ECB
+
+#undef WOLFSSL_SIGNER_DER_CERT
+#define WOLFSSL_SIGNER_DER_CERT
+
+#undef WOLFSSL_ENCRYPTED_KEYS
+#define WOLFSSL_ENCRYPTED_KEYS
+
+#undef USE_FAST_MATH
+#define USE_FAST_MATH
+
+#undef WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+#undef HAVE_AES_KEYWRAP
+#define HAVE_AES_KEYWRAP
+
+#undef WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_DIRECT
+
+#undef HAVE_DH_DEFAULT_PARAMS
+#define HAVE_DH_DEFAULT_PARAMS
+
+#undef GCM_TABLE_4BIT
+#define GCM_TABLE_4BIT
+
+#undef HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef HAVE_WC_INTROSPECTION
+#define HAVE_WC_INTROSPECTION
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* CYASSL_OPTIONS_H */
+
diff --git a/ap/lib/libwolfssl/install/include/cyassl/sniffer.h b/ap/lib/libwolfssl/install/include/cyassl/sniffer.h
new file mode 100644
index 0000000..f92eeec
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/sniffer.h
@@ -0,0 +1,23 @@
+/* sniffer.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/sniffer.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/sniffer_error.h b/ap/lib/libwolfssl/install/include/cyassl/sniffer_error.h
new file mode 100644
index 0000000..d609f66
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/sniffer_error.h
@@ -0,0 +1,23 @@
+/* sniffer_error.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/sniffer_error.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/ssl.h b/ap/lib/libwolfssl/install/include/cyassl/ssl.h
new file mode 100644
index 0000000..8599de1
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/ssl.h
@@ -0,0 +1,721 @@
+/* ssl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/*
+ * ssl.h makes wolfssl backwards compatible with cyassl
+ */
+
+#ifndef WOLFSSL_CYASSL_H_
+#define WOLFSSL_CYASSL_H_
+/*
+ * Name change
+ * include the new ssl.h
+ */
+#include <wolfssl/ssl.h>
+#include <cyassl/ctaocrypt/types.h>
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef _WIN32
+ /* wincrypt.h clashes */
+ #undef X509_NAME
+#endif
+
+#ifdef CYASSL_TIRTOS
+ #undef CYASSL_TIRTOS
+ #define CYASSL_TIRTOS WOLFSSL_TIRTOS
+#endif
+
+#define CYASSL WOLFSSL
+#define DEBUG_CYASSL DEBUG_WOLFSSL
+#define CYASSL_CTX WOLFSSL_CTX
+#define CYASSL_METHOD WOLFSSL_METHOD
+#define CYASSL_SESSION WOLFSSL_SESSION
+
+#define CYASSL_X509 WOLFSSL_X509
+#define CYASSL_X509_NAME WOLFSSL_X509_NAME
+#define CYASSL_X509_CHAIN WOLFSSL_X509_CHAIN
+#ifdef WOLFSSL_SNIFFER
+ #define CYASSL_SNIFFER WOLFSSL_SNIFFER
+#endif
+
+/* redeclare guard */
+#define CYASSL_TYPES_DEFINED WOLFSSL_TYPES_DEFINED
+
+/* legacy defines */
+#define yasslIP wolfSSLIP /**/
+#define yasslPort wolfSSLPort /**/
+
+/* cyassl/ssl.h (structs) */
+#define CYASSL_RSA WOLFSSL_RSA
+#define CYASSL_DSA WOLFSSL_DSA
+#define CYASSL_BIO WOLFSSL_BIO
+#define CYASSL_CIPHER WOLFSSL_CIPHER
+#define CYASSL_MD4_CTX WOLFSSL_MD4_CTX
+#define CYASSL_MFL_2_9 WOLFSSL_MFL_2_9 /**/
+#define CYASSL_MFL_2_13 WOLFSSL_MFL_2_13 /**/
+#define CYASSL_EVP_PKEY WOLFSSL_EVP_PKEY
+#define CYASSL_X509_CRL WOLFSSL_X509_CRL
+#define CYASSL_ASN1_TIME WOLFSSL_ASN1_TIME
+#define CYASSL_BIO_METHOD WOLFSSL_BIO_METHOD
+#define CYASSL_X509_STORE WOLFSSL_X509_STORE
+#define CYASSL_X509_OBJECT WOLFSSL_X509_OBJECT
+#define CYASSL_X509_LOOKUP WOLFSSL_X509_LOOKUP
+#define CYASSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT
+#define CYASSL_ASN1_STRING WOLFSSL_ASN1_STRING
+#define CYASSL_COMP_METHOD WOLFSSL_COMP_METHOD
+#define CYASSL_CRL_CHECKALL WOLFSSL_CRL_CHECKALL
+#define CYASSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER
+#define CYASSL_X509_REVOKED WOLFSSL_X509_REVOKED
+#define CYASSL_dynlock_value WOLFSSL_dynlock_value
+#define CYASSL_X509_EXTENSION WOLFSSL_X509_EXTENSION
+#define CYASSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX
+#define CYASSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD
+
+#define CyaSSL_LoadCRL wolfSSL_LoadCRL
+#define CyaSSL_EnableCRL wolfSSL_EnableCRL
+#define CyaSSL_SetCRL_Cb wolfSSL_SetCRL_Cb
+
+/* cyassl/test.h */
+#ifdef CyaSSL_TEST_H
+ #define CYASSL_THREAD WOLFSSL_THREAD
+#endif
+
+/* src/ssl.c */
+#define CYASSL_CRL WOLFSSL_CRL
+#define CYASSL_SSLV3 WOLFSSL_SSLV3
+#define CYASSL_TLSV1 WOLFSSL_TLSV1
+#define CYASSL_TLSV1_1 WOLFSSL_TLSV1_1
+#define CYASSL_TLSV1_2 WOLFSSL_TLSV1_2
+#define CYASSL_USER_CA WOLFSSL_USER_CA
+#define CYASSL_CLIENT_END WOLFSSL_CLIENT_END
+#define CYASSL_CERT_MANAGER WOLFSSL_CERT_MANAGER
+#define MAX_CYASSL_FILE_SIZE MAX_WOLFSSL_FILE_SIZE
+
+#define CyaSSL_get_cipher wolfSSL_get_cipher
+#define CyaSSL_get_ciphers wolfSSL_get_ciphers
+#define CyaSSL_KeyPemToDer wolfSSL_KeyPemToDer
+#define CyaSSL_get_version wolfSSL_get_version
+#define CyaSSL_SetServerID wolfSSL_SetServerID
+#define CyaSSL_use_old_poly wolfSSL_use_old_poly
+#define CyaSSL_SetCertCbCtx wolfSSL_SetCertCbCtx
+#define CyaSSL_CertPemToDer wolfSSL_CertPemToDer
+#define CyaSSL_get_shutdown wolfSSL_get_shutdown
+#define CyaSSL_SetMinVersion wolfSSL_SetMinVersion
+#define CyaSSL_CTX_UnloadCAs wolfSSL_CTX_UnloadCAs
+#define CyaSSL_session_reused wolfSSL_session_reused
+#define CyaSSL_UnloadCertsKeys wolfSSL_UnloadCertsKeys
+#define CyaSSL_CIPHER_get_name wolfSSL_CIPHER_get_name
+#define CyaSSL_is_init_finished wolfSSL_is_init_finished
+#define CyaSSL_get_alert_history wolfSSL_get_alert_history
+#define CyaSSL_get_current_cipher wolfSSL_get_current_cipher
+#define CyaSSL_CertManagerUnloadCAs wolfSSL_CertManagerUnloadCAs
+#define CyaSSL_CertManagerEnableOCSP wolfSSL_CertManagerEnableOCSP
+#define CyaSSL_CTX_check_private_key wolfSSL_CTX_check_private_key
+#define CyaSSL_CertManagerDisableOCSP wolfSSL_CertManagerDisableOCSP
+#define CyaSSL_get_current_cipher_suite wolfSSL_get_current_cipher_suite
+#define CyaSSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations
+#define CyaSSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
+
+#define CyaSSL_save_session_cache wolfSSL_save_session_cache
+#define CyaSSL_restore_session_cache wolfSSL_restore_session_cache
+#define CyaSSL_memsave_session_cache wolfSSL_memsave_session_cache
+#define CyaSSL_memrestore_session_cache wolfSSL_memrestore_session_cache
+#define CyaSSL_get_session_cache_memsize wolfSSL_get_session_cache_memsize
+
+/* certificate cache persistence, uses ctx since certs are per ctx */
+#define CyaSSL_CTX_save_cert_cache wolfSSL_CTX_save_cert_cache
+#define CyaSSL_CTX_restore_cert_cache wolfSSL_CTX_restore_cert_cache
+#define CyaSSL_CTX_memsave_cert_cache wolfSSL_CTX_memsave_cert_cache
+#define CyaSSL_CTX_memrestore_cert_cache wolfSSL_CTX_memrestore_cert_cache
+#define CyaSSL_CTX_get_cert_cache_memsize wolfSSL_CTX_get_cert_cache_memsize
+
+/* wolfSSL extensions */
+/* get wolfSSL peer X509_CHAIN */
+#define CyaSSL_get_chain_count wolfSSL_get_chain_count
+/* index cert length */
+#define CyaSSL_get_chain_length wolfSSL_get_chain_length
+/* index cert in X509 */
+#define CyaSSL_get_chain_X509 wolfSSL_get_chain_X509
+/* free X509 */
+#define CyaSSL_FreeX509 wolfSSL_FreeX509
+/* get index cert in PEM */
+#define CyaSSL_X509_get_subjectCN wolfSSL_X509_get_subjectCN
+#define CyaSSL_X509_get_der wolfSSL_X509_get_der
+#define CyaSSL_X509_notBefore wolfSSL_X509_notBefore
+#define CyaSSL_X509_notAfter wolfSSL_X509_notAfter
+#define CyaSSL_X509_get_notBefore wolfSSL_X509_get_notBefore
+#define CyaSSL_X509_get_notAfter wolfSSL_X509_get_notAfter
+#define CyaSSL_X509_version wolfSSL_X509_version
+
+#define CyaSSL_cmp_peer_cert_to_file wolfSSL_cmp_peer_cert_to_file
+
+#define CyaSSL_X509_get_next_altname wolfSSL_X509_get_next_altname
+
+#define CyaSSL_X509_d2i wolfSSL_X509_d2i
+#ifndef NO_FILESYSTEM
+ #ifndef NO_STDIO_FILESYSTEM
+ #define CyaSSL_X509_d2i_fp wolfSSL_X509_d2i_fp
+ #endif
+#define CyaSSL_X509_load_certificate_file wolfSSL_X509_load_certificate_file
+#endif
+
+#ifdef WOLFSSL_SEP
+#define CyaSSL_X509_get_device_type wolfSSL_X509_get_device_type
+#define CyaSSL_X509_get_hw_type wolfSSL_X509_get_hw_type
+#define CyaSSL_X509_get_hw_serial_number wolfSSL_X509_get_hw_serial_number
+#endif
+
+#define CyaSSL_CTX_SetGenCookie wolfSSL_CTX_SetGenCookie
+#define CyaSSL_SetCookieCtx wolfSSL_SetCookieCtx
+#define CyaSSL_GetCookieCtx wolfSSL_GetCookieCtx
+#define CyaSSL_ERR_get_error_line_data wolfSSL_ERR_get_error_line_data
+#define CyaSSL_ERR_get_error wolfSSL_ERR_get_error
+#define CyaSSL_ERR_clear_error wolfSSL_ERR_clear_error
+#define CyaSSL_RAND_status wolfSSL_RAND_status
+#define CyaSSL_RAND_bytes wolfSSL_RAND_bytes
+#define CyaSSL_CTX_set_options wolfSSL_CTX_set_options
+#define CyaSSL_ERR_free_strings wolfSSL_ERR_free_strings
+#define CyaSSL_ERR_remove_state wolfSSL_ERR_remove_state
+#define CyaSSL_EVP_cleanup wolfSSL_EVP_cleanup
+#define CyaSSL_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data
+#define CyaSSL_CTX_set_mode wolfSSL_CTX_set_mode
+#define CyaSSL_CTX_get_mode wolfSSL_CTX_get_mode
+#define CyaSSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead
+#define CyaSSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size
+#define CyaSSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
+#define CyaSSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context
+#define CyaSSL_get_peer_certificate wolfSSL_get_peer_certificate
+#define CyaSSL_BIO_printf wolfSSL_BIO_printf
+#define CyaSSL_ASN1_UTCTIME_print wolfSSL_ASN1_UTCTIME_print
+#define CyaSSL_sk_num wolfSSL_sk_num
+#define CyaSSL_sk_value wolfSSL_sk_value
+
+/* stunnel 4.28 needs */
+#define CyaSSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data
+#define CyaSSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data
+#define CyaSSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb
+#define CyaSSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb
+#define CyaSSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb
+
+#define CyaSSL_i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION
+#define CyaSSL_d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION
+
+#define CyaSSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout
+#define CyaSSL_SESSION_get_time wolfSSL_SESSION_get_time
+#define CyaSSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index
+
+
+/* wolfio.c */
+#define CYASSL_CBIO_ERR_ISR WOLFSSL_CBIO_ERR_ISR
+#define CYASSL_CBIO_ERR_TIMEOUT WOLFSSL_CBIO_ERR_TIMEOUT
+#define CYASSL_CBIO_ERR_GENERAL WOLFSSL_CBIO_ERR_GENERAL
+#define CYASSL_CBIO_ERR_CONN_RST WOLFSSL_CBIO_ERR_CONN_RST
+#define CYASSL_CBIO_ERR_WANT_READ WOLFSSL_CBIO_ERR_WANT_READ
+#define CYASSL_CBIO_ERR_WANT_WRITE WOLFSSL_CBIO_ERR_WANT_WRITE
+#define CYASSL_CBIO_ERR_CONN_CLOSE WOLFSSL_CBIO_ERR_CONN_CLOSE
+
+#define CyaSSL_GetIOReadCtx wolfSSL_GetIOReadCtx
+#define CyaSSL_GetIOWriteCtx wolfSSL_GetIOWriteCtx
+
+/* src/tls.c */
+#define CYASSL_SERVER_END WOLFSSL_SERVER_END
+#define CYASSL_TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_INNER_SZ
+
+#define CyaSSL_DeriveTlsKeys wolfSSL_DeriveTlsKeys
+#define CyaSSL_make_eap_keys wolfSSL_make_eap_keys
+#define CyaSSL_MakeTlsMasterSecret wolfSSL_MakeTlsMasterSecret
+
+/* src/internal.c */
+#define CYASSL_CHAIN_CA WOLFSSL_CHAIN_CA
+#define CYASSL_ALERT_HISTORY WOLFSSL_ALERT_HISTORY
+#define CYASSL_SESSION_TIMEOUT WOLFSSL_SESSION_TIMEOUT
+#define CYASSL_CBIO_ERR_CONN_RST WOLFSSL_CBIO_ERR_CONN_RST
+
+#define cyassl_rc4 wolfssl_rc4
+#define cyassl_aes wolfssl_aes
+#define cyassl_chacha wolfssl_chacha
+#define CyaSSL_ERR_reason_error_string wolfSSL_ERR_reason_error_string
+
+#define CyaSSL_set_ex_data wolfSSL_set_ex_data
+#define CyaSSL_get_shutdown wolfSSL_get_shutdown
+#define CyaSSL_set_rfd wolfSSL_set_rfd
+#define CyaSSL_set_wfd wolfSSL_set_wfd
+#define CyaSSL_set_shutdown wolfSSL_set_shutdown
+#define CyaSSL_set_session_id_context wolfSSL_set_session_id_context
+#define CyaSSL_set_connect_state wolfSSL_set_connect_state
+#define CyaSSL_set_accept_state wolfSSL_set_accept_state
+#define CyaSSL_session_reused wolfSSL_session_reused
+#define CyaSSL_SESSION_free wolfSSL_SESSION_free
+#define CyaSSL_is_init_finished wolfSSL_is_init_finished
+
+#define CyaSSL_get_version wolfSSL_get_version
+#define CyaSSL_get_current_cipher_suite wolfSSL_get_current_cipher_suite
+#define CyaSSL_get_current_cipher wolfSSL_get_current_cipher
+#define CyaSSL_CIPHER_description wolfSSL_CIPHER_description
+#define CyaSSL_CIPHER_get_name wolfSSL_CIPHER_get_name
+#define CyaSSL_get_cipher wolfSSL_get_cipher
+#define CyaSSL_get1_session wolfSSL_get1_session
+
+#define CyaSSL_X509_free wolfSSL_X509_free
+#define CyaSSL_OPENSSL_free wolfSSL_OPENSSL_free
+#define CyaSSL_OCSP_parse_url wolfSSL_OCSP_parse_url
+
+#define CyaSSLv23_client_method wolfSSLv23_client_method
+#define CyaSSLv2_client_method wolfSSLv2_client_method
+#define CyaSSLv2_server_method wolfSSLv2_server_method
+
+#define CyaSSL_MD4_Init wolfSSL_MD4_Init
+#define CyaSSL_MD4_Update wolfSSL_MD4_Update
+#define CyaSSL_MD4_Final wolfSSL_MD4_Final
+
+
+#define CyaSSL_BIO_new wolfSSL_BIO_new
+#define CyaSSL_BIO_free wolfSSL_BIO_free
+#define CyaSSL_BIO_free_all wolfSSL_BIO_free_all
+#define CyaSSL_BIO_read wolfSSL_BIO_read
+#define CyaSSL_BIO_write wolfSSL_BIO_write
+#define CyaSSL_BIO_push wolfSSL_BIO_push
+#define CyaSSL_BIO_pop wolfSSL_BIO_pop
+#define CyaSSL_BIO_flush wolfSSL_BIO_flush
+#define CyaSSL_BIO_pending wolfSSL_BIO_pending
+
+#define CyaSSL_BIO_f_buffer wolfSSL_BIO_f_buffer
+#define CyaSSL_BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size
+#define CyaSSL_BIO_f_ssl wolfSSL_BIO_f_ssl
+#define CyaSSL_BIO_new_socket wolfSSL_BIO_new_socket
+#define CyaSSL_BIO_eof wolfSSL_BIO_eof
+
+#define CyaSSL_BIO_s_mem wolfSSL_BIO_s_mem
+#define CyaSSL_BIO_f_base64 wolfSSL_BIO_f_base64
+#define CyaSSL_BIO_set_flags wolfSSL_BIO_set_flags
+#define CyaSSL_BIO_get_mem_data wolfSSL_BIO_get_mem_data
+#define CyaSSL_BIO_new_mem_buf wolfSSL_BIO_new_mem_buf
+
+
+#define CyaSSL_BIO_set_ssl wolfSSL_BIO_set_ssl
+#define CyaSSL_set_bio wolfSSL_set_bio
+
+#define CyaSSL_add_all_algorithms wolfSSL_add_all_algorithms
+#define CyaSSL_RAND_screen wolfSSL_RAND_screen
+#define CyaSSL_RAND_file_name wolfSSL_RAND_file_name
+#define CyaSSL_RAND_write_file wolfSSL_RAND_write_file
+#define CyaSSL_RAND_load_file wolfSSL_RAND_load_file
+#define CyaSSL_RAND_egd wolfSSL_RAND_egd
+#define CyaSSL_RAND_seed wolfSSL_RAND_seed
+#define CyaSSL_RAND_add wolfSSL_RAND_add
+
+#define CyaSSL_COMP_zlib wolfSSL_COMP_zlib
+#define CyaSSL_COMP_rle wolfSSL_COMP_rle
+#define CyaSSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
+#define CyaSSL_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback
+#define CyaSSL_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback
+#define CyaSSL_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback
+#define CyaSSL_get_ex_new_index wolfSSL_get_ex_new_index
+#define CyaSSL_set_id_callback wolfSSL_set_id_callback
+#define CyaSSL_set_locking_callback wolfSSL_set_locking_callback
+#define CyaSSL_num_locks wolfSSL_num_locks
+
+#define CyaSSL_X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
+#define CyaSSL_X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
+#define CyaSSL_X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
+
+#define CyaSSL_X509_NAME_oneline wolfSSL_X509_NAME_oneline
+#define CyaSSL_X509_get_issuer_name wolfSSL_X509_get_issuer_name
+#define CyaSSL_X509_get_subject_name wolfSSL_X509_get_subject_name
+#define CyaSSL_X509_ext_isSet_by_NID wolfSSL_X509_ext_isSet_by_NID
+#define CyaSSL_X509_ext_get_critical_by_NID wolfSSL_X509_ext_get_critical_by_NID
+#define CyaSSL_X509_get_isCA wolfSSL_X509_get_isCA
+#define CyaSSL_X509_get_isSet_pathLength wolfSSL_X509_get_isSet_pathLength
+#define CyaSSL_X509_get_pathLength wolfSSL_X509_get_pathLength
+#define CyaSSL_X509_get_keyUsage wolfSSL_X509_get_keyUsage
+#define CyaSSL_X509_get_authorityKeyID wolfSSL_X509_get_authorityKeyID
+#define CyaSSL_X509_get_subjectKeyID wolfSSL_X509_get_subjectKeyID
+#define CyaSSL_X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
+#define CyaSSL_X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID
+#define CyaSSL_X509_verify_cert wolfSSL_X509_verify_cert
+#define CyaSSL_X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string
+#define CyaSSL_X509_get_signature_type wolfSSL_X509_get_signature_type
+#define CyaSSL_X509_get_signature wolfSSL_X509_get_signature
+
+#define CyaSSL_X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
+#define CyaSSL_X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file
+#define CyaSSL_X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir
+#define CyaSSL_X509_LOOKUP_file wolfSSL_X509_LOOKUP_file
+
+#define CyaSSL_X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
+#define CyaSSL_X509_STORE_new wolfSSL_X509_STORE_new
+#define CyaSSL_X509_STORE_free wolfSSL_X509_STORE_free
+#define CyaSSL_X509_STORE_add_cert wolfSSL_X509_STORE_add_cert
+#define CyaSSL_X509_STORE_set_default_paths wolfSSL_X509_STORE_set_default_paths
+#define CyaSSL_X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
+#define CyaSSL_X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new
+#define CyaSSL_X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
+#define CyaSSL_X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
+#define CyaSSL_X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup
+
+#define CyaSSL_X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
+#define CyaSSL_X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
+
+#define CyaSSL_X509_get_pubkey wolfSSL_X509_get_pubkey
+#define CyaSSL_X509_CRL_verify wolfSSL_X509_CRL_verify
+#define CyaSSL_X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error
+#define CyaSSL_X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
+#define CyaSSL_EVP_PKEY_free wolfSSL_EVP_PKEY_free
+#define CyaSSL_X509_cmp_current_time wolfSSL_X509_cmp_current_time
+#define CyaSSL_sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num
+
+#define CyaSSL_X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
+#define CyaSSL_sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
+#define CyaSSL_X509_get_serialNumber wolfSSL_X509_get_serialNumber
+#define CyaSSL_ASN1_TIME_print wolfSSL_ASN1_TIME_print
+#define CyaSSL_ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
+#define CyaSSL_ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
+#define CyaSSL_load_client_CA_file wolfSSL_load_client_CA_file
+#define CyaSSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list
+#define CyaSSL_X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data
+#define CyaSSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
+#define CyaSSL_get_ex_data wolfSSL_get_ex_data
+
+#define CyaSSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
+#define CyaSSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
+#define CyaSSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
+#define CyaSSL_ERR_peek_error wolfSSL_ERR_peek_error
+#define CyaSSL_GET_REASON wolfSSL_GET_REASON
+#define CyaSSL_alert_type_string_long wolfSSL_alert_type_string_long
+#define CyaSSL_alert_desc_string_long wolfSSL_alert_desc_string_long
+#define CyaSSL_state_string_long wolfSSL_state_string_long
+
+#define CyaSSL_RSA_generate_key wolfSSL_RSA_generate_key
+#define CyaSSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
+#define CyaSSL_PEM_def_callback wolfSSL_PEM_def_callback
+#define CyaSSL_CTX_sess_accept wolfSSL_CTX_sess_accept
+#define CyaSSL_CTX_sess_connect wolfSSL_CTX_sess_connect
+#define CyaSSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good
+#define CyaSSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good
+#define CyaSSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate
+#define CyaSSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate
+#define CyaSSL_CTX_sess_hits wolfSSL_CTX_sess_hits
+#define CyaSSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits
+#define CyaSSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full
+#define CyaSSL_CTX_sess_misses wolfSSL_CTX_sess_misses
+#define CyaSSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts
+#define CyaSSL_CTX_sess_number wolfSSL_CTX_sess_number
+#define CyaSSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size
+
+
+
+/* src/keys.c */
+#define cyassl_triple_des wolfssl_triple_des
+
+/* Initialization and Shutdown */
+#define CyaSSL_Init wolfSSL_Init
+#define CyaSSL_library_init wolfSSL_library_init
+#define CyaSSL_Cleanup wolfSSL_Cleanup
+#define CyaSSL_shutdown wolfSSL_shutdown
+
+/* Certs and keys */
+#define CyaSSL_SetTmpDH wolfSSL_SetTmpDH
+#define CyaSSL_KeepArrays wolfSSL_KeepArrays
+#define CyaSSL_FreeArrays wolfSSL_FreeArrays
+#define CyaSSL_SetTmpDH_file wolfSSL_SetTmpDH_file
+#define CyaSSL_use_PrivateKey_buffer wolfSSL_use_PrivateKey_buffer
+#define CyaSSL_use_certificate_buffer wolfSSL_use_certificate_buffer
+#define CyaSSL_CTX_load_verify_buffer wolfSSL_CTX_load_verify_buffer
+#define CyaSSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file
+#define CyaSSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file
+#define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer
+#define CyaSSL_CTX_use_certificate_buffer wolfSSL_CTX_use_certificate_buffer
+#define CyaSSL_CTX_use_NTRUPrivateKey_file wolfSSL_CTX_use_NTRUPrivateKey_file
+#define CyaSSL_use_certificate_chain_buffer wolfSSL_use_certificate_chain_buffer
+#define CyaSSL_CTX_der_load_verify_locations \
+ wolfSSL_CTX_der_load_verify_locations
+#define CyaSSL_CTX_use_certificate_chain_file \
+ wolfSSL_CTX_use_certificate_chain_file
+#define CyaSSL_CTX_use_certificate_chain_buffer \
+ wolfSSL_CTX_use_certificate_chain_buffer
+
+/* Context and Session Setup*/
+#define CyaSSL_new wolfSSL_new
+#define CyaSSL_free wolfSSL_free
+#define CyaSSL_set_fd wolfSSL_set_fd
+#define CyaSSL_CTX_new wolfSSL_CTX_new
+#define CyaSSL_CTX_free wolfSSL_CTX_free
+#define CyaSSL_SetVersion wolfSSL_SetVersion
+#define CyaSSL_set_verify wolfSSL_set_verify
+#define CyaSSL_set_session wolfSSL_set_session
+#define CyaSSL_set_timeout wolfSSL_set_timeout
+#define CyaSSL_CTX_set_verify wolfSSL_CTX_set_verify
+#define CyaSSL_CTX_set_timeout wolfSSL_CTX_set_timeout
+#define CyaSSL_set_cipher_list wolfSSL_set_cipher_list
+#define CyaSSL_set_compression wolfSSL_set_compression
+#define CyaTLSv1_client_method wolfTLSv1_client_method
+#define CyaTLSv1_server_method wolfTLSv1_server_method
+#define CyaSSLv3_client_method wolfSSLv3_client_method
+#define CyaSSLv3_server_method wolfSSLv3_server_method
+#define CyaSSLv23_client_method wolfSSLv23_client_method
+#define CyaSSLv23_server_method wolfSSLv23_server_method
+#define CyaDTLSv1_client_method wolfDTLSv1_client_method
+#define CyaDTLSv1_server_method wolfDTLSv1_server_method
+#define CyaSSL_check_domain_name wolfSSL_check_domain_name
+#define CyaTLSv1_1_client_method wolfTLSv1_1_client_method
+#define CyaTLSv1_1_server_method wolfTLSv1_1_server_method
+#define CyaTLSv1_2_client_method wolfTLSv1_2_client_method
+#define CyaTLSv1_2_server_method wolfTLSv1_2_server_method
+#define CyaDTLSv1_2_client_method wolfDTLSv1_2_client_method
+#define CyaDTLSv1_2_server_method wolfDTLSv1_2_server_method
+#define CyaSSL_set_group_messages wolfSSL_set_group_messages
+#define CyaSSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list
+#define CyaSSL_CTX_set_group_messages wolfSSL_CTX_set_group_messages
+#define CyaSSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode
+
+/* Callbacks */
+
+/*
+ * Empty comment denotes not listed in CyaSSL Manual
+ * (soon to be wolfSSL Manual)
+ */
+
+#define CyaSSL_accept_ex wolfSSL_accept_ex
+#define CyaSSL_SetIORecv wolfSSL_CTX_SetIORecv
+#define CyaSSL_SetIOSend wolfSSL_CTX_SetIOSend
+#define CyaSSL_connect_ex wolfSSL_connect_ex
+#define CyaSSL_CTX_SetCACb wolfSSL_CTX_SetCACb
+#define CyaSSL_SetIOReadCtx wolfSSL_SetIOReadCtx
+#define CyaSSL_SetRsaEncCtx wolfSSL_SetRsaEncCtx
+#define CyaSSL_GetRsaEncCtx wolfSSL_GetRsaEncCtx
+#define CyaSSL_SetRsaDecCtx wolfSSL_SetRsaDecCtx
+#define CyaSSL_GetRsaDecCtx wolfSSL_GetRsaDecCtx
+#define CyaSSL_SetLoggingCb wolfSSL_SetLoggingCb
+#define CyaSSL_SetEccSignCtx wolfSSL_SetEccSignCtx
+#define CyaSSL_GetEccSignCtx wolfSSL_GetEccSignCtx
+#define CyaSSL_SetRsaSignCtx wolfSSL_SetRsaSignCtx
+#define CyaSSL_GetRsaSignCtx wolfSSL_GetRsaSignCtx
+#define CyaSSL_SetIOWriteCtx wolfSSL_SetIOWriteCtx
+#define CyaSSL_SetIOReadFlags wolfSSL_SetIOReadFlags
+#define CyaSSL_SetEccVerifyCtx wolfSSL_SetEccVerifyCtx
+#define CyaSSL_GetEccVerifyCtx wolfSSL_GetEccVerifyCtx
+#define CyaSSL_SetRsaVerifyCtx wolfSSL_SetRsaVerifyCtx
+#define CyaSSL_GetRsaVerifyCtx wolfSSL_GetRsaVerifyCtx
+#define CyaSSL_CTX_SetRsaEncCb wolfSSL_CTX_SetRsaEncCb
+#define CyaSSL_CTX_SetRsaDecCb wolfSSL_CTX_SetRsaDecCb
+#define CyaSSL_SetIOWriteFlags wolfSSL_SetIOWriteFlags
+#define CyaSSL_SetTlsHmacInner wolfSSL_SetTlsHmacInner
+#define CyaSSL_SetMacEncryptCtx wolfSSL_SetMacEncryptCtx
+#define CyaSSL_GetMacEncryptCtx wolfSSL_GetMacEncryptCtx
+#define CyaSSL_CTX_SetEccSignCb wolfSSL_CTX_SetEccSignCb
+#define CyaSSL_CTX_SetRsaSignCb wolfSSL_CTX_SetRsaSignCb
+#define CyaSSL_CTX_SetEccVerifyCb wolfSSL_CTX_SetEccVerifyCb
+#define CyaSSL_CTX_SetRsaVerifyCb wolfSSL_CTX_SetRsaVerifyCb
+#define CyaSSL_CTX_SetMacEncryptCb wolfSSL_CTX_SetMacEncryptCb
+#define CyaSSL_SetDecryptVerifyCtx wolfSSL_SetDecryptVerifyCtx
+#define CyaSSL_GetDecryptVerifyCtx wolfSSL_GetDecryptVerifyCtx
+#define CyaSSL_CTX_SetDecryptVerifyCb wolfSSL_CTX_SetDecryptVerifyCb
+
+/* psk specific */
+#ifndef NO_PSK
+
+#define CyaSSL_get_psk_identity wolfSSL_get_psk_identity /**/
+#define CyaSSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint /**/
+#define CyaSSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint /**/
+#define CyaSSL_set_psk_client_callback wolfSSL_set_psk_client_callback /**/
+#define CyaSSL_set_psk_server_callback wolfSSL_set_psk_server_callback /**/
+#define CyaSSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint /**/
+#define CyaSSL_CTX_set_psk_client_callback \
+ wolfSSL_CTX_set_psk_client_callback /**/
+#define CyaSSL_CTX_set_psk_server_callback \
+ wolfSSL_CTX_set_psk_server_callback /**/
+
+#endif
+/* end psk specific */
+
+/* Anonymous */
+#define CyaSSL_CTX_allow_anon_cipher wolfSSL_CTX_allow_anon_cipher /**/
+
+/* Error Handling and Debugging*/
+#define CyaSSL_get_error wolfSSL_get_error
+#define CyaSSL_want_read wolfSSL_want_read
+#define CyaSSL_want_write wolfSSL_want_write
+#define CyaSSL_Debugging_ON wolfSSL_Debugging_ON
+#define CyaSSL_Debugging_OFF wolfSSL_Debugging_OFF
+#define CyaSSL_ERR_error_string wolfSSL_ERR_error_string
+#define CyaSSL_load_error_strings wolfSSL_load_error_strings
+#define CyaSSL_ERR_error_string_n wolfSSL_ERR_error_string_n
+#define CyaSSL_ERR_print_errors_fp wolfSSL_ERR_print_errors_fp
+
+/* OCSP and CRL */
+
+/*
+ * Empty comment denotes not listed in CyaSSL Manual
+ * (soon to be wolfSSL Manual)
+ */
+
+#define CYASSL_CRL_MONITOR WOLFSSL_CRL_MONITOR /**/
+#define CYASSL_CRL_START_MON WOLFSSL_CRL_START_MON /**/
+#define CYASSL_OCSP_NO_NONCE WOLFSSL_OCSP_NO_NONCE /**/
+#define CYASSL_OCSP_URL_OVERRIDE WOLFSSL_OCSP_URL_OVERRIDE
+#define CYASSL_OCSP_CHECKALL WOLFSSL_OCSP_CHECKALL
+
+#define CyaSSL_CTX_EnableOCSP wolfSSL_CTX_EnableOCSP
+#define CyaSSL_CTX_OCSP_set_options wolfSSL_CTX_OCSP_set_options /**/
+#define CyaSSL_CTX_SetOCSP_OverrideURL wolfSSL_CTX_SetOCSP_OverrideURL /**/
+#define CyaSSL_CTX_OCSP_set_override_url wolfSSL_CTX_OCSP_set_override_url /**/
+
+/* Informational */
+#define CyaSSL_GetSide wolfSSL_GetSide
+#define CyaSSL_IsTLSv1_1 wolfSSL_IsTLSv1_1
+#define CyaSSL_GetKeySize wolfSSL_GetKeySize
+#define CyaSSL_GetHmacSize wolfSSL_GetHmacSize
+#define CyaSSL_GetHmacType wolfSSL_GetHmacType
+#define CyaSSL_GetMacSecret wolfSSL_GetMacSecret
+#define CyaSSL_GetObjectSize wolfSSL_GetObjectSize
+#define CyaSSL_GetBulkCipher wolfSSL_GetBulkCipher
+#define CyaSSL_GetCipherType wolfSSL_GetCipherType
+#define CyaSSL_GetAeadMacSize wolfSSL_GetAeadMacSize
+#define CyaSSL_GetClientWriteIV wolfSSL_GetClientWriteIV
+#define CyaSSL_GetServerWriteIV wolfSSL_GetServerWriteIV
+#define CyaSSL_GetClientWriteKey wolfSSL_GetClientWriteKey
+#define CyaSSL_GetServerWriteKey wolfSSL_GetServerWriteKey
+#define CyaSSL_GetCipherBlockSize wolfSSL_GetCipherBlockSize
+
+/* Connection, Session, and I/O */
+#define CyaSSL_peek wolfSSL_peek
+#define CyaSSL_read wolfSSL_read
+#define CyaSSL_recv wolfSSL_recv
+#define CyaSSL_send wolfSSL_send
+#define CyaSSL_write wolfSSL_write
+#define CyaSSL_writev wolfSSL_writev
+#define CyaSSL_accept wolfSSL_accept
+#define CyaSSL_get_fd wolfSSL_get_fd
+#define CyaSSL_connect wolfSSL_connect
+#define CyaSSL_pending wolfSSL_pending
+#define CyaSSL_negotiate wolfSSL_negotiate
+#define CyaSSL_get_session wolfSSL_get_session
+#define CyaSSL_connect_cert wolfSSL_connect_cert
+#define CyaSSL_flush_sessions wolfSSL_flush_sessions
+#define CyaSSL_get_using_nonblock wolfSSL_get_using_nonblock
+#define CyaSSL_PrintSessionStats wolfSSL_PrintSessionStats
+
+/* DTLS Specific */
+#define CyaSSL_dtls wolfSSL_dtls
+#define CyaSSL_dtls_set_peer wolfSSL_dtls_set_peer
+#define CyaSSL_dtls_get_peer wolfSSL_dtls_get_peer
+#define CyaSSL_dtls_got_timeout wolfSSL_dtls_got_timeout
+#define CyaSSL_dtls_get_current_timeout wolfSSL_dtls_get_current_timeout
+#define CyaSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock
+
+/* Certificate Manager */
+#define CyaSSL_CertManagerNew wolfSSL_CertManagerNew
+#define CyaSSL_CertManagerFree wolfSSL_CertManagerFree
+#define CyaSSL_CertManagerLoadCA wolfSSL_CertManagerLoadCA
+#define CyaSSL_CertManagerVerify wolfSSL_CertManagerVerify
+#define CyaSSL_CertManagerEnableCRL wolfSSL_CertManagerEnableCRL
+#define CyaSSL_CertManagerDisableCRL wolfSSL_CertManagerDisableCRL
+#define CyaSSL_CertManagerVerifyBuffer wolfSSL_CertManagerVerifyBuffer
+#ifndef NO_CERTS
+ #define CyaSSL_CertManagerCheckCRL wolfSSL_CertManagerCheckCRL
+ #define CyaSSL_CertManagerLoadCRL wolfSSL_CertManagerLoadCRL
+ #define CyaSSL_CertManagerSetCRL_Cb wolfSSL_CertManagerSetCRL_Cb
+ #define CyaSSL_CertManagerCheckOCSP wolfSSL_CertManagerCheckOCSP
+ #define CyaSSL_CertManagerSetOCSP_Cb wolfSSL_CertManagerSetOCSP_Cb
+ #define CyaSSL_CertManagerSetOCSPOverrideURL \
+ wolfSSL_CertManagerSetOCSPOverrideURL
+
+ #define CyaSSL_DisableCRL wolfSSL_DisableCRL
+ #define CyaSSL_EnableOCSP wolfSSL_EnableOCSP
+ #define CyaSSL_DisableOCSP wolfSSL_DisableOCSP
+ #define CyaSSL_SetOCSP_OverrideURL wolfSSL_SetOCSP_OverrideURL
+ #define CyaSSL_SetOCSP_Cb wolfSSL_SetOCSP_Cb
+
+ #define CyaSSL_CTX_EnableCRL wolfSSL_CTX_EnableCRL
+ #define CyaSSL_CTX_DisableCRL wolfSSL_CTX_DisableCRL
+ #define CyaSSL_CTX_LoadCRL wolfSSL_CTX_LoadCRL
+ #define CyaSSL_CTX_SetCRL_Cb wolfSSL_CTX_SetCRL_Cb
+ #define CyaSSL_CTX_DisableOCSP wolfSSL_CTX_DisableOCSP
+ #define CyaSSL_CTX_SetOCSP_Cb wolfSSL_CTX_SetOCSP_Cb
+#endif /* !NO_CERTS */
+
+
+/* OpenSSL Compatibility Layer */
+#define CyaSSL_get_sessionID wolfSSL_get_sessionID
+#define CyaSSL_get_peer_count wolfSSL_get_peer_count
+#define CyaSSL_get_chain_cert wolfSSL_get_chain_cert
+#define CyaSSL_get_peer_chain wolfSSL_get_peer_chain
+#define CyaSSL_get_peer_length wolfSSL_get_peer_length
+#define CyaSSL_get_chain_cert_pem wolfSSL_get_chain_cert_pem
+#define CyaSSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file
+#define CyaSSL_use_certificate_file wolfSSL_use_certificate_file
+#define CyaSSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file
+#define CyaSSL_X509_get_serial_number wolfSSL_X509_get_serial_number
+#define CyaSSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file
+#define CyaSSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file
+
+/* TLS Extensions */
+#define CYASSL_SNI_HOST_NAME WOLFSSL_SNI_HOST_NAME
+
+#define CyaSSL_UseSNI wolfSSL_UseSNI
+#define CyaSSL_CTX_UseSNI wolfSSL_CTX_UseSNI
+#define CyaSSL_SNI_SetOptions wolfSSL_SNI_SetOptions
+#define CyaSSL_SNI_GetRequest wolfSSL_SNI_GetRequest
+#define CyaSSL_UseMaxFragment wolfSSL_UseMaxFragment
+#define CyaSSL_UseTruncatedHMAC wolfSSL_UseTruncatedHMAC
+#define CyaSSL_UseSupportedCurve wolfSSL_UseSupportedCurve
+#define CyaSSL_SNI_GetFromBuffer wolfSSL_SNI_GetFromBuffer
+#define CyaSSL_CTX_SNI_SetOptions wolfSSL_CTX_SNI_SetOptions
+#define CyaSSL_CTX_UseMaxFragment wolfSSL_CTX_UseMaxFragment
+#define CyaSSL_CTX_UseTruncatedHMAC wolfSSL_CTX_UseTruncatedHMAC
+#define CyaSSL_CTX_UseSupportedCurve wolfSSL_CTX_UseSupportedCurve
+
+/* End wolfssl -> cyassl -> openssl compatibility */
+
+/* JRB macro redefinitions and api calls for cryptography for reverse compat. */
+
+#ifdef WOLFSSL_SMALL_STACK
+ #define CYASSL_SMALL_STACK
+#endif
+
+
+/*
+ * wrapper around macros until they are changed in cyassl code
+ * needs investigation in regards to macros in fips
+ */
+#define NO_WOLFSSL_ALLOC_ALIGN NO_CYASSL_ALLOC_ALIGN /* @TODO */
+
+
+/* examples/client/client.h */
+#define CYASSL_THREAD WOLFSSL_THREAD
+#ifdef WOLFSSL_DTLS
+ #define CYASSL_DTLS WOLFSSL_DTLS
+#endif
+
+/* examples/client/client.c */
+#define LIBCYASSL_VERSION_STRING LIBWOLFSSL_VERSION_STRING
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* CyaSSL_openssl_h__ */
diff --git a/ap/lib/libwolfssl/install/include/cyassl/test.h b/ap/lib/libwolfssl/install/include/cyassl/test.h
new file mode 100644
index 0000000..428b141
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/test.h
@@ -0,0 +1,3 @@
+/* test.h */
+
+#include <wolfssl/test.h>
diff --git a/ap/lib/libwolfssl/install/include/cyassl/version.h b/ap/lib/libwolfssl/install/include/cyassl/version.h
new file mode 100644
index 0000000..cc5da90
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/cyassl/version.h
@@ -0,0 +1,27 @@
+/* cyassl/version.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/version.h>
+
+#define LIBCYASSL_VERSION_STRING LIBWOLFSSL_VERSION_STRING
+#define LIBCYASSL_VERSION_HEX LIBWOLFSSL_VERSION_HEX
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/callbacks.h b/ap/lib/libwolfssl/install/include/wolfssl/callbacks.h
new file mode 100644
index 0000000..a2a6916
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/callbacks.h
@@ -0,0 +1,93 @@
+/* callbacks.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLFSSL_CALLBACKS_H
+#define WOLFSSL_CALLBACKS_H
+
+#include <wolfssl/wolfcrypt/wc_port.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+enum { /* CALLBACK CONSTANTS */
+ MAX_PACKETNAME_SZ = 24,
+ MAX_CIPHERNAME_SZ = 24,
+ MAX_TIMEOUT_NAME_SZ = 24,
+ MAX_PACKETS_HANDSHAKE = 14, /* 12 for client auth plus 2 alerts */
+ MAX_VALUE_SZ = 128, /* all handshake packets but Cert should
+ fit here */
+};
+
+struct WOLFSSL;
+
+typedef struct handShakeInfo_st {
+ struct WOLFSSL* ssl;
+ char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated cipher */
+ char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1];
+ /* SSL packet names */
+ int numberPackets; /* actual # of packets */
+ int negotiationError; /* cipher/parameter err */
+} HandShakeInfo;
+
+
+#if defined(HAVE_SYS_TIME_H) && !defined(NO_TIMEVAL)
+ typedef struct timeval WOLFSSL_TIMEVAL;
+#else /* HAVE_SYS_TIME_H */
+ /* Define the timeval explicitly. */
+ typedef struct {
+ long tv_sec; /* Seconds. */
+ long tv_usec; /* Microseconds. */
+ } WOLFSSL_TIMEVAL;
+#endif /* HAVE_SYS_TIME_H */
+#if !defined(NO_OLD_TIMEVAL_NAME)
+ #define Timeval WOLFSSL_TIMEVAL
+#endif
+
+typedef struct packetInfo_st {
+ char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */
+ WOLFSSL_TIMEVAL timestamp; /* when it occurred */
+ unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */
+ unsigned char* bufferValue; /* otherwise here (non 0) */
+ int valueSz; /* sz of value or buffer */
+} PacketInfo;
+
+
+typedef struct timeoutInfo_st {
+ char timeoutName[MAX_TIMEOUT_NAME_SZ + 1]; /* timeout Name */
+ int flags; /* for future use */
+ int numberPackets; /* actual # of packets */
+ PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of all packets */
+ WOLFSSL_TIMEVAL timeoutValue; /* timer that caused it */
+} TimeoutInfo;
+
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_CALLBACKS_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/certs_test.h b/ap/lib/libwolfssl/install/include/wolfssl/certs_test.h
new file mode 100644
index 0000000..ad7a610
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/certs_test.h
@@ -0,0 +1,4248 @@
+/* certs_test.h */
+
+#ifndef WOLFSSL_CERTS_TEST_H
+#define WOLFSSL_CERTS_TEST_H
+
+#ifdef USE_CERT_BUFFERS_1024
+
+/* ./certs/1024/client-key.der, 1024-bit */
+static const unsigned char client_key_der_1024[] =
+{
+ 0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+ 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9,
+ 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC,
+ 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC,
+ 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94,
+ 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D,
+ 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25,
+ 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC,
+ 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA,
+ 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77,
+ 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C,
+ 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE,
+ 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67,
+ 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02,
+ 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x13, 0x97, 0xEA,
+ 0xE8, 0x38, 0x78, 0x25, 0xA2, 0x5C, 0x04, 0xCE, 0x0D, 0x40,
+ 0x7C, 0x31, 0xE5, 0xC4, 0x70, 0xCD, 0x9B, 0x82, 0x3B, 0x58,
+ 0x09, 0x86, 0x3B, 0x66, 0x5F, 0xDC, 0x31, 0x90, 0xF1, 0x4F,
+ 0xD5, 0xDB, 0x15, 0xDD, 0xDE, 0xD7, 0x3B, 0x95, 0x93, 0x31,
+ 0x18, 0x31, 0x0E, 0x5E, 0xA3, 0xD6, 0xA2, 0x1A, 0x71, 0x6E,
+ 0x81, 0x48, 0x1C, 0x4B, 0xCF, 0xDB, 0x8E, 0x7A, 0x86, 0x61,
+ 0x32, 0xDC, 0xFB, 0x55, 0xC1, 0x16, 0x6D, 0x27, 0x92, 0x24,
+ 0x45, 0x8B, 0xF1, 0xB8, 0x48, 0xB1, 0x4B, 0x1D, 0xAC, 0xDE,
+ 0xDA, 0xDD, 0x8E, 0x2F, 0xC2, 0x91, 0xFB, 0xA5, 0xA9, 0x6E,
+ 0xF8, 0x3A, 0x6A, 0xF1, 0xFD, 0x50, 0x18, 0xEF, 0x9F, 0xE7,
+ 0xC3, 0xCA, 0x78, 0xEA, 0x56, 0xD3, 0xD3, 0x72, 0x5B, 0x96,
+ 0xDD, 0x4E, 0x06, 0x4E, 0x3A, 0xC3, 0xD9, 0xBE, 0x72, 0xB6,
+ 0x65, 0x07, 0x07, 0x4C, 0x01, 0x02, 0x41, 0x00, 0xFA, 0x47,
+ 0xD4, 0x7A, 0x7C, 0x92, 0x3C, 0x55, 0xEF, 0x81, 0xF0, 0x41,
+ 0x30, 0x2D, 0xA3, 0xCF, 0x8F, 0x1C, 0xE6, 0x87, 0x27, 0x05,
+ 0x70, 0x0D, 0xDF, 0x98, 0x35, 0xD6, 0xF1, 0x8B, 0x38, 0x2F,
+ 0x24, 0xB5, 0xD0, 0x84, 0xB6, 0x79, 0x4F, 0x71, 0x29, 0x94,
+ 0x5A, 0xF0, 0x64, 0x6A, 0xAC, 0xE7, 0x72, 0xC6, 0xED, 0x4D,
+ 0x59, 0x98, 0x3E, 0x67, 0x3A, 0xF3, 0x74, 0x2C, 0xF9, 0x61,
+ 0x17, 0x69, 0x02, 0x41, 0x00, 0xC0, 0xC1, 0x82, 0x0D, 0x0C,
+ 0xEB, 0xC6, 0x2F, 0xDC, 0x92, 0xF9, 0x9D, 0x82, 0x1A, 0x31,
+ 0xE9, 0xE9, 0xF7, 0x4B, 0xF2, 0x82, 0x87, 0x1C, 0xEE, 0x16,
+ 0x6A, 0xD1, 0x1D, 0x18, 0x82, 0x70, 0xF3, 0xC0, 0xB6, 0x2F,
+ 0xF6, 0xF3, 0xF7, 0x1D, 0xF1, 0x86, 0x23, 0xC8, 0x4E, 0xEB,
+ 0x8F, 0x56, 0x8E, 0x8F, 0xF5, 0xBF, 0xF1, 0xF7, 0x2B, 0xB5,
+ 0xCC, 0x3D, 0xC6, 0x57, 0x39, 0x0C, 0x1B, 0x54, 0x41, 0x02,
+ 0x41, 0x00, 0x9D, 0x7E, 0x05, 0xDE, 0xED, 0xF4, 0xB7, 0xB2,
+ 0xFB, 0xFC, 0x30, 0x4B, 0x55, 0x1D, 0xE3, 0x2F, 0x01, 0x47,
+ 0x96, 0x69, 0x05, 0xCD, 0x0E, 0x2E, 0x2C, 0xBD, 0x83, 0x63,
+ 0xB6, 0xAB, 0x7C, 0xB7, 0x6D, 0xCA, 0x5B, 0x64, 0xA7, 0xCE,
+ 0xBE, 0x86, 0xDF, 0x3B, 0x53, 0xDE, 0x61, 0xD2, 0x1E, 0xEB,
+ 0xA5, 0xF6, 0x37, 0xED, 0xAC, 0xAB, 0x78, 0xD9, 0x4C, 0xE7,
+ 0x55, 0xFB, 0xD7, 0x11, 0x99, 0xC1, 0x02, 0x40, 0x18, 0x98,
+ 0x18, 0x29, 0xE6, 0x1E, 0x27, 0x39, 0x70, 0x21, 0x68, 0xAC,
+ 0x0A, 0x2F, 0xA1, 0x72, 0xC1, 0x21, 0x86, 0x95, 0x38, 0xC6,
+ 0x58, 0x90, 0xA0, 0x57, 0x9C, 0xBA, 0xE3, 0xA7, 0xB1, 0x15,
+ 0xC8, 0xDE, 0xF6, 0x1B, 0xC2, 0x61, 0x23, 0x76, 0xEF, 0xB0,
+ 0x9D, 0x1C, 0x44, 0xBE, 0x13, 0x43, 0x39, 0x67, 0x17, 0xC8,
+ 0x9D, 0xCA, 0xFB, 0xF5, 0x45, 0x64, 0x8B, 0x38, 0x82, 0x2C,
+ 0xF2, 0x81, 0x02, 0x40, 0x39, 0x89, 0xE5, 0x9C, 0x19, 0x55,
+ 0x30, 0xBA, 0xB7, 0x48, 0x8C, 0x48, 0x14, 0x0E, 0xF4, 0x9F,
+ 0x7E, 0x77, 0x97, 0x43, 0xE1, 0xB4, 0x19, 0x35, 0x31, 0x23,
+ 0x75, 0x9C, 0x3B, 0x44, 0xAD, 0x69, 0x12, 0x56, 0xEE, 0x00,
+ 0x61, 0x64, 0x16, 0x66, 0xD3, 0x7C, 0x74, 0x2B, 0x15, 0xB4,
+ 0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12,
+ 0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2
+};
+static const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
+
+/* ./certs/1024/client-keyPub.der, 1024-bit */
+static const unsigned char client_keypub_der_1024[] =
+{
+ 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81,
+ 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xBC,
+ 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 0xEF, 0x18,
+ 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 0xB3, 0x6D,
+ 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 0xD1, 0x61,
+ 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 0xCA, 0xC1,
+ 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 0xC4, 0x61,
+ 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 0xBB, 0x8D,
+ 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 0x39, 0xA2,
+ 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 0x4D, 0x02,
+ 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 0xC9, 0x28,
+ 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 0xE8, 0xC1,
+ 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 0xF6, 0x90,
+ 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 0xC8, 0xDC,
+ 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 0x03, 0x01,
+ 0x00, 0x01
+};
+static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024);
+
+/* ./certs/1024/client-cert.der, 1024-bit */
+static const unsigned char client_cert_der_1024[] =
+{
+ 0x30, 0x82, 0x04, 0x02, 0x30, 0x82, 0x03, 0x6B, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xC5, 0x19, 0x90, 0xA1,
+ 0xC9, 0x01, 0x0F, 0xB9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+ 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F,
+ 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72,
+ 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32,
+ 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+ 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+ 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
+ 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+ 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
+ 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72,
+ 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D,
+ 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
+ 0x81, 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2,
+ 0xA9, 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8,
+ 0xEC, 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37,
+ 0xEC, 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF,
+ 0x94, 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8,
+ 0x4D, 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77,
+ 0x25, 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38,
+ 0xCC, 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA,
+ 0xDA, 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC,
+ 0x77, 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA,
+ 0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A,
+ 0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C,
+ 0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x44, 0x30,
+ 0x82, 0x01, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
+ 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD,
+ 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75,
+ 0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55,
+ 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14,
+ 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5,
+ 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC,
+ 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
+ 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77,
+ 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32,
+ 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B,
+ 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
+ 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+ 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+ 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
+ 0xC5, 0x19, 0x90, 0xA1, 0xC9, 0x01, 0x0F, 0xB9, 0x30, 0x0C,
+ 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
+ 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
+ 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00,
+ 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04,
+ 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81,
+ 0x81, 0x00, 0x30, 0xCE, 0x46, 0x43, 0x6D, 0x70, 0xE1, 0x6D,
+ 0xBB, 0x8F, 0x4A, 0x05, 0x64, 0xF7, 0x2C, 0x8D, 0x0E, 0xD6,
+ 0xF9, 0x1E, 0xB6, 0x2A, 0x8E, 0xED, 0x52, 0xE1, 0x7C, 0x44,
+ 0xBF, 0x59, 0x54, 0xDA, 0x2D, 0x31, 0x4D, 0xE6, 0x79, 0xD2,
+ 0xD0, 0xD8, 0xB4, 0xCF, 0x5B, 0x16, 0x0A, 0x16, 0xA1, 0xBE,
+ 0x62, 0x9F, 0x6C, 0x24, 0x46, 0x7B, 0xB8, 0xDD, 0xB8, 0x8D,
+ 0x7F, 0xFE, 0xF1, 0xAC, 0x62, 0x94, 0xE0, 0x34, 0xCE, 0x4C,
+ 0x59, 0x3A, 0xC5, 0x5A, 0xE6, 0x40, 0xD5, 0x60, 0x7E, 0x20,
+ 0x5D, 0xED, 0x43, 0x92, 0xD3, 0xF3, 0xEA, 0xE0, 0xD1, 0x57,
+ 0xC8, 0xCE, 0x41, 0x79, 0xDB, 0x81, 0x41, 0xC6, 0xF0, 0x0E,
+ 0x35, 0xD4, 0x6F, 0x92, 0x58, 0x2D, 0xD6, 0xB2, 0xEC, 0xF1,
+ 0x88, 0xFF, 0x6D, 0xCA, 0x63, 0xD6, 0x4A, 0x8D, 0x10, 0xA6,
+ 0x23, 0x06, 0x77, 0x9A, 0xD5, 0xAB, 0x9D, 0x64, 0x46, 0x02
+
+};
+static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
+
+/* ./certs/1024/dh1024.der, 1024-bit */
+static const unsigned char dh_key_der_1024[] =
+{
+ 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xA4, 0xD2, 0xB8,
+ 0x6E, 0x78, 0xF5, 0xD9, 0xED, 0x2D, 0x7C, 0xDD, 0xB6, 0x16,
+ 0x86, 0x5A, 0x4B, 0x05, 0x76, 0x90, 0xDD, 0x66, 0x61, 0xB9,
+ 0x6D, 0x52, 0xA7, 0x1C, 0xAF, 0x62, 0xC6, 0x69, 0x47, 0x7B,
+ 0x39, 0xF2, 0xFB, 0x94, 0xEC, 0xBC, 0x79, 0xFF, 0x24, 0x5E,
+ 0xEF, 0x79, 0xBB, 0x59, 0xB2, 0xFC, 0xCA, 0x07, 0xD6, 0xF4,
+ 0xE9, 0x34, 0xF7, 0xE8, 0x38, 0xE7, 0xD7, 0x33, 0x44, 0x1D,
+ 0xA3, 0x64, 0x76, 0x1A, 0x84, 0x97, 0x54, 0x74, 0x40, 0x84,
+ 0x1F, 0x15, 0xFE, 0x7C, 0x25, 0x2A, 0x2B, 0x25, 0xFD, 0x9E,
+ 0xC1, 0x89, 0x33, 0x8C, 0x39, 0x25, 0x2B, 0x40, 0xE6, 0xCD,
+ 0xF8, 0xA8, 0xA1, 0x8A, 0x53, 0xC6, 0x47, 0xB2, 0xA0, 0xD7,
+ 0x8F, 0xEB, 0x2E, 0x60, 0x0A, 0x0D, 0x4B, 0xF8, 0xB4, 0x94,
+ 0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9,
+ 0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02
+};
+static const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024);
+
+/* ./certs/1024/dsa1024.der, 1024-bit */
+static const unsigned char dsa_key_der_1024[] =
+{
+ 0x30, 0x82, 0x01, 0xBC, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+ 0x00, 0xF7, 0x4B, 0xF9, 0xBB, 0x15, 0x98, 0xEB, 0xDD, 0xDE,
+ 0x1E, 0x4E, 0x71, 0x88, 0x85, 0xF2, 0xB7, 0xBA, 0xE2, 0x4A,
+ 0xDA, 0x76, 0x40, 0xCD, 0x69, 0x48, 0x9E, 0x83, 0x7C, 0x11,
+ 0xF7, 0x65, 0x31, 0x78, 0xF5, 0x25, 0x2D, 0xF7, 0xB7, 0xF8,
+ 0x52, 0x3F, 0xBE, 0xD8, 0xB6, 0xC5, 0xFE, 0x18, 0x15, 0x5B,
+ 0xB9, 0xD5, 0x92, 0x86, 0xBC, 0xB2, 0x17, 0x7C, 0xD8, 0xB0,
+ 0xBE, 0xA0, 0x7C, 0xF2, 0xD5, 0x73, 0x7A, 0x58, 0x8F, 0x8D,
+ 0xE5, 0x4A, 0x00, 0x99, 0x83, 0x4A, 0xC0, 0x9E, 0x16, 0x09,
+ 0xA1, 0x10, 0x34, 0xD5, 0x19, 0xBB, 0x63, 0xE3, 0xDD, 0x83,
+ 0x74, 0x7F, 0x10, 0xCA, 0x73, 0x75, 0xEE, 0x31, 0x4A, 0xDD,
+ 0x9F, 0xE0, 0x02, 0x6A, 0x9D, 0xEE, 0xB2, 0x4B, 0xA7, 0x6B,
+ 0x2A, 0x6C, 0xC7, 0x86, 0x77, 0xE8, 0x04, 0x15, 0xDC, 0x92,
+ 0xB4, 0x7A, 0x29, 0x1F, 0x4E, 0x83, 0x63, 0x85, 0x55, 0x02,
+ 0x15, 0x00, 0xD2, 0x05, 0xE4, 0x73, 0xFB, 0xC1, 0x99, 0xC5,
+ 0xDC, 0x68, 0xA4, 0x8D, 0x92, 0x27, 0x3D, 0xE2, 0x52, 0x5F,
+ 0x89, 0x8B, 0x02, 0x81, 0x81, 0x00, 0xAA, 0x21, 0x02, 0x09,
+ 0x43, 0x6E, 0xFB, 0xA2, 0x54, 0x14, 0x85, 0x0A, 0xF4, 0x28,
+ 0x7C, 0xCB, 0xCC, 0xDB, 0xF5, 0x1E, 0xA2, 0x18, 0xA9, 0x21,
+ 0xDE, 0x88, 0x88, 0x33, 0x8C, 0x2E, 0xEB, 0x8D, 0xA3, 0xF0,
+ 0x1D, 0xC8, 0x8F, 0xF6, 0x7E, 0xF8, 0xCF, 0x12, 0xF5, 0xB4,
+ 0xA1, 0x11, 0x6F, 0x0C, 0xD4, 0xF0, 0x06, 0xAD, 0xC4, 0xFC,
+ 0x14, 0x45, 0xC7, 0x94, 0x15, 0xBC, 0x19, 0x4B, 0xAE, 0xEF,
+ 0x93, 0x6A, 0x4F, 0xCC, 0x14, 0xD8, 0x47, 0x8B, 0x39, 0x66,
+ 0x87, 0x02, 0xD4, 0x28, 0x0A, 0xB8, 0xEE, 0x09, 0x37, 0xF4,
+ 0x00, 0xA0, 0x04, 0xA7, 0x79, 0xA7, 0xD2, 0x3C, 0xF7, 0x34,
+ 0x43, 0x56, 0x8E, 0xD0, 0x7C, 0xC2, 0xD8, 0x4D, 0x0F, 0x89,
+ 0xED, 0x14, 0xC1, 0x2C, 0x9C, 0x4C, 0x19, 0x9B, 0x9E, 0xDC,
+ 0x53, 0x09, 0x9F, 0xDF, 0x2D, 0xF0, 0x0C, 0x27, 0x54, 0x3A,
+ 0x77, 0x14, 0x2D, 0xDE, 0x02, 0x81, 0x81, 0x00, 0xE8, 0x1F,
+ 0x7C, 0xB7, 0xC0, 0x54, 0x51, 0xA7, 0x28, 0x2D, 0x58, 0x7C,
+ 0xDE, 0xD4, 0x5C, 0xDD, 0xD5, 0x76, 0x84, 0x3C, 0x36, 0x20,
+ 0xC0, 0xC3, 0x25, 0xD7, 0x3A, 0x38, 0xE1, 0x54, 0xC8, 0xFD,
+ 0x40, 0x68, 0x1A, 0x21, 0x54, 0x26, 0x39, 0x14, 0xBF, 0xF6,
+ 0xA3, 0x9C, 0x5E, 0xD9, 0x2B, 0xF7, 0xC9, 0x25, 0xBA, 0x00,
+ 0x09, 0xCB, 0x7F, 0x0C, 0x4A, 0x24, 0xFD, 0x15, 0x16, 0x15,
+ 0x48, 0xCD, 0x0B, 0x52, 0x44, 0x40, 0x7B, 0x90, 0x63, 0x2B,
+ 0x90, 0x22, 0xC5, 0x18, 0x05, 0x80, 0x53, 0xAF, 0x83, 0x1F,
+ 0x54, 0xE2, 0xB0, 0xA2, 0x0B, 0x5A, 0x92, 0x24, 0xE1, 0x62,
+ 0x28, 0x3F, 0xB7, 0xCA, 0xB9, 0x89, 0xD6, 0xA0, 0xB7, 0xAD,
+ 0xAE, 0x05, 0xE1, 0xC1, 0x59, 0x40, 0xED, 0x4A, 0x1B, 0x68,
+ 0xA7, 0x7B, 0xFB, 0xC3, 0x20, 0x81, 0xEF, 0x4B, 0xF3, 0x69,
+ 0x91, 0xB0, 0xCE, 0x3A, 0xB0, 0x38, 0x02, 0x14, 0x25, 0x38,
+ 0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F,
+ 0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18
+};
+static const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024);
+
+/* ./certs/1024/rsa1024.der, 1024-bit */
+static const unsigned char rsa_key_der_1024[] =
+{
+ 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+ 0x00, 0xBE, 0x70, 0x70, 0xB8, 0x04, 0x18, 0xE5, 0x28, 0xFE,
+ 0x66, 0xD8, 0x90, 0x88, 0xE0, 0xF1, 0xB7, 0xC3, 0xD0, 0xD2,
+ 0x3E, 0xE6, 0x4B, 0x94, 0x74, 0xB0, 0xFF, 0xB0, 0xF7, 0x63,
+ 0xA5, 0xAB, 0x7E, 0xAF, 0xB6, 0x2B, 0xB7, 0x38, 0x16, 0x1A,
+ 0x50, 0xBF, 0xF1, 0xCA, 0x87, 0x3A, 0xD5, 0xB0, 0xDA, 0xF8,
+ 0x43, 0x7A, 0x15, 0xB9, 0x7E, 0xEA, 0x2A, 0x80, 0xD2, 0x51,
+ 0xB0, 0x35, 0xAF, 0x07, 0xF3, 0xF2, 0x5D, 0x24, 0x3A, 0x4B,
+ 0x87, 0x56, 0x48, 0x1B, 0x3C, 0x24, 0x9A, 0xDA, 0x70, 0x80,
+ 0xBD, 0x3C, 0x8B, 0x03, 0x4A, 0x0C, 0x83, 0x71, 0xDE, 0xE3,
+ 0x03, 0x70, 0xA2, 0xB7, 0x60, 0x09, 0x1B, 0x5E, 0xC7, 0x3D,
+ 0xA0, 0x64, 0x60, 0xE3, 0xA9, 0x06, 0x8D, 0xD3, 0xFF, 0x42,
+ 0xBB, 0x0A, 0x94, 0x27, 0x2D, 0x57, 0x42, 0x0D, 0xB0, 0x2D,
+ 0xE0, 0xBA, 0x18, 0x25, 0x60, 0x92, 0x11, 0x92, 0xF3, 0x02,
+ 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0E, 0xEE, 0x1D,
+ 0xC8, 0x2F, 0x7A, 0x0C, 0x2D, 0x44, 0x94, 0xA7, 0x91, 0xDD,
+ 0x49, 0x55, 0x6A, 0x04, 0xCE, 0x10, 0x4D, 0xA2, 0x1C, 0x76,
+ 0xCD, 0x17, 0x3B, 0x54, 0x92, 0x70, 0x9B, 0x82, 0x70, 0x72,
+ 0x32, 0x24, 0x07, 0x3F, 0x3C, 0x6C, 0x5F, 0xBC, 0x4C, 0xA6,
+ 0x86, 0x27, 0x94, 0xAD, 0x42, 0xDD, 0x87, 0xDC, 0xC0, 0x6B,
+ 0x44, 0x89, 0xF3, 0x3F, 0x1A, 0x3E, 0x11, 0x44, 0x84, 0x2E,
+ 0x69, 0x4C, 0xBB, 0x4A, 0x71, 0x1A, 0xBB, 0x9A, 0x52, 0x3C,
+ 0x6B, 0xDE, 0xBC, 0xB2, 0x7C, 0x51, 0xEF, 0x4F, 0x8F, 0x3A,
+ 0xDC, 0x50, 0x04, 0x4E, 0xB6, 0x31, 0x66, 0xA8, 0x8E, 0x06,
+ 0x3B, 0x51, 0xA9, 0xC1, 0x8A, 0xCB, 0xC4, 0x81, 0xCA, 0x2D,
+ 0x69, 0xEC, 0x88, 0xFC, 0x33, 0x88, 0xD1, 0xD4, 0x29, 0x47,
+ 0x87, 0x37, 0xF9, 0x6A, 0x22, 0x69, 0xB9, 0xC9, 0xFE, 0xEB,
+ 0x8C, 0xC5, 0x21, 0x41, 0x71, 0x02, 0x41, 0x00, 0xFD, 0x17,
+ 0x98, 0x42, 0x54, 0x1C, 0x23, 0xF8, 0xD7, 0x5D, 0xEF, 0x49,
+ 0x4F, 0xAF, 0xD9, 0x35, 0x6F, 0x08, 0xC6, 0xC7, 0x40, 0x5C,
+ 0x7E, 0x58, 0x86, 0xC2, 0xB2, 0x16, 0x39, 0x24, 0xC5, 0x06,
+ 0xB0, 0x3D, 0xAF, 0x02, 0xD2, 0x87, 0x77, 0xD2, 0x76, 0xBA,
+ 0xE3, 0x59, 0x60, 0x42, 0xF1, 0x16, 0xEF, 0x33, 0x0B, 0xF2,
+ 0x0B, 0xBA, 0x99, 0xCC, 0xB6, 0x4C, 0x46, 0x3F, 0x33, 0xE4,
+ 0xD4, 0x67, 0x02, 0x41, 0x00, 0xC0, 0xA0, 0x91, 0x6D, 0xFE,
+ 0x28, 0xE0, 0x81, 0x5A, 0x15, 0xA7, 0xC9, 0xA8, 0x98, 0xC6,
+ 0x0A, 0xAB, 0x00, 0xC5, 0x40, 0xC9, 0x21, 0xBB, 0xB2, 0x33,
+ 0x5A, 0xA7, 0xCB, 0x6E, 0xB8, 0x08, 0x56, 0x4A, 0x76, 0x28,
+ 0xE8, 0x6D, 0xBD, 0xF5, 0x26, 0x7B, 0xBF, 0xC5, 0x46, 0x45,
+ 0x0D, 0xEC, 0x7D, 0xEE, 0x82, 0xD6, 0xCA, 0x5F, 0x3D, 0x6E,
+ 0xCC, 0x94, 0x73, 0xCD, 0xCE, 0x86, 0x6E, 0x95, 0x95, 0x02,
+ 0x40, 0x38, 0xFD, 0x28, 0x1E, 0xBF, 0x5B, 0xBA, 0xC9, 0xDC,
+ 0x8C, 0xDD, 0x45, 0xAF, 0xB8, 0xD3, 0xFB, 0x11, 0x2E, 0x73,
+ 0xBC, 0x08, 0x05, 0x0B, 0xBA, 0x19, 0x56, 0x1B, 0xCD, 0x9F,
+ 0x3E, 0x65, 0x53, 0x15, 0x3A, 0x3E, 0x7F, 0x2F, 0x32, 0xAB,
+ 0xCB, 0x6B, 0x4A, 0xB7, 0xC8, 0xB7, 0x41, 0x3B, 0x92, 0x43,
+ 0x78, 0x46, 0x17, 0x51, 0x86, 0xC9, 0xFC, 0xEB, 0x8B, 0x8F,
+ 0x41, 0xCA, 0x08, 0x9B, 0xBF, 0x02, 0x41, 0x00, 0xAD, 0x9B,
+ 0x89, 0xB6, 0xF2, 0x8C, 0x70, 0xDA, 0xE4, 0x10, 0x04, 0x6B,
+ 0x11, 0x92, 0xAF, 0x5A, 0xCA, 0x08, 0x25, 0xBF, 0x60, 0x07,
+ 0x11, 0x1D, 0x68, 0x7F, 0x5A, 0x1F, 0x55, 0x28, 0x74, 0x0B,
+ 0x21, 0x8D, 0x21, 0x0D, 0x6A, 0x6A, 0xFB, 0xD9, 0xB5, 0x4A,
+ 0x7F, 0x47, 0xF7, 0xD0, 0xB6, 0xC6, 0x41, 0x02, 0x97, 0x07,
+ 0x49, 0x93, 0x1A, 0x9B, 0x33, 0x68, 0xB3, 0xA2, 0x61, 0x32,
+ 0xA5, 0x89, 0x02, 0x41, 0x00, 0x8F, 0xEF, 0xAD, 0xB5, 0xB0,
+ 0xB0, 0x7E, 0x86, 0x03, 0x43, 0x93, 0x6E, 0xDD, 0x3C, 0x2D,
+ 0x9B, 0x6A, 0x55, 0xFF, 0x6F, 0x3E, 0x70, 0x2A, 0xD4, 0xBF,
+ 0x1F, 0x8C, 0x93, 0x60, 0x9E, 0x6D, 0x2F, 0x18, 0x6C, 0x11,
+ 0x36, 0x98, 0x3F, 0x10, 0x78, 0xE8, 0x3E, 0x8F, 0xFE, 0x55,
+ 0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37,
+ 0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3
+};
+static const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024);
+
+/* ./certs/1024/ca-key.der, 1024-bit */
+static const unsigned char ca_key_der_1024[] =
+{
+ 0x30, 0x82, 0x02, 0x5E, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+ 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, 0xC3,
+ 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, 0x59,
+ 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, 0x17,
+ 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, 0x62,
+ 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, 0x0B,
+ 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, 0x2E,
+ 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, 0x80,
+ 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, 0xDB,
+ 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, 0x27,
+ 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, 0x01,
+ 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, 0x92,
+ 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, 0x88,
+ 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, 0x02,
+ 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x52, 0x35, 0x3D,
+ 0x01, 0x29, 0xA4, 0x95, 0x29, 0x71, 0x9B, 0x64, 0x6A, 0x2C,
+ 0xC3, 0xD2, 0xB5, 0xBE, 0x6E, 0x13, 0x9C, 0x8F, 0xB6, 0x26,
+ 0xD8, 0x76, 0x6B, 0xBD, 0x61, 0xBC, 0x63, 0x2D, 0xD5, 0x4D,
+ 0xBB, 0xCC, 0xC6, 0x3B, 0x89, 0xC8, 0xCE, 0x7B, 0x9B, 0x97,
+ 0xE7, 0x51, 0x67, 0x61, 0xDA, 0xA9, 0x83, 0x7B, 0xC8, 0x44,
+ 0xF5, 0x70, 0x5E, 0x3E, 0xD0, 0x7E, 0x51, 0xB9, 0x6E, 0x13,
+ 0x57, 0x08, 0x5C, 0xE1, 0x67, 0x4F, 0x61, 0x5E, 0xA5, 0x09,
+ 0xEC, 0x11, 0xDD, 0xE4, 0xB8, 0xB4, 0xF4, 0xE0, 0x63, 0x34,
+ 0x4C, 0xDA, 0x32, 0x20, 0x1F, 0x85, 0x41, 0x5D, 0xBC, 0xDB,
+ 0x24, 0xC5, 0xAF, 0xBE, 0x02, 0x5F, 0x22, 0xF1, 0x7C, 0xCC,
+ 0x05, 0x56, 0xA6, 0xA6, 0x37, 0x9A, 0xEB, 0xFF, 0x52, 0x2D,
+ 0xBF, 0x30, 0x4B, 0x9A, 0x1D, 0xEE, 0xAB, 0x9C, 0x2C, 0xE2,
+ 0xC1, 0xB8, 0x9D, 0xC9, 0x31, 0x02, 0x41, 0x00, 0xE9, 0x89,
+ 0x16, 0xCD, 0xAC, 0x2E, 0xF2, 0x4D, 0x66, 0x17, 0xBD, 0x78,
+ 0x12, 0x12, 0x8D, 0x8E, 0x84, 0x24, 0xDE, 0x2D, 0x50, 0x41,
+ 0x85, 0x8C, 0x34, 0x09, 0xFA, 0xFB, 0x6D, 0x87, 0x51, 0x4C,
+ 0x13, 0x28, 0xF0, 0x60, 0x11, 0x86, 0x3D, 0xC2, 0xA4, 0xCF,
+ 0x5E, 0xC5, 0x6F, 0x5B, 0x11, 0x32, 0x0A, 0xB5, 0x28, 0xD0,
+ 0x82, 0x47, 0x44, 0x26, 0x92, 0xE2, 0x78, 0x59, 0xB4, 0x08,
+ 0xB3, 0xFD, 0x02, 0x41, 0x00, 0xE1, 0x75, 0xB4, 0x6A, 0xB5,
+ 0x8C, 0x11, 0xFB, 0xCC, 0x42, 0x02, 0xC5, 0xDA, 0x48, 0xCE,
+ 0x29, 0x43, 0x14, 0x01, 0x9A, 0x2C, 0xB3, 0xA4, 0xCB, 0x73,
+ 0xEB, 0xA1, 0x35, 0x57, 0xAD, 0xB5, 0x16, 0x17, 0x80, 0x03,
+ 0x5F, 0x32, 0x37, 0xBE, 0xA2, 0x6F, 0xF9, 0x31, 0x84, 0xBF,
+ 0x00, 0x6E, 0x8D, 0x03, 0x0E, 0x30, 0x1C, 0xD0, 0x2F, 0x37,
+ 0xF0, 0x7E, 0xC2, 0x64, 0xBF, 0xEE, 0x4B, 0xE8, 0xFD, 0x02,
+ 0x41, 0x00, 0xE1, 0x99, 0x8B, 0x2B, 0xD8, 0x9F, 0xE9, 0x76,
+ 0x97, 0x9F, 0x6B, 0x6B, 0x28, 0x9A, 0x3F, 0xA1, 0x63, 0x4A,
+ 0x72, 0x4E, 0xF7, 0xEE, 0xB3, 0xE2, 0x43, 0x0B, 0x39, 0x27,
+ 0xD6, 0x21, 0x18, 0x8A, 0x13, 0x20, 0x43, 0x45, 0xAA, 0xE8,
+ 0x31, 0x95, 0x6C, 0xBC, 0xDE, 0xE2, 0x7F, 0xB6, 0x4B, 0xA0,
+ 0x39, 0xF3, 0xD3, 0x9F, 0xC9, 0x9A, 0xAA, 0xDD, 0x50, 0x9B,
+ 0xF2, 0x83, 0x45, 0x85, 0xFA, 0xC9, 0x02, 0x41, 0x00, 0xAF,
+ 0xB0, 0xC7, 0x7C, 0xF8, 0x28, 0x44, 0xC3, 0x50, 0xF2, 0x87,
+ 0xB2, 0xA2, 0x5D, 0x65, 0xBA, 0x25, 0xB9, 0x6B, 0x5E, 0x37,
+ 0x43, 0x6E, 0x41, 0xD4, 0xFD, 0x63, 0x4C, 0x6C, 0x1C, 0xC3,
+ 0x26, 0x89, 0xFD, 0x89, 0xA3, 0x1F, 0x40, 0xED, 0x5F, 0x2B,
+ 0x9E, 0xA6, 0x85, 0xE9, 0x49, 0x6E, 0xDC, 0x97, 0xEA, 0xF0,
+ 0x77, 0x23, 0x8C, 0x08, 0x2D, 0x72, 0xBA, 0x0D, 0x44, 0xBB,
+ 0x6F, 0x90, 0x09, 0x02, 0x41, 0x00, 0x91, 0xE4, 0x2E, 0xCA,
+ 0x8C, 0x0A, 0x69, 0x2F, 0x62, 0xE2, 0x62, 0x3B, 0xA5, 0x8D,
+ 0x5A, 0x2C, 0x56, 0x3E, 0x7F, 0x67, 0x42, 0x92, 0x12, 0x92,
+ 0x5F, 0xF3, 0x97, 0xDD, 0xE1, 0xA9, 0x7F, 0xAD, 0x2E, 0x2D,
+ 0xF4, 0x4A, 0x57, 0xB3, 0x7A, 0x10, 0xBD, 0xD7, 0xE4, 0xEC,
+ 0x6A, 0x08, 0x21, 0xE9, 0xF2, 0x46, 0x49, 0xD2, 0x69, 0x47,
+ 0x8A, 0x20, 0x4B, 0xF2, 0xB1, 0x52, 0x83, 0xAB, 0x6F, 0x10
+
+};
+static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024);
+
+/* ./certs/1024/ca-cert.der, 1024-bit */
+static const unsigned char ca_cert_der_1024[] =
+{
+ 0x30, 0x82, 0x03, 0xF3, 0x30, 0x82, 0x03, 0x5C, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x97, 0x1D, 0x33, 0x11,
+ 0xE8, 0x40, 0x6E, 0x95, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+ 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
+ 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
+ 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
+ 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77,
+ 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+ 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+ 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32,
+ 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x33, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x99,
+ 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
+ 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
+ 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31,
+ 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08,
+ 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43,
+ 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F,
+ 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
+ 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24,
+ 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16,
+ 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04,
+ 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50,
+ 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24,
+ 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8,
+ 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2,
+ 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54,
+ 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72,
+ 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B,
+ 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94,
+ 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5,
+ 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3F, 0x30,
+ 0x82, 0x01, 0x3B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
+ 0x04, 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0,
+ 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36,
+ 0x3A, 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55,
+ 0x1D, 0x23, 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14,
+ 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED,
+ 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8,
+ 0xA1, 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11,
+ 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53,
+ 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30,
+ 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F,
+ 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31,
+ 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+ 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+ 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x97, 0x1D, 0x33, 0x11, 0xE8,
+ 0x40, 0x6E, 0x95, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13,
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06,
+ 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
+ 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06,
+ 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
+ 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08,
+ 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D,
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
+ 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4E, 0xB1, 0x39,
+ 0x6A, 0x23, 0xA3, 0x65, 0x17, 0x14, 0xB6, 0x52, 0x2E, 0x86,
+ 0x46, 0xD5, 0x4F, 0x7C, 0xD5, 0x6C, 0xBB, 0xFA, 0x66, 0xB1,
+ 0x71, 0x54, 0xA1, 0xAD, 0x0E, 0xA2, 0xB7, 0xBA, 0x59, 0x65,
+ 0x8B, 0xD5, 0x87, 0x5D, 0x51, 0xD0, 0x65, 0xDE, 0x74, 0x04,
+ 0x80, 0x7C, 0xDA, 0x3A, 0x52, 0x57, 0x7A, 0x1D, 0x5D, 0x46,
+ 0x7A, 0x06, 0x79, 0x75, 0xE5, 0x31, 0xDD, 0x1D, 0xF6, 0x54,
+ 0x77, 0xFC, 0x40, 0x13, 0xA1, 0x5B, 0xFD, 0x9E, 0x7D, 0x1C,
+ 0xFD, 0x04, 0x4F, 0x7C, 0xEE, 0x92, 0xA2, 0x80, 0x55, 0x3C,
+ 0x3F, 0x2A, 0x1C, 0xBD, 0x3A, 0x37, 0x12, 0x0E, 0xFD, 0x52,
+ 0x60, 0x66, 0x19, 0xD5, 0x4B, 0xF6, 0x35, 0x50, 0xA3, 0x59,
+ 0xD3, 0x7F, 0x6D, 0x95, 0xD7, 0x56, 0x10, 0xC6, 0x86, 0x28,
+ 0xF4, 0x6E, 0x6D, 0xDA, 0x4E, 0x1C, 0xB4, 0xE9, 0x0B, 0x4C,
+ 0xED, 0x62, 0x0F, 0x64, 0x06
+};
+static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024);
+
+/* ./certs/1024/server-key.der, 1024-bit */
+static const unsigned char server_key_der_1024[] =
+{
+ 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+ 0x00, 0xAA, 0x3E, 0xA5, 0x9C, 0xD3, 0x17, 0x49, 0x65, 0x43,
+ 0xDE, 0xD0, 0xF3, 0x4B, 0x1C, 0xDB, 0x49, 0x0C, 0xFC, 0x7A,
+ 0x65, 0x05, 0x6D, 0xDE, 0x6A, 0xC4, 0xE4, 0x73, 0x2C, 0x8A,
+ 0x96, 0x82, 0x8F, 0x23, 0xA5, 0x06, 0x71, 0x1C, 0x06, 0x3E,
+ 0x2F, 0x92, 0x8D, 0x0B, 0x29, 0x34, 0x45, 0x59, 0xE9, 0xA9,
+ 0xBC, 0x61, 0xD7, 0x24, 0x37, 0x5D, 0xB5, 0xC4, 0x37, 0x8D,
+ 0xBA, 0x67, 0xB2, 0xEF, 0x03, 0x27, 0xFA, 0xC1, 0xB4, 0xCD,
+ 0x6B, 0x00, 0x66, 0xB4, 0xD6, 0x73, 0x70, 0x1F, 0x08, 0x3A,
+ 0xCC, 0x77, 0xAD, 0xE9, 0xF9, 0x34, 0xD4, 0xF3, 0xA0, 0x2D,
+ 0xA9, 0xE7, 0x58, 0xA9, 0xC0, 0x61, 0x84, 0xB6, 0xEC, 0x3D,
+ 0x0A, 0xAD, 0xFD, 0x5C, 0x86, 0x73, 0xAA, 0x6B, 0x47, 0xD8,
+ 0x8B, 0x2E, 0x58, 0x4B, 0x69, 0x12, 0x82, 0x26, 0x55, 0xE6,
+ 0x14, 0xBF, 0x55, 0x70, 0x88, 0xFE, 0xF9, 0x75, 0xE1, 0x02,
+ 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0A, 0x4C, 0xC1,
+ 0xFE, 0x4B, 0xF3, 0x23, 0xB8, 0xA1, 0xB3, 0x90, 0x56, 0xB7,
+ 0xDB, 0xA6, 0x14, 0xB4, 0x59, 0x6E, 0x1A, 0x40, 0x8A, 0xD6,
+ 0x23, 0x05, 0x88, 0x80, 0xC3, 0x58, 0x1B, 0x25, 0x08, 0xFD,
+ 0xF2, 0x15, 0x02, 0xB0, 0xDC, 0x5B, 0xD4, 0xCA, 0xFC, 0x07,
+ 0x89, 0xD5, 0xA4, 0xC0, 0x7C, 0xD7, 0x8D, 0x13, 0x2A, 0x4E,
+ 0x01, 0x9F, 0x84, 0xC8, 0xBB, 0x47, 0xB2, 0xD8, 0x65, 0x45,
+ 0xFA, 0x84, 0x9F, 0x88, 0xD0, 0xF4, 0xF5, 0x22, 0x35, 0x77,
+ 0x11, 0x67, 0x1C, 0xDE, 0x5F, 0x85, 0x6D, 0x55, 0xD8, 0xA7,
+ 0x07, 0x15, 0x8C, 0xE1, 0xB0, 0xA7, 0x79, 0xB4, 0x47, 0x9D,
+ 0x70, 0xB3, 0xD2, 0xF1, 0x1F, 0x41, 0x4C, 0x65, 0x72, 0x26,
+ 0xEB, 0x66, 0xC8, 0x95, 0xF6, 0x6D, 0x87, 0x35, 0x53, 0xFE,
+ 0xB1, 0x52, 0x4D, 0x76, 0x5B, 0x61, 0x53, 0x89, 0xB1, 0x20,
+ 0x1A, 0x8B, 0xE4, 0x7D, 0xF1, 0x02, 0x41, 0x00, 0xD9, 0x6E,
+ 0xE1, 0xD9, 0x06, 0x56, 0xA1, 0xF6, 0xDF, 0x54, 0x45, 0xC5,
+ 0xEC, 0x6A, 0xC8, 0x2A, 0x38, 0x4E, 0x6B, 0xC6, 0xE8, 0xEA,
+ 0xFB, 0x6F, 0x65, 0x2D, 0xBA, 0xDE, 0x27, 0x63, 0x37, 0x21,
+ 0x2E, 0xA4, 0x55, 0xAB, 0xE7, 0xDB, 0xCE, 0x71, 0xE1, 0x08,
+ 0xFC, 0xF2, 0xCA, 0x52, 0x33, 0x55, 0xE8, 0x39, 0xB3, 0xDA,
+ 0xC5, 0xB0, 0x69, 0x84, 0x6E, 0xE3, 0xCF, 0x47, 0x80, 0xA6,
+ 0xB6, 0x85, 0x02, 0x41, 0x00, 0xC8, 0x71, 0x0D, 0x37, 0x47,
+ 0xE1, 0x7B, 0x21, 0x2D, 0x11, 0x2D, 0x95, 0x2E, 0xC7, 0xD0,
+ 0xB6, 0xD3, 0x7C, 0x5C, 0x93, 0x3C, 0x5B, 0x22, 0xE5, 0xE0,
+ 0x8B, 0x6D, 0x47, 0xF9, 0x14, 0x0F, 0x9E, 0x08, 0x1B, 0x53,
+ 0xAB, 0x0A, 0xA9, 0xE4, 0x7F, 0x40, 0xD3, 0xDF, 0x62, 0x74,
+ 0x10, 0xA2, 0xFE, 0x83, 0x1F, 0xCF, 0x55, 0x66, 0xEB, 0x5D,
+ 0xC5, 0x83, 0xBA, 0xEC, 0x9F, 0xD2, 0xB5, 0x06, 0xAD, 0x02,
+ 0x41, 0x00, 0xB7, 0x68, 0x19, 0xA7, 0xC7, 0xF9, 0xF1, 0x9A,
+ 0xDD, 0x5D, 0x27, 0x91, 0xC1, 0x4F, 0x7D, 0x52, 0x67, 0xB6,
+ 0x76, 0xA1, 0x0D, 0x3D, 0x91, 0x23, 0xB0, 0xB3, 0xF7, 0x49,
+ 0x86, 0xED, 0xE0, 0xC5, 0xE3, 0xA3, 0x09, 0x04, 0xFD, 0x89,
+ 0xE2, 0xC5, 0x1A, 0x6E, 0x4B, 0x77, 0xBD, 0x03, 0xC3, 0x7B,
+ 0xB6, 0x6C, 0x5D, 0xF2, 0xAF, 0x08, 0x94, 0xA8, 0xFA, 0x24,
+ 0xBD, 0x66, 0x71, 0xF5, 0xAE, 0x45, 0x02, 0x40, 0x15, 0x52,
+ 0xD1, 0x91, 0x1B, 0xF8, 0x84, 0xDC, 0xD6, 0xAA, 0x89, 0x2A,
+ 0xE1, 0xBB, 0x28, 0x1D, 0x0B, 0x0A, 0xA3, 0xDE, 0x96, 0x01,
+ 0x2C, 0x09, 0x40, 0x86, 0x14, 0xAE, 0x1F, 0x75, 0x5E, 0xE3,
+ 0xF5, 0x00, 0xD3, 0x39, 0xD2, 0xFC, 0x97, 0xEE, 0x61, 0xBB,
+ 0x28, 0x7C, 0x94, 0xD4, 0x60, 0x42, 0xAB, 0x38, 0x6B, 0x1A,
+ 0x2E, 0xC4, 0xC3, 0x49, 0x0B, 0xE6, 0x8A, 0xDD, 0xC5, 0xD0,
+ 0xB4, 0x51, 0x02, 0x41, 0x00, 0xA9, 0x8B, 0xA7, 0xA9, 0xEE,
+ 0xAE, 0xBB, 0x17, 0xCB, 0x72, 0xF2, 0x50, 0x22, 0x9D, 0xB3,
+ 0xDF, 0xE0, 0x40, 0x37, 0x08, 0xD5, 0x7F, 0x19, 0x58, 0x80,
+ 0x70, 0x79, 0x69, 0x99, 0xDF, 0x62, 0x0D, 0x21, 0xAB, 0xDD,
+ 0xB2, 0xCE, 0x68, 0xB3, 0x9F, 0x87, 0xAF, 0x55, 0xF4, 0xAA,
+ 0xE1, 0x00, 0x72, 0xBE, 0x6E, 0xC3, 0x94, 0x49, 0xDC, 0xBB,
+ 0x8E, 0x1A, 0x78, 0xE5, 0x49, 0x1F, 0x55, 0x41, 0xA1
+};
+static const int sizeof_server_key_der_1024 = sizeof(server_key_der_1024);
+
+/* ./certs/1024/server-cert.der, 1024-bit */
+static const unsigned char server_cert_der_1024[] =
+{
+ 0x30, 0x82, 0x03, 0xE7, 0x30, 0x82, 0x03, 0x50, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05,
+ 0x00, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F,
+ 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
+ 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55,
+ 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F,
+ 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+ 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74,
+ 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+ 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+ 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17,
+ 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34,
+ 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x31,
+ 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x30,
+ 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31,
+ 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0C,
+ 0x53, 0x75, 0x70, 0x70, 0x6F, 0x72, 0x74, 0x5F, 0x31, 0x30,
+ 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
+ 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
+ 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
+ 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+ 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
+ 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00,
+ 0xAA, 0x3E, 0xA5, 0x9C, 0xD3, 0x17, 0x49, 0x65, 0x43, 0xDE,
+ 0xD0, 0xF3, 0x4B, 0x1C, 0xDB, 0x49, 0x0C, 0xFC, 0x7A, 0x65,
+ 0x05, 0x6D, 0xDE, 0x6A, 0xC4, 0xE4, 0x73, 0x2C, 0x8A, 0x96,
+ 0x82, 0x8F, 0x23, 0xA5, 0x06, 0x71, 0x1C, 0x06, 0x3E, 0x2F,
+ 0x92, 0x8D, 0x0B, 0x29, 0x34, 0x45, 0x59, 0xE9, 0xA9, 0xBC,
+ 0x61, 0xD7, 0x24, 0x37, 0x5D, 0xB5, 0xC4, 0x37, 0x8D, 0xBA,
+ 0x67, 0xB2, 0xEF, 0x03, 0x27, 0xFA, 0xC1, 0xB4, 0xCD, 0x6B,
+ 0x00, 0x66, 0xB4, 0xD6, 0x73, 0x70, 0x1F, 0x08, 0x3A, 0xCC,
+ 0x77, 0xAD, 0xE9, 0xF9, 0x34, 0xD4, 0xF3, 0xA0, 0x2D, 0xA9,
+ 0xE7, 0x58, 0xA9, 0xC0, 0x61, 0x84, 0xB6, 0xEC, 0x3D, 0x0A,
+ 0xAD, 0xFD, 0x5C, 0x86, 0x73, 0xAA, 0x6B, 0x47, 0xD8, 0x8B,
+ 0x2E, 0x58, 0x4B, 0x69, 0x12, 0x82, 0x26, 0x55, 0xE6, 0x14,
+ 0xBF, 0x55, 0x70, 0x88, 0xFE, 0xF9, 0x75, 0xE1, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3F, 0x30, 0x82, 0x01,
+ 0x3B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
+ 0x04, 0x14, 0xD9, 0x3C, 0x35, 0xEA, 0x74, 0x0E, 0x23, 0xBE,
+ 0x9C, 0xFC, 0xFA, 0x29, 0x90, 0x09, 0xC1, 0xE7, 0x84, 0x16,
+ 0x9F, 0x7C, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D, 0x23,
+ 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3, 0x22,
+ 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71,
+ 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, 0x81,
+ 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+ 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
+ 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F,
+ 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77,
+ 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73,
+ 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32,
+ 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x82, 0x09, 0x00, 0x97, 0x1D, 0x33, 0x11, 0xE8, 0x40, 0x6E,
+ 0x95, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05,
+ 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55,
+ 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78,
+ 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
+ 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55,
+ 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06,
+ 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06,
+ 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05,
+ 0x00, 0x03, 0x81, 0x81, 0x00, 0x27, 0x0A, 0x4E, 0x08, 0x8C,
+ 0xBA, 0x73, 0xD0, 0x05, 0xF2, 0xEA, 0xF9, 0x51, 0x8C, 0x7E,
+ 0x29, 0x14, 0x23, 0x8E, 0x9E, 0x9A, 0xFC, 0x46, 0x6F, 0x10,
+ 0x68, 0x59, 0xD9, 0xA0, 0xEA, 0x53, 0x19, 0xBD, 0x28, 0x89,
+ 0xE1, 0x97, 0x1E, 0x4C, 0xB8, 0x1E, 0xBE, 0x0F, 0x4D, 0x9D,
+ 0x1D, 0x76, 0x57, 0x17, 0x31, 0x95, 0xC2, 0x80, 0xBE, 0x04,
+ 0xD0, 0xC2, 0xE9, 0x5C, 0xE0, 0xF4, 0x81, 0x3F, 0xC4, 0xB0,
+ 0xC5, 0x86, 0xAE, 0x58, 0x68, 0xB9, 0xAE, 0x0F, 0x88, 0xE8,
+ 0x63, 0x6F, 0xB9, 0x08, 0xF1, 0x1B, 0x56, 0x90, 0xFB, 0x1F,
+ 0x2E, 0xCC, 0xE5, 0x69, 0x1F, 0x7C, 0x02, 0x4F, 0xED, 0xB0,
+ 0x45, 0x7C, 0x2D, 0xA8, 0x59, 0x11, 0xA5, 0x95, 0x51, 0xC7,
+ 0x50, 0xD8, 0x89, 0xC2, 0x90, 0x63, 0x68, 0xA8, 0x41, 0x6F,
+ 0xD0, 0x37, 0x26, 0x6F, 0xC8, 0x0E, 0xB5, 0xA0, 0x15, 0x9D,
+ 0xA5, 0xE6, 0xD2
+};
+static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024);
+
+#endif /* USE_CERT_BUFFERS_1024 */
+
+#ifdef USE_CERT_BUFFERS_2048
+
+/* ./certs/client-key.der, 2048-bit */
+static const unsigned char client_key_der_2048[] =
+{
+ 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32,
+ 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A,
+ 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2,
+ 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44,
+ 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67,
+ 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7,
+ 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E,
+ 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65,
+ 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7,
+ 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78,
+ 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2,
+ 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51,
+ 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4,
+ 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0,
+ 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43,
+ 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86,
+ 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72,
+ 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF,
+ 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03,
+ 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3,
+ 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A,
+ 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25,
+ 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18,
+ 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84,
+ 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE,
+ 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6,
+ 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1,
+ 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C,
+ 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D,
+ 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9,
+ 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5,
+ 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E,
+ 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1,
+ 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E,
+ 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE,
+ 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60,
+ 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47,
+ 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C,
+ 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD,
+ 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E,
+ 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B,
+ 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8,
+ 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33,
+ 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56,
+ 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE,
+ 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4,
+ 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3,
+ 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B,
+ 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92,
+ 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50,
+ 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11,
+ 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24,
+ 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88,
+ 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC,
+ 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A,
+ 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06,
+ 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7,
+ 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38,
+ 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F,
+ 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F,
+ 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5,
+ 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03,
+ 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2,
+ 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B,
+ 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00,
+ 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B,
+ 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18,
+ 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9,
+ 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0,
+ 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6,
+ 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35,
+ 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D,
+ 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D,
+ 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA,
+ 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67,
+ 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4,
+ 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5,
+ 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81,
+ 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF,
+ 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D,
+ 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3,
+ 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41,
+ 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35,
+ 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F,
+ 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7,
+ 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91,
+ 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76,
+ 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E,
+ 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75,
+ 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8,
+ 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02,
+ 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19,
+ 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05,
+ 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC,
+ 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B,
+ 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1,
+ 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC,
+ 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7,
+ 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6,
+ 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F,
+ 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56,
+ 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18,
+ 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95,
+ 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC,
+ 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67,
+ 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2,
+ 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70,
+ 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E,
+ 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F,
+ 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3,
+ 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57,
+ 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5,
+ 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6,
+ 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD,
+ 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38,
+ 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1,
+ 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD,
+ 0xF5, 0xBF
+};
+static const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
+
+/* ./certs/client-keyPub.der, 2048-bit */
+static const unsigned char client_keypub_der_2048[] =
+{
+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
+ 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82,
+ 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4,
+ 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74,
+ 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36,
+ 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3,
+ 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B,
+ 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B,
+ 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81,
+ 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F,
+ 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34,
+ 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A,
+ 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D,
+ 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37,
+ 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35,
+ 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97,
+ 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B,
+ 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D,
+ 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40,
+ 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE,
+ 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12,
+ 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B,
+ 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9,
+ 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF,
+ 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40,
+ 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97,
+ 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0,
+ 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02,
+ 0x03, 0x01, 0x00, 0x01
+};
+static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048);
+
+/* ./certs/client-cert.der, 2048-bit */
+static const unsigned char client_cert_der_2048[] =
+{
+ 0x30, 0x82, 0x05, 0x07, 0x30, 0x82, 0x03, 0xEF, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF1, 0x5C, 0x99, 0x43,
+ 0x66, 0x3D, 0x96, 0x04, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+ 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F,
+ 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72,
+ 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34,
+ 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+ 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+ 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
+ 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+ 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
+ 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72,
+ 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D,
+ 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01,
+ 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B,
+ 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B,
+ 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47,
+ 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69,
+ 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D,
+ 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C,
+ 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF,
+ 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF,
+ 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89,
+ 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67,
+ 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6,
+ 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1,
+ 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1,
+ 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E,
+ 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81,
+ 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32,
+ 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83,
+ 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24,
+ 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C,
+ 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D,
+ 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C,
+ 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA,
+ 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71,
+ 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E,
+ 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15,
+ 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1,
+ 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01,
+ 0x44, 0x30, 0x82, 0x01, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55,
+ 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66,
+ 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91,
+ 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xD3, 0x06,
+ 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8,
+ 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
+ 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85,
+ 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81,
+ 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+ 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
+ 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+ 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+ 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32,
+ 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
+ 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61,
+ 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38,
+ 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+ 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+ 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D,
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+ 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
+ 0x09, 0x00, 0xF1, 0x5C, 0x99, 0x43, 0x66, 0x3D, 0x96, 0x04,
+ 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
+ 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
+ 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
+ 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04,
+ 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D,
+ 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01,
+ 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
+ 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
+ 0x03, 0x82, 0x01, 0x01, 0x00, 0xBA, 0x2B, 0x48, 0xD1, 0xA8,
+ 0xE3, 0xC2, 0x84, 0x42, 0x96, 0xA1, 0x7C, 0xE5, 0xF1, 0x46,
+ 0xBA, 0x4C, 0xF7, 0x87, 0x57, 0xC7, 0x78, 0xC8, 0xC1, 0x32,
+ 0xC4, 0x69, 0xFF, 0x85, 0xBB, 0x5D, 0x6A, 0xDD, 0xC9, 0x87,
+ 0x7E, 0xFE, 0xBB, 0xF4, 0xFD, 0x15, 0x0A, 0x4C, 0x94, 0x95,
+ 0x80, 0x30, 0x90, 0x45, 0x03, 0xF8, 0x33, 0x87, 0xCA, 0x5F,
+ 0x74, 0x38, 0xA4, 0xD0, 0x5A, 0xC7, 0x65, 0x38, 0xC3, 0xB0,
+ 0xE8, 0x87, 0xB1, 0x49, 0x32, 0xB9, 0xAC, 0xE9, 0xFB, 0xD3,
+ 0x08, 0x1D, 0xA4, 0x51, 0x7B, 0xD7, 0xD9, 0x4B, 0x79, 0x35,
+ 0xA2, 0x3A, 0x0B, 0xE4, 0x0C, 0xA0, 0x02, 0x9C, 0xA1, 0x68,
+ 0xE1, 0x5D, 0x6C, 0x8E, 0x2E, 0x3A, 0x24, 0xDE, 0xBB, 0xD6,
+ 0x1C, 0xA7, 0xAC, 0x2E, 0xCD, 0x57, 0x44, 0x48, 0xF6, 0x72,
+ 0xE0, 0xC7, 0x5B, 0x93, 0xDC, 0x7D, 0x5B, 0x64, 0x0E, 0x17,
+ 0x84, 0x68, 0x2C, 0x95, 0x1D, 0x2C, 0x86, 0xD6, 0xB0, 0x74,
+ 0x67, 0x51, 0x6E, 0x7B, 0xF4, 0xD5, 0x61, 0x38, 0x51, 0xB3,
+ 0x18, 0xE3, 0x10, 0x16, 0x73, 0x4B, 0x36, 0x8A, 0x8A, 0x62,
+ 0x05, 0xF5, 0x56, 0x8A, 0xBE, 0x21, 0xE1, 0x78, 0x7D, 0xBF,
+ 0xAD, 0x45, 0xF9, 0x0B, 0xF5, 0xAF, 0xA0, 0x62, 0x01, 0xFD,
+ 0x3F, 0x49, 0xDF, 0x39, 0x3C, 0xFF, 0x46, 0xE8, 0x0A, 0xFE,
+ 0x5C, 0x6B, 0xBB, 0x41, 0xA5, 0x64, 0xF1, 0x5C, 0x9B, 0x51,
+ 0x4C, 0xBC, 0x6D, 0x9F, 0xA3, 0x20, 0xED, 0xE9, 0x48, 0xE1,
+ 0xA9, 0xBE, 0x08, 0x2D, 0x85, 0x42, 0x59, 0xD6, 0x43, 0x7D,
+ 0x47, 0x22, 0xA5, 0xFA, 0x1F, 0xA2, 0x58, 0x76, 0x0B, 0x70,
+ 0x1C, 0x1D, 0x59, 0x1D, 0xAA, 0xBE, 0x5D, 0x2D, 0x25, 0x7C,
+ 0xB1, 0x06, 0xB6, 0xC0, 0xAA, 0x28, 0xAA, 0x93, 0x7C, 0xD0,
+ 0xBD, 0x43, 0xAD, 0x91, 0x50, 0x1C, 0x7B, 0x4D, 0xF3, 0xE4,
+ 0xD7
+};
+static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
+
+/* ./certs/dh2048.der, 2048-bit */
+static const unsigned char dh_key_der_2048[] =
+{
+ 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0,
+ 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C,
+ 0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6,
+ 0xEF, 0x4A, 0xC6, 0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53,
+ 0x0A, 0x5C, 0x91, 0xDD, 0xA2, 0xC2, 0x94, 0x84, 0xBF, 0x7D,
+ 0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A, 0xC5, 0xBE, 0x72,
+ 0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07, 0x85,
+ 0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9,
+ 0x3D, 0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69,
+ 0xD1, 0x17, 0x46, 0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17,
+ 0x39, 0x6D, 0x30, 0x8D, 0x2A, 0xF3, 0x94, 0xD3, 0x75, 0xCF,
+ 0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A, 0x70, 0x05, 0xAA,
+ 0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38, 0x50,
+ 0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09,
+ 0xAE, 0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9,
+ 0x12, 0x7E, 0x5A, 0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76,
+ 0xCC, 0x16, 0x30, 0xDB, 0x0C, 0xFC, 0xC5, 0x62, 0xA7, 0x35,
+ 0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36, 0xF6, 0xD9, 0xC9,
+ 0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA, 0x6C,
+ 0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4,
+ 0x48, 0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6,
+ 0x30, 0x07, 0x48, 0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1,
+ 0xE3, 0x48, 0xD3, 0x58, 0x4B, 0xA6, 0xB9, 0xCD, 0x29, 0xBF,
+ 0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F, 0x5C, 0x6B, 0xD6,
+ 0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B, 0xBB,
+ 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E,
+ 0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02
+};
+static const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048);
+
+/* ./certs/dh-pubkey-2048.der, 2048-bit */
+static const unsigned char dh_pub_key_der_2048[] =
+{
+ 0x30, 0x82, 0x02, 0x24, 0x30, 0x82, 0x01, 0x17, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x03, 0x01, 0x30,
+ 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xD3, 0xB2,
+ 0x99, 0x84, 0x5C, 0x0A, 0x4C, 0xE7, 0x37, 0xCC, 0xFC, 0x18,
+ 0x37, 0x01, 0x2F, 0x5D, 0xC1, 0x4C, 0xF4, 0x5C, 0xC9, 0x82,
+ 0x8D, 0xB7, 0xF3, 0xD4, 0xA9, 0x8A, 0x9D, 0x34, 0xD7, 0x76,
+ 0x57, 0xE5, 0xE5, 0xC3, 0xE5, 0x16, 0x85, 0xCA, 0x4D, 0xD6,
+ 0x5B, 0xC1, 0xF8, 0xCF, 0x89, 0x26, 0xD0, 0x38, 0x8A, 0xEE,
+ 0xF3, 0xCD, 0x33, 0xE5, 0x56, 0xBB, 0x90, 0x83, 0x9F, 0x97,
+ 0x8E, 0x71, 0xFB, 0x27, 0xE4, 0x35, 0x15, 0x45, 0x86, 0x09,
+ 0x71, 0xA8, 0x9A, 0xB9, 0x3E, 0x0F, 0x51, 0x8A, 0xC2, 0x75,
+ 0x51, 0x23, 0x12, 0xFB, 0x94, 0x31, 0x44, 0xBF, 0xCE, 0xF6,
+ 0xED, 0xA6, 0x3A, 0xB7, 0x92, 0xCE, 0x16, 0xA9, 0x14, 0xB3,
+ 0x88, 0xB7, 0x13, 0x81, 0x71, 0x83, 0x88, 0xCD, 0xB1, 0xA2,
+ 0x37, 0xE1, 0x59, 0x5C, 0xD0, 0xDC, 0xCA, 0x82, 0x87, 0xFA,
+ 0x43, 0x44, 0xDD, 0x78, 0x3F, 0xCA, 0x27, 0x7E, 0xE1, 0x6B,
+ 0x93, 0x19, 0x7C, 0xD9, 0xA6, 0x96, 0x47, 0x0D, 0x12, 0xC1,
+ 0x13, 0xD7, 0xB9, 0x0A, 0x40, 0xD9, 0x1F, 0xFF, 0xB8, 0xB4,
+ 0x00, 0xC8, 0xAA, 0x5E, 0xD2, 0x66, 0x4A, 0x05, 0x8E, 0x9E,
+ 0xF5, 0x34, 0xE7, 0xD7, 0x09, 0x7B, 0x15, 0x49, 0x1D, 0x76,
+ 0x31, 0xD6, 0x71, 0xEC, 0x13, 0x4E, 0x89, 0x8C, 0x09, 0x22,
+ 0xD8, 0xE7, 0xA3, 0xE9, 0x7D, 0x21, 0x51, 0x26, 0x6E, 0x9F,
+ 0x30, 0x8A, 0xBB, 0xBC, 0x74, 0xC1, 0xC3, 0x27, 0x6A, 0xCE,
+ 0xA3, 0x12, 0x60, 0x68, 0x01, 0xD2, 0x34, 0x07, 0x80, 0xCC,
+ 0x2D, 0x7F, 0x5C, 0xAE, 0xA2, 0x97, 0x40, 0xC8, 0x3C, 0xAC,
+ 0xDB, 0x6F, 0xFE, 0x6C, 0x6D, 0xD2, 0x06, 0x1C, 0x43, 0xA2,
+ 0xB2, 0x2B, 0x82, 0xB7, 0xD0, 0xAB, 0x3F, 0x2C, 0xE7, 0x9C,
+ 0x19, 0x16, 0xD1, 0x5E, 0x26, 0x86, 0xC7, 0x92, 0xF9, 0x16,
+ 0x0B, 0xFA, 0x66, 0x83, 0x02, 0x01, 0x02, 0x03, 0x82, 0x01,
+ 0x05, 0x00, 0x02, 0x82, 0x01, 0x00, 0x34, 0x41, 0xBF, 0xE9,
+ 0xF2, 0x11, 0xBF, 0x05, 0xDB, 0xB2, 0x72, 0xA8, 0x29, 0xCC,
+ 0xBD, 0x93, 0xEB, 0x14, 0x5D, 0x2C, 0x6B, 0x84, 0x4E, 0x96,
+ 0x12, 0xB3, 0x38, 0xBA, 0x8A, 0x46, 0x7C, 0x36, 0xCB, 0xE9,
+ 0x97, 0x70, 0xC5, 0xC3, 0x85, 0xB5, 0x51, 0xA5, 0x8B, 0x39,
+ 0xA8, 0xEA, 0x47, 0xD3, 0xD5, 0x11, 0xC0, 0x6D, 0xE3, 0xE3,
+ 0x9E, 0x00, 0x4C, 0x65, 0x41, 0x9B, 0xF6, 0xD0, 0xAC, 0x26,
+ 0x88, 0x01, 0xFC, 0x3C, 0x26, 0x5F, 0x67, 0xF7, 0x77, 0xD7,
+ 0xAC, 0xC5, 0xCA, 0xBB, 0xD8, 0x70, 0x58, 0x41, 0xF5, 0xF1,
+ 0x21, 0x3B, 0x15, 0xD5, 0x31, 0xF2, 0xC4, 0x8E, 0x0C, 0x38,
+ 0x01, 0x93, 0xD3, 0x64, 0x63, 0x57, 0xDC, 0x31, 0xE5, 0xFD,
+ 0x9C, 0x2B, 0xA6, 0xDE, 0x15, 0xB2, 0xC8, 0x8D, 0x65, 0x71,
+ 0x2E, 0xED, 0xF9, 0x1D, 0x2D, 0xA1, 0x17, 0xDD, 0xA3, 0xDA,
+ 0xF3, 0x10, 0x81, 0x40, 0xFA, 0x4F, 0x49, 0xB0, 0xDA, 0x16,
+ 0x64, 0xBE, 0x6F, 0xC5, 0x05, 0xCE, 0xC4, 0x4F, 0x67, 0x80,
+ 0xB3, 0x8A, 0x81, 0x17, 0xEB, 0xF9, 0x6F, 0x6D, 0x9F, 0x7F,
+ 0xDE, 0xEE, 0x08, 0xB8, 0xFA, 0x81, 0x68, 0x66, 0xD6, 0xC6,
+ 0x08, 0x50, 0xAB, 0xF0, 0x29, 0xDE, 0x6B, 0x1D, 0x50, 0x13,
+ 0x7F, 0x54, 0x31, 0x53, 0x89, 0x5F, 0x48, 0x72, 0x24, 0xD4,
+ 0xD2, 0x1D, 0x27, 0x7D, 0x74, 0xCF, 0x51, 0x17, 0xF0, 0xC5,
+ 0x6D, 0x3C, 0x3D, 0x6D, 0x0A, 0x8B, 0xDB, 0xEF, 0x02, 0xD8,
+ 0xC3, 0xCB, 0xCA, 0x21, 0xCA, 0xD6, 0x9C, 0x18, 0x9E, 0x92,
+ 0xBE, 0x6E, 0xE2, 0x16, 0x5E, 0x89, 0x9B, 0xAD, 0xD4, 0x04,
+ 0x5A, 0x24, 0x5A, 0x3F, 0x7C, 0x12, 0xAC, 0xB4, 0x71, 0x51,
+ 0x25, 0x58, 0x74, 0xE4, 0xB2, 0xD4, 0x45, 0xFC, 0x5F, 0xCD,
+ 0x81, 0x8F, 0xE7, 0x96, 0x18, 0xD9, 0xE0, 0x97, 0x08, 0x45,
+ 0x36, 0xC3
+};
+static const int sizeof_dh_pub_key_der_2048 = sizeof(dh_pub_key_der_2048);
+
+/* ./certs/dsa-pubkey-2048.der, 2048-bit */
+static const unsigned char dsa_pub_key_der_2048[] =
+{
+ 0x30, 0x82, 0x03, 0x47, 0x30, 0x82, 0x02, 0x39, 0x06, 0x07,
+ 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01, 0x30, 0x82, 0x02,
+ 0x2C, 0x02, 0x82, 0x01, 0x01, 0x00, 0xEB, 0x7E, 0x2C, 0x97,
+ 0x36, 0x67, 0x0E, 0x73, 0x9A, 0xAC, 0xFD, 0xB1, 0x19, 0x03,
+ 0x52, 0x61, 0x25, 0x12, 0xB2, 0x37, 0x3D, 0xEA, 0xCA, 0x80,
+ 0x07, 0x5D, 0x2D, 0x33, 0xA2, 0x4E, 0x6B, 0xB7, 0x62, 0xF8,
+ 0x87, 0x4D, 0x4B, 0x20, 0xDA, 0xEA, 0x6A, 0x96, 0x13, 0xB7,
+ 0xB9, 0x49, 0xC0, 0x86, 0x14, 0x71, 0xCD, 0x8C, 0x60, 0x61,
+ 0x94, 0x71, 0x89, 0x95, 0x1A, 0x0F, 0x38, 0xCC, 0x9C, 0x1F,
+ 0x20, 0xE5, 0xD0, 0x65, 0x75, 0xCD, 0xFE, 0x24, 0x29, 0xE6,
+ 0x60, 0x97, 0x74, 0xEC, 0x4C, 0x42, 0xE8, 0xBA, 0xE9, 0xC2,
+ 0xF7, 0xCB, 0x9B, 0xEA, 0x55, 0xD8, 0x40, 0x50, 0x2E, 0xCF,
+ 0xCD, 0x41, 0x01, 0xA9, 0xE5, 0x29, 0xCA, 0xC3, 0x36, 0x58,
+ 0x7E, 0x2E, 0x11, 0x96, 0x87, 0xC6, 0xFA, 0xE1, 0x27, 0x53,
+ 0x3D, 0x60, 0x93, 0x7B, 0xAD, 0xEE, 0xE7, 0xD4, 0xDC, 0xD6,
+ 0x03, 0x16, 0x92, 0xD4, 0x51, 0x0C, 0xFD, 0xA9, 0x01, 0x3E,
+ 0x6E, 0x27, 0x67, 0x6E, 0x9F, 0x29, 0x63, 0xFD, 0x51, 0x82,
+ 0x79, 0x83, 0x2B, 0xCB, 0x12, 0xCD, 0x50, 0x92, 0xAC, 0x16,
+ 0xC9, 0xEA, 0x9E, 0x68, 0x9E, 0x4B, 0xE1, 0x63, 0xB4, 0x80,
+ 0xE4, 0xDF, 0x75, 0xBC, 0x27, 0xD1, 0x76, 0x03, 0x48, 0x98,
+ 0x1D, 0xE3, 0x29, 0x8A, 0x99, 0x59, 0xF3, 0x75, 0x5B, 0xD9,
+ 0xAC, 0x59, 0x11, 0x52, 0x2F, 0xE0, 0x91, 0x55, 0xB0, 0xF2,
+ 0x5F, 0x0A, 0xF8, 0xD2, 0x7A, 0xDD, 0x8D, 0xE9, 0x92, 0xE2,
+ 0xF3, 0xF7, 0x4A, 0xB1, 0x50, 0xD7, 0xFE, 0x07, 0x8D, 0x27,
+ 0x7D, 0x08, 0x6F, 0x08, 0x7E, 0x25, 0x19, 0x0D, 0xDE, 0x11,
+ 0xD1, 0x63, 0x31, 0x84, 0x18, 0x25, 0xBE, 0x7D, 0x64, 0x77,
+ 0xDB, 0x4A, 0x20, 0xC5, 0x51, 0x75, 0xD8, 0xB1, 0x1B, 0xDF,
+ 0x91, 0x7F, 0xFC, 0x74, 0xBA, 0x9D, 0xD1, 0xFA, 0x8D, 0xBD,
+ 0x59, 0xFD, 0x02, 0x21, 0x00, 0xFA, 0xF7, 0x62, 0x9A, 0x62,
+ 0x19, 0x64, 0x6D, 0xC1, 0xF3, 0xC0, 0x9B, 0xAC, 0x90, 0x28,
+ 0xEA, 0xA1, 0x83, 0xF9, 0xC8, 0xED, 0x31, 0xEE, 0x33, 0x1D,
+ 0x35, 0x22, 0x00, 0x2B, 0x12, 0x84, 0xFF, 0x02, 0x82, 0x01,
+ 0x00, 0x73, 0xC9, 0xED, 0x1F, 0xBC, 0xC7, 0xC4, 0xEF, 0x46,
+ 0x03, 0xD1, 0x72, 0xC3, 0xE5, 0x29, 0xB0, 0x9A, 0x95, 0x13,
+ 0x5B, 0x4E, 0x59, 0x57, 0x0F, 0x80, 0xEB, 0x74, 0x87, 0x11,
+ 0x1B, 0xC8, 0x11, 0xB6, 0x97, 0x4C, 0x48, 0x50, 0x3A, 0xB8,
+ 0x2C, 0x28, 0xF3, 0xB0, 0x9C, 0x7C, 0x3D, 0xFF, 0x8B, 0x43,
+ 0x43, 0x30, 0x85, 0x5F, 0x97, 0xD2, 0x68, 0x85, 0x35, 0x2E,
+ 0xD4, 0x61, 0xF6, 0x3E, 0x05, 0xEC, 0xCD, 0x60, 0x13, 0xE2,
+ 0x16, 0x02, 0x7C, 0x8B, 0x21, 0xCE, 0x36, 0x71, 0xC4, 0xED,
+ 0x0B, 0x47, 0x76, 0x83, 0x23, 0x2F, 0x98, 0xA4, 0x84, 0x98,
+ 0x9C, 0xFB, 0xD0, 0xA8, 0xD9, 0xB9, 0xE3, 0xD7, 0x32, 0xD9,
+ 0xB5, 0x9E, 0x82, 0x93, 0xD0, 0x55, 0x74, 0x5F, 0xDA, 0x87,
+ 0x91, 0x90, 0x0F, 0x85, 0x74, 0x1A, 0x32, 0x76, 0x4F, 0xCC,
+ 0x2A, 0x18, 0x11, 0x5B, 0xB4, 0x78, 0x93, 0xB6, 0xE5, 0xF0,
+ 0xC6, 0x71, 0xE8, 0xD7, 0x31, 0x19, 0x91, 0x27, 0x71, 0x5A,
+ 0x02, 0x1A, 0x1A, 0x3A, 0x55, 0x95, 0xFF, 0xF8, 0xED, 0xD3,
+ 0xE1, 0xAE, 0x8A, 0x1D, 0xFF, 0x53, 0x63, 0x79, 0x13, 0xA1,
+ 0xAD, 0x0A, 0x68, 0x67, 0x43, 0xB2, 0x5B, 0xD5, 0x36, 0xD4,
+ 0x84, 0xD0, 0xCD, 0x34, 0x82, 0x84, 0xA4, 0x89, 0xAE, 0xA1,
+ 0x66, 0x57, 0x89, 0x6F, 0xDC, 0x0C, 0x3B, 0x48, 0x14, 0x7C,
+ 0xCC, 0x63, 0x7C, 0x83, 0x93, 0x55, 0x7D, 0xB4, 0xF3, 0x34,
+ 0x66, 0x72, 0x85, 0xF5, 0x8D, 0xEF, 0x90, 0x1A, 0x66, 0xF8,
+ 0x3B, 0xC6, 0xA4, 0x59, 0xB8, 0x25, 0x4E, 0x5D, 0x84, 0xED,
+ 0x7C, 0x1C, 0xDD, 0x35, 0xA6, 0xBA, 0xED, 0x3B, 0xD6, 0x49,
+ 0xE6, 0x5A, 0xD1, 0xF8, 0xEA, 0x96, 0x75, 0x92, 0xCF, 0x05,
+ 0x52, 0x05, 0x3D, 0x78, 0x09, 0xCF, 0xCD, 0xE2, 0x1A, 0x99,
+ 0xEB, 0x5E, 0xFA, 0x27, 0x73, 0x89, 0x15, 0x03, 0x82, 0x01,
+ 0x06, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC2, 0x35, 0x2D,
+ 0xEC, 0x83, 0x83, 0x6C, 0x73, 0x13, 0x9E, 0x52, 0x7C, 0x74,
+ 0xC8, 0x7B, 0xEE, 0xDF, 0x39, 0xC0, 0x33, 0xCD, 0x9F, 0xB2,
+ 0x22, 0x64, 0x9F, 0xC5, 0xE9, 0xFF, 0xF7, 0x09, 0x47, 0x79,
+ 0x13, 0x96, 0x77, 0x25, 0xF3, 0x5D, 0xAA, 0x9F, 0x97, 0x67,
+ 0x62, 0xBC, 0x94, 0x1D, 0xAE, 0x22, 0x7E, 0x08, 0x03, 0xBD,
+ 0x7E, 0x34, 0x29, 0xCB, 0x62, 0xB7, 0x82, 0x1D, 0xE2, 0xFA,
+ 0x05, 0xC6, 0xC1, 0x68, 0xE7, 0x01, 0x27, 0x63, 0x51, 0x3E,
+ 0x37, 0x59, 0x42, 0x92, 0x4F, 0x99, 0x60, 0xFD, 0x63, 0x94,
+ 0xB7, 0xD0, 0xEE, 0xC1, 0xA0, 0xA5, 0x01, 0x74, 0x4D, 0x0E,
+ 0x14, 0xB2, 0xE2, 0x2C, 0xE7, 0x82, 0x0A, 0x23, 0xC7, 0x39,
+ 0x45, 0x40, 0xE9, 0xE9, 0x9D, 0x36, 0xE0, 0x52, 0x03, 0x99,
+ 0xDC, 0x87, 0x7D, 0x6A, 0x90, 0xE4, 0xDD, 0xA9, 0xC2, 0x57,
+ 0x90, 0xD6, 0xCA, 0xB4, 0x15, 0x80, 0xEE, 0x00, 0xCB, 0x2A,
+ 0xC9, 0x59, 0x4C, 0xA7, 0x7D, 0x33, 0x0A, 0x3E, 0x4A, 0x76,
+ 0xEA, 0x27, 0x89, 0xD8, 0x1A, 0xEA, 0x7E, 0xDB, 0x13, 0x92,
+ 0x93, 0x6A, 0x57, 0x9B, 0x33, 0xFD, 0xCE, 0x09, 0x0A, 0xB0,
+ 0x35, 0x24, 0xE4, 0x7D, 0xD8, 0x9D, 0xFF, 0x80, 0x65, 0x0F,
+ 0x61, 0xF7, 0xF7, 0xED, 0x8B, 0xD5, 0x8F, 0xBF, 0xB3, 0x22,
+ 0x20, 0x39, 0x89, 0x83, 0xB8, 0x83, 0x96, 0x32, 0x20, 0xAD,
+ 0xA1, 0x5D, 0x73, 0x8F, 0xE3, 0x27, 0xD9, 0x5D, 0xDB, 0x00,
+ 0x27, 0xF2, 0xBE, 0x89, 0x13, 0xE2, 0x97, 0x79, 0x10, 0x27,
+ 0x3D, 0xD8, 0x05, 0x96, 0x59, 0x6E, 0xA0, 0xC1, 0x6F, 0x99,
+ 0x4F, 0x28, 0xFA, 0xA6, 0x0B, 0x5C, 0x16, 0xEE, 0xB0, 0x98,
+ 0x8A, 0x06, 0x4A, 0xB0, 0x02, 0x2A, 0x6D, 0xCC, 0xE2, 0xC8,
+ 0x11, 0xF9, 0x1B, 0xF1, 0x3C, 0x68, 0xDF, 0xC2, 0xF4, 0x98,
+ 0x5F, 0x6C, 0xC8
+};
+static const int sizeof_dsa_pub_key_der_2048 = sizeof(dsa_pub_key_der_2048);
+
+/* ./certs/dsa2048.der, 2048-bit */
+static const unsigned char dsa_key_der_2048[] =
+{
+ 0x30, 0x82, 0x03, 0x3F, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xCC, 0x8E, 0xC9, 0xA0, 0xD5, 0x9A, 0x27, 0x1C,
+ 0xDA, 0x52, 0xDF, 0xC7, 0xC0, 0xE6, 0x06, 0xA4, 0x3E, 0x8A,
+ 0x66, 0x49, 0xD0, 0x59, 0x33, 0x51, 0x69, 0xC4, 0x9C, 0x5E,
+ 0x64, 0x85, 0xC7, 0xF1, 0xAB, 0xD5, 0xD9, 0x62, 0xAC, 0xFD,
+ 0xA1, 0xE0, 0x1B, 0x57, 0xFF, 0x96, 0xEF, 0x0C, 0x9F, 0xC8,
+ 0x44, 0x87, 0xEB, 0x5C, 0x91, 0xD0, 0x46, 0x42, 0x09, 0x50,
+ 0x6A, 0x23, 0xCB, 0x89, 0x6F, 0x55, 0xE9, 0x6A, 0x11, 0xA9,
+ 0xA8, 0x32, 0xAB, 0x33, 0x0D, 0x51, 0xB5, 0x79, 0x51, 0xB4,
+ 0xAB, 0xA2, 0x25, 0x11, 0x8D, 0xE5, 0x24, 0xBE, 0xD8, 0xF1,
+ 0x9D, 0x4E, 0x12, 0x6F, 0xAC, 0x44, 0x54, 0x80, 0xA9, 0xB4,
+ 0x81, 0x68, 0x4E, 0x44, 0x0E, 0xB8, 0x39, 0xF3, 0xBE, 0x83,
+ 0x08, 0x74, 0xA2, 0xC6, 0x7A, 0xD7, 0x6A, 0x7D, 0x0A, 0x88,
+ 0x57, 0x83, 0x48, 0xDC, 0xCF, 0x5E, 0x6F, 0xEE, 0x68, 0x0C,
+ 0xF7, 0xFF, 0x03, 0x04, 0x90, 0xAA, 0xF7, 0x07, 0x98, 0xF8,
+ 0x67, 0x5A, 0x83, 0x23, 0x66, 0x47, 0x60, 0xC3, 0x43, 0x6E,
+ 0x03, 0x91, 0xAC, 0x28, 0x66, 0xCB, 0xF0, 0xD3, 0x05, 0xC8,
+ 0x09, 0x97, 0xB5, 0xAE, 0x01, 0x5E, 0x80, 0x3B, 0x9D, 0x4F,
+ 0xDE, 0x3E, 0x94, 0xFE, 0xCB, 0x82, 0xB0, 0xB1, 0xFC, 0x91,
+ 0x8B, 0x1D, 0x8A, 0xEE, 0xC6, 0x06, 0x1F, 0x37, 0x91, 0x48,
+ 0xD2, 0xF8, 0x6C, 0x5D, 0x60, 0x13, 0x83, 0xA7, 0x81, 0xAC,
+ 0xCA, 0x8D, 0xD0, 0x6A, 0x04, 0x0A, 0xEA, 0x3E, 0x22, 0x4E,
+ 0x13, 0xF1, 0x0D, 0xBB, 0x60, 0x6B, 0xCD, 0xBC, 0x5C, 0x87,
+ 0xA3, 0x67, 0x2B, 0x42, 0xA1, 0x9F, 0xCD, 0x39, 0x58, 0xBE,
+ 0x55, 0xB1, 0x93, 0x84, 0xCE, 0xB2, 0x10, 0x4E, 0xE4, 0xC3,
+ 0x9F, 0xB2, 0x53, 0x61, 0x01, 0x29, 0xAA, 0x96, 0xCB, 0x20,
+ 0x60, 0x42, 0x1D, 0xBA, 0x75, 0x4B, 0x63, 0xC1, 0x02, 0x15,
+ 0x00, 0xE7, 0xA5, 0x39, 0xD4, 0x6A, 0x37, 0x5E, 0x95, 0x06,
+ 0x39, 0x07, 0x77, 0x0A, 0xEB, 0xA0, 0x03, 0xEB, 0x78, 0x82,
+ 0x9B, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD4, 0x4C, 0x71,
+ 0x2F, 0xEC, 0xFA, 0x32, 0xB2, 0x80, 0x7E, 0x61, 0x4A, 0x6B,
+ 0x5F, 0x18, 0x76, 0x43, 0xC3, 0x69, 0xBA, 0x41, 0xC7, 0xA7,
+ 0x1D, 0x79, 0x01, 0xEC, 0xAF, 0x34, 0x87, 0x67, 0x4F, 0x29,
+ 0x80, 0xA8, 0x3B, 0x87, 0xF6, 0xE8, 0xA1, 0xE8, 0xCD, 0x1B,
+ 0x1C, 0x86, 0x38, 0xF6, 0xD1, 0x0C, 0x46, 0x2E, 0xC8, 0xE0,
+ 0xC9, 0x30, 0x26, 0xD5, 0x2C, 0x7F, 0xC1, 0x08, 0xBF, 0xCC,
+ 0x5A, 0x82, 0x8E, 0xD4, 0xD4, 0x49, 0xAA, 0xA2, 0xFA, 0xE6,
+ 0xC1, 0x9D, 0xF0, 0xD9, 0x96, 0xB0, 0xFF, 0x0C, 0x5B, 0x33,
+ 0x8E, 0x06, 0xDD, 0x9D, 0x28, 0xA9, 0xE9, 0x80, 0x41, 0x3B,
+ 0xD8, 0x7A, 0x94, 0x21, 0x8F, 0x56, 0xF1, 0xA2, 0xB4, 0x2B,
+ 0x89, 0x1C, 0x74, 0xFF, 0x7E, 0x91, 0xDC, 0x1F, 0x91, 0x13,
+ 0x98, 0xAF, 0xC7, 0x06, 0xD2, 0x4C, 0x90, 0xA2, 0xBD, 0xDA,
+ 0x16, 0xBA, 0x65, 0xB0, 0x2D, 0x68, 0x87, 0x3C, 0x6E, 0x25,
+ 0x8D, 0x90, 0xC7, 0xBC, 0x0D, 0xA9, 0x43, 0x03, 0xC9, 0xBE,
+ 0xCF, 0x85, 0x6F, 0xDB, 0x07, 0x7B, 0x8C, 0xF8, 0xB1, 0xC2,
+ 0x49, 0x10, 0x69, 0x63, 0x56, 0x37, 0xC5, 0x30, 0xD2, 0xFB,
+ 0x71, 0x9A, 0xE8, 0x82, 0x07, 0x2E, 0x3E, 0x95, 0x50, 0xF3,
+ 0x73, 0xCF, 0x34, 0x5B, 0xD5, 0xAB, 0x02, 0x15, 0xF2, 0xCC,
+ 0xD7, 0x52, 0xC5, 0x28, 0xD8, 0x41, 0x19, 0x55, 0x6F, 0xB8,
+ 0x5F, 0xF1, 0x99, 0xB3, 0xC7, 0xD9, 0xB3, 0x71, 0xF4, 0x2D,
+ 0xDF, 0x22, 0x59, 0x35, 0x86, 0xDB, 0x39, 0xCA, 0x1B, 0x4D,
+ 0x35, 0x90, 0x19, 0x6B, 0x31, 0xE3, 0xC8, 0xC6, 0x09, 0xBF,
+ 0x7C, 0xED, 0x01, 0xB4, 0xB2, 0xF5, 0x6E, 0xDA, 0x63, 0x41,
+ 0x3C, 0xE6, 0x3A, 0x72, 0x2D, 0x65, 0x48, 0xF6, 0x07, 0xCD,
+ 0x92, 0x84, 0x8B, 0x1D, 0xA7, 0x31, 0x6B, 0xD6, 0xF0, 0xFB,
+ 0xD9, 0xF4, 0x02, 0x82, 0x01, 0x00, 0x66, 0x4B, 0xBB, 0xB7,
+ 0xC9, 0x48, 0x95, 0x0D, 0x5A, 0xA6, 0x2D, 0xA1, 0x7F, 0xDF,
+ 0x1F, 0x67, 0x6D, 0xED, 0x52, 0x4B, 0x16, 0x6C, 0x17, 0xC6,
+ 0xAE, 0xF8, 0x6A, 0xC4, 0x57, 0xED, 0x2F, 0xB3, 0xF0, 0x2A,
+ 0x55, 0xAB, 0xBA, 0xCA, 0xEA, 0x17, 0xE8, 0x35, 0x7C, 0xE5,
+ 0x31, 0x0D, 0x4A, 0x95, 0xFC, 0x43, 0x6F, 0x97, 0x3C, 0x5C,
+ 0x67, 0xAC, 0xBE, 0x67, 0x7F, 0xE9, 0x4E, 0xAA, 0x48, 0xB3,
+ 0x92, 0xA1, 0x76, 0x75, 0xEA, 0x04, 0x34, 0x7F, 0x87, 0x33,
+ 0x2D, 0x24, 0xB6, 0x29, 0x97, 0xE3, 0x04, 0x77, 0x93, 0x89,
+ 0x13, 0xDB, 0x1B, 0x93, 0xB8, 0x2C, 0x90, 0x1A, 0x09, 0x3B,
+ 0x26, 0xD9, 0x59, 0xF3, 0x2A, 0x09, 0x58, 0xDC, 0xAC, 0x25,
+ 0xB4, 0xA9, 0x45, 0x3B, 0xA2, 0x3A, 0x6C, 0x61, 0x84, 0xBF,
+ 0x68, 0xD4, 0xEA, 0x9B, 0xC5, 0x29, 0x48, 0x60, 0x15, 0x10,
+ 0x35, 0x2C, 0x44, 0x1D, 0xB5, 0x9A, 0xEE, 0xAC, 0xC1, 0x68,
+ 0xE8, 0x47, 0xB7, 0x41, 0x34, 0x39, 0x9A, 0xF8, 0xA5, 0x20,
+ 0xE9, 0x24, 0xC4, 0x2C, 0x58, 0x3F, 0x4C, 0x41, 0x30, 0x3A,
+ 0x14, 0x6E, 0x8D, 0xEA, 0xAD, 0xBA, 0x9B, 0x43, 0xD3, 0x98,
+ 0x2F, 0x83, 0xD8, 0x14, 0x67, 0xE8, 0xF8, 0xD5, 0x4F, 0xAC,
+ 0xE0, 0x3B, 0xBF, 0xA7, 0x54, 0x16, 0x5E, 0x49, 0x64, 0x26,
+ 0x54, 0xA4, 0x6B, 0x69, 0x7C, 0xBA, 0x8A, 0x83, 0xD9, 0x2E,
+ 0x65, 0x0A, 0xA2, 0x27, 0xEF, 0x99, 0x99, 0x08, 0xD7, 0xB5,
+ 0x9F, 0xA0, 0x01, 0xEF, 0x7E, 0x17, 0xBF, 0x83, 0x6B, 0x2E,
+ 0xDD, 0xC0, 0x39, 0x38, 0x23, 0x68, 0xB4, 0x76, 0x6B, 0xE5,
+ 0xCA, 0xF7, 0x7C, 0xEE, 0xC0, 0x52, 0xE2, 0xDD, 0xAD, 0x59,
+ 0x3A, 0x42, 0x06, 0x45, 0xB0, 0xC7, 0xC1, 0x77, 0x05, 0xB2,
+ 0x0C, 0x32, 0x40, 0x46, 0xAA, 0xDA, 0x79, 0x77, 0x04, 0x71,
+ 0xDF, 0x7A, 0x02, 0x15, 0x00, 0x98, 0xEE, 0xB9, 0x51, 0x37,
+ 0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9,
+ 0x00, 0xCB, 0x62, 0x6D, 0x9A
+};
+static const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048);
+
+/* ./certs/rsa2048.der, 2048-bit */
+static const unsigned char rsa_key_der_2048[] =
+{
+ 0x30, 0x82, 0x04, 0xA3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xE9, 0x8A, 0x5D, 0x15, 0xA4, 0xD4, 0x34, 0xB9,
+ 0x59, 0xA2, 0xDA, 0xAF, 0x74, 0xC8, 0xC9, 0x03, 0x26, 0x38,
+ 0xFA, 0x48, 0xFC, 0x4D, 0x30, 0x6E, 0xEA, 0x76, 0x89, 0xCE,
+ 0x4F, 0xF6, 0x87, 0xDE, 0x32, 0x3A, 0x46, 0x6E, 0x38, 0x12,
+ 0x58, 0x37, 0x22, 0x0D, 0x80, 0xAC, 0x2D, 0xAF, 0x2F, 0x12,
+ 0x3E, 0x62, 0x73, 0x60, 0x66, 0x68, 0x90, 0xB2, 0x6F, 0x47,
+ 0x17, 0x04, 0x2B, 0xCA, 0xB7, 0x26, 0xB7, 0x10, 0xC2, 0x13,
+ 0xF9, 0x7A, 0x62, 0x0A, 0x93, 0x32, 0x90, 0x42, 0x0D, 0x16,
+ 0x2E, 0xFA, 0xD7, 0x29, 0xD7, 0x9F, 0x54, 0xE4, 0xFC, 0x65,
+ 0x74, 0xF8, 0xF6, 0x43, 0x6B, 0x4E, 0x9E, 0x34, 0x7F, 0xCB,
+ 0x6B, 0x1C, 0x1A, 0xDE, 0x82, 0x81, 0xBF, 0x08, 0x5D, 0x3F,
+ 0xC0, 0xB6, 0xB1, 0xA8, 0xA5, 0x9C, 0x81, 0x70, 0xA7, 0x4E,
+ 0x32, 0x87, 0x15, 0x1C, 0x78, 0x0E, 0xF0, 0x18, 0xFE, 0xEB,
+ 0x4B, 0x37, 0x2B, 0xE9, 0xE1, 0xF7, 0xFA, 0x51, 0xC6, 0x58,
+ 0xB9, 0xD8, 0x06, 0x03, 0xED, 0xC0, 0x03, 0x18, 0x55, 0x8B,
+ 0x98, 0xFE, 0xB1, 0xF6, 0xD0, 0x3D, 0xFA, 0x63, 0xC0, 0x38,
+ 0x19, 0xC7, 0x00, 0xEF, 0x4D, 0x99, 0x60, 0xB4, 0xBA, 0xCE,
+ 0xE3, 0xCE, 0xD9, 0x6B, 0x2D, 0x76, 0x94, 0xFF, 0xFB, 0x77,
+ 0x18, 0x4A, 0xFE, 0x65, 0xF0, 0x0A, 0x91, 0x5C, 0x3B, 0x22,
+ 0x94, 0x85, 0xD0, 0x20, 0x18, 0x59, 0x2E, 0xA5, 0x33, 0x03,
+ 0xAC, 0x1B, 0x5F, 0x78, 0x32, 0x11, 0x25, 0xEE, 0x7F, 0x96,
+ 0x21, 0xA9, 0xD6, 0x76, 0x97, 0x8D, 0x66, 0x7E, 0xB2, 0x91,
+ 0xD0, 0x36, 0x2E, 0xA3, 0x1D, 0xBF, 0xF1, 0x85, 0xED, 0xC0,
+ 0x3E, 0x60, 0xB8, 0x5A, 0x9F, 0xAB, 0x80, 0xE0, 0xEA, 0x5D,
+ 0x5F, 0x75, 0x56, 0xC7, 0x4D, 0x51, 0x8E, 0xD4, 0x1F, 0x34,
+ 0xA6, 0x36, 0xF1, 0x30, 0x1F, 0x51, 0x99, 0x2F, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x52, 0x11, 0x33,
+ 0x40, 0xC5, 0xD9, 0x64, 0x65, 0xB5, 0xE0, 0x0A, 0xA5, 0x19,
+ 0x8E, 0xED, 0x44, 0x54, 0x0C, 0x35, 0xB7, 0xAC, 0x21, 0x9B,
+ 0xE1, 0x7E, 0x37, 0x05, 0x9A, 0x20, 0x73, 0x6B, 0xAF, 0x63,
+ 0x4B, 0x23, 0x30, 0xDC, 0x37, 0x66, 0x14, 0x89, 0xBC, 0xE0,
+ 0xF8, 0xA0, 0x5D, 0x2D, 0x57, 0x65, 0xE0, 0xC6, 0xD6, 0x9B,
+ 0x66, 0x27, 0x62, 0xEC, 0xC3, 0xB8, 0x8C, 0xD8, 0xAE, 0xB5,
+ 0xC9, 0xBF, 0x0E, 0xFE, 0x84, 0x72, 0x68, 0xD5, 0x47, 0x0E,
+ 0x0E, 0xF8, 0xAE, 0x9D, 0x56, 0xAC, 0x4F, 0xAD, 0x88, 0xA0,
+ 0xA2, 0xF6, 0xFC, 0x38, 0xCD, 0x96, 0x5B, 0x5E, 0x7E, 0xB6,
+ 0x98, 0xBB, 0xF3, 0x8A, 0xEC, 0xFA, 0xC8, 0xB7, 0x90, 0x75,
+ 0xA0, 0x0E, 0x77, 0x6B, 0xFD, 0x59, 0x45, 0x5A, 0x0C, 0xFF,
+ 0x95, 0x8D, 0xCE, 0xFE, 0x9B, 0xF6, 0x19, 0x8E, 0x0B, 0xA1,
+ 0x0C, 0xEE, 0xC6, 0x79, 0xDD, 0x9D, 0x61, 0x85, 0x5C, 0x19,
+ 0x6C, 0x47, 0xCC, 0x08, 0xFF, 0xA5, 0x62, 0xDB, 0xE4, 0x2D,
+ 0x2D, 0xDD, 0x14, 0x67, 0xD6, 0x4A, 0x64, 0x2A, 0x66, 0x49,
+ 0x54, 0x9C, 0xE3, 0x85, 0x18, 0xE7, 0x31, 0x42, 0xE2, 0xD0,
+ 0x2C, 0x20, 0xA0, 0x74, 0x0F, 0x1F, 0x20, 0x89, 0xBA, 0xAB,
+ 0x80, 0xD8, 0x38, 0xD9, 0x46, 0x69, 0xBB, 0xEF, 0xCC, 0x8B,
+ 0xA1, 0x73, 0xA7, 0xF2, 0xE4, 0x38, 0x5D, 0xD6, 0x75, 0x9F,
+ 0x88, 0x0E, 0x56, 0xCD, 0xD8, 0x84, 0x59, 0x29, 0x73, 0xF5,
+ 0xA1, 0x79, 0xDA, 0x7A, 0x1F, 0xBF, 0x73, 0x83, 0xC0, 0x6D,
+ 0x9F, 0x8B, 0x34, 0x15, 0xC0, 0x6D, 0x69, 0x6A, 0x20, 0xE6,
+ 0x51, 0xCF, 0x45, 0x6E, 0xCC, 0x05, 0xC4, 0x3A, 0xC0, 0x9E,
+ 0xAA, 0xC1, 0x06, 0x2F, 0xAB, 0x99, 0x30, 0xE1, 0x6E, 0x9D,
+ 0x45, 0x7A, 0xFF, 0xA9, 0xCE, 0x70, 0xB8, 0x16, 0x1A, 0x0E,
+ 0x20, 0xFA, 0xC1, 0x02, 0x81, 0x81, 0x00, 0xFF, 0x30, 0x11,
+ 0xC2, 0x3C, 0x6B, 0xB4, 0xD6, 0x9E, 0x6B, 0xC1, 0x93, 0xD1,
+ 0x48, 0xCE, 0x80, 0x2D, 0xBE, 0xAF, 0xF7, 0xBA, 0xB2, 0xD7,
+ 0xC3, 0xC4, 0x53, 0x6E, 0x15, 0x02, 0xAA, 0x61, 0xB9, 0xEA,
+ 0x05, 0x9B, 0x79, 0x67, 0x0B, 0xCE, 0xD9, 0xFB, 0x98, 0x8C,
+ 0x1D, 0x6B, 0xF4, 0x5A, 0xA7, 0xA0, 0x5E, 0x54, 0x18, 0xE9,
+ 0x31, 0x44, 0x7C, 0xC7, 0x52, 0xD8, 0x6D, 0xA0, 0x3E, 0xD6,
+ 0x14, 0x2D, 0x7B, 0x15, 0x9D, 0x1E, 0x39, 0x87, 0x96, 0xDD,
+ 0xA8, 0x33, 0x55, 0x2A, 0x8E, 0x32, 0xC0, 0xC4, 0xE5, 0xB8,
+ 0xCB, 0xCD, 0x32, 0x8D, 0xAD, 0x7B, 0xE5, 0xC6, 0x7E, 0x4D,
+ 0x6F, 0xF3, 0xA4, 0xC5, 0xA6, 0x40, 0xBE, 0x90, 0x3A, 0x33,
+ 0x6A, 0x24, 0xB2, 0x80, 0x81, 0x12, 0xAC, 0xE3, 0x7B, 0x26,
+ 0x63, 0xCF, 0x88, 0xB9, 0xFF, 0x74, 0x23, 0x37, 0x52, 0xF0,
+ 0xC4, 0x27, 0x5D, 0x45, 0x1F, 0x02, 0x81, 0x81, 0x00, 0xEA,
+ 0x48, 0xA7, 0xDD, 0x73, 0x41, 0x56, 0x21, 0x15, 0xF7, 0x42,
+ 0x45, 0x4D, 0xA9, 0xE1, 0x66, 0x5B, 0xBD, 0x25, 0x7D, 0xF7,
+ 0xA8, 0x65, 0x13, 0xAE, 0x2D, 0x38, 0x11, 0xCD, 0x93, 0xFC,
+ 0x30, 0xA3, 0x2C, 0x44, 0xBB, 0xCF, 0xD0, 0x21, 0x8F, 0xFB,
+ 0xC1, 0xF9, 0xAD, 0x1D, 0xEE, 0x96, 0xCF, 0x97, 0x49, 0x60,
+ 0x53, 0x80, 0xA5, 0xA2, 0xF8, 0xEE, 0xB9, 0xD5, 0x77, 0x44,
+ 0xDD, 0xFD, 0x19, 0x2A, 0xF1, 0x81, 0xF4, 0xD9, 0x3C, 0xEC,
+ 0x73, 0xD0, 0x2A, 0xD8, 0x3C, 0x27, 0x87, 0x79, 0x12, 0x86,
+ 0xE7, 0x57, 0x0C, 0x59, 0xD1, 0x44, 0x55, 0xAE, 0xC3, 0x4D,
+ 0x42, 0xAD, 0xA9, 0xB3, 0x28, 0x61, 0xB4, 0x9C, 0xA6, 0x63,
+ 0xD3, 0x96, 0xB1, 0x75, 0x9F, 0x2A, 0x78, 0x99, 0xE3, 0x1E,
+ 0x71, 0x47, 0x39, 0xF4, 0x52, 0xE3, 0x66, 0xF1, 0xEB, 0x7F,
+ 0xEF, 0xC6, 0x81, 0x93, 0x4C, 0x99, 0xF1, 0x02, 0x81, 0x81,
+ 0x00, 0xC5, 0xB6, 0x20, 0x8C, 0x34, 0xF3, 0xDD, 0xF0, 0x4A,
+ 0x5D, 0x82, 0x65, 0x5C, 0x48, 0xE4, 0x75, 0x3A, 0xFB, 0xFA,
+ 0xAA, 0x1C, 0xE4, 0x63, 0x77, 0x31, 0xAC, 0xD2, 0x25, 0x45,
+ 0x23, 0x6D, 0x03, 0xF5, 0xE4, 0xD2, 0x48, 0x85, 0x26, 0x08,
+ 0xE5, 0xAA, 0xA0, 0xCE, 0x2E, 0x1D, 0x6D, 0xFC, 0xAE, 0xD2,
+ 0xF9, 0x42, 0x7E, 0xEA, 0x6D, 0x59, 0x7A, 0xB3, 0x93, 0xE4,
+ 0x4B, 0x4B, 0x54, 0x63, 0xD8, 0xCE, 0x44, 0x06, 0xC2, 0xEC,
+ 0x9F, 0xF6, 0x05, 0x55, 0x46, 0xF4, 0x3E, 0x8F, 0xF2, 0x0C,
+ 0x30, 0x7E, 0x5C, 0xDD, 0x88, 0x49, 0x3B, 0x59, 0xB9, 0x87,
+ 0xBC, 0xC6, 0xC5, 0x24, 0x8A, 0x10, 0x63, 0x21, 0x1F, 0x66,
+ 0x1A, 0x3E, 0xF4, 0x58, 0xD1, 0x6C, 0x0D, 0x40, 0xB2, 0xC0,
+ 0x1D, 0x63, 0x42, 0x0E, 0xC4, 0x56, 0x0E, 0xC0, 0xCC, 0xC2,
+ 0xD6, 0x66, 0x0E, 0xC4, 0xAB, 0xB5, 0x33, 0xF6, 0x51, 0x02,
+ 0x81, 0x80, 0x19, 0x7E, 0xE6, 0xA5, 0xB6, 0xD1, 0x39, 0x6A,
+ 0x48, 0x55, 0xAC, 0x24, 0x96, 0x9B, 0x12, 0x28, 0x6D, 0x7B,
+ 0x5C, 0x05, 0x25, 0x5A, 0x72, 0x05, 0x7E, 0x42, 0xF5, 0x83,
+ 0x1A, 0x78, 0x2C, 0x4D, 0xAE, 0xB4, 0x36, 0x96, 0xA9, 0xBA,
+ 0xE0, 0xAC, 0x26, 0x9D, 0xA9, 0x6A, 0x29, 0x83, 0xB9, 0x6D,
+ 0xC5, 0xEC, 0xFA, 0x4A, 0x9C, 0x09, 0x6A, 0x7E, 0xE4, 0x9B,
+ 0xDC, 0x9B, 0x2A, 0x27, 0x6E, 0x4F, 0xBA, 0xD8, 0xA5, 0x67,
+ 0xDB, 0xEC, 0x41, 0x5F, 0x29, 0x1C, 0x40, 0x83, 0xEB, 0x59,
+ 0x56, 0xD7, 0xA9, 0x4E, 0xAB, 0xAE, 0x70, 0x67, 0xD1, 0xA3,
+ 0xF1, 0x6C, 0xD7, 0x8F, 0x96, 0x0E, 0x8D, 0xAC, 0xAB, 0x55,
+ 0x58, 0x66, 0xD3, 0x1E, 0x47, 0x9B, 0xF0, 0x4C, 0xED, 0xF6,
+ 0x49, 0xE8, 0xE9, 0x7B, 0x32, 0x61, 0x20, 0x31, 0x95, 0x05,
+ 0xB2, 0xF6, 0x09, 0xEA, 0x32, 0x14, 0x0F, 0xCF, 0x9A, 0x41,
+ 0x02, 0x81, 0x80, 0x77, 0x3F, 0xB6, 0x14, 0x8D, 0xC5, 0x13,
+ 0x08, 0x7E, 0xC9, 0xC4, 0xEA, 0xD4, 0xBA, 0x0D, 0xA4, 0x9E,
+ 0xB3, 0x6E, 0xDE, 0x1A, 0x7A, 0xF8, 0x89, 0x88, 0xEF, 0x36,
+ 0x3C, 0x11, 0xBC, 0x83, 0xE8, 0x30, 0x6C, 0x81, 0x7C, 0x47,
+ 0xF3, 0x4D, 0xCA, 0xEA, 0x56, 0x01, 0x62, 0x55, 0x2E, 0x4B,
+ 0x89, 0xA9, 0xBD, 0x6F, 0x01, 0xF6, 0x74, 0x02, 0xAA, 0xE3,
+ 0x84, 0x66, 0x06, 0x95, 0x34, 0xA1, 0xE2, 0xCA, 0x65, 0xFE,
+ 0xA3, 0x2D, 0x43, 0x97, 0x95, 0x6C, 0x6F, 0xD5, 0xB4, 0x38,
+ 0xF6, 0xF9, 0x95, 0x30, 0xFA, 0xF8, 0x9C, 0x25, 0x2B, 0xB6,
+ 0x14, 0x51, 0xCC, 0x2E, 0xB3, 0x5B, 0xD6, 0xDC, 0x1A, 0xEC,
+ 0x2D, 0x09, 0x5B, 0x3F, 0x3A, 0xD0, 0xB8, 0x4E, 0x27, 0x1F,
+ 0xDC, 0x2A, 0xEE, 0xAC, 0xA9, 0x59, 0x5D, 0x07, 0x63, 0x11,
+ 0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF,
+ 0x56
+};
+static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
+
+/* ./certs/ca-key.der, 2048-bit */
+static const unsigned char ca_key_der_2048[] =
+{
+ 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, 0x14, 0xB2, 0x1E, 0x84,
+ 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, 0xF2, 0x4D, 0x75, 0x10,
+ 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, 0x7D, 0x03, 0x98, 0xD3,
+ 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, 0xF1, 0xD8, 0xB0, 0x7D,
+ 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, 0x21, 0x4D, 0x80, 0xCB,
+ 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, 0x45, 0x7D, 0xC9, 0x72,
+ 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, 0x69, 0x52, 0x10, 0x03,
+ 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, 0x8B, 0x62, 0x56, 0x1B,
+ 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, 0x95, 0xAD, 0x0A, 0x9B,
+ 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, 0x76, 0x50, 0x30, 0x5B,
+ 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, 0xA7, 0xA2, 0x7A, 0x8D,
+ 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, 0xF2, 0x7C, 0x95, 0xB0,
+ 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, 0xCD, 0x77, 0x25, 0xEF,
+ 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, 0x3D, 0xCA, 0x63, 0x5B,
+ 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, 0x2F, 0x19, 0xD1, 0x3C,
+ 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, 0xC9, 0xE5, 0xC2, 0xD7,
+ 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, 0x73, 0x1B, 0x42, 0x2D,
+ 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, 0xAB, 0x7A, 0x36, 0x3F,
+ 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, 0xCE, 0x6A, 0x14, 0x38,
+ 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, 0xCB, 0x68, 0x7F, 0x71,
+ 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, 0x56, 0x2F, 0xA3, 0x26,
+ 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, 0xD7, 0x38, 0x99, 0x08,
+ 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, 0x13, 0x49, 0x08, 0x16,
+ 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4E,
+ 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC,
+ 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, 0x36, 0x79, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x3D, 0x6E, 0x4E,
+ 0x60, 0x1A, 0x84, 0x7F, 0x9D, 0x85, 0x7C, 0xE1, 0x4B, 0x07,
+ 0x7C, 0xE0, 0xD6, 0x99, 0x2A, 0xDE, 0x9D, 0xF9, 0x36, 0x34,
+ 0x0E, 0x77, 0x0E, 0x3E, 0x08, 0xEA, 0x4F, 0xE5, 0x06, 0x26,
+ 0xD4, 0xF6, 0x38, 0xF7, 0xDF, 0x0D, 0x0F, 0x1C, 0x2E, 0x06,
+ 0xA2, 0xF4, 0x2A, 0x68, 0x9C, 0x63, 0x72, 0xE3, 0x35, 0xE6,
+ 0x04, 0x91, 0x91, 0xB5, 0xC1, 0xB1, 0xA4, 0x54, 0xAC, 0xD7,
+ 0xC6, 0xFB, 0x41, 0xA0, 0xD6, 0x75, 0x6F, 0xBD, 0x0B, 0x4E,
+ 0xBF, 0xB1, 0x52, 0xE8, 0x5F, 0x49, 0x26, 0x98, 0x56, 0x47,
+ 0xC7, 0xDE, 0xE9, 0xEA, 0x3C, 0x60, 0x01, 0xBF, 0x28, 0xDC,
+ 0x31, 0xBF, 0x49, 0x5F, 0x93, 0x49, 0x87, 0x7A, 0x81, 0x5B,
+ 0x96, 0x4B, 0x4D, 0xCA, 0x5C, 0x38, 0x4F, 0xB7, 0xE1, 0xB2,
+ 0xD3, 0xC7, 0x21, 0xDA, 0x3C, 0x12, 0x87, 0x07, 0xE4, 0x1B,
+ 0xDC, 0x43, 0xEC, 0xE8, 0xEC, 0x54, 0x61, 0xE7, 0xF6, 0xED,
+ 0xA6, 0x0B, 0x2E, 0xF5, 0xDF, 0x82, 0x7F, 0xC6, 0x1F, 0x61,
+ 0x19, 0x9C, 0xA4, 0x83, 0x39, 0xDF, 0x21, 0x85, 0x89, 0x6F,
+ 0x77, 0xAF, 0x86, 0x15, 0x32, 0x08, 0xA2, 0x5A, 0x0B, 0x26,
+ 0x61, 0xFB, 0x70, 0x0C, 0xCA, 0x9C, 0x38, 0x7D, 0xBC, 0x22,
+ 0xEE, 0xEB, 0xA3, 0xA8, 0x16, 0x00, 0xF9, 0x8A, 0x80, 0x1E,
+ 0x00, 0x84, 0xA8, 0x4A, 0x41, 0xF8, 0x84, 0x03, 0x67, 0x2F,
+ 0x23, 0x5B, 0x2F, 0x9B, 0x6B, 0x26, 0xC3, 0x07, 0x34, 0x94,
+ 0xA3, 0x03, 0x3B, 0x72, 0xD5, 0x9F, 0x72, 0xE0, 0xAD, 0xCC,
+ 0x34, 0xAB, 0xBD, 0xC7, 0xD5, 0xF5, 0x26, 0x30, 0x85, 0x0F,
+ 0x30, 0x23, 0x39, 0x52, 0xFF, 0x3C, 0xCB, 0x99, 0x21, 0x4D,
+ 0x88, 0xA5, 0xAB, 0xEE, 0x62, 0xB9, 0xC7, 0xE0, 0xBB, 0x47,
+ 0x87, 0xC1, 0x69, 0xCF, 0x73, 0xF3, 0x30, 0xBE, 0xCE, 0x39,
+ 0x04, 0x9C, 0xE5, 0x02, 0x81, 0x81, 0x00, 0xE1, 0x76, 0x45,
+ 0x80, 0x59, 0xB6, 0xD3, 0x49, 0xDF, 0x0A, 0xEF, 0x12, 0xD6,
+ 0x0F, 0xF0, 0xB7, 0xCB, 0x2A, 0x37, 0xBF, 0xA7, 0xF8, 0xB5,
+ 0x4D, 0xF5, 0x31, 0x35, 0xAD, 0xE4, 0xA3, 0x94, 0xA1, 0xDB,
+ 0xF1, 0x96, 0xAD, 0xB5, 0x05, 0x64, 0x85, 0x83, 0xFC, 0x1B,
+ 0x5B, 0x29, 0xAA, 0xBE, 0xF8, 0x26, 0x3F, 0x76, 0x7E, 0xAD,
+ 0x1C, 0xF0, 0xCB, 0xD7, 0x26, 0xB4, 0x1B, 0x05, 0x8E, 0x56,
+ 0x86, 0x7E, 0x08, 0x62, 0x21, 0xC1, 0x86, 0xD6, 0x47, 0x79,
+ 0x3E, 0xB7, 0x5D, 0xA4, 0xC6, 0x3A, 0xD7, 0xB1, 0x74, 0x20,
+ 0xF6, 0x50, 0x97, 0x41, 0x04, 0x53, 0xED, 0x3F, 0x26, 0xD6,
+ 0x6F, 0x91, 0xFA, 0x68, 0x26, 0xEC, 0x2A, 0xDC, 0x9A, 0xF1,
+ 0xE7, 0xDC, 0xFB, 0x73, 0xF0, 0x79, 0x43, 0x1B, 0x21, 0xA3,
+ 0x59, 0x04, 0x63, 0x52, 0x07, 0xC9, 0xD7, 0xE6, 0xD1, 0x1B,
+ 0x5D, 0x5E, 0x96, 0xFA, 0x53, 0x02, 0x81, 0x81, 0x00, 0xD8,
+ 0xED, 0x4E, 0x64, 0x61, 0x6B, 0x91, 0x0C, 0x61, 0x01, 0xB5,
+ 0x0F, 0xBB, 0x44, 0x67, 0x53, 0x1E, 0xDC, 0x07, 0xC4, 0x24,
+ 0x7E, 0x9E, 0x6C, 0x84, 0x23, 0x91, 0x0C, 0xE4, 0x12, 0x04,
+ 0x16, 0x4D, 0x78, 0x98, 0xCC, 0x96, 0x3D, 0x20, 0x4E, 0x0F,
+ 0x45, 0x9A, 0xB6, 0xF8, 0xB3, 0x93, 0x0D, 0xB2, 0xA2, 0x1B,
+ 0x29, 0xF2, 0x26, 0x79, 0xC8, 0xC5, 0xD2, 0x78, 0x7E, 0x5E,
+ 0x73, 0xF2, 0xD7, 0x70, 0x61, 0xBB, 0x40, 0xCE, 0x61, 0x05,
+ 0xFE, 0x69, 0x1E, 0x82, 0x29, 0xE6, 0x14, 0xB8, 0xA1, 0xE7,
+ 0x96, 0xD0, 0x23, 0x3F, 0x05, 0x93, 0x00, 0xF2, 0xE1, 0x4D,
+ 0x7E, 0xED, 0xB7, 0x96, 0x6C, 0xF7, 0xF0, 0xE4, 0xD1, 0xCF,
+ 0x01, 0x98, 0x4F, 0xDC, 0x74, 0x54, 0xAA, 0x6D, 0x5E, 0x5A,
+ 0x41, 0x31, 0xFE, 0xFF, 0x9A, 0xB6, 0xA0, 0x05, 0xDD, 0xA9,
+ 0x10, 0x54, 0xF8, 0x6B, 0xD0, 0xAA, 0x83, 0x02, 0x81, 0x80,
+ 0x21, 0xD3, 0x04, 0x8A, 0x44, 0xEB, 0x50, 0xB7, 0x7C, 0x66,
+ 0xBF, 0x87, 0x2B, 0xE6, 0x28, 0x4E, 0xEA, 0x83, 0xE2, 0xE9,
+ 0x35, 0xE1, 0xF2, 0x11, 0x47, 0xFF, 0xA1, 0xF5, 0xFC, 0x9F,
+ 0x2D, 0xE5, 0x3A, 0x81, 0xFC, 0x01, 0x03, 0x6F, 0x53, 0xAD,
+ 0x54, 0x27, 0xB6, 0x52, 0xEE, 0xE5, 0x56, 0xD1, 0x13, 0xAB,
+ 0xE1, 0xB3, 0x0F, 0x75, 0x90, 0x0A, 0x84, 0xB4, 0xA1, 0xC0,
+ 0x8C, 0x0C, 0xD6, 0x9E, 0x46, 0xBA, 0x2B, 0x3E, 0xB5, 0x31,
+ 0xED, 0x63, 0xBB, 0xA4, 0xD5, 0x0D, 0x8F, 0x72, 0xCD, 0xD1,
+ 0x1E, 0x26, 0x35, 0xEB, 0xBE, 0x1B, 0x72, 0xFD, 0x9B, 0x39,
+ 0xB4, 0x87, 0xB7, 0x13, 0xF5, 0xEA, 0x83, 0x45, 0x93, 0x98,
+ 0xBA, 0x8F, 0xE4, 0x4A, 0xCC, 0xB4, 0x4C, 0xA8, 0x7F, 0x08,
+ 0xBA, 0x41, 0x49, 0xA8, 0x49, 0x28, 0x3D, 0x5E, 0x3D, 0xC1,
+ 0xCE, 0x37, 0x00, 0xCB, 0xF9, 0x2C, 0xDD, 0x51, 0x02, 0x81,
+ 0x81, 0x00, 0xA1, 0x57, 0x9F, 0x3E, 0xB9, 0xD6, 0xAF, 0x83,
+ 0x6D, 0x83, 0x3F, 0x8F, 0xFB, 0xD0, 0xDC, 0xA8, 0xCE, 0x03,
+ 0x09, 0x23, 0xB1, 0xA1, 0x1B, 0x63, 0xCA, 0xC4, 0x49, 0x56,
+ 0x35, 0x2B, 0xD1, 0x2E, 0x65, 0x60, 0x95, 0x05, 0x55, 0x99,
+ 0x11, 0x35, 0xFD, 0xD5, 0xDF, 0x44, 0xC7, 0xA5, 0x88, 0x72,
+ 0x5F, 0xB2, 0x82, 0x51, 0xA8, 0x71, 0x45, 0x93, 0x36, 0xCF,
+ 0x5C, 0x1F, 0x61, 0x51, 0x0C, 0x05, 0x80, 0xE8, 0xAF, 0xC5,
+ 0x7B, 0xBA, 0x5E, 0x22, 0xE3, 0x3C, 0x75, 0xC3, 0x84, 0x05,
+ 0x55, 0x6D, 0xD6, 0x3A, 0x2D, 0x84, 0x89, 0x93, 0x33, 0xCB,
+ 0x38, 0xDA, 0xAA, 0x31, 0x05, 0xCD, 0xCE, 0x6C, 0x2D, 0xDD,
+ 0x55, 0xD3, 0x57, 0x0B, 0xF0, 0xA5, 0x35, 0x6A, 0xB0, 0xAE,
+ 0x31, 0xBA, 0x43, 0x96, 0xCA, 0x00, 0xC7, 0x4B, 0xE3, 0x19,
+ 0x12, 0x43, 0xD3, 0x42, 0xFA, 0x6F, 0xEA, 0x80, 0xC0, 0xD1,
+ 0x02, 0x81, 0x81, 0x00, 0xB9, 0xDB, 0x89, 0x20, 0x34, 0x27,
+ 0x70, 0x62, 0x34, 0xEA, 0x5F, 0x25, 0x62, 0x12, 0xF3, 0x9D,
+ 0x81, 0xBF, 0x48, 0xEE, 0x9A, 0x0E, 0xC1, 0x8D, 0x10, 0xFF,
+ 0x65, 0x9A, 0x9D, 0x2D, 0x1A, 0x8A, 0x94, 0x5A, 0xC8, 0xC0,
+ 0xA5, 0xA5, 0x84, 0x61, 0x9E, 0xD4, 0x24, 0xB9, 0xEF, 0xA9,
+ 0x9D, 0xC9, 0x77, 0x0B, 0xC7, 0x70, 0x66, 0x3D, 0xBA, 0xC8,
+ 0x54, 0xDF, 0xD2, 0x33, 0xE1, 0xF5, 0x7F, 0xF9, 0x27, 0x61,
+ 0xBE, 0x57, 0x45, 0xDD, 0xB7, 0x45, 0x17, 0x24, 0xF5, 0x23,
+ 0xE4, 0x38, 0x0E, 0x91, 0x27, 0xEE, 0xE3, 0x20, 0xD8, 0x14,
+ 0xC8, 0x94, 0x47, 0x77, 0x40, 0x77, 0x45, 0x18, 0x9E, 0x0D,
+ 0xCE, 0x79, 0x3F, 0x57, 0x31, 0x56, 0x09, 0x49, 0x67, 0xBE,
+ 0x94, 0x58, 0x4F, 0xF6, 0xC4, 0xAB, 0xE2, 0x89, 0xE3, 0xE3,
+ 0x8A, 0xC0, 0x05, 0x55, 0x2C, 0x24, 0xC0, 0x4A, 0x97, 0x04,
+ 0x27, 0x9A
+};
+static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048);
+
+/* ./certs/ca-cert.der, 2048-bit */
+static const unsigned char ca_cert_der_2048[] =
+{
+ 0x30, 0x82, 0x04, 0xE9, 0x30, 0x82, 0x03, 0xD1, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0xD3, 0x3F, 0xAC,
+ 0x18, 0x0A, 0x37, 0x4D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+ 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
+ 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
+ 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
+ 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x32, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+ 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+ 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03,
+ 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F,
+ 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+ 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C,
+ 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01,
+ 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D,
+ 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A,
+ 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA,
+ 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A,
+ 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98,
+ 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE,
+ 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB,
+ 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1,
+ 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41,
+ 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70,
+ 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED,
+ 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED,
+ 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38,
+ 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C,
+ 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13,
+ 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D,
+ 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC,
+ 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D,
+ 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67,
+ 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68,
+ 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5,
+ 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17,
+ 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3,
+ 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52,
+ 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9,
+ 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED,
+ 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01,
+ 0x3A, 0x30, 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55,
+ 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11,
+ 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4,
+ 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06,
+ 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE,
+ 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D,
+ 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5,
+ 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81,
+ 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+ 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
+ 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+ 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+ 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31,
+ 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A,
+ 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67,
+ 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+ 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+ 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D,
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+ 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
+ 0x09, 0x00, 0xAA, 0xD3, 0x3F, 0xAC, 0x18, 0x0A, 0x37, 0x4D,
+ 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
+ 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
+ 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
+ 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04,
+ 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D,
+ 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01,
+ 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
+ 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
+ 0x03, 0x82, 0x01, 0x01, 0x00, 0x62, 0x98, 0xC8, 0x58, 0xCF,
+ 0x56, 0x03, 0x86, 0x5B, 0x1B, 0x71, 0x49, 0x7D, 0x05, 0x03,
+ 0x5D, 0xE0, 0x08, 0x86, 0xAD, 0xDB, 0x4A, 0xDE, 0xAB, 0x22,
+ 0x96, 0xA8, 0xC3, 0x59, 0x68, 0xC1, 0x37, 0x90, 0x40, 0xDF,
+ 0xBD, 0x89, 0xD0, 0xBC, 0xDA, 0x8E, 0xEF, 0x87, 0xB2, 0xC2,
+ 0x62, 0x52, 0xE1, 0x1A, 0x29, 0x17, 0x6A, 0x96, 0x99, 0xC8,
+ 0x4E, 0xD8, 0x32, 0xFE, 0xB8, 0xD1, 0x5C, 0x3B, 0x0A, 0xC2,
+ 0x3C, 0x5F, 0xA1, 0x1E, 0x98, 0x7F, 0xCE, 0x89, 0x26, 0x21,
+ 0x1F, 0x64, 0x9C, 0x15, 0x7A, 0x9C, 0xEF, 0xFB, 0x1D, 0x85,
+ 0x6A, 0xFA, 0x98, 0xCE, 0xA8, 0xA9, 0xAB, 0xC3, 0xA2, 0xC0,
+ 0xEB, 0x87, 0xED, 0xBC, 0x21, 0xDF, 0xF3, 0x07, 0x5B, 0xAE,
+ 0xFD, 0x40, 0xD4, 0xAE, 0x20, 0xD0, 0x76, 0x8A, 0x31, 0x0A,
+ 0xA2, 0x62, 0x7C, 0x61, 0x0D, 0xCE, 0x5D, 0x9A, 0x1E, 0xE4,
+ 0x20, 0x88, 0x51, 0x49, 0xFB, 0x77, 0xA9, 0xCD, 0x4D, 0xC6,
+ 0xBF, 0x54, 0x99, 0x33, 0xEF, 0x4B, 0xA0, 0x73, 0x70, 0x6D,
+ 0x2E, 0xD9, 0x3D, 0x08, 0xF6, 0x12, 0x39, 0x31, 0x68, 0xC6,
+ 0x61, 0x5C, 0x41, 0xB5, 0x1B, 0xF4, 0x38, 0x7D, 0xFC, 0xBE,
+ 0x73, 0x66, 0x2D, 0xF7, 0xCA, 0x5B, 0x2C, 0x5B, 0x31, 0xAA,
+ 0xCF, 0xF6, 0x7F, 0x30, 0xE4, 0x12, 0x2C, 0x8E, 0xD6, 0x38,
+ 0x51, 0xE6, 0x45, 0xEE, 0xD5, 0xDA, 0xC3, 0x83, 0xD6, 0xED,
+ 0x5E, 0xEC, 0xD6, 0xB6, 0x14, 0xB3, 0x93, 0x59, 0xE1, 0x55,
+ 0x4A, 0x7F, 0x04, 0xDF, 0xCE, 0x65, 0xD4, 0xDF, 0x18, 0x4F,
+ 0xDD, 0xB4, 0x45, 0x7F, 0xA6, 0x56, 0x30, 0xC4, 0x05, 0x44,
+ 0x98, 0x9D, 0x4F, 0x26, 0x6D, 0x84, 0x80, 0xA0, 0x5E, 0xED,
+ 0x23, 0xD1, 0x48, 0x87, 0x0E, 0x05, 0x06, 0x91, 0x3B, 0xB0,
+ 0x3C, 0xBB, 0x8C, 0x8F, 0x3C, 0x7B, 0x4C, 0x4F, 0xA1, 0xCA,
+ 0x98
+};
+static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
+
+/* ./certs/ca-cert-chain.der, 2048-bit */
+static const unsigned char ca_cert_chain_der[] =
+{
+ 0x30, 0x82, 0x03, 0xE4, 0x30, 0x82, 0x03, 0x4D, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE9, 0x2F, 0xDA, 0xA8,
+ 0x53, 0xBD, 0xBD, 0xD5, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+ 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
+ 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
+ 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
+ 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x32, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+ 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+ 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03,
+ 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F,
+ 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+ 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C,
+ 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
+ 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24,
+ 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16,
+ 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04,
+ 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50,
+ 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24,
+ 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8,
+ 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2,
+ 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54,
+ 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72,
+ 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B,
+ 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94,
+ 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5,
+ 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3A, 0x30,
+ 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
+ 0x04, 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0,
+ 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36,
+ 0x3A, 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55,
+ 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14,
+ 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED,
+ 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8,
+ 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11,
+ 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53,
+ 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30,
+ 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F,
+ 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+ 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+ 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
+ 0xE9, 0x2F, 0xDA, 0xA8, 0x53, 0xBD, 0xBD, 0xD5, 0x30, 0x0C,
+ 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
+ 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
+ 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00,
+ 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04,
+ 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81,
+ 0x81, 0x00, 0xB3, 0xE9, 0x88, 0x6A, 0xEA, 0x5F, 0x35, 0x7C,
+ 0x6C, 0xFD, 0x93, 0xFE, 0x9A, 0x98, 0xE7, 0x1C, 0xBC, 0xD1,
+ 0xC8, 0x7A, 0x15, 0xC5, 0x69, 0xE1, 0xFB, 0x35, 0x1B, 0xEC,
+ 0x92, 0x3F, 0xD1, 0x3E, 0x69, 0x2A, 0x11, 0x95, 0x44, 0x3D,
+ 0x3F, 0x7C, 0xFF, 0xF6, 0x64, 0xD8, 0xE4, 0x1D, 0xEC, 0x86,
+ 0x95, 0x69, 0x48, 0x3D, 0x5B, 0x6D, 0x39, 0xE7, 0x7E, 0x51,
+ 0x12, 0x15, 0x4B, 0x90, 0xA8, 0xFA, 0x1E, 0xAA, 0x81, 0x53,
+ 0xDE, 0x85, 0x29, 0x4D, 0x79, 0x6C, 0x08, 0xC2, 0xC4, 0x5E,
+ 0x4D, 0x39, 0xA6, 0x09, 0xA4, 0x67, 0xAC, 0xDC, 0xF0, 0xCD,
+ 0xB7, 0x4E, 0xE5, 0xF9, 0x72, 0xC3, 0x25, 0x1C, 0x8D, 0xE0,
+ 0x03, 0x30, 0x19, 0x5A, 0xA5, 0x63, 0xA6, 0xBA, 0xEC, 0x12,
+ 0x87, 0xEF, 0x6D, 0x56, 0x22, 0xA7, 0x42, 0x4A, 0x8F, 0x3B,
+ 0xFD, 0x20, 0xAB, 0xEF, 0x29, 0x5E, 0x3D, 0x16, 0xD7, 0xAC
+
+};
+static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der);
+
+/* ./certs/server-key.der, 2048-bit */
+static const unsigned char server_key_der_2048[] =
+{
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71,
+ 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45,
+ 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E,
+ 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67,
+ 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07,
+ 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C,
+ 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0,
+ 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73,
+ 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D,
+ 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F,
+ 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00,
+ 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01,
+ 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3,
+ 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3,
+ 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD,
+ 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C,
+ 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10,
+ 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1,
+ 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F,
+ 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1,
+ 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9,
+ 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42,
+ 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58,
+ 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0,
+ 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50, 0x01, 0xEF, 0x9F, 0xED,
+ 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7, 0x92,
+ 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C,
+ 0xC6, 0x79, 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54,
+ 0x95, 0x77, 0xCB, 0xC3, 0x9A, 0x9D, 0xB7, 0xD4, 0x1D, 0xA4,
+ 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA, 0x67, 0x16,
+ 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A,
+ 0xFB, 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD,
+ 0x98, 0x6B, 0x65, 0x9A, 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6,
+ 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22, 0x60, 0x2A, 0x73,
+ 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51,
+ 0x25, 0x4E, 0x9F, 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2,
+ 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64, 0xCA, 0x9A, 0x5B, 0x05,
+ 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32, 0x22,
+ 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F,
+ 0x74, 0xD3, 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63,
+ 0x7A, 0x97, 0x2E, 0xD6, 0xB6, 0x19, 0xC6, 0x92, 0x26, 0xE4,
+ 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9, 0x78, 0x0D,
+ 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01,
+ 0x41, 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77,
+ 0xD2, 0x60, 0xF2, 0x9F, 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63,
+ 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C, 0xE6, 0x55, 0x34,
+ 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C,
+ 0xF1, 0x58, 0x58, 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C,
+ 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9, 0x10, 0x32, 0xB7, 0x93,
+ 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6, 0xB5,
+ 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8,
+ 0x1B, 0xAC, 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4,
+ 0x19, 0xB8, 0xC3, 0x60, 0xB1, 0x57, 0x48, 0x5F, 0x52, 0x4F,
+ 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43, 0x50, 0x3F,
+ 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E,
+ 0xAD, 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73,
+ 0x70, 0x9C, 0x0A, 0x7C, 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8,
+ 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD, 0x15, 0x73, 0xDA,
+ 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B,
+ 0xC6, 0xB1, 0x53, 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00,
+ 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D, 0xB7, 0x5C, 0x5C, 0x7C,
+ 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63, 0xB3,
+ 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C,
+ 0x8E, 0x7B, 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18,
+ 0x7D, 0xEA, 0xFE, 0x76, 0xA1, 0xD4, 0xA1, 0xE9, 0x3F, 0x0D,
+ 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B, 0x5B, 0x0F,
+ 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A,
+ 0xED, 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42,
+ 0x13, 0x23, 0x4C, 0xCB, 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7,
+ 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C, 0xC1, 0x85, 0x5F,
+ 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE,
+ 0x5F, 0x53, 0xA4, 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81,
+ 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB, 0xD5, 0xFE, 0xF9, 0x52,
+ 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52, 0x2F,
+ 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63,
+ 0x52, 0xDA, 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5,
+ 0xD3, 0x18, 0x14, 0x72, 0x77, 0x5E, 0xC7, 0xA3, 0x04, 0x1F,
+ 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3, 0xF2, 0xB5,
+ 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4,
+ 0x5F, 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7,
+ 0x56, 0xC0, 0xD4, 0x22, 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50,
+ 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95, 0x92, 0x31, 0x41,
+ 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3,
+ 0x22, 0x00, 0xFE, 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29,
+ 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41, 0x56, 0x28, 0x51, 0x9E,
+ 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2, 0x6C,
+ 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA,
+ 0xD4, 0x0C, 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C,
+ 0xD4, 0xE6, 0xDC, 0x4C, 0xED, 0xD7, 0x16, 0x11, 0xC3, 0x3E,
+ 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE, 0xBB, 0x75,
+ 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A,
+ 0xC5, 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE,
+ 0x6E, 0x99, 0x87, 0xF8, 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65,
+ 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF, 0x16, 0xCA, 0x8B,
+ 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59,
+ 0x9D, 0xE0, 0x63, 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1,
+ 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D, 0x45, 0xF9, 0x40, 0x8C,
+ 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C, 0xAC,
+ 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5,
+ 0xE5, 0x8A, 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D,
+ 0x86, 0x09, 0xB8, 0xD8, 0x76, 0xA7, 0xC9, 0x1C, 0x71, 0x52,
+ 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD, 0x61, 0x1B,
+ 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF,
+ 0x43, 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4,
+ 0x5E, 0xCF, 0x4F, 0xFC, 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23,
+ 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5, 0x29, 0xD0, 0x44,
+ 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6,
+ 0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37,
+ 0x3B, 0xF1, 0xB0
+};
+static const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048);
+
+/* ./certs/server-cert.der, 2048-bit */
+static const unsigned char server_cert_der_2048[] =
+{
+ 0x30, 0x82, 0x04, 0xDD, 0x30, 0x82, 0x03, 0xC5, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05,
+ 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F,
+ 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
+ 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55,
+ 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F,
+ 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+ 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74,
+ 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+ 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+ 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32,
+ 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17,
+ 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34,
+ 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+ 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
+ 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C,
+ 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F,
+ 0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
+ 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
+ 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
+ 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+ 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00,
+ 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02,
+ 0x82, 0x01, 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41,
+ 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65,
+ 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE,
+ 0x2F, 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB,
+ 0xA8, 0x67, 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A,
+ 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0,
+ 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8,
+ 0x95, 0x73, 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7,
+ 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B,
+ 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3,
+ 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68,
+ 0x78, 0x73, 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3,
+ 0x19, 0x01, 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4,
+ 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17,
+ 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21,
+ 0xB5, 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D,
+ 0x5F, 0x1C, 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14,
+ 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A,
+ 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23,
+ 0x95, 0xA1, 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D,
+ 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0,
+ 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20,
+ 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61,
+ 0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3A, 0x30,
+ 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
+ 0x04, 0x16, 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98,
+ 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA,
+ 0x1F, 0x0E, 0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55,
+ 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14,
+ 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED,
+ 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5,
+ 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11,
+ 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53,
+ 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30,
+ 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F,
+ 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+ 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+ 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
+ 0xAA, 0xD3, 0x3F, 0xAC, 0x18, 0x0A, 0x37, 0x4D, 0x30, 0x0C,
+ 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
+ 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
+ 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00,
+ 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04,
+ 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
+ 0x01, 0x01, 0x00, 0x1B, 0x0D, 0xA6, 0x44, 0x93, 0x0D, 0x0E,
+ 0x0C, 0x35, 0x28, 0x26, 0x40, 0x31, 0xD2, 0xEB, 0x26, 0x4C,
+ 0x47, 0x5B, 0x19, 0xFB, 0xAD, 0xFE, 0x3A, 0xF5, 0x30, 0x3A,
+ 0x28, 0xD7, 0xAA, 0x69, 0xA4, 0x15, 0xE7, 0x26, 0x6E, 0xB7,
+ 0x33, 0x56, 0xAC, 0x8F, 0x34, 0x3D, 0xF3, 0x21, 0x2F, 0x53,
+ 0x58, 0x91, 0xD0, 0x3E, 0xB4, 0x39, 0x48, 0xBF, 0x93, 0x11,
+ 0x74, 0x36, 0xD3, 0x87, 0x49, 0xC3, 0x34, 0x0D, 0x30, 0x30,
+ 0xAB, 0xF4, 0x4C, 0x27, 0x19, 0xD5, 0xC4, 0x0C, 0xAD, 0x49,
+ 0xBD, 0x91, 0xF8, 0xDA, 0x9E, 0xC8, 0x2D, 0x2A, 0xAC, 0xE2,
+ 0x75, 0x8E, 0xAA, 0x08, 0xD9, 0xBF, 0x65, 0xFF, 0xA3, 0xB1,
+ 0x4F, 0xF0, 0x60, 0x6F, 0x4D, 0x95, 0xC4, 0x06, 0x7F, 0xAF,
+ 0x66, 0x6A, 0x23, 0x3B, 0x3A, 0xA4, 0x61, 0xB6, 0x6C, 0xCA,
+ 0xBE, 0xE1, 0xB0, 0x77, 0xF3, 0xEC, 0x83, 0xD5, 0x8C, 0x1D,
+ 0x85, 0x7F, 0x8D, 0x74, 0xC8, 0xEC, 0x1E, 0x49, 0xEC, 0x57,
+ 0x4A, 0xCC, 0xFD, 0xE2, 0x3A, 0x3E, 0x54, 0x50, 0xAE, 0x67,
+ 0xCD, 0x17, 0xB0, 0x67, 0xA5, 0x53, 0x7F, 0xC3, 0x0E, 0x3E,
+ 0xA7, 0x58, 0xE8, 0xDF, 0xD5, 0x0C, 0xF2, 0x64, 0xF3, 0xAD,
+ 0x12, 0x70, 0xE3, 0xB9, 0x42, 0xBC, 0x08, 0x60, 0x76, 0xD5,
+ 0x0C, 0xA5, 0x31, 0x77, 0x50, 0xE0, 0xC8, 0xF3, 0x3A, 0x3D,
+ 0x45, 0xCF, 0x32, 0x75, 0xEF, 0x10, 0xDD, 0xB5, 0xED, 0x6E,
+ 0xD2, 0x2D, 0x57, 0x82, 0x95, 0x38, 0xBC, 0x7D, 0x54, 0xC4,
+ 0x84, 0x5E, 0xFB, 0x7E, 0x83, 0xF5, 0xF1, 0x2D, 0x9C, 0x98,
+ 0xAC, 0x73, 0xE3, 0xA7, 0xD2, 0x02, 0x30, 0xD6, 0x1F, 0x06,
+ 0x1E, 0xD0, 0xDC, 0x3A, 0xAC, 0xF4, 0xC2, 0xC2, 0xBE, 0x72,
+ 0x40, 0x9A, 0xEA, 0xCF, 0x35, 0x21, 0x3B, 0x56, 0x6D, 0xE1,
+ 0x52, 0xF2, 0x80, 0xD7, 0x35, 0x83, 0x97, 0x07, 0xCC
+};
+static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
+
+#endif /* USE_CERT_BUFFERS_2048 */
+
+#ifdef USE_CERT_BUFFERS_3072
+
+/* ./certs/dh3072.der, 3072-bit */
+static const unsigned char dh_key_der_3072[] =
+{
+ 0x30, 0x82, 0x01, 0x88, 0x02, 0x82, 0x01, 0x81, 0x00, 0x89,
+ 0x1B, 0x75, 0x3F, 0x84, 0xB6, 0x11, 0xED, 0x21, 0xF1, 0x08,
+ 0x0F, 0xB8, 0x06, 0xC9, 0xA3, 0xC9, 0x41, 0xDB, 0x5A, 0xC8,
+ 0xF8, 0x82, 0x73, 0x0F, 0xEB, 0x89, 0x1E, 0x54, 0x18, 0xBE,
+ 0xE6, 0x48, 0x41, 0x9E, 0xFA, 0xC2, 0x0C, 0x50, 0x67, 0xC3,
+ 0x5D, 0xB5, 0xF5, 0x0F, 0x23, 0x6A, 0x43, 0x33, 0x91, 0xD9,
+ 0x40, 0xF3, 0x66, 0xC6, 0x99, 0xFF, 0x97, 0xB6, 0x7B, 0xAF,
+ 0x27, 0x72, 0x3B, 0x9F, 0x7E, 0x58, 0x18, 0x14, 0x9F, 0x91,
+ 0x6E, 0x2B, 0x11, 0xC1, 0x57, 0x49, 0x27, 0x36, 0x78, 0xE1,
+ 0x09, 0x68, 0x9C, 0x05, 0x5A, 0xAC, 0xE6, 0x00, 0x38, 0xBE,
+ 0x95, 0x74, 0x81, 0x53, 0x28, 0xF0, 0xAD, 0xDF, 0xB5, 0x87,
+ 0x1C, 0x72, 0x17, 0x4E, 0xEC, 0x00, 0x91, 0x22, 0xAA, 0xE4,
+ 0x88, 0xD7, 0xF5, 0x3D, 0x1F, 0x03, 0x13, 0x2D, 0x1C, 0xFB,
+ 0xDE, 0x59, 0x68, 0xAD, 0xE0, 0x17, 0xA1, 0xEE, 0x8D, 0xCC,
+ 0xBF, 0xFE, 0xCF, 0x24, 0x42, 0xED, 0x26, 0xDD, 0x29, 0xD0,
+ 0x4E, 0x62, 0x3C, 0x85, 0x36, 0x1B, 0x5F, 0x6A, 0x47, 0x88,
+ 0x21, 0xE5, 0x1B, 0x85, 0x0A, 0x2C, 0xE9, 0x2F, 0xE0, 0x20,
+ 0xFC, 0x1D, 0xCD, 0x55, 0x66, 0xF5, 0xAC, 0x32, 0x00, 0x8E,
+ 0xA3, 0xE9, 0xED, 0xFB, 0x35, 0xA7, 0xE6, 0x76, 0x53, 0x42,
+ 0xC6, 0x77, 0x77, 0xAB, 0x90, 0x99, 0x7C, 0xC2, 0xEC, 0xC9,
+ 0x18, 0x4A, 0x3C, 0xF4, 0x11, 0x75, 0x27, 0x83, 0xBD, 0x9E,
+ 0xC2, 0x8F, 0x23, 0xAB, 0x52, 0x46, 0xE2, 0x52, 0x5D, 0x9A,
+ 0x04, 0xC3, 0x15, 0x1F, 0x69, 0x9C, 0x72, 0x69, 0x59, 0x52,
+ 0xD4, 0x69, 0x3D, 0x19, 0x77, 0x36, 0x25, 0xAF, 0x07, 0x71,
+ 0x82, 0xDE, 0xB7, 0x24, 0x60, 0x82, 0x6A, 0x72, 0xBB, 0xED,
+ 0xB6, 0x76, 0xAE, 0x7E, 0xBC, 0x7D, 0x2F, 0x73, 0x4B, 0x04,
+ 0x16, 0xD5, 0xA4, 0xF3, 0x03, 0x26, 0xFB, 0xF3, 0xCD, 0x7B,
+ 0x77, 0x7E, 0x7C, 0x8D, 0x65, 0xAE, 0xA5, 0xDC, 0x6C, 0xE3,
+ 0x70, 0xD2, 0x29, 0x6B, 0xF2, 0xEB, 0x76, 0xC9, 0xE5, 0x46,
+ 0x18, 0x12, 0x57, 0xB0, 0x55, 0xA5, 0x7C, 0xCD, 0x41, 0x93,
+ 0x26, 0x99, 0xF7, 0xA5, 0xC5, 0x34, 0xBE, 0x59, 0x79, 0xDE,
+ 0x0A, 0x57, 0x5F, 0x21, 0xF8, 0x98, 0x52, 0xF0, 0x2F, 0x7B,
+ 0x57, 0xB6, 0x9D, 0xFC, 0x40, 0xA6, 0x55, 0xFB, 0xAF, 0xD9,
+ 0x16, 0x9B, 0x20, 0x4F, 0xA8, 0xA3, 0x0B, 0x04, 0x48, 0xE3,
+ 0x77, 0x22, 0xC4, 0xCC, 0x57, 0x14, 0x33, 0xA2, 0xF0, 0x9A,
+ 0xE3, 0x12, 0xBD, 0xFF, 0x72, 0x8B, 0xEE, 0x52, 0xF3, 0xC9,
+ 0x59, 0xC2, 0xA2, 0x6B, 0xA5, 0x75, 0x48, 0x51, 0x82, 0x0E,
+ 0x7A, 0xFF, 0xFE, 0x41, 0xCD, 0x7C, 0x63, 0xD2, 0x53, 0xA8,
+ 0x11, 0x03, 0xB9, 0x03, 0x07, 0xFE, 0x66, 0x38, 0x5F, 0xA2,
+ 0x3E, 0x9C, 0x1B, 0x02, 0x01, 0x02
+};
+static const int sizeof_dh_key_der_3072 = sizeof(dh_key_der_3072);
+
+/* ./certs/dsa3072.der, 3072-bit */
+static const unsigned char dsa_key_der_3072[] =
+{
+ 0x30, 0x82, 0x04, 0xD7, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x81, 0x00, 0xB5, 0xD0, 0x2F, 0x55, 0xC1, 0x27, 0x4C, 0x5B,
+ 0x28, 0x81, 0x4E, 0xA4, 0x32, 0x0D, 0x73, 0x54, 0x68, 0x4F,
+ 0x0A, 0x36, 0x68, 0x4A, 0x51, 0xBE, 0xDE, 0x49, 0xD4, 0x9D,
+ 0xCE, 0xC6, 0xF7, 0x01, 0x70, 0xD2, 0x88, 0x90, 0x1D, 0x60,
+ 0x30, 0x9B, 0x0A, 0x9C, 0x23, 0xDA, 0xE0, 0x74, 0x46, 0x5B,
+ 0xC7, 0x41, 0x40, 0x5C, 0xD9, 0x7A, 0xBE, 0x78, 0xCA, 0x49,
+ 0xF5, 0x2D, 0x7B, 0xD7, 0xBF, 0x67, 0x0D, 0x84, 0x28, 0xBB,
+ 0x9D, 0xC2, 0xAB, 0x23, 0x06, 0x28, 0x0C, 0x98, 0x46, 0x43,
+ 0xCE, 0x6F, 0x9E, 0xD0, 0xE9, 0x0E, 0xF3, 0x7E, 0x30, 0x5D,
+ 0xD3, 0x45, 0x44, 0x7B, 0x0C, 0x7A, 0x73, 0xA6, 0x95, 0x65,
+ 0xAA, 0x8B, 0xD8, 0x75, 0x6A, 0x11, 0xB3, 0x10, 0x7C, 0x57,
+ 0xAF, 0xCE, 0xBE, 0x5B, 0xF7, 0xC8, 0xFE, 0x42, 0xA3, 0x77,
+ 0xB7, 0x0B, 0x3D, 0x66, 0xB5, 0x08, 0x74, 0x22, 0x74, 0x26,
+ 0xE6, 0xDB, 0x8E, 0xEF, 0xA3, 0x99, 0xAE, 0x0B, 0x42, 0x8C,
+ 0x5F, 0x7E, 0x48, 0xE9, 0x19, 0x90, 0xA8, 0x35, 0xA9, 0xFC,
+ 0x48, 0x0D, 0xC8, 0xB8, 0xE4, 0x1A, 0x0C, 0x26, 0xC7, 0x1A,
+ 0x20, 0x02, 0xEB, 0x72, 0x2E, 0x94, 0xD6, 0x19, 0x34, 0x39,
+ 0x55, 0x4E, 0xFC, 0x53, 0x48, 0xD8, 0x10, 0x89, 0xA1, 0x6E,
+ 0x22, 0x39, 0x71, 0x15, 0xA6, 0x13, 0xBC, 0x77, 0x49, 0x53,
+ 0xCB, 0x16, 0x4B, 0x56, 0x3D, 0x08, 0xA2, 0x71, 0x0E, 0x06,
+ 0x0C, 0x3A, 0xDE, 0x82, 0xC0, 0xDF, 0xE7, 0x96, 0x57, 0xD7,
+ 0x3F, 0x6B, 0xF0, 0xAE, 0xD1, 0x38, 0xB8, 0x5B, 0x83, 0x77,
+ 0x8B, 0xEB, 0x2B, 0xDA, 0x38, 0xC8, 0x4C, 0xA9, 0x48, 0x52,
+ 0xD8, 0x41, 0x03, 0xD3, 0x11, 0x1C, 0x66, 0x9E, 0xDE, 0xC9,
+ 0x78, 0x5A, 0xE1, 0x7B, 0xEA, 0x6F, 0xD6, 0xCA, 0x6A, 0x2F,
+ 0x01, 0xB2, 0x83, 0x37, 0x25, 0xD9, 0x9C, 0xD4, 0xB0, 0x21,
+ 0xD9, 0x8F, 0xA6, 0xF8, 0xD6, 0x21, 0x82, 0xBB, 0x08, 0x64,
+ 0x28, 0x0E, 0x0C, 0x26, 0xE6, 0xA5, 0x69, 0xE0, 0x23, 0xE9,
+ 0xB3, 0xC4, 0xF9, 0xDE, 0xC6, 0xD6, 0x32, 0x00, 0x66, 0x9B,
+ 0x8A, 0x0B, 0x6F, 0xDE, 0xB8, 0xDD, 0x68, 0x7F, 0x9D, 0x68,
+ 0x59, 0x6B, 0x55, 0xD9, 0x53, 0x01, 0x7B, 0x1A, 0x1C, 0x8D,
+ 0xBF, 0xAF, 0xC0, 0xB1, 0x14, 0x9E, 0xC1, 0x8D, 0x3E, 0x1E,
+ 0xFB, 0x40, 0xF9, 0x6D, 0x48, 0x43, 0xCD, 0x6C, 0xE8, 0xBC,
+ 0x3C, 0x7C, 0x35, 0x3C, 0x65, 0x6D, 0xA0, 0x25, 0x87, 0xBF,
+ 0xEC, 0x9B, 0x12, 0x74, 0x48, 0xC8, 0xE4, 0xBF, 0x53, 0x53,
+ 0x47, 0x78, 0xD9, 0x9B, 0x1A, 0xA5, 0x07, 0x46, 0x15, 0x16,
+ 0xD2, 0x33, 0x93, 0xCC, 0x41, 0x9B, 0xB7, 0x22, 0xDF, 0x07,
+ 0xDD, 0x72, 0xC6, 0x1A, 0x9B, 0x92, 0xE7, 0x32, 0x04, 0xAB,
+ 0x94, 0x80, 0xBD, 0x58, 0xF2, 0x35, 0x02, 0x21, 0x00, 0x9A,
+ 0xDD, 0x98, 0x1A, 0x6F, 0xEA, 0xB5, 0x8B, 0xC9, 0x68, 0x18,
+ 0x81, 0xE4, 0x4C, 0xFD, 0x8E, 0x45, 0xCF, 0x5F, 0x0E, 0x62,
+ 0x1E, 0x7D, 0x2D, 0x4A, 0x4C, 0x5D, 0x7F, 0xF8, 0xD8, 0x52,
+ 0xD7, 0x02, 0x82, 0x01, 0x81, 0x00, 0x84, 0xDF, 0xAB, 0x91,
+ 0x61, 0xE4, 0x2B, 0x07, 0x0A, 0x1C, 0xC7, 0x9C, 0xD7, 0xAC,
+ 0x8D, 0xA5, 0xAA, 0x41, 0x65, 0x9E, 0x4A, 0xED, 0x21, 0x45,
+ 0x96, 0xF7, 0xF7, 0xCB, 0x7A, 0x88, 0x19, 0x0F, 0x36, 0x80,
+ 0x25, 0x2F, 0x23, 0x0D, 0xFF, 0x6C, 0x0D, 0x02, 0xBB, 0x6A,
+ 0x79, 0x6A, 0xCB, 0x05, 0x00, 0x9B, 0x77, 0xED, 0x6B, 0xF3,
+ 0xC2, 0xEA, 0x1A, 0xDF, 0xB8, 0x15, 0xA8, 0x92, 0x19, 0x5A,
+ 0x51, 0x3B, 0x76, 0x06, 0x98, 0x47, 0xC7, 0x6F, 0x76, 0x99,
+ 0xAD, 0x50, 0xC5, 0x98, 0xE7, 0xFF, 0x88, 0xBC, 0x49, 0x77,
+ 0xEF, 0x96, 0x75, 0xE2, 0x36, 0x66, 0x1F, 0x0C, 0xFA, 0x57,
+ 0x1E, 0x11, 0xFF, 0x8F, 0x3C, 0xD0, 0xEA, 0x97, 0x25, 0x3F,
+ 0xFA, 0xD1, 0x4F, 0xBA, 0xDF, 0xE3, 0x35, 0xFB, 0x6E, 0x5C,
+ 0x65, 0xF9, 0xA2, 0x26, 0x43, 0xF2, 0xF4, 0xE0, 0x05, 0x3D,
+ 0xC6, 0x5B, 0xC4, 0x21, 0xE7, 0xB1, 0x02, 0xEB, 0xF2, 0xA9,
+ 0x06, 0x5E, 0xB7, 0x1B, 0xC1, 0xD8, 0x86, 0x34, 0xED, 0x84,
+ 0x89, 0xCE, 0xCE, 0xC2, 0x63, 0x78, 0x67, 0xF8, 0xC3, 0xAA,
+ 0x7C, 0x1C, 0x59, 0x32, 0xE4, 0x77, 0xA2, 0x36, 0x31, 0xFE,
+ 0x4B, 0x9C, 0x98, 0xCE, 0x01, 0x55, 0x61, 0xCE, 0x23, 0xAE,
+ 0x0F, 0x7E, 0x24, 0x8B, 0x54, 0x8A, 0xE4, 0xCB, 0x8E, 0xDC,
+ 0x7A, 0x94, 0x4C, 0xF9, 0x3C, 0xF8, 0x67, 0x68, 0x9D, 0x7A,
+ 0x82, 0xA1, 0xA0, 0x01, 0xC7, 0x1B, 0x8D, 0xA0, 0xC0, 0x53,
+ 0x1E, 0x93, 0xC7, 0x86, 0x12, 0xD3, 0x16, 0xDC, 0x28, 0xA0,
+ 0xD1, 0x0D, 0x1E, 0x42, 0x9A, 0xCB, 0x55, 0x8C, 0x22, 0x7F,
+ 0x41, 0xC3, 0xC9, 0x14, 0xF2, 0xB0, 0x73, 0xA1, 0x4D, 0x72,
+ 0xFD, 0x88, 0xB6, 0xDE, 0xE5, 0xF0, 0x3C, 0x3A, 0x7E, 0x68,
+ 0x3E, 0x82, 0x58, 0x60, 0xCD, 0xB4, 0x08, 0x64, 0x18, 0xB2,
+ 0x24, 0x97, 0x13, 0xA6, 0x07, 0x75, 0xBE, 0xE0, 0x14, 0x92,
+ 0x9A, 0x98, 0x6C, 0x08, 0x94, 0xD1, 0x0D, 0x48, 0x44, 0xC3,
+ 0xE3, 0xD5, 0xC0, 0x93, 0x49, 0x79, 0x2F, 0x67, 0x15, 0x76,
+ 0xD8, 0x90, 0x11, 0xDB, 0xEC, 0xA7, 0xE2, 0xDB, 0xD4, 0x4F,
+ 0x49, 0x5E, 0xEF, 0xC5, 0xB9, 0x77, 0x69, 0xDA, 0x02, 0xB7,
+ 0x23, 0xBC, 0xEA, 0xDC, 0x84, 0xD4, 0xA5, 0x5C, 0xA2, 0x6C,
+ 0xAD, 0x4A, 0x9F, 0xF0, 0x65, 0x48, 0xE9, 0xBF, 0xDF, 0xA5,
+ 0xB3, 0x99, 0xD6, 0x76, 0x08, 0x87, 0x2C, 0xF2, 0x29, 0x79,
+ 0xB2, 0x20, 0x7C, 0x6F, 0xC1, 0xC5, 0x3C, 0xB0, 0x50, 0x3F,
+ 0x72, 0xA5, 0x57, 0xE3, 0xB0, 0x62, 0x18, 0x80, 0x71, 0xB9,
+ 0x3F, 0x4D, 0x4E, 0x7C, 0xF6, 0x29, 0xDB, 0xB8, 0xAD, 0xF6,
+ 0x41, 0x69, 0x06, 0x90, 0x45, 0x7B, 0x95, 0x03, 0xE1, 0x9E,
+ 0xA5, 0xA1, 0x5A, 0xE3, 0x08, 0x26, 0x73, 0xFC, 0x2B, 0x20,
+ 0x02, 0x82, 0x01, 0x81, 0x00, 0xA5, 0x52, 0x8F, 0x53, 0xF0,
+ 0xB9, 0x4F, 0x06, 0xB9, 0xC8, 0xB4, 0x50, 0xA4, 0x39, 0xBA,
+ 0x12, 0x92, 0x75, 0x27, 0x43, 0xA8, 0x30, 0xA9, 0xF2, 0x2A,
+ 0xC6, 0x93, 0x26, 0x3C, 0x8C, 0x9F, 0xA2, 0x6F, 0x53, 0xD9,
+ 0x14, 0xAB, 0x3F, 0x00, 0xC6, 0x11, 0x13, 0x90, 0x6A, 0x42,
+ 0xF2, 0x9D, 0xA3, 0x8F, 0x31, 0x32, 0x46, 0x73, 0xA3, 0x93,
+ 0x57, 0x5D, 0x76, 0x45, 0x49, 0x6C, 0xBD, 0xEA, 0xAF, 0xAA,
+ 0xB3, 0x55, 0x25, 0x11, 0x8E, 0xA5, 0x2A, 0xB1, 0xBA, 0xA5,
+ 0x06, 0x4A, 0x66, 0xAA, 0x78, 0x9E, 0xF6, 0x5C, 0x1E, 0xB1,
+ 0x4A, 0xCA, 0x5C, 0x3F, 0x1D, 0x33, 0x75, 0x91, 0xF2, 0xF9,
+ 0x53, 0x14, 0x2F, 0xDC, 0xF0, 0x4C, 0xA4, 0xF4, 0x50, 0x04,
+ 0x1F, 0xFF, 0xC9, 0x0C, 0xC6, 0x8A, 0x04, 0x8B, 0x80, 0x87,
+ 0xA7, 0x70, 0x49, 0xD7, 0xE4, 0xE7, 0x83, 0xF1, 0x86, 0x1A,
+ 0xB0, 0x85, 0x3C, 0x59, 0x04, 0x96, 0xD1, 0x85, 0x47, 0xA1,
+ 0x57, 0x7D, 0xC6, 0x8E, 0x60, 0x7D, 0xC6, 0xE8, 0x18, 0xB3,
+ 0x1F, 0xB8, 0x99, 0xF0, 0xC4, 0xE5, 0x1E, 0xBC, 0x34, 0x07,
+ 0x8E, 0x40, 0x57, 0xA5, 0x8D, 0x3A, 0xA3, 0x88, 0x96, 0xF1,
+ 0xB3, 0x61, 0xF1, 0x1C, 0x96, 0x8A, 0xA4, 0x9E, 0xCD, 0x21,
+ 0xA2, 0x94, 0xAE, 0x5E, 0x1F, 0xCD, 0x5B, 0x5B, 0xE3, 0x88,
+ 0x1E, 0x17, 0x4A, 0x46, 0xAB, 0x9C, 0xE0, 0x59, 0x03, 0x4A,
+ 0xB8, 0xC8, 0x83, 0xE7, 0xFF, 0x39, 0x27, 0x68, 0x80, 0xA0,
+ 0x8E, 0xB3, 0xA2, 0x00, 0xC6, 0x2D, 0x2C, 0x76, 0xBA, 0x90,
+ 0x7C, 0x03, 0x1B, 0x19, 0xC8, 0x33, 0xB2, 0x12, 0x3A, 0xC8,
+ 0x8D, 0x32, 0xFE, 0xC0, 0xF9, 0xA5, 0x6A, 0x63, 0xE2, 0xA4,
+ 0x12, 0x43, 0x19, 0xF5, 0x14, 0xF2, 0x27, 0xF8, 0x0B, 0xBD,
+ 0x1A, 0x22, 0x64, 0x2D, 0xC9, 0x05, 0xFA, 0xD8, 0xDD, 0x11,
+ 0x1A, 0xD3, 0xF2, 0xBC, 0x99, 0x3A, 0xCD, 0x21, 0xCF, 0x10,
+ 0x14, 0x36, 0xDF, 0xED, 0x66, 0x02, 0x03, 0x4A, 0x42, 0x70,
+ 0x71, 0x22, 0xAD, 0xE7, 0x53, 0x91, 0xF4, 0x40, 0x8F, 0x72,
+ 0x7E, 0x54, 0xA0, 0x5D, 0x58, 0x93, 0xD6, 0xF6, 0xBC, 0x87,
+ 0x1A, 0x68, 0x0F, 0xAB, 0x94, 0x20, 0x70, 0xC2, 0x11, 0xA1,
+ 0x14, 0xBC, 0x06, 0xA8, 0x44, 0xB9, 0x1F, 0x04, 0x49, 0x7E,
+ 0xB3, 0x9A, 0x53, 0x46, 0x05, 0x75, 0x5D, 0x29, 0x77, 0x28,
+ 0xA9, 0xB1, 0xDC, 0xF1, 0x0D, 0x8A, 0x1C, 0x5E, 0xCD, 0xD7,
+ 0x4C, 0x16, 0x6F, 0x88, 0xBF, 0xB3, 0x34, 0xE2, 0xAD, 0x9A,
+ 0xC4, 0x89, 0xE2, 0x2E, 0x5C, 0x20, 0xE1, 0x5F, 0x39, 0xBF,
+ 0xB7, 0x45, 0xD3, 0x0F, 0x98, 0xB0, 0xD8, 0xC9, 0x18, 0x91,
+ 0x17, 0x25, 0xBC, 0x53, 0x62, 0xFF, 0x27, 0x85, 0xBD, 0xE2,
+ 0xE3, 0x9C, 0xA8, 0x06, 0x7A, 0x54, 0xEA, 0xFD, 0xEA, 0x02,
+ 0x20, 0x4C, 0xAC, 0x69, 0x62, 0x08, 0xE5, 0xCD, 0x14, 0xC8,
+ 0x2D, 0x4E, 0xDF, 0x1F, 0x60, 0x1D, 0x93, 0x44, 0x86, 0x5D,
+ 0x73, 0x99, 0x40, 0x1B, 0xDC, 0xA9, 0xBA, 0xC4, 0x1B, 0x12,
+ 0x6C, 0xFF, 0x53
+};
+static const int sizeof_dsa_key_der_3072 = sizeof(dsa_key_der_3072);
+
+/* ./certs/rsa3072.der, 3072-bit */
+static const unsigned char rsa_key_der_3072[] =
+{
+ 0x30, 0x82, 0x06, 0xE4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x81, 0x00, 0xBC, 0x6D, 0x68, 0xFF, 0xC0, 0x07, 0x0E, 0x0C,
+ 0x4A, 0xE6, 0x76, 0x1F, 0x7A, 0x25, 0x3A, 0x75, 0xA7, 0xE2,
+ 0xF1, 0x17, 0x00, 0xF8, 0x85, 0xE6, 0x8F, 0x59, 0x14, 0xA7,
+ 0xDE, 0x8C, 0x74, 0x4B, 0xEB, 0x85, 0xEC, 0x49, 0x9B, 0xFF,
+ 0x4B, 0x43, 0x0A, 0x08, 0xA1, 0xEC, 0x64, 0x58, 0x47, 0x28,
+ 0xD5, 0xCE, 0x48, 0xE9, 0xCF, 0x34, 0xDF, 0x15, 0x20, 0x37,
+ 0x99, 0x0E, 0x3C, 0x81, 0xBE, 0x2E, 0xE4, 0x6C, 0xBB, 0xDE,
+ 0xD1, 0x93, 0xC5, 0xEC, 0x6C, 0xCC, 0x40, 0x0B, 0x46, 0xA1,
+ 0xE6, 0xCA, 0xA0, 0xD5, 0x3B, 0x44, 0x48, 0x79, 0x67, 0x52,
+ 0x6F, 0xDA, 0xED, 0x73, 0x8B, 0x7C, 0x33, 0xDA, 0x17, 0x96,
+ 0xE8, 0xA2, 0x91, 0x3C, 0x57, 0xDD, 0xC9, 0x2E, 0x01, 0x74,
+ 0x87, 0x33, 0xA0, 0x12, 0x7C, 0xBB, 0xF9, 0x53, 0xF4, 0xC4,
+ 0x31, 0x48, 0x53, 0xCB, 0xBB, 0x3C, 0x42, 0x43, 0x0C, 0x7A,
+ 0x7B, 0xB8, 0x2A, 0xFC, 0xDC, 0x70, 0xD5, 0x64, 0x16, 0x74,
+ 0xA8, 0x80, 0xDE, 0x16, 0xE0, 0xB2, 0x6C, 0x04, 0x47, 0x6C,
+ 0x25, 0xA6, 0x7F, 0xB4, 0x73, 0x49, 0xBC, 0xF3, 0xAE, 0xE3,
+ 0x93, 0x36, 0x87, 0x2B, 0xB7, 0x8F, 0xB5, 0x88, 0x88, 0x22,
+ 0x47, 0xDF, 0xBF, 0x4D, 0x3C, 0x2A, 0xBD, 0x3F, 0x2F, 0x11,
+ 0x29, 0xCC, 0x1C, 0x33, 0x40, 0x4E, 0x23, 0xF6, 0x25, 0xF0,
+ 0xAF, 0x02, 0x16, 0x48, 0xED, 0x1C, 0xD8, 0xC9, 0x92, 0x2F,
+ 0x5B, 0xAF, 0xBA, 0xDB, 0x60, 0x1E, 0x0E, 0xE1, 0x65, 0x91,
+ 0x96, 0xF8, 0x7D, 0x73, 0x4C, 0x72, 0x23, 0x33, 0xD5, 0x32,
+ 0x2B, 0x0F, 0x4F, 0xBC, 0x81, 0x45, 0x9E, 0x31, 0x76, 0xEF,
+ 0xE1, 0x76, 0x2D, 0x3F, 0x8F, 0xC4, 0x19, 0x8F, 0x27, 0x2A,
+ 0x8F, 0x6E, 0x76, 0xCC, 0xE0, 0x5D, 0xB0, 0x86, 0x66, 0xFE,
+ 0x72, 0xD9, 0x06, 0x40, 0xB6, 0xCE, 0x85, 0xC6, 0x2D, 0x34,
+ 0x33, 0xAA, 0x8E, 0xE5, 0x54, 0x8E, 0xB8, 0xBA, 0xEE, 0x92,
+ 0x07, 0x5D, 0xB5, 0xF1, 0x67, 0xBF, 0xCA, 0xE4, 0xCA, 0xCB,
+ 0xD9, 0x01, 0x73, 0x22, 0x01, 0x32, 0x39, 0xF4, 0x0A, 0xEC,
+ 0x5F, 0x4A, 0x00, 0x10, 0x3F, 0x01, 0x3D, 0x15, 0xBB, 0x55,
+ 0x91, 0x80, 0xBE, 0xD8, 0xD3, 0x59, 0xCC, 0xB0, 0x7C, 0x56,
+ 0xF7, 0xFF, 0xE0, 0x28, 0x40, 0x02, 0xB3, 0x98, 0x8A, 0x54,
+ 0x52, 0x60, 0xA5, 0x0B, 0x95, 0x53, 0x86, 0x6B, 0xA4, 0x35,
+ 0xCA, 0x04, 0xC7, 0xFB, 0x0A, 0xC8, 0x9D, 0x5A, 0x11, 0x40,
+ 0xF7, 0x60, 0x07, 0xB1, 0xB3, 0x42, 0xB6, 0x80, 0x8F, 0xE4,
+ 0x25, 0xC9, 0xE8, 0xBC, 0x8E, 0x21, 0x0D, 0x47, 0xCF, 0xB8,
+ 0x37, 0x09, 0xAF, 0xBF, 0x2C, 0x34, 0x09, 0x22, 0xC2, 0x6E,
+ 0x0D, 0x06, 0x30, 0x80, 0x1E, 0xA5, 0x8A, 0x46, 0x2D, 0xDC,
+ 0x57, 0xD4, 0x57, 0x82, 0x6A, 0x11, 0x02, 0x03, 0x01, 0x00,
+ 0x01, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAD, 0x99, 0xAF, 0xCF,
+ 0x51, 0x40, 0x2E, 0xB5, 0x2C, 0x9C, 0xBF, 0xDF, 0xA8, 0x4D,
+ 0x7C, 0x5A, 0xC1, 0xDE, 0xD8, 0x78, 0x75, 0x30, 0x83, 0x4D,
+ 0x34, 0x6C, 0xC2, 0x17, 0x17, 0x77, 0x17, 0xFE, 0x8A, 0x73,
+ 0xCC, 0x8A, 0xD4, 0xEA, 0x94, 0x90, 0xA3, 0x41, 0xE8, 0xCD,
+ 0x3E, 0x76, 0x06, 0xB9, 0x9C, 0xA2, 0x7D, 0x92, 0xCC, 0x90,
+ 0xCD, 0xA7, 0x4D, 0x13, 0x6C, 0x34, 0x2D, 0x92, 0xEB, 0x81,
+ 0x90, 0x7A, 0x8D, 0x6C, 0x70, 0x72, 0x51, 0x3B, 0xCD, 0xD1,
+ 0x30, 0x80, 0x33, 0x07, 0x1E, 0xF7, 0x38, 0xCE, 0xBB, 0xD7,
+ 0xE1, 0x5D, 0xD8, 0xCF, 0x9E, 0xB6, 0x79, 0x66, 0xA6, 0xF0,
+ 0x3B, 0x65, 0x87, 0xAE, 0x45, 0x8E, 0xE1, 0x78, 0x53, 0x0B,
+ 0xC7, 0x3A, 0x57, 0xA4, 0xE0, 0x9B, 0xB3, 0xB2, 0xD4, 0xB0,
+ 0xEA, 0xB9, 0x6B, 0x1D, 0x06, 0xBA, 0xB8, 0x59, 0x4F, 0x9B,
+ 0xE9, 0x00, 0x95, 0x12, 0x93, 0xC1, 0xCD, 0xF9, 0x41, 0xAF,
+ 0xC3, 0x2A, 0x7F, 0x75, 0xE3, 0x79, 0x37, 0x24, 0xA4, 0xC8,
+ 0x3D, 0xB4, 0x83, 0x89, 0x23, 0xF7, 0x0E, 0x59, 0x56, 0x8E,
+ 0x6D, 0x43, 0xA5, 0xB1, 0x8E, 0x04, 0x02, 0xED, 0x48, 0x25,
+ 0x62, 0xFE, 0xF3, 0x4D, 0x82, 0x22, 0xA6, 0xC1, 0xA5, 0xD9,
+ 0x4A, 0x9A, 0x57, 0xE6, 0xDC, 0x37, 0x6D, 0x13, 0xDA, 0xFF,
+ 0x23, 0x2A, 0xB9, 0x31, 0xD2, 0x4B, 0x7D, 0xF3, 0x02, 0x90,
+ 0xF6, 0x28, 0x3D, 0x98, 0x3C, 0xF6, 0x43, 0x45, 0xAE, 0xAB,
+ 0x91, 0x15, 0xC7, 0xC4, 0x90, 0x9C, 0x3E, 0xDA, 0xD4, 0x20,
+ 0x12, 0xB2, 0xE1, 0x2B, 0x56, 0xE2, 0x38, 0x32, 0x9C, 0xE6,
+ 0xA9, 0x1D, 0xFE, 0xA5, 0xEE, 0xD7, 0x52, 0xB4, 0xE3, 0xE4,
+ 0x65, 0xEA, 0x41, 0x9D, 0xD4, 0x91, 0x83, 0x5D, 0xFF, 0x52,
+ 0xA7, 0xC3, 0x42, 0x9F, 0x14, 0x70, 0x9F, 0x98, 0x14, 0xB2,
+ 0x33, 0xEE, 0x4C, 0x5A, 0xC9, 0x5F, 0x16, 0xF6, 0x06, 0xE9,
+ 0xF3, 0x39, 0xD2, 0xC5, 0x31, 0x53, 0x2A, 0x39, 0xED, 0x3A,
+ 0x4D, 0x2A, 0xC1, 0x4C, 0x87, 0x82, 0xC6, 0xCA, 0xCF, 0xF5,
+ 0x9A, 0x71, 0x27, 0xAE, 0xFB, 0xFE, 0xD0, 0x66, 0xDB, 0xAA,
+ 0x03, 0x16, 0x4B, 0xEF, 0xB4, 0x28, 0xAB, 0xCF, 0xBE, 0x9B,
+ 0x58, 0xCF, 0xA4, 0x58, 0x82, 0xD2, 0x37, 0x8C, 0xEA, 0x3D,
+ 0x75, 0x4D, 0x0B, 0x46, 0x7A, 0x04, 0xDE, 0xF1, 0x6E, 0xBB,
+ 0x03, 0xBF, 0xF7, 0x8E, 0xE6, 0xF4, 0x9A, 0xE1, 0xCA, 0x26,
+ 0x2C, 0x41, 0x08, 0xAD, 0x21, 0xA7, 0xC2, 0x40, 0xF5, 0x9C,
+ 0xDD, 0xAB, 0xC5, 0x5A, 0x4C, 0xF4, 0xE6, 0x9A, 0x50, 0xFD,
+ 0xAA, 0x47, 0xD6, 0xA6, 0x07, 0x25, 0xB2, 0x4B, 0x9C, 0x1D,
+ 0x90, 0xA2, 0x4A, 0x98, 0xE0, 0x05, 0x8A, 0x5C, 0xD1, 0x2C,
+ 0xC0, 0x28, 0xD1, 0x84, 0x3C, 0x72, 0xFF, 0x83, 0xEA, 0xB1,
+ 0x02, 0x81, 0xC1, 0x00, 0xF8, 0xA0, 0x5F, 0x25, 0x2E, 0x23,
+ 0x73, 0x30, 0xB6, 0x97, 0xAF, 0x08, 0xE7, 0xD2, 0xD8, 0xC3,
+ 0x95, 0xEA, 0x9D, 0x8E, 0x9F, 0xF1, 0x36, 0x81, 0xD7, 0x7A,
+ 0x21, 0x2B, 0x90, 0x38, 0x9C, 0xA6, 0x08, 0x40, 0xEA, 0xD2,
+ 0x6E, 0x29, 0xB5, 0x0B, 0x3E, 0x91, 0xB2, 0x04, 0x92, 0xCF,
+ 0x94, 0xFF, 0xA6, 0xA7, 0x1A, 0x5F, 0x93, 0x0C, 0x86, 0xE6,
+ 0x4B, 0x61, 0xD4, 0x5E, 0xD7, 0xE3, 0x66, 0x0B, 0x83, 0xDB,
+ 0x16, 0x49, 0x27, 0xD5, 0xA3, 0xB3, 0xF5, 0x5D, 0x8F, 0xC9,
+ 0x48, 0x10, 0xD7, 0x77, 0x1E, 0x7B, 0x01, 0xC4, 0xFD, 0x14,
+ 0x0C, 0xAB, 0x40, 0xF7, 0x9B, 0x07, 0xDE, 0x55, 0xEF, 0x36,
+ 0x4C, 0x22, 0x37, 0x37, 0x09, 0x9D, 0x2A, 0x73, 0xA6, 0xA5,
+ 0xF4, 0xAF, 0x39, 0x2B, 0x87, 0xB4, 0xB2, 0x28, 0x9E, 0x08,
+ 0xA6, 0xCA, 0xB4, 0x39, 0x5A, 0x3A, 0xFB, 0x41, 0x93, 0xEC,
+ 0x44, 0xBB, 0xD2, 0x7C, 0x3B, 0x27, 0x3E, 0x26, 0xFD, 0x7B,
+ 0x20, 0xFC, 0x44, 0x67, 0xC0, 0x84, 0xD1, 0xA0, 0xCC, 0xBB,
+ 0x26, 0xC7, 0x32, 0x0E, 0x01, 0x9B, 0x2B, 0x1F, 0x58, 0x85,
+ 0x5A, 0x6C, 0xD0, 0xC1, 0xAC, 0x14, 0x5E, 0x06, 0x07, 0xCA,
+ 0x69, 0x52, 0xF5, 0xA6, 0x16, 0x75, 0x42, 0x8A, 0xE1, 0xBA,
+ 0x8B, 0x46, 0x38, 0x17, 0x7B, 0xF1, 0x7D, 0x79, 0x1F, 0x7E,
+ 0x4C, 0x6A, 0x75, 0xDC, 0xA8, 0x3B, 0x02, 0x81, 0xC1, 0x00,
+ 0xC2, 0x03, 0xFE, 0x57, 0xDF, 0x26, 0xD8, 0x79, 0xDC, 0x2C,
+ 0x47, 0x9B, 0x92, 0x9B, 0x53, 0x40, 0x82, 0xEC, 0xBD, 0x0B,
+ 0xC0, 0x96, 0x89, 0x21, 0xC5, 0x26, 0x7E, 0x7A, 0x59, 0xA7,
+ 0x85, 0x11, 0xCC, 0x39, 0x33, 0xA7, 0xE6, 0x42, 0x9C, 0x12,
+ 0x81, 0xA0, 0x87, 0xBC, 0x57, 0x07, 0xC4, 0x51, 0x93, 0x59,
+ 0xC6, 0xAB, 0x11, 0xCC, 0xCB, 0xC8, 0xC1, 0x40, 0xDF, 0xCB,
+ 0xE8, 0x45, 0x31, 0x20, 0x91, 0x88, 0x5F, 0x76, 0x76, 0xEE,
+ 0x30, 0x37, 0xFA, 0xA7, 0x22, 0x72, 0x82, 0x50, 0x31, 0xE9,
+ 0xA0, 0x44, 0xCA, 0xDD, 0xD6, 0xAC, 0xEC, 0x82, 0xE8, 0x62,
+ 0xD8, 0x43, 0xFD, 0x77, 0x0F, 0x1C, 0x23, 0x12, 0x91, 0x1C,
+ 0xFE, 0x93, 0x2C, 0x87, 0x52, 0xBF, 0x96, 0x79, 0x5E, 0x3A,
+ 0x5A, 0x33, 0x28, 0x27, 0x3F, 0x20, 0x2C, 0xB3, 0x26, 0xE2,
+ 0x0D, 0x44, 0xA9, 0x2F, 0x39, 0x7B, 0x7B, 0xAD, 0xA3, 0x21,
+ 0xD2, 0x7F, 0x3C, 0x89, 0x63, 0xDD, 0x13, 0xB1, 0x2E, 0xD6,
+ 0x34, 0xFB, 0x2A, 0x83, 0x29, 0xE7, 0x8A, 0x88, 0xD7, 0xA3,
+ 0x38, 0x3C, 0x43, 0x62, 0x8F, 0x69, 0xFA, 0x4B, 0x15, 0xB5,
+ 0xF6, 0x59, 0x90, 0x62, 0x7D, 0xCF, 0x1D, 0xDD, 0x49, 0x43,
+ 0x33, 0x96, 0xA9, 0xF7, 0x76, 0x9F, 0xE4, 0x0D, 0x6E, 0x1C,
+ 0xEA, 0x18, 0x5B, 0xBD, 0x5C, 0x98, 0x90, 0x09, 0xCA, 0x59,
+ 0x9E, 0x23, 0x02, 0x81, 0xC0, 0x66, 0xFF, 0x99, 0x2A, 0xFF,
+ 0xF8, 0x33, 0xAA, 0x44, 0x9A, 0x86, 0x2A, 0xBC, 0x4F, 0x3E,
+ 0xF9, 0x97, 0xCB, 0xC0, 0x45, 0xEB, 0xC0, 0xB4, 0x02, 0x0A,
+ 0x50, 0x50, 0x19, 0x89, 0xFF, 0xC9, 0xF5, 0x86, 0x89, 0xCE,
+ 0x3E, 0x2A, 0xE1, 0x20, 0x5D, 0x6E, 0x28, 0x51, 0x85, 0x4F,
+ 0x84, 0xAB, 0x87, 0x55, 0x74, 0xF8, 0x9A, 0x0B, 0x83, 0x2F,
+ 0x07, 0x8C, 0xC7, 0x14, 0x81, 0xCE, 0x12, 0x28, 0x9E, 0x30,
+ 0x9B, 0xBC, 0x99, 0xC5, 0xE4, 0xDD, 0x92, 0x99, 0xDD, 0x8E,
+ 0xC9, 0xA6, 0x0F, 0x44, 0x13, 0xD7, 0x0E, 0xC2, 0x66, 0xE7,
+ 0x29, 0x3D, 0x2E, 0x5D, 0x15, 0xB6, 0xA6, 0x05, 0xD7, 0xB7,
+ 0xE7, 0xD8, 0x96, 0x7C, 0x25, 0x52, 0xD8, 0x47, 0x53, 0xED,
+ 0xFF, 0xE6, 0x64, 0x08, 0xDD, 0x1D, 0xB5, 0x1F, 0xF1, 0x6F,
+ 0xB6, 0xC9, 0xD2, 0x43, 0xE3, 0x56, 0x9C, 0x04, 0xA6, 0xE0,
+ 0x2F, 0x0B, 0x32, 0x7C, 0x3A, 0x77, 0x0F, 0x04, 0xD2, 0x86,
+ 0x44, 0x52, 0x1F, 0xEF, 0xFE, 0xC3, 0x64, 0xC2, 0xAB, 0x48,
+ 0xE5, 0x67, 0x65, 0x32, 0x39, 0x57, 0x34, 0xFF, 0x22, 0x57,
+ 0x3B, 0xB7, 0x80, 0x48, 0xE3, 0x52, 0xF4, 0x85, 0x17, 0x1E,
+ 0x77, 0x1E, 0x36, 0xFE, 0x09, 0x36, 0x58, 0x91, 0x9E, 0x93,
+ 0x71, 0x02, 0x6D, 0xAE, 0xA3, 0x1B, 0xF7, 0xA9, 0x31, 0x5A,
+ 0x78, 0xAA, 0x13, 0x98, 0x8C, 0x37, 0x2D, 0x02, 0x81, 0xC1,
+ 0x00, 0xBE, 0x01, 0xD9, 0x3A, 0xC7, 0x81, 0xAC, 0xAA, 0x13,
+ 0x75, 0x8E, 0x1F, 0x8F, 0x41, 0xED, 0x13, 0x95, 0xE5, 0x31,
+ 0xF3, 0x6B, 0x86, 0x42, 0x00, 0xBF, 0xAA, 0xC6, 0x5D, 0x1E,
+ 0xA6, 0x90, 0x0C, 0xF1, 0x1B, 0xE8, 0x39, 0xFB, 0xA8, 0xAA,
+ 0x5E, 0xF9, 0x72, 0x74, 0xDC, 0x7F, 0xC3, 0x4C, 0x81, 0xB3,
+ 0xB4, 0x4D, 0x7B, 0xC6, 0x2F, 0xF2, 0x37, 0xC7, 0x03, 0xB8,
+ 0xE9, 0x62, 0xAD, 0x38, 0xC2, 0xB3, 0xA4, 0x82, 0x11, 0x6B,
+ 0xC2, 0x33, 0x98, 0xEF, 0x32, 0x75, 0xEA, 0xFD, 0x32, 0x7A,
+ 0xDF, 0x59, 0xA5, 0x65, 0xA4, 0x42, 0x95, 0x11, 0xFF, 0xD6,
+ 0x84, 0xCF, 0x56, 0x2E, 0xCA, 0x46, 0x13, 0x01, 0x4A, 0x32,
+ 0xB1, 0xD9, 0xA3, 0xDB, 0x0D, 0x20, 0x7E, 0x1F, 0x68, 0xF7,
+ 0x5E, 0x60, 0x6E, 0x0F, 0x59, 0xF8, 0x59, 0x93, 0x4D, 0x54,
+ 0xBC, 0x37, 0xD0, 0x51, 0x7C, 0xBD, 0x67, 0xF0, 0xA5, 0x09,
+ 0xC9, 0x9A, 0xF4, 0x1F, 0x1E, 0x52, 0x9D, 0xF5, 0xA6, 0x25,
+ 0xBF, 0x85, 0x1D, 0xA1, 0xF1, 0xD8, 0xBD, 0x39, 0x10, 0x71,
+ 0x57, 0x19, 0x40, 0xF3, 0xA1, 0x77, 0xE0, 0x8B, 0x4E, 0xB3,
+ 0x91, 0x84, 0x15, 0x0C, 0xF1, 0x58, 0x52, 0xD9, 0xE5, 0x98,
+ 0xD5, 0x66, 0x95, 0x9C, 0x19, 0x8D, 0xA4, 0x63, 0x5C, 0xBF,
+ 0xC5, 0x33, 0x81, 0xED, 0x7E, 0x93, 0x4B, 0x9A, 0x6C, 0xEC,
+ 0x2E, 0x3E, 0x4F, 0x02, 0x81, 0xC0, 0x34, 0xF8, 0xDF, 0x74,
+ 0xC6, 0xC1, 0xD9, 0x03, 0x9B, 0x3B, 0x53, 0x19, 0xEB, 0x43,
+ 0xC4, 0xAA, 0x1E, 0x73, 0xE3, 0x13, 0x25, 0x32, 0x04, 0x22,
+ 0x79, 0x4A, 0x07, 0xF0, 0x06, 0x38, 0xBD, 0x57, 0xE6, 0x01,
+ 0x33, 0x8C, 0xF1, 0x02, 0xCC, 0x34, 0x2C, 0x60, 0x32, 0xA4,
+ 0x22, 0x1D, 0x0E, 0x39, 0x6B, 0xAB, 0xF7, 0xCE, 0xDB, 0xA7,
+ 0xC3, 0xD8, 0xA2, 0x3B, 0x70, 0x31, 0x91, 0x68, 0xB9, 0xBF,
+ 0xE0, 0xA1, 0x39, 0x80, 0xFE, 0x47, 0x99, 0x56, 0x6D, 0x76,
+ 0x90, 0x17, 0xF5, 0x67, 0x41, 0x44, 0x27, 0x10, 0x07, 0x98,
+ 0x4D, 0x4C, 0x53, 0xD4, 0x15, 0xDC, 0x0A, 0x2F, 0xE0, 0x83,
+ 0x28, 0x22, 0x8D, 0x61, 0x3B, 0xE4, 0x8E, 0xE5, 0xE7, 0x24,
+ 0x98, 0x19, 0xA8, 0xA3, 0xED, 0x70, 0x59, 0x06, 0x86, 0x76,
+ 0xC2, 0x4B, 0xCB, 0x17, 0xC5, 0x77, 0x12, 0x07, 0xB8, 0xAB,
+ 0x1A, 0x91, 0xFC, 0x72, 0x8E, 0xB7, 0xB1, 0xE6, 0x74, 0xDD,
+ 0x3D, 0x92, 0xA7, 0xDE, 0x6C, 0x6E, 0xCB, 0x50, 0x44, 0x2F,
+ 0xAC, 0x99, 0xF7, 0x36, 0x4D, 0x62, 0xC7, 0xAC, 0xCE, 0x7D,
+ 0x26, 0xC9, 0xD2, 0x4E, 0x49, 0xD7, 0x8E, 0x66, 0x6C, 0xC1,
+ 0x53, 0xDF, 0x31, 0xAB, 0x25, 0x35, 0xCA, 0xD6, 0xC4, 0xA3,
+ 0xA6, 0x9F, 0x7E, 0x3D, 0x2D, 0x1A, 0x44, 0x31, 0x3D, 0x81,
+ 0x91, 0xB8, 0x36, 0x08, 0x27, 0x42, 0x9E, 0x08
+};
+static const int sizeof_rsa_key_der_3072 = sizeof(rsa_key_der_3072);
+
+/* ./certs/3072/client-key.der, 3072-bit */
+static const unsigned char client_key_der_3072[] =
+{
+ 0x30, 0x82, 0x06, 0xE4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10,
+ 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41,
+ 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88,
+ 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73, 0x42,
+ 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC,
+ 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C,
+ 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58,
+ 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00,
+ 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A,
+ 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B,
+ 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E,
+ 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64,
+ 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A,
+ 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89,
+ 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06, 0x48,
+ 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA,
+ 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59,
+ 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0,
+ 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7,
+ 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8,
+ 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D,
+ 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE,
+ 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C,
+ 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC,
+ 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1,
+ 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9,
+ 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC,
+ 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC,
+ 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D,
+ 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F,
+ 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35,
+ 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA,
+ 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1,
+ 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4,
+ 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F,
+ 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13,
+ 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57,
+ 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9,
+ 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01, 0x00,
+ 0x01, 0x02, 0x82, 0x01, 0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5,
+ 0xCA, 0x48, 0x49, 0xA6, 0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B,
+ 0x0D, 0xBB, 0xC9, 0xEA, 0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC,
+ 0xEE, 0xE4, 0x3D, 0x42, 0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7,
+ 0x70, 0x1C, 0x7E, 0x1F, 0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F,
+ 0x01, 0x98, 0xC2, 0x3E, 0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B,
+ 0x13, 0x87, 0xAE, 0xAC, 0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25,
+ 0x4E, 0x59, 0xBA, 0x09, 0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8,
+ 0x93, 0xC6, 0xBB, 0x03, 0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87,
+ 0x6A, 0x36, 0x41, 0x7C, 0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39,
+ 0xEB, 0x14, 0xA7, 0xA6, 0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6,
+ 0x57, 0x9A, 0x1B, 0x01, 0x02, 0x1F, 0x80, 0x34, 0x45, 0x09,
+ 0xE6, 0xBF, 0x31, 0x19, 0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A,
+ 0xB0, 0xCD, 0xF5, 0xA6, 0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F,
+ 0xEA, 0x7E, 0xF6, 0x0A, 0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70,
+ 0x0D, 0x1B, 0xD9, 0x70, 0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC,
+ 0xD4, 0x93, 0x16, 0xC7, 0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A,
+ 0x1F, 0xAD, 0xDD, 0x40, 0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2,
+ 0x04, 0xA0, 0x24, 0x05, 0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9,
+ 0x5C, 0xC2, 0x5E, 0xE4, 0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77,
+ 0xBB, 0x84, 0x69, 0x54, 0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38,
+ 0xD8, 0xF7, 0xF3, 0x9F, 0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6,
+ 0x7A, 0x65, 0xF5, 0x69, 0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28,
+ 0xA4, 0x29, 0xAC, 0xD9, 0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4,
+ 0xBA, 0xDF, 0xD0, 0xF1, 0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7,
+ 0x5A, 0x94, 0xCF, 0xD9, 0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91,
+ 0x2E, 0x77, 0x15, 0x18, 0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1,
+ 0x92, 0x9D, 0xD6, 0x04, 0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7,
+ 0x2D, 0x64, 0xF8, 0xDF, 0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88,
+ 0x83, 0x5F, 0x67, 0x90, 0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA,
+ 0x30, 0x13, 0xCA, 0x9F, 0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE,
+ 0xF9, 0x96, 0xDD, 0x5E, 0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F,
+ 0x7F, 0x33, 0x2A, 0x38, 0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47,
+ 0x06, 0xCC, 0x96, 0x44, 0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7,
+ 0xD0, 0xD3, 0xC3, 0xC5, 0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE,
+ 0x2A, 0xA4, 0x86, 0xE7, 0x76, 0x74, 0x90, 0xD1, 0x04, 0x37,
+ 0x64, 0x1A, 0xED, 0x08, 0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B,
+ 0x89, 0x99, 0xA4, 0xB0, 0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4,
+ 0xEE, 0x3C, 0xC4, 0x00, 0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02,
+ 0x81, 0xC1, 0x00, 0xD9, 0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2,
+ 0xE7, 0x15, 0xA7, 0x0A, 0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6,
+ 0xA9, 0x6F, 0x73, 0x88, 0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80,
+ 0xB5, 0x2E, 0x29, 0x8B, 0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18,
+ 0x1C, 0x0D, 0x0E, 0x38, 0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C,
+ 0x4E, 0x24, 0x05, 0xA7, 0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C,
+ 0x1D, 0x0A, 0x2C, 0xFE, 0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D,
+ 0xF8, 0xEB, 0x2F, 0xDA, 0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97,
+ 0x64, 0x14, 0xAB, 0xEA, 0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63,
+ 0x35, 0x90, 0xEE, 0x7F, 0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB,
+ 0x87, 0x47, 0x9B, 0x45, 0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3,
+ 0x8A, 0x0B, 0x9B, 0xE6, 0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC,
+ 0x3E, 0x35, 0xDB, 0xED, 0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29,
+ 0x79, 0xF8, 0x3F, 0xC2, 0x58, 0x40, 0x32, 0x66, 0x87, 0x56,
+ 0x50, 0xFF, 0xBF, 0x3E, 0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE,
+ 0x87, 0x2D, 0xEF, 0x64, 0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94,
+ 0xDA, 0x5B, 0x0C, 0x8C, 0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE,
+ 0x40, 0x02, 0x65, 0x36, 0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07,
+ 0xB4, 0x7F, 0x14, 0x0E, 0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F,
+ 0xDC, 0xA2, 0xE8, 0xC7, 0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA,
+ 0xED, 0xA5, 0x3F, 0x59, 0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02,
+ 0x95, 0x80, 0xA0, 0xAF, 0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72,
+ 0x41, 0x2C, 0x5C, 0xB4, 0x43, 0x85, 0x46, 0x73, 0x9F, 0x58,
+ 0xE9, 0x40, 0x8B, 0xEC, 0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE,
+ 0xC8, 0x6C, 0x74, 0x75, 0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6,
+ 0x99, 0xA2, 0x70, 0xDE, 0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49,
+ 0x13, 0xA0, 0xE2, 0x20, 0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3,
+ 0x25, 0x09, 0xCE, 0x75, 0x13, 0x75, 0x36, 0x11, 0x47, 0x2C,
+ 0x3C, 0x15, 0x1F, 0xF0, 0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07,
+ 0xAC, 0x3D, 0x83, 0x46, 0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8,
+ 0x19, 0x7C, 0xFF, 0xDE, 0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E,
+ 0xBD, 0xFA, 0x96, 0xDD, 0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17,
+ 0x90, 0x6F, 0x14, 0x35, 0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A,
+ 0xA0, 0x53, 0x10, 0x15, 0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6,
+ 0x48, 0xC0, 0x5D, 0xB4, 0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75,
+ 0xCD, 0xC3, 0x64, 0x66, 0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14,
+ 0x34, 0xE6, 0x60, 0x3C, 0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79,
+ 0x93, 0x5D, 0x4A, 0x42, 0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E,
+ 0x63, 0xBD, 0xB6, 0x5F, 0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70,
+ 0xB1, 0x02, 0x81, 0xC0, 0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD,
+ 0xF6, 0xB1, 0x66, 0xC5, 0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B,
+ 0xDE, 0xD4, 0x4A, 0xFF, 0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B,
+ 0x32, 0x35, 0x84, 0x83, 0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B,
+ 0x7E, 0xCA, 0xE7, 0xB8, 0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4,
+ 0x24, 0xED, 0x1A, 0xC1, 0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64,
+ 0xC0, 0xC2, 0xFB, 0xFA, 0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3,
+ 0x92, 0x95, 0x4E, 0xC2, 0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6,
+ 0x78, 0x79, 0xC7, 0xDC, 0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65,
+ 0xFE, 0x56, 0x8F, 0xB2, 0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80,
+ 0x49, 0x8A, 0x36, 0xBF, 0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5,
+ 0x1D, 0x64, 0x17, 0x26, 0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B,
+ 0x99, 0x27, 0x04, 0x64, 0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26,
+ 0xC3, 0x56, 0xF9, 0xEE, 0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73,
+ 0xF6, 0x67, 0x83, 0xBC, 0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA,
+ 0xBD, 0xE0, 0x24, 0x34, 0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3,
+ 0xE3, 0x3D, 0x17, 0xBC, 0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6,
+ 0x2F, 0xCB, 0xB4, 0xAF, 0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D,
+ 0xB4, 0x7F, 0x1B, 0x26, 0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F,
+ 0xF6, 0x9A, 0xB7, 0xC1, 0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00,
+ 0xB0, 0x6D, 0x20, 0x68, 0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E,
+ 0x22, 0x06, 0xFC, 0xC7, 0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE,
+ 0x7D, 0xC5, 0x2F, 0xDE, 0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF,
+ 0xE0, 0x4B, 0x1A, 0xB5, 0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65,
+ 0x03, 0x3D, 0xD9, 0x1C, 0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31,
+ 0x2A, 0x19, 0x54, 0x63, 0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE,
+ 0xC8, 0xD3, 0xE9, 0xE1, 0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6,
+ 0x7A, 0xBD, 0xCE, 0xE2, 0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76,
+ 0xA9, 0x7C, 0xAB, 0x19, 0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6,
+ 0x36, 0x57, 0x87, 0x3B, 0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67,
+ 0x72, 0x6A, 0x86, 0x84, 0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48,
+ 0x09, 0x3B, 0x5E, 0x6C, 0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E,
+ 0xC2, 0x27, 0xEE, 0x8A, 0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80,
+ 0xA3, 0x65, 0x74, 0x11, 0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B,
+ 0x69, 0xB4, 0xC2, 0x9A, 0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C,
+ 0x66, 0x5B, 0x38, 0x6F, 0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02,
+ 0xAC, 0x8C, 0xB9, 0x66, 0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42,
+ 0x12, 0xB7, 0x0E, 0x3A, 0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F,
+ 0x53, 0x81, 0x7F, 0xE4, 0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39,
+ 0xE4, 0x61, 0x02, 0x81, 0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B,
+ 0xFD, 0x84, 0x2E, 0x83, 0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8,
+ 0x3C, 0xC5, 0x0C, 0xCB, 0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7,
+ 0xB0, 0xE9, 0xA4, 0x6A, 0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7,
+ 0xDF, 0xEC, 0xC2, 0x03, 0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79,
+ 0xA9, 0xAB, 0xBD, 0xAF, 0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53,
+ 0xB3, 0xB2, 0xC0, 0xB1, 0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE,
+ 0x67, 0xC7, 0xF3, 0x57, 0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75,
+ 0x0D, 0xAC, 0x79, 0x90, 0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3,
+ 0xE4, 0x46, 0xB2, 0x10, 0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A,
+ 0x8F, 0x39, 0x42, 0x0E, 0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3,
+ 0xA7, 0x7F, 0x2F, 0x82, 0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E,
+ 0x05, 0x6E, 0x75, 0x83, 0x04, 0x35, 0x66, 0x4A, 0x06, 0x57,
+ 0x39, 0xAB, 0x21, 0x0B, 0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE,
+ 0x98, 0x45, 0x8F, 0x96, 0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10,
+ 0x8E, 0x41, 0x7A, 0xDD, 0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC,
+ 0xFE, 0xA3, 0x2D, 0xA9, 0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7,
+ 0xBC, 0xF9, 0x71, 0xCC, 0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD,
+ 0x1A, 0x9E, 0xC7, 0x08, 0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE,
+ 0xE3, 0xF8, 0xBE, 0x1E, 0xC7, 0xD2, 0x28, 0x97
+};
+static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072);
+
+/* ./certs/3072/client-keyPub.der, 3072-bit */
+static const unsigned char client_keypub_der_3072[] =
+{
+ 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
+ 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, 0x01, 0x8A, 0x02, 0x82,
+ 0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8,
+ 0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A,
+ 0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0,
+ 0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73,
+ 0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA,
+ 0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA,
+ 0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3,
+ 0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02,
+ 0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F,
+ 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B,
+ 0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06,
+ 0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C,
+ 0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA,
+ 0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A,
+ 0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06,
+ 0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27,
+ 0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06,
+ 0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2,
+ 0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF,
+ 0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5,
+ 0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79,
+ 0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8,
+ 0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78,
+ 0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9,
+ 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD,
+ 0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB,
+ 0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA,
+ 0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61,
+ 0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3,
+ 0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1,
+ 0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26,
+ 0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC,
+ 0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B,
+ 0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73,
+ 0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7,
+ 0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA,
+ 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45,
+ 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE,
+ 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01,
+ 0x00, 0x01
+};
+static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072);
+
+/* ./certs/3072/client-cert.der, 3072-bit */
+static const unsigned char client_cert_der_3072[] =
+{
+ 0x30, 0x82, 0x06, 0x07, 0x30, 0x82, 0x04, 0x6F, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA4, 0xE0, 0xAA, 0xF3,
+ 0x29, 0x50, 0x39, 0x8A, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+ 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F,
+ 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72,
+ 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, 0x37,
+ 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+ 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+ 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
+ 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+ 0x53, 0x4C, 0x5F, 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, 0x30,
+ 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72,
+ 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D,
+ 0x33, 0x30, 0x37, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, 0x01,
+ 0x8A, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68,
+ 0x8F, 0x78, 0xF8, 0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C,
+ 0x56, 0x68, 0x5A, 0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55,
+ 0x80, 0x17, 0xB0, 0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F,
+ 0x42, 0x79, 0x73, 0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE,
+ 0x2D, 0x6F, 0xAA, 0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7,
+ 0xEC, 0x49, 0xEA, 0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C,
+ 0xBA, 0xA1, 0xB3, 0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D,
+ 0x6E, 0x02, 0x02, 0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22,
+ 0xB4, 0x08, 0x5F, 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31,
+ 0x59, 0x26, 0x5B, 0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69,
+ 0x32, 0x19, 0x06, 0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8,
+ 0xFC, 0x58, 0x6C, 0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF,
+ 0x8E, 0x1A, 0xCA, 0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C,
+ 0x97, 0xA0, 0x1A, 0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11,
+ 0xF2, 0x62, 0x06, 0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85,
+ 0xE1, 0xD2, 0x27, 0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E,
+ 0xFC, 0x94, 0x06, 0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87,
+ 0x7B, 0x5F, 0xD2, 0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3,
+ 0x11, 0x2C, 0xDF, 0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35,
+ 0x32, 0x5F, 0xC5, 0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03,
+ 0x0E, 0x7E, 0x79, 0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D,
+ 0x9B, 0xBF, 0xB8, 0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F,
+ 0x50, 0x2F, 0x78, 0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6,
+ 0x26, 0xA4, 0xC9, 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32,
+ 0xCF, 0x57, 0xCD, 0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9,
+ 0x1D, 0x86, 0xAB, 0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A,
+ 0x7E, 0xA4, 0xEA, 0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD,
+ 0xDE, 0xE0, 0x61, 0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE,
+ 0xAD, 0x2A, 0xE3, 0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01,
+ 0x1F, 0x0F, 0xE1, 0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF,
+ 0xBF, 0xDC, 0x26, 0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD,
+ 0xA4, 0x06, 0xAC, 0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68,
+ 0x02, 0x2C, 0x9B, 0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7,
+ 0x56, 0xD7, 0x73, 0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88,
+ 0x22, 0xB4, 0xE7, 0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08,
+ 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9,
+ 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4,
+ 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x44, 0x30,
+ 0x82, 0x01, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
+ 0x04, 0x16, 0x04, 0x14, 0x3D, 0xD1, 0x84, 0xC2, 0xAF, 0xB0,
+ 0x20, 0x49, 0xBC, 0x74, 0x87, 0x41, 0x38, 0xAB, 0xBA, 0xD2,
+ 0xD4, 0x0C, 0xA3, 0xA8, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55,
+ 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14,
+ 0x3D, 0xD1, 0x84, 0xC2, 0xAF, 0xB0, 0x20, 0x49, 0xBC, 0x74,
+ 0x87, 0x41, 0x38, 0xAB, 0xBA, 0xD2, 0xD4, 0x0C, 0xA3, 0xA8,
+ 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
+ 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77,
+ 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x33, 0x30, 0x37,
+ 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B,
+ 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
+ 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, 0x37, 0x32, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+ 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+ 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
+ 0xA4, 0xE0, 0xAA, 0xF3, 0x29, 0x50, 0x39, 0x8A, 0x30, 0x0C,
+ 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
+ 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
+ 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00,
+ 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04,
+ 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
+ 0x01, 0x81, 0x00, 0x57, 0x21, 0xC0, 0xAD, 0x6E, 0x16, 0x74,
+ 0xD5, 0xB1, 0x8B, 0x19, 0x55, 0x49, 0x7A, 0xA4, 0x5E, 0xD6,
+ 0x18, 0xF9, 0x03, 0x80, 0x4B, 0xC2, 0x71, 0xD1, 0x04, 0x47,
+ 0x9C, 0xB3, 0x73, 0x9C, 0x4F, 0x62, 0x4A, 0x3A, 0x9A, 0xD4,
+ 0x48, 0xE4, 0x81, 0xDB, 0x8D, 0x15, 0xDF, 0x5D, 0x0F, 0x08,
+ 0x13, 0x28, 0x28, 0xD7, 0x05, 0x44, 0xC1, 0xB9, 0x6D, 0xF1,
+ 0x75, 0x60, 0x74, 0xD0, 0x44, 0xAE, 0x91, 0x0F, 0x3A, 0x7C,
+ 0xF4, 0xEE, 0xEA, 0x6F, 0x06, 0x3A, 0x41, 0xAE, 0x6B, 0x5C,
+ 0x8A, 0x0D, 0x85, 0x6B, 0xB3, 0xFB, 0xB1, 0x5F, 0x70, 0xF7,
+ 0x9B, 0x32, 0x57, 0xFB, 0xC4, 0x6B, 0xCE, 0x90, 0x86, 0x0C,
+ 0x96, 0x8A, 0x41, 0x4E, 0x61, 0xF3, 0xA1, 0x3F, 0x55, 0xE8,
+ 0x94, 0x56, 0x12, 0x6D, 0x9E, 0x46, 0x2C, 0x31, 0xBD, 0x3F,
+ 0x8A, 0x70, 0xC8, 0x20, 0xA4, 0xFB, 0xFA, 0xC6, 0x53, 0x58,
+ 0xBB, 0x05, 0x28, 0xBA, 0x89, 0x0C, 0xB1, 0x5F, 0x21, 0xAC,
+ 0x1E, 0xF1, 0x35, 0xFD, 0x6B, 0x14, 0xC1, 0x69, 0x08, 0xE9,
+ 0x37, 0x14, 0xD8, 0x76, 0x50, 0x2A, 0xFC, 0xAA, 0x94, 0x7F,
+ 0x39, 0x52, 0x3A, 0xA7, 0x3C, 0x0A, 0x53, 0x5E, 0xE0, 0x13,
+ 0x1A, 0x00, 0xCA, 0xAC, 0xAA, 0x7E, 0xF7, 0x09, 0x68, 0x78,
+ 0x60, 0x11, 0x73, 0xAB, 0x7D, 0x58, 0xFE, 0x03, 0x9F, 0xE6,
+ 0x84, 0xEA, 0x51, 0x58, 0x40, 0x82, 0xA5, 0xFF, 0xA7, 0x2C,
+ 0xEA, 0x42, 0xA5, 0x4C, 0xB6, 0x3B, 0x5C, 0x6B, 0xAB, 0xCF,
+ 0x56, 0x8A, 0x8C, 0xEC, 0x3C, 0xF0, 0xAE, 0xD3, 0xCA, 0x0E,
+ 0x09, 0x71, 0xCF, 0x79, 0x96, 0x72, 0x63, 0x4B, 0x24, 0x7A,
+ 0xF3, 0x79, 0xCA, 0x69, 0x75, 0xC9, 0xB2, 0xA4, 0x54, 0xB8,
+ 0x84, 0x40, 0x2B, 0x8F, 0x24, 0x27, 0x6A, 0xED, 0x8F, 0x53,
+ 0xE0, 0x55, 0x9B, 0x35, 0x91, 0x18, 0x11, 0xCF, 0xB0, 0x3B,
+ 0xB8, 0x65, 0x3C, 0xC6, 0xEF, 0xB0, 0x78, 0x7C, 0x43, 0x26,
+ 0xF1, 0x12, 0x84, 0x6B, 0x2B, 0xF0, 0x7D, 0x3C, 0x7F, 0xDC,
+ 0x67, 0xA4, 0x17, 0x89, 0x75, 0x00, 0x86, 0x1A, 0xEA, 0xCD,
+ 0x1A, 0xCF, 0xDA, 0x11, 0x64, 0xCC, 0xBD, 0x10, 0x26, 0xEF,
+ 0x6B, 0x1B, 0x93, 0xB3, 0x37, 0x14, 0x7F, 0x12, 0x80, 0x81,
+ 0xB6, 0xFD, 0x8A, 0x8A, 0xD8, 0x95, 0x5F, 0xF9, 0x1E, 0xA5,
+ 0x1E, 0x65, 0x5F, 0x75, 0x8D, 0x90, 0x2A, 0x0D, 0xB1, 0xAB,
+ 0x26, 0x16, 0x31, 0xB2, 0x06, 0x64, 0x6F, 0x2B, 0x7E, 0x4A,
+ 0xF4, 0xDE, 0xE9, 0x7A, 0xEC, 0x67, 0x35, 0xF3, 0x40, 0x71,
+ 0x75, 0x37, 0xB3, 0xE1, 0x1D, 0xEF, 0x7D, 0xE2, 0x92, 0xEC,
+ 0xD5, 0xE5, 0xBB, 0x99, 0x79, 0x50, 0x11, 0xB2, 0x8A, 0x57,
+ 0x1B, 0x30, 0x2E, 0xB7, 0x16, 0x4C, 0xC8, 0xA6, 0x99, 0xB1,
+ 0x01, 0x34, 0x08, 0x9D, 0xD8, 0xDF, 0xAF
+};
+static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072);
+
+#endif /* USE_CERT_BUFFERS_3072 */
+
+#ifdef USE_CERT_BUFFERS_4096
+
+/* ./certs/4096/client-key.der, 4096-bit */
+static const unsigned char client_key_der_4096[] =
+{
+ 0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
+ 0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3,
+ 0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC,
+ 0x46, 0x0E, 0x57, 0x12, 0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A,
+ 0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF,
+ 0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE,
+ 0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1,
+ 0x76, 0x5A, 0x62, 0x37, 0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB,
+ 0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F,
+ 0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1,
+ 0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07,
+ 0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB,
+ 0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC,
+ 0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F,
+ 0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64,
+ 0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C,
+ 0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0,
+ 0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A,
+ 0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37,
+ 0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB,
+ 0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E,
+ 0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22,
+ 0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F,
+ 0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6,
+ 0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89,
+ 0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06,
+ 0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE,
+ 0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D,
+ 0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8,
+ 0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80,
+ 0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7,
+ 0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C,
+ 0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96,
+ 0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59,
+ 0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E,
+ 0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28,
+ 0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B,
+ 0x1B, 0x48, 0x40, 0x25, 0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF,
+ 0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54,
+ 0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC,
+ 0x87, 0x02, 0x30, 0x22, 0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3,
+ 0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72,
+ 0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61,
+ 0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A,
+ 0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7,
+ 0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5,
+ 0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2, 0x81, 0x18, 0x06, 0x20,
+ 0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E,
+ 0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E,
+ 0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08,
+ 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4,
+ 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2,
+ 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+ 0x82, 0x02, 0x01, 0x00, 0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68,
+ 0x1A, 0x8E, 0xC6, 0x63, 0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2,
+ 0x74, 0xEA, 0x12, 0xC4, 0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6,
+ 0x9E, 0x1A, 0x7F, 0x95, 0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27,
+ 0x26, 0x95, 0x5A, 0x91, 0x09, 0xE4, 0x40, 0x13, 0x45, 0x91,
+ 0x9F, 0xA0, 0x2B, 0xE8, 0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C,
+ 0xC2, 0x0F, 0xA9, 0xE9, 0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D,
+ 0x92, 0x3E, 0xFC, 0x74, 0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21,
+ 0x92, 0x4D, 0x28, 0x82, 0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2,
+ 0x8C, 0x29, 0x1C, 0x19, 0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5,
+ 0x2D, 0xA3, 0xC7, 0x28, 0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8,
+ 0xD0, 0xFF, 0xF0, 0x0F, 0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6,
+ 0xED, 0x0D, 0x5F, 0xBF, 0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3,
+ 0xEF, 0x86, 0xE9, 0x51, 0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F,
+ 0xE9, 0x5F, 0x3C, 0x94, 0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1,
+ 0x6C, 0xE9, 0xF3, 0xA6, 0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B,
+ 0x20, 0xD5, 0x2F, 0xDE, 0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49,
+ 0x6B, 0xF5, 0x10, 0x85, 0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C,
+ 0xA0, 0x4A, 0x4C, 0xDA, 0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC,
+ 0xF8, 0xDD, 0xA3, 0x3B, 0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9,
+ 0x97, 0x5B, 0x07, 0x95, 0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C,
+ 0xE8, 0x8F, 0x4C, 0x4C, 0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE,
+ 0xDE, 0x16, 0x31, 0xF6, 0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC,
+ 0xAF, 0x2E, 0x47, 0xE8, 0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90,
+ 0x98, 0x99, 0xA4, 0xDC, 0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB,
+ 0x08, 0x93, 0xAF, 0x61, 0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89,
+ 0x64, 0x10, 0xE1, 0xE6, 0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6,
+ 0x5A, 0x89, 0x83, 0xFC, 0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12,
+ 0xCC, 0x72, 0xBB, 0x1E, 0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E,
+ 0xB9, 0x2E, 0x8E, 0x84, 0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A,
+ 0x6F, 0x9D, 0x19, 0xE6, 0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23,
+ 0x16, 0x9A, 0x68, 0x2C, 0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE,
+ 0x8E, 0xEC, 0x5E, 0x46, 0x9D, 0x60, 0x52, 0x32, 0x17, 0x28,
+ 0x59, 0xC4, 0x49, 0x2A, 0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6,
+ 0x3D, 0xF7, 0xC5, 0xCF, 0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D,
+ 0xBE, 0xF4, 0x63, 0xFC, 0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6,
+ 0xAD, 0x35, 0xEE, 0xDE, 0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE,
+ 0x33, 0xA0, 0xA8, 0xFC, 0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB,
+ 0x03, 0x19, 0xA1, 0xE8, 0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE,
+ 0xFE, 0xF2, 0x5F, 0xBB, 0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35,
+ 0x57, 0xDD, 0xE5, 0x50, 0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2,
+ 0x7A, 0x11, 0xB1, 0x43, 0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69,
+ 0xB9, 0xE5, 0xA5, 0xC9, 0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5,
+ 0x95, 0xB9, 0x58, 0xC0, 0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD,
+ 0x84, 0xB1, 0x2B, 0x67, 0x42, 0x82, 0xC3, 0x95, 0x55, 0x45,
+ 0xD5, 0xEA, 0xC3, 0x8A, 0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD,
+ 0xD2, 0xEA, 0xFC, 0xDF, 0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03,
+ 0x19, 0xB2, 0x1D, 0x4A, 0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86,
+ 0xC5, 0x1A, 0x10, 0xC3, 0x08, 0xD2, 0xED, 0x85, 0x93, 0x08,
+ 0x51, 0x05, 0xA6, 0x37, 0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63,
+ 0x01, 0x5D, 0x5B, 0x4F, 0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91,
+ 0x21, 0xE4, 0x8E, 0xB7, 0xF0, 0x81, 0x02, 0x82, 0x01, 0x01,
+ 0x00, 0xFD, 0x27, 0xC8, 0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB,
+ 0x8A, 0x22, 0x87, 0x61, 0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4,
+ 0x5C, 0x8A, 0xCA, 0x5C, 0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66,
+ 0x90, 0x2C, 0xA3, 0xED, 0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42,
+ 0xB4, 0xE0, 0xE0, 0x45, 0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B,
+ 0x8E, 0x7D, 0x9D, 0x73, 0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9,
+ 0x8C, 0xAD, 0x3A, 0x64, 0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F,
+ 0x4B, 0xC9, 0xBD, 0x4F, 0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F,
+ 0xE2, 0x99, 0x72, 0x66, 0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF,
+ 0x3A, 0x20, 0x37, 0x2A, 0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA,
+ 0x18, 0xB1, 0x1F, 0x6E, 0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82,
+ 0x9B, 0xDB, 0x50, 0x6B, 0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9,
+ 0x81, 0x11, 0x04, 0x14, 0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5,
+ 0xF9, 0x7C, 0xA1, 0x78, 0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F,
+ 0x79, 0x88, 0x8D, 0x14, 0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42,
+ 0xB9, 0xE8, 0x59, 0x76, 0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF,
+ 0x0A, 0xC1, 0x42, 0xC7, 0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91,
+ 0x4B, 0x1E, 0xF8, 0x46, 0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E,
+ 0xC8, 0xD0, 0x31, 0xD3, 0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30,
+ 0x0C, 0x58, 0xD8, 0xB7, 0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64,
+ 0x6D, 0xE4, 0xC6, 0x59, 0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8,
+ 0xC4, 0x84, 0x44, 0x7E, 0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1,
+ 0x27, 0x96, 0xB2, 0x19, 0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3,
+ 0xD7, 0x1F, 0xCD, 0x1B, 0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F,
+ 0x98, 0x05, 0x47, 0x46, 0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF,
+ 0x53, 0xE3, 0xC5, 0xB1, 0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xF8, 0x93, 0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9,
+ 0xC4, 0x0A, 0xC3, 0xE8, 0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE,
+ 0x14, 0xE7, 0x43, 0xC6, 0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E,
+ 0x08, 0x6A, 0x19, 0x6B, 0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B,
+ 0xDA, 0xFE, 0x4B, 0x94, 0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5,
+ 0x43, 0x70, 0xFB, 0x01, 0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D,
+ 0x51, 0xEE, 0xA0, 0xDC, 0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0,
+ 0x86, 0xB7, 0x83, 0xFF, 0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE,
+ 0xC4, 0x26, 0x36, 0xBC, 0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90,
+ 0x97, 0xE5, 0xA6, 0x38, 0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23,
+ 0xD2, 0x33, 0x1F, 0x81, 0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38,
+ 0x10, 0x03, 0xE6, 0x88, 0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2,
+ 0x4D, 0x27, 0x33, 0x85, 0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82,
+ 0x58, 0xD9, 0xDF, 0xEE, 0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF,
+ 0x06, 0x12, 0x16, 0xD1, 0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A,
+ 0xBD, 0xE2, 0xCF, 0x56, 0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4,
+ 0x73, 0x0A, 0x98, 0x8D, 0x61, 0x84, 0x38, 0x46, 0xDC, 0x95,
+ 0xCF, 0x3F, 0x6B, 0xE7, 0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57,
+ 0xE2, 0x3D, 0xC4, 0x2B, 0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F,
+ 0xC0, 0x06, 0x12, 0x8C, 0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81,
+ 0xC3, 0x23, 0x15, 0xEB, 0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E,
+ 0x59, 0xFA, 0x10, 0xCA, 0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86,
+ 0x26, 0x1E, 0x55, 0xB9, 0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5,
+ 0xD9, 0x63, 0x8D, 0x51, 0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33,
+ 0x10, 0x21, 0x5E, 0xEC, 0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC,
+ 0x3E, 0x50, 0xF5, 0xBE, 0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82,
+ 0x01, 0x00, 0x21, 0x7C, 0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68,
+ 0xA7, 0xAD, 0xDD, 0x05, 0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6,
+ 0x42, 0x70, 0x8F, 0x57, 0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05,
+ 0x56, 0x9C, 0xC9, 0x9A, 0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F,
+ 0xA6, 0x0D, 0x41, 0x15, 0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25,
+ 0x02, 0x63, 0x55, 0xD0, 0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41,
+ 0x46, 0x96, 0xAA, 0x2F, 0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F,
+ 0xD0, 0xD3, 0x28, 0x9B, 0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3,
+ 0xE2, 0x8E, 0x79, 0xD7, 0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6,
+ 0xDA, 0x07, 0xF9, 0x4C, 0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1,
+ 0xFA, 0x05, 0x0C, 0x20, 0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A,
+ 0xDE, 0xCE, 0xF9, 0x02, 0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A,
+ 0x8D, 0x8C, 0x3A, 0x10, 0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A,
+ 0x36, 0x41, 0x4B, 0x30, 0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD,
+ 0x7D, 0x2B, 0x89, 0x59, 0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0,
+ 0x25, 0x68, 0x6C, 0x08, 0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08,
+ 0xB2, 0xC6, 0x3C, 0x6C, 0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8,
+ 0x5C, 0x7B, 0xC0, 0x5B, 0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99,
+ 0x46, 0xE2, 0x5F, 0x4F, 0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B,
+ 0x33, 0x10, 0xDF, 0x0B, 0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A,
+ 0xF2, 0x1A, 0xEB, 0x41, 0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96,
+ 0x88, 0x46, 0xEE, 0x6C, 0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E,
+ 0xD4, 0x3F, 0x05, 0x5B, 0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63,
+ 0xCA, 0xC4, 0x71, 0x0B, 0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4,
+ 0x12, 0x8C, 0x4C, 0x5E, 0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61,
+ 0x0C, 0x74, 0x5F, 0x53, 0xBE, 0x39, 0x34, 0x61, 0x02, 0x82,
+ 0x01, 0x00, 0x5F, 0xF2, 0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E,
+ 0xCC, 0x96, 0x5F, 0x32, 0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73,
+ 0xBC, 0xCB, 0xDB, 0xF4, 0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95,
+ 0x80, 0x97, 0xFB, 0xC1, 0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2,
+ 0x2C, 0x00, 0xF6, 0x89, 0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C,
+ 0x87, 0x60, 0xC7, 0xF2, 0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37,
+ 0x4E, 0x95, 0xEE, 0xCF, 0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D,
+ 0x95, 0x82, 0xA6, 0xD7, 0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB,
+ 0x94, 0x09, 0x30, 0x1D, 0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A,
+ 0x3E, 0x27, 0xAD, 0xF6, 0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03,
+ 0xCF, 0xB2, 0x5E, 0x1A, 0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75,
+ 0x92, 0x70, 0xFE, 0xFE, 0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D,
+ 0x45, 0xBC, 0xB8, 0xFD, 0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE,
+ 0x9A, 0x7F, 0x57, 0x19, 0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B,
+ 0xAC, 0x6B, 0x35, 0x15, 0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7,
+ 0x2E, 0xAE, 0xAA, 0xDB, 0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB,
+ 0xE4, 0x90, 0x15, 0x7C, 0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13,
+ 0x02, 0x91, 0x77, 0x84, 0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01,
+ 0x0B, 0x5A, 0x4E, 0x2B, 0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61,
+ 0x1B, 0x6C, 0xFC, 0xA1, 0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C,
+ 0x7E, 0x97, 0x3F, 0x71, 0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12,
+ 0xEC, 0x26, 0x43, 0x6E, 0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D,
+ 0x12, 0xFF, 0xA8, 0x95, 0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55,
+ 0xC3, 0x68, 0xD2, 0xF6, 0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2,
+ 0xC9, 0x2A, 0x28, 0x6A, 0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A,
+ 0x26, 0x6F, 0xB7, 0xBB, 0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82,
+ 0x01, 0x00, 0x56, 0xBA, 0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E,
+ 0x1B, 0x1E, 0x2F, 0xF3, 0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68,
+ 0x4A, 0xE1, 0xEA, 0xB3, 0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA,
+ 0x63, 0x5E, 0xDF, 0x05, 0x24, 0x32, 0x71, 0x65, 0x1A, 0x36,
+ 0x2F, 0xBC, 0x07, 0x75, 0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95,
+ 0x4D, 0x3F, 0xC9, 0x06, 0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95,
+ 0xAB, 0x9A, 0xEB, 0x04, 0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56,
+ 0x53, 0xA2, 0x28, 0xF2, 0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63,
+ 0xAC, 0x9B, 0x56, 0xA9, 0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70,
+ 0xFF, 0x2B, 0x6D, 0x0C, 0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1,
+ 0xA7, 0x4B, 0x5E, 0x49, 0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58,
+ 0x13, 0x66, 0x8F, 0x2F, 0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94,
+ 0x30, 0x3E, 0xEC, 0x96, 0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30,
+ 0xB4, 0xEB, 0x41, 0x00, 0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE,
+ 0x31, 0x70, 0x17, 0x39, 0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B,
+ 0x90, 0x20, 0xBC, 0x39, 0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C,
+ 0x4F, 0x45, 0x6B, 0x82, 0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F,
+ 0x2D, 0x83, 0xB3, 0x3D, 0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54,
+ 0x2E, 0xFE, 0x16, 0x2E, 0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1,
+ 0xD8, 0xBB, 0x87, 0xE1, 0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8,
+ 0x00, 0x3E, 0x49, 0x8A, 0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31,
+ 0x31, 0x21, 0x98, 0x18, 0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7,
+ 0x9B, 0x09, 0x2E, 0xBB, 0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1,
+ 0x44, 0x75, 0x80, 0x1D, 0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0,
+ 0xFC, 0x19, 0x3C, 0xFF, 0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1,
+ 0x4E, 0xFE, 0x4D, 0x2B, 0x4B, 0x18, 0xE6, 0xCE
+};
+static const int sizeof_client_key_der_4096 = sizeof(client_key_der_4096);
+
+/* ./certs/4096/client-keyPub.der, 4096-bit */
+static const unsigned char client_keypub_der_4096[] =
+{
+ 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
+ 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82,
+ 0x02, 0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4, 0x71, 0x59, 0x58,
+ 0xB3, 0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC, 0xC6, 0x95, 0x50,
+ 0xFC, 0x46, 0x0E, 0x57, 0x12, 0x86, 0x71, 0x8D, 0xE3, 0x9B,
+ 0x4A, 0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13, 0x6D, 0x48, 0x69,
+ 0xDF, 0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF, 0x2B, 0xC7, 0x30,
+ 0xBE, 0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12, 0x09, 0x23, 0x5D,
+ 0xE1, 0x76, 0x5A, 0x62, 0x37, 0x46, 0x74, 0xEF, 0x03, 0x05,
+ 0xBB, 0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E, 0x9D, 0x87, 0x0D,
+ 0x8F, 0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE, 0x17, 0x6B, 0x51,
+ 0xD1, 0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5, 0x36, 0xEB, 0xE0,
+ 0x07, 0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1, 0xF5, 0x5E, 0x05,
+ 0xDB, 0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13, 0x1C, 0xC0, 0x35,
+ 0xDC, 0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5, 0x7A, 0x41, 0x70,
+ 0x0F, 0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05, 0xD5, 0x75, 0x1B,
+ 0x64, 0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48, 0x6A, 0xE3, 0xAC,
+ 0x9C, 0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD, 0x24, 0xA0, 0xB1,
+ 0xA0, 0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F, 0xD1, 0x96, 0xFF,
+ 0x2A, 0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18, 0x14, 0xEC, 0x65,
+ 0x37, 0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4, 0x5B, 0xFE, 0xC4,
+ 0xCB, 0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2, 0xDD, 0xE4, 0xC1,
+ 0x8E, 0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80, 0x5A, 0x2E, 0x0F,
+ 0x22, 0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51, 0xD8, 0xAB, 0x6D,
+ 0x8F, 0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81, 0xE2, 0x1E, 0x76,
+ 0xD6, 0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E, 0x07, 0xA1, 0xDE,
+ 0x89, 0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA, 0xF1, 0x51, 0xE6,
+ 0x06, 0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E, 0x92, 0x30, 0x9F,
+ 0xFE, 0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD, 0x9A, 0xFC, 0xA8,
+ 0x1D, 0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B, 0xFC, 0x9C, 0x33,
+ 0xF8, 0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C, 0x77, 0x3F, 0xF5,
+ 0x80, 0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88, 0x0A, 0xC9, 0x75,
+ 0xD7, 0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B, 0x0A, 0x49, 0xAA,
+ 0x1C, 0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47, 0x4D, 0xE5, 0x36,
+ 0x96, 0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1, 0xF2, 0x92, 0x31,
+ 0x59, 0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6, 0x65, 0x13, 0x0B,
+ 0x3E, 0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85, 0xB9, 0xD8, 0xD8,
+ 0x28, 0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51, 0xBE, 0xFE, 0x7D,
+ 0x0B, 0x1B, 0x48, 0x40, 0x25, 0x76, 0x94, 0xDC, 0x41, 0xFB,
+ 0xBF, 0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62, 0xE7, 0xC1, 0xC8,
+ 0x54, 0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8, 0x3E, 0x3E, 0xDF,
+ 0xBC, 0x87, 0x02, 0x30, 0x22, 0x57, 0xC4, 0xE0, 0x18, 0x7A,
+ 0xD3, 0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD, 0x4E, 0x49, 0x47,
+ 0x72, 0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B, 0x00, 0xA7, 0x91,
+ 0x61, 0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE, 0xDF, 0x5E, 0x1B,
+ 0x1A, 0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44, 0x45, 0x98, 0x7E,
+ 0xE7, 0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26, 0x5D, 0x90, 0xC1,
+ 0xE5, 0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2, 0x81, 0x18, 0x06,
+ 0x20, 0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B, 0x6E, 0xD6, 0x0C,
+ 0x4E, 0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE, 0xDE, 0xE9, 0x99,
+ 0x5E, 0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17, 0xB6, 0x03, 0xA9,
+ 0x08, 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72,
+ 0xD4, 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8,
+ 0xF2, 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01
+
+};
+static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096);
+
+/* ./certs/4096/client-cert.der, 4096-bit */
+static const unsigned char client_cert_der_4096[] =
+{
+ 0x30, 0x82, 0x07, 0x07, 0x30, 0x82, 0x04, 0xEF, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA0, 0x3E, 0xDB, 0xCF,
+ 0x97, 0x9A, 0x72, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+ 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+ 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+ 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F,
+ 0x34, 0x30, 0x39, 0x36, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72,
+ 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x34, 0x30, 0x39,
+ 0x36, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+ 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+ 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
+ 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+ 0x53, 0x4C, 0x5F, 0x34, 0x30, 0x39, 0x36, 0x31, 0x19, 0x30,
+ 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72,
+ 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D,
+ 0x34, 0x30, 0x39, 0x36, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+ 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02,
+ 0x0A, 0x02, 0x82, 0x02, 0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4,
+ 0x71, 0x59, 0x58, 0xB3, 0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC,
+ 0xC6, 0x95, 0x50, 0xFC, 0x46, 0x0E, 0x57, 0x12, 0x86, 0x71,
+ 0x8D, 0xE3, 0x9B, 0x4A, 0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13,
+ 0x6D, 0x48, 0x69, 0xDF, 0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF,
+ 0x2B, 0xC7, 0x30, 0xBE, 0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12,
+ 0x09, 0x23, 0x5D, 0xE1, 0x76, 0x5A, 0x62, 0x37, 0x46, 0x74,
+ 0xEF, 0x03, 0x05, 0xBB, 0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E,
+ 0x9D, 0x87, 0x0D, 0x8F, 0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE,
+ 0x17, 0x6B, 0x51, 0xD1, 0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5,
+ 0x36, 0xEB, 0xE0, 0x07, 0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1,
+ 0xF5, 0x5E, 0x05, 0xDB, 0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13,
+ 0x1C, 0xC0, 0x35, 0xDC, 0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5,
+ 0x7A, 0x41, 0x70, 0x0F, 0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05,
+ 0xD5, 0x75, 0x1B, 0x64, 0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48,
+ 0x6A, 0xE3, 0xAC, 0x9C, 0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD,
+ 0x24, 0xA0, 0xB1, 0xA0, 0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F,
+ 0xD1, 0x96, 0xFF, 0x2A, 0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18,
+ 0x14, 0xEC, 0x65, 0x37, 0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4,
+ 0x5B, 0xFE, 0xC4, 0xCB, 0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2,
+ 0xDD, 0xE4, 0xC1, 0x8E, 0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80,
+ 0x5A, 0x2E, 0x0F, 0x22, 0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51,
+ 0xD8, 0xAB, 0x6D, 0x8F, 0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81,
+ 0xE2, 0x1E, 0x76, 0xD6, 0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E,
+ 0x07, 0xA1, 0xDE, 0x89, 0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA,
+ 0xF1, 0x51, 0xE6, 0x06, 0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E,
+ 0x92, 0x30, 0x9F, 0xFE, 0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD,
+ 0x9A, 0xFC, 0xA8, 0x1D, 0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B,
+ 0xFC, 0x9C, 0x33, 0xF8, 0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C,
+ 0x77, 0x3F, 0xF5, 0x80, 0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88,
+ 0x0A, 0xC9, 0x75, 0xD7, 0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B,
+ 0x0A, 0x49, 0xAA, 0x1C, 0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47,
+ 0x4D, 0xE5, 0x36, 0x96, 0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1,
+ 0xF2, 0x92, 0x31, 0x59, 0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6,
+ 0x65, 0x13, 0x0B, 0x3E, 0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85,
+ 0xB9, 0xD8, 0xD8, 0x28, 0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51,
+ 0xBE, 0xFE, 0x7D, 0x0B, 0x1B, 0x48, 0x40, 0x25, 0x76, 0x94,
+ 0xDC, 0x41, 0xFB, 0xBF, 0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62,
+ 0xE7, 0xC1, 0xC8, 0x54, 0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8,
+ 0x3E, 0x3E, 0xDF, 0xBC, 0x87, 0x02, 0x30, 0x22, 0x57, 0xC4,
+ 0xE0, 0x18, 0x7A, 0xD3, 0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD,
+ 0x4E, 0x49, 0x47, 0x72, 0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B,
+ 0x00, 0xA7, 0x91, 0x61, 0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE,
+ 0xDF, 0x5E, 0x1B, 0x1A, 0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44,
+ 0x45, 0x98, 0x7E, 0xE7, 0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26,
+ 0x5D, 0x90, 0xC1, 0xE5, 0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2,
+ 0x81, 0x18, 0x06, 0x20, 0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B,
+ 0x6E, 0xD6, 0x0C, 0x4E, 0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE,
+ 0xDE, 0xE9, 0x99, 0x5E, 0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17,
+ 0xB6, 0x03, 0xA9, 0x08, 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9,
+ 0x59, 0x39, 0x72, 0xD4, 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E,
+ 0xA7, 0x3D, 0xF8, 0xF2, 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x44, 0x30, 0x82, 0x01,
+ 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
+ 0x04, 0x14, 0xFA, 0x54, 0x89, 0x67, 0xE5, 0x5F, 0xB7, 0x31,
+ 0x40, 0xEA, 0xFD, 0xE7, 0xF6, 0xA3, 0xC6, 0x5A, 0x56, 0x16,
+ 0xA5, 0x6E, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, 0x1D, 0x23,
+ 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14, 0xFA, 0x54,
+ 0x89, 0x67, 0xE5, 0x5F, 0xB7, 0x31, 0x40, 0xEA, 0xFD, 0xE7,
+ 0xF6, 0xA3, 0xC6, 0x5A, 0x56, 0x16, 0xA5, 0x6E, 0xA1, 0x81,
+ 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+ 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
+ 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13,
+ 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C,
+ 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x34, 0x30, 0x39, 0x36, 0x31,
+ 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
+ 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E,
+ 0x67, 0x2D, 0x34, 0x30, 0x39, 0x36, 0x31, 0x18, 0x30, 0x16,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77,
+ 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+ 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+ 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xA0, 0x3E,
+ 0xDB, 0xCF, 0x97, 0x9A, 0x72, 0x8C, 0x30, 0x0C, 0x06, 0x03,
+ 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF,
+ 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30,
+ 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01,
+ 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30,
+ 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
+ 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
+ 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01,
+ 0x00, 0x17, 0xAB, 0x22, 0x61, 0x05, 0x6D, 0x3A, 0xC0, 0x0D,
+ 0x6B, 0xD9, 0x15, 0x82, 0x11, 0xCF, 0xE7, 0xF8, 0x65, 0xDA,
+ 0xC7, 0xEF, 0xDA, 0x0F, 0x50, 0x75, 0xBD, 0x55, 0xCF, 0x3D,
+ 0x50, 0xDD, 0xD4, 0x0D, 0x2C, 0x04, 0x48, 0xA8, 0x25, 0x3A,
+ 0xB9, 0xC4, 0xCE, 0x48, 0x7E, 0xB8, 0x63, 0xCD, 0xCD, 0xCE,
+ 0xBC, 0x50, 0x26, 0xDC, 0x6D, 0xC2, 0x1E, 0xD1, 0x71, 0x3A,
+ 0x2F, 0xDB, 0xE5, 0x03, 0x6B, 0x73, 0x55, 0x23, 0x70, 0x76,
+ 0x1E, 0x08, 0x2A, 0x92, 0x7B, 0xD6, 0x6A, 0xEF, 0x17, 0xA0,
+ 0xF3, 0x8C, 0xEA, 0xEB, 0xC4, 0x2E, 0xCB, 0xD4, 0xD9, 0xD5,
+ 0xAB, 0xF7, 0xE6, 0x8D, 0xEC, 0xD9, 0x97, 0xA1, 0x56, 0xA7,
+ 0x0B, 0x5D, 0xE5, 0x3F, 0x1F, 0x5E, 0x6A, 0x7A, 0xA4, 0x64,
+ 0xD7, 0xB2, 0x42, 0x1A, 0x1E, 0x49, 0x37, 0x93, 0xBC, 0xBE,
+ 0x13, 0xA8, 0xFB, 0xB1, 0x93, 0x7B, 0xA8, 0x2B, 0x49, 0x90,
+ 0x43, 0x84, 0x24, 0x60, 0x44, 0xFC, 0x32, 0x74, 0x85, 0x0E,
+ 0x1B, 0xF8, 0x3A, 0x92, 0x3D, 0xAA, 0x25, 0x1B, 0x9F, 0x97,
+ 0x31, 0x95, 0x97, 0xC5, 0x3D, 0x51, 0xDD, 0xB6, 0xD5, 0x4A,
+ 0x7E, 0x41, 0xB3, 0x90, 0x83, 0x7C, 0x98, 0xFA, 0xCB, 0x22,
+ 0x33, 0xA5, 0xF4, 0x32, 0x74, 0xBD, 0x3E, 0xB1, 0x3B, 0x34,
+ 0xF9, 0xC3, 0x3F, 0xBE, 0xDB, 0x0E, 0xD9, 0x2F, 0x1A, 0xF9,
+ 0xD2, 0x4F, 0x14, 0x53, 0x63, 0xF2, 0x21, 0xA3, 0xE9, 0xC3,
+ 0xAD, 0x04, 0x6E, 0xE7, 0xAD, 0x1F, 0x6B, 0xCE, 0x4E, 0x35,
+ 0x4A, 0x61, 0x84, 0xB9, 0x61, 0x65, 0x1D, 0xA2, 0xD7, 0xA1,
+ 0xE6, 0x74, 0x08, 0x15, 0x38, 0x75, 0xB0, 0x23, 0x70, 0x22,
+ 0x15, 0x59, 0x2C, 0x48, 0xF0, 0xDA, 0x9A, 0x99, 0xD4, 0x2B,
+ 0x83, 0xDF, 0x9A, 0x93, 0x78, 0x45, 0xB9, 0x84, 0x5C, 0x7E,
+ 0x71, 0x90, 0xDA, 0x56, 0x1C, 0x9F, 0x57, 0xED, 0x76, 0xF7,
+ 0x17, 0xE5, 0xD2, 0x01, 0x90, 0x99, 0x5F, 0x4C, 0x07, 0x49,
+ 0x07, 0x82, 0x75, 0x92, 0x44, 0x7A, 0xFE, 0x9B, 0xA7, 0x4D,
+ 0xEC, 0xC8, 0xDC, 0x46, 0x67, 0x28, 0x04, 0x8B, 0x08, 0x17,
+ 0x94, 0x13, 0xE9, 0xA0, 0xD2, 0xB2, 0x26, 0x56, 0x27, 0x60,
+ 0x94, 0x5A, 0x50, 0x5C, 0xCF, 0x34, 0x4D, 0x3F, 0x35, 0xE7,
+ 0x12, 0x5D, 0xC5, 0x32, 0x00, 0x2F, 0xE0, 0x1D, 0x09, 0xE5,
+ 0x36, 0x8D, 0x77, 0x93, 0xF6, 0xE5, 0x62, 0xB4, 0xA3, 0x9B,
+ 0xC6, 0x7C, 0xE6, 0x3D, 0xD5, 0x38, 0x33, 0x5F, 0x23, 0x5B,
+ 0x81, 0x2E, 0x24, 0x26, 0x9E, 0x98, 0xA8, 0xAF, 0x04, 0x3D,
+ 0x65, 0x3F, 0x71, 0x88, 0x48, 0x44, 0x5C, 0x1A, 0x11, 0x0E,
+ 0x1B, 0xE1, 0x81, 0xB1, 0xB6, 0x66, 0xE6, 0x3C, 0x13, 0x67,
+ 0xD6, 0x6B, 0xA3, 0xF3, 0xB7, 0xF6, 0x9F, 0x14, 0xA6, 0x87,
+ 0x7F, 0x2B, 0x14, 0x31, 0x22, 0x7A, 0xF5, 0x0D, 0x44, 0xE6,
+ 0xA3, 0x1A, 0xD6, 0xD2, 0xDC, 0x88, 0x71, 0x37, 0x28, 0x11,
+ 0x6C, 0xEF, 0x95, 0xAB, 0x1D, 0xC5, 0xC3, 0x9A, 0xEF, 0x1A,
+ 0x54, 0x11, 0x92, 0x8E, 0x89, 0x43, 0x03, 0x26, 0xD0, 0xE9,
+ 0x63, 0x33, 0xFE, 0x79, 0x4C, 0xA6, 0x6F, 0xC4, 0x58, 0x58,
+ 0x2E, 0xB6, 0xAB, 0x57, 0xA0, 0x39, 0x4D, 0xFF, 0x88, 0xC0,
+ 0x23, 0x2C, 0x3B, 0xE3, 0x9A, 0xDF, 0x48, 0xD3, 0x17, 0x45,
+ 0x5D, 0x36, 0x4E, 0x00, 0x58, 0x72, 0xC3, 0xEF, 0xE7, 0x76,
+ 0x0B, 0xF8, 0x19, 0xA8, 0x5F, 0xF6, 0x53, 0x98, 0x49, 0x2B,
+ 0x52, 0xB5, 0x8E, 0xA5, 0xD8, 0x73, 0x6E, 0x3C, 0x23, 0x23,
+ 0x06, 0x86, 0x25, 0x6B, 0x0D, 0x3B, 0xF2, 0x9A, 0x17, 0x33,
+ 0xA4, 0x4E, 0xF5, 0x6B, 0xDE, 0xB3, 0x64, 0x20, 0x58, 0xC6,
+ 0x6D, 0x22, 0xA9, 0xAE, 0xF4, 0x09, 0x9D, 0x0D, 0x6E, 0x9F,
+ 0x96, 0x2A, 0x9E
+};
+static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096);
+
+/* ./certs/dh4096.der, 4096-bit */
+static const unsigned char dh_key_der_4096[] =
+{
+ 0x30, 0x82, 0x02, 0x08, 0x02, 0x82, 0x02, 0x01, 0x00, 0xE9,
+ 0x0E, 0x3E, 0x79, 0x4F, 0xC9, 0xB2, 0xA0, 0xB1, 0xDB, 0x2F,
+ 0x1E, 0x24, 0x21, 0x90, 0x5C, 0x50, 0xA4, 0x34, 0xDB, 0x99,
+ 0x90, 0xAC, 0xF7, 0xBF, 0x2F, 0x01, 0x4B, 0xAC, 0x87, 0x70,
+ 0xBA, 0xEC, 0xD1, 0x64, 0xDE, 0x04, 0xCA, 0xFC, 0xF9, 0x51,
+ 0x69, 0x1E, 0xB7, 0x99, 0xE2, 0xB4, 0x0D, 0xDB, 0x5D, 0x78,
+ 0x38, 0x38, 0x41, 0x05, 0xE8, 0x67, 0x48, 0x65, 0x54, 0x71,
+ 0xCC, 0xC9, 0xAA, 0x95, 0x1E, 0xD4, 0xBF, 0xBC, 0xCA, 0x5D,
+ 0xC2, 0x9C, 0x9E, 0x7E, 0x5E, 0x94, 0x5B, 0x2F, 0x60, 0x72,
+ 0xED, 0xEB, 0x54, 0x0C, 0x48, 0x2B, 0x21, 0x74, 0x4D, 0x37,
+ 0x04, 0x5A, 0x2F, 0x8B, 0x24, 0x4A, 0xDB, 0xEE, 0xFA, 0xA9,
+ 0x94, 0x13, 0x8F, 0x52, 0x4A, 0x1B, 0xAE, 0xE6, 0xC8, 0x7F,
+ 0x99, 0x09, 0x23, 0x84, 0x89, 0xE9, 0xA6, 0x53, 0x82, 0xB6,
+ 0x03, 0x6D, 0x38, 0x5D, 0x2E, 0xEB, 0x0B, 0xF0, 0xE6, 0xAA,
+ 0xB1, 0x8B, 0x51, 0xFC, 0xD6, 0x13, 0xFB, 0x20, 0xCB, 0xDF,
+ 0x79, 0x97, 0xDB, 0x55, 0x74, 0xC2, 0x21, 0xE8, 0xDB, 0x8C,
+ 0x6A, 0x95, 0x2D, 0x51, 0x91, 0xA7, 0xA1, 0x3C, 0x9B, 0xEF,
+ 0xF5, 0x43, 0xAC, 0xA6, 0x69, 0xCE, 0x66, 0x5C, 0xD5, 0xB1,
+ 0xF8, 0xBA, 0xD4, 0x86, 0x25, 0x29, 0x2E, 0x0E, 0x23, 0x05,
+ 0xDA, 0x7C, 0x7C, 0xC2, 0x7B, 0xC8, 0xB5, 0x79, 0x84, 0x6D,
+ 0x68, 0x2D, 0x82, 0x4A, 0x35, 0x9F, 0xDC, 0x0E, 0x63, 0x2B,
+ 0x58, 0x5F, 0x34, 0x7E, 0xA8, 0x73, 0xCE, 0x44, 0x53, 0x11,
+ 0xE3, 0xDB, 0x46, 0xFA, 0x3A, 0xC3, 0xDA, 0x63, 0xA5, 0x65,
+ 0x56, 0x99, 0xA5, 0x91, 0x27, 0xD6, 0xE7, 0xDF, 0x2D, 0xEF,
+ 0xA0, 0x81, 0xB6, 0x07, 0x3A, 0xC6, 0xC1, 0x2B, 0xA1, 0x3A,
+ 0x74, 0xB4, 0xE9, 0xE1, 0x2F, 0x6B, 0x2B, 0xE4, 0xF0, 0x98,
+ 0xBE, 0x6F, 0xCB, 0xBB, 0xAE, 0x8D, 0xD2, 0x7E, 0x1B, 0x6F,
+ 0xBA, 0xF2, 0xB2, 0xB8, 0xB1, 0x5D, 0x9E, 0x79, 0x19, 0xF7,
+ 0x94, 0xB2, 0xC1, 0x17, 0x5E, 0x9B, 0xB3, 0x05, 0x67, 0x6D,
+ 0x5C, 0x62, 0x64, 0xA8, 0x2B, 0xB0, 0x36, 0x3D, 0xF9, 0x4C,
+ 0x65, 0x53, 0xEE, 0x2E, 0x55, 0x69, 0xCC, 0x1C, 0xF5, 0x96,
+ 0xDC, 0xBE, 0x60, 0x5E, 0x37, 0xEE, 0xD4, 0x63, 0x96, 0x51,
+ 0x97, 0x96, 0x14, 0x3C, 0x61, 0xBF, 0x53, 0xAA, 0x24, 0xB5,
+ 0x24, 0x5B, 0x26, 0x67, 0xAD, 0x02, 0x67, 0xB8, 0xD3, 0x05,
+ 0x6E, 0xA4, 0x8F, 0x46, 0x91, 0x9D, 0x84, 0xA6, 0x2C, 0x44,
+ 0x9F, 0x2D, 0x18, 0x2F, 0x73, 0xA5, 0xE5, 0xC4, 0xD9, 0x4F,
+ 0xD9, 0x9F, 0xF5, 0xC0, 0xC5, 0x48, 0xE8, 0x23, 0x32, 0xC4,
+ 0x4A, 0xCE, 0xFF, 0x3B, 0x16, 0x87, 0x85, 0xA5, 0x1F, 0x22,
+ 0xA8, 0x0B, 0x91, 0x97, 0x24, 0x95, 0x07, 0xC8, 0x73, 0xD2,
+ 0xB0, 0x01, 0xF8, 0x20, 0xA9, 0xAB, 0x6B, 0x71, 0x79, 0x24,
+ 0xF3, 0x79, 0xB5, 0x9B, 0x00, 0xF5, 0xF9, 0xAE, 0x23, 0xAC,
+ 0xEA, 0xE1, 0x48, 0x88, 0x28, 0x53, 0xE0, 0xC8, 0x76, 0x29,
+ 0xAE, 0x3E, 0x25, 0x9F, 0x1C, 0xC5, 0x8A, 0x86, 0x33, 0x02,
+ 0x21, 0xAB, 0xA5, 0x10, 0xF0, 0x07, 0x1B, 0x56, 0x8F, 0xCD,
+ 0xFC, 0x87, 0x9E, 0x2E, 0xD0, 0x44, 0x98, 0x44, 0x99, 0xB3,
+ 0xC2, 0x14, 0xCE, 0xD8, 0x93, 0xEA, 0xD1, 0x82, 0x3C, 0x1B,
+ 0x49, 0xE8, 0x6F, 0x04, 0xB2, 0xF5, 0xAF, 0x9B, 0x37, 0x7D,
+ 0xE5, 0xE0, 0x56, 0xE9, 0xEE, 0x00, 0x58, 0x25, 0x16, 0x23,
+ 0xC3, 0x8E, 0xF0, 0xB9, 0xE2, 0x98, 0x5D, 0xF2, 0x4F, 0x5C,
+ 0xC3, 0x27, 0x2A, 0x67, 0x7D, 0x43, 0xF6, 0x36, 0x76, 0xD4,
+ 0x2C, 0x7E, 0x16, 0x80, 0xCB, 0xF1, 0x07, 0xDC, 0xB9, 0xF5,
+ 0xF3, 0x56, 0xBD, 0xF0, 0xFC, 0x00, 0x78, 0x00, 0x56, 0xB4,
+ 0x3B, 0x02, 0x01, 0x02
+};
+static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096);
+
+#endif /* USE_CERT_BUFFERS_4096 */
+
+#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
+
+/* ./certs/ecc-client-key.der, ECC */
+static const unsigned char ecc_clikey_der_256[] =
+{
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xF8, 0xCF, 0x92,
+ 0x6B, 0xBD, 0x1E, 0x28, 0xF1, 0xA8, 0xAB, 0xA1, 0x23, 0x4F,
+ 0x32, 0x74, 0x18, 0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92,
+ 0xF8, 0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7, 0xA0,
+ 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+ 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
+ 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
+ 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
+ 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
+ 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
+ 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
+ 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
+ 0xB4
+};
+static const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256);
+
+/* ./certs/ecc-client-keyPub.der, ECC */
+static const unsigned char ecc_clikeypub_der_256[] =
+{
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
+ 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+ 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
+ 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
+ 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
+ 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
+ 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
+ 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
+ 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
+ 0xB4
+};
+static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256);
+
+/* ./certs/client-ecc-cert.der, ECC */
+static const unsigned char cliecc_cert_der_256[] =
+{
+ 0x30, 0x82, 0x03, 0x49, 0x30, 0x82, 0x02, 0xEE, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE7, 0x4A, 0x4F, 0xE5,
+ 0x56, 0x97, 0xCA, 0xC3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
+ 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31,
+ 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05,
+ 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06,
+ 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65,
+ 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B,
+ 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73,
+ 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x33, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F,
+ 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F,
+ 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65,
+ 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45,
+ 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04,
+ 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30,
+ 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+ 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
+ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
+ 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+ 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
+ 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
+ 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A,
+ 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B,
+ 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2,
+ 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12,
+ 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01,
+ 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2,
+ 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x82, 0x01,
+ 0x33, 0x30, 0x82, 0x01, 0x2F, 0x30, 0x1D, 0x06, 0x03, 0x55,
+ 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59,
+ 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89,
+ 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xC2, 0x06,
+ 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBA, 0x30, 0x81, 0xB7,
+ 0x80, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F,
+ 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C,
+ 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81,
+ 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03,
+ 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F,
+ 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07,
+ 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30,
+ 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C,
+ 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D,
+ 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46,
+ 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+ 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+ 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xE7, 0x4A, 0x4F, 0xE5, 0x56,
+ 0x97, 0xCA, 0xC3, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13,
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06,
+ 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
+ 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06,
+ 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
+ 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08,
+ 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A,
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
+ 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE3, 0xBB,
+ 0xCA, 0x0E, 0x31, 0x2D, 0x39, 0x1D, 0x94, 0x25, 0x81, 0x90,
+ 0xD5, 0x11, 0xF9, 0x09, 0x6D, 0x58, 0x16, 0x23, 0xBE, 0x9F,
+ 0xA9, 0x18, 0x64, 0x83, 0x3C, 0x25, 0x03, 0x58, 0x58, 0x39,
+ 0x02, 0x21, 0x00, 0xA4, 0xAA, 0xB3, 0xF0, 0x09, 0xC9, 0x0C,
+ 0x2F, 0xF7, 0xB1, 0xD4, 0x8E, 0x9F, 0xA6, 0xB6, 0xAB, 0x1A,
+ 0xC7, 0x37, 0xED, 0x70, 0x4D, 0x34, 0x04, 0xA0, 0x9B, 0x3D,
+ 0x84, 0x86, 0x10, 0xA0, 0xF0
+};
+static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256);
+
+/* ./certs/ecc-key.der, ECC */
+static const unsigned char ecc_key_der_256[] =
+{
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xB6, 0x69,
+ 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38, 0x5B, 0x72, 0xE8,
+ 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA,
+ 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0,
+ 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+ 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC,
+ 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+ 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B,
+ 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02,
+ 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97,
+ 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02,
+ 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
+ 0xD8
+};
+static const int sizeof_ecc_key_der_256 = sizeof(ecc_key_der_256);
+
+/* ./certs/ecc-keyPub.der, ECC */
+static const unsigned char ecc_key_pub_der_256[] =
+{
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
+ 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+ 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC,
+ 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+ 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B,
+ 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02,
+ 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97,
+ 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02,
+ 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
+ 0xD8
+};
+static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256);
+
+/* ./certs/server-ecc-comp.der, ECC */
+static const unsigned char serv_ecc_comp_der_256[] =
+{
+ 0x30, 0x82, 0x03, 0x61, 0x30, 0x82, 0x03, 0x07, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE5, 0xB6, 0x66, 0xE0,
+ 0x08, 0x96, 0xC5, 0x95, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
+ 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45,
+ 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20,
+ 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65,
+ 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70,
+ 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+ 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+ 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D,
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+ 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
+ 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, 0x31,
+ 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32, 0x33,
+ 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33,
+ 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F,
+ 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
+ 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+ 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74,
+ 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31,
+ 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F,
+ 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, 0x43,
+ 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
+ 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
+ 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, 0x07,
+ 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A,
+ 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00,
+ 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A,
+ 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D,
+ 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C,
+ 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x46, 0x30, 0x82, 0x01,
+ 0x42, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
+ 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF,
+ 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6,
+ 0x5A, 0x18, 0x30, 0x81, 0xD5, 0x06, 0x03, 0x55, 0x1D, 0x23,
+ 0x04, 0x81, 0xCD, 0x30, 0x81, 0xCA, 0x80, 0x14, 0x8C, 0x38,
+ 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, 0xAC,
+ 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, 0x81,
+ 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+ 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
+ 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16,
+ 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C,
+ 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F,
+ 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+ 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+ 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+ 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
+ 0xE5, 0xB6, 0x66, 0xE0, 0x08, 0x96, 0xC5, 0x95, 0x30, 0x0C,
+ 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
+ 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
+ 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00,
+ 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04,
+ 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48,
+ 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
+ 0x02, 0x21, 0x00, 0xAE, 0x80, 0xD7, 0xF5, 0x4D, 0x76, 0x79,
+ 0x5C, 0x01, 0x14, 0x8B, 0xFD, 0x80, 0x79, 0xFB, 0x9B, 0xFE,
+ 0x8F, 0x0D, 0x9C, 0xC3, 0x7C, 0xE6, 0x80, 0x4C, 0xA6, 0x54,
+ 0x16, 0x3F, 0xED, 0x1D, 0x5E, 0x02, 0x20, 0x09, 0x61, 0x2D,
+ 0x84, 0xE9, 0x04, 0x4F, 0x79, 0x0E, 0xE7, 0xF0, 0xCC, 0x52,
+ 0xD3, 0x2F, 0xE0, 0x89, 0xCF, 0xBE, 0x9B, 0x9F, 0x86, 0x23,
+ 0x2F, 0xE4, 0xCB, 0x43, 0x16, 0xBB, 0x09, 0x8D, 0x87
+};
+static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256);
+
+/* ./certs/server-ecc-rsa.der, ECC */
+static const unsigned char serv_ecc_rsa_der_256[] =
+{
+ 0x30, 0x82, 0x04, 0x1F, 0x30, 0x82, 0x03, 0x07, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05,
+ 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F,
+ 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
+ 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55,
+ 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F,
+ 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+ 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74,
+ 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+ 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+ 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32,
+ 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17,
+ 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34,
+ 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+ 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
+ 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x1A, 0x30, 0x18,
+ 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x45, 0x6C, 0x6C,
+ 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x52, 0x53,
+ 0x41, 0x73, 0x69, 0x67, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x45, 0x43, 0x43, 0x2D, 0x52,
+ 0x53, 0x41, 0x73, 0x69, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
+ 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
+ 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+ 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A,
+ 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
+ 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A,
+ 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D,
+ 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C,
+ 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93,
+ 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18,
+ 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33,
+ 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x82, 0x01, 0x3A, 0x30,
+ 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
+ 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E,
+ 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
+ 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55,
+ 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14,
+ 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED,
+ 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5,
+ 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11,
+ 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53,
+ 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30,
+ 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F,
+ 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+ 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+ 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00,
+ 0xAA, 0xD3, 0x3F, 0xAC, 0x18, 0x0A, 0x37, 0x4D, 0x30, 0x0C,
+ 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
+ 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
+ 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00,
+ 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04,
+ 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
+ 0x01, 0x01, 0x00, 0x4B, 0xCD, 0xC5, 0x8F, 0xFC, 0xBB, 0xC3,
+ 0x36, 0xC5, 0xD4, 0x4D, 0x71, 0x04, 0x13, 0x53, 0xA0, 0x3C,
+ 0xA3, 0x4E, 0x2A, 0xDD, 0x0D, 0xD3, 0xA7, 0x62, 0x31, 0x0D,
+ 0xC6, 0x32, 0x07, 0x31, 0xD4, 0x6B, 0x0F, 0x8B, 0x55, 0xA2,
+ 0x2F, 0x2C, 0xB3, 0xAE, 0x46, 0x91, 0x8A, 0x09, 0xBE, 0x7E,
+ 0xFF, 0xE2, 0x67, 0x46, 0xF2, 0x7E, 0xD4, 0x6F, 0xBE, 0x5D,
+ 0x57, 0x42, 0xFD, 0x3A, 0x56, 0xB0, 0xE8, 0x0E, 0x4D, 0x12,
+ 0xFD, 0xF5, 0x00, 0xCA, 0x6F, 0xBD, 0x88, 0x0C, 0x04, 0x47,
+ 0x1A, 0xEC, 0x5D, 0x96, 0x3F, 0xB6, 0xA5, 0x8B, 0x9D, 0x47,
+ 0xA6, 0x4F, 0x82, 0x07, 0x33, 0x9D, 0x11, 0x0A, 0x3D, 0x38,
+ 0x1D, 0x21, 0x4F, 0xD4, 0x1E, 0x1D, 0xA6, 0xD7, 0x6B, 0x72,
+ 0x1C, 0x51, 0xE1, 0x7A, 0x7A, 0x6C, 0x76, 0x2C, 0x98, 0x14,
+ 0x48, 0xFD, 0xF1, 0xD1, 0x7C, 0x53, 0x86, 0xED, 0x8C, 0x5F,
+ 0x4F, 0x0F, 0x27, 0x5D, 0x45, 0xBE, 0xED, 0x26, 0x90, 0xD2,
+ 0x51, 0x04, 0x4D, 0x06, 0x5B, 0x64, 0x1C, 0x5E, 0x31, 0x63,
+ 0xCC, 0xD4, 0xD5, 0x0B, 0x28, 0xCC, 0xE2, 0x29, 0x40, 0x75,
+ 0x87, 0x21, 0x64, 0x8E, 0x8B, 0x87, 0xEF, 0x90, 0xBB, 0x46,
+ 0x91, 0x91, 0xF9, 0x63, 0xF8, 0xB0, 0xA7, 0x5E, 0x8D, 0xE8,
+ 0x20, 0xC6, 0xB7, 0x5A, 0xD9, 0x0E, 0x35, 0xFB, 0xBA, 0xD1,
+ 0x09, 0xD1, 0x98, 0xA6, 0x61, 0x25, 0xE2, 0x0D, 0x97, 0xC4,
+ 0x1B, 0x0F, 0xBC, 0xB6, 0xEC, 0xE7, 0x96, 0x80, 0xB8, 0xE5,
+ 0x55, 0x03, 0x1E, 0x7F, 0xB5, 0xFD, 0x40, 0x06, 0xCC, 0xAA,
+ 0x7B, 0xF0, 0xB3, 0x81, 0x2E, 0xE1, 0x4E, 0x3A, 0x52, 0xE3,
+ 0xF3, 0xC4, 0xD3, 0x8C, 0x78, 0x49, 0x00, 0x3A, 0x57, 0xDF,
+ 0x0E, 0xAA, 0x2F, 0x14, 0x52, 0x3F, 0xC8, 0xFA, 0x82, 0xB9,
+ 0xBF, 0x27, 0xF8, 0x9C, 0x42, 0xB7, 0x44, 0x36, 0x68
+};
+static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256);
+
+/* ./certs/server-ecc.der, ECC */
+static const unsigned char serv_ecc_der_256[] =
+{
+ 0x30, 0x82, 0x02, 0xA1, 0x30, 0x82, 0x02, 0x47, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, 0x0A, 0x06, 0x08,
+ 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81,
+ 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+ 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69,
+ 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74,
+ 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53,
+ 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B,
+ 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D,
+ 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+ 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+ 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+ 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32,
+ 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17,
+ 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34,
+ 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+ 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+ 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F,
+ 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
+ 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07,
+ 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
+ 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43,
+ 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
+ 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+ 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC,
+ 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+ 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B,
+ 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02,
+ 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97,
+ 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02,
+ 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
+ 0xD8, 0xA3, 0x81, 0x89, 0x30, 0x81, 0x86, 0x30, 0x1D, 0x06,
+ 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D,
+ 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B,
+ 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x1F,
+ 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
+ 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18, 0xB9,
+ 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3, 0xA5,
+ 0x21, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01,
+ 0xFF, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x03,
+ 0xA8, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C,
+ 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x03, 0x01, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+ 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06,
+ 0x40, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+ 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20,
+ 0x61, 0x6F, 0xE8, 0xB9, 0xAD, 0xCC, 0xC9, 0x1A, 0x81, 0x17,
+ 0x02, 0x64, 0x07, 0xC3, 0x18, 0x44, 0x01, 0x81, 0x76, 0x18,
+ 0x9D, 0x6D, 0x3D, 0x7D, 0xCB, 0xC1, 0x5A, 0x76, 0x4A, 0xAD,
+ 0x71, 0x55, 0x02, 0x21, 0x00, 0xCD, 0x22, 0x35, 0x04, 0x19,
+ 0xC2, 0x23, 0x21, 0x02, 0x88, 0x4B, 0x51, 0xDA, 0xDB, 0x51,
+ 0xAB, 0x54, 0x8C, 0xCB, 0x38, 0xAC, 0x8E, 0xBB, 0xEE, 0x18,
+ 0x07, 0xBF, 0x88, 0x36, 0x88, 0xFF, 0xD5
+};
+static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256);
+
+/* ./certs/ca-ecc-key.der, ECC */
+static const unsigned char ca_ecc_key_der_256[] =
+{
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x02, 0xE1, 0x33,
+ 0x98, 0x77, 0x97, 0xAC, 0x4A, 0x59, 0x6D, 0x28, 0x9B, 0x6E,
+ 0xA0, 0x93, 0x9B, 0x07, 0x71, 0x8B, 0x4D, 0x60, 0x63, 0x85,
+ 0x99, 0xE6, 0xBB, 0x16, 0x70, 0xE9, 0x0A, 0xF6, 0x80, 0xA0,
+ 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+ 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9,
+ 0x6E, 0xD6, 0x01, 0x8E, 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5,
+ 0xC0, 0x4C, 0xE3, 0x9E, 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10,
+ 0xD6, 0xE9, 0x09, 0x2A, 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9,
+ 0x8A, 0xBF, 0x33, 0x83, 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77,
+ 0x40, 0xB5, 0x3B, 0x43, 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C,
+ 0x37, 0x44, 0xC1, 0xCB, 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA,
+ 0xA7
+};
+static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256);
+
+/* ./certs/ca-ecc-cert.der, ECC */
+static const unsigned char ca_ecc_cert_der_256[] =
+{
+ 0x30, 0x82, 0x02, 0x8A, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x83, 0x47, 0x7C, 0x81,
+ 0xD6, 0x0D, 0x1C, 0x4E, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
+ 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67,
+ 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
+ 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31,
+ 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B,
+ 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E,
+ 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x33, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+ 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
+ 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
+ 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F,
+ 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06,
+ 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65,
+ 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30,
+ 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+ 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
+ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
+ 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+ 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
+ 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
+ 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, 0x6E, 0xD6, 0x01, 0x8E,
+ 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, 0xC0, 0x4C, 0xE3, 0x9E,
+ 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, 0xD6, 0xE9, 0x09, 0x2A,
+ 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, 0x8A, 0xBF, 0x33, 0x83,
+ 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, 0x40, 0xB5, 0x3B, 0x43,
+ 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, 0x37, 0x44, 0xC1, 0xCB,
+ 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, 0xA7, 0xA3, 0x63, 0x30,
+ 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
+ 0x04, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18,
+ 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3,
+ 0xA5, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0,
+ 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF,
+ 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0x30, 0x0F, 0x06, 0x03, 0x55,
+ 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01,
+ 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A,
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
+ 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xC5, 0x83,
+ 0xFF, 0x1E, 0x51, 0xF7, 0xA1, 0xE9, 0xF1, 0x42, 0xC4, 0xBE,
+ 0xED, 0x38, 0xBD, 0x38, 0x32, 0x8F, 0xAE, 0x3F, 0xC7, 0x6D,
+ 0x11, 0x90, 0xE9, 0x99, 0xAB, 0x61, 0xA2, 0xDB, 0xA7, 0x4B,
+ 0x02, 0x20, 0x28, 0x40, 0xD9, 0xBA, 0x45, 0xCC, 0xA6, 0xEA,
+ 0xFA, 0x3F, 0x3E, 0x71, 0x44, 0x8E, 0x02, 0x03, 0x2F, 0x41,
+ 0x0B, 0x56, 0x78, 0x2D, 0xA6, 0xE8, 0x5E, 0xF6, 0xFF, 0xDA,
+ 0x62, 0x8C, 0xF9, 0xDF
+};
+static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256);
+
+/* ./certs/ca-ecc384-key.der, ECC */
+static const unsigned char ca_ecc_key_der_384[] =
+{
+ 0x30, 0x81, 0xA4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x7B, 0x16,
+ 0xE3, 0xD6, 0xD2, 0x81, 0x94, 0x6C, 0x8A, 0xDD, 0xA8, 0x78,
+ 0xEE, 0xC7, 0x7E, 0xB3, 0xC5, 0xD1, 0xDB, 0x2E, 0xF3, 0xED,
+ 0x0E, 0x48, 0x85, 0xB1, 0xF2, 0xE1, 0x7A, 0x39, 0x56, 0xC0,
+ 0xF1, 0x62, 0x12, 0x0F, 0x35, 0xB7, 0x39, 0xBC, 0x9C, 0x25,
+ 0xC0, 0x76, 0xEB, 0xFE, 0x55, 0x70, 0xA0, 0x07, 0x06, 0x05,
+ 0x2B, 0x81, 0x04, 0x00, 0x22, 0xA1, 0x64, 0x03, 0x62, 0x00,
+ 0x04, 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4,
+ 0xD7, 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4,
+ 0x03, 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E,
+ 0xA2, 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16,
+ 0x9C, 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76,
+ 0x3C, 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD,
+ 0xDE, 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6,
+ 0x66, 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7,
+ 0x83, 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE,
+ 0x35, 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0
+};
+static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384);
+
+/* ./certs/ca-ecc384-cert.der, ECC */
+static const unsigned char ca_ecc_cert_der_384[] =
+{
+ 0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x02, 0x4D, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA8, 0x60, 0xFD, 0x75,
+ 0x07, 0x98, 0x55, 0x6A, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
+ 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67,
+ 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+ 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
+ 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
+ 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31,
+ 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B,
+ 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E,
+ 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+ 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+ 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+ 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32,
+ 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+ 0x33, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+ 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
+ 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
+ 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F,
+ 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06,
+ 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65,
+ 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30,
+ 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+ 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
+ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
+ 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+ 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x76, 0x30, 0x10,
+ 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
+ 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04,
+ 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4, 0xD7,
+ 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4, 0x03,
+ 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E, 0xA2,
+ 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16, 0x9C,
+ 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76, 0x3C,
+ 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD, 0xDE,
+ 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6, 0x66,
+ 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7, 0x83,
+ 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE, 0x35,
+ 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0, 0xA3, 0x63, 0x30, 0x61,
+ 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04,
+ 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, 0xD4, 0x72, 0xBB,
+ 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, 0x80, 0x12, 0x53,
+ 0x52, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18,
+ 0x30, 0x16, 0x80, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18,
+ 0xD4, 0x72, 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92,
+ 0x80, 0x12, 0x53, 0x52, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D,
+ 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+ 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01,
+ 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06,
+ 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x03,
+ 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x47, 0xA2, 0x36, 0x33,
+ 0xF4, 0x27, 0xBD, 0xD0, 0x5C, 0xE6, 0x8D, 0x3E, 0x31, 0xA9,
+ 0x4E, 0x51, 0x57, 0xA9, 0x93, 0x28, 0x72, 0x0A, 0x72, 0xAB,
+ 0x6E, 0xF9, 0x56, 0xC0, 0xF5, 0x70, 0x02, 0x9F, 0x9C, 0xB2,
+ 0x4A, 0x9C, 0x3E, 0x9F, 0xFB, 0xC5, 0x64, 0x26, 0x7A, 0x88,
+ 0xDC, 0x4A, 0x2A, 0x25, 0x02, 0x31, 0x00, 0x88, 0xF8, 0xE2,
+ 0xD5, 0x20, 0x82, 0xF2, 0xDE, 0x7B, 0xCB, 0x13, 0xAC, 0xCD,
+ 0xFF, 0xE8, 0x1E, 0x4E, 0x84, 0x3D, 0x9C, 0xAF, 0x5D, 0xF9,
+ 0x01, 0xE7, 0x4F, 0xD4, 0x03, 0x09, 0x84, 0x3D, 0x7B, 0x2B,
+ 0x83, 0xE2, 0xAE, 0x08, 0x68, 0x2E, 0x5B, 0x85, 0x6F, 0x43,
+ 0xF5, 0x41, 0xE0, 0xC7, 0xC9
+};
+static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384);
+
+#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
+
+/* dh1024 p */
+static const unsigned char dh_p[] =
+{
+ 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+ 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+ 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+ 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+ 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+ 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+ 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+ 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+ 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+ 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+ 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+};
+
+/* dh1024 g */
+static const unsigned char dh_g[] =
+{
+ 0x02,
+};
+
+#if defined(HAVE_ED25519)
+
+/* ./certs/ed25519/server-ed25519.der, ED25519 */
+static const unsigned char server_ed25519_cert[] =
+{
+ 0x30, 0x82, 0x02, 0x75, 0x30, 0x82, 0x02, 0x27, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x05, 0x06, 0x03,
+ 0x2B, 0x65, 0x70, 0x30, 0x81, 0x9B, 0x31, 0x0B, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
+ 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F,
+ 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F, 0x6C, 0x66,
+ 0x53, 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31,
+ 0x39, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B,
+ 0x0C, 0x0A, 0x43, 0x41, 0x2D, 0x65, 0x64, 0x32, 0x35, 0x35,
+ 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
+ 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
+ 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
+ 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+ 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x33, 0x31,
+ 0x30, 0x30, 0x36, 0x34, 0x39, 0x30, 0x33, 0x5A, 0x17, 0x0D,
+ 0x32, 0x33, 0x31, 0x32, 0x30, 0x35, 0x30, 0x36, 0x34, 0x39,
+ 0x30, 0x33, 0x5A, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
+ 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F,
+ 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F, 0x6C, 0x66,
+ 0x53, 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31,
+ 0x39, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0B,
+ 0x0C, 0x0E, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2D, 0x65,
+ 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77,
+ 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+ 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+ 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, 0x06,
+ 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x23, 0xAA, 0x4D,
+ 0x60, 0x50, 0xE0, 0x13, 0xD3, 0x3A, 0xED, 0xAB, 0xF6, 0xA9,
+ 0xCC, 0x4A, 0xFE, 0xD7, 0x4D, 0x2F, 0xD2, 0x5B, 0x1A, 0x10,
+ 0x05, 0xEF, 0x5A, 0x41, 0x25, 0xCE, 0x1B, 0x53, 0x78, 0xA3,
+ 0x81, 0x89, 0x30, 0x81, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55,
+ 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xA3, 0x29, 0x81, 0xE7,
+ 0x90, 0x6F, 0xB9, 0x60, 0xF8, 0xAF, 0xCC, 0x15, 0x7A, 0xAE,
+ 0xD7, 0xA1, 0xF4, 0xB4, 0x86, 0xBA, 0x30, 0x1F, 0x06, 0x03,
+ 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x74,
+ 0xD5, 0x38, 0x19, 0x5E, 0x83, 0xB9, 0x03, 0xF8, 0x01, 0x8A,
+ 0x35, 0x35, 0xBB, 0x89, 0x4C, 0x49, 0xB4, 0x23, 0xE9, 0x30,
+ 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04,
+ 0x02, 0x30, 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F,
+ 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x03, 0xA8, 0x30,
+ 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C, 0x30, 0x0A,
+ 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
+ 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8,
+ 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30,
+ 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0xF3,
+ 0xC2, 0xEF, 0x8B, 0x55, 0x65, 0x4F, 0xBC, 0xE3, 0xDF, 0xFC,
+ 0xD8, 0xA1, 0xAD, 0x8E, 0x43, 0x07, 0x73, 0xC8, 0x58, 0xC3,
+ 0x46, 0x0A, 0xC1, 0xF1, 0x4D, 0x3F, 0xFB, 0x3D, 0x78, 0xE6,
+ 0x76, 0x58, 0x26, 0xCE, 0xD7, 0x59, 0x55, 0xEC, 0xC5, 0xB5,
+ 0xB4, 0x05, 0xED, 0xF9, 0xD4, 0x97, 0x69, 0x66, 0xD6, 0x2C,
+ 0x1B, 0x43, 0x5A, 0x51, 0x5C, 0xBE, 0x10, 0x28, 0x95, 0xC4,
+ 0x96, 0xAF, 0x00
+};
+static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert);
+
+/* ./certs/ed25519/server-ed25519-key.der, ED25519 */
+static const unsigned char server_ed25519_key[] =
+{
+ 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03,
+ 0x21, 0x00, 0x23, 0xAA, 0x4D, 0x60, 0x50, 0xE0, 0x13, 0xD3,
+ 0x3A, 0xED, 0xAB, 0xF6, 0xA9, 0xCC, 0x4A, 0xFE, 0xD7, 0x4D,
+ 0x2F, 0xD2, 0x5B, 0x1A, 0x10, 0x05, 0xEF, 0x5A, 0x41, 0x25,
+ 0xCE, 0x1B, 0x53, 0x78
+};
+static const int sizeof_server_ed25519_key = sizeof(server_ed25519_key);
+
+/* ./certs/ed25519/ca-ed25519.der, ED25519 */
+static const unsigned char ca_ed25519_cert[] =
+{
+ 0x30, 0x82, 0x02, 0x4C, 0x30, 0x82, 0x01, 0xFE, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x05, 0x06, 0x03,
+ 0x2B, 0x65, 0x70, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
+ 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F,
+ 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F, 0x6C, 0x66,
+ 0x53, 0x53, 0x4C, 0x5F, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31,
+ 0x39, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0B,
+ 0x0C, 0x0C, 0x52, 0x6F, 0x6F, 0x74, 0x2D, 0x45, 0x64, 0x32,
+ 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30,
+ 0x33, 0x31, 0x30, 0x30, 0x36, 0x34, 0x39, 0x30, 0x33, 0x5A,
+ 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x30, 0x35, 0x30, 0x36,
+ 0x34, 0x39, 0x30, 0x33, 0x5A, 0x30, 0x81, 0x9B, 0x31, 0x0B,
+ 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+ 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
+ 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
+ 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30,
+ 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F,
+ 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32, 0x35,
+ 0x35, 0x31, 0x39, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+ 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x41, 0x2D, 0x65, 0x64, 0x32,
+ 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+ 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+ 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+ 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+ 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B,
+ 0x65, 0x70, 0x03, 0x21, 0x00, 0x42, 0x3B, 0x7A, 0xF9, 0x82,
+ 0xCF, 0xF9, 0xDF, 0x19, 0xDD, 0xF3, 0xF0, 0x32, 0x29, 0x6D,
+ 0xFA, 0xFD, 0x76, 0x4F, 0x68, 0xC2, 0xC2, 0xE0, 0x6C, 0x47,
+ 0xAE, 0xC2, 0x55, 0x68, 0xAC, 0x0D, 0x4D, 0xA3, 0x63, 0x30,
+ 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
+ 0x04, 0x14, 0x74, 0xD5, 0x38, 0x19, 0x5E, 0x83, 0xB9, 0x03,
+ 0xF8, 0x01, 0x8A, 0x35, 0x35, 0xBB, 0x89, 0x4C, 0x49, 0xB4,
+ 0x23, 0xE9, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
+ 0x18, 0x30, 0x16, 0x80, 0x14, 0xFA, 0xBA, 0x5B, 0x76, 0x1D,
+ 0xF1, 0x1D, 0x1D, 0x4D, 0x74, 0x48, 0xD8, 0x98, 0x3B, 0x56,
+ 0xEF, 0xB3, 0x14, 0xF3, 0xDE, 0x30, 0x0F, 0x06, 0x03, 0x55,
+ 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01,
+ 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x05,
+ 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0xDA, 0xFE,
+ 0x58, 0x53, 0x89, 0x43, 0x85, 0x98, 0x35, 0xDC, 0x13, 0x1C,
+ 0xA3, 0xF1, 0x1F, 0x8D, 0x26, 0xBE, 0xB6, 0xA2, 0xFC, 0xB7,
+ 0xFE, 0x9C, 0xB9, 0x35, 0x69, 0x31, 0x7E, 0xD4, 0xB9, 0x11,
+ 0x45, 0x16, 0xA2, 0x29, 0x35, 0xA9, 0x74, 0xA7, 0x97, 0xDA,
+ 0x7E, 0x71, 0x4F, 0xB1, 0x72, 0x5D, 0x75, 0x17, 0xAC, 0xE3,
+ 0xF6, 0xB8, 0xCE, 0x1E, 0xE4, 0x8A, 0x95, 0xBA, 0xCD, 0x1D,
+ 0xCE, 0x0D
+};
+static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert);
+
+/* ./certs/ed25519/client-ed25519.der, ED25519 */
+static const unsigned char client_ed25519_cert[] =
+{
+ 0x30, 0x82, 0x03, 0x54, 0x30, 0x82, 0x03, 0x06, 0xA0, 0x03,
+ 0x02, 0x01, 0x02, 0x02, 0x14, 0x40, 0x66, 0xC6, 0x11, 0xBC,
+ 0x00, 0xF8, 0x51, 0xF9, 0xE4, 0x4B, 0xBB, 0x0B, 0xAD, 0xC1,
+ 0x09, 0x38, 0xB0, 0x4A, 0xE4, 0x30, 0x05, 0x06, 0x03, 0x2B,
+ 0x65, 0x70, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06,
+ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+ 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+ 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+ 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+ 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39,
+ 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
+ 0x0E, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x2D, 0x65, 0x64,
+ 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
+ 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+ 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+ 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
+ 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+ 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31,
+ 0x30, 0x33, 0x31, 0x30, 0x30, 0x36, 0x34, 0x39, 0x30, 0x33,
+ 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x30, 0x35, 0x30,
+ 0x36, 0x34, 0x39, 0x30, 0x33, 0x5A, 0x30, 0x81, 0x9F, 0x31,
+ 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+ 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+ 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C,
+ 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77,
+ 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32,
+ 0x35, 0x35, 0x31, 0x39, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
+ 0x55, 0x04, 0x0B, 0x0C, 0x0E, 0x43, 0x6C, 0x69, 0x65, 0x6E,
+ 0x74, 0x2D, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31,
+ 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+ 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+ 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
+ 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+ 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A,
+ 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00,
+ 0xE6, 0x57, 0x5B, 0x13, 0x1B, 0xC7, 0x51, 0x14, 0x6B, 0xED,
+ 0x3B, 0xF5, 0xD1, 0xFA, 0xAB, 0x9E, 0x6C, 0xB6, 0xEB, 0x02,
+ 0x09, 0xA3, 0x99, 0xF5, 0x6E, 0xBF, 0x9D, 0x3C, 0xFE, 0x54,
+ 0x39, 0xE6, 0xA3, 0x82, 0x01, 0x50, 0x30, 0x82, 0x01, 0x4C,
+ 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04,
+ 0x14, 0xFE, 0x41, 0x5E, 0x3E, 0x81, 0xE2, 0x2E, 0x46, 0xB3,
+ 0x3E, 0x47, 0x89, 0x90, 0xD4, 0xC2, 0xB4, 0x8E, 0x11, 0xD6,
+ 0x8A, 0x30, 0x81, 0xDF, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
+ 0x81, 0xD7, 0x30, 0x81, 0xD4, 0x80, 0x14, 0xFE, 0x41, 0x5E,
+ 0x3E, 0x81, 0xE2, 0x2E, 0x46, 0xB3, 0x3E, 0x47, 0x89, 0x90,
+ 0xD4, 0xC2, 0xB4, 0x8E, 0x11, 0xD6, 0x8A, 0xA1, 0x81, 0xA5,
+ 0xA4, 0x81, 0xA2, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
+ 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
+ 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F,
+ 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06,
+ 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F, 0x6C, 0x66,
+ 0x53, 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31,
+ 0x39, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0B,
+ 0x0C, 0x0E, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x2D, 0x65,
+ 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77,
+ 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+ 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86,
+ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+ 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+ 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x40, 0x66, 0xC6,
+ 0x11, 0xBC, 0x00, 0xF8, 0x51, 0xF9, 0xE4, 0x4B, 0xBB, 0x0B,
+ 0xAD, 0xC1, 0x09, 0x38, 0xB0, 0x4A, 0xE4, 0x30, 0x0C, 0x06,
+ 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+ 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15,
+ 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C,
+ 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00,
+ 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16,
+ 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x03, 0x02, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03,
+ 0x41, 0x00, 0xE0, 0x87, 0xE2, 0xCE, 0xD3, 0x87, 0x77, 0x9D,
+ 0xF7, 0x44, 0xC0, 0x73, 0x00, 0xFF, 0x07, 0x6D, 0x2E, 0x90,
+ 0x90, 0x5C, 0xBF, 0x30, 0x46, 0x9C, 0x75, 0xA9, 0x48, 0x50,
+ 0x8A, 0xDA, 0x09, 0x0F, 0xA8, 0xA8, 0x04, 0xB4, 0x33, 0xC8,
+ 0xF4, 0x28, 0x61, 0x9E, 0xC2, 0xA5, 0x19, 0xB7, 0x70, 0x1E,
+ 0x69, 0xCD, 0x49, 0x5C, 0x9A, 0xF3, 0x81, 0xE0, 0xDE, 0x38,
+ 0xB3, 0x37, 0xFF, 0x33, 0xBB, 0x07
+};
+static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert);
+
+/* ./certs/ed25519/client-ed25519-key.der, ED25519 */
+static const unsigned char client_ed25519_key[] =
+{
+ 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03,
+ 0x21, 0x00, 0xE6, 0x57, 0x5B, 0x13, 0x1B, 0xC7, 0x51, 0x14,
+ 0x6B, 0xED, 0x3B, 0xF5, 0xD1, 0xFA, 0xAB, 0x9E, 0x6C, 0xB6,
+ 0xEB, 0x02, 0x09, 0xA3, 0x99, 0xF5, 0x6E, 0xBF, 0x9D, 0x3C,
+ 0xFE, 0x54, 0x39, 0xE6
+};
+static const int sizeof_client_ed25519_key = sizeof(client_ed25519_key);
+
+#endif /* HAVE_ED25519 */
+
+#endif /* WOLFSSL_CERTS_TEST_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/crl.h b/ap/lib/libwolfssl/install/include/wolfssl/crl.h
new file mode 100644
index 0000000..308f2a8
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/crl.h
@@ -0,0 +1,50 @@
+/* crl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLFSSL_CRL_H
+#define WOLFSSL_CRL_H
+
+
+#ifdef HAVE_CRL
+
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/asn.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+WOLFSSL_LOCAL int InitCRL(WOLFSSL_CRL*, WOLFSSL_CERT_MANAGER*);
+WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL*, int dynamic);
+
+WOLFSSL_LOCAL int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int mon);
+WOLFSSL_LOCAL int BufferLoadCRL(WOLFSSL_CRL*, const byte*, long, int, int);
+WOLFSSL_LOCAL int CheckCertCRL(WOLFSSL_CRL*, DecodedCert*);
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CRL */
+#endif /* WOLFSSL_CRL_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/error-ssl.h b/ap/lib/libwolfssl/install/include/wolfssl/error-ssl.h
new file mode 100644
index 0000000..0c3399d
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/error-ssl.h
@@ -0,0 +1,210 @@
+/* error-ssl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLFSSL_ERROR_H
+#define WOLFSSL_ERROR_H
+
+#include <wolfssl/wolfcrypt/error-crypt.h> /* pull in wolfCrypt errors */
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum wolfSSL_ErrorCodes {
+ INPUT_CASE_ERROR = -301, /* process input state error */
+ PREFIX_ERROR = -302, /* bad index to key rounds */
+ MEMORY_ERROR = -303, /* out of memory */
+ VERIFY_FINISHED_ERROR = -304, /* verify problem on finished */
+ VERIFY_MAC_ERROR = -305, /* verify mac problem */
+ PARSE_ERROR = -306, /* parse error on header */
+ UNKNOWN_HANDSHAKE_TYPE = -307, /* weird handshake type */
+ SOCKET_ERROR_E = -308, /* error state on socket */
+ SOCKET_NODATA = -309, /* expected data, not there */
+ INCOMPLETE_DATA = -310, /* don't have enough data to
+ complete task */
+ UNKNOWN_RECORD_TYPE = -311, /* unknown type in record hdr */
+ DECRYPT_ERROR = -312, /* error during decryption */
+ FATAL_ERROR = -313, /* recvd alert fatal error */
+ ENCRYPT_ERROR = -314, /* error during encryption */
+ FREAD_ERROR = -315, /* fread problem */
+ NO_PEER_KEY = -316, /* need peer's key */
+ NO_PRIVATE_KEY = -317, /* need the private key */
+ RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */
+ NO_DH_PARAMS = -319, /* server missing DH params */
+ BUILD_MSG_ERROR = -320, /* build message failure */
+
+ BAD_HELLO = -321, /* client hello malformed */
+ DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
+ WANT_READ = -323, /* want read, call again */
+ NOT_READY_ERROR = -324, /* handshake layer not ready */
+ IPADDR_MISMATCH = -325, /* peer ip address mismatch */
+ VERSION_ERROR = -326, /* record layer version error */
+ WANT_WRITE = -327, /* want write, call again */
+ BUFFER_ERROR = -328, /* malformed buffer input */
+ VERIFY_CERT_ERROR = -329, /* verify cert error */
+ VERIFY_SIGN_ERROR = -330, /* verify sign error */
+ CLIENT_ID_ERROR = -331, /* psk client identity error */
+ SERVER_HINT_ERROR = -332, /* psk server hint error */
+ PSK_KEY_ERROR = -333, /* psk key error */
+
+ GETTIME_ERROR = -337, /* gettimeofday failed ??? */
+ GETITIMER_ERROR = -338, /* getitimer failed ??? */
+ SIGACT_ERROR = -339, /* sigaction failed ??? */
+ SETITIMER_ERROR = -340, /* setitimer failed ??? */
+ LENGTH_ERROR = -341, /* record layer length error */
+ PEER_KEY_ERROR = -342, /* can't decode peer key */
+ ZERO_RETURN = -343, /* peer sent close notify */
+ SIDE_ERROR = -344, /* wrong client/server type */
+ NO_PEER_CERT = -345, /* peer didn't send key */
+ NTRU_KEY_ERROR = -346, /* NTRU key error */
+ NTRU_DRBG_ERROR = -347, /* NTRU drbg error */
+ NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */
+ NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */
+ ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */
+ ECC_CURVE_ERROR = -351, /* Bad ECC Curve */
+ ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */
+ ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */
+ ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */
+ ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */
+ NOT_CA_ERROR = -357, /* Not a CA cert error */
+
+ BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */
+ OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */
+ CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */
+ CRL_MISSING = -362, /* CRL Not loaded */
+ MONITOR_SETUP_E = -363, /* CRL Monitor setup error */
+ THREAD_CREATE_E = -364, /* Thread Create Error */
+ OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */
+ OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */
+ OCSP_LOOKUP_FAIL = -367, /* OCSP lookup not successful */
+ MAX_CHAIN_ERROR = -368, /* max chain depth exceeded */
+ COOKIE_ERROR = -369, /* dtls cookie error */
+ SEQUENCE_ERROR = -370, /* dtls sequence error */
+ SUITES_ERROR = -371, /* suites pointer error */
+
+ OUT_OF_ORDER_E = -373, /* out of order message */
+ BAD_KEA_TYPE_E = -374, /* bad KEA type found */
+ SANITY_CIPHER_E = -375, /* sanity check on cipher error */
+ RECV_OVERFLOW_E = -376, /* RXCB returned more than read */
+ GEN_COOKIE_E = -377, /* Generate Cookie Error */
+ NO_PEER_VERIFY = -378, /* Need peer cert verify Error */
+ FWRITE_ERROR = -379, /* fwrite problem */
+ CACHE_MATCH_ERROR = -380, /* Cache hdr match error */
+ UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */
+ UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */
+ KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */
+ KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */
+ EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */
+ SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */
+ SECURE_RENEGOTIATION_E = -388, /* Invalid Renegotiation Info */
+ SESSION_TICKET_LEN_E = -389, /* Session Ticket too large */
+ SESSION_TICKET_EXPECT_E = -390, /* Session Ticket missing */
+ SCR_DIFFERENT_CERT_E = -391, /* SCR Different cert error */
+ SESSION_SECRET_CB_E = -392, /* Session secret Cb fcn failure */
+ NO_CHANGE_CIPHER_E = -393, /* Finished before change cipher */
+ SANITY_MSG_E = -394, /* Sanity check on msg order error */
+ DUPLICATE_MSG_E = -395, /* Duplicate message error */
+ SNI_UNSUPPORTED = -396, /* SSL 3.0 does not support SNI */
+ SOCKET_PEER_CLOSED_E = -397, /* Underlying transport closed */
+ BAD_TICKET_KEY_CB_SZ = -398, /* Bad session ticket key cb size */
+ BAD_TICKET_MSG_SZ = -399, /* Bad session ticket msg size */
+ BAD_TICKET_ENCRYPT = -400, /* Bad user ticket encrypt */
+ DH_KEY_SIZE_E = -401, /* DH Key too small */
+ SNI_ABSENT_ERROR = -402, /* No SNI request. */
+ RSA_SIGN_FAULT = -403, /* RSA Sign fault */
+ HANDSHAKE_SIZE_ERROR = -404, /* Handshake message too large */
+ UNKNOWN_ALPN_PROTOCOL_NAME_E = -405, /* Unrecognized protocol name Error*/
+ BAD_CERTIFICATE_STATUS_ERROR = -406, /* Bad certificate status message */
+ OCSP_INVALID_STATUS = -407, /* Invalid OCSP Status */
+ OCSP_WANT_READ = -408, /* OCSP callback response WOLFSSL_CBIO_ERR_WANT_READ */
+ RSA_KEY_SIZE_E = -409, /* RSA key too small */
+ ECC_KEY_SIZE_E = -410, /* ECC key too small */
+ DTLS_EXPORT_VER_E = -411, /* export version error */
+ INPUT_SIZE_E = -412, /* input size too big error */
+ CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */
+ EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */
+ DTLS_POOL_SZ_E = -415, /* exceeded DTLS pool size */
+ DECODE_E = -416, /* decode handshake message error */
+ HTTP_TIMEOUT = -417, /* HTTP timeout for OCSP or CRL req */
+ WRITE_DUP_READ_E = -418, /* Write dup write side can't read */
+ WRITE_DUP_WRITE_E = -419, /* Write dup read side can't write */
+ INVALID_CERT_CTX_E = -420, /* TLS cert ctx not matching */
+ BAD_KEY_SHARE_DATA = -421, /* Key Share data invalid */
+ MISSING_HANDSHAKE_DATA = -422, /* Handshake message missing data */
+ BAD_BINDER = -423, /* Binder does not match */
+ EXT_NOT_ALLOWED = -424, /* Extension not allowed in msg */
+ INVALID_PARAMETER = -425, /* Security parameter invalid */
+ MCAST_HIGHWATER_CB_E = -426, /* Multicast highwater cb err */
+ ALERT_COUNT_E = -427, /* Alert Count exceeded err */
+ EXT_MISSING = -428, /* Required extension not found */
+ UNSUPPORTED_EXTENSION = -429, /* TLSX not requested by client */
+ PRF_MISSING = -430, /* PRF not compiled in */
+ DTLS_RETX_OVER_TX = -431, /* Retransmit DTLS flight over */
+ DH_PARAMS_NOT_FFDHE_E = -432, /* DH params from server not FFDHE */
+ TCA_INVALID_ID_TYPE = -433, /* TLSX TCA ID type invalid */
+ TCA_ABSENT_ERROR = -434, /* TLSX TCA ID no response */
+ TSIP_MAC_DIGSZ_E = -435, /* Invalid MAC size for TSIP */
+ CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */
+ SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */
+ TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */
+ DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
+ NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
+ APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */
+ TOO_MUCH_EARLY_DATA = -442, /* Too much Early data */
+
+ SOCKET_FILTERED_E = -443, /* Session stopped by network filter */
+
+ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
+
+ /* begin negotiation parameter errors */
+ UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */
+ MATCH_SUITE_ERROR = -501, /* can't match cipher suite */
+ COMPRESSION_ERROR = -502, /* compression mismatch */
+ KEY_SHARE_ERROR = -503, /* key share mismatch */
+ POST_HAND_AUTH_ERROR = -504, /* client won't do post-hand auth */
+ HRR_COOKIE_ERROR = -505 /* HRR msg cookie mismatch */
+ /* end negotiation parameter errors only 10 for now */
+ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
+
+ /* no error stings go down here, add above negotiation errors !!!! */
+};
+
+
+#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
+ enum {
+ MIN_PARAM_ERR = UNSUPPORTED_SUITE,
+ MAX_PARAM_ERR = MIN_PARAM_ERR - 10
+ };
+#endif
+
+
+WOLFSSL_LOCAL
+void SetErrorString(int err, char* buff);
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* wolfSSL_ERROR_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/ocsp.h b/ap/lib/libwolfssl/install/include/wolfssl/ocsp.h
new file mode 100644
index 0000000..acdad51
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/ocsp.h
@@ -0,0 +1,149 @@
+/* ocsp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* wolfSSL OCSP API */
+
+#ifndef WOLFSSL_OCSP_H
+#define WOLFSSL_OCSP_H
+
+#ifdef HAVE_OCSP
+
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/asn.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
+
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\
+ defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
+
+typedef struct OcspEntry WOLFSSL_OCSP_CERTID;
+
+typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP;
+
+typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
+
+typedef struct OcspRequest WOLFSSL_OCSP_REQUEST;
+#endif
+
+WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
+WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
+
+WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
+ WOLFSSL_BUFFER_INFO* responseBuffer);
+WOLFSSL_LOCAL int CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*,
+ WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl);
+WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
+ OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
+WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
+ WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status,
+ OcspEntry *entry, OcspRequest *ocspRequest);
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+ defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
+
+ WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
+ WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
+ WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd,
+ WOLFSSL_ASN1_TIME **nextupd);
+WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s);
+WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
+ WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec);
+
+WOLFSSL_API void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId);
+WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
+ const WOLFSSL_EVP_MD *dgst, const WOLFSSL_X509 *subject,
+ const WOLFSSL_X509 *issuer);
+
+WOLFSSL_API void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse);
+WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
+ WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags);
+
+WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response);
+#ifndef NO_BIO
+WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
+ OcspResponse** response);
+#endif
+WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
+ const unsigned char** data, int len);
+WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
+ unsigned char** data);
+WOLFSSL_API int wolfSSL_OCSP_response_status(OcspResponse *response);
+WOLFSSL_API const char *wolfSSL_OCSP_response_status_str(long s);
+WOLFSSL_API WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(
+ OcspResponse* response);
+
+WOLFSSL_API OcspRequest* wolfSSL_OCSP_REQUEST_new(void);
+WOLFSSL_API void wolfSSL_OCSP_REQUEST_free(OcspRequest* request);
+WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request,
+ unsigned char** data);
+WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
+ WOLFSSL_OCSP_CERTID *cid);
+WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*);
+#ifndef NO_BIO
+WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
+ WOLFSSL_OCSP_REQUEST *req);
+#endif
+
+WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **);
+WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single);
+WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
+ int *reason,
+ WOLFSSL_ASN1_TIME **revtime,
+ WOLFSSL_ASN1_TIME **thisupd,
+ WOLFSSL_ASN1_TIME **nextupd);
+WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
+WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx);
+
+#endif
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req,
+ WOLFSSL_X509_EXTENSION* ext, int idx);
+WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status,
+ WOLFSSL_OCSP_BASICRESP* bs);
+WOLFSSL_API const char* wolfSSL_OCSP_crl_reason_str(long s);
+
+WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING**,
+ WOLFSSL_ASN1_OBJECT**, WOLFSSL_ASN1_STRING**,
+ WOLFSSL_ASN1_INTEGER**, WOLFSSL_OCSP_CERTID*);
+
+WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req,
+ unsigned char* val, int sz);
+WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req,
+ WOLFSSL_OCSP_BASICRESP* bs);
+#endif
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* HAVE_OCSP */
+#endif /* WOLFSSL_OCSP_H */
+
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/aes.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/aes.h
new file mode 100644
index 0000000..0899943
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/aes.h
@@ -0,0 +1,100 @@
+/* aes.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* aes.h defines mini des openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_AES_H_
+#define WOLFSSL_AES_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_AES
+#include <wolfssl/openssl/ssl.h> /* for size_t */
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* This structure wrapper is done because there is no aes_new function with
+ * OpenSSL compatibility layer. This makes code working with an AES structure
+ * to need the size of the structure. */
+typedef struct WOLFSSL_AES_KEY {
+ ALIGN16 void *buf[(sizeof(Aes) / sizeof(void *)) + 1];
+} WOLFSSL_AES_KEY;
+typedef WOLFSSL_AES_KEY AES_KEY;
+
+WOLFSSL_API int wolfSSL_AES_set_encrypt_key
+ (const unsigned char *, const int bits, AES_KEY *);
+WOLFSSL_API int wolfSSL_AES_set_decrypt_key
+ (const unsigned char *, const int bits, AES_KEY *);
+WOLFSSL_API void wolfSSL_AES_cbc_encrypt
+ (const unsigned char *in, unsigned char* out, size_t len,
+ AES_KEY *key, unsigned char* iv, const int enc);
+WOLFSSL_API void wolfSSL_AES_ecb_encrypt
+ (const unsigned char *in, unsigned char* out,
+ AES_KEY *key, const int enc);
+WOLFSSL_API void wolfSSL_AES_cfb128_encrypt
+ (const unsigned char *in, unsigned char* out, size_t len,
+ AES_KEY *key, unsigned char* iv, int* num, const int enc);
+WOLFSSL_API int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+WOLFSSL_API int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+
+#define AES_cbc_encrypt wolfSSL_AES_cbc_encrypt
+#define AES_ecb_encrypt wolfSSL_AES_ecb_encrypt
+#define AES_cfb128_encrypt wolfSSL_AES_cfb128_encrypt
+#define AES_set_encrypt_key wolfSSL_AES_set_encrypt_key
+#define AES_set_decrypt_key wolfSSL_AES_set_decrypt_key
+#define AES_wrap_key wolfSSL_AES_wrap_key
+#define AES_unwrap_key wolfSSL_AES_unwrap_key
+
+#ifdef WOLFSSL_AES_DIRECT
+WOLFSSL_API void wolfSSL_AES_encrypt
+ (const unsigned char* input, unsigned char* output, AES_KEY *);
+WOLFSSL_API void wolfSSL_AES_decrypt
+ (const unsigned char* input, unsigned char* output, AES_KEY *);
+
+#define AES_encrypt wolfSSL_AES_encrypt
+#define AES_decrypt wolfSSL_AES_decrypt
+#endif /* HAVE_AES_DIRECT */
+
+#ifndef AES_ENCRYPT
+#define AES_ENCRYPT AES_ENCRYPTION
+#endif
+#ifndef AES_DECRYPT
+#define AES_DECRYPT AES_DECRYPTION
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_AES */
+
+#endif /* WOLFSSL_AES_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/asn1.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/asn1.h
new file mode 100644
index 0000000..3d885de
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/asn1.h
@@ -0,0 +1,174 @@
+/* asn1.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* asn1.h for openssl */
+
+#ifndef WOLFSSL_ASN1_H_
+#define WOLFSSL_ASN1_H_
+
+#include <wolfssl/openssl/ssl.h>
+
+#define ASN1_STRING_new wolfSSL_ASN1_STRING_new
+#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new
+#define ASN1_STRING_type wolfSSL_ASN1_STRING_type
+#define ASN1_STRING_set wolfSSL_ASN1_STRING_set
+#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
+
+#define ASN1_get_object wolfSSL_ASN1_get_object
+#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT
+#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT
+
+#define V_ASN1_INTEGER 0x02
+#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */
+#define V_ASN1_NEG 0x100
+#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
+#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
+
+/* Type for ASN1_print_ex */
+# define ASN1_STRFLGS_ESC_2253 1
+# define ASN1_STRFLGS_ESC_CTRL 2
+# define ASN1_STRFLGS_ESC_MSB 4
+# define ASN1_STRFLGS_ESC_QUOTE 8
+# define ASN1_STRFLGS_UTF8_CONVERT 0x10
+# define ASN1_STRFLGS_IGNORE_TYPE 0x20
+# define ASN1_STRFLGS_SHOW_TYPE 0x40
+# define ASN1_STRFLGS_DUMP_ALL 0x80
+# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
+# define ASN1_STRFLGS_DUMP_DER 0x200
+# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ ASN1_STRFLGS_UTF8_CONVERT | \
+ ASN1_STRFLGS_DUMP_UNKNOWN | \
+ ASN1_STRFLGS_DUMP_DER)
+
+#define MBSTRING_UTF8 0x1000
+#define MBSTRING_ASC 0x1001
+#define MBSTRING_BMP 0x1002
+#define MBSTRING_UNIV 0x1004
+
+#define ASN1_UTCTIME_print wolfSSL_ASN1_UTCTIME_print
+#define ASN1_TIME_check wolfSSL_ASN1_TIME_check
+#define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff
+#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
+
+#define V_ASN1_EOC 0
+#define V_ASN1_OBJECT 6
+#define V_ASN1_UTF8STRING 12
+#define V_ASN1_SEQUENCE 16
+#define V_ASN1_SET 17
+#define V_ASN1_PRINTABLESTRING 19
+#define V_ASN1_T61STRING 20
+#define V_ASN1_IA5STRING 22
+#define V_ASN1_UTCTIME 23
+#define V_ASN1_GENERALIZEDTIME 24
+#define V_ASN1_UNIVERSALSTRING 28
+#define V_ASN1_BMPSTRING 30
+
+
+#define V_ASN1_CONSTRUCTED 0x20
+
+#define ASN1_STRING_FLAG_BITS_LEFT 0x008
+#define ASN1_STRING_FLAG_NDEF 0x010
+#define ASN1_STRING_FLAG_CONT 0x020
+#define ASN1_STRING_FLAG_MSTRING 0x040
+#define ASN1_STRING_FLAG_EMBED 0x080
+
+
+WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
+ const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*);
+
+WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
+
+WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
+ int *cls, long inLen);
+
+WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
+ const unsigned char **pp, long len);
+
+#ifdef OPENSSL_ALL
+/* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally
+ * we don't use this. Some projects use OpenSSL to implement ASN1 types and
+ * this section is only to provide those projects with ASN1 functionality. */
+typedef struct {
+ size_t offset; /* Offset of this field in structure */
+ byte type; /* The type of the member as defined in
+ * WOLFSSL_ASN1_TYPES */
+} WOLFSSL_ASN1_TEMPLATE;
+
+typedef struct {
+ byte type; /* One of the ASN_Tags types */
+ const WOLFSSL_ASN1_TEMPLATE *members; /* If SEQUENCE or CHOICE this
+ * contains the contents */
+ size_t mcount; /* Number of members if SEQUENCE
+ * or CHOICE */
+ size_t size; /* Structure size */
+} WOLFSSL_ASN1_ITEM;
+
+typedef enum {
+ WOLFSSL_X509_ALGOR_ASN1 = 0,
+ WOLFSSL_ASN1_BIT_STRING_ASN1,
+} WOLFSSL_ASN1_TYPES;
+
+#define ASN1_SEQUENCE(type) \
+ static type __##type##_dummy_struct;\
+ static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
+
+#define ASN1_SIMPLE(type, member, member_type) \
+ { (char*)&__##type##_dummy_struct.member - (char*)&__##type##_dummy_struct, \
+ WOLFSSL_##member_type##_ASN1 }
+
+#define ASN1_SEQUENCE_END(type) \
+ ; \
+ const WOLFSSL_ASN1_ITEM type##_template_data = { \
+ ASN_SEQUENCE, \
+ type##_member_data, \
+ sizeof(type##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
+ sizeof(type) \
+ };
+
+WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
+ const WOLFSSL_ASN1_ITEM *tpl);
+
+/* Need function declaration otherwise compiler complains */
+#define IMPLEMENT_ASN1_FUNCTIONS(type) \
+ type *type##_new(void); \
+ type *type##_new(void){ \
+ return (type*)wolfSSL_ASN1_item_new(&type##_template_data); \
+ } \
+ void type##_free(type *t); \
+ void type##_free(type *t){ \
+ wolfSSL_ASN1_item_free(t, &type##_template_data); \
+ } \
+ int i2d_##type(type *src, byte **dest); \
+ int i2d_##type(type *src, byte **dest) \
+ { \
+ return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\
+ }
+
+#endif /* OPENSSL_ALL */
+
+#define BN_to_ASN1_INTEGER wolfSSL_BN_to_ASN1_INTEGER
+#define ASN1_TYPE_set wolfSSL_ASN1_TYPE_set
+
+#endif /* WOLFSSL_ASN1_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/asn1t.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/asn1t.h
new file mode 100644
index 0000000..98c2404
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/asn1t.h
@@ -0,0 +1,30 @@
+/* asn1t.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* asn1t.h for openssl */
+
+#ifndef WOLFSSL_ASN1T_H_
+#define WOLFSSL_ASN1T_H_
+
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/openssl/asn1.h>
+
+#endif /* WOLFSSL_ASN1T_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/bio.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/bio.h
new file mode 100644
index 0000000..89ce459
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/bio.h
@@ -0,0 +1,175 @@
+/* bio.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* bio.h for openssl */
+
+
+#ifndef WOLFSSL_BIO_H_
+#define WOLFSSL_BIO_H_
+
+#include <wolfssl/openssl/ssl.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+#define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
+#define BIO_FLAGS_READ WOLFSSL_BIO_FLAG_READ
+#define BIO_FLAGS_WRITE WOLFSSL_BIO_FLAG_WRITE
+#define BIO_FLAGS_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL
+#define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
+
+#define BIO_new_fp wolfSSL_BIO_new_fp
+#if defined(OPENSSL_ALL) \
+ || defined(HAVE_STUNNEL) \
+ || defined(HAVE_LIGHTY) \
+ || defined(WOLFSSL_MYSQL_COMPATIBLE) \
+ || defined(WOLFSSL_HAPROXY) \
+ || defined(OPENSSL_EXTRA)
+#define BIO_new_file wolfSSL_BIO_new_file
+#endif
+#define BIO_new_fp wolfSSL_BIO_new_fp
+#define BIO_ctrl wolfSSL_BIO_ctrl
+#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending
+#define BIO_wpending wolfSSL_BIO_wpending
+#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr
+#define BIO_int_ctrl wolfSSL_BIO_int_ctrl
+#define BIO_reset wolfSSL_BIO_reset
+#define BIO_s_file wolfSSL_BIO_s_file
+#define BIO_s_bio wolfSSL_BIO_s_bio
+#define BIO_s_socket wolfSSL_BIO_s_socket
+#define BIO_set_fd wolfSSL_BIO_set_fd
+#define BIO_set_close wolfSSL_BIO_set_close
+#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request
+#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size
+#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair
+
+#define BIO_new_fd wolfSSL_BIO_new_fd
+#define BIO_set_fp wolfSSL_BIO_set_fp
+#define BIO_get_fp wolfSSL_BIO_get_fp
+#define BIO_seek wolfSSL_BIO_seek
+#define BIO_tell wolfSSL_BIO_tell
+#define BIO_write_filename wolfSSL_BIO_write_filename
+#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return
+
+#define BIO_find_type wolfSSL_BIO_find_type
+#define BIO_next wolfSSL_BIO_next
+#define BIO_gets wolfSSL_BIO_gets
+#define BIO_puts wolfSSL_BIO_puts
+
+#define BIO_should_retry wolfSSL_BIO_should_retry
+
+#define BIO_TYPE_FILE WOLFSSL_BIO_FILE
+#define BIO_TYPE_BIO WOLFSSL_BIO_BIO
+#define BIO_TYPE_MEM WOLFSSL_BIO_MEMORY
+#define BIO_TYPE_BASE64 WOLFSSL_BIO_BASE64
+
+#define BIO_vprintf wolfSSL_BIO_vprintf
+#define BIO_printf wolfSSL_BIO_printf
+#define BIO_dump wolfSSL_BIO_dump
+
+/* BIO info callback */
+#define BIO_CB_FREE WOLFSSL_BIO_CB_FREE
+#define BIO_CB_READ WOLFSSL_BIO_CB_READ
+#define BIO_CB_WRITE WOLFSSL_BIO_CB_WRITE
+#define BIO_CB_PUTS WOLFSSL_BIO_CB_PUTS
+#define BIO_CB_GETS WOLFSSL_BIO_CB_GETS
+#define BIO_CB_CTRL WOLFSSL_BIO_CB_CTRL
+#define BIO_CB_RETURN WOLFSSL_BIO_CB_RETURN
+
+#define BIO_set_callback wolfSSL_BIO_set_callback
+#define BIO_get_callback wolfSSL_BIO_get_callback
+#define BIO_set_callback_arg wolfSSL_BIO_set_callback_arg
+#define BIO_get_callback_arg wolfSSL_BIO_get_callback_arg
+
+/* BIO for 1.1.0 or later */
+#define BIO_set_init wolfSSL_BIO_set_init
+#define BIO_get_data wolfSSL_BIO_get_data
+#define BIO_set_data wolfSSL_BIO_set_data
+#define BIO_get_shutdown wolfSSL_BIO_get_shutdown
+#define BIO_set_shutdown wolfSSL_BIO_set_shutdown
+
+#define BIO_clear_flags wolfSSL_BIO_clear_flags
+#define BIO_set_ex_data wolfSSL_BIO_set_ex_data
+#define BIO_get_ex_data wolfSSL_BIO_get_ex_data
+
+/* helper to set specific retry/read flags */
+#define BIO_set_retry_read(bio)\
+ wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ)
+#define BIO_set_retry_write(bio)\
+ wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE)
+
+#define BIO_clear_retry_flags wolfSSL_BIO_clear_retry_flags
+
+#define BIO_meth_new wolfSSL_BIO_meth_new
+#define BIO_meth_set_write wolfSSL_BIO_meth_set_write
+#define BIO_meth_free wolfSSL_BIO_meth_free
+#define BIO_meth_set_write wolfSSL_BIO_meth_set_write
+#define BIO_meth_set_read wolfSSL_BIO_meth_set_read
+#define BIO_meth_set_puts wolfSSL_BIO_meth_set_puts
+#define BIO_meth_set_gets wolfSSL_BIO_meth_set_gets
+#define BIO_meth_set_ctrl wolfSSL_BIO_meth_set_ctrl
+#define BIO_meth_set_create wolfSSL_BIO_meth_set_create
+#define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy
+
+#define BIO_snprintf XSNPRINTF
+
+/* BIO CTRL */
+#define BIO_CTRL_RESET 1
+#define BIO_CTRL_EOF 2
+#define BIO_CTRL_INFO 3
+#define BIO_CTRL_PUSH 6
+#define BIO_CTRL_POP 7
+#define BIO_CTRL_GET_CLOSE 8
+#define BIO_CTRL_SET_CLOSE 9
+#define BIO_CTRL_PENDING 10
+#define BIO_CTRL_FLUSH 11
+#define BIO_CTRL_DUP 12
+#define BIO_CTRL_WPENDING 13
+
+#define BIO_C_SET_FILE_PTR 106
+#define BIO_C_GET_FILE_PTR 107
+#define BIO_C_SET_FILENAME 108
+#define BIO_C_SET_BUF_MEM 114
+#define BIO_C_GET_BUF_MEM_PTR 115
+#define BIO_C_FILE_SEEK 128
+#define BIO_C_SET_BUF_MEM_EOF_RETURN 130
+#define BIO_C_SET_WRITE_BUF_SIZE 136
+#define BIO_C_MAKE_BIO_PAIR 138
+
+#define BIO_CTRL_DGRAM_QUERY_MTU 40
+
+#define BIO_FP_TEXT 0x00
+#define BIO_NOCLOSE 0x00
+#define BIO_CLOSE 0x01
+
+#define BIO_FP_WRITE 0x04
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_BIO_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/bn.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/bn.h
new file mode 100644
index 0000000..0bc2880
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/bn.h
@@ -0,0 +1,226 @@
+/* bn.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* bn.h for openssl */
+
+/*!
+ \file wolfssl/openssl/bn.h
+ \brief bn.h for openssl
+*/
+
+
+#ifndef WOLFSSL_BN_H_
+#define WOLFSSL_BN_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/integer.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef struct WOLFSSL_BIGNUM {
+ int neg; /* openssh deference */
+ void *internal; /* our big num */
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+ sp_int fp;
+#elif defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
+ fp_int fp;
+#endif
+} WOLFSSL_BIGNUM;
+
+
+#define BN_ULONG WOLFSSL_BN_ULONG
+#define WOLFSSL_BN_ULONG unsigned long
+
+typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
+typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
+
+WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
+WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*);
+WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*);
+
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
+#if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
+WOLFSSL_API void wolfSSL_BN_init(WOLFSSL_BIGNUM *);
+#endif
+WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM*);
+WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
+WOLFSSL_API void wolfSSL_BN_clear(WOLFSSL_BIGNUM*);
+
+
+WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
+ const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
+ const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
+ const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
+ const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
+
+
+WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+
+WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len,
+ WOLFSSL_BIGNUM* ret);
+
+WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
+
+WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top,
+ int bottom);
+WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
+WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
+WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
+
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*,
+ const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
+WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
+
+WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+ WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
+ const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
+ WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
+ WOLFSSL_BN_ULONG);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+ WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*);
+#endif
+WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+ const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx);
+
+typedef WOLFSSL_BIGNUM BIGNUM;
+typedef WOLFSSL_BN_CTX BN_CTX;
+typedef WOLFSSL_BN_GENCB BN_GENCB;
+
+#define BN_CTX_new wolfSSL_BN_CTX_new
+#define BN_CTX_init wolfSSL_BN_CTX_init
+#define BN_CTX_free wolfSSL_BN_CTX_free
+
+#define BN_new wolfSSL_BN_new
+#define BN_init wolfSSL_BN_init
+#define BN_free wolfSSL_BN_free
+#define BN_clear_free wolfSSL_BN_clear_free
+#define BN_clear wolfSSL_BN_clear
+
+#define BN_num_bytes wolfSSL_BN_num_bytes
+#define BN_num_bits wolfSSL_BN_num_bits
+
+#define BN_is_zero wolfSSL_BN_is_zero
+#define BN_is_one wolfSSL_BN_is_one
+#define BN_is_odd wolfSSL_BN_is_odd
+#define BN_is_negative wolfSSL_BN_is_negative
+#define BN_is_word wolfSSL_BN_is_word
+
+#define BN_cmp wolfSSL_BN_cmp
+
+#define BN_bn2bin wolfSSL_BN_bn2bin
+#define BN_bin2bn wolfSSL_BN_bin2bn
+
+#define BN_mod wolfSSL_BN_mod
+#define BN_mod_exp wolfSSL_BN_mod_exp
+#define BN_mod_mul wolfSSL_BN_mod_mul
+#define BN_sub wolfSSL_BN_sub
+#define BN_value_one wolfSSL_BN_value_one
+
+#define BN_mask_bits wolfSSL_mask_bits
+
+#define BN_pseudo_rand wolfSSL_BN_pseudo_rand
+#define BN_rand wolfSSL_BN_rand
+#define BN_is_bit_set wolfSSL_BN_is_bit_set
+#define BN_hex2bn wolfSSL_BN_hex2bn
+
+#define BN_dup wolfSSL_BN_dup
+#define BN_copy wolfSSL_BN_copy
+
+#define BN_get_word wolfSSL_BN_get_word
+#define BN_set_word wolfSSL_BN_set_word
+
+#define BN_dec2bn wolfSSL_BN_dec2bn
+#define BN_bn2dec wolfSSL_BN_bn2dec
+#define BN_bn2hex wolfSSL_BN_bn2hex
+
+#define BN_lshift wolfSSL_BN_lshift
+#define BN_add_word wolfSSL_BN_add_word
+#define BN_add wolfSSL_BN_add
+#define BN_mod_add wolfSSL_BN_mod_add
+#define BN_set_word wolfSSL_BN_set_word
+#define BN_set_bit wolfSSL_BN_set_bit
+#define BN_clear_bit wolfSSL_BN_clear_bit
+
+
+#define BN_is_prime_ex wolfSSL_BN_is_prime_ex
+#define BN_print_fp wolfSSL_BN_print_fp
+#define BN_rshift wolfSSL_BN_rshift
+#define BN_mod_word wolfSSL_BN_mod_word
+
+#define BN_CTX_get wolfSSL_BN_CTX_get
+#define BN_CTX_start wolfSSL_BN_CTX_start
+
+#define BN_mod_inverse wolfSSL_BN_mod_inverse
+
+#define BN_set_flags(x1, x2)
+
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define BN_get_rfc2409_prime_768 wolfSSL_DH_768_prime
+#define BN_get_rfc2409_prime_1024 wolfSSL_DH_1024_prime
+#define BN_get_rfc3526_prime_1536 wolfSSL_DH_1536_prime
+#define BN_get_rfc3526_prime_2048 wolfSSL_DH_2048_prime
+#define BN_get_rfc3526_prime_3072 wolfSSL_DH_3072_prime
+#define BN_get_rfc3526_prime_4096 wolfSSL_DH_4096_prime
+#define BN_get_rfc3526_prime_6144 wolfSSL_DH_6144_prime
+#define BN_get_rfc3526_prime_8192 wolfSSL_DH_8192_prime
+#endif
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL__H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/buffer.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/buffer.h
new file mode 100644
index 0000000..9ffd99e
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/buffer.h
@@ -0,0 +1,53 @@
+/* buffer.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_BUFFER_H_
+#define WOLFSSL_BUFFER_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/openssl/ssl.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void);
+WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len);
+WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
+WOLFSSL_API size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize);
+WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize);
+
+
+#define BUF_MEM_new wolfSSL_BUF_MEM_new
+#define BUF_MEM_grow wolfSSL_BUF_MEM_grow
+#define BUF_MEM_free wolfSSL_BUF_MEM_free
+
+#define BUF_strdup strdup
+#define BUF_strlcpy wolfSSL_strlcpy
+#define BUF_strlcat wolfSSL_strlcat
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_BUFFER_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/cms.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/cms.h
new file mode 100644
index 0000000..a782abb
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/cms.h
@@ -0,0 +1,26 @@
+/* cms.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CMS_H_
+#define WOLFSSL_CMS_H_
+
+
+#endif /* WOLFSSL_CMS_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/conf.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/conf.h
new file mode 100644
index 0000000..a71bc07
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/conf.h
@@ -0,0 +1,106 @@
+/* conf.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* conf.h for openSSL */
+
+#ifndef WOLFSSL_conf_H_
+#define WOLFSSL_conf_H_
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/version.h>
+
+typedef struct WOLFSSL_CONF_VALUE {
+ char *section;
+ char *name;
+ char *value;
+} WOLFSSL_CONF_VALUE;
+
+/* ssl.h requires WOLFSSL_CONF_VALUE */
+#include <wolfssl/ssl.h>
+
+typedef struct WOLFSSL_CONF {
+ void *meth_data;
+ WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data;
+} WOLFSSL_CONF;
+
+typedef WOLFSSL_CONF CONF;
+typedef WOLFSSL_CONF_VALUE CONF_VALUE;
+
+#ifdef OPENSSL_EXTRA
+
+WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void);
+WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
+ WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value);
+WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
+
+WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
+WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
+ const char *group, const char *name);
+WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
+ const char *name, long *result);
+WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section(
+ const WOLFSSL_CONF *conf, const char *section);
+WOLFSSL_API int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline);
+WOLFSSL_API void wolfSSL_NCONF_free(WOLFSSL_CONF *conf);
+
+WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(
+ WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *sk, WOLFSSL_CONF_VALUE *data);
+
+WOLFSSL_API int wolfSSL_CONF_modules_load(const WOLFSSL_CONF *cnf, const char *appname,
+ unsigned long flags);
+WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
+ const char *section);
+WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
+ const char *section);
+
+#define sk_CONF_VALUE_new wolfSSL_sk_CONF_VALUE_new
+#define sk_CONF_VALUE_free wolfSSL_sk_CONF_VALUE_free
+#define sk_CONF_VALUE_pop_free(a,b) wolfSSL_sk_CONF_VALUE_free(a)
+#define sk_CONF_VALUE_num wolfSSL_sk_CONF_VALUE_num
+#define sk_CONF_VALUE_value wolfSSL_sk_CONF_VALUE_value
+
+#define lh_CONF_VALUE_retrieve wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
+#define lh_CONF_VALUE_insert wolfSSL_sk_CONF_VALUE_push
+
+#define NCONF_new wolfSSL_NCONF_new
+#define NCONF_free wolfSSL_NCONF_free
+#define NCONF_get_string wolfSSL_NCONF_get_string
+#define NCONF_get_section wolfSSL_NCONF_get_section
+#define NCONF_get_number wolfSSL_NCONF_get_number
+#define NCONF_load wolfSSL_NCONF_load
+
+#define CONF_modules_load wolfSSL_CONF_modules_load
+#define _CONF_new_section wolfSSL_CONF_new_section
+#define _CONF_get_section wolfSSL_CONF_get_section
+
+#define X509V3_conf_free wolfSSL_X509V3_conf_free
+
+#endif /* OPENSSL_EXTRA */
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_conf_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/crypto.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/crypto.h
new file mode 100644
index 0000000..06128fe
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/crypto.h
@@ -0,0 +1,129 @@
+/* crypto.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* crypto.h for openSSL */
+
+#ifndef WOLFSSL_CRYPTO_H_
+#define WOLFSSL_CRYPTO_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#include <wolfssl/openssl/opensslv.h>
+#include <wolfssl/openssl/conf.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_crypto.h"
+#endif
+
+typedef struct WOLFSSL_INIT_SETTINGS {
+ char* appname;
+} WOLFSSL_INIT_SETTINGS;
+
+typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
+
+WOLFSSL_API const char* wolfSSLeay_version(int type);
+WOLFSSL_API unsigned long wolfSSLeay(void);
+WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void);
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
+WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
+WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c);
+WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len);
+
+WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
+#endif
+
+typedef struct WOLFSSL_CRYPTO_THREADID {
+ int dummy;
+}WOLFSSL_CRYPTO_THREADID;
+typedef struct crypto_threadid_st CRYPTO_THREADID;
+
+#define crypto_threadid_st WOLFSSL_CRYPTO_THREADID
+#define CRYPTO_THREADID WOLFSSL_CRYPTO_THREADID
+
+#define SSLeay_version wolfSSLeay_version
+#define SSLeay wolfSSLeay
+#define OpenSSL_version_num wolfSSL_OpenSSL_version_num
+
+#ifdef WOLFSSL_QT
+ #define SSLEAY_VERSION 0x10001000L
+#else
+ #define SSLEAY_VERSION 0x0090600fL
+#endif
+#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
+#define CRYPTO_lock wc_LockMutex_ex
+
+/* this function was used to set the default malloc, free, and realloc */
+#define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */
+
+#define OPENSSL_free wolfSSL_OPENSSL_free
+#define OPENSSL_malloc wolfSSL_OPENSSL_malloc
+#define OPENSSL_hexchar2int wolfSSL_OPENSSL_hexchar2int
+#define OPENSSL_hexstr2buf wolfSSL_OPENSSL_hexstr2buf
+
+#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0x00000001L
+#define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L
+#define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L
+#define OPENSSL_INIT_LOAD_CONFIG 0x00000040L
+
+#define OPENSSL_init_crypto wolfSSL_OPENSSL_init_crypto
+
+#ifdef WOLFSSL_OPENVPN
+# define OPENSSL_assert(e) \
+ if (!(e)) { \
+ fprintf(stderr, "%s:%d wolfSSL internal error: assertion failed: " #e, \
+ __FILE__, __LINE__); \
+ raise(SIGABRT); \
+ _exit(3); \
+ }
+#endif
+
+#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
+ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_EX_DATA)
+#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions
+#define FIPS_mode wolfSSL_FIPS_mode
+#define FIPS_mode_set wolfSSL_FIPS_mode_set
+typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA;
+typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx,
+ long argl, void* argp);
+#define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback
+#define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric
+#define CRYPTO_THREADID_current wolfSSL_THREADID_current
+#define CRYPTO_THREADID_hash wolfSSL_THREADID_hash
+
+#define CRYPTO_r_lock wc_LockMutex_ex
+#define CRYPTO_unlock wc_LockMutex_ex
+
+#define CRYPTO_THREAD_lock wc_LockMutex
+#define CRYPTO_THREAD_r_lock wc_LockMutex
+#define CRYPTO_THREAD_unlock wc_UnLockMutex
+
+#define CRYPTO_THREAD_lock_new wc_InitAndAllocMutex
+#define CRYPTO_THREAD_read_lock wc_LockMutex
+#define CRYPTO_THREAD_write_lock wc_LockMutex
+#define CRYPTO_THREAD_lock_free wc_FreeMutex
+
+#define CRYPTO_set_ex_data wolfSSL_CRYPTO_set_ex_data
+
+#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/des.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/des.h
new file mode 100644
index 0000000..d7a6ef8
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/des.h
@@ -0,0 +1,115 @@
+/* des.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* des.h defines mini des openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_DES_H_
+#define WOLFSSL_DES_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_DES3
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_des.h"
+#endif
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef unsigned char WOLFSSL_DES_cblock[8];
+typedef /* const */ WOLFSSL_DES_cblock WOLFSSL_const_DES_cblock;
+typedef WOLFSSL_DES_cblock WOLFSSL_DES_key_schedule;
+typedef unsigned int WOLFSSL_DES_LONG;
+
+
+enum {
+ DES_ENCRYPT = 1,
+ DES_DECRYPT = 0
+};
+
+
+WOLFSSL_API int wolfSSL_DES_is_weak_key(WOLFSSL_const_DES_cblock* key);
+WOLFSSL_API WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in,
+ WOLFSSL_DES_cblock* out, long length, WOLFSSL_DES_key_schedule* sc,
+ WOLFSSL_const_DES_cblock* iv);
+WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes,
+ WOLFSSL_DES_key_schedule* key);
+WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
+ WOLFSSL_DES_key_schedule* key);
+WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock*,
+ WOLFSSL_DES_key_schedule*);
+WOLFSSL_API int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
+ WOLFSSL_DES_key_schedule* schedule);
+WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
+ unsigned char* output, long length,
+ WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
+ int enc);
+WOLFSSL_API void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
+ unsigned char* output, long sz,
+ WOLFSSL_DES_key_schedule* ks1,
+ WOLFSSL_DES_key_schedule* ks2,
+ WOLFSSL_DES_key_schedule* ks3,
+ WOLFSSL_DES_cblock* ivec, int enc);
+WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
+ unsigned char* output, long length,
+ WOLFSSL_DES_key_schedule* schedule,
+ WOLFSSL_DES_cblock* ivec, int enc);
+
+WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*);
+WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*,
+ WOLFSSL_DES_key_schedule*, int);
+WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock*);
+
+
+typedef WOLFSSL_DES_cblock DES_cblock;
+typedef WOLFSSL_const_DES_cblock const_DES_cblock;
+typedef WOLFSSL_DES_key_schedule DES_key_schedule;
+typedef WOLFSSL_DES_LONG DES_LONG;
+
+#define DES_check_key(x) /* Define WOLFSSL_CHECK_DESKEY to check key */
+#define DES_is_weak_key wolfSSL_DES_is_weak_key
+#define DES_set_key wolfSSL_DES_set_key
+#define DES_set_key_checked wolfSSL_DES_set_key_checked
+#define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked
+#define DES_key_sched wolfSSL_DES_key_sched
+#define DES_cbc_encrypt wolfSSL_DES_cbc_encrypt
+#define DES_ncbc_encrypt wolfSSL_DES_ncbc_encrypt
+#define DES_set_odd_parity wolfSSL_DES_set_odd_parity
+#define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt
+#define DES_ede3_cbc_encrypt wolfSSL_DES_ede3_cbc_encrypt
+#define DES_cbc_cksum wolfSSL_DES_cbc_cksum
+#define DES_check_key_parity wolfSSL_DES_check_key_parity
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_DES3 */
+
+#endif /* WOLFSSL_DES_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/dh.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/dh.h
new file mode 100644
index 0000000..0970f36
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/dh.h
@@ -0,0 +1,118 @@
+/* dh.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* dh.h for openSSL */
+
+
+#ifndef WOLFSSL_DH_H_
+#define WOLFSSL_DH_H_
+
+#include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/opensslv.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifndef WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_DH WOLFSSL_DH;
+#define WOLFSSL_DH_TYPE_DEFINED
+#endif
+
+typedef WOLFSSL_DH DH;
+
+struct WOLFSSL_DH {
+ WOLFSSL_BIGNUM* p;
+ WOLFSSL_BIGNUM* g;
+ WOLFSSL_BIGNUM* q;
+ WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */
+ WOLFSSL_BIGNUM* priv_key; /* openssh deference x */
+ void* internal; /* our DH */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+ /*added for lighttpd openssl compatibility, go back and add a getter in
+ * lighttpd src code.
+ */
+ int length;
+};
+
+WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
+ const unsigned char **pp, long length);
+WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
+WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
+WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*);
+WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
+
+WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
+WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub,
+ WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz);
+WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*,
+ WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*);
+
+#define DH_new wolfSSL_DH_new
+#define DH_free wolfSSL_DH_free
+
+#define d2i_DHparams wolfSSL_d2i_DHparams
+#define i2d_DHparams wolfSSL_i2d_DHparams
+#define DH_check wolfSSL_DH_check
+
+#define DH_size wolfSSL_DH_size
+#define DH_generate_key wolfSSL_DH_generate_key
+#define DH_compute_key wolfSSL_DH_compute_key
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define DH_set0_pqg wolfSSL_DH_set0_pqg
+#endif
+#define DH_get0_pqg wolfSSL_DH_get0_pqg
+#define DH_bits(x) (BN_num_bits(x->p))
+
+#define DH_GENERATOR_2 2
+#define DH_CHECK_P_NOT_PRIME 0x01
+#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+#define DH_NOT_SUITABLE_GENERATOR 0x08
+
+/* Temporary values for wolfSSL_DH_Check*/
+#define DH_CHECK_INVALID_Q_VALUE 0x10
+#define DH_CHECK_Q_NOT_PRIME 0x11
+/* end temp */
+
+/* for pre 1.1.0 */
+#define get_rfc2409_prime_768 wolfSSL_DH_768_prime
+#define get_rfc2409_prime_1024 wolfSSL_DH_1024_prime
+#define get_rfc3526_prime_1536 wolfSSL_DH_1536_prime
+#define get_rfc3526_prime_2048 wolfSSL_DH_2048_prime
+#define get_rfc3526_prime_3072 wolfSSL_DH_3072_prime
+#define get_rfc3526_prime_4096 wolfSSL_DH_4096_prime
+#define get_rfc3526_prime_6144 wolfSSL_DH_6144_prime
+#define get_rfc3526_prime_8192 wolfSSL_DH_8192_prime
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
+#define DH_generate_parameters wolfSSL_DH_generate_parameters
+#define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex
+#endif /* OPENSSL_ALL || HAVE_STUNNEL */
+
+#endif /* WOLFSSL_DH_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/dsa.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/dsa.h
new file mode 100644
index 0000000..6d6f507
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/dsa.h
@@ -0,0 +1,115 @@
+/* dsa.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* dsa.h for openSSL */
+
+
+#ifndef WOLFSSL_DSA_H_
+#define WOLFSSL_DSA_H_
+
+#include <wolfssl/openssl/bn.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef struct WOLFSSL_DSA_SIG {
+ WOLFSSL_BIGNUM *r;
+ WOLFSSL_BIGNUM *s;
+} WOLFSSL_DSA_SIG;
+
+#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_DSA WOLFSSL_DSA;
+#define WOLFSSL_DSA_TYPE_DEFINED
+#endif
+
+typedef WOLFSSL_DSA DSA;
+
+struct WOLFSSL_DSA {
+ WOLFSSL_BIGNUM* p;
+ WOLFSSL_BIGNUM* q;
+ WOLFSSL_BIGNUM* g;
+ WOLFSSL_BIGNUM* pub_key; /* our y */
+ WOLFSSL_BIGNUM* priv_key; /* our x */
+ void* internal; /* our Dsa Key */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+};
+
+
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
+WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
+
+WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
+
+typedef void (*WOLFSSL_BN_CB)(int i, int j, void* exArg);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits,
+ unsigned char* seed, int seedLen, int* counterRet,
+ unsigned long* hRet, WOLFSSL_BN_CB cb, void* CBArg);
+WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
+ unsigned char* seed, int seedLen, int* counterRet,
+ unsigned long* hRet, void* cb);
+
+WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
+
+WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*,
+ int sz, int opt);
+
+WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d,
+ unsigned char* sigRet, WOLFSSL_DSA* dsa);
+
+WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
+ unsigned char* sig,
+ WOLFSSL_DSA* dsa, int *dsacheck);
+
+WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
+
+WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
+WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
+WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
+ int outLen, WOLFSSL_DSA* dsa);
+WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
+ WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa);
+
+#define WOLFSSL_DSA_LOAD_PRIVATE 1
+#define WOLFSSL_DSA_LOAD_PUBLIC 2
+
+#define DSA_new wolfSSL_DSA_new
+#define DSA_free wolfSSL_DSA_free
+
+#define DSA_LoadDer wolfSSL_DSA_LoadDer
+#define DSA_generate_key wolfSSL_DSA_generate_key
+#define DSA_generate_parameters wolfSSL_DSA_generate_parameters
+#define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex
+
+#define DSA_SIG_new wolfSSL_DSA_SIG_new
+#define DSA_SIG_free wolfSSL_DSA_SIG_free
+#define DSA_do_sign wolfSSL_DSA_do_sign_ex
+#define DSA_do_verify wolfSSL_DSA_do_verify_ex
+
+
+#define DSA_SIG WOLFSSL_DSA_SIG
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec.h
new file mode 100644
index 0000000..aed85c6
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec.h
@@ -0,0 +1,361 @@
+/* ec.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ec.h for openssl */
+
+#ifndef WOLFSSL_EC_H_
+#define WOLFSSL_EC_H_
+
+#include <wolfssl/openssl/bn.h>
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Map OpenSSL NID value */
+enum {
+ POINT_CONVERSION_COMPRESSED = 2,
+ POINT_CONVERSION_UNCOMPRESSED = 4,
+
+#ifdef HAVE_ECC
+ /* Use OpenSSL NIDs. NIDs can be mapped to ecc_curve_id enum values by
+ calling NIDToEccEnum() in ssl.c */
+ NID_X9_62_prime192v1 = 409,
+ NID_X9_62_prime192v2 = 410,
+ NID_X9_62_prime192v3 = 411,
+ NID_X9_62_prime239v1 = 412,
+ NID_X9_62_prime239v2 = 413,
+ NID_X9_62_prime239v3 = 414,
+ NID_X9_62_prime256v1 = 415,
+ NID_secp112r1 = 704,
+ NID_secp112r2 = 705,
+ NID_secp128r1 = 706,
+ NID_secp128r2 = 707,
+ NID_secp160r1 = 709,
+ NID_secp160r2 = 710,
+ NID_secp224r1 = 713,
+ NID_secp384r1 = 715,
+ NID_secp521r1 = 716,
+ NID_secp160k1 = 708,
+ NID_secp192k1 = 711,
+ NID_secp224k1 = 712,
+ NID_secp256k1 = 714,
+ NID_brainpoolP160r1 = 921,
+ NID_brainpoolP192r1 = 923,
+ NID_brainpoolP224r1 = 925,
+ NID_brainpoolP256r1 = 927,
+ NID_brainpoolP320r1 = 929,
+ NID_brainpoolP384r1 = 931,
+ NID_brainpoolP512r1 = 933,
+#endif
+
+#ifdef HAVE_ED448
+ NID_ED448 = ED448k,
+#endif
+#ifdef HAVE_ED25519
+ NID_ED25519 = ED25519k,
+#endif
+
+ OPENSSL_EC_NAMED_CURVE = 0x001
+};
+
+#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
+typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;
+typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP;
+typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE;
+/* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */
+typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD;
+#define WOLFSSL_EC_TYPE_DEFINED
+#endif
+
+typedef WOLFSSL_EC_KEY EC_KEY;
+typedef WOLFSSL_EC_GROUP EC_GROUP;
+typedef WOLFSSL_EC_GROUP EC_METHOD;
+typedef WOLFSSL_EC_POINT EC_POINT;
+typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve;
+
+struct WOLFSSL_EC_POINT {
+ WOLFSSL_BIGNUM *X;
+ WOLFSSL_BIGNUM *Y;
+ WOLFSSL_BIGNUM *Z;
+
+ void* internal; /* our ECC point */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+};
+
+struct WOLFSSL_EC_GROUP {
+ int curve_idx; /* index of curve, used by WolfSSL as reference */
+ int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as reference */
+ int curve_oid; /* OID of curve, used by OpenSSL/OpenSSH as reference */
+};
+
+struct WOLFSSL_EC_KEY {
+ WOLFSSL_EC_GROUP *group;
+ WOLFSSL_EC_POINT *pub_key;
+ WOLFSSL_BIGNUM *priv_key;
+
+ void* internal; /* our ECC Key */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+ char form; /* Either POINT_CONVERSION_UNCOMPRESSED or
+ * POINT_CONVERSION_COMPRESSED */
+};
+
+struct WOLFSSL_EC_BUILTIN_CURVE {
+ int nid;
+ const char *comment;
+};
+
+#define WOLFSSL_EC_KEY_LOAD_PRIVATE 1
+#define WOLFSSL_EC_KEY_LOAD_PUBLIC 2
+
+WOLFSSL_API
+size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r,size_t nitems);
+
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src);
+
+WOLFSSL_API
+int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve,
+ const WOLFSSL_EC_POINT *p,
+ unsigned char *out, unsigned int *len);
+WOLFSSL_API
+int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
+ const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
+WOLFSSL_API
+size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *p,
+ char form,
+ byte *buf, size_t len, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
+ WOLFSSL_EC_POINT *p, const unsigned char *buf,
+ size_t len, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY **key, const unsigned char **in,
+ long len);
+WOLFSSL_API
+int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
+WOLFSSL_API
+void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form);
+WOLFSSL_API
+WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *p,
+ char form,
+ WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *point,
+ WOLFSSL_BN_CTX *ctx);
+
+WOLFSSL_API
+int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
+ const unsigned char* der, int derSz);
+WOLFSSL_API
+int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key,
+ const unsigned char* der, int derSz, int opt);
+WOLFSSL_API
+void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
+ const WOLFSSL_BIGNUM *priv_key);
+WOLFSSL_API
+WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
+WOLFSSL_API const char* wolfSSL_EC_curve_nid2nist(int nid);
+WOLFSSL_API int wolfSSL_EC_curve_nist2nid(const char* name);
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
+ const WOLFSSL_EC_POINT *pub);
+WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
+ int digestSz, unsigned char *sig,
+ unsigned int *sigSz, WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
+WOLFSSL_API
+WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
+ WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of(
+ const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth);
+WOLFSSL_API
+WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *p,
+ WOLFSSL_BIGNUM *x,
+ WOLFSSL_BIGNUM *y,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
+ WOLFSSL_EC_POINT *point,
+ const WOLFSSL_BIGNUM *x,
+ const WOLFSSL_BIGNUM *y,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
+ const WOLFSSL_EC_POINT *p1,
+ const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
+ const WOLFSSL_BIGNUM *n,
+ const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *a,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API
+int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
+ WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest,
+ const WOLFSSL_EC_POINT *src);
+WOLFSSL_API
+void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API
+int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
+ const WOLFSSL_EC_POINT *a);
+
+#ifndef HAVE_SELFTEST
+WOLFSSL_API
+char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
+ const WOLFSSL_EC_POINT* point, int form,
+ WOLFSSL_BN_CTX* ctx);
+#endif
+
+#ifndef HAVE_ECC
+#define OPENSSL_NO_EC
+#endif
+
+#define EC_KEY_new wolfSSL_EC_KEY_new
+#define EC_KEY_free wolfSSL_EC_KEY_free
+#define EC_KEY_dup wolfSSL_EC_KEY_dup
+#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key
+#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group
+#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key
+#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key
+#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name
+#define EC_KEY_set_group wolfSSL_EC_KEY_set_group
+#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key
+#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag
+#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key
+
+#define ECDSA_size wolfSSL_ECDSA_size
+#define ECDSA_sign wolfSSL_ECDSA_sign
+
+#define EC_GROUP_free wolfSSL_EC_GROUP_free
+#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
+#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
+#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp
+#define EC_GROUP_dup wolfSSL_EC_GROUP_dup
+#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name
+#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
+#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
+#define EC_GROUP_order_bits wolfSSL_EC_GROUP_order_bits
+#define EC_GROUP_method_of wolfSSL_EC_GROUP_method_of
+#ifndef NO_WOLFSSL_STUB
+#define EC_GROUP_set_point_conversion_form(...)
+#endif
+
+#define EC_METHOD_get_field_type wolfSSL_EC_METHOD_get_field_type
+
+#define EC_POINT_new wolfSSL_EC_POINT_new
+#define EC_POINT_free wolfSSL_EC_POINT_free
+#define EC_POINT_get_affine_coordinates_GFp \
+ wolfSSL_EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_set_affine_coordinates_GFp \
+ wolfSSL_EC_POINT_set_affine_coordinates_GFp
+#define EC_POINT_add wolfSSL_EC_POINT_add
+#define EC_POINT_mul wolfSSL_EC_POINT_mul
+#define EC_POINT_invert wolfSSL_EC_POINT_invert
+#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
+#define EC_POINT_cmp wolfSSL_EC_POINT_cmp
+#define EC_POINT_copy wolfSSL_EC_POINT_copy
+#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity
+
+#define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves
+
+#define ECPoint_i2d wolfSSL_ECPoint_i2d
+#define ECPoint_d2i wolfSSL_ECPoint_d2i
+#define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct
+#define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point
+#define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn
+#define EC_POINT_is_on_curve wolfSSL_EC_POINT_is_on_curve
+#define i2o_ECPublicKey wolfSSL_i2o_ECPublicKey
+#define i2d_EC_PUBKEY wolfSSL_i2o_ECPublicKey
+#define d2i_ECPrivateKey wolfSSL_d2i_ECPrivateKey
+#define i2d_ECPrivateKey wolfSSL_i2d_ECPrivateKey
+#define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form
+
+#ifndef HAVE_SELFTEST
+ #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex
+#endif
+
+#define EC_POINT_dump wolfSSL_EC_POINT_dump
+#define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves
+
+#define EC_curve_nid2nist wolfSSL_EC_curve_nid2nist
+#define EC_curve_nist2nid wolfSSL_EC_curve_nist2nid
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec25519.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec25519.h
new file mode 100644
index 0000000..f9cf3c9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec25519.h
@@ -0,0 +1,44 @@
+/* ec25519.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ec25519.h */
+
+#ifndef WOLFSSL_EC25519_H_
+#define WOLFSSL_EC25519_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz);
+
+WOLFSSL_API
+int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
+ const unsigned char *priv, unsigned int privSz,
+ const unsigned char *pub, unsigned int pubSz);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec448.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec448.h
new file mode 100644
index 0000000..3f0b1b7
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ec448.h
@@ -0,0 +1,44 @@
+/* ec448.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ec448.h */
+
+#ifndef WOLFSSL_EC448_H_
+#define WOLFSSL_EC448_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_EC448_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz);
+
+WOLFSSL_API
+int wolfSSL_EC448_shared_key(unsigned char *shared, unsigned int *sharedSz,
+ const unsigned char *priv, unsigned int privSz,
+ const unsigned char *pub, unsigned int pubSz);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ecdh.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ecdh.h
new file mode 100644
index 0000000..039e770
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ecdh.h
@@ -0,0 +1,49 @@
+/* ecdh.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ecdh.h for openssl */
+
+#ifndef WOLFSSL_ECDH_H_
+#define WOLFSSL_ECDH_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+WOLFSSL_API int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
+ const WOLFSSL_EC_POINT *pub_key,
+ WOLFSSL_EC_KEY *ecdh,
+ void *(*KDF) (const void *in,
+ size_t inlen,
+ void *out,
+ size_t *outlen));
+
+#define ECDH_compute_key wolfSSL_ECDH_compute_key
+
+#ifdef __cplusplus
+} /* extern C */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ecdsa.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ecdsa.h
new file mode 100644
index 0000000..8e5c873
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ecdsa.h
@@ -0,0 +1,75 @@
+/* ecdsa.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ecdsa.h for openssl */
+
+#ifndef WOLFSSL_ECDSA_H_
+#define WOLFSSL_ECDSA_H_
+
+#include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/ec.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG;
+#define WOLFSSL_ECDSA_TYPE_DEFINED
+#endif
+
+typedef WOLFSSL_ECDSA_SIG ECDSA_SIG;
+
+struct WOLFSSL_ECDSA_SIG {
+ WOLFSSL_BIGNUM *r;
+ WOLFSSL_BIGNUM *s;
+};
+
+WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig);
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void);
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst,
+ int dgst_len,
+ WOLFSSL_EC_KEY *eckey);
+WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst,
+ int dgst_len,
+ const WOLFSSL_ECDSA_SIG *sig,
+ WOLFSSL_EC_KEY *eckey);
+
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
+ const unsigned char **pp,
+ long len);
+WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
+ unsigned char **pp);
+
+#define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free
+#define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new
+#define ECDSA_do_sign wolfSSL_ECDSA_do_sign
+#define ECDSA_do_verify wolfSSL_ECDSA_do_verify
+#define d2i_ECDSA_SIG wolfSSL_d2i_ECDSA_SIG
+#define i2d_ECDSA_SIG wolfSSL_i2d_ECDSA_SIG
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ed25519.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ed25519.h
new file mode 100644
index 0000000..50683d4
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ed25519.h
@@ -0,0 +1,47 @@
+/* ed25519.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ed25519.h */
+
+#ifndef WOLFSSL_ED25519_H_
+#define WOLFSSL_ED25519_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz);
+WOLFSSL_API
+int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *priv, unsigned int privSz,
+ unsigned char *sig, unsigned int *sigSz);
+WOLFSSL_API
+int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *pub, unsigned int pubSz,
+ const unsigned char *sig, unsigned int sigSz);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ed448.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ed448.h
new file mode 100644
index 0000000..4ff184f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ed448.h
@@ -0,0 +1,47 @@
+/* ed448.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ed448.h */
+
+#ifndef WOLFSSL_ED448_H_
+#define WOLFSSL_ED448_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz,
+ unsigned char *pub, unsigned int *pubSz);
+WOLFSSL_API
+int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *priv, unsigned int privSz,
+ unsigned char *sig, unsigned int *sigSz);
+WOLFSSL_API
+int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz,
+ const unsigned char *pub, unsigned int pubSz,
+ const unsigned char *sig, unsigned int sigSz);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/engine.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/engine.h
new file mode 100644
index 0000000..ba147ff
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/engine.h
@@ -0,0 +1,10 @@
+/* engine.h for libcurl */
+
+#include <wolfssl/openssl/err.h>
+
+#undef HAVE_OPENSSL_ENGINE_H
+
+/* ENGINE_load_builtin_engines not needed, as all builtin engines are already
+ loaded into memory and used on startup. */
+#define ENGINE_load_builtin_engines()
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/err.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/err.h
new file mode 100644
index 0000000..6ddf2d2
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/err.h
@@ -0,0 +1,55 @@
+/* err.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_OPENSSL_ERR_
+#define WOLFSSL_OPENSSL_ERR_
+
+#include <wolfssl/wolfcrypt/logging.h>
+
+/* err.h for openssl */
+#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings
+#define ERR_load_CRYPTO_strings wolfSSL_ERR_load_crypto_strings
+#define ERR_peek_last_error wolfSSL_ERR_peek_last_error
+
+/* fatal error */
+#define ERR_R_MALLOC_FAILURE MEMORY_E
+#define ERR_R_PASSED_NULL_PARAMETER BAD_FUNC_ARG
+#define ERR_R_DISABLED NOT_COMPILED_IN
+#define ERR_R_PASSED_INVALID_ARGUMENT BAD_FUNC_ARG
+#define RSA_R_UNKNOWN_PADDING_TYPE RSA_PAD_E
+#define EC_R_BUFFER_TOO_SMALL BUFFER_E
+
+/* SSL function codes */
+#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 1
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2
+#define SSL_F_SSL_USE_PRIVATEKEY 3
+#define EC_F_EC_GFP_SIMPLE_POINT2OCT 4
+
+/* reasons */
+#define ERR_R_SYS_LIB 1
+#define PKCS12_R_MAC_VERIFY_FAILURE 2
+
+#define RSAerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define SSLerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define ECerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+
+#endif /* WOLFSSL_OPENSSL_ERR_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/evp.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/evp.h
new file mode 100644
index 0000000..44e4c33
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/evp.h
@@ -0,0 +1,1019 @@
+/* evp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/*!
+ \file wolfssl/openssl/evp.h
+ \brief evp.h defines mini evp openssl compatibility layer
+ */
+
+
+#ifndef WOLFSSL_EVP_H_
+#define WOLFSSL_EVP_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_evp.h"
+#endif
+
+#ifndef NO_MD4
+ #include <wolfssl/openssl/md4.h>
+#endif
+#ifndef NO_MD5
+ #include <wolfssl/openssl/md5.h>
+#endif
+#include <wolfssl/openssl/sha.h>
+#include <wolfssl/openssl/sha3.h>
+#include <wolfssl/openssl/ripemd.h>
+#include <wolfssl/openssl/rsa.h>
+#include <wolfssl/openssl/dsa.h>
+#include <wolfssl/openssl/ec.h>
+#include <wolfssl/openssl/dh.h>
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/des3.h>
+#include <wolfssl/wolfcrypt/arc4.h>
+#include <wolfssl/wolfcrypt/hmac.h>
+#ifdef HAVE_IDEA
+ #include <wolfssl/wolfcrypt/idea.h>
+#endif
+#include <wolfssl/wolfcrypt/pwdbased.h>
+
+#if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)
+#include <wolfssl/wolfcrypt/coding.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef char WOLFSSL_EVP_CIPHER;
+#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
+typedef char WOLFSSL_EVP_MD;
+typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
+typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX;
+#define WOLFSSL_EVP_TYPE_DEFINED
+#endif
+
+typedef WOLFSSL_EVP_PKEY EVP_PKEY;
+typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO;
+
+#ifndef NO_MD4
+ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void);
+#endif
+#ifndef NO_MD5
+ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
+#endif
+WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void);
+
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void);
+
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
+#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
+#endif
+#ifndef NO_AES
+#ifdef WOLFSSL_AES_CFB
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void);
+#endif
+#ifdef WOLFSSL_AES_OFB
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void);
+#endif
+#ifdef WOLFSSL_AES_XTS
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void);
+#endif
+#endif /* NO_AES */
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void);
+#endif
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void);
+
+
+typedef union {
+ #ifndef NO_MD4
+ WOLFSSL_MD4_CTX md4;
+ #endif
+ #ifndef NO_MD5
+ WOLFSSL_MD5_CTX md5;
+ #endif
+ WOLFSSL_SHA_CTX sha;
+ #ifdef WOLFSSL_SHA224
+ WOLFSSL_SHA224_CTX sha224;
+ #endif
+ WOLFSSL_SHA256_CTX sha256;
+ #ifdef WOLFSSL_SHA384
+ WOLFSSL_SHA384_CTX sha384;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ WOLFSSL_SHA512_CTX sha512;
+ #endif
+ #ifdef WOLFSSL_RIPEMD
+ WOLFSSL_RIPEMD_CTX ripemd;
+ #endif
+ #ifndef WOLFSSL_NOSHA3_224
+ WOLFSSL_SHA3_224_CTX sha3_224;
+ #endif
+ #ifndef WOLFSSL_NOSHA3_256
+ WOLFSSL_SHA3_256_CTX sha3_256;
+ #endif
+ WOLFSSL_SHA3_384_CTX sha3_384;
+ #ifndef WOLFSSL_NOSHA3_512
+ WOLFSSL_SHA3_512_CTX sha3_512;
+ #endif
+} WOLFSSL_Hasher;
+
+typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX;
+typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX;
+
+struct WOLFSSL_EVP_MD_CTX {
+ union {
+ WOLFSSL_Hasher digest;
+ #ifndef NO_HMAC
+ Hmac hmac;
+ #endif
+ } hash;
+ enum wc_HashType macType;
+ WOLFSSL_EVP_PKEY_CTX *pctx;
+#ifndef NO_HMAC
+ unsigned int isHMAC;
+#endif
+};
+
+
+typedef union {
+#ifndef NO_AES
+ Aes aes;
+#ifdef WOLFSSL_AES_XTS
+ XtsAes xts;
+#endif
+#endif
+#ifndef NO_DES3
+ Des des;
+ Des3 des3;
+#endif
+ Arc4 arc4;
+#ifdef HAVE_IDEA
+ Idea idea;
+#endif
+#ifdef WOLFSSL_QT
+ int (*ctrl) (WOLFSSL_EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+#endif
+} WOLFSSL_Cipher;
+
+
+enum {
+ AES_128_CBC_TYPE = 1,
+ AES_192_CBC_TYPE = 2,
+ AES_256_CBC_TYPE = 3,
+ AES_128_CTR_TYPE = 4,
+ AES_192_CTR_TYPE = 5,
+ AES_256_CTR_TYPE = 6,
+ AES_128_ECB_TYPE = 7,
+ AES_192_ECB_TYPE = 8,
+ AES_256_ECB_TYPE = 9,
+ DES_CBC_TYPE = 10,
+ DES_ECB_TYPE = 11,
+ DES_EDE3_CBC_TYPE = 12,
+ DES_EDE3_ECB_TYPE = 13,
+ ARC4_TYPE = 14,
+ NULL_CIPHER_TYPE = 15,
+ EVP_PKEY_RSA = 16,
+ EVP_PKEY_DSA = 17,
+ EVP_PKEY_EC = 18,
+#ifdef HAVE_IDEA
+ IDEA_CBC_TYPE = 19,
+#endif
+ AES_128_GCM_TYPE = 21,
+ AES_192_GCM_TYPE = 22,
+ AES_256_GCM_TYPE = 23,
+ NID_sha1 = 64,
+ NID_sha224 = 65,
+ NID_md2 = 77,
+ NID_md4 = 257,
+ NID_md5 = 4,
+ NID_hmac = 855,
+ NID_dhKeyAgreement= 28,
+ EVP_PKEY_DH = NID_dhKeyAgreement,
+ EVP_PKEY_HMAC = NID_hmac,
+ AES_128_CFB1_TYPE = 24,
+ AES_192_CFB1_TYPE = 25,
+ AES_256_CFB1_TYPE = 26,
+ AES_128_CFB8_TYPE = 27,
+ AES_192_CFB8_TYPE = 28,
+ AES_256_CFB8_TYPE = 29,
+ AES_128_CFB128_TYPE = 30,
+ AES_192_CFB128_TYPE = 31,
+ AES_256_CFB128_TYPE = 32,
+ AES_128_OFB_TYPE = 33,
+ AES_192_OFB_TYPE = 34,
+ AES_256_OFB_TYPE = 35,
+ AES_128_XTS_TYPE = 36,
+ AES_256_XTS_TYPE = 37
+};
+
+enum {
+ NID_md5WithRSA = 104,
+ NID_md5WithRSAEncryption = 8,
+ NID_dsaWithSHA1 = 113,
+ NID_dsaWithSHA1_2 = 70,
+ NID_sha1WithRSA = 115,
+ NID_sha1WithRSAEncryption = 65,
+ NID_sha224WithRSAEncryption = 671,
+ NID_sha256WithRSAEncryption = 668,
+ NID_sha384WithRSAEncryption = 669,
+ NID_sha512WithRSAEncryption = 670,
+ NID_ecdsa_with_SHA1 = 416,
+ NID_ecdsa_with_SHA224 = 793,
+ NID_ecdsa_with_SHA256 = 794,
+ NID_ecdsa_with_SHA384 = 795,
+ NID_ecdsa_with_SHA512 = 796,
+ NID_dsa_with_SHA224 = 802,
+ NID_dsa_with_SHA256 = 803,
+ NID_sha3_224 = 1096,
+ NID_sha3_256 = 1097,
+ NID_sha3_384 = 1098,
+ NID_sha3_512 = 1099,
+};
+
+enum {
+ NID_aes_128_cbc = 419,
+ NID_aes_192_cbc = 423,
+ NID_aes_256_cbc = 427,
+ NID_aes_128_gcm = 895,
+ NID_aes_192_gcm = 898,
+ NID_aes_256_gcm = 901,
+ NID_aes_128_ctr = 904,
+ NID_aes_192_ctr = 905,
+ NID_aes_256_ctr = 906,
+ NID_aes_128_ecb = 418,
+ NID_aes_192_ecb = 422,
+ NID_aes_256_ecb = 426,
+ NID_des_cbc = 31,
+ NID_des_ecb = 29,
+ NID_des_ede3_cbc= 44,
+ NID_des_ede3_ecb= 33,
+ NID_idea_cbc = 34,
+ NID_aes_128_cfb1= 650,
+ NID_aes_192_cfb1= 651,
+ NID_aes_256_cfb1= 652,
+ NID_aes_128_cfb8= 653,
+ NID_aes_192_cfb8= 654,
+ NID_aes_256_cfb8= 655,
+ NID_aes_128_cfb128 = 421,
+ NID_aes_192_cfb128 = 425,
+ NID_aes_256_cfb128 = 429,
+ NID_aes_128_ofb = 420,
+ NID_aes_192_ofb = 424,
+ NID_aes_256_ofb = 428,
+ NID_aes_128_xts = 913,
+ NID_aes_256_xts = 914
+};
+
+#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC
+#define NID_dhKeyAgreement EVP_PKEY_DH
+#define NID_rsaEncryption EVP_PKEY_RSA
+#define NID_dsa EVP_PKEY_DSA
+
+#define WOLFSSL_EVP_BUF_SIZE 16
+struct WOLFSSL_EVP_CIPHER_CTX {
+ int keyLen; /* user may set for variable */
+ int block_size;
+ unsigned long flags;
+ unsigned char enc; /* if encrypt side, then true */
+ unsigned char cipherType;
+#ifndef NO_AES
+ /* working iv pointer into cipher */
+ ALIGN16 unsigned char iv[AES_BLOCK_SIZE];
+#elif !defined(NO_DES3)
+ /* working iv pointer into cipher */
+ ALIGN16 unsigned char iv[DES_BLOCK_SIZE];
+#elif defined(HAVE_IDEA)
+ /* working iv pointer into cipher */
+ ALIGN16 unsigned char iv[IDEA_BLOCK_SIZE];
+#endif
+ WOLFSSL_Cipher cipher;
+ ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE];
+ int bufUsed;
+ ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE];
+ int lastUsed;
+#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA) || \
+ defined(HAVE_AESGCM) || defined (WOLFSSL_AES_XTS)
+#define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
+ int ivSz;
+#ifdef HAVE_AESGCM
+ byte* gcmBuffer;
+ int gcmBufferLen;
+ ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
+ int authTagSz;
+ byte* gcmAuthIn;
+ int gcmAuthInSz;
+#endif
+#endif
+};
+
+struct WOLFSSL_EVP_PKEY_CTX {
+ WOLFSSL_EVP_PKEY *pkey;
+ WOLFSSL_EVP_PKEY *peerKey;
+ int op; /* operation */
+ int padding;
+ int nbits;
+};
+
+typedef
+struct WOLFSSL_ASN1_PCTX {
+ int dummy;
+} WOLFSSL_ASN1_PCTX;
+#if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)
+
+#define BASE64_ENCODE_BLOCK_SIZE 48
+#define BASE64_ENCODE_RESULT_BLOCK_SIZE 64
+#define BASE64_DECODE_BLOCK_SIZE 4
+
+struct WOLFSSL_EVP_ENCODE_CTX {
+ void* heap;
+ int remaining; /* num of bytes in data[] */
+ byte data[BASE64_ENCODE_BLOCK_SIZE];/* storage for unprocessed raw data */
+};
+typedef struct WOLFSSL_EVP_ENCODE_CTX WOLFSSL_EVP_ENCODE_CTX;
+
+WOLFSSL_API struct WOLFSSL_EVP_ENCODE_CTX* wolfSSL_EVP_ENCODE_CTX_new(void);
+WOLFSSL_API void wolfSSL_EVP_ENCODE_CTX_free(WOLFSSL_EVP_ENCODE_CTX* ctx);
+#endif /* WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE */
+
+#if defined(WOLFSSL_BASE64_ENCODE)
+WOLFSSL_API void wolfSSL_EVP_EncodeInit(WOLFSSL_EVP_ENCODE_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
+ unsigned char*out, int *outl, const unsigned char*in, int inl);
+WOLFSSL_API void wolfSSL_EVP_EncodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
+ unsigned char*out, int *outl);
+#endif /* WOLFSSL_BASE64_ENCODE */
+
+#if defined(WOLFSSL_BASE64_DECODE)
+WOLFSSL_API void wolfSSL_EVP_DecodeInit(WOLFSSL_EVP_ENCODE_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
+ unsigned char*out, int *outl, const unsigned char*in, int inl);
+WOLFSSL_API int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
+ unsigned char*out, int *outl);
+#endif /* WOLFSSL_BASE64_DECODE */
+
+typedef int WOLFSSL_ENGINE ;
+typedef WOLFSSL_ENGINE ENGINE;
+typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX;
+
+#define EVP_PKEY_OP_SIGN (1 << 3)
+#define EVP_PKEY_OP_ENCRYPT (1 << 6)
+#define EVP_PKEY_OP_DECRYPT (1 << 7)
+#define EVP_PKEY_OP_DERIVE (1 << 8)
+
+#define EVP_PKEY_PRINT_INDENT_MAX 128
+
+WOLFSSL_API void wolfSSL_EVP_init(void);
+WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md);
+WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md);
+WOLFSSL_API int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD *md);
+
+WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void);
+WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx);
+WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in);
+WOLFSSL_API int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in);
+WOLFSSL_API int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx);
+WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name);
+WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher);
+
+WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
+ const WOLFSSL_EVP_MD* type);
+WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
+ const WOLFSSL_EVP_MD* type,
+ WOLFSSL_ENGINE *impl);
+WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
+ size_t sz);
+WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
+ unsigned int* s);
+WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
+ unsigned char* md, unsigned int* s);
+
+WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
+ WOLFSSL_EVP_PKEY_CTX **pctx,
+ const WOLFSSL_EVP_MD *type,
+ WOLFSSL_ENGINE *e,
+ WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx,
+ const void *d, unsigned int cnt);
+WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
+ unsigned char *sig, size_t *siglen);
+
+WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
+ WOLFSSL_EVP_PKEY_CTX **pctx,
+ const WOLFSSL_EVP_MD *type,
+ WOLFSSL_ENGINE *e,
+ WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx,
+ const void *d, size_t cnt);
+WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen);
+WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out,
+ unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
+ WOLFSSL_ENGINE* eng);
+
+
+WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*,
+ const WOLFSSL_EVP_MD*, const unsigned char*,
+ const unsigned char*, int, int, unsigned char*,
+ unsigned char*);
+
+WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, \
+ int type, int arg, void *ptr);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*);
+WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c);
+
+
+WOLFSSL_API int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ const WOLFSSL_EVP_CIPHER* type,
+ const unsigned char* key,
+ const unsigned char* iv,
+ int enc);
+WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ const WOLFSSL_EVP_CIPHER* type,
+ WOLFSSL_ENGINE *impl,
+ const unsigned char* key,
+ const unsigned char* iv,
+ int enc);
+WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ const WOLFSSL_EVP_CIPHER* type,
+ const unsigned char* key,
+ const unsigned char* iv);
+WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ const WOLFSSL_EVP_CIPHER* type,
+ WOLFSSL_ENGINE *impl,
+ const unsigned char* key,
+ const unsigned char* iv);
+WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ const WOLFSSL_EVP_CIPHER* type,
+ const unsigned char* key,
+ const unsigned char* iv);
+WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ const WOLFSSL_EVP_CIPHER* type,
+ WOLFSSL_ENGINE *impl,
+ const unsigned char* key,
+ const unsigned char* iv);
+WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+WOLFSSL_API int wolfSSL_EVP_CipherFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl, int enc);
+WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+WOLFSSL_API int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+
+WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void);
+WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ int keylen);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ int ivLen);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
+ int ivLen);
+WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
+ unsigned char* dst, unsigned char* src,
+ unsigned int len);
+
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(const WOLFSSL_EVP_CIPHER_CTX *ctx);
+
+WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey,
+ WOLFSSL_RSA* key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
+ WOLFSSL_EC_KEY* key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
+WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key);
+WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key);
+
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
+ const unsigned char* key, int keylen);
+WOLFSSL_API const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
+ size_t* len);
+WOLFSSL_API int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx,
+ unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen);
+WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
+ WOLFSSL_EVP_PKEY **ppkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey);
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+WOLFSSL_API void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
+#else
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
+#endif
+WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding);
+WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits);
+
+WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer);
+WOLFSSL_API int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
+ const char *name, const char *value);
+
+WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
+WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap);
+WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from);
+WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b);
+WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
+WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid);
+WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
+ unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
+WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
+ const WOLFSSL_EVP_MD* type,
+ WOLFSSL_ENGINE *impl);
+WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len);
+WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
+ const unsigned char* sig, unsigned int sig_len, WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
+WOLFSSL_API int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len);
+
+
+/* these next ones don't need real OpenSSL type, for OpenSSH compat only */
+WOLFSSL_API void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx);
+
+WOLFSSL_API void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
+ unsigned char* iv, int len);
+WOLFSSL_API void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
+ unsigned char* iv, int len);
+
+WOLFSSL_API int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
+
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
+WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher);
+WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher);
+WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher);
+WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
+WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
+WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad);
+WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest);
+WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher);
+WOLFSSL_API void wolfSSL_EVP_cleanup(void);
+WOLFSSL_API int wolfSSL_add_all_algorithms(void);
+WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_conf(void);
+WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_noconf(void);
+WOLFSSL_API int wolfSSL_EVP_read_pw_string(char*, int, const char*, int);
+
+WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass, int passlen,
+ const unsigned char * salt,
+ int saltlen, int iter,
+ int keylen, unsigned char *out);
+
+WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+ const unsigned char *salt,
+ int saltlen, int iter,
+ const WOLFSSL_EVP_MD *digest,
+ int keylen, unsigned char *out);
+
+WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
+ int* pHash, int* pHashSz);
+
+#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER
+#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE
+#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE
+#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE
+#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE
+#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE
+#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE
+#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE
+#define EVP_CIPH_XTS_MODE WOLFSSL_EVP_CIPH_XTS_MODE
+
+#define EVP_CIPH_FLAG_AEAD_CIPHER WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER
+
+#define WOLFSSL_EVP_CIPH_MODE 0x0007
+#define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0
+#define WOLFSSL_EVP_CIPH_ECB_MODE 0x1
+#define WOLFSSL_EVP_CIPH_CBC_MODE 0x2
+#define WOLFSSL_EVP_CIPH_CFB_MODE 0x3
+#define WOLFSSL_EVP_CIPH_OFB_MODE 0x4
+#define WOLFSSL_EVP_CIPH_CTR_MODE 0x5
+#define WOLFSSL_EVP_CIPH_GCM_MODE 0x6
+#define WOLFSSL_EVP_CIPH_CCM_MODE 0x7
+#define WOLFSSL_EVP_CIPH_XTS_MODE 0x10
+#define WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER 0x20
+#define WOLFSSL_EVP_CIPH_NO_PADDING 0x100
+#define EVP_CIPH_VARIABLE_LENGTH 0x200
+#define WOLFSSL_EVP_CIPH_TYPE_INIT 0xff
+
+/* end OpenSSH compat */
+
+typedef WOLFSSL_EVP_MD EVP_MD;
+typedef WOLFSSL_EVP_CIPHER EVP_CIPHER;
+typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX;
+typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
+typedef WOLFSSL_ASN1_PCTX ASN1_PCTX;
+
+#ifndef NO_MD4
+ #define EVP_md4 wolfSSL_EVP_md4
+#endif
+#ifndef NO_MD5
+ #define EVP_md5 wolfSSL_EVP_md5
+#endif
+#define EVP_sha1 wolfSSL_EVP_sha1
+#define EVP_mdc2 wolfSSL_EVP_mdc2
+#define EVP_dds1 wolfSSL_EVP_sha1
+#define EVP_sha224 wolfSSL_EVP_sha224
+#define EVP_sha256 wolfSSL_EVP_sha256
+#define EVP_sha384 wolfSSL_EVP_sha384
+#define EVP_sha512 wolfSSL_EVP_sha512
+#define EVP_ripemd160 wolfSSL_EVP_ripemd160
+#define EVP_set_pw_prompt wolfSSL_EVP_set_pw_prompt
+
+#define EVP_sha3_224 wolfSSL_EVP_sha3_224
+#define EVP_sha3_256 wolfSSL_EVP_sha3_256
+#define EVP_sha3_384 wolfSSL_EVP_sha3_384
+#define EVP_sha3_512 wolfSSL_EVP_sha3_512
+
+#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc
+#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc
+#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc
+#define EVP_aes_128_cfb1 wolfSSL_EVP_aes_128_cfb1
+#define EVP_aes_192_cfb1 wolfSSL_EVP_aes_192_cfb1
+#define EVP_aes_256_cfb1 wolfSSL_EVP_aes_256_cfb1
+#define EVP_aes_128_cfb8 wolfSSL_EVP_aes_128_cfb8
+#define EVP_aes_192_cfb8 wolfSSL_EVP_aes_192_cfb8
+#define EVP_aes_256_cfb8 wolfSSL_EVP_aes_256_cfb8
+#define EVP_aes_128_cfb128 wolfSSL_EVP_aes_128_cfb128
+#define EVP_aes_192_cfb128 wolfSSL_EVP_aes_192_cfb128
+#define EVP_aes_256_cfb128 wolfSSL_EVP_aes_256_cfb128
+#define EVP_aes_128_ofb wolfSSL_EVP_aes_128_ofb
+#define EVP_aes_192_ofb wolfSSL_EVP_aes_192_ofb
+#define EVP_aes_256_ofb wolfSSL_EVP_aes_256_ofb
+#define EVP_aes_128_xts wolfSSL_EVP_aes_128_xts
+#define EVP_aes_256_xts wolfSSL_EVP_aes_256_xts
+#define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm
+#define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm
+#define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm
+#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb
+#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb
+#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb
+#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr
+#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr
+#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr
+#define EVP_des_cbc wolfSSL_EVP_des_cbc
+#define EVP_des_ecb wolfSSL_EVP_des_ecb
+#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc
+#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb
+#define EVP_rc4 wolfSSL_EVP_rc4
+#define EVP_idea_cbc wolfSSL_EVP_idea_cbc
+#define EVP_enc_null wolfSSL_EVP_enc_null
+
+#define EVP_MD_size wolfSSL_EVP_MD_size
+#define EVP_MD_CTX_new wolfSSL_EVP_MD_CTX_new
+#define EVP_MD_CTX_create wolfSSL_EVP_MD_CTX_new
+#define EVP_MD_CTX_free wolfSSL_EVP_MD_CTX_free
+#define EVP_MD_CTX_destroy wolfSSL_EVP_MD_CTX_free
+#define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init
+#define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup
+#define EVP_MD_CTX_reset wolfSSL_EVP_MD_CTX_cleanup
+#define EVP_MD_CTX_md wolfSSL_EVP_MD_CTX_md
+#define EVP_MD_CTX_type wolfSSL_EVP_MD_CTX_type
+#define EVP_MD_CTX_size wolfSSL_EVP_MD_CTX_size
+#define EVP_MD_CTX_block_size wolfSSL_EVP_MD_CTX_block_size
+#define EVP_MD_type wolfSSL_EVP_MD_type
+#ifndef NO_WOLFSSL_STUB
+#define EVP_MD_CTX_set_flags(...)
+#endif
+
+#define EVP_Digest wolfSSL_EVP_Digest
+#define EVP_DigestInit wolfSSL_EVP_DigestInit
+#define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex
+#define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate
+#define EVP_DigestFinal wolfSSL_EVP_DigestFinal
+#define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex
+#define EVP_DigestSignInit wolfSSL_EVP_DigestSignInit
+#define EVP_DigestSignUpdate wolfSSL_EVP_DigestSignUpdate
+#define EVP_DigestSignFinal wolfSSL_EVP_DigestSignFinal
+#define EVP_DigestVerifyInit wolfSSL_EVP_DigestVerifyInit
+#define EVP_DigestVerifyUpdate wolfSSL_EVP_DigestVerifyUpdate
+#define EVP_DigestVerifyFinal wolfSSL_EVP_DigestVerifyFinal
+#define EVP_BytesToKey wolfSSL_EVP_BytesToKey
+
+#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname
+#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname
+
+#define EVP_CIPHER_CTX_init wolfSSL_EVP_CIPHER_CTX_init
+#define EVP_CIPHER_CTX_cleanup wolfSSL_EVP_CIPHER_CTX_cleanup
+#define EVP_CIPHER_CTX_iv_length wolfSSL_EVP_CIPHER_CTX_iv_length
+#define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length
+#define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length
+#define EVP_CIPHER_CTX_mode wolfSSL_EVP_CIPHER_CTX_mode
+#define EVP_CIPHER_CTX_cipher wolfSSL_EVP_CIPHER_CTX_cipher
+
+#define EVP_CIPHER_iv_length wolfSSL_EVP_CIPHER_iv_length
+#define EVP_CIPHER_key_length wolfSSL_EVP_Cipher_key_length
+
+#define EVP_CipherInit wolfSSL_EVP_CipherInit
+#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex
+#define EVP_EncryptInit wolfSSL_EVP_EncryptInit
+#define EVP_EncryptInit_ex wolfSSL_EVP_EncryptInit_ex
+#define EVP_DecryptInit wolfSSL_EVP_DecryptInit
+#define EVP_DecryptInit_ex wolfSSL_EVP_DecryptInit_ex
+
+#define EVP_Cipher wolfSSL_EVP_Cipher
+#define EVP_CipherUpdate wolfSSL_EVP_CipherUpdate
+#define EVP_EncryptUpdate wolfSSL_EVP_CipherUpdate
+#define EVP_DecryptUpdate wolfSSL_EVP_CipherUpdate
+#define EVP_CipherFinal wolfSSL_EVP_CipherFinal
+#define EVP_CipherFinal_ex wolfSSL_EVP_CipherFinal
+#define EVP_EncryptFinal wolfSSL_EVP_CipherFinal
+#define EVP_EncryptFinal_ex wolfSSL_EVP_CipherFinal
+#define EVP_DecryptFinal wolfSSL_EVP_CipherFinal
+#define EVP_DecryptFinal_ex wolfSSL_EVP_CipherFinal
+
+#define EVP_CIPHER_CTX_free wolfSSL_EVP_CIPHER_CTX_free
+#define EVP_CIPHER_CTX_reset wolfSSL_EVP_CIPHER_CTX_reset
+#define EVP_CIPHER_CTX_new wolfSSL_EVP_CIPHER_CTX_new
+
+#define EVP_get_cipherbynid wolfSSL_EVP_get_cipherbynid
+#define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid
+#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname
+#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname
+
+#define EVP_PKEY_assign wolfSSL_EVP_PKEY_assign
+#define EVP_PKEY_assign_RSA wolfSSL_EVP_PKEY_assign_RSA
+#define EVP_PKEY_assign_DSA wolfSSL_EVP_PKEY_assign_DSA
+#define EVP_PKEY_assign_DH wolfSSL_EVP_PKEY_assign_DH
+#define EVP_PKEY_assign_EC_KEY wolfSSL_EVP_PKEY_assign_EC_KEY
+#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA
+#define EVP_PKEY_set1_DSA wolfSSL_EVP_PKEY_set1_DSA
+#define EVP_PKEY_get0_RSA wolfSSL_EVP_PKEY_get0_RSA
+#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA
+#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA
+#define EVP_PKEY_set1_EC_KEY wolfSSL_EVP_PKEY_set1_EC_KEY
+#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY
+#define EVP_PKEY_set1_DH wolfSSL_EVP_PKEY_set1_DH
+#define EVP_PKEY_get0_DH wolfSSL_EVP_PKEY_get0_DH
+#define EVP_PKEY_get1_DH wolfSSL_EVP_PKEY_get1_DH
+#define EVP_PKEY_get0_EC_KEY wolfSSL_EVP_PKEY_get0_EC_KEY
+#define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac
+#define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key
+#define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy
+#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex
+#define EVP_PKEY_sign_init wolfSSL_EVP_PKEY_sign_init
+#define EVP_PKEY_sign wolfSSL_EVP_PKEY_sign
+#define EVP_PKEY_keygen wolfSSL_EVP_PKEY_keygen
+#define EVP_PKEY_keygen_init wolfSSL_EVP_PKEY_keygen_init
+#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits
+#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free
+#define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new
+#define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding
+#define EVP_PKEY_CTX_new_id wolfSSL_EVP_PKEY_CTX_new_id
+#define EVP_PKEY_CTX_set_rsa_keygen_bits wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits
+#define EVP_PKEY_derive_init wolfSSL_EVP_PKEY_derive_init
+#define EVP_PKEY_derive_set_peer wolfSSL_EVP_PKEY_derive_set_peer
+#define EVP_PKEY_derive wolfSSL_EVP_PKEY_derive
+#define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt
+#define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init
+#define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt
+#define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init
+#define EVP_PKEY_new wolfSSL_EVP_PKEY_new
+#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
+#define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref
+#define EVP_PKEY_size wolfSSL_EVP_PKEY_size
+#define EVP_PKEY_copy_parameters wolfSSL_EVP_PKEY_copy_parameters
+#define EVP_PKEY_missing_parameters wolfSSL_EVP_PKEY_missing_parameters
+#define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp
+#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
+#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id
+#define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid
+#define EVP_PKEY_id wolfSSL_EVP_PKEY_id
+#define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str
+#define EVP_SignFinal wolfSSL_EVP_SignFinal
+#define EVP_SignInit wolfSSL_EVP_SignInit
+#define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex
+#define EVP_SignUpdate wolfSSL_EVP_SignUpdate
+#define EVP_VerifyFinal wolfSSL_EVP_VerifyFinal
+#define EVP_VerifyInit wolfSSL_EVP_VerifyInit
+#define EVP_VerifyUpdate wolfSSL_EVP_VerifyUpdate
+
+#define EVP_CIPHER_CTX_ctrl wolfSSL_EVP_CIPHER_CTX_ctrl
+#define EVP_CIPHER_CTX_block_size wolfSSL_EVP_CIPHER_CTX_block_size
+#define EVP_CIPHER_block_size wolfSSL_EVP_CIPHER_block_size
+#define EVP_CIPHER_flags wolfSSL_EVP_CIPHER_flags
+#define EVP_CIPHER_CTX_set_flags wolfSSL_EVP_CIPHER_CTX_set_flags
+#define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags
+#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding
+#define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags
+#define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv
+#define EVP_add_digest wolfSSL_EVP_add_digest
+#define EVP_add_cipher wolfSSL_EVP_add_cipher
+#define EVP_cleanup wolfSSL_EVP_cleanup
+#define EVP_read_pw_string wolfSSL_EVP_read_pw_string
+#define EVP_rc2_cbc wolfSSL_EVP_rc2_cbc
+
+#define OpenSSL_add_all_digests() wolfSSL_EVP_init()
+#define OpenSSL_add_all_ciphers() wolfSSL_EVP_init()
+#define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms
+#define OpenSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf
+#define OpenSSL_add_all_algorithms_conf wolfSSL_OpenSSL_add_all_algorithms_conf
+
+#define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf
+#define wolfSSL_OPENSSL_add_all_algorithms_conf wolfSSL_OpenSSL_add_all_algorithms_conf
+
+/* provides older OpenSSL API compatibility */
+#define OPENSSL_add_all_algorithms OpenSSL_add_all_algorithms
+#define OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms_noconf
+#define OPENSSL_add_all_algorithms_conf OpenSSL_add_all_algorithms_conf
+
+#define NO_PADDING_BLOCK_SIZE 1
+
+#define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
+#define PKCS5_PBKDF2_HMAC wolfSSL_PKCS5_PBKDF2_HMAC
+
+/* OpenSSL compat. ctrl values */
+#define EVP_CTRL_INIT 0x0
+#define EVP_CTRL_SET_KEY_LENGTH 0x1
+#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 /* needed for qt compilation */
+
+#define EVP_CTRL_AEAD_SET_IVLEN 0x9
+#define EVP_CTRL_AEAD_GET_TAG 0x10
+#define EVP_CTRL_AEAD_SET_TAG 0x11
+#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
+#define EVP_CTRL_GCM_IV_GEN 0x13
+#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
+#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
+#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
+#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
+
+#define EVP_PKEY_print_public wolfSSL_EVP_PKEY_print_public
+#define EVP_PKEY_print_private(arg1, arg2, arg3, arg4)
+
+#ifndef EVP_MAX_MD_SIZE
+ #define EVP_MAX_MD_SIZE 64 /* sha512 */
+#endif
+
+#ifndef EVP_MAX_KEY_LENGTH
+#define EVP_MAX_KEY_LENGTH 64
+#endif
+
+#ifndef EVP_MAX_IV_LENGTH
+#define EVP_MAX_IV_LENGTH 16
+#endif
+
+#ifndef EVP_MAX_BLOCK_LENGTH
+ #define EVP_MAX_BLOCK_LENGTH 32 /* 2 * blocklen(AES)? */
+ /* They define this as 32. Using the same value here. */
+#endif
+
+#ifndef EVP_MAX_IV_LENGTH
+ #define EVP_MAX_IV_LENGTH 16
+#endif
+
+
+#define EVP_R_BAD_DECRYPT (-MIN_CODE_E + 100 + 1)
+#define EVP_R_BN_DECODE_ERROR (-MIN_CODE_E + 100 + 2)
+#define EVP_R_DECODE_ERROR (-MIN_CODE_E + 100 + 3)
+#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4)
+
+#define EVP_PKEY_NONE NID_undef
+#define EVP_PKEY_DH 28
+#define EVP_CIPHER_mode WOLFSSL_EVP_CIPHER_mode
+/* WOLFSSL_EVP_CIPHER is just the string name of the cipher */
+#define EVP_CIPHER_name(x) x
+#define EVP_MD_CTX_reset wolfSSL_EVP_MD_CTX_cleanup
+/* WOLFSSL_EVP_MD is just the string name of the digest */
+#define EVP_MD_name(x) x
+#define EVP_CIPHER_nid wolfSSL_EVP_CIPHER_nid
+
+/* Base64 encoding/decoding APIs */
+#if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)
+#define EVP_ENCODE_CTX WOLFSSL_EVP_ENCODE_CTX
+#define EVP_ENCODE_CTX_new wolfSSL_EVP_ENCODE_CTX_new
+#define EVP_ENCODE_CTX_free wolfSSL_EVP_ENCODE_CTX_free
+#endif /* WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE*/
+#if defined(WOLFSSL_BASE64_ENCODE)
+#define EVP_EncodeInit wolfSSL_EVP_EncodeInit
+#define EVP_EncodeUpdate wolfSSL_EVP_EncodeUpdate
+#define EVP_EncodeFinal wolfSSL_EVP_EncodeFinal
+#endif /* WOLFSSL_BASE64_ENCODE */
+#if defined(WOLFSSL_BASE64_DECODE)
+#define EVP_DecodeInit wolfSSL_EVP_DecodeInit
+#define EVP_DecodeUpdate wolfSSL_EVP_DecodeUpdate
+#define EVP_DecodeFinal wolfSSL_EVP_DecodeFinal
+#endif /* WOLFSSL_BASE64_DECODE */
+
+WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#include <wolfssl/openssl/objects.h>
+
+#endif /* WOLFSSL_EVP_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/hmac.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/hmac.h
new file mode 100644
index 0000000..8158afa
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/hmac.h
@@ -0,0 +1,102 @@
+/* hmac.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* hmac.h defines mini hamc openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_HMAC_H_
+#define WOLFSSL_HMAC_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_hmac.h"
+#endif
+
+#include <wolfssl/openssl/evp.h>
+#include <wolfssl/openssl/opensslv.h>
+#include <wolfssl/wolfcrypt/hmac.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md,
+ const void* key, int key_len,
+ const unsigned char* d, int n, unsigned char* md,
+ unsigned int* md_len);
+
+
+typedef struct WOLFSSL_HMAC_CTX {
+ Hmac hmac;
+ int type;
+ word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
+ word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)];
+} WOLFSSL_HMAC_CTX;
+
+
+WOLFSSL_API WOLFSSL_HMAC_CTX* wolfSSL_HMAC_CTX_new(void);
+WOLFSSL_API int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx);
+WOLFSSL_API int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des,
+ WOLFSSL_HMAC_CTX* src);
+WOLFSSL_LOCAL int wolfSSL_HmacCopy(Hmac* des, Hmac* src);
+WOLFSSL_API int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key,
+ int keylen, const EVP_MD* type);
+WOLFSSL_API int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key,
+ int keylen, const EVP_MD* type, WOLFSSL_ENGINE* e);
+WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx,
+ const unsigned char* data, int len);
+WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
+ unsigned int* len);
+WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx);
+WOLFSSL_API void wolfSSL_HMAC_CTX_cleanup(WOLFSSL_HMAC_CTX* ctx);
+WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
+WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
+
+typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
+
+#define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g))
+
+#define HMAC_CTX_new wolfSSL_HMAC_CTX_new
+#define HMAC_CTX_init wolfSSL_HMAC_CTX_Init
+#define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy
+#define HMAC_CTX_free wolfSSL_HMAC_CTX_free
+#define HMAC_CTX_cleanup wolfSSL_HMAC_CTX_cleanup
+#define HMAC_CTX_reset wolfSSL_HMAC_cleanup
+#define HMAC_Init_ex wolfSSL_HMAC_Init_ex
+#define HMAC_Init wolfSSL_HMAC_Init
+#define HMAC_Update wolfSSL_HMAC_Update
+#define HMAC_Final wolfSSL_HMAC_Final
+#define HMAC_cleanup wolfSSL_HMAC_cleanup
+#define HMAC_size wolfSSL_HMAC_size
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_HMAC_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/lhash.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/lhash.h
new file mode 100644
index 0000000..9825688
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/lhash.h
@@ -0,0 +1,64 @@
+/* lhash.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* lhash.h for openSSL */
+
+#ifndef WOLFSSL_lhash_H_
+#define WOLFSSL_lhash_H_
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#include <wolfssl/openssl/ssl.h>
+
+#ifdef OPENSSL_ALL
+#define IMPLEMENT_LHASH_HASH_FN(name, type) \
+ unsigned long wolfSSL_##name##_LHASH_HASH(const void *arg) \
+ { \
+ const type *a = arg; \
+ return name##_hash(a); \
+ }
+#define IMPLEMENT_LHASH_COMP_FN(name, type) \
+ int wolfSSL_##name##_LHASH_COMP(const void *p1, const void *p2) \
+ { \
+ const type *_p1 = p1; \
+ const type *_p2 = p2; \
+ return name##_cmp(_p1, _p2); \
+ }
+
+#define LHASH_HASH_FN(name) wolfSSL_##name##_LHASH_HASH
+#define LHASH_COMP_FN(name) wolfSSL_##name##_LHASH_COMP
+
+WOLFSSL_API unsigned long wolfSSL_LH_strhash(const char *str);
+
+WOLFSSL_API void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data);
+
+#define lh_strhash wolfSSL_LH_strhash
+
+#endif
+
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_lhash_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/md4.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/md4.h
new file mode 100644
index 0000000..10a6d64
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/md4.h
@@ -0,0 +1,62 @@
+/* md4.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_MD4_H_
+#define WOLFSSL_MD4_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_MD4
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_md4.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef struct WOLFSSL_MD4_CTX {
+ int buffer[32]; /* big enough to hold, check size in Init */
+} WOLFSSL_MD4_CTX;
+
+
+WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*);
+WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long);
+WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*);
+
+
+typedef WOLFSSL_MD4_CTX MD4_CTX;
+
+#define MD4_Init wolfSSL_MD4_Init
+#define MD4_Update wolfSSL_MD4_Update
+#define MD4_Final wolfSSL_MD4_Final
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_MD4 */
+
+#endif /* WOLFSSL_MD4_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/md5.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/md5.h
new file mode 100644
index 0000000..bbbd1ca
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/md5.h
@@ -0,0 +1,82 @@
+/* md5.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* md5.h for openssl */
+
+
+#ifndef WOLFSSL_MD5_H_
+#define WOLFSSL_MD5_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_MD5
+
+#include <wolfssl/wolfcrypt/hash.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_md5.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef struct WOLFSSL_MD5_CTX {
+ /* big enough to hold wolfcrypt md5, but check on init */
+#ifdef STM32_HASH
+ void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(STM32_HASH_Context)) / sizeof(void*)];
+#else
+ void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+#endif
+} WOLFSSL_MD5_CTX;
+
+WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
+WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
+WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
+WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX*, const unsigned char*);
+
+typedef WOLFSSL_MD5_CTX MD5_CTX;
+
+#define MD5_Init wolfSSL_MD5_Init
+#define MD5_Update wolfSSL_MD5_Update
+#define MD5_Final wolfSSL_MD5_Final
+#define MD5_Transform wolfSSL_MD5_Transform
+
+#ifdef OPENSSL_EXTRA_BSD
+ #define MD5Init wolfSSL_MD5_Init
+ #define MD5Update wolfSSL_MD5_Update
+ #define MD5Final wolfSSL_MD5_Final
+#endif
+
+#ifndef MD5
+#define MD5(d, n, md) wc_Md5Hash((d), (n), (md))
+#endif
+
+#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_MD5 */
+
+#endif /* WOLFSSL_MD5_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/obj_mac.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/obj_mac.h
new file mode 100644
index 0000000..0544d6b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/obj_mac.h
@@ -0,0 +1,52 @@
+/* obj_mac.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* obj_mac.h for openSSL */
+
+#ifndef WOLFSSL_OBJ_MAC_H_
+#define WOLFSSL_OBJ_MAC_H_
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#define NID_sect163k1 721
+#define NID_sect163r1 722
+#define NID_sect163r2 723
+#define NID_sect193r1 724
+#define NID_sect193r2 725
+#define NID_sect233k1 726
+#define NID_sect233r1 727
+#define NID_sect239k1 728
+#define NID_sect283k1 729
+#define NID_sect283r1 730
+#define NID_sect409k1 731
+#define NID_sect409r1 732
+#define NID_sect571k1 733
+#define NID_sect571r1 734
+
+/* the definition is for Qt Unit test */
+#define SN_jurisdictionCountryName "jurisdictionC"
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_OBJ_MAC_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/objects.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/objects.h
new file mode 100644
index 0000000..3f97543
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/objects.h
@@ -0,0 +1,63 @@
+/* objects.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_OBJECTS_H_
+#define WOLFSSL_OBJECTS_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+//#include <wolfssl/openssl/ssl.h>
+#ifndef OPENSSL_EXTRA_SSL_GUARD
+#define OPENSSL_EXTRA_SSL_GUARD
+#include <wolfssl/ssl.h>
+#endif /* OPENSSL_EXTRA_SSL_GUARD */
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#define OBJ_nid2sn wolfSSL_OBJ_nid2sn
+#define OBJ_obj2nid wolfSSL_OBJ_obj2nid
+#define OBJ_sn2nid wolfSSL_OBJ_sn2nid
+#define OBJ_nid2ln wolfSSL_OBJ_nid2ln
+#define OBJ_ln2nid wolfSSL_OBJ_ln2nid
+#define OBJ_txt2nid wolfSSL_OBJ_txt2nid
+#define OBJ_txt2obj wolfSSL_OBJ_txt2obj
+#define OBJ_nid2obj wolfSSL_OBJ_nid2obj
+#define OBJ_obj2txt wolfSSL_OBJ_obj2txt
+#define OBJ_cleanup wolfSSL_OBJ_cleanup
+#define OBJ_cmp wolfSSL_OBJ_cmp
+#define OBJ_create wolfSSL_OBJ_create
+#define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free
+
+/* not required for wolfSSL */
+#define OPENSSL_load_builtin_modules()
+
+
+#define NID_ad_OCSP 178
+#define NID_ad_ca_issuers 179
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_OBJECTS_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ocsp.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ocsp.h
new file mode 100644
index 0000000..bc70f72
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ocsp.h
@@ -0,0 +1,89 @@
+/* ocsp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ocsp.h for libcurl */
+
+#ifndef WOLFSSL_OCSP_H_
+#define WOLFSSL_OCSP_H_
+
+#ifdef HAVE_OCSP
+#include <wolfssl/ocsp.h>
+
+#define OCSP_REQUEST OcspRequest
+#define OCSP_RESPONSE OcspResponse
+#define OCSP_BASICRESP WOLFSSL_OCSP_BASICRESP
+#define OCSP_SINGLERESP WOLFSSL_OCSP_SINGLERESP
+#define OCSP_CERTID WOLFSSL_OCSP_CERTID
+#define OCSP_ONEREQ WOLFSSL_OCSP_ONEREQ
+
+#define OCSP_REVOKED_STATUS_NOSTATUS -1
+
+
+#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
+#define OCSP_RESPONSE_STATUS_TRYLATER 3
+
+#define V_OCSP_CERTSTATUS_GOOD 0
+#define V_OCSP_CERTSTATUS_REVOKED 1
+#define V_OCSP_CERTSTATUS_UNKNOWN 2
+
+#define OCSP_resp_find_status wolfSSL_OCSP_resp_find_status
+#define OCSP_cert_status_str wolfSSL_OCSP_cert_status_str
+#define OCSP_check_validity wolfSSL_OCSP_check_validity
+
+#define OCSP_CERTID_free wolfSSL_OCSP_CERTID_free
+#define OCSP_cert_to_id wolfSSL_OCSP_cert_to_id
+
+#define OCSP_BASICRESP_free wolfSSL_OCSP_BASICRESP_free
+#define OCSP_basic_verify wolfSSL_OCSP_basic_verify
+
+#define OCSP_RESPONSE_free wolfSSL_OCSP_RESPONSE_free
+#define d2i_OCSP_RESPONSE_bio wolfSSL_d2i_OCSP_RESPONSE_bio
+#define d2i_OCSP_RESPONSE wolfSSL_d2i_OCSP_RESPONSE
+#define i2d_OCSP_RESPONSE wolfSSL_i2d_OCSP_RESPONSE
+#define OCSP_response_status wolfSSL_OCSP_response_status
+#define OCSP_response_status_str wolfSSL_OCSP_response_status_str
+#define OCSP_response_get1_basic wolfSSL_OCSP_response_get1_basic
+#define OCSP_response_create wolfSSL_OCSP_response_create
+
+#define OCSP_REQUEST_new wolfSSL_OCSP_REQUEST_new
+#define OCSP_REQUEST_free wolfSSL_OCSP_REQUEST_free
+#define i2d_OCSP_REQUEST wolfSSL_i2d_OCSP_REQUEST
+#define OCSP_request_add0_id wolfSSL_OCSP_request_add0_id
+#define OCSP_request_add1_nonce wolfSSL_OCSP_request_add1_nonce
+#define OCSP_check_nonce wolfSSL_OCSP_check_nonce
+#define OCSP_id_get0_info wolfSSL_OCSP_id_get0_info
+#define OCSP_crl_reason_str wolfSSL_OCSP_crl_reason_str
+#define OCSP_REQUEST_add_ext wolfSSL_OCSP_REQUEST_add_ext
+
+#define OCSP_CERTID_dup wolfSSL_OCSP_CERTID_dup
+
+#define i2d_OCSP_REQUEST_bio wolfSSL_i2d_OCSP_REQUEST_bio
+
+#define i2d_OCSP_CERTID wolfSSL_i2d_OCSP_CERTID
+#define OCSP_SINGLERESP_get0_id wolfSSL_OCSP_SINGLERESP_get0_id
+#define OCSP_single_get0_status wolfSSL_OCSP_single_get0_status
+#define OCSP_resp_count wolfSSL_OCSP_resp_count
+#define OCSP_resp_get0 wolfSSL_OCSP_resp_get0
+
+#endif /* HAVE_OCSP */
+
+#endif /* WOLFSSL_OCSP_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/opensslconf.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/opensslconf.h
new file mode 100644
index 0000000..ac6b55b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/opensslconf.h
@@ -0,0 +1,8 @@
+/* opensslconf.h for openSSL */
+
+
+#ifndef OPENSSL_THREADS
+ #define OPENSSL_THREADS
+#endif
+
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/opensslv.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/opensslv.h
new file mode 100644
index 0000000..1a89b59
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/opensslv.h
@@ -0,0 +1,51 @@
+/* opensslv.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* opensslv.h compatibility */
+
+#ifndef WOLFSSL_OPENSSLV_H_
+#define WOLFSSL_OPENSSLV_H_
+
+
+/* api version compatibility */
+#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
+ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
+ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
+ /* valid version */
+#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST)
+ /* For Apache httpd, Use 1.1.0 compatibility */
+ #define OPENSSL_VERSION_NUMBER 0x10100000L
+#elif defined(WOLFSSL_QT)
+ #define OPENSSL_VERSION_NUMBER 0x10101000L
+#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \
+ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+ defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN)
+ /* version number can be increased for Lighty after compatibility for ECDH
+ is added */
+ #define OPENSSL_VERSION_NUMBER 0x10001040L
+#else
+ #define OPENSSL_VERSION_NUMBER 0x0090810fL
+#endif
+
+#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING
+#define OPENSSL_VERSION 0
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ossl_typ.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ossl_typ.h
new file mode 100644
index 0000000..9b1142e
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ossl_typ.h
@@ -0,0 +1,32 @@
+/* ossl_typ.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/openssl/ossl_typ.h
+*/
+
+
+#ifndef WOLFSSL_OSSL_TYP_H_
+#define WOLFSSL_OSSL_TYP_H_
+
+#include <wolfssl/openssl/ssl.h>
+
+#endif /* !WOLFSSL_OSSL_TYP_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/pem.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/pem.h
new file mode 100644
index 0000000..730fd0d
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/pem.h
@@ -0,0 +1,259 @@
+/* pem.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* pem.h for openssl */
+
+/*!
+ \file wolfssl/openssl/pem.h
+*/
+
+
+#ifndef WOLFSSL_PEM_H_
+#define WOLFSSL_PEM_H_
+
+#include <wolfssl/openssl/evp.h>
+#include <wolfssl/openssl/bio.h>
+#include <wolfssl/openssl/rsa.h>
+#include <wolfssl/openssl/dsa.h>
+#include <wolfssl/ssl.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* RSA */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb* cb, void* arg);
+WOLFSSL_API
+WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_RSA**,
+ pem_password_cb* cb,
+ void* arg);
+
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa);
+
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
+ WOLFSSL_RSA** rsa,
+ pem_password_cb* cb, void *u);
+
+WOLFSSL_API
+WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
+ WOLFSSL_EC_GROUP** group,
+ pem_password_cb* cb,
+ void* pass);
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ unsigned char **pem, int *plen);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA **x,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA *x);
+
+WOLFSSL_API
+int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA *x);
+#endif /* NO_FILESYSTEM */
+
+/* DSA */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_DSA* dsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb* cb, void* arg);
+
+WOLFSSL_API
+WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_DSA** dsa,
+ pem_password_cb* cb,void *pass);
+
+WOLFSSL_API
+WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa,
+ pem_password_cb* cb, void *pass);
+
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa);
+
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ unsigned char **pem, int *plen);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x);
+#endif /* NO_FILESYSTEM */
+
+/* ECC */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb* cb, void* arg);
+WOLFSSL_API
+WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_EC_KEY** ec,
+ pem_password_cb* cb,
+ void *pass);
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec);
+
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key,
+ const EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ unsigned char **pem, int *plen);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *key,
+ const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *key);
+
+WOLFSSL_API
+WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio,
+ WOLFSSL_EC_KEY** ec,
+ pem_password_cb* cb, void *pass);
+#endif /* NO_FILESYSTEM */
+
+/* EVP_KEY */
+WOLFSSL_API
+WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_EVP_PKEY**,
+ pem_password_cb* cb,
+ void* arg);
+WOLFSSL_API
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
+ WOLFSSL_EVP_PKEY **key,
+ pem_password_cb *cb, void *pass);
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
+ const WOLFSSL_EVP_CIPHER* cipher,
+ unsigned char* passwd, int len,
+ pem_password_cb* cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key);
+
+
+WOLFSSL_API
+int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header,
+ unsigned char **data, long *len);
+WOLFSSL_API
+int wolfSSL_PEM_write_bio(WOLFSSL_BIO *bio, const char *name,
+ const char *header, const unsigned char *data,
+ long len);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+int wolfSSL_PEM_read(XFILE fp, char **name, char **header, unsigned char **data,
+ long *len);
+WOLFSSL_API
+int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header,
+ const unsigned char *data, long len);
+#endif
+
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+WOLFSSL_X509 *wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
+ pem_password_cb *cb, void *u);
+WOLFSSL_API
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **x,
+ pem_password_cb *cb, void *u);
+
+WOLFSSL_API
+int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509 *x);
+WOLFSSL_API
+int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
+#endif /* NO_FILESYSTEM */
+
+#define PEM_read wolfSSL_PEM_read
+#define PEM_read_bio wolfSSL_PEM_read_bio
+#define PEM_write wolfSSL_PEM_write
+#define PEM_write_bio wolfSSL_PEM_write_bio
+
+#define PEM_read_X509 wolfSSL_PEM_read_X509
+#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey
+#define PEM_write_X509 wolfSSL_PEM_write_X509
+#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey
+#define PEM_write_bio_PKCS8PrivateKey wolfSSL_PEM_write_bio_PKCS8PrivateKey
+
+/* DH */
+#define PEM_write_DHparams wolfSSL_PEM_write_DHparams
+/* RSA */
+#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey
+#define PEM_read_bio_RSAPrivateKey wolfSSL_PEM_read_bio_RSAPrivateKey
+#define PEM_write_bio_RSA_PUBKEY wolfSSL_PEM_write_bio_RSA_PUBKEY
+#define PEM_read_bio_RSA_PUBKEY wolfSSL_PEM_read_bio_RSA_PUBKEY
+#define PEM_read_bio_ECPKParameters wolfSSL_PEM_read_bio_ECPKParameters
+#define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey
+#define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY
+#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey
+#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey
+/* DSA */
+#define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey
+#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey
+#define PEM_write_bio_DSA_PUBKEY wolfSSL_PEM_write_bio_DSA_PUBKEY
+#define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY
+#define PEM_read_bio_DSAPrivateKey wolfSSL_PEM_read_bio_DSAPrivateKey
+#define PEM_read_bio_DSA_PUBKEY wolfSSL_PEM_read_bio_DSA_PUBKEY
+/* ECC */
+#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey
+#define PEM_write_bio_EC_PUBKEY wolfSSL_PEM_write_bio_EC_PUBKEY
+#define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY
+#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey
+#define PEM_read_bio_ECPrivateKey wolfSSL_PEM_read_bio_ECPrivateKey
+#define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY
+#ifndef NO_WOLFSSL_STUB
+#define PEM_write_bio_ECPKParameters(...) 0
+#endif
+/* EVP_KEY */
+#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey
+#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY
+#define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY
+#define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_PEM_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/pkcs12.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/pkcs12.h
new file mode 100644
index 0000000..1eb0f3e
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/pkcs12.h
@@ -0,0 +1,50 @@
+/* pkcs12.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* pkcs12.h for openssl */
+
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/wolfcrypt/pkcs12.h>
+
+#ifndef WOLFSSL_PKCS12_COMPAT_H_
+#define WOLFSSL_PKCS12_COMPAT_H_
+
+#define NID_pbe_WithSHA1AndDES_CBC 2
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3
+#define NID_pbe_WithSHA1And128BitRC4 1
+
+#define PKCS12_DEFAULT_ITER WC_PKCS12_ITT_DEFAULT
+
+/* wolfCrypt level does not make use of ssl.h */
+#define PKCS12 WC_PKCS12
+#define PKCS12_new wc_PKCS12_new
+#define PKCS12_free wc_PKCS12_free
+
+/* wolfSSL level using structs from ssl.h and calls down to wolfCrypt */
+#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio
+#define PKCS12_parse wolfSSL_PKCS12_parse
+#define PKCS12_verify_mac wolfSSL_PKCS12_verify_mac
+#define PKCS12_create wolfSSL_PKCS12_create
+#define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add
+
+#endif /* WOLFSSL_PKCS12_COMPAT_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/pkcs7.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/pkcs7.h
new file mode 100644
index 0000000..0eb8a1c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/pkcs7.h
@@ -0,0 +1,93 @@
+/* pkcs7.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* pkcs7.h for openSSL */
+
+
+#ifndef WOLFSSL_PKCS7_H_
+#define WOLFSSL_PKCS7_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/wolfcrypt/pkcs7.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
+
+#define PKCS7_NOINTERN 0x0010
+#define PKCS7_NOVERIFY 0x0020
+
+typedef struct WOLFSSL_PKCS7
+{
+ PKCS7 pkcs7;
+ unsigned char* data;
+ int len;
+ WOLFSSL_STACK* certs;
+} WOLFSSL_PKCS7;
+
+
+WOLFSSL_API PKCS7* wolfSSL_PKCS7_new(void);
+WOLFSSL_API PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void);
+WOLFSSL_API void wolfSSL_PKCS7_free(PKCS7* p7);
+WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7);
+WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
+ int len);
+WOLFSSL_LOCAL PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in,
+ int len, byte* content, word32 contentSz);
+WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
+WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
+WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
+ WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
+WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
+ WOLFSSL_BIO* out);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
+ WOLFSSL_STACK* certs, int flags);
+WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
+#if defined(HAVE_SMIME)
+WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont);
+#endif /* HAVE_SMIME */
+
+
+#define PKCS7_new wolfSSL_PKCS7_new
+#define PKCS7_SIGNED_new wolfSSL_PKCS7_SIGNED_new
+#define PKCS7_free wolfSSL_PKCS7_free
+#define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free
+#define d2i_PKCS7 wolfSSL_d2i_PKCS7
+#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
+#define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio
+#define PKCS7_verify wolfSSL_PKCS7_verify
+#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
+#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7
+#if defined(HAVE_SMIME)
+#define SMIME_read_PKCS7 wolfSSL_SMIME_read_PKCS7
+#endif /* HAVE_SMIME */
+
+#endif /* OPENSSL_ALL && HAVE_PKCS7 */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_PKCS7_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/rand.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/rand.h
new file mode 100644
index 0000000..11af818
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/rand.h
@@ -0,0 +1,29 @@
+/* rand.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* rand.h for openSSL */
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+typedef WOLFSSL_RAND_METHOD RAND_METHOD;
+
+#define RAND_set_rand_method wolfSSL_RAND_set_rand_method
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/rc4.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/rc4.h
new file mode 100644
index 0000000..9fc3ce1
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/rc4.h
@@ -0,0 +1,59 @@
+/* rc4.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* rc4.h defines mini des openssl compatibility layer
+ *
+ */
+
+#ifndef WOLFSSL_RC4_COMPAT_H_
+#define WOLFSSL_RC4_COMPAT_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/openssl/ssl.h> /* included for size_t */
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* applications including wolfssl/openssl/rc4.h are expecting to have access to
+ * the size of RC4_KEY structures. */
+typedef struct WOLFSSL_RC4_KEY {
+ /* big enough for Arc4 from wolfssl/wolfcrypt/arc4.h */
+ void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+} WOLFSSL_RC4_KEY;
+typedef WOLFSSL_RC4_KEY RC4_KEY;
+
+WOLFSSL_API void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
+ const unsigned char* data);
+WOLFSSL_API void wolfSSL_RC4(WOLFSSL_RC4_KEY* key, size_t len,
+ const unsigned char* in, unsigned char* out);
+
+#define RC4 wolfSSL_RC4
+#define RC4_set_key wolfSSL_RC4_set_key
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_RC4_COMPAT_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ripemd.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ripemd.h
new file mode 100644
index 0000000..f7dea28
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ripemd.h
@@ -0,0 +1,58 @@
+/* ripemd.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* ripemd.h for openssl */
+
+
+#ifndef WOLFSSL_RIPEMD_H_
+#define WOLFSSL_RIPEMD_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef struct WOLFSSL_RIPEMD_CTX {
+ int holder[32]; /* big enough to hold wolfcrypt, but check on init */
+} WOLFSSL_RIPEMD_CTX;
+
+WOLFSSL_API void wolfSSL_RIPEMD_Init(WOLFSSL_RIPEMD_CTX*);
+WOLFSSL_API void wolfSSL_RIPEMD_Update(WOLFSSL_RIPEMD_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API void wolfSSL_RIPEMD_Final(unsigned char*, WOLFSSL_RIPEMD_CTX*);
+
+
+typedef WOLFSSL_RIPEMD_CTX RIPEMD_CTX;
+
+#define RIPEMD_Init wolfSSL_RIPEMD_Init
+#define RIPEMD_Update wolfSSL_RIPEMD_Update
+#define RIPEMD_Final wolfSSL_RIPEMD_Final
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_MD5_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/rsa.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/rsa.h
new file mode 100644
index 0000000..fcbaa6c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/rsa.h
@@ -0,0 +1,211 @@
+/* rsa.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* rsa.h for openSSL */
+
+
+#ifndef WOLFSSL_RSA_H_
+#define WOLFSSL_RSA_H_
+
+#include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/err.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Padding types */
+#define RSA_PKCS1_PADDING 0
+#define RSA_PKCS1_OAEP_PADDING 1
+#define RSA_PKCS1_PSS_PADDING 2
+#define RSA_NO_PADDING 3
+
+/* Emulate OpenSSL flags */
+#define RSA_METHOD_FLAG_NO_CHECK (1 << 1)
+#define RSA_FLAG_CACHE_PUBLIC (1 << 2)
+#define RSA_FLAG_CACHE_PRIVATE (1 << 3)
+#define RSA_FLAG_BLINDING (1 << 4)
+#define RSA_FLAG_THREAD_SAFE (1 << 5)
+#define RSA_FLAG_EXT_PKEY (1 << 6)
+#define RSA_FLAG_NO_BLINDING (1 << 7)
+#define RSA_FLAG_NO_CONSTTIME (1 << 8)
+
+/* Salt length same as digest length */
+#define RSA_PSS_SALTLEN_DIGEST -1
+/* Old max salt length */
+#define RSA_PSS_SALTLEN_MAX_SIGN -2
+/* Max salt length */
+#define RSA_PSS_SALTLEN_MAX -3
+
+typedef struct WOLFSSL_RSA_METHOD {
+ int flags;
+ char *name;
+} WOLFSSL_RSA_METHOD;
+
+#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
+#define WOLFSSL_RSA_TYPE_DEFINED
+typedef struct WOLFSSL_RSA {
+#ifdef WC_RSA_BLINDING
+ WC_RNG* rng; /* for PrivateDecrypt blinding */
+#endif
+ WOLFSSL_BIGNUM* n;
+ WOLFSSL_BIGNUM* e;
+ WOLFSSL_BIGNUM* d;
+ WOLFSSL_BIGNUM* p;
+ WOLFSSL_BIGNUM* q;
+ WOLFSSL_BIGNUM* dmp1; /* dP */
+ WOLFSSL_BIGNUM* dmq1; /* dQ */
+ WOLFSSL_BIGNUM* iqmp; /* u */
+ void* heap;
+ void* internal; /* our RSA */
+ char inSet; /* internal set from external ? */
+ char exSet; /* external set from internal ? */
+ char ownRng; /* flag for if the rng should be free'd */
+#if defined(OPENSSL_EXTRA)
+ WOLFSSL_RSA_METHOD* meth;
+#endif
+#if defined(HAVE_EX_DATA)
+ WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+ wolfSSL_Mutex refMutex; /* ref count mutex */
+ int refCount; /* reference count */
+#endif
+} WOLFSSL_RSA;
+#endif
+
+typedef WOLFSSL_RSA RSA;
+typedef WOLFSSL_RSA_METHOD RSA_METHOD;
+
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
+WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA*);
+
+WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*,
+ void* cb);
+
+WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
+ unsigned char* to, WOLFSSL_RSA*, int padding);
+WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
+ unsigned char* to, WOLFSSL_RSA*, int padding);
+WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, const unsigned char* in,
+ unsigned char* out, WOLFSSL_RSA* rsa, int padding);
+
+WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
+ unsigned int mLen, unsigned char* sigRet,
+ unsigned int* sigLen, WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
+ unsigned int mLen, unsigned char* sigRet,
+ unsigned int* sigLen, WOLFSSL_RSA*, int);
+WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
+ unsigned int mLen, unsigned char* sigRet,
+ unsigned int* sigLen, WOLFSSL_RSA*, int, int);
+WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
+ unsigned int mLen, const unsigned char* sig,
+ unsigned int sigLen, WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
+ unsigned int mLen, const unsigned char* sig,
+ unsigned int sigLen, WOLFSSL_RSA* rsa,
+ int padding);
+WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
+ unsigned char* to, WOLFSSL_RSA*, int padding);
+WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
+WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt);
+
+WOLFSSL_API WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags);
+WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth);
+WOLFSSL_API int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *rsa, void* p);
+WOLFSSL_API int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth);
+WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa);
+WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void);
+
+WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n,
+ const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d);
+WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
+ WOLFSSL_BIGNUM *d);
+WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r);
+WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags);
+
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa);
+
+WOLFSSL_API void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx);
+WOLFSSL_API int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
+ WOLFSSL_RSA *rsa,
+ int idx,
+ void *data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+
+#define WOLFSSL_RSA_LOAD_PRIVATE 1
+#define WOLFSSL_RSA_LOAD_PUBLIC 2
+#define WOLFSSL_RSA_F4 0x10001L
+
+#define RSA_new wolfSSL_RSA_new
+#define RSA_free wolfSSL_RSA_free
+
+#define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex
+
+#define RSA_blinding_on wolfSSL_RSA_blinding_on
+#define RSA_public_encrypt wolfSSL_RSA_public_encrypt
+#define RSA_private_decrypt wolfSSL_RSA_private_decrypt
+#define RSA_private_encrypt wolfSSL_RSA_private_encrypt
+
+#define RSA_size wolfSSL_RSA_size
+#define RSA_sign wolfSSL_RSA_sign
+#define RSA_verify wolfSSL_RSA_verify
+#define RSA_public_decrypt wolfSSL_RSA_public_decrypt
+
+#define RSA_meth_new wolfSSL_RSA_meth_new
+#define RSA_meth_free wolfSSL_RSA_meth_free
+#define RSA_meth_set_pub_enc wolfSSL_RSA_meth_set
+#define RSA_meth_set_pub_dec wolfSSL_RSA_meth_set
+#define RSA_meth_set_priv_enc wolfSSL_RSA_meth_set
+#define RSA_meth_set_priv_dec wolfSSL_RSA_meth_set
+#define RSA_meth_set_init wolfSSL_RSA_meth_set
+#define RSA_meth_set_finish wolfSSL_RSA_meth_set
+#define RSA_meth_set0_app_data wolfSSL_RSA_meth_set
+#define RSA_get_default_method wolfSSL_RSA_get_default_method
+#define RSA_get_method wolfSSL_RSA_get_method
+#define RSA_set_method wolfSSL_RSA_set_method
+#define RSA_get0_key wolfSSL_RSA_get0_key
+#define RSA_set0_key wolfSSL_RSA_set0_key
+#define RSA_flags wolfSSL_RSA_flags
+#define RSA_set_flags wolfSSL_RSA_set_flags
+
+#define RSAPublicKey_dup wolfSSL_RSAPublicKey_dup
+#define RSA_get_ex_data wolfSSL_RSA_get_ex_data
+#define RSA_set_ex_data wolfSSL_RSA_set_ex_data
+
+#define RSA_get0_key wolfSSL_RSA_get0_key
+
+#define RSA_F4 WOLFSSL_RSA_F4
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/sha.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/sha.h
new file mode 100644
index 0000000..7120ecb
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/sha.h
@@ -0,0 +1,226 @@
+/* sha.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* sha.h for openssl */
+
+
+#ifndef WOLFSSL_SHA_H_
+#define WOLFSSL_SHA_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_sha.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+typedef struct WOLFSSL_SHA_CTX {
+ /* big enough to hold wolfcrypt Sha, but check on init */
+#if defined(STM32_HASH)
+ void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(STM32_HASH_Context)) / sizeof(void*)];
+#else
+ void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+#endif
+ #ifdef WOLF_CRYPTO_CB
+ void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)];
+ #endif
+} WOLFSSL_SHA_CTX;
+
+WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
+WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
+WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
+WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*,
+ const unsigned char *data);
+/* SHA1 points to above, shouldn't use SHA0 ever */
+WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
+WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
+WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
+WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*,
+ const unsigned char *data);
+enum {
+ SHA_DIGEST_LENGTH = 20
+};
+
+
+typedef WOLFSSL_SHA_CTX SHA_CTX;
+
+#define SHA_Init wolfSSL_SHA_Init
+#define SHA_Update wolfSSL_SHA_Update
+#define SHA_Final wolfSSL_SHA_Final
+#define SHA_Transform wolfSSL_SHA_Transform
+
+#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
+ (!defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
+ /* SHA is only available in non-fips mode or fips version > 2 mode
+ * because of SHA enum in FIPS build. */
+ #define SHA wolfSSL_SHA1
+#endif
+
+#define SHA1_Init wolfSSL_SHA1_Init
+#define SHA1_Update wolfSSL_SHA1_Update
+#define SHA1_Final wolfSSL_SHA1_Final
+#define SHA1_Transform wolfSSL_SHA1_Transform
+
+#ifdef WOLFSSL_SHA224
+
+/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
+ * struct are 16 byte aligned. Any dereference to those elements after casting
+ * to Sha224, is expected to also be 16 byte aligned addresses. */
+typedef struct WOLFSSL_SHA224_CTX {
+ /* big enough to hold wolfcrypt Sha224, but check on init */
+ ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+} WOLFSSL_SHA224_CTX;
+
+WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX*);
+WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA224_Final(unsigned char*, WOLFSSL_SHA224_CTX*);
+
+enum {
+ SHA224_DIGEST_LENGTH = 28
+};
+
+
+typedef WOLFSSL_SHA224_CTX SHA224_CTX;
+
+#define SHA224_Init wolfSSL_SHA224_Init
+#define SHA224_Update wolfSSL_SHA224_Update
+#define SHA224_Final wolfSSL_SHA224_Final
+#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
+ (!defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
+ /* SHA224 is only available in non-fips mode or fips version > 2 mode
+ * because of SHA224 enum in FIPS build. */
+ #define SHA224 wolfSSL_SHA224
+#endif
+
+#endif /* WOLFSSL_SHA224 */
+
+
+/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
+ * struct are 16 byte aligned. Any dereference to those elements after casting
+ * to Sha256, is expected to also be 16 byte aligned addresses. */
+typedef struct WOLFSSL_SHA256_CTX {
+ /* big enough to hold wolfcrypt Sha256, but check on init */
+ ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+} WOLFSSL_SHA256_CTX;
+
+WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
+WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
+WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX*,
+ const unsigned char *data);
+enum {
+ SHA256_DIGEST_LENGTH = 32
+};
+
+
+typedef WOLFSSL_SHA256_CTX SHA256_CTX;
+
+#define SHA256_Init wolfSSL_SHA256_Init
+#define SHA256_Update wolfSSL_SHA256_Update
+#define SHA256_Final wolfSSL_SHA256_Final
+#define SHA256_Transform wolfSSL_SHA256_Transform
+
+#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
+ * build. */
+ #define SHA256 wolfSSL_SHA256
+#endif
+
+
+#ifdef WOLFSSL_SHA384
+
+typedef struct WOLFSSL_SHA384_CTX {
+ /* big enough to hold wolfCrypt Sha384, but check on init */
+ void* holder[(256 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+} WOLFSSL_SHA384_CTX;
+
+WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*);
+WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*);
+
+enum {
+ SHA384_DIGEST_LENGTH = 48
+};
+
+
+typedef WOLFSSL_SHA384_CTX SHA384_CTX;
+
+#define SHA384_Init wolfSSL_SHA384_Init
+#define SHA384_Update wolfSSL_SHA384_Update
+#define SHA384_Final wolfSSL_SHA384_Final
+#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS
+ * build. */
+ #define SHA384 wolfSSL_SHA384
+#endif
+#endif /* WOLFSSL_SHA384 */
+
+#ifdef WOLFSSL_SHA512
+
+typedef struct WOLFSSL_SHA512_CTX {
+ /* big enough to hold wolfCrypt Sha384, but check on init */
+ void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+} WOLFSSL_SHA512_CTX;
+
+WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
+WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
+WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX*,
+ const unsigned char*);
+enum {
+ SHA512_DIGEST_LENGTH = 64
+};
+
+
+typedef WOLFSSL_SHA512_CTX SHA512_CTX;
+
+#define SHA512_Init wolfSSL_SHA512_Init
+#define SHA512_Update wolfSSL_SHA512_Update
+#define SHA512_Final wolfSSL_SHA512_Final
+#define SHA512_Transform wolfSSL_SHA512_Transform
+#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS
+ * build. */
+ #define SHA512 wolfSSL_SHA512
+#endif
+#endif /* WOLFSSL_SHA512 */
+
+
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_SHA_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/sha3.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/sha3.h
new file mode 100644
index 0000000..75bed13
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/sha3.h
@@ -0,0 +1,150 @@
+/* sha3.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* sha3.h for openssl */
+
+
+#ifndef WOLFSSL_SHA3_H_
+#define WOLFSSL_SHA3_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFSSL_PREFIX
+#include "prefix_sha.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha3
+ * struct are 16 byte aligned. Any dereference to those elements after casting
+ * to Sha3 is expected to also be 16 byte aligned addresses. */
+struct WOLFSSL_SHA3_CTX {
+ /* big enough to hold wolfcrypt Sha3, but check on init */
+ ALIGN16 void* holder[(424 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+};
+
+#ifndef WOLFSSL_NOSHA3_224
+typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_224_CTX;
+
+WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char*, WOLFSSL_SHA3_224_CTX*);
+
+enum {
+ SHA3_224_DIGEST_LENGTH = 28
+};
+
+typedef WOLFSSL_SHA3_224_CTX SHA3_224_CTX;
+
+#define SHA3_224_Init wolfSSL_SHA3_224_Init
+#define SHA3_224_Update wolfSSL_SHA3_224_Update
+#define SHA3_224_Final wolfSSL_SHA3_224_Final
+#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ #define SHA3_224 wolfSSL_SHA3_224
+#endif
+#endif /* WOLFSSL_NOSHA3_224 */
+
+
+#ifndef WOLFSSL_NOSHA3_256
+typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_256_CTX;
+
+
+WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char*, WOLFSSL_SHA3_256_CTX*);
+
+enum {
+ SHA3_256_DIGEST_LENGTH = 32
+};
+
+
+typedef WOLFSSL_SHA3_256_CTX SHA3_256_CTX;
+
+#define SHA3_256_Init wolfSSL_SHA3_256_Init
+#define SHA3_256_Update wolfSSL_SHA3_256_Update
+#define SHA3_256_Final wolfSSL_SHA3_256_Final
+#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ #define SHA3_256 wolfSSL_SHA3_256
+#endif
+#endif /* WOLFSSL_NOSHA3_256 */
+
+
+typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_384_CTX;
+
+WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char*, WOLFSSL_SHA3_384_CTX*);
+
+enum {
+ SHA3_384_DIGEST_LENGTH = 48
+};
+
+typedef WOLFSSL_SHA3_384_CTX SHA3_384_CTX;
+
+#define SHA3_384_Init wolfSSL_SHA3_384_Init
+#define SHA3_384_Update wolfSSL_SHA3_384_Update
+#define SHA3_384_Final wolfSSL_SHA3_384_Final
+#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ #define SHA3_384 wolfSSL_SHA3_384
+#endif
+
+
+#ifndef WOLFSSL_NOSHA3_512
+
+typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_512_CTX;
+
+WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX*, const void*,
+ unsigned long);
+WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char*, WOLFSSL_SHA3_512_CTX*);
+
+enum {
+ SHA3_512_DIGEST_LENGTH = 64
+};
+
+
+typedef WOLFSSL_SHA3_512_CTX SHA3_512_CTX;
+
+#define SHA3_512_Init wolfSSL_SHA3_512_Init
+#define SHA3_512_Update wolfSSL_SHA3_512_Update
+#define SHA3_512_Final wolfSSL_SHA3_512_Final
+#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ #define SHA3_512 wolfSSL_SHA3_512
+#endif
+#endif /* WOLFSSL_NOSHA3_512 */
+
+
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_SHA3_H_ */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/srp.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/srp.h
new file mode 100644
index 0000000..f6aaec2
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/srp.h
@@ -0,0 +1,29 @@
+/* srp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_SRP_H_
+#define WOLFSSL_SRP_H_
+
+#include <wolfssl/wolfcrypt/srp.h>
+
+#define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS
+
+#endif /* WOLFSSL_SRP_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ssl.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ssl.h
new file mode 100644
index 0000000..09bf6ca
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ssl.h
@@ -0,0 +1,1430 @@
+/* ssl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* ssl.h defines wolfssl_openssl compatibility layer
+ *
+ */
+
+
+#ifndef WOLFSSL_OPENSSL_H_
+#define WOLFSSL_OPENSSL_H_
+
+/* wolfssl_openssl compatibility layer */
+#ifndef OPENSSL_EXTRA_SSL_GUARD
+#define OPENSSL_EXTRA_SSL_GUARD
+#include <wolfssl/ssl.h>
+#endif /* OPENSSL_EXTRA_SSL_GUARD */
+
+#include <wolfssl/openssl/tls1.h>
+#include <wolfssl/openssl/evp.h>
+#include <wolfssl/openssl/bio.h>
+#ifdef OPENSSL_EXTRA
+#include <wolfssl/openssl/crypto.h>
+#endif
+
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+#include <wolfssl/openssl/dh.h>
+#include <wolfssl/openssl/objects.h>
+#endif
+
+/* need MIN_CODE_E to determine wolfSSL error range */
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+/* all NID_* values are in asn.h */
+#include <wolfssl/wolfcrypt/asn.h>
+
+#include <wolfssl/openssl/x509.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef _WIN32
+ /* wincrypt.h clashes */
+ #undef X509_NAME
+#endif
+
+#ifdef WOLFSSL_UTASKER
+ /* tcpip.h clashes */
+ #undef ASN1_INTEGER
+#endif
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
+#endif
+
+typedef WOLFSSL SSL;
+typedef WOLFSSL_SESSION SSL_SESSION;
+typedef WOLFSSL_METHOD SSL_METHOD;
+typedef WOLFSSL_CTX SSL_CTX;
+
+typedef WOLFSSL_X509 X509;
+typedef WOLFSSL_X509 X509_REQ;
+typedef WOLFSSL_X509_NAME X509_NAME;
+typedef WOLFSSL_X509_INFO X509_INFO;
+typedef WOLFSSL_X509_CHAIN X509_CHAIN;
+
+/* STACK_OF(ASN1_OBJECT) */
+typedef WOLFSSL_STACK EXTENDED_KEY_USAGE;
+
+
+/* redeclare guard */
+#define WOLFSSL_TYPES_DEFINED
+
+typedef WOLFSSL_BIO BIO;
+typedef WOLFSSL_BIO_METHOD BIO_METHOD;
+typedef WOLFSSL_CIPHER SSL_CIPHER;
+typedef WOLFSSL_X509_LOOKUP X509_LOOKUP;
+typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
+typedef WOLFSSL_X509_CRL X509_CRL;
+typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
+typedef WOLFSSL_X509_PUBKEY X509_PUBKEY;
+typedef WOLFSSL_X509_ALGOR X509_ALGOR;
+typedef WOLFSSL_ASN1_TIME ASN1_TIME;
+typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER;
+typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT;
+typedef WOLFSSL_ASN1_STRING ASN1_STRING;
+typedef WOLFSSL_ASN1_TYPE ASN1_TYPE;
+typedef WOLFSSL_X509_ATTRIBUTE X509_ATTRIBUTE;
+typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
+typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
+typedef WOLFSSL_BUF_MEM BUF_MEM;
+typedef WOLFSSL_GENERAL_NAMES GENERAL_NAMES;
+typedef WOLFSSL_GENERAL_NAME GENERAL_NAME;
+
+#define X509_L_FILE_LOAD WOLFSSL_X509_L_FILE_LOAD
+#define X509_L_ADD_DIR WOLFSSL_X509_L_ADD_DIR
+#define X509_L_ADD_STORE WOLFSSL_X509_L_ADD_STORE
+#define X509_L_LOAD_STORE WOLFSSL_X509_L_LOAD_STORE
+
+#define ASN1_UTCTIME WOLFSSL_ASN1_TIME
+#define ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
+
+typedef WOLFSSL_COMP_METHOD COMP_METHOD;
+typedef WOLFSSL_COMP SSL_COMP;
+typedef WOLFSSL_X509_REVOKED X509_REVOKED;
+typedef WOLFSSL_X509_OBJECT X509_OBJECT;
+typedef WOLFSSL_X509_STORE X509_STORE;
+typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
+typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
+
+#define EVP_CIPHER_INFO EncryptedInfo
+
+#define STACK_OF(x) WOLFSSL_STACK
+#define OPENSSL_STACK WOLFSSL_STACK
+#define _STACK OPENSSL_STACK
+
+#define CONF_get1_default_config_file wolfSSL_CONF_get1_default_config_file
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+#define CRYPTO_free wolfSSL_CRYPTO_free
+#define CRYPTO_malloc wolfSSL_CRYPTO_malloc
+#define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new
+#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup
+#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free
+#define CRYPTO_EX_DATA WOLFSSL_CRYPTO_EX_DATA
+
+/* depreciated */
+#define CRYPTO_thread_id wolfSSL_thread_id
+#define CRYPTO_set_id_callback wolfSSL_set_id_callback
+
+#define CRYPTO_LOCK 0x01
+#define CRYPTO_UNLOCK 0x02
+#define CRYPTO_READ 0x04
+#define CRYPTO_WRITE 0x08
+
+#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback
+#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback
+#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback
+#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback
+#define CRYPTO_num_locks wolfSSL_num_locks
+#define CRYPTO_dynlock_value WOLFSSL_dynlock_value
+
+#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data
+#define set_ex_data wolfSSL_CRYPTO_set_ex_data
+#define get_ex_data wolfSSL_CRYPTO_get_ex_data
+#define CRYPTO_memcmp wolfSSL_CRYPTO_memcmp
+#define CRYPTO_get_ex_new_index wolfSSL_CRYPTO_get_ex_new_index
+
+#define CRYPTO_get_ex_new_index wolfSSL_CRYPTO_get_ex_new_index
+
+/* this function was used to set the default malloc, free, and realloc */
+#define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */
+#define OPENSSL_malloc_init() 0 /* OPENSSL_malloc_init is not needed */
+
+#define SSL_get_client_random(ssl,out,outSz) \
+ wolfSSL_get_client_random((ssl),(out),(outSz))
+#define SSL_get_cipher_list(ctx,i) wolfSSL_get_cipher_list_ex((ctx),(i))
+#define SSL_get_cipher_name(ctx) wolfSSL_get_cipher((ctx))
+#define SSL_get_shared_ciphers(ctx,buf,len) \
+ wolfSSL_get_shared_ciphers((ctx),(buf),(len))
+
+/* at the moment only returns ok */
+#define SSL_get_verify_result wolfSSL_get_verify_result
+#define SSL_get_verify_mode wolfSSL_get_verify_mode
+#define SSL_get_verify_depth wolfSSL_get_verify_depth
+#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode
+#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth
+#define SSL_get_certificate wolfSSL_get_certificate
+#define SSL_CTX_get0_certificate wolfSSL_CTX_get0_certificate
+#define SSL_use_certificate wolfSSL_use_certificate
+#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
+#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
+#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
+#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
+#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
+#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
+#define SSL_CTX_set_ecdh_auto wolfSSL_CTX_set_ecdh_auto
+
+#define i2d_PUBKEY wolfSSL_i2d_PUBKEY
+#define d2i_PUBKEY wolfSSL_d2i_PUBKEY
+#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio
+#define d2i_PrivateKey wolfSSL_d2i_PrivateKey
+#define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey
+#define SSL_use_PrivateKey wolfSSL_use_PrivateKey
+#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
+#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
+#define SSL_get_privatekey wolfSSL_get_privatekey
+#define SSL_CTX_use_PrivateKey_ASN1 wolfSSL_CTX_use_PrivateKey_ASN1
+
+#define SSLv23_method wolfSSLv23_method
+#define SSLv23_client_method wolfSSLv23_client_method
+#define SSLv2_client_method wolfSSLv2_client_method
+#define SSLv2_server_method wolfSSLv2_server_method
+#define SSLv3_server_method wolfSSLv3_server_method
+#define SSLv3_client_method wolfSSLv3_client_method
+#define TLS_client_method wolfTLS_client_method
+#define TLS_server_method wolfTLS_server_method
+#define TLSv1_method wolfTLSv1_method
+#define TLSv1_server_method wolfTLSv1_server_method
+#define TLSv1_client_method wolfTLSv1_client_method
+#define TLSv1_1_method wolfTLSv1_1_method
+#define TLSv1_1_server_method wolfTLSv1_1_server_method
+#define TLSv1_1_client_method wolfTLSv1_1_client_method
+#define TLSv1_2_method wolfTLSv1_2_method
+#define TLSv1_2_server_method wolfTLSv1_2_server_method
+#define TLSv1_2_client_method wolfTLSv1_2_client_method
+#define TLSv1_3_method wolfTLSv1_3_method
+#define TLSv1_3_server_method wolfTLSv1_3_server_method
+#define TLSv1_3_client_method wolfTLSv1_3_client_method
+#define TLS_method wolfSSLv23_method
+
+#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1
+
+#define X509_F_X509_CHECK_PRIVATE_KEY 128
+
+#ifdef WOLFSSL_DTLS
+ #define DTLSv1_client_method wolfDTLSv1_client_method
+ #define DTLSv1_server_method wolfDTLSv1_server_method
+ #define DTLSv1_2_client_method wolfDTLSv1_2_client_method
+ #define DTLSv1_2_server_method wolfDTLSv1_2_server_method
+ #define DTLS_method wolfDTLS_method
+#endif
+
+
+#ifndef NO_FILESYSTEM
+ #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file
+ #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file
+#ifdef WOLFSSL_APACHE_HTTPD
+ #define SSL_CTX_load_verify_locations(ctx,file,path) \
+ wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\
+ WOLFSSL_LOAD_FLAG_IGNORE_ERR)
+#else
+ #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations
+#endif
+ #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
+ #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file
+
+ #define SSL_use_certificate_file wolfSSL_use_certificate_file
+ #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file
+ #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file
+ #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file
+#endif
+
+#define SSL_CTX_new(method) wolfSSL_CTX_new((WOLFSSL_METHOD*)(method))
+#ifdef OPENSSL_EXTRA
+#define SSL_CTX_up_ref wolfSSL_CTX_up_ref
+#endif
+#define SSL_new wolfSSL_new
+#define SSL_set_fd wolfSSL_set_fd
+#define SSL_get_fd wolfSSL_get_fd
+#define SSL_connect wolfSSL_connect
+#define SSL_clear wolfSSL_clear
+#define SSL_state wolfSSL_state
+
+#define SSL_write wolfSSL_write
+#define SSL_read wolfSSL_read
+#define SSL_peek wolfSSL_peek
+#define SSL_accept wolfSSL_accept
+#define SSL_CTX_free wolfSSL_CTX_free
+#define SSL_free wolfSSL_free
+#define SSL_shutdown wolfSSL_shutdown
+#define SSL_set_timeout wolfSSL_set_timeout
+
+#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown
+#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown
+#define SSL_get_error wolfSSL_get_error
+#define SSL_set_session wolfSSL_set_session
+#define SSL_get_session(x) wolfSSL_get_session((WOLFSSL*) (x))
+#define SSL_SESSION_get0_peer wolfSSL_SESSION_get0_peer
+#define SSL_flush_sessions wolfSSL_flush_sessions
+/* assume unlimited temporarily */
+#define SSL_CTX_get_session_cache_mode(ctx) 0
+
+#define SSL_CTX_set_verify wolfSSL_CTX_set_verify
+#define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback
+#define SSL_set_verify wolfSSL_set_verify
+#define SSL_set_verify_result wolfSSL_set_verify_result
+#define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake
+#define SSL_set_post_handshake_auth wolfSSL_set_post_handshake_auth
+#define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth
+#define SSL_pending wolfSSL_pending
+#define SSL_load_error_strings wolfSSL_load_error_strings
+#define SSL_library_init wolfSSL_library_init
+#define OPENSSL_init_ssl wolfSSL_OPENSSL_init_ssl
+#define OpenSSL_add_ssl_algorithms wolfSSL_library_init
+#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode
+#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list
+#define SSL_CTX_set_ciphersuites wolfSSL_CTX_set_cipher_list
+#define SSL_set_cipher_list wolfSSL_set_cipher_list
+/* wolfSSL does not support security levels */
+#define SSL_CTX_set_security_level wolfSSL_CTX_set_security_level
+#define SSL_CTX_get_security_level wolfSSL_CTX_get_security_level
+/* wolfSSL does not support exporting keying material */
+#define SSL_export_keying_material wolfSSL_export_keying_material
+
+#define SSL_CTX_set1_sigalgs_list wolfSSL_CTX_set1_sigalgs_list
+#define SSL_set1_sigalgs_list wolfSSL_set1_sigalgs_list
+#define SSL_get_signature_nid wolfSSL_get_signature_nid
+
+#define SSL_CTX_set1_groups wolfSSL_CTX_set1_groups
+#define SSL_set1_groups wolfSSL_set1_groups
+
+#define SSL_CTX_set1_groups_list wolfSSL_CTX_set1_groups_list
+#define SSL_set1_groups_list wolfSSL_set1_groups_list
+
+#define SSL_set_ex_data wolfSSL_set_ex_data
+#define SSL_get_shutdown wolfSSL_get_shutdown
+#define SSL_get_finished wolfSSL_get_finished
+#define SSL_get_peer_finished wolfSSL_get_peer_finished
+#define SSL_set_rfd wolfSSL_set_rfd
+#define SSL_set_wfd wolfSSL_set_wfd
+#define SSL_set_shutdown wolfSSL_set_shutdown
+#define SSL_set_session_id_context wolfSSL_set_session_id_context
+#define SSL_set_connect_state wolfSSL_set_connect_state
+#define SSL_set_accept_state wolfSSL_set_accept_state
+#define SSL_session_reused wolfSSL_session_reused
+#define SSL_SESSION_up_ref wolfSSL_SESSION_up_ref
+#define SSL_SESSION_dup wolfSSL_SESSION_dup
+#define SSL_SESSION_free wolfSSL_SESSION_free
+#define SSL_SESSION_set_cipher wolfSSL_SESSION_set_cipher
+#define SSL_is_init_finished wolfSSL_is_init_finished
+
+#define SSL_get_version wolfSSL_get_version
+#define SSL_get_current_cipher wolfSSL_get_current_cipher
+
+/* use wolfSSL_get_cipher_name for its return format */
+#define SSL_get_cipher wolfSSL_get_cipher_name
+#define SSL_CIPHER_description wolfSSL_CIPHER_description
+#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name
+#define SSL_CIPHER_get_version wolfSSL_CIPHER_get_version
+#define SSL_CIPHER_get_id wolfSSL_CIPHER_get_id
+#define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_name
+#define SSL_CIPHER_standard_name wolfSSL_CIPHER_get_name
+#define SSL_get_cipher_by_value wolfSSL_get_cipher_by_value
+
+#define SSL_get1_session wolfSSL_get1_session
+
+#define SSL_get_keyblock_size wolfSSL_get_keyblock_size
+#define SSL_get_keys wolfSSL_get_keys
+#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key
+#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
+
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+ #define SSL_MODE_RELEASE_BUFFERS 0x00000010U
+ #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN
+ #define X509_get_ext wolfSSL_X509_get_ext
+ #define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ
+ #define X509_cmp wolfSSL_X509_cmp
+ #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
+ #define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical
+ #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
+ #define X509_EXTENSION_new wolfSSL_X509_EXTENSION_new
+ #define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free
+ #define X509_gmtime_adj wolfSSL_X509_gmtime_adj
+#endif
+
+#define DSA_dup_DH wolfSSL_DSA_dup_DH
+/* wolfSSL does not support DSA as the cert public key */
+#define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA
+#define EVP_PKEY_param_check wolfSSL_EVP_PKEY_param_check
+#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free
+#define DSA_bits wolfSSL_DSA_bits
+
+#define i2d_X509_bio wolfSSL_i2d_X509_bio
+#define i2d_X509_REQ_bio wolfSSL_i2d_X509_REQ_bio
+#define d2i_X509_bio wolfSSL_d2i_X509_bio
+#define d2i_X509_REQ_bio wolfSSL_d2i_X509_REQ_bio
+#define d2i_X509_fp wolfSSL_d2i_X509_fp
+#define i2d_X509 wolfSSL_i2d_X509
+#define d2i_X509 wolfSSL_d2i_X509
+#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
+#define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ
+#define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL
+#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX
+#define PEM_read_X509 wolfSSL_PEM_read_X509
+#define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio
+#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
+#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX
+#define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio
+#define i2d_PrivateKey wolfSSL_i2d_PrivateKey
+
+#define i2d_X509_REQ wolfSSL_i2d_X509_REQ
+#define d2i_X509_REQ wolfSSL_d2i_X509_REQ
+#define X509_REQ_new wolfSSL_X509_REQ_new
+#define X509_REQ_free wolfSSL_X509_REQ_free
+#define X509_REQ_sign wolfSSL_X509_REQ_sign
+#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx
+#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions
+#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID
+#define X509_REQ_add1_attr_by_txt wolfSSL_X509_REQ_add1_attr_by_txt
+#define X509_REQ_get_attr_by_NID wolfSSL_X509_REQ_get_attr_by_NID
+#define X509_REQ_get_attr wolfSSL_X509_REQ_get_attr
+#define X509_ATTRIBUTE_get0_type wolfSSL_X509_ATTRIBUTE_get0_type
+#define X509_to_X509_REQ wolfSSL_X509_to_X509_REQ
+#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name
+#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey
+#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ
+
+#define X509_new wolfSSL_X509_new
+#define X509_up_ref wolfSSL_X509_up_ref
+#define X509_free wolfSSL_X509_free
+#define X509_load_certificate_file wolfSSL_X509_load_certificate_file
+#define X509_digest wolfSSL_X509_digest
+#define X509_pubkey_digest wolfSSL_X509_pubkey_digest
+#define X509_get_ext_count wolfSSL_X509_get_ext_count
+#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
+#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
+#define X509_get0_extensions wolfSSL_X509_get0_extensions
+#define X509_get_extensions wolfSSL_X509_get0_extensions
+#define X509_REQ_get_extensions wolfSSL_X509_REQ_get_extensions
+#define X509_get_ext wolfSSL_X509_get_ext
+#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
+#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
+#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
+#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
+#define X509_get_subject_name wolfSSL_X509_get_subject_name
+#define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name
+#define X509_get_pubkey wolfSSL_X509_get_pubkey
+#define X509_get0_pubkey wolfSSL_X509_get_pubkey
+#define X509_REQ_get_pubkey wolfSSL_X509_get_pubkey
+#define X509_get_notBefore wolfSSL_X509_get_notBefore
+#define X509_get0_notBefore wolfSSL_X509_get_notBefore
+#define X509_getm_notBefore wolfSSL_X509_get_notBefore
+#define X509_get_notAfter wolfSSL_X509_get_notAfter
+#define X509_get0_notAfter wolfSSL_X509_get_notAfter
+#define X509_getm_notAfter wolfSSL_X509_get_notAfter
+#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
+#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
+#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
+#define X509_get_ex_data wolfSSL_X509_get_ex_data
+#define X509_set_ex_data wolfSSL_X509_set_ex_data
+#define X509_get1_ocsp wolfSSL_X509_get1_ocsp
+#ifndef WOLFSSL_HAPROXY
+#define X509_get_version wolfSSL_X509_get_version
+#endif
+#define X509_get_signature_nid wolfSSL_X509_get_signature_nid
+#define X509_set_subject_name wolfSSL_X509_set_subject_name
+#define X509_set_issuer_name wolfSSL_X509_set_issuer_name
+#define X509_set_pubkey wolfSSL_X509_set_pubkey
+#define X509_set_notAfter wolfSSL_X509_set_notAfter
+#define X509_set_notBefore wolfSSL_X509_set_notBefore
+#define X509_set_serialNumber wolfSSL_X509_set_serialNumber
+#define X509_set_version wolfSSL_X509_set_version
+#define X509_REQ_set_version wolfSSL_X509_set_version
+#define X509_sign wolfSSL_X509_sign
+#define X509_sign_ctx wolfSSL_X509_sign_ctx
+#define X509_print wolfSSL_X509_print
+#define X509_REQ_print wolfSSL_X509_print
+#define X509_print_ex wolfSSL_X509_print_ex
+#define X509_print_fp wolfSSL_X509_print_fp
+#define X509_REQ_print_fp wolfSSL_X509_print_fp
+#define X509_signature_print wolfSSL_X509_signature_print
+#define X509_get0_signature wolfSSL_X509_get0_signature
+#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string
+#define X509_verify_cert wolfSSL_X509_verify_cert
+#define X509_verify wolfSSL_X509_verify
+#define X509_REQ_verify wolfSSL_X509_REQ_verify
+#define X509_check_private_key wolfSSL_X509_check_private_key
+#define X509_REQ_check_private_key wolfSSL_X509_check_private_key
+#define X509_check_ca wolfSSL_X509_check_ca
+#define X509_check_host wolfSSL_X509_check_host
+#define X509_check_email wolfSSL_X509_check_email
+#define X509_check_ip_asc wolfSSL_X509_check_ip_asc
+#define X509_email_free wolfSSL_X509_email_free
+#define X509_check_issued wolfSSL_X509_check_issued
+#define X509_dup wolfSSL_X509_dup
+#define X509_add_ext wolfSSL_X509_add_ext
+#define X509_delete_ext wolfSSL_X509_delete_ext
+
+#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
+#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
+
+#define sk_X509_new wolfSSL_sk_X509_new
+#define sk_X509_new_null wolfSSL_sk_X509_new
+#define sk_X509_num wolfSSL_sk_X509_num
+#define sk_X509_value wolfSSL_sk_X509_value
+#define sk_X509_shift wolfSSL_sk_X509_shift
+#define sk_X509_push wolfSSL_sk_X509_push
+#define sk_X509_pop wolfSSL_sk_X509_pop
+#define sk_X509_pop_free wolfSSL_sk_X509_pop_free
+#define sk_X509_dup wolfSSL_sk_dup
+#define sk_X509_free wolfSSL_sk_X509_free
+
+#define sk_X509_EXTENSION_num wolfSSL_sk_X509_EXTENSION_num
+#define sk_X509_EXTENSION_value wolfSSL_sk_X509_EXTENSION_value
+#define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null
+#define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free
+#define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push
+
+#define X509_INFO_new wolfSSL_X509_INFO_new
+#define X509_INFO_free wolfSSL_X509_INFO_free
+
+#define sk_X509_INFO_new_null wolfSSL_sk_X509_INFO_new_null
+#define sk_X509_INFO_num wolfSSL_sk_X509_INFO_num
+#define sk_X509_INFO_value wolfSSL_sk_X509_INFO_value
+#define sk_X509_INFO_push wolfSSL_sk_X509_INFO_push
+#define sk_X509_INFO_pop wolfSSL_sk_X509_INFO_pop
+#define sk_X509_INFO_pop_free wolfSSL_sk_X509_INFO_pop_free
+#define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free
+#define sk_X509_INFO_shift wolfSSL_sk_X509_INFO_pop
+
+#define i2d_X509_NAME wolfSSL_i2d_X509_NAME
+#define d2i_X509_NAME wolfSSL_d2i_X509_NAME
+#define X509_NAME_new wolfSSL_X509_NAME_new
+#define X509_NAME_free wolfSSL_X509_NAME_free
+#define X509_NAME_dup wolfSSL_X509_NAME_dup
+#define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID
+#define X509_NAME_get_index_by_OBJ wolfSSL_X509_NAME_get_index_by_OBJ
+#define X509_NAME_cmp wolfSSL_X509_NAME_cmp
+#define X509_NAME_ENTRY_new wolfSSL_X509_NAME_ENTRY_new
+#define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free
+#define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID
+#define X509_NAME_ENTRY_create_by_txt wolfSSL_X509_NAME_ENTRY_create_by_txt
+#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry
+#define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt
+#define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID
+#define X509_NAME_delete_entry wolfSSL_X509_NAME_delete_entry
+#define X509_NAME_oneline wolfSSL_X509_NAME_oneline
+#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID
+#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
+#define X509_NAME_print_ex_fp wolfSSL_X509_NAME_print_ex_fp
+#define X509_NAME_digest wolfSSL_X509_NAME_digest
+#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
+#define X509_cmp_time wolfSSL_X509_cmp_time
+#define X509_time_adj wolfSSL_X509_time_adj
+#define X509_time_adj_ex wolfSSL_X509_time_adj_ex
+
+#define sk_ACCESS_DESCRIPTION_num wolfSSL_sk_ACCESS_DESCRIPTION_num
+#define sk_ACCESS_DESCRIPTION_value wolfSSL_sk_ACCESS_DESCRIPTION_value
+
+#define sk_X509_NAME_new wolfSSL_sk_X509_NAME_new
+#define sk_X509_NAME_push wolfSSL_sk_X509_NAME_push
+#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find
+#define sk_X509_NAME_set_cmp_func wolfSSL_sk_X509_NAME_set_cmp_func
+#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num
+#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value
+#define sk_X509_NAME_pop wolfSSL_sk_X509_NAME_pop
+#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free
+#define sk_X509_NAME_free wolfSSL_sk_X509_NAME_free
+
+typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
+
+#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
+#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
+#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry
+#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data
+#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
+
+#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK
+#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
+
+#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
+#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME
+#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS
+
+#define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT
+#define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE
+#define X509_VP_FLAG_RESET_FLAGS WOLFSSL_VPARAM_RESET_FLAGS
+#define X509_VP_FLAG_LOCKED WOLFSSL_VPARAM_LOCKED
+#define X509_VP_FLAG_ONCE WOLFSSL_VPARAM_ONCE
+
+#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
+#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
+#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new
+#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
+#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain
+#define X509_STORE_CTX_get0_chain wolfSSL_X509_STORE_CTX_get_chain
+#define X509_STORE_CTX_get1_chain wolfSSL_X509_STORE_CTX_get1_chain
+#define X509_STORE_CTX_get0_parent_ctx wolfSSL_X509_STORE_CTX_get0_parent_ctx
+#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
+#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
+#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
+#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup
+#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error
+#define X509_STORE_CTX_set_error_depth wolfSSL_X509_STORE_CTX_set_error_depth
+#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data
+#define X509_STORE_CTX_set_ex_data wolfSSL_X509_STORE_CTX_set_ex_data
+#define X509_STORE_CTX_set_depth wolfSSL_X509_STORE_CTX_set_depth
+#define X509_STORE_CTX_verify_cb WOLFSSL_X509_STORE_CTX_verify_cb
+#define X509_STORE_CTX_get0_current_issuer \
+ wolfSSL_X509_STORE_CTX_get0_current_issuer
+#define X509_STORE_CTX_get0_store wolfSSL_X509_STORE_CTX_get0_store
+#define X509_STORE_CTX_get0_cert wolfSSL_X509_STORE_CTX_get0_cert
+#define X509_STORE_CTX_trusted_stack wolfSSL_X509_STORE_CTX_trusted_stack
+
+#define X509_STORE_set_verify_cb(s, c) \
+wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c))
+#define X509_STORE_set_verify_cb_func(s, c) \
+wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c))
+
+
+#define X509_STORE_new wolfSSL_X509_STORE_new
+#define X509_STORE_free wolfSSL_X509_STORE_free
+#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
+#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert
+#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl
+#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
+#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs
+#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
+#define X509_STORE_set_ex_data wolfSSL_X509_STORE_set_ex_data
+#define X509_STORE_get_ex_data wolfSSL_X509_STORE_get_ex_data
+#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer
+#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time
+#define X509_VERIFY_PARAM_new wolfSSL_X509_VERIFY_PARAM_new
+#define X509_VERIFY_PARAM_free wolfSSL_X509_VERIFY_PARAM_free
+#define X509_VERIFY_PARAM_set_flags wolfSSL_X509_VERIFY_PARAM_set_flags
+#define X509_VERIFY_PARAM_get_flags wolfSSL_X509_VERIFY_PARAM_get_flags
+#define X509_VERIFY_PARAM_clear_flags wolfSSL_X509_VERIFY_PARAM_clear_flags
+#define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags
+#define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host
+#define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
+#define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1
+#define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations
+
+#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
+#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file
+#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir
+#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file
+#define X509_LOOKUP_ctrl wolfSSL_X509_LOOKUP_ctrl
+
+#define d2i_X509_CRL wolfSSL_d2i_X509_CRL
+#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp
+#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL
+
+#define X509_CRL_free wolfSSL_X509_CRL_free
+#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
+#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
+#define X509_CRL_verify wolfSSL_X509_CRL_verify
+#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
+#define X509_load_crl_file wolfSSL_X509_load_crl_file
+
+#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
+#define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
+#define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg
+#define X509_PUBKEY_get0_param wolfSSL_X509_PUBKEY_get0_param
+#define X509_PUBKEY_get wolfSSL_X509_PUBKEY_get
+#define X509_PUBKEY_set wolfSSL_X509_PUBKEY_set
+#define X509_ALGOR_get0 wolfSSL_X509_ALGOR_get0
+#define X509_ALGOR_set0 wolfSSL_X509_ALGOR_set0
+
+#define X509_ALGOR_new wolfSSL_X509_ALGOR_new
+#define X509_ALGOR_free wolfSSL_X509_ALGOR_free
+#define X509_PUBKEY_new wolfSSL_X509_PUBKEY_new
+#define X509_PUBKEY_free wolfSSL_X509_PUBKEY_free
+
+#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num
+#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
+
+#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
+
+#define X509_check_purpose(...) 0
+
+#define OCSP_parse_url wolfSSL_OCSP_parse_url
+
+#define MD4_Init wolfSSL_MD4_Init
+#define MD4_Update wolfSSL_MD4_Update
+#define MD4_Final wolfSSL_MD4_Final
+
+#define BIO_new wolfSSL_BIO_new
+#define BIO_free wolfSSL_BIO_free
+#define BIO_vfree wolfSSL_BIO_vfree
+#define BIO_free_all wolfSSL_BIO_free_all
+#define BIO_nread0 wolfSSL_BIO_nread0
+#define BIO_nread wolfSSL_BIO_nread
+#define BIO_read wolfSSL_BIO_read
+#define BIO_nwrite0 wolfSSL_BIO_nwrite0
+#define BIO_nwrite wolfSSL_BIO_nwrite
+#define BIO_write wolfSSL_BIO_write
+#define BIO_push wolfSSL_BIO_push
+#define BIO_pop wolfSSL_BIO_pop
+#define BIO_flush wolfSSL_BIO_flush
+#define BIO_pending wolfSSL_BIO_pending
+
+#define BIO_get_mem_data wolfSSL_BIO_get_mem_data
+#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf
+
+#define BIO_f_buffer wolfSSL_BIO_f_buffer
+#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size
+#define BIO_f_ssl wolfSSL_BIO_f_ssl
+#define BIO_new_socket wolfSSL_BIO_new_socket
+#define BIO_new_connect wolfSSL_BIO_new_connect
+#define BIO_set_conn_port wolfSSL_BIO_set_conn_port
+#define BIO_do_connect wolfSSL_BIO_do_connect
+#define BIO_do_handshake wolfSSL_BIO_do_handshake
+#define SSL_set_bio wolfSSL_set_bio
+#define BIO_set_ssl wolfSSL_BIO_set_ssl
+#define BIO_eof wolfSSL_BIO_eof
+#define BIO_set_ss wolfSSL_BIO_set_ss
+
+#define BIO_f_md wolfSSL_BIO_f_md
+#define BIO_get_md_ctx wolfSSL_BIO_get_md_ctx
+#define BIO_s_mem wolfSSL_BIO_s_mem
+#define BIO_f_base64 wolfSSL_BIO_f_base64
+#define BIO_set_flags wolfSSL_BIO_set_flags
+#define BIO_set_nbio wolfSSL_BIO_set_nbio
+
+#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms
+#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms
+
+#define RAND_screen wolfSSL_RAND_screen
+#define RAND_file_name wolfSSL_RAND_file_name
+#define RAND_write_file wolfSSL_RAND_write_file
+#define RAND_load_file wolfSSL_RAND_load_file
+#define RAND_egd wolfSSL_RAND_egd
+#define RAND_seed wolfSSL_RAND_seed
+#define RAND_cleanup wolfSSL_RAND_Cleanup
+#define RAND_add wolfSSL_RAND_add
+#define RAND_poll wolfSSL_RAND_poll
+#define RAND_status wolfSSL_RAND_status
+#define RAND_bytes wolfSSL_RAND_bytes
+#define RAND_pseudo_bytes wolfSSL_RAND_pseudo_bytes
+
+#define COMP_zlib wolfSSL_COMP_zlib
+#define COMP_rle wolfSSL_COMP_rle
+#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
+
+#define SSL_get_ex_new_index wolfSSL_get_ex_new_index
+#define RSA_get_ex_new_index wolfSSL_get_ex_new_index
+
+#define ASN1_BIT_STRING_new wolfSSL_ASN1_BIT_STRING_new
+#define ASN1_BIT_STRING_free wolfSSL_ASN1_BIT_STRING_free
+#define ASN1_BIT_STRING_get_bit wolfSSL_ASN1_BIT_STRING_get_bit
+#define ASN1_BIT_STRING_set_bit wolfSSL_ASN1_BIT_STRING_set_bit
+
+#define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free
+
+#define ASN1_TIME_new wolfSSL_ASN1_TIME_new
+#define ASN1_UTCTIME_new wolfSSL_ASN1_TIME_new
+#define ASN1_TIME_free wolfSSL_ASN1_TIME_free
+#define ASN1_UTCTIME_free wolfSSL_ASN1_TIME_free
+#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj
+#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
+#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime
+#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
+#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string
+#define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string
+#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print
+#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free
+
+#define ASN1_tag2str wolfSSL_ASN1_tag2str
+
+#define a2i_ASN1_INTEGER wolfSSL_a2i_ASN1_INTEGER
+#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER
+#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER
+#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new
+#define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free
+#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
+#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
+#define ASN1_INTEGER_set wolfSSL_ASN1_INTEGER_set
+#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
+
+#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT
+#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
+
+#define ASN1_STRING_new wolfSSL_ASN1_STRING_new
+#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
+#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp
+#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
+#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data
+#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
+#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
+#define ASN1_UNIVERSALSTRING_to_string wolfSSL_ASN1_UNIVERSALSTRING_to_string
+#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex
+#define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
+#define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT
+#ifndef NO_WOLFSSL_STUB
+#define ASN1_STRING_set_default_mask_asc(...) 1
+#endif
+
+#define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING
+
+#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr
+
+#define ASN1_IA5STRING WOLFSSL_ASN1_STRING
+
+#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING
+#define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN
+
+#define SSL_load_client_CA_file wolfSSL_load_client_CA_file
+
+#define SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list
+#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list
+#define SSL_CTX_set_client_cert_cb wolfSSL_CTX_set_client_cert_cb
+#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store
+#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
+#define SSL_get_client_CA_list wolfSSL_get_client_CA_list
+#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data wolfSSL_get_ex_data
+
+#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
+#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
+
+#define SSL_CTX_set_timeout(ctx, to) \
+ wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
+#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
+#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos
+
+#define SSL_CTX_keylog_cb_func wolfSSL_CTX_keylog_cb_func
+#define SSL_CTX_set_keylog_callback wolfSSL_CTX_set_keylog_callback
+#define SSL_CTX_get_keylog_callback wolfSSL_CTX_get_keylog_callback
+
+#define SSL_alert_type_string wolfSSL_alert_type_string
+#define SSL_alert_desc_string wolfSSL_alert_desc_string
+#define SSL_state_string wolfSSL_state_string
+
+#define RSA_free wolfSSL_RSA_free
+#define RSA_generate_key wolfSSL_RSA_generate_key
+#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
+#define RSA_print wolfSSL_RSA_print
+#define RSA_bits wolfSSL_RSA_bits
+#define RSA_up_ref wolfSSL_RSA_up_ref
+#define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS
+#define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS
+
+#define PEM_def_callback wolfSSL_PEM_def_callback
+
+#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept
+#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect
+#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good
+#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good
+#define SSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate
+#define SSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate
+#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits
+#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits
+#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full
+#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses
+#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts
+#define SSL_CTX_sess_number wolfSSL_CTX_sess_number
+#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size
+
+
+#define SSL_DEFAULT_CIPHER_LIST WOLFSSL_DEFAULT_CIPHER_LIST
+
+#define SSL_CTX_set_psk_client_callback wolfSSL_CTX_set_psk_client_callback
+#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback
+
+#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint
+#define SSL_get_psk_identity wolfSSL_get_psk_identity
+
+#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint
+#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint
+
+#define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback
+#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback
+
+/* system file ints for ERR_put_error */
+#define SYS_F_ACCEPT WOLFSSL_SYS_ACCEPT
+#define SYS_F_BIND WOLFSSL_SYS_BIND
+#define SYS_F_CONNECT WOLFSSL_SYS_CONNECT
+#define SYS_F_FOPEN WOLFSSL_SYS_FOPEN
+#define SYS_F_FREAD WOLFSSL_SYS_FREAD
+#define SYS_F_GETADDRINFO WOLFSSL_SYS_GETADDRINFO
+#define SYS_F_GETSOCKOPT WOLFSSL_SYS_GETSOCKOPT
+#define SYS_F_GETSOCKNAME WOLFSSL_SYS_GETSOCKNAME
+#define SYS_F_OPENDIR WOLFSSL_SYS_OPENDIR
+#define SYS_F_SETSOCKOPT WOLFSSL_SYS_SETSOCKOPT
+#define SYS_F_SOCKET WOLFSSL_SYS_SOCKET
+#define SYS_F_GETHOSTBYNAME WOLFSSL_SYS_GETHOSTBYNAME
+#define SYS_F_GETNAMEINFO WOLFSSL_SYS_GETNAMEINFO
+#define SYS_F_GETSERVBYNAME WOLFSSL_SYS_GETSERVBYNAME
+#define SYS_F_IOCTLSOCKET WOLFSSL_SYS_IOCTLSOCKET
+#define SYS_F_LISTEN WOLFSSL_SYS_LISTEN
+
+#define ERR_GET_LIB wolfSSL_ERR_GET_LIB
+#define ERR_GET_REASON wolfSSL_ERR_GET_REASON
+
+#define ERR_put_error wolfSSL_ERR_put_error
+#define ERR_peek_error wolfSSL_ERR_peek_error
+#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp
+#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data
+#define ERR_peek_last_error wolfSSL_ERR_peek_last_error
+#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line
+#define ERR_get_error_line wolfSSL_ERR_get_error_line
+#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data
+#define ERR_get_error wolfSSL_ERR_get_error
+#define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file))
+#define ERR_print_errors_cb wolfSSL_ERR_print_errors_cb
+#define ERR_print_errors wolfSSL_ERR_print_errors
+#define ERR_clear_error wolfSSL_ERR_clear_error
+#define ERR_free_strings wolfSSL_ERR_free_strings
+#define ERR_remove_state wolfSSL_ERR_remove_state
+#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state
+#define ERR_error_string wolfSSL_ERR_error_string
+#define ERR_error_string_n wolfSSL_ERR_error_string_n
+#define ERR_reason_error_string wolfSSL_ERR_reason_error_string
+#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings
+
+#ifndef WOLFCRYPT_ONLY
+#define PEMerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_PEM, \
+ (func), (reason), __FILE__, __LINE__)
+#else
+#define PEMerr(func, reason) WOLFSSL_ERROR_LINE((reason), \
+ NULL, __LINE__, __FILE__, NULL)
+#endif
+#ifndef WOLFCRYPT_ONLY
+#define EVPerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_EVP, \
+ (func), (reason), __FILE__, __LINE__)
+#else
+#define EVPerr(func, reason) WOLFSSL_ERROR_LINE((reason), \
+ NULL, __LINE__, __FILE__, NULL)
+#endif
+
+#define SSLv23_server_method wolfSSLv23_server_method
+#define SSL_CTX_set_options wolfSSL_CTX_set_options
+#define SSL_CTX_get_options wolfSSL_CTX_get_options
+#define SSL_CTX_clear_options wolfSSL_CTX_clear_options
+
+#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key
+#define SSL_check_private_key wolfSSL_check_private_key
+
+#define SSL_CTX_set_mode wolfSSL_CTX_set_mode
+#define SSL_CTX_get_mode wolfSSL_CTX_get_mode
+#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead
+
+#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size
+#define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
+
+#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context
+#define SSL_get_peer_certificate wolfSSL_get_peer_certificate
+#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain
+
+#define SSL_want wolfSSL_want
+#define SSL_want_read wolfSSL_want_read
+#define SSL_want_write wolfSSL_want_write
+
+#define BIO_prf wolfSSL_BIO_prf
+
+#define sk_num wolfSSL_sk_num
+#define sk_ASN1_OBJECT_num wolfSSL_sk_num
+#define OPENSSL_sk_num wolfSSL_sk_num
+#define sk_value wolfSSL_sk_value
+#define sk_ASN1_OBJECT_value wolfSSL_sk_value
+#define OPENSSL_sk_value wolfSSL_sk_value
+
+#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio
+#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
+#define i2d_PKCS12_bio wolfSSL_i2d_PKCS12_bio
+
+#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey
+#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey
+#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey
+#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey
+
+#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data
+#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data
+#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb
+#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb
+#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb
+
+#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION
+#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION
+#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout
+#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout
+#define SSL_SESSION_get_time wolfSSL_SESSION_get_time
+
+#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index
+#define PEM_read wolfSSL_PEM_read
+#define PEM_write wolfSSL_PEM_write
+#define PEM_get_EVP_CIPHER_INFO wolfSSL_PEM_get_EVP_CIPHER_INFO
+#define PEM_do_header wolfSSL_PEM_do_header
+
+/*#if OPENSSL_API_COMPAT < 0x10100000L*/
+#define CONF_modules_free()
+#define ENGINE_cleanup()
+#define SSL_CTX_need_tmp_RSA(ctx) 0
+#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
+#define SSL_need_tmp_RSA(ssl) 0
+#define SSL_set_tmp_rsa(ssl,rsa) 1
+/*#endif*/
+
+#define CONF_modules_unload(a)
+#define CONF_get1_default_config_file wolfSSL_CONF_get1_default_config_file
+
+#define SSL_get_hit wolfSSL_session_reused
+
+/* yassl had set the default to be 500 */
+#define SSL_get_default_timeout(ctx) 500
+
+#define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft))
+#define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout
+#define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration
+
+#ifndef NO_WOLFSSL_STUB
+#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)ssl; (void)cb; })
+#endif
+
+#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
+#define SSL_CTX_add1_chain_cert wolfSSL_CTX_add1_chain_cert
+#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
+#define BIO_read_filename wolfSSL_BIO_read_filename
+#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
+#define SSL_set_verify_depth wolfSSL_set_verify_depth
+#define SSL_get_app_data wolfSSL_get_app_data
+#define SSL_set_app_data wolfSSL_set_app_data
+#define SHA1 wolfSSL_SHA1
+
+#define SSL_dup_CA_list wolfSSL_dup_CA_list
+
+#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find
+
+#define DHparams_dup wolfSSL_DH_dup
+#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
+#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
+#define SSL_get_rbio wolfSSL_SSL_get_rbio
+#define SSL_get_wbio wolfSSL_SSL_get_wbio
+#define SSL_do_handshake wolfSSL_SSL_do_handshake
+#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x)
+#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
+#define SSL_get_cipher_bits(s,np) \
+ wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num
+#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
+#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
+#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */
+#define sk_SSL_CIPHER_dup wolfSSL_sk_dup
+#define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free
+#define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
+ || defined(WOLFSSL_NGINX)
+#include <wolfssl/openssl/pem.h>
+
+#define SSL_CTRL_CHAIN 88
+#define ERR_LIB_SSL 20
+#define SSL_R_SHORT_READ 10
+#define ERR_R_PEM_LIB 9
+#define SSL_CTRL_MODE 33
+
+#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+
+#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
+#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio
+#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey
+#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio
+#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair
+#define SSL_get_verify_callback wolfSSL_get_verify_callback
+
+#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+
+#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1
+#define SSL_CTX_set0_chain(ctx,sk) \
+ wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
+#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0)
+#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \
+ (char *)(arg))
+#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */
+
+#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
+
+#define TLSEXT_STATUSTYPE_ocsp 1
+
+#define SSL_set_options wolfSSL_set_options
+#define SSL_get_options wolfSSL_get_options
+#define SSL_clear_options wolfSSL_clear_options
+#define SSL_set_tmp_dh wolfSSL_set_tmp_dh
+#define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations
+#define SSL_total_renegotiations wolfSSL_total_renegotiations
+#define SSL_num_renegotiations wolfSSL_num_renegotiations
+#define SSL_renegotiate wolfSSL_Rehandshake
+#define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support
+#define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending
+#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg
+#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type
+#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts
+#define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids
+#define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids
+#define SSL_get_tlsext_status_ocsp_res wolfSSL_get_tlsext_status_ocsp_resp
+#define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp
+#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp
+#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp
+
+#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert
+#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead
+#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead
+#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg
+#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \
+ wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg
+#define SSL_get_server_random wolfSSL_get_server_random
+#define SSL_get_server_tmp_key wolfSSL_get_server_tmp_key
+
+#define SSL_CTX_set_min_proto_version wolfSSL_CTX_set_min_proto_version
+#define SSL_CTX_set_max_proto_version wolfSSL_CTX_set_max_proto_version
+#define SSL_CTX_get_min_proto_version wolfSSL_CTX_get_min_proto_version
+
+#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts
+
+#define SSL_CTX_get_tlsext_ticket_keys wolfSSL_CTX_get_tlsext_ticket_keys
+#define SSL_CTX_set_tlsext_ticket_keys wolfSSL_CTX_set_tlsext_ticket_keys
+
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
+#define SSL_CTRL_SET_TMP_DH 3
+#define SSL_CTRL_SET_TMP_ECDH 4
+#define SSL_CTRL_SET_SESS_CACHE_MODE 44
+#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
+#define SSL_CTRL_SET_GROUPS 91
+#define SSL_CTRL_GET_PEER_TMP_KEY 109
+#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
+#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
+#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS
+
+#define SSL_CTRL_EXTRA_CHAIN_CERT 14
+#define SSL_CTRL_OPTIONS 32
+
+#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
+#define SSL_CTRL_GET_READ_AHEAD 40
+#define SSL_CTRL_SET_READ_AHEAD 41
+
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
+#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
+
+#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
+#define SSL_CTRL_GET_SESSION_REUSED 0
+
+#define SSL_ctrl wolfSSL_ctrl
+#define SSL_CTX_ctrl wolfSSL_CTX_ctrl
+#define SSL_CTX_callback_ctrl wolfSSL_CTX_callback_ctrl
+
+#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */
+
+#define SSL2_VERSION 0x0002
+#define SSL3_VERSION 0x0300
+#define TLS1_VERSION 0x0301
+#define TLS1_1_VERSION 0x0302
+#define TLS1_2_VERSION 0x0303
+#define TLS1_3_VERSION 0x0304
+#define DTLS1_VERSION 0xFEFF
+#define DTLS1_2_VERSION 0xFEFD
+
+#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L
+#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L
+
+#define CRYPTO_EX_INDEX_SSL 0
+#define TLS_ANY_VERSION 0x10000
+#define DTLS1_2_VERSION 0xFEFD
+#define DTLS_MAX_VERSION DTLS1_2_VERSION
+
+/* apache and lighty use SSL_CONF_FLAG_FILE to enable conf support */
+#if !defined(WOLFSSL_APACHE_HTTPD) && !defined(HAVE_LIGHTY)
+#define SSL_CONF_FLAG_CMDLINE WOLFSSL_CONF_FLAG_CMDLINE
+#define SSL_CONF_FLAG_FILE WOLFSSL_CONF_FLAG_FILE
+#define SSL_CONF_FLAG_CERTIFICATE WOLFSSL_CONF_FLAG_CERTIFICATE
+#define SSL_CONF_TYPE_STRING WOLFSSL_CONF_TYPE_STRING
+#define SSL_CONF_TYPE_FILE WOLFSSL_CONF_TYPE_FILE
+#endif
+
+#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \
+ || defined(OPENSSL_ALL)
+#include <wolfssl/openssl/asn1.h>
+
+#define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000)
+#define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000)
+
+#define SSL3_AD_BAD_CERTIFICATE bad_certificate
+#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
+#define SSL_AD_UNRECOGNIZED_NAME unrecognized_name
+#define SSL_AD_NO_RENEGOTIATION no_renegotiation
+#define SSL_AD_INTERNAL_ERROR 80
+
+#define ASN1_STRFLGS_ESC_MSB 4
+
+#define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH
+
+#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long
+#define SSL_alert_type_string_long wolfSSL_alert_type_string_long
+#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits
+#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num
+#define SSL_CTX_get_options wolfSSL_CTX_get_options
+
+#define SSL_CTX_flush_sessions wolfSSL_flush_sessions
+#define SSL_CTX_add_session wolfSSL_CTX_add_session
+#define SSL_version(x) wolfSSL_version ((WOLFSSL*) (x))
+#define SSL_get_state wolfSSL_get_state
+#define SSL_state_string_long wolfSSL_state_string_long
+
+#define GENERAL_NAME_new wolfSSL_GENERAL_NAME_new
+#define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free
+#define sk_GENERAL_NAME_push wolfSSL_sk_GENERAL_NAME_push
+#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value
+#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data
+#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data
+#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index
+#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
+#define SSL_SESSION_print wolfSSL_SESSION_print
+#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free
+#define sk_GENERAL_NAME_free wolfSSL_sk_GENERAL_NAME_free
+#define sk_ASN1_OBJECT_pop_free wolfSSL_sk_ASN1_OBJECT_pop_free
+#define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free
+#define GENERAL_NAMES_free wolfSSL_GENERAL_NAMES_free
+
+#define AUTHORITY_INFO_ACCESS_free wolfSSL_AUTHORITY_INFO_ACCESS_free
+#define sk_ACCESS_DESCRIPTION_pop_free wolfSSL_sk_ACCESS_DESCRIPTION_pop_free
+#define sk_ACCESS_DESCRIPTION_free wolfSSL_sk_ACCESS_DESCRIPTION_free
+#define ACCESS_DESCRIPTION_free wolfSSL_ACCESS_DESCRIPTION_free
+
+#define SSL3_AL_FATAL 2
+#define SSL_TLSEXT_ERR_OK 0
+#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
+#define SSL_TLSEXT_ERR_ALERT_WARNING alert_warning
+#define SSL_TLSEXT_ERR_NOACK alert_warning
+#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME
+
+#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
+#define SSL_get_servername wolfSSL_get_servername
+#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX
+#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback
+#define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_tlsext_servername_callback
+#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg
+
+#define PSK_MAX_PSK_LEN 256
+#define PSK_MAX_IDENTITY_LEN 128
+#define SSL_CTX_clear_options wolfSSL_CTX_clear_options
+
+
+#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
+
+#ifndef NO_WOLFSSL_STUB
+#define b2i_PrivateKey_bio(...) NULL
+#define b2i_PVK_bio(...) NULL
+#endif
+
+#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb
+#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata
+
+#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback
+#define SSL_set_msg_callback wolfSSL_set_msg_callback
+#define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg
+#define SSL_set_msg_callback_arg wolfSSL_set_msg_callback_arg
+
+#define SSL_CTX_clear_extra_chain_certs wolfSSL_CTX_clear_extra_chain_certs
+
+
+/* Nginx uses this to determine if reached end of certs in file.
+ * PEM_read_bio_X509 is called and the return error is lost.
+ * The error that needs to be detected is: SSL_NO_PEM_HEADER.
+ */
+#define ERR_GET_FUNC(l) (int)((((unsigned long)l) >> 12L) & 0xfffL)
+
+#define PEM_F_PEM_DEF_CALLBACK 100
+
+/* Avoid wolfSSL error code range */
+#define PEM_R_NO_START_LINE (-MIN_CODE_E + 1)
+#define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2)
+#define PEM_R_BAD_PASSWORD_READ (-MIN_CODE_E + 3)
+#define PEM_R_BAD_DECRYPT (-MIN_CODE_E + 4)
+
+#define ERR_LIB_PEM 9
+#define ERR_LIB_X509 10
+#define ERR_LIB_EVP 11
+#define ERR_LIB_ASN1 12
+
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
+ defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
+
+#include <wolfssl/error-ssl.h>
+
+#define OPENSSL_STRING WOLFSSL_STRING
+#define OPENSSL_CSTRING WOLFSSL_STRING
+
+#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+
+#define OPENSSL_NPN_UNSUPPORTED 0
+#define OPENSSL_NPN_NEGOTIATED 1
+#define OPENSSL_NPN_NO_OVERLAP 2
+
+/* Nginx checks these to see if the error was a handshake error. */
+#define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR
+#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E
+#define SSL_R_DIGEST_CHECK_FAILED VERIFY_MAC_ERROR
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST SUITES_ERROR
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE BUFFER_ERROR
+#define SSL_R_LENGTH_MISMATCH LENGTH_ERROR
+#define SSL_R_NO_CIPHERS_SPECIFIED SUITES_ERROR
+#define SSL_R_NO_COMPRESSION_SPECIFIED COMPRESSION_ERROR
+#define SSL_R_NO_SHARED_CIPHER MATCH_SUITE_ERROR
+#define SSL_R_RECORD_LENGTH_MISMATCH HANDSHAKE_SIZE_ERROR
+#define SSL_R_UNEXPECTED_MESSAGE OUT_OF_ORDER_E
+#define SSL_R_UNEXPECTED_RECORD SANITY_MSG_E
+#define SSL_R_UNKNOWN_ALERT_TYPE BUFFER_ERROR
+#define SSL_R_UNKNOWN_PROTOCOL VERSION_ERROR
+#define SSL_R_WRONG_VERSION_NUMBER VERSION_ERROR
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ENCRYPT_ERROR
+#define SSL_R_HTTPS_PROXY_REQUEST PARSE_ERROR
+#define SSL_R_HTTP_REQUEST PARSE_ERROR
+#define SSL_R_UNSUPPORTED_PROTOCOL VERSION_ERROR
+#define SSL_R_CERTIFICATE_VERIFY_FAILED VERIFY_CERT_ERROR
+
+
+#ifdef HAVE_SESSION_TICKET
+#define SSL_OP_NO_TICKET SSL_OP_NO_TICKET
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
+#endif
+
+#define OPENSSL_config wolfSSL_OPENSSL_config
+#define OPENSSL_memdup wolfSSL_OPENSSL_memdup
+#define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse
+#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout
+#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh
+#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session
+#define SSL_get_rbio wolfSSL_SSL_get_rbio
+#define SSL_get_wbio wolfSSL_SSL_get_wbio
+#define SSL_do_handshake wolfSSL_SSL_do_handshake
+#define SSL_in_init wolfSSL_SSL_in_init
+#define SSL_in_connect_init wolfSSL_SSL_in_connect_init
+#define SSL_get0_session wolfSSL_SSL_get0_session
+#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
+#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb
+#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs
+#define sk_OPENSSL_STRING_num wolfSSL_sk_WOLFSSL_STRING_num
+#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value
+#define sk_OPENSSL_PSTRING_num wolfSSL_sk_WOLFSSL_STRING_num
+#define sk_OPENSSL_PSTRING_value (WOLFSSL_STRING*)wolfSSL_sk_WOLFSSL_STRING_value
+#define sk_OPENSSL_STRING_free wolfSSL_sk_free
+#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected
+#define SSL_select_next_proto wolfSSL_select_next_proto
+#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb
+#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb
+#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb
+#define SSL_set_alpn_protos wolfSSL_set_alpn_protos
+#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated
+#define SSL_is_server wolfSSL_is_server
+
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE ||
+ OPENSSL_ALL || HAVE_LIGHTY */
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
+#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list
+#define SSL_set1_curves_list wolfSSL_set1_curves_list
+#endif
+
+#ifdef OPENSSL_EXTRA
+#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA
+#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password
+#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username
+#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength
+#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
+#define SSL_get0_param wolfSSL_get0_param
+#define SSL_CTX_get0_param wolfSSL_CTX_get0_param
+#define SSL_CTX_set1_param wolfSSL_CTX_set1_param
+#define SSL_get_srp_username wolfSSL_get_srp_username
+
+#define ERR_NUM_ERRORS 16
+#define SN_pkcs9_emailAddress "Email"
+#define LN_pkcs9_emailAddress "emailAddress"
+#define NID_pkcs9_emailAddress 48
+#define OBJ_pkcs9_emailAddress 1L,2L,840L,113539L,1L,9L,1L
+
+#define SSL_get_rbio wolfSSL_SSL_get_rbio
+#define SSL_get_wbio wolfSSL_SSL_get_wbio
+#define SSL_do_handshake wolfSSL_SSL_do_handshake
+
+#if defined(WOLFSSL_EARLY_DATA)
+#define SSL_get_early_data_status wolfSSL_get_early_data_status
+#endif
+
+#endif /* OPENSSL_EXTRA */
+
+/* cipher suites for compatibility */
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
+#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
+#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
+
+#define X509_STORE_get0_objects wolfSSL_X509_STORE_get0_objects
+#define sk_X509_OBJECT_num wolfSSL_sk_X509_OBJECT_num
+#define sk_X509_OBJECT_value wolfSSL_sk_X509_OBJECT_value
+#define sk_X509_OBJECT_delete wolfSSL_sk_X509_OBJECT_delete
+#define X509_OBJECT_free wolfSSL_X509_OBJECT_free
+#define X509_OBJECT_get_type(x) 0
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define OpenSSL_version(x) wolfSSL_OpenSSL_version(x)
+#else
+#define OpenSSL_version(x) wolfSSL_OpenSSL_version()
+#endif
+
+#ifndef NO_WOLFSSL_STUB
+#define OBJ_create_objects(...)
+#endif
+
+#define SSL_set_psk_use_session_callback wolfSSL_set_psk_use_session_callback
+#define SSL_SESSION_is_resumable wolfSSL_SESSION_is_resumable
+typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
+
+#define SSL_CONF_CTX_new wolfSSL_CONF_CTX_new
+#define SSL_CONF_CTX_free wolfSSL_CONF_CTX_free
+#define SSL_CONF_CTX_set_ssl_ctx wolfSSL_CONF_CTX_set_ssl_ctx
+#define SSL_CONF_CTX_set_flags wolfSSL_CONF_CTX_set_flags
+#define SSL_CONF_CTX_finish wolfSSL_CONF_CTX_finish
+#define SSL_CONF_cmd wolfSSL_CONF_cmd
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* wolfSSL_openssl_h__ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ssl23.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ssl23.h
new file mode 100644
index 0000000..fc3ddfb
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ssl23.h
@@ -0,0 +1 @@
+/* ssl23.h for openssl */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/stack.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/stack.h
new file mode 100644
index 0000000..8040574
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/stack.h
@@ -0,0 +1,58 @@
+/* stack.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* stack.h for openSSL */
+
+#ifndef WOLFSSL_STACK_H_
+#define WOLFSSL_STACK_H_
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+typedef void (*wolfSSL_sk_freefunc)(void *);
+
+WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
+WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *);
+WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data);
+WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *));
+WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void);
+
+WOLFSSL_API int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher);
+WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_cipher(void);
+
+#define OPENSSL_sk_free wolfSSL_sk_free
+#define OPENSSL_sk_pop_free wolfSSL_sk_pop_free
+#define OPENSSL_sk_new_null wolfSSL_sk_new_null
+#define OPENSSL_sk_push wolfSSL_sk_push
+
+/* provides older OpenSSL API compatibility */
+#define sk_free OPENSSL_sk_free
+#define sk_pop_free OPENSSL_sk_pop_free
+#define sk_new_null OPENSSL_sk_new_null
+#define sk_push OPENSSL_sk_push
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/tls1.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/tls1.h
new file mode 100644
index 0000000..51923f6
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/tls1.h
@@ -0,0 +1,46 @@
+/* tls1.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_OPENSSL_TLS1_H_
+#define WOLFSSL_OPENSSL_TLS1_H_
+
+#ifndef TLS1_VERSION
+#define TLS1_VERSION 0x0301
+#endif
+
+#ifndef TLS1_1_VERSION
+#define TLS1_1_VERSION 0x0302
+#endif
+
+#ifndef TLS1_2_VERSION
+#define TLS1_2_VERSION 0x0303
+#endif
+
+#ifndef TLS1_3_VERSION
+#define TLS1_3_VERSION 0x0304
+#endif
+
+#ifndef TLS_MAX_VERSION
+#define TLS_MAX_VERSION TLS1_3_VERSION
+#endif
+
+#endif /* WOLFSSL_OPENSSL_TLS1_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/txt_db.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/txt_db.h
new file mode 100644
index 0000000..a745958
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/txt_db.h
@@ -0,0 +1,59 @@
+/* txt_db.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_TXT_DB_H_
+#define WOLFSSL_TXT_DB_H_
+
+#include <wolfssl/openssl/ssl.h>
+
+#define WOLFSSL_TXT_DB_MAX_FIELDS 10
+
+struct WOLFSSL_TXT_DB {
+ int num_fields;
+ WOLF_STACK_OF(WOLFSSL_STRING) *data;
+ long error;
+ long arg1;
+ long arg2;
+ wolf_sk_compare_cb comp[WOLFSSL_TXT_DB_MAX_FIELDS];
+ wolf_sk_hash_cb hash_fn[WOLFSSL_TXT_DB_MAX_FIELDS];
+};
+
+typedef struct WOLFSSL_TXT_DB WOLFSSL_TXT_DB;
+
+WOLFSSL_API WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num);
+WOLFSSL_API long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db);
+WOLFSSL_API int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row);
+WOLFSSL_API void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db);
+WOLFSSL_API int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field,
+ void* qual, wolf_sk_hash_cb hash, wolf_sk_compare_cb cmp);
+WOLFSSL_API WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db,
+ int idx, WOLFSSL_STRING *value);
+
+#define TXT_DB WOLFSSL_TXT_DB
+
+#define TXT_DB_read wolfSSL_TXT_DB_read
+#define TXT_DB_write wolfSSL_TXT_DB_write
+#define TXT_DB_insert wolfSSL_TXT_DB_insert
+#define TXT_DB_free wolfSSL_TXT_DB_free
+#define TXT_DB_create_index wolfSSL_TXT_DB_create_index
+#define TXT_DB_get_by_index wolfSSL_TXT_DB_get_by_index
+
+#endif /* WOLFSSL_TXT_DB_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/ui.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ui.h
new file mode 100644
index 0000000..a253930
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/ui.h
@@ -0,0 +1,2 @@
+/* ui.h for openssl */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509.h
new file mode 100644
index 0000000..bf7ae25
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509.h
@@ -0,0 +1,44 @@
+/* x509.h for openssl */
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/crypto.h>
+#include <wolfssl/openssl/dh.h>
+#include <wolfssl/openssl/ec.h>
+#include <wolfssl/openssl/ecdsa.h>
+#include <wolfssl/openssl/pkcs7.h>
+
+/* wolfSSL_X509_print_ex flags */
+#define X509_FLAG_COMPAT (0UL)
+#define X509_FLAG_NO_HEADER (1UL << 0)
+#define X509_FLAG_NO_VERSION (1UL << 1)
+#define X509_FLAG_NO_SERIAL (1UL << 2)
+#define X509_FLAG_NO_SIGNAME (1UL << 3)
+#define X509_FLAG_NO_ISSUER (1UL << 4)
+#define X509_FLAG_NO_VALIDITY (1UL << 5)
+#define X509_FLAG_NO_SUBJECT (1UL << 6)
+#define X509_FLAG_NO_PUBKEY (1UL << 7)
+#define X509_FLAG_NO_EXTENSIONS (1UL << 8)
+#define X509_FLAG_NO_SIGDUMP (1UL << 9)
+#define X509_FLAG_NO_AUX (1UL << 10)
+#define X509_FLAG_NO_ATTRIBUTES (1UL << 11)
+#define X509_FLAG_NO_IDS (1UL << 12)
+
+#define XN_FLAG_FN_SN 0
+#define XN_FLAG_ONELINE 0
+#define XN_FLAG_COMPAT 0
+#define XN_FLAG_RFC2253 1
+#define XN_FLAG_SEP_COMMA_PLUS (1 << 16)
+#define XN_FLAG_SEP_CPLUS_SPC (2 << 16)
+#define XN_FLAG_SEP_SPLUS_SPC (3 << 16)
+#define XN_FLAG_SEP_MULTILINE (4 << 16)
+#define XN_FLAG_SEP_MASK (0xF << 16)
+#define XN_FLAG_DN_REV (1 << 20)
+#define XN_FLAG_FN_LN (1 << 21)
+#define XN_FLAG_FN_OID (2 << 21)
+#define XN_FLAG_FN_NONE (3 << 21)
+#define XN_FLAG_FN_MASK (3 << 21)
+#define XN_FLAG_SPC_EQ (1 << 23)
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+#define XN_FLAG_FN_ALIGN (1 << 25)
+
+#define XN_FLAG_MULTILINE 0xFFFF
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509_vfy.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509_vfy.h
new file mode 100644
index 0000000..bb61ba0
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509_vfy.h
@@ -0,0 +1,45 @@
+/* x509_vfy.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* x509_vfy.h for openSSL */
+
+#ifndef WOLFSSL_x509_vfy_H_
+#define WOLFSSL_x509_vfy_H_
+
+#include <wolfssl/openssl/x509v3.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+ WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose);
+#endif
+
+#ifdef WOLFSSL_QT
+ #define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose
+#endif
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_x509_vfy_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509v3.h b/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509v3.h
new file mode 100644
index 0000000..db471dd
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/openssl/x509v3.h
@@ -0,0 +1,133 @@
+/* x509v3.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* x509v3.h for openSSL */
+
+#ifndef WOLFSSL_x509v3_H
+#define WOLFSSL_x509v3_H
+
+#include <wolfssl/openssl/conf.h>
+#include <wolfssl/openssl/bio.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#define X509_PURPOSE_SSL_CLIENT 0
+#define X509_PURPOSE_SSL_SERVER 1
+
+#define NS_SSL_CLIENT 0
+#define NS_SSL_SERVER 1
+
+/* Forward reference */
+
+typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
+ struct WOLFSSL_v3_ext_method *method,
+ void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef char *(*X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext);
+typedef int (*X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method,
+ void *ext, BIO *out, int indent);
+typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD;
+
+struct WOLFSSL_v3_ext_method {
+ int ext_nid;
+ int ext_flags;
+ void *usr_data;
+ X509V3_EXT_D2I d2i;
+ X509V3_EXT_I2D i2d;
+ X509V3_EXT_I2V i2v;
+ X509V3_EXT_I2S i2s;
+ X509V3_EXT_I2R i2r;
+};
+
+struct WOLFSSL_X509_EXTENSION {
+ WOLFSSL_ASN1_OBJECT *obj;
+ WOLFSSL_ASN1_BOOLEAN crit;
+ ASN1_OCTET_STRING value; /* DER format of extension */
+ WOLFSSL_v3_ext_method ext_method;
+ WOLFSSL_STACK* ext_sk; /* For extension specific data */
+};
+
+#define WOLFSSL_ASN1_BOOLEAN int
+#define GEN_OTHERNAME 0
+#define GEN_EMAIL 1
+#define GEN_DNS 2
+#define GEN_X400 3
+#define GEN_DIRNAME 4
+#define GEN_EDIPARTY 5
+#define GEN_URI 6
+#define GEN_IPADD 7
+#define GEN_RID 8
+
+#define GENERAL_NAME WOLFSSL_GENERAL_NAME
+
+#define X509V3_CTX WOLFSSL_X509V3_CTX
+
+#define CTX_TEST 0x1
+
+typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
+typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
+typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
+typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
+
+WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
+WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
+WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void);
+WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);
+WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
+ WOLFSSL_X509_EXTENSION* ex);
+WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex);
+WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
+ const WOLFSSL_ASN1_STRING *s);
+WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
+ WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
+WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
+ const char *section, WOLFSSL_X509 *cert);
+
+#define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free
+#define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free
+#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
+#define ASN1_INTEGER WOLFSSL_ASN1_INTEGER
+#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING
+#define X509V3_EXT_get wolfSSL_X509V3_EXT_get
+#define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i
+#define X509V3_EXT_add_nconf wolfSSL_X509V3_EXT_add_nconf
+#ifndef NO_WOLFSSL_STUB
+#define X509V3_parse_list(...) NULL
+#endif
+#define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING
+#define X509V3_EXT_print wolfSSL_X509V3_EXT_print
+#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid
+#define X509V3_set_ctx wolfSSL_X509V3_set_ctx
+#ifndef NO_WOLFSSL_STUB
+#define X509V3_set_nconf(...)
+#endif
+#define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb
+#define X509v3_get_ext_count wolfSSL_sk_num
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/options.h b/ap/lib/libwolfssl/install/include/wolfssl/options.h
new file mode 100644
index 0000000..3ed08bf
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/options.h
@@ -0,0 +1,375 @@
+/* wolfssl options.h
+ * generated from configure options
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ */
+
+#ifndef WOLFSSL_OPTIONS_H
+#define WOLFSSL_OPTIONS_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#undef WOLFSSL_TLS13
+#define WOLFSSL_TLS13
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef HAVE_FFDHE_2048
+#define HAVE_FFDHE_2048
+
+#undef HAVE_EXT_CACHE
+#define HAVE_EXT_CACHE
+
+#undef WOLFSSL_VERIFY_CB_ALL_CERTS
+#define WOLFSSL_VERIFY_CB_ALL_CERTS
+
+#undef WOLFSSL_EXTRA_ALERTS
+#define WOLFSSL_EXTRA_ALERTS
+
+#undef OPENSSL_EXTRA
+#define OPENSSL_EXTRA
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef OPENSSL_ALL
+#define OPENSSL_ALL
+
+#undef WOLFSSL_EITHER_SIDE
+#define WOLFSSL_EITHER_SIDE
+
+#undef WC_RSA_NO_PADDING
+#define WC_RSA_NO_PADDING
+
+#undef WC_RSA_PSS
+#define WC_RSA_PSS
+
+#undef WOLFSSL_PSS_LONG_SALT
+#define WOLFSSL_PSS_LONG_SALT
+
+#ifndef WOLFSSL_OPTIONS_IGNORE_SYS
+#undef _POSIX_THREADS
+#define _POSIX_THREADS
+#endif
+
+#undef HAVE_THREAD_LS
+#define HAVE_THREAD_LS
+
+#undef TFM_TIMING_RESISTANT
+#define TFM_TIMING_RESISTANT
+
+#undef ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#undef TEST_IPV6
+#define TEST_IPV6
+
+#undef WOLFSSL_IPV6
+#define WOLFSSL_IPV6
+
+#undef WOLFSSL_WPAS
+#define WOLFSSL_WPAS
+
+#undef HAVE_SECRET_CALLBACK
+#define HAVE_SECRET_CALLBACK
+
+#undef WOLFSSL_PUBLIC_ECC_ADD_DBL
+#define WOLFSSL_PUBLIC_ECC_ADD_DBL
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_ALWAYS_KEEP_SNI
+#define WOLFSSL_ALWAYS_KEEP_SNI
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef HAVE_EXT_CACHE
+#define HAVE_EXT_CACHE
+
+#undef WOLFSSL_EITHER_SIDE
+#define WOLFSSL_EITHER_SIDE
+
+#undef OPENSSL_EXTRA_X509_SMALL
+#define OPENSSL_EXTRA_X509_SMALL
+
+#undef WOLFSSL_PUBLIC_MP
+#define WOLFSSL_PUBLIC_MP
+
+#undef WOLFSSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
+
+#undef ATOMIC_USER
+#define ATOMIC_USER
+
+#undef WOLFSSL_KEY_GEN
+#define WOLFSSL_KEY_GEN
+
+#undef WOLFSSL_DES_ECB
+#define WOLFSSL_DES_ECB
+
+#undef FORTRESS
+#define FORTRESS
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_COUNTER
+
+#undef WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_DIRECT
+
+#undef WOLFSSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
+
+#undef WOLFSSL_KEY_GEN
+#define WOLFSSL_KEY_GEN
+
+#undef HAVE_AESCCM
+#define HAVE_AESCCM
+
+#undef WOLFSSL_USE_ALIGN
+#define WOLFSSL_USE_ALIGN
+
+#undef WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef SESSION_CERTS
+#define SESSION_CERTS
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef HAVE_HKDF
+#define HAVE_HKDF
+
+#undef HAVE_ECC
+#define HAVE_ECC
+
+#undef TFM_ECC256
+#define TFM_ECC256
+
+#undef ECC_SHAMIR
+#define ECC_SHAMIR
+
+#undef HAVE_COMP_KEY
+#define HAVE_COMP_KEY
+
+#undef WOLFSSL_ALLOW_TLSV10
+#define WOLFSSL_ALLOW_TLSV10
+
+#undef WC_RSA_PSS
+#define WC_RSA_PSS
+
+#undef HAVE_ANON
+#define HAVE_ANON
+
+#undef WOLFSSL_CMAC
+#define WOLFSSL_CMAC
+
+#undef WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_DIRECT
+
+#undef NO_HC128
+#define NO_HC128
+
+#undef NO_RABBIT
+#define NO_RABBIT
+
+#undef HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef HAVE_ONE_TIME_AUTH
+#define HAVE_ONE_TIME_AUTH
+
+#undef HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef HAVE_OCSP
+#define HAVE_OCSP
+
+#undef HAVE_OPENSSL_CMD
+#define HAVE_OPENSSL_CMD
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_CERTIFICATE_STATUS_REQUEST
+#define HAVE_CERTIFICATE_STATUS_REQUEST
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+#define HAVE_CERTIFICATE_STATUS_REQUEST_V2
+
+#undef HAVE_CRL
+#define HAVE_CRL
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SNI
+#define HAVE_SNI
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SESSION_TICKET
+#define HAVE_SESSION_TICKET
+
+#undef HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SNI
+#define HAVE_SNI
+
+#undef HAVE_MAX_FRAGMENT
+#define HAVE_MAX_FRAGMENT
+
+#undef HAVE_TRUNCATED_HMAC
+#define HAVE_TRUNCATED_HMAC
+
+#undef HAVE_ALPN
+#define HAVE_ALPN
+
+#undef HAVE_TRUSTED_CA
+#define HAVE_TRUSTED_CA
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef HAVE_LIGHTY
+#define HAVE_LIGHTY
+
+#undef HAVE_WOLFSSL_SSL_H
+#define HAVE_WOLFSSL_SSL_H 1
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef OPENSSL_ALL
+#define OPENSSL_ALL
+
+#undef OPENSSL_NO_SSL2
+#define OPENSSL_NO_SSL2
+
+#undef OPENSSL_NO_COMP
+#define OPENSSL_NO_COMP
+
+#undef OPENSSL_NO_SSL3
+#define OPENSSL_NO_SSL3
+
+#undef SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_ALWAYS_KEEP_SNI
+#define WOLFSSL_ALWAYS_KEEP_SNI
+
+#undef KEEP_OUR_CERT
+#define KEEP_OUR_CERT
+
+#undef KEEP_PEER_CERT
+#define KEEP_PEER_CERT
+
+#undef HAVE_EXT_CACHE
+#define HAVE_EXT_CACHE
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ENCRYPT_THEN_MAC
+
+#undef WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_EXT
+
+#undef HAVE_STUNNEL
+#define HAVE_STUNNEL
+
+#undef WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef WOLFSSL_ALWAYS_KEEP_SNI
+#define WOLFSSL_ALWAYS_KEEP_SNI
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef WOLFSSL_DES_ECB
+#define WOLFSSL_DES_ECB
+
+#undef WOLFSSL_SIGNER_DER_CERT
+#define WOLFSSL_SIGNER_DER_CERT
+
+#undef WOLFSSL_ENCRYPTED_KEYS
+#define WOLFSSL_ENCRYPTED_KEYS
+
+#undef USE_FAST_MATH
+#define USE_FAST_MATH
+
+#undef WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+#undef HAVE_AES_KEYWRAP
+#define HAVE_AES_KEYWRAP
+
+#undef WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_DIRECT
+
+#undef HAVE_DH_DEFAULT_PARAMS
+#define HAVE_DH_DEFAULT_PARAMS
+
+#undef GCM_TABLE_4BIT
+#define GCM_TABLE_4BIT
+
+#undef HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef HAVE_WC_INTROSPECTION
+#define HAVE_WC_INTROSPECTION
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_OPTIONS_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/sniffer.h b/ap/lib/libwolfssl/install/include/wolfssl/sniffer.h
new file mode 100644
index 0000000..fb48498
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/sniffer.h
@@ -0,0 +1,258 @@
+/* sniffer.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLFSSL_SNIFFER_H
+#define WOLFSSL_SNIFFER_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef _WIN32
+ #ifdef SSL_SNIFFER_EXPORTS
+ #define SSL_SNIFFER_API __declspec(dllexport)
+ #else
+ #define SSL_SNIFFER_API __declspec(dllimport)
+ #endif
+#else
+ #define SSL_SNIFFER_API
+#endif /* _WIN32 */
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* @param typeK: (formerly keyType) was shadowing a global declaration in
+ * wolfssl/wolfcrypt/asn.h line 175
+ */
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port,
+ const char* keyFile, int typeK,
+ const char* password, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetPrivateKeyBuffer(const char* address, int port,
+ const char* keyBuf, int keySz,
+ int typeK, const char* password,
+ char* error);
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
+ const char* address, int port,
+ const char* keyFile, int typeK,
+ const char* password, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetNamedPrivateKeyBuffer(const char* name,
+ const char* address, int port,
+ const char* keyBuf, int keySz,
+ int typeK, const char* password,
+ char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetEphemeralKey(const char* address, int port,
+ const char* keyFile, int typeKey,
+ const char* password, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetEphemeralKeyBuffer(const char* address, int port,
+ const char* keyBuf, int keySz, int typeKey,
+ const char* password, char* error);
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetNamedEphemeralKey(const char* name,
+ const char* address, int port,
+ const char* keyFile, int typeKey,
+ const char* password, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetNamedEphemeralKeyBuffer(const char* name,
+ const char* address, int port,
+ const char* keyBuf, int keySz, int typeKey,
+ const char* password, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
+ unsigned char** data, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_FreeDecodeBuffer(unsigned char** data, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_FreeZeroDecodeBuffer(unsigned char** data, int sz,
+ char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_EnableRecovery(int onOff, int maxMemory, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_GetSessionStats(unsigned int* active,
+ unsigned int* total,
+ unsigned int* peak,
+ unsigned int* maxSessions,
+ unsigned int* missedData,
+ unsigned int* reassemblyMemory,
+ char* error);
+
+WOLFSSL_API void ssl_InitSniffer(void);
+
+WOLFSSL_API void ssl_FreeSniffer(void);
+
+
+/* ssl_SetPrivateKey typeKs */
+enum {
+ FILETYPE_PEM = 1,
+ FILETYPE_DER = 2,
+};
+
+
+/*
+ * New Sniffer API that provides read-only access to the TLS and cipher
+ * information associated with the SSL session.
+ */
+
+typedef struct SSLInfo
+{
+ unsigned char isValid;
+ /* indicates if the info in this struct is valid: 0 = no, 1 = yes */
+ unsigned char protocolVersionMajor; /* SSL Version: major */
+ unsigned char protocolVersionMinor; /* SSL Version: minor */
+ unsigned char serverCipherSuite0; /* first byte, normally 0 */
+ unsigned char serverCipherSuite; /* second byte, actual suite */
+ unsigned char serverCipherSuiteName[256];
+ /* cipher name, e.g., "TLS_RSA_..." */
+ unsigned char serverNameIndication[128];
+ unsigned int keySize;
+} SSLInfo;
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_DecodePacketWithSessionInfo(
+ const unsigned char* packet, int length,
+ unsigned char** data, SSLInfo* sslInfo, char* error);
+
+typedef void (*SSLConnCb)(const void* session, SSLInfo* info, void* ctx);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetConnectionCb(SSLConnCb cb);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx);
+
+
+typedef struct SSLStats
+{
+ unsigned long int sslStandardConns;
+ unsigned long int sslClientAuthConns;
+ unsigned long int sslResumedConns;
+ unsigned long int sslEphemeralMisses;
+ unsigned long int sslResumeMisses;
+ unsigned long int sslCiphersUnsupported;
+ unsigned long int sslKeysUnmatched;
+ unsigned long int sslKeyFails;
+ unsigned long int sslDecodeFails;
+ unsigned long int sslAlerts;
+ unsigned long int sslDecryptedBytes;
+ unsigned long int sslEncryptedBytes;
+ unsigned long int sslEncryptedPackets;
+ unsigned long int sslDecryptedPackets;
+ unsigned long int sslKeyMatches;
+ unsigned long int sslEncryptedConns;
+
+ unsigned long int sslResumptionValid;
+ unsigned long int sslResumptionInserts;
+} SSLStats;
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_ResetStatistics(void);
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_ReadStatistics(SSLStats* stats);
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats);
+
+
+typedef int (*SSLWatchCb)(void* vSniffer,
+ const unsigned char* certHash,
+ unsigned int certHashSz,
+ const unsigned char* certChain,
+ unsigned int certChainSz,
+ void* ctx, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetWatchKeyCallback(SSLWatchCb cb, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetWatchKeyCallback_ex(SSLWatchCb cb, int devId,
+ char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetWatchKeyCtx(void* ctx, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetWatchKey_buffer(void* vSniffer,
+ const unsigned char* key, unsigned int keySz,
+ int keyType, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetWatchKey_file(void* vSniffer,
+ const char* keyFile, int keyType,
+ const char* password, char* error);
+
+
+typedef int (*SSLStoreDataCb)(const unsigned char* decryptBuf,
+ unsigned int decryptBufSz, unsigned int decryptBufOffset, void* ctx);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetStoreDataCallback(SSLStoreDataCb cb);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_DecodePacketWithSessionInfoStoreData(
+ const unsigned char* packet, int length, void* ctx,
+ SSLInfo* sslInfo, char* error);
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_DecodePacketWithChain(void* vChain,
+ unsigned int chainSz, unsigned char** data, char* error);
+
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_DecodePacketWithChainSessionInfoStoreData(
+ void* vChain, unsigned int chainSz, void* ctx, SSLInfo* sslInfo,
+ char* error);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* wolfSSL_SNIFFER_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/sniffer_error.h b/ap/lib/libwolfssl/install/include/wolfssl/sniffer_error.h
new file mode 100644
index 0000000..a0788f9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/sniffer_error.h
@@ -0,0 +1,145 @@
+/* sniffer_error.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLFSSL_SNIFFER_ERROR_H
+#define WOLFSSL_SNIFFER_ERROR_H
+
+
+/* General Sniffer Error */
+#define WOLFSSL_SNIFFER_ERROR -1
+
+/* Sniffer failed and is in Fatal state */
+#define WOLFSSL_SNIFFER_FATAL_ERROR -2
+
+/* need to have errors as #defines since .rc files can't handle enums */
+/* need to start at 1 and go in order for same reason */
+
+#define MEMORY_STR 1
+#define NEW_SERVER_STR 2
+#define IP_CHECK_STR 3
+#define SERVER_NOT_REG_STR 4
+#define TCP_CHECK_STR 5
+#define SERVER_PORT_NOT_REG_STR 6
+#define RSA_DECRYPT_STR 7
+#define RSA_DECODE_STR 8
+#define BAD_CIPHER_SPEC_STR 9
+#define SERVER_HELLO_INPUT_STR 10
+
+#define BAD_SESSION_RESUME_STR 11
+#define SERVER_DID_RESUMPTION_STR 12
+#define CLIENT_HELLO_INPUT_STR 13
+#define CLIENT_RESUME_TRY_STR 14
+#define HANDSHAKE_INPUT_STR 15
+#define GOT_HELLO_VERIFY_STR 16
+#define GOT_SERVER_HELLO_STR 17
+#define GOT_CERT_REQ_STR 18
+#define GOT_SERVER_KEY_EX_STR 19
+#define GOT_CERT_STR 20
+
+#define GOT_SERVER_HELLO_DONE_STR 21
+#define GOT_FINISHED_STR 22
+#define GOT_CLIENT_HELLO_STR 23
+#define GOT_CLIENT_KEY_EX_STR 24
+#define GOT_CERT_VER_STR 25
+#define GOT_UNKNOWN_HANDSHAKE_STR 26
+#define NEW_SESSION_STR 27
+#define BAD_NEW_SSL_STR 28
+#define GOT_PACKET_STR 29
+#define NO_DATA_STR 30
+
+#define BAD_SESSION_STR 31
+#define GOT_OLD_CLIENT_HELLO_STR 32
+#define OLD_CLIENT_INPUT_STR 33
+#define OLD_CLIENT_OK_STR 34
+#define BAD_OLD_CLIENT_STR 35
+#define BAD_RECORD_HDR_STR 36
+#define RECORD_INPUT_STR 37
+#define GOT_HANDSHAKE_STR 38
+#define BAD_HANDSHAKE_STR 39
+#define GOT_CHANGE_CIPHER_STR 40
+
+#define GOT_APP_DATA_STR 41
+#define BAD_APP_DATA_STR 42
+#define GOT_ALERT_STR 43
+#define ANOTHER_MSG_STR 44
+#define REMOVE_SESSION_STR 45
+#define KEY_FILE_STR 46
+#define BAD_IPVER_STR 47
+#define BAD_PROTO_STR 48
+#define PACKET_HDR_SHORT_STR 49
+#define GOT_UNKNOWN_RECORD_STR 50
+
+#define BAD_TRACE_FILE_STR 51
+#define FATAL_ERROR_STR 52
+#define PARTIAL_INPUT_STR 53
+#define BUFFER_ERROR_STR 54
+#define PARTIAL_ADD_STR 55
+#define DUPLICATE_STR 56
+#define OUT_OF_ORDER_STR 57
+#define OVERLAP_DUPLICATE_STR 58
+#define OVERLAP_REASSEMBLY_BEGIN_STR 59
+#define OVERLAP_REASSEMBLY_END_STR 60
+
+#define MISSED_CLIENT_HELLO_STR 61
+#define GOT_HELLO_REQUEST_STR 62
+#define GOT_SESSION_TICKET_STR 63
+#define BAD_INPUT_STR 64
+#define BAD_DECRYPT_TYPE 65
+#define BAD_FINISHED_MSG 66
+#define BAD_COMPRESSION_STR 67
+#define BAD_DERIVE_STR 68
+#define ACK_MISSED_STR 69
+#define BAD_DECRYPT 70
+
+#define DECRYPT_KEYS_NOT_SETUP 71
+#define CLIENT_HELLO_LATE_KEY_STR 72
+#define GOT_CERT_STATUS_STR 73
+#define RSA_KEY_MISSING_STR 74
+#define NO_SECURE_RENEGOTIATION 75
+#define BAD_SESSION_STATS 76
+#define REASSEMBLY_MAX_STR 77
+#define DROPPING_LOST_FRAG_STR 78
+#define DROPPING_PARTIAL_RECORD 79
+#define CLEAR_ACK_FAULT 80
+
+#define BAD_DECRYPT_SIZE 81
+#define EXTENDED_MASTER_HASH_STR 82
+#define SPLIT_HANDSHAKE_MSG_STR 83
+#define ECC_DECODE_STR 84
+#define ECC_PUB_DECODE_STR 85
+#define WATCH_CB_MISSING_STR 86
+#define WATCH_HASH_STR 87
+#define WATCH_FAIL_STR 88
+#define BAD_CERT_MSG_STR 89
+#define STORE_DATA_CB_MISSING_STR 90
+
+#define NO_DATA_DEST_STR 91
+#define STORE_DATA_FAIL_STR 92
+#define CHAIN_INPUT_STR 93
+#define GOT_ENC_EXT_STR 94
+#define GOT_HELLO_RETRY_REQ_STR 95
+/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
+
+
+#endif /* wolfSSL_SNIFFER_ERROR_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/ssl.h b/ap/lib/libwolfssl/install/include/wolfssl/ssl.h
new file mode 100644
index 0000000..2d7faf5
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/ssl.h
@@ -0,0 +1,4481 @@
+/* ssl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+/*!
+ \file ../wolfssl/ssl.h
+ \brief Header file containing key wolfSSL API
+*/
+
+/* wolfSSL API */
+
+#ifndef WOLFSSL_SSL_H
+#define WOLFSSL_SSL_H
+
+
+/* for users not using preprocessor flags*/
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_WOLF_EVENT
+ #include <wolfssl/wolfcrypt/wolfevent.h>
+#endif
+
+ #ifdef WOLF_CRYPTO_CB
+ #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
+/* used internally by wolfSSL while OpenSSL types aren't */
+#include <wolfssl/callbacks.h>
+
+#ifdef WOLFSSL_PREFIX
+ #include "prefix_ssl.h"
+#endif
+
+#ifdef LIBWOLFSSL_VERSION_STRING
+ #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING
+#endif
+
+#ifdef _WIN32
+ /* wincrypt.h clashes */
+ #undef OCSP_REQUEST
+ #undef OCSP_RESPONSE
+#endif
+
+#ifdef OPENSSL_COEXIST
+ /* mode to allow wolfSSL and OpenSSL to exist together */
+ #ifdef TEST_OPENSSL_COEXIST
+ /*
+ ./configure --enable-opensslcoexist \
+ CFLAGS="-I/usr/local/opt/openssl/include -DTEST_OPENSSL_COEXIST" \
+ LDFLAGS="-L/usr/local/opt/openssl/lib -lcrypto"
+ */
+ #include <openssl/ssl.h>
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+ #include <openssl/ec.h>
+ #include <openssl/hmac.h>
+ #include <openssl/bn.h>
+ #endif
+
+ /* make sure old names are disabled */
+ #ifndef NO_OLD_SSL_NAMES
+ #define NO_OLD_SSL_NAMES
+ #endif
+ #ifndef NO_OLD_WC_NAMES
+ #define NO_OLD_WC_NAMES
+ #endif
+
+#elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+ #include <wolfssl/openssl/bn.h>
+ #include <wolfssl/openssl/hmac.h>
+
+ /* We need the old SSL names */
+ #ifdef NO_OLD_SSL_NAMES
+ #undef NO_OLD_SSL_NAMES
+ #endif
+ #ifdef NO_OLD_WC_NAMES
+ #undef NO_OLD_WC_NAMES
+ #endif
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* LHASH is implemented as a stack */
+typedef struct WOLFSSL_STACK WOLFSSL_LHASH;
+#ifndef WOLF_LHASH_OF
+ #define WOLF_LHASH_OF(x) WOLFSSL_LHASH
+#endif
+
+#ifndef WOLF_STACK_OF
+ #define WOLF_STACK_OF(x) WOLFSSL_STACK
+#endif
+#ifndef DECLARE_STACK_OF
+ #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
+#endif
+
+#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
+#define WOLFSSL_WOLFSSL_TYPE_DEFINED
+typedef struct WOLFSSL WOLFSSL;
+#endif
+typedef struct WOLFSSL_SESSION WOLFSSL_SESSION;
+typedef struct WOLFSSL_METHOD WOLFSSL_METHOD;
+#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
+#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
+typedef struct WOLFSSL_CTX WOLFSSL_CTX;
+#endif
+
+typedef struct WOLFSSL_STACK WOLFSSL_STACK;
+typedef struct WOLFSSL_X509 WOLFSSL_X509;
+typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME;
+typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY;
+typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY;
+typedef struct WOLFSSL_X509_ALGOR WOLFSSL_X509_ALGOR;
+typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
+typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12;
+typedef struct WOLFSSL_X509_INFO WOLFSSL_X509_INFO;
+
+typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
+typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
+typedef struct WOLFSSL_CRL WOLFSSL_CRL;
+typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX;
+
+typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
+
+typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH;
+typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry;
+typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR;
+
+/* redeclare guard */
+#define WOLFSSL_TYPES_DEFINED
+
+#include <wolfssl/wolfio.h>
+
+
+#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_RSA WOLFSSL_RSA;
+#define WOLFSSL_RSA_TYPE_DEFINED
+#endif
+
+#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
+ typedef struct WC_RNG WC_RNG;
+ #define WC_RNG_TYPE_DEFINED
+#endif
+
+#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_DSA WOLFSSL_DSA;
+#define WOLFSSL_DSA_TYPE_DEFINED
+#endif
+
+#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
+typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;
+typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP;
+typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE;
+/* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */
+typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD;
+#define WOLFSSL_EC_TYPE_DEFINED
+#endif
+
+#ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG;
+#define WOLFSSL_ECDSA_TYPE_DEFINED
+#endif
+
+typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER;
+typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP;
+typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
+typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL;
+typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE;
+typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
+typedef struct WOLFSSL_BIO WOLFSSL_BIO;
+typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
+typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
+typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
+typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
+typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX;
+typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method;
+
+typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
+typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
+#ifndef WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_DH WOLFSSL_DH;
+#define WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */
+#endif
+typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
+typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE;
+typedef struct WOLFSSL_X509_ATTRIBUTE WOLFSSL_X509_ATTRIBUTE;
+
+typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME;
+typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
+typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS;
+typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION;
+
+typedef struct WOLFSSL_CONF_CTX WOLFSSL_CONF_CTX;
+
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+
+struct WOLFSSL_AUTHORITY_KEYID {
+ WOLFSSL_ASN1_STRING *keyid;
+ WOLFSSL_ASN1_OBJECT *issuer;
+ WOLFSSL_ASN1_INTEGER *serial;
+};
+
+struct WOLFSSL_BASIC_CONSTRAINTS {
+ int ca;
+ WOLFSSL_ASN1_INTEGER *pathlen;
+};
+
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA*/
+
+#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
+#define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
+
+struct WOLFSSL_ASN1_STRING {
+ char strData[CTC_NAME_SIZE];
+ int length;
+ int type; /* type of string i.e. CTC_UTF8 */
+ char* data;
+ long flags;
+ unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
+};
+
+#define WOLFSSL_MAX_SNAME 40
+
+
+#define WOLFSSL_ASN1_DYNAMIC 0x1
+#define WOLFSSL_ASN1_DYNAMIC_DATA 0x2
+
+struct WOLFSSL_ASN1_OTHERNAME {
+ WOLFSSL_ASN1_OBJECT* type_id;
+ WOLFSSL_ASN1_TYPE* value;
+};
+
+struct WOLFSSL_GENERAL_NAME {
+ int type;
+ union {
+ char* ptr;
+ WOLFSSL_ASN1_OTHERNAME* otherName;
+ WOLFSSL_ASN1_STRING* rfc822Name;
+ WOLFSSL_ASN1_STRING* dNSName;
+ WOLFSSL_ASN1_TYPE* x400Address;
+ WOLFSSL_X509_NAME* directoryName;
+ WOLFSSL_ASN1_STRING* uniformResourceIdentifier;
+ WOLFSSL_ASN1_STRING* iPAddress;
+ WOLFSSL_ASN1_OBJECT* registeredID;
+
+ WOLFSSL_ASN1_STRING* ip;
+ WOLFSSL_X509_NAME* dirn;
+ WOLFSSL_ASN1_STRING* ia5;
+ WOLFSSL_ASN1_OBJECT* rid;
+ WOLFSSL_ASN1_TYPE* other;
+ } d; /* dereference */
+};
+
+struct WOLFSSL_ACCESS_DESCRIPTION {
+ WOLFSSL_ASN1_OBJECT* method;
+ WOLFSSL_GENERAL_NAME* location;
+};
+
+struct WOLFSSL_X509V3_CTX {
+ WOLFSSL_X509* x509;
+};
+
+struct WOLFSSL_ASN1_OBJECT {
+ void* heap;
+ const unsigned char* obj;
+ /* sName is short name i.e sha256 rather than oid (null terminated) */
+ char sName[WOLFSSL_MAX_SNAME];
+ int type; /* oid */
+ int grp; /* type of OID, i.e. oidCertPolicyType */
+ int nid;
+ unsigned int objSz;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_APACHE_HTTPD)
+ int ca;
+ WOLFSSL_ASN1_INTEGER *pathlen;
+#endif
+ unsigned char dynamic; /* Use WOLFSSL_ASN1_DYNAMIC and WOLFSSL_ASN1_DYNAMIC_DATA
+ * to determine what needs to be freed. */
+
+#if defined(WOLFSSL_APACHE_HTTPD)
+ WOLFSSL_GENERAL_NAME* gn;
+#endif
+
+ struct d { /* derefrenced */
+ WOLFSSL_ASN1_STRING* dNSName;
+ WOLFSSL_ASN1_STRING ia5_internal;
+ WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+ WOLFSSL_ASN1_STRING* uniformResourceIdentifier;
+ WOLFSSL_ASN1_STRING iPAddress_internal;
+ WOLFSSL_ASN1_OTHERNAME* otherName; /* added for Apache httpd */
+#endif
+ WOLFSSL_ASN1_STRING* iPAddress; /* points to iPAddress_internal */
+ } d;
+};
+
+/* wrap ASN1 types */
+struct WOLFSSL_ASN1_TYPE {
+ int type;
+ union {
+ char *ptr;
+ WOLFSSL_ASN1_STRING* asn1_string;
+ WOLFSSL_ASN1_OBJECT* object;
+ WOLFSSL_ASN1_INTEGER* integer;
+ WOLFSSL_ASN1_BIT_STRING* bit_string;
+ WOLFSSL_ASN1_STRING* octet_string;
+ WOLFSSL_ASN1_STRING* printablestring;
+ WOLFSSL_ASN1_STRING* ia5string;
+ WOLFSSL_ASN1_UTCTIME* utctime;
+ WOLFSSL_ASN1_GENERALIZEDTIME* generalizedtime;
+ WOLFSSL_ASN1_STRING* utf8string;
+ WOLFSSL_ASN1_STRING* set;
+ WOLFSSL_ASN1_STRING* sequence;
+ } value;
+};
+
+struct WOLFSSL_X509_ATTRIBUTE {
+ WOLFSSL_ASN1_OBJECT *object;
+ WOLFSSL_ASN1_TYPE *value;
+ WOLF_STACK_OF(WOLFSSL_ASN1_TYPE) *set;
+};
+
+struct WOLFSSL_EVP_PKEY {
+ void* heap;
+ int type; /* openssh dereference */
+ int save_type; /* openssh dereference */
+ int pkey_sz;
+ int references; /*number of times free should be called for complete free*/
+ wolfSSL_Mutex refMutex; /* ref count mutex */
+
+ union {
+ char* ptr; /* der format of key / or raw for NTRU */
+ } pkey;
+ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+ #ifndef NO_RSA
+ WOLFSSL_RSA* rsa;
+ byte ownRsa; /* if struct owns RSA and should free it */
+ #endif
+ #ifndef NO_DSA
+ WOLFSSL_DSA* dsa;
+ byte ownDsa; /* if struct owns DSA and should free it */
+ #endif
+ #ifdef HAVE_ECC
+ WOLFSSL_EC_KEY* ecc;
+ byte ownEcc; /* if struct owns ECC and should free it */
+ #endif
+ #ifndef NO_DH
+ WOLFSSL_DH* dh;
+ byte ownDh; /* if struct owns DH and should free it */
+ #endif
+ WC_RNG rng;
+ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+ #ifdef HAVE_ECC
+ int pkey_curve;
+ #endif
+};
+typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
+#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
+typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
+typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX;
+typedef char WOLFSSL_EVP_MD;
+#define WOLFSSL_EVP_TYPE_DEFINED
+#endif
+
+struct WOLFSSL_X509_PKEY {
+ WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */
+ void* heap;
+};
+typedef struct WOLFSSL_X509_PKEY WOLFSSL_X509_PKEY;
+
+struct WOLFSSL_X509_INFO {
+ WOLFSSL_X509 *x509;
+ WOLFSSL_X509_CRL *crl;
+ WOLFSSL_X509_PKEY *x_pkey; /* dereferenced by Apache */
+ EncryptedInfo enc_cipher;
+ int enc_len;
+ char *enc_data;
+ int num;
+};
+
+#define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ #define wolfSSL_SSL_MODE_RELEASE_BUFFERS 0x00000010U
+ #define wolfSSL_SSL_CTRL_SET_TMP_ECDH 4
+#endif
+
+struct WOLFSSL_X509_ALGOR {
+ WOLFSSL_ASN1_OBJECT* algorithm;
+ WOLFSSL_ASN1_TYPE* parameter;
+};
+
+struct WOLFSSL_X509_PUBKEY {
+ WOLFSSL_X509_ALGOR* algor;
+ WOLFSSL_EVP_PKEY* pkey;
+ int pubKeyOID;
+};
+
+
+enum BIO_TYPE {
+ WOLFSSL_BIO_BUFFER = 1,
+ WOLFSSL_BIO_SOCKET = 2,
+ WOLFSSL_BIO_SSL = 3,
+ WOLFSSL_BIO_MEMORY = 4,
+ WOLFSSL_BIO_BIO = 5,
+ WOLFSSL_BIO_FILE = 6,
+ WOLFSSL_BIO_BASE64 = 7,
+ WOLFSSL_BIO_MD = 8
+};
+
+enum BIO_FLAGS {
+ WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01,
+ WOLFSSL_BIO_FLAG_READ = 0x02,
+ WOLFSSL_BIO_FLAG_WRITE = 0x04,
+ WOLFSSL_BIO_FLAG_IO_SPECIAL = 0x08,
+ WOLFSSL_BIO_FLAG_RETRY = 0x10
+};
+
+enum BIO_CB_OPS {
+ WOLFSSL_BIO_CB_FREE = 0x01,
+ WOLFSSL_BIO_CB_READ = 0x02,
+ WOLFSSL_BIO_CB_WRITE = 0x03,
+ WOLFSSL_BIO_CB_PUTS = 0x04,
+ WOLFSSL_BIO_CB_GETS = 0x05,
+ WOLFSSL_BIO_CB_CTRL = 0x06,
+ WOLFSSL_BIO_CB_RETURN = 0x80
+};
+
+typedef struct WOLFSSL_BUF_MEM {
+ char* data; /* dereferenced */
+ size_t length; /* current length */
+ size_t max; /* maximum length */
+} WOLFSSL_BUF_MEM;
+
+/* custom method with user set callbacks */
+typedef int (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int);
+typedef int (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int);
+typedef int (*wolfSSL_BIO_meth_puts_cb)(WOLFSSL_BIO*, const char*);
+typedef int (*wolfSSL_BIO_meth_gets_cb)(WOLFSSL_BIO*, char*, int);
+typedef long (*wolfSSL_BIO_meth_ctrl_get_cb)(WOLFSSL_BIO*, int, long, void*);
+typedef int (*wolfSSL_BIO_meth_create_cb)(WOLFSSL_BIO*);
+typedef int (*wolfSSL_BIO_meth_destroy_cb)(WOLFSSL_BIO*);
+
+typedef int wolfSSL_BIO_info_cb(WOLFSSL_BIO *, int, int);
+typedef long (*wolfssl_BIO_meth_ctrl_info_cb)(WOLFSSL_BIO*, int, wolfSSL_BIO_info_cb*);
+
+/* wolfSSL BIO_METHOD type */
+#ifndef MAX_BIO_METHOD_NAME
+#define MAX_BIO_METHOD_NAME 256
+#endif
+struct WOLFSSL_BIO_METHOD {
+ byte type; /* method type */
+ char name[MAX_BIO_METHOD_NAME];
+ wolfSSL_BIO_meth_write_cb writeCb;
+ wolfSSL_BIO_meth_read_cb readCb;
+ wolfSSL_BIO_meth_puts_cb putsCb;
+ wolfSSL_BIO_meth_gets_cb getsCb;
+ wolfSSL_BIO_meth_ctrl_get_cb ctrlCb;
+ wolfSSL_BIO_meth_create_cb createCb;
+ wolfSSL_BIO_meth_destroy_cb freeCb;
+ wolfssl_BIO_meth_ctrl_info_cb ctrlInfoCb;
+};
+
+/* wolfSSL BIO type */
+typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg,
+ int iarg, long larg, long return_value);
+
+struct WOLFSSL_BIO {
+ WOLFSSL_BUF_MEM* mem_buf;
+ WOLFSSL_BIO_METHOD* method;
+ WOLFSSL_BIO* prev; /* previous in chain */
+ WOLFSSL_BIO* next; /* next in chain */
+ WOLFSSL_BIO* pair; /* BIO paired with */
+ void* heap; /* user heap hint */
+ void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */
+ void* usrCtx; /* user set pointer */
+ const char* ip; /* IP address for wolfIO_TcpConnect */
+ word16 port; /* Port for wolfIO_TcpConnect */
+ char* infoArg; /* BIO callback argument */
+ wolf_bio_info_cb infoCb; /* BIO callback */
+ int wrSz; /* write buffer size (mem) */
+ int wrIdx; /* current index for write buffer */
+ int rdIdx; /* current read index */
+ int readRq; /* read request */
+ int num; /* socket num or length */
+ int eof; /* eof flag */
+ int flags;
+ byte type; /* method type */
+ byte init:1; /* bio has been initialized */
+ byte shutdown:1; /* close flag */
+#ifdef HAVE_EX_DATA
+ WOLFSSL_CRYPTO_EX_DATA ex_data;
+#endif
+};
+
+typedef struct WOLFSSL_COMP_METHOD {
+ int type; /* stunnel dereference */
+} WOLFSSL_COMP_METHOD;
+
+typedef struct WOLFSSL_COMP {
+ int id;
+ const char *name;
+ WOLFSSL_COMP_METHOD *method;
+} WOLFSSL_COMP;
+
+#define WOLFSSL_X509_L_FILE_LOAD 0x1
+#define WOLFSSL_X509_L_ADD_DIR 0x2
+#define WOLFSSL_X509_L_ADD_STORE 0x3
+#define WOLFSSL_X509_L_LOAD_STORE 0x4
+
+struct WOLFSSL_X509_LOOKUP_METHOD {
+ int type;
+};
+
+struct WOLFSSL_X509_LOOKUP {
+ WOLFSSL_X509_STORE *store;
+ int type;
+ WOLFSSL_BY_DIR* dirs;
+};
+
+struct WOLFSSL_X509_STORE {
+ int cache; /* stunnel dereference */
+ WOLFSSL_CERT_MANAGER* cm;
+ WOLFSSL_X509_LOOKUP lookup;
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+ int isDynamic;
+ WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
+#endif
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb;
+#endif
+#ifdef HAVE_EX_DATA
+ WOLFSSL_CRYPTO_EX_DATA ex_data;
+#endif
+#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL)
+ WOLFSSL_X509_CRL *crl; /* points to cm->crl */
+#endif
+};
+
+#define WOLFSSL_NO_WILDCARDS 0x4
+
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+ defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME)
+ #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
+#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#define WOLFSSL_USE_CHECK_TIME 0x2
+#define WOLFSSL_NO_CHECK_TIME 0x200000
+#define WOLFSSL_HOST_NAME_MAX 256
+
+#define WOLFSSL_VPARAM_DEFAULT 0x1
+#define WOLFSSL_VPARAM_OVERWRITE 0x2
+#define WOLFSSL_VPARAM_RESET_FLAGS 0x4
+#define WOLFSSL_VPARAM_LOCKED 0x8
+#define WOLFSSL_VPARAM_ONCE 0x10
+
+struct WOLFSSL_X509_VERIFY_PARAM {
+ time_t check_time;
+ unsigned int inherit_flags;
+ unsigned long flags;
+ char hostName[WOLFSSL_HOST_NAME_MAX];
+ unsigned int hostFlags;
+ char ipasc[WOLFSSL_MAX_IPSTR];
+};
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+
+typedef struct WOLFSSL_ALERT {
+ int code;
+ int level;
+} WOLFSSL_ALERT;
+
+typedef struct WOLFSSL_ALERT_HISTORY {
+ WOLFSSL_ALERT last_rx;
+ WOLFSSL_ALERT last_tx;
+} WOLFSSL_ALERT_HISTORY;
+
+typedef struct WOLFSSL_X509_REVOKED {
+ WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
+} WOLFSSL_X509_REVOKED;
+
+
+typedef struct WOLFSSL_X509_OBJECT {
+ union {
+ char* ptr;
+ WOLFSSL_X509 *x509;
+ WOLFSSL_X509_CRL* crl; /* stunnel dereference */
+ } data;
+} WOLFSSL_X509_OBJECT;
+
+#define WOLFSSL_ASN1_BOOLEAN int
+
+typedef struct WOLFSSL_BUFFER_INFO {
+ unsigned char* buffer;
+ unsigned int length;
+} WOLFSSL_BUFFER_INFO;
+
+struct WOLFSSL_X509_STORE_CTX {
+ WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
+ WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */
+#ifdef WOLFSSL_ASIO
+ WOLFSSL_X509* current_issuer; /* asio dereference */
+#endif
+ WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
+ WOLFSSL_STACK* chain;
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
+#endif
+ char* domain; /* subject CN domain name */
+#if defined(HAVE_EX_DATA) || defined(FORTRESS)
+ WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */
+#endif
+#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
+ int depth; /* used in X509_STORE_CTX_*_depth */
+#endif
+ void* userCtx; /* user ctx */
+ int error; /* current error */
+ int error_depth; /* index of cert depth for this error */
+ int discardSessionCerts; /* so verify callback can flag for discard */
+ int totalCerts; /* number of peer cert buffers */
+ WOLFSSL_BUFFER_INFO* certs; /* peer certs */
+ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
+};
+
+typedef char* WOLFSSL_STRING;
+
+typedef struct WOLFSSL_RAND_METHOD {
+ /* seed = Data to mix into the random generator.
+ * len = Number of bytes to mix from seed. */
+ int (*seed)(const void* seed, int len);
+ /* buf = Buffer to store random bytes in.
+ * len = Number of bytes to store in buf. */
+ int (*bytes)(unsigned char* buf, int len);
+ void (*cleanup)(void);
+ /* add = Data to mix into the random generator.
+ * len = Number of bytes to mix from add.
+ * entropy = Estimate of randomness contained in seed.
+ * Should be between 0 and len. */
+ int (*add)(const void* add, int len, double entropy);
+ /* buf = Buffer to store pseudorandom bytes in.
+ * len = Number of bytes to store in buf. */
+ int (*pseudorand)(unsigned char *buf, int len);
+ int (*status)(void);
+} WOLFSSL_RAND_METHOD;
+
+/* Valid Alert types from page 16/17
+ * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
+ */
+enum AlertDescription {
+ close_notify = 0,
+ unexpected_message = 10,
+ bad_record_mac = 20,
+ record_overflow = 22,
+ decompression_failure = 30,
+ handshake_failure = 40,
+ no_certificate = 41,
+ bad_certificate = 42,
+ unsupported_certificate = 43,
+ certificate_revoked = 44,
+ certificate_expired = 45,
+ certificate_unknown = 46,
+ illegal_parameter = 47,
+ unknown_ca = 48,
+ decode_error = 50,
+ decrypt_error = 51,
+ #ifdef WOLFSSL_MYSQL_COMPATIBLE
+ /* catch name conflict for enum protocol with MYSQL build */
+ wc_protocol_version = 70,
+ #else
+ protocol_version = 70,
+ #endif
+ inappropriate_fallback = 86,
+ no_renegotiation = 100,
+ missing_extension = 109,
+ unsupported_extension = 110, /**< RFC 5246, section 7.2.2 */
+ unrecognized_name = 112, /**< RFC 6066, section 3 */
+ bad_certificate_status_response = 113, /**< RFC 6066, section 8 */
+ unknown_psk_identity = 115, /**< RFC 4279, section 2 */
+ certificate_required = 116, /**< RFC 8446, section 8.2 */
+ no_application_protocol = 120
+};
+
+
+enum AlertLevel {
+ alert_warning = 1,
+ alert_fatal = 2
+};
+
+/* WS_RETURN_CODE macro
+ * Some OpenSSL APIs specify "0" as the return value when an error occurs.
+ * However, some corresponding wolfSSL APIs return negative values. Such
+ * functions should use this macro to fill this gap. Users who want them
+ * to return the same return value as OpenSSL can define
+ * WOLFSSL_ERR_CODE_OPENSSL.
+ * Give item1 a variable that contains the potentially negative
+ * wolfSSL-defined return value or the return value itself, and
+ * give item2 the openSSL-defined return value.
+ * Note that this macro replaces only negative return values with the
+ * specified value.
+ * Since wolfSSL 4.7.0, the following functions use this macro:
+ * - wolfSSL_CTX_load_verify_locations
+ * - wolfSSL_X509_LOOKUP_load_file
+ * - wolfSSL_EVP_PKEY_cmp
+ */
+#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+ #define WS_RETURN_CODE(item1,item2) \
+ ((item1 < 0) ? item2 : item1)
+#else
+ #define WS_RETURN_CODE(item1,item2) (item1)
+#endif
+
+/* Maximum master key length (SECRET_LEN) */
+#define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
+/* Maximum number of groups that can be set */
+#define WOLFSSL_MAX_GROUP_COUNT 10
+
+#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
+enum Tls13Secret {
+ CLIENT_EARLY_TRAFFIC_SECRET,
+ CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+ SERVER_HANDSHAKE_TRAFFIC_SECRET,
+ CLIENT_TRAFFIC_SECRET,
+ SERVER_TRAFFIC_SECRET,
+ EARLY_EXPORTER_SECRET,
+ EXPORTER_SECRET
+};
+#endif
+
+
+typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);
+
+/* CTX Method EX Constructor Functions */
+WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap);
+#ifdef WOLFSSL_TLS13
+ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
+#endif
+
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap);
+
+#ifdef WOLFSSL_DTLS
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap);
+#endif
+
+/* CTX Method Constructor Functions */
+WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
+WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
+#ifdef WOLFSSL_TLS13
+ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void);
+ WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
+ WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
+#endif
+
+#ifdef WOLFSSL_DTLS
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void);
+ WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
+#endif
+
+#ifdef HAVE_POLY1305
+ WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int);
+#endif
+
+#ifdef WOLFSSL_SESSION_EXPORT
+#ifdef WOLFSSL_DTLS
+
+#ifndef WOLFSSL_DTLS_EXPORT_TYPES
+typedef int (*wc_dtls_export)(WOLFSSL* ssl,
+ unsigned char* exportBuffer, unsigned int sz, void* userCtx);
+#define WOLFSSL_DTLS_EXPORT_TYPES
+#endif /* WOLFSSL_DTLS_EXPORT_TYPES */
+
+WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf,
+ unsigned int sz);
+WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
+ wc_dtls_export func);
+WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func);
+WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
+ unsigned int* sz);
+WOLFSSL_API int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf,
+ unsigned int* sz);
+#endif /* WOLFSSL_DTLS */
+#endif /* WOLFSSL_SESSION_EXPORT */
+
+#ifdef WOLFSSL_STATIC_MEMORY
+#ifndef WOLFSSL_MEM_GUARD
+#define WOLFSSL_MEM_GUARD
+ typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS;
+ typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS;
+#endif
+WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
+ wolfSSL_method_func method,
+ unsigned char* buf, unsigned int sz,
+ int flag, int max);
+WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
+ WOLFSSL_MEM_STATS* mem_stats);
+WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl,
+ WOLFSSL_MEM_CONN_STATS* mem_stats);
+#endif
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*,
+ const char*, int);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*,
+ const char*, int);
+
+#endif
+
+#ifndef NO_CERTS
+#define WOLFSSL_LOAD_FLAG_NONE 0x00000000
+#define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001
+#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
+#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004
+#if defined(WOLFSSL_QT)
+#define WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR 0x00000008
+#define WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE 0x00000010
+#endif
+
+#ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
+#define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
+#endif
+
+WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
+WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
+WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
+#endif /* !NO_CERTS */
+
+#define WOLFSSL_CIPHER_SUITE_FLAG_NONE 0x0
+#define WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS 0x1
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+
+WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
+ const char*, unsigned int);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*,
+ const char*, const char*);
+#ifdef WOLFSSL_TRUST_PEER_CERT
+WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int);
+#endif
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(
+ WOLFSSL_CTX*, const char*);
+WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *,
+ const char *file, int format);
+WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*,
+ int);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*,
+ int);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*,
+ const char*);
+WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*,
+ const char *file, int format);
+WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
+
+#ifdef WOLFSSL_DER_LOAD
+ WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*,
+ const char*, int);
+#endif
+
+#ifdef HAVE_NTRU
+ WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
+ /* load NTRU private key blob */
+#endif
+
+#endif /* !NO_FILESYSTEM && !NO_CERTS */
+
+WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX*);
+WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff);
+WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid);
+WOLFSSL_API int wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx,
+ const char* list);
+WOLFSSL_API int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list);
+#endif
+WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
+WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
+WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx);
+WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm);
+WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
+WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int);
+WOLFSSL_API char* wolfSSL_get_cipher_list(int priority);
+WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority);
+WOLFSSL_API int wolfSSL_get_ciphers(char*, int);
+WOLFSSL_API int wolfSSL_get_ciphers_iana(char*, int);
+WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
+WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char,
+ const unsigned char);
+WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite(
+ const unsigned char, const unsigned char);
+WOLFSSL_API int wolfSSL_get_cipher_suite_from_name(const char* name,
+ byte* cipherSuite0, byte* cipherSuite, int* flags);
+WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
+ int len);
+WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
+/* please see note at top of README if you get an error from connect */
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
+WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
+WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
+WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
+#ifdef WOLFSSL_TLS13
+WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
+ const unsigned char* secret, unsigned int secretSz);
+WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_update_keys(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_key_update_response(WOLFSSL* ssl, int* required);
+WOLFSSL_API int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl);
+
+WOLFSSL_API int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list);
+WOLFSSL_API int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list);
+
+WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
+ int count);
+WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
+ int count);
+WOLFSSL_API int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count);
+#endif
+
+WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
+WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
+
+#ifdef WOLFSSL_EARLY_DATA
+
+#define WOLFSSL_EARLY_DATA_NOT_SENT 0
+#define WOLFSSL_EARLY_DATA_REJECTED 1
+#define WOLFSSL_EARLY_DATA_ACCEPTED 2
+
+WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
+ unsigned int sz);
+WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
+WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
+ int sz, int* outSz);
+WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
+ int* outSz);
+WOLFSSL_API int wolfSSL_get_early_data_status(const WOLFSSL* ssl);
+#endif /* WOLFSSL_EARLY_DATA */
+#endif /* WOLFSSL_TLS13 */
+WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
+WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
+WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags);
+WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags);
+
+WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int);
+WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int);
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*);
+WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*);
+WOLFSSL_ABI WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
+WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
+ || defined(WOLFSSL_NGINX)
+WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
+ WOLFSSL_BIO**, size_t);
+
+WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
+ unsigned char *EM,
+ const unsigned char *mHash,
+ const WOLFSSL_EVP_MD *hashAlg,
+ int saltLen);
+WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
+ const WOLFSSL_EVP_MD *hashAlg,
+ const unsigned char *EM, int saltLen);
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**);
+WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*,
+ int, const unsigned char*);
+WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**);
+#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
+
+#ifdef SESSION_INDEX
+WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
+#endif /* SESSION_INDEX */
+
+#if defined(SESSION_CERTS)
+WOLFSSL_API
+ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
+#endif /* SESSION_INDEX && SESSION_CERTS */
+
+typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
+typedef void (CallbackInfoState)(const WOLFSSL*, int, int);
+
+/* class index for wolfSSL_CRYPTO_get_ex_new_index */
+#define CRYPTO_EX_INDEX_SSL 0
+#define CRYPTO_EX_INDEX_SSL_CTX 1
+#define CRYPTO_EX_INDEX_SSL_SESSION 2
+#define CRYPTO_EX_INDEX_X509 3
+#define CRYPTO_EX_INDEX_X509_STORE 4
+#define CRYPTO_EX_INDEX_X509_STORE_CTX 5
+#define CRYPTO_EX_INDEX_DH 6
+#define CRYPTO_EX_INDEX_DSA 7
+#define CRYPTO_EX_INDEX_EC_KEY 8
+#define CRYPTO_EX_INDEX_RSA 9
+#define CRYPTO_EX_INDEX_ENGINE 10
+#define CRYPTO_EX_INDEX_UI 11
+#define CRYPTO_EX_INDEX_BIO 12
+#define CRYPTO_EX_INDEX_APP 13
+#define CRYPTO_EX_INDEX_UI_METHOD 14
+#define CRYPTO_EX_INDEX_DRBG 15
+#define CRYPTO_EX_INDEX__COUNT 16
+
+#if defined(HAVE_EX_DATA) || defined(FORTRESS)
+typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr,
+ WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
+typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out,
+ WOLFSSL_CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV, void* arg);
+typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr,
+ WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
+
+WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg,
+ WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
+ WOLFSSL_CRYPTO_EX_free* c);
+
+#endif
+
+WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int,
+ VerifyCallback verify_callback);
+
+#ifdef OPENSSL_ALL
+typedef int (*CertVerifyCallback)(WOLFSSL_X509_STORE_CTX* store, void* arg);
+WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
+ CertVerifyCallback cb, void* arg);
+#endif
+
+WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
+WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long);
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+ defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL*);
+WOLFSSL_API int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX*, int);
+WOLFSSL_API int wolfSSL_set_post_handshake_auth(WOLFSSL*, int);
+#endif
+
+WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*);
+
+WOLFSSL_API void wolfSSL_load_error_strings(void);
+WOLFSSL_API int wolfSSL_library_init(void);
+WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*,
+ long);
+
+#ifdef HAVE_SECRET_CALLBACK
+typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz,
+ void* ctx);
+WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb,
+ void*);
+#ifdef WOLFSSL_TLS13
+typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret,
+ int secretSz, void* ctx);
+WOLFSSL_API int wolfSSL_set_tls13_secret_cb(WOLFSSL*, Tls13SecretCb, void*);
+#endif
+#endif /* HAVE_SECRET_CALLBACK */
+
+/* session cache persistence */
+WOLFSSL_API int wolfSSL_save_session_cache(const char*);
+WOLFSSL_API int wolfSSL_restore_session_cache(const char*);
+WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int);
+WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int);
+WOLFSSL_API int wolfSSL_get_session_cache_memsize(void);
+
+/* certificate cache persistence, uses ctx since certs are per ctx */
+WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*);
+WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*);
+WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*);
+WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int);
+WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*);
+
+/* only supports full name from cipher_name[] delimited by : */
+WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*);
+WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*);
+
+#ifdef HAVE_KEYING_MATERIAL
+/* Keying Material Exporter for TLS */
+WOLFSSL_API int wolfSSL_export_keying_material(WOLFSSL *ssl,
+ unsigned char *out, size_t outLen,
+ const char *label, size_t labelLen,
+ const unsigned char *context, size_t contextLen,
+ int use_context);
+#endif /* HAVE_KEYING_MATERIAL */
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+
+typedef enum {
+ WOLFSSL_NETFILTER_PASS = 0,
+ WOLFSSL_NETFILTER_ACCEPT = 1,
+ WOLFSSL_NETFILTER_REJECT = 2
+} wolfSSL_netfilter_decision_t;
+
+typedef int (*NetworkFilterCallback_t)(
+ WOLFSSL *ssl,
+ void *AcceptFilter_arg,
+ wolfSSL_netfilter_decision_t *decision);
+WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(
+ WOLFSSL_CTX *ctx,
+ NetworkFilterCallback_t AcceptFilter,
+ void *AcceptFilter_arg);
+WOLFSSL_API int wolfSSL_set_AcceptFilter(
+ WOLFSSL *ssl,
+ NetworkFilterCallback_t AcceptFilter,
+ void *AcceptFilter_arg);
+WOLFSSL_API int wolfSSL_CTX_set_ConnectFilter(
+ WOLFSSL_CTX *ctx,
+ NetworkFilterCallback_t ConnectFilter,
+ void *ConnectFilter_arg);
+WOLFSSL_API int wolfSSL_set_ConnectFilter(
+ WOLFSSL *ssl,
+ NetworkFilterCallback_t ConnectFilter,
+ void *ConnectFilter_arg);
+
+#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
+
+/* Nonblocking DTLS helper functions */
+WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*);
+#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock
+#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock
+ /* The old names are deprecated. */
+WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl,
+ WOLFSSL_TIMEVAL* timeleft);
+WOLFSSL_API void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl,
+ word32 duration_ms);
+WOLFSSL_API int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl);
+
+WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
+WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
+WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_dtls_retransmit(WOLFSSL*);
+WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
+
+WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
+WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
+
+WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*);
+WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*);
+WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
+WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
+
+WOLFSSL_API int wolfSSL_dtls_get_drop_stats(WOLFSSL*,
+ unsigned int*, unsigned int*);
+WOLFSSL_API int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX*, unsigned short);
+WOLFSSL_API int wolfSSL_set_secret(WOLFSSL*, unsigned short,
+ const unsigned char*, unsigned int,
+ const unsigned char*, const unsigned char*,
+ const unsigned char*);
+WOLFSSL_API int wolfSSL_mcast_read(WOLFSSL*, unsigned short*, void*, int);
+WOLFSSL_API int wolfSSL_mcast_peer_add(WOLFSSL*, unsigned short, int);
+WOLFSSL_API int wolfSSL_mcast_peer_known(WOLFSSL*, unsigned short);
+WOLFSSL_API int wolfSSL_mcast_get_max_peers(void);
+typedef int (*CallbackMcastHighwater)(unsigned short peerId,
+ unsigned int maxSeq,
+ unsigned int curSeq, void* ctx);
+WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*,
+ unsigned int,
+ unsigned int,
+ unsigned int,
+ CallbackMcastHighwater);
+WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*);
+
+WOLFSSL_API int wolfSSL_ERR_GET_LIB(unsigned long err);
+WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err);
+WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
+WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
+ unsigned long sz);
+WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
+
+/* extras */
+
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
+WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
+WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk);
+WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
+WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
+
+#if defined(HAVE_OCSP)
+#include "wolfssl/ocsp.h"
+#include "wolfssl/wolfcrypt/asn.h"
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push(
+ WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
+ WOLFSSL_ACCESS_DESCRIPTION* access);
+#endif /* defined(OPENSSL_ALL) || defined(WOLFSSL_QT) */
+
+typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
+
+WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
+ WOLFSSL_X509* x509);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
+WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
+WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void);
+WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn);
+WOLFSSL_API WOLFSSL_GENERAL_NAMES* wolfSSL_GENERAL_NAMES_dup(
+ WOLFSSL_GENERAL_NAMES* gns);
+WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
+ WOLFSSL_GENERAL_NAME* gn);
+WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(
+ WOLFSSL_STACK* sk, int i);
+WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
+WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
+ void (*f) (WOLFSSL_GENERAL_NAME*));
+WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk);
+WOLFSSL_API void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES* name);
+WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk);
+WOLFSSL_API void wolfSSL_AUTHORITY_INFO_ACCESS_free(
+ WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk);
+WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value(
+ WOLFSSL_STACK* sk, int idx);
+WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk);
+WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk,
+ void (*f) (WOLFSSL_ACCESS_DESCRIPTION*));
+WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access);
+WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
+ WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
+ void (*f) (WOLFSSL_X509_EXTENSION*));
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
+WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void);
+WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
+ WOLFSSL_ASN1_OBJECT* obj);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
+ WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
+WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
+WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free(
+ WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
+ void (*f)(WOLFSSL_ASN1_OBJECT*));
+WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
+WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
+WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
+WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
+ WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
+WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
+ WOLFSSL* ssl,
+ int idx,
+ void* data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
+WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int);
+WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
+ unsigned int);
+WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
+WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
+WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
+WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
+WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
+WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
+ const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
+
+WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*);
+WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
+WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
+WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
+WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
+WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session);
+WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*);
+WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
+ /* what's ref count */
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
+#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)
+WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
+WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey);
+#endif
+
+WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
+ char** path, int* ssl);
+
+WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void);
+WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void);
+WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void);
+
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(const WOLFSSL_BIO_METHOD*);
+#else
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*);
+#endif
+WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*);
+WOLFSSL_API void wolfSSL_BIO_vfree(WOLFSSL_BIO*);
+WOLFSSL_API void wolfSSL_BIO_free_all(WOLFSSL_BIO*);
+WOLFSSL_API int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz);
+WOLFSSL_API int wolfSSL_BIO_puts(WOLFSSL_BIO* bio, const char* buf);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_find_type(WOLFSSL_BIO* bio, int type);
+WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int);
+WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*);
+WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*);
+WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*);
+WOLFSSL_API void wolfSSL_BIO_set_callback(WOLFSSL_BIO *bio,
+ wolf_bio_info_cb callback_func);
+WOLFSSL_API wolf_bio_info_cb wolfSSL_BIO_get_callback(WOLFSSL_BIO *bio);
+WOLFSSL_API void wolfSSL_BIO_set_callback_arg(WOLFSSL_BIO *bio, char *arg);
+WOLFSSL_API char* wolfSSL_BIO_get_callback_arg(const WOLFSSL_BIO *bio);
+
+WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_md(void);
+WOLFSSL_API int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio,
+ WOLFSSL_EVP_MD_CTX **mdcp);
+
+WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
+WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size);
+WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag);
+WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*);
+
+WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
+WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
+WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags);
+WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_BIO_set_ex_data_with_cleanup(
+ WOLFSSL_BIO *bio,
+ int idx,
+ void *data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+WOLFSSL_API void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx);
+WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long);
+
+WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p);
+
+WOLFSSL_API void wolfSSL_BIO_set_init(WOLFSSL_BIO*, int);
+WOLFSSL_API void wolfSSL_BIO_set_data(WOLFSSL_BIO*, void*);
+WOLFSSL_API void* wolfSSL_BIO_get_data(WOLFSSL_BIO*);
+WOLFSSL_API void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO*, int);
+WOLFSSL_API int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO*);
+WOLFSSL_API void wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO*);
+WOLFSSL_API int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio);
+
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int, const char*);
+WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD*);
+WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_write_cb);
+WOLFSSL_API int wolfSSL_BIO_meth_set_read(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_read_cb);
+WOLFSSL_API int wolfSSL_BIO_meth_set_puts(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_puts_cb);
+WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_gets_cb);
+WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ctrl_get_cb);
+WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_create_cb);
+WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_destroy_cb);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len);
+
+WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag);
+#ifndef NO_FILESYSTEM
+WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
+#endif
+WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
+WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
+
+#ifndef NO_FILESYSTEM
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);
+WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag);
+#endif
+
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
+
+WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
+WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port);
+WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b);
+
+WOLFSSL_API long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b);
+
+WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
+WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
+
+WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size);
+WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2);
+WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b);
+WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
+WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
+WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
+WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
+
+WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
+WOLFSSL_API int wolfSSL_BIO_tell(WOLFSSL_BIO* bio);
+WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
+WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
+WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
+WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio);
+
+WOLFSSL_API void wolfSSL_RAND_screen(void);
+WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
+WOLFSSL_API int wolfSSL_RAND_write_file(const char*);
+WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long);
+WOLFSSL_API int wolfSSL_RAND_egd(const char*);
+WOLFSSL_API int wolfSSL_RAND_seed(const void*, int);
+WOLFSSL_API void wolfSSL_RAND_Cleanup(void);
+WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double);
+WOLFSSL_API int wolfSSL_RAND_poll(void);
+
+WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
+WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
+WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*);
+
+WOLFSSL_API unsigned long wolfSSL_thread_id(void);
+WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
+WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*,
+ int));
+WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)
+ (const char*, int));
+WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int,
+ WOLFSSL_dynlock_value*, const char*, int));
+WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f)
+ (WOLFSSL_dynlock_value*, const char*, int));
+WOLFSSL_API int wolfSSL_num_locks(void);
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
+ WOLFSSL_X509_STORE_CTX*);
+WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*);
+WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*);
+
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
+ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
+WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
+ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
+WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
+ unsigned char** out);
+WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name,
+ unsigned char** out);
+WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
+ unsigned char **in, long length);
+#ifndef NO_RSA
+WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset);
+#endif
+WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
+ unsigned long nmflags, unsigned long cflag);
+#ifndef NO_FILESYSTEM
+WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509);
+#endif
+WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
+ const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig);
+WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig,
+ const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509);
+WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
+WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*,
+ char*, int);
+#if defined(OPENSSL_EXTRA) && defined(XSNPRINTF)
+WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
+#endif
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
+ WOLFSSL_X509*);
+WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
+ WOLFSSL_X509*);
+WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
+WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
+WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
+WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
+WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*);
+WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
+ WOLFSSL_X509*, unsigned char*, int*);
+WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
+ WOLFSSL_X509*, unsigned char*, int*);
+
+WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
+#endif
+WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*,
+ WOLFSSL_X509_NAME*);
+WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*,
+ WOLFSSL_X509_NAME*);
+WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
+WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509,
+ const WOLFSSL_ASN1_TIME* t);
+WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509,
+ const WOLFSSL_ASN1_TIME* t);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509,
+ WOLFSSL_ASN1_INTEGER* s);
+WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v);
+WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
+ const WOLFSSL_EVP_MD* md);
+WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx);
+
+
+WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
+WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(
+ WOLFSSL_X509_NAME*, int, char*, int);
+WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
+ WOLFSSL_X509_NAME*, int, int);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
+
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
+WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
+WOLFSSL_API int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b);
+WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1);
+WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
+ const void* data, int dataSz);
+WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
+WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data(
+ const WOLFSSL_ASN1_STRING*);
+WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
+WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
+ const WOLFSSL_ASN1_STRING* src);
+WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
+WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
+WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*);
+WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509*, unsigned char*,
+ int*);
+WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509);
+
+WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long);
+WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*,
+ long);
+WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void);
+WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void);
+WOLFSSL_API int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
+ const char *argc, long argl, char **ret);
+
+WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*,
+ WOLFSSL_X509_LOOKUP_METHOD*);
+WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void);
+WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*);
+WOLFSSL_API int wolfSSL_X509_STORE_add_cert(
+ WOLFSSL_X509_STORE*, WOLFSSL_X509*);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
+ WOLFSSL_X509_STORE_CTX* ctx);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
+ WOLFSSL_X509_STORE_CTX* ctx);
+WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
+ WOLFSSL_X509_STORE_CTX *ctx);
+WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
+ unsigned long flag);
+WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
+WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*,
+ int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*);
+WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
+WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*,
+ WOLFSSL_X509_STORE*, WOLFSSL_X509*, WOLF_STACK_OF(WOLFSSL_X509)*);
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*);
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx,
+ WOLF_STACK_OF(WOLFSSL_X509) *sk);
+
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
+
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
+WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
+WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
+ WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
+ WOLFSSL_EVP_PKEY** out);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
+ const unsigned char** in, long inSz);
+WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
+ WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
+ unsigned char** in, long inSz);
+WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key,
+ unsigned char** der);
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
+ const WOLFSSL_EVP_PKEY* pkey,
+ int indent, WOLFSSL_ASN1_PCTX* pctx);
+#endif /* OPENSSL_EXTRA */
+WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime,
+ time_t *cmpTime);
+WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime,
+ int offset_day, long offset_sec, time_t *in_tm);
+WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime,
+ long offset_sec, time_t *in_tm);
+WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
+ unsigned long flags,
+ time_t t);
+WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void);
+WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set_flags(WOLFSSL_X509_VERIFY_PARAM *param,
+ unsigned long flags);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_get_flags(WOLFSSL_X509_VERIFY_PARAM *param);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
+ unsigned long flags);
+WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_set_hostflags(
+ WOLFSSL_X509_VERIFY_PARAM* param, unsigned int flags);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
+ const char* name,
+ unsigned int nameSz);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(
+ WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
+ const WOLFSSL_X509_VERIFY_PARAM* from);
+WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
+ const char *file, int type);
+WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
+ const char *file, int type);
+#endif
+WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
+WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
+ WOLFSSL_X509_REVOKED*,int);
+WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
+WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*);
+WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void);
+WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(
+ const WOLFSSL_ASN1_INTEGER* src);
+WOLFSSL_API int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v);
+
+WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
+
+WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t,
+ char* buf, int len);
+WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*,
+ const WOLFSSL_ASN1_INTEGER*);
+WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*);
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
+ WOLFSSL_BIGNUM *bn);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t,
+ int, long);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void);
+WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t);
+#endif
+
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
+ const WOLFSSL_CTX *s);
+/* deprecated function name */
+#define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list
+
+WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
+ WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
+ const WOLFSSL* ssl);
+
+typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509,
+ WOLFSSL_EVP_PKEY **pkey);
+WOLFSSL_API void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb);
+
+WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(
+ WOLFSSL_X509_STORE_CTX* ctx, int idx);
+WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx,
+ int idx, void *data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
+ WOLFSSL_X509_STORE_CTX* ctx,
+ int idx,
+ void *data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+WOLFSSL_API void* wolfSSL_X509_STORE_get_ex_data(
+ WOLFSSL_X509_STORE* store, int idx);
+WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store,
+ int idx, void *data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
+ WOLFSSL_X509_STORE* store,
+ int idx,
+ void *data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx,
+ int depth);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
+ WOLFSSL_X509_STORE_CTX* ctx);
+WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store(
+ WOLFSSL_X509_STORE_CTX* ctx);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert(
+ WOLFSSL_X509_STORE_CTX*);
+WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void);
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(
+ WOLFSSL_X509_STORE_CTX* ctx, int er);
+void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
+ int depth);
+WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int);
+
+WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
+ void* userdata);
+WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*,
+ pem_password_cb*);
+WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
+WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
+
+WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
+ void (*)(const WOLFSSL* ssl, int type, int val));
+
+WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
+WOLFSSL_API int wolfSSL_GET_REASON(int);
+
+WOLFSSL_API const char* wolfSSL_alert_type_string_long(int);
+WOLFSSL_API const char* wolfSSL_alert_desc_string_long(int);
+WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*);
+
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
+ void(*)(int, int, void*), void*);
+WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r,
+ const unsigned char **pp, long len);
+WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**,
+ const unsigned char**, long);
+WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp);
+WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *,
+ WOLFSSL_RSA *(*)(WOLFSSL *, int, int));
+
+WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key);
+
+WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*);
+WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*);
+
+WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*);
+WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long);
+WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*);
+
+WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*);
+WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*);
+WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v);
+WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg);
+WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
+ WOLFSSL_CTX*, void* arg);
+WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
+WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
+WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
+
+WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
+
+WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
+WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
+WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
+WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
+WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
+WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
+WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
+WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
+WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
+WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
+WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg);
+WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg);
+WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg);
+WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp);
+WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len);
+
+WOLFSSL_API void wolfSSL_CONF_modules_unload(int all);
+WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void);
+WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
+WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
+
+#define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */
+
+/* These are bit-masks */
+enum {
+ WOLFSSL_OCSP_URL_OVERRIDE = 1,
+ WOLFSSL_OCSP_NO_NONCE = 2,
+ WOLFSSL_OCSP_CHECKALL = 4,
+
+ WOLFSSL_CRL_CHECKALL = 1,
+ WOLFSSL_CRL_CHECK = 2,
+};
+
+/* Separated out from other enums because of size */
+enum {
+ SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
+ SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002,
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004,
+ SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008,
+ SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010,
+ SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020,
+ SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040,
+ SSL_OP_TLS_D5_BUG = 0x00000080,
+ SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100,
+ SSL_OP_TLS_ROLLBACK_BUG = 0x00000200,
+ SSL_OP_EPHEMERAL_RSA = 0x00000800,
+ WOLFSSL_OP_NO_SSLv3 = 0x00001000,
+ WOLFSSL_OP_NO_TLSv1 = 0x00002000,
+ SSL_OP_PKCS1_CHECK_1 = 0x00004000,
+ SSL_OP_PKCS1_CHECK_2 = 0x00008000,
+ SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000,
+ SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000,
+ SSL_OP_SINGLE_DH_USE = 0x00040000,
+ SSL_OP_NO_TICKET = 0x00080000,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000,
+ SSL_OP_NO_QUERY_MTU = 0x00200000,
+ SSL_OP_COOKIE_EXCHANGE = 0x00400000,
+ SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
+ SSL_OP_SINGLE_ECDH_USE = 0x01000000,
+ SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000,
+ WOLFSSL_OP_NO_TLSv1_1 = 0x04000000,
+ WOLFSSL_OP_NO_TLSv1_2 = 0x08000000,
+ SSL_OP_NO_COMPRESSION = 0x10000000,
+ WOLFSSL_OP_NO_TLSv1_3 = 0x20000000,
+ WOLFSSL_OP_NO_SSLv2 = 0x40000000,
+ SSL_OP_ALL =
+ (SSL_OP_MICROSOFT_SESS_ID_BUG
+ | SSL_OP_NETSCAPE_CHALLENGE_BUG
+ | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+ | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+ | SSL_OP_MSIE_SSLV2_RSA_PADDING
+ | SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+ | SSL_OP_TLS_D5_BUG
+ | SSL_OP_TLS_BLOCK_PADDING_BUG
+ | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ | SSL_OP_TLS_ROLLBACK_BUG),
+};
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+ defined(HAVE_WEBSERVER)
+/* for compatibility these must be macros */
+#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
+#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3
+#define SSL_OP_NO_TLSv1 WOLFSSL_OP_NO_TLSv1
+#define SSL_OP_NO_TLSv1_1 WOLFSSL_OP_NO_TLSv1_1
+#define SSL_OP_NO_TLSv1_2 WOLFSSL_OP_NO_TLSv1_2
+#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD)) /* apache uses this to determine if TLS 1.3 is enabled */
+#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3
+#endif
+
+#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \
+ SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3)
+
+#define SSL_NOTHING 1
+#define SSL_WRITING 2
+#define SSL_READING 3
+
+enum {
+#ifdef HAVE_OCSP
+ /* OCSP Flags */
+ OCSP_NOCERTS = 1,
+ OCSP_NOINTERN = 2,
+ OCSP_NOSIGS = 4,
+ OCSP_NOCHAIN = 8,
+ OCSP_NOVERIFY = 16,
+ OCSP_NOEXPLICIT = 32,
+ OCSP_NOCASIGN = 64,
+ OCSP_NODELEGATED = 128,
+ OCSP_NOCHECKS = 256,
+ OCSP_TRUSTOTHER = 512,
+ OCSP_RESPID_KEY = 1024,
+ OCSP_NOTIME = 2048,
+
+ /* OCSP Types */
+ OCSP_CERTID = 2,
+ OCSP_REQUEST = 4,
+ OCSP_RESPONSE = 8,
+ OCSP_BASICRESP = 16,
+#endif
+
+ ASN1_GENERALIZEDTIME = 4,
+ SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
+
+ SSL_ST_CONNECT = 0x1000,
+ SSL_ST_ACCEPT = 0x2000,
+ SSL_ST_MASK = 0x0FFF,
+
+ SSL_CB_LOOP = 0x01,
+ SSL_CB_EXIT = 0x02,
+ SSL_CB_READ = 0x04,
+ SSL_CB_WRITE = 0x08,
+ SSL_CB_HANDSHAKE_START = 0x10,
+ SSL_CB_HANDSHAKE_DONE = 0x20,
+ SSL_CB_ALERT = 0x4000,
+ SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
+ SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
+ SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
+ SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
+ SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
+ SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
+ SSL_CB_MODE_READ = 1,
+ SSL_CB_MODE_WRITE = 2,
+
+ SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
+ SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to block with blocking io
+ * and auto retry */
+ SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
+
+ BIO_CLOSE = 1,
+ BIO_NOCLOSE = 0,
+
+ X509_FILETYPE_PEM = 8,
+ X509_LU_X509 = 9,
+ X509_LU_CRL = 12,
+
+ X509_V_OK = 0,
+ X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
+ X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
+ X509_V_ERR_CRL_HAS_EXPIRED = 15,
+ X509_V_ERR_CERT_REVOKED = 16,
+ X509_V_ERR_CERT_CHAIN_TOO_LONG = 17,
+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18,
+ X509_V_ERR_CERT_NOT_YET_VALID = 19,
+ X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
+ X509_V_ERR_CERT_HAS_EXPIRED = 21,
+ X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
+ X509_V_ERR_CERT_REJECTED = 23,
+ /* Required for Nginx */
+ X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 24,
+ X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 25,
+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 26,
+ X509_V_ERR_CERT_UNTRUSTED = 27,
+ X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 28,
+ X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29,
+ /* additional X509_V_ERR_* enums not used in wolfSSL */
+ X509_V_ERR_UNABLE_TO_GET_CRL,
+ X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
+ X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
+ X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
+ X509_V_ERR_CERT_SIGNATURE_FAILURE,
+ X509_V_ERR_CRL_NOT_YET_VALID,
+ X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
+ X509_V_ERR_OUT_OF_MEM,
+ X509_V_ERR_INVALID_CA,
+ X509_V_ERR_PATH_LENGTH_EXCEEDED,
+ X509_V_ERR_INVALID_PURPOSE,
+ X509_V_ERR_AKID_SKID_MISMATCH,
+ X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
+ X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
+ X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER,
+ X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION,
+ X509_V_ERR_KEYUSAGE_NO_CRL_SIGN,
+ X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
+ X509_V_ERR_INVALID_NON_CA,
+ X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED,
+ X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE,
+ X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED,
+ X509_V_ERR_INVALID_EXTENSION,
+ X509_V_ERR_INVALID_POLICY_EXTENSION,
+ X509_V_ERR_NO_EXPLICIT_POLICY,
+ X509_V_ERR_UNNESTED_RESOURCE,
+ X509_V_ERR_APPLICATION_VERIFICATION,
+
+ X509_R_CERT_ALREADY_IN_HASH_TABLE,
+
+ CRYPTO_LOCK = 1,
+ CRYPTO_NUM_LOCKS = 10,
+
+ ASN1_STRFLGS_ESC_MSB = 4
+};
+#endif
+
+/* extras end */
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+/* wolfSSL extension, provide last error from SSL_get_error
+ since not using thread storage error queue */
+#ifdef FUSION_RTOS
+ #include <fclstdio.h>
+#else
+ #include <stdio.h>
+#endif
+WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err);
+#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
+WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp);
+WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str,
+ size_t len, void *u), void *u);
+#endif
+#endif
+WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
+
+
+#ifndef NO_OLD_SSL_NAMES
+ #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
+ #define SSL_FAILURE WOLFSSL_FAILURE
+ #define SSL_SUCCESS WOLFSSL_SUCCESS
+ #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE
+
+ #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND
+ #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE
+ #define SSL_BAD_STAT WOLFSSL_BAD_STAT
+ #define SSL_BAD_PATH WOLFSSL_BAD_PATH
+ #define SSL_BAD_FILETYPE WOLFSSL_BAD_FILETYPE
+ #define SSL_BAD_FILE WOLFSSL_BAD_FILE
+ #define SSL_NOT_IMPLEMENTED WOLFSSL_NOT_IMPLEMENTED
+ #define SSL_UNKNOWN WOLFSSL_UNKNOWN
+ #define SSL_FATAL_ERROR WOLFSSL_FATAL_ERROR
+
+ #define SSL_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1
+ #define SSL_FILETYPE_PEM WOLFSSL_FILETYPE_PEM
+ #define SSL_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT
+ #define SSL_FILETYPE_RAW WOLFSSL_FILETYPE_RAW
+
+ #define SSL_VERIFY_NONE WOLFSSL_VERIFY_NONE
+ #define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER
+ #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT
+ #define SSL_VERIFY_CLIENT_ONCE WOLFSSL_VERIFY_CLIENT_ONCE
+ #define SSL_VERIFY_FAIL_EXCEPT_PSK WOLFSSL_VERIFY_FAIL_EXCEPT_PSK
+
+ #define SSL_SESS_CACHE_OFF WOLFSSL_SESS_CACHE_OFF
+ #define SSL_SESS_CACHE_CLIENT WOLFSSL_SESS_CACHE_CLIENT
+ #define SSL_SESS_CACHE_SERVER WOLFSSL_SESS_CACHE_SERVER
+ #define SSL_SESS_CACHE_BOTH WOLFSSL_SESS_CACHE_BOTH
+ #define SSL_SESS_CACHE_NO_AUTO_CLEAR WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR
+ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+ #define SSL_SESS_CACHE_NO_INTERNAL_STORE WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE
+ #define SSL_SESS_CACHE_NO_INTERNAL WOLFSSL_SESS_CACHE_NO_INTERNAL
+
+ #define SSL_ERROR_WANT_READ WOLFSSL_ERROR_WANT_READ
+ #define SSL_ERROR_WANT_WRITE WOLFSSL_ERROR_WANT_WRITE
+ #define SSL_ERROR_WANT_CONNECT WOLFSSL_ERROR_WANT_CONNECT
+ #define SSL_ERROR_WANT_ACCEPT WOLFSSL_ERROR_WANT_ACCEPT
+ #define SSL_ERROR_SYSCALL WOLFSSL_ERROR_SYSCALL
+ #define SSL_ERROR_WANT_X509_LOOKUP WOLFSSL_ERROR_WANT_X509_LOOKUP
+ #define SSL_ERROR_ZERO_RETURN WOLFSSL_ERROR_ZERO_RETURN
+ #define SSL_ERROR_SSL WOLFSSL_ERROR_SSL
+
+ #define SSL_SENT_SHUTDOWN WOLFSSL_SENT_SHUTDOWN
+ #define SSL_RECEIVED_SHUTDOWN WOLFSSL_RECEIVED_SHUTDOWN
+ #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+
+ #define SSL_R_SSL_HANDSHAKE_FAILURE WOLFSSL_R_SSL_HANDSHAKE_FAILURE
+ #define SSL_R_TLSV1_ALERT_UNKNOWN_CA WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA
+ #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
+ #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE
+
+ #define PEM_BUFSIZE WOLF_PEM_BUFSIZE
+#endif
+
+enum { /* ssl Constants */
+ WOLFSSL_ERROR_NONE = 0, /* for most functions */
+ WOLFSSL_FAILURE = 0, /* for some functions */
+ WOLFSSL_SUCCESS = 1,
+ WOLFSSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */
+
+ WOLFSSL_ALPN_NOT_FOUND = -9,
+ WOLFSSL_BAD_CERTTYPE = -8,
+ WOLFSSL_BAD_STAT = -7,
+ WOLFSSL_BAD_PATH = -6,
+ WOLFSSL_BAD_FILETYPE = -5,
+ WOLFSSL_BAD_FILE = -4,
+ WOLFSSL_NOT_IMPLEMENTED = -3,
+ WOLFSSL_UNKNOWN = -2,
+ WOLFSSL_FATAL_ERROR = -1,
+
+ WOLFSSL_FILETYPE_ASN1 = 2,
+ WOLFSSL_FILETYPE_PEM = 1,
+ WOLFSSL_FILETYPE_DEFAULT = 2, /* ASN1 */
+ WOLFSSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
+
+ WOLFSSL_VERIFY_NONE = 0,
+ WOLFSSL_VERIFY_PEER = 1,
+ WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
+ WOLFSSL_VERIFY_CLIENT_ONCE = 4,
+ WOLFSSL_VERIFY_FAIL_EXCEPT_PSK = 8,
+
+ WOLFSSL_SESS_CACHE_OFF = 0x0000,
+ WOLFSSL_SESS_CACHE_CLIENT = 0x0001,
+ WOLFSSL_SESS_CACHE_SERVER = 0x0002,
+ WOLFSSL_SESS_CACHE_BOTH = 0x0003,
+ WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR = 0x0008,
+ WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 0x0100,
+ WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE = 0x0200,
+ WOLFSSL_SESS_CACHE_NO_INTERNAL = 0x0300,
+
+ WOLFSSL_ERROR_WANT_READ = 2,
+ WOLFSSL_ERROR_WANT_WRITE = 3,
+ WOLFSSL_ERROR_WANT_CONNECT = 7,
+ WOLFSSL_ERROR_WANT_ACCEPT = 8,
+ WOLFSSL_ERROR_SYSCALL = 5,
+ WOLFSSL_ERROR_WANT_X509_LOOKUP = 83,
+ WOLFSSL_ERROR_ZERO_RETURN = 6,
+ WOLFSSL_ERROR_SSL = 85,
+
+ WOLFSSL_SENT_SHUTDOWN = 1,
+ WOLFSSL_RECEIVED_SHUTDOWN = 2,
+ WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
+
+ WOLFSSL_R_SSL_HANDSHAKE_FAILURE = 101,
+ WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA = 102,
+ WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
+ WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104,
+
+ WOLF_PEM_BUFSIZE = 1024
+};
+
+#ifndef NO_PSK
+ typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
+ unsigned int, unsigned char*, unsigned int);
+ WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*,
+ wc_psk_client_callback);
+ WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
+ wc_psk_client_callback);
+ #ifdef OPENSSL_EXTRA
+ typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl,
+ const WOLFSSL_EVP_MD* md, const unsigned char **id,
+ size_t* idlen, WOLFSSL_SESSION **sess);
+ WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
+ wc_psk_use_session_cb_func cb);
+ #endif
+#ifdef WOLFSSL_TLS13
+ typedef unsigned int (*wc_psk_client_cs_callback)(WOLFSSL*, const char*,
+ char*, unsigned int, unsigned char*, unsigned int, const char*);
+ WOLFSSL_API void wolfSSL_CTX_set_psk_client_cs_callback(WOLFSSL_CTX*,
+ wc_psk_client_cs_callback);
+ WOLFSSL_API void wolfSSL_set_psk_client_cs_callback(WOLFSSL*,
+ wc_psk_client_cs_callback);
+
+ typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
+ char*, unsigned int, unsigned char*, unsigned int, const char**);
+ WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX*,
+ wc_psk_client_tls13_callback);
+ WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL*,
+ wc_psk_client_tls13_callback);
+#endif
+
+ WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
+ WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*);
+
+ WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*);
+ WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*);
+
+ typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
+ unsigned char*, unsigned int);
+ WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*,
+ wc_psk_server_callback);
+ WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*,
+ wc_psk_server_callback);
+#ifdef WOLFSSL_TLS13
+ typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
+ unsigned char*, unsigned int, const char**);
+ WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX*,
+ wc_psk_server_tls13_callback);
+ WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*,
+ wc_psk_server_tls13_callback);
+#endif
+ WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL*);
+ WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL*, void*);
+
+ WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX*);
+ WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX*, void*);
+
+ #define PSK_TYPES_DEFINED
+
+#ifdef WOLFSSL_TLS13
+ WOLFSSL_API const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl,
+ const char* hash);
+#endif
+#endif /* NO_PSK */
+
+
+#ifdef HAVE_ANON
+ WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
+#endif /* HAVE_ANON */
+
+
+/* extra begins */
+#ifdef OPENSSL_EXTRA
+enum { /* ERR Constants */
+ ERR_TXT_STRING = 1
+};
+
+/* bio misc */
+enum {
+ WOLFSSL_BIO_ERROR = -1,
+ WOLFSSL_BIO_UNSET = -2,
+ WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */
+};
+#endif
+
+WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err,
+ const char* file, int line);
+WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line(const char**, int*);
+WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*,
+ const char**, int *);
+
+WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void);
+WOLFSSL_API void wolfSSL_ERR_clear_error(void);
+
+
+WOLFSSL_API int wolfSSL_RAND_status(void);
+WOLFSSL_API int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num);
+WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num);
+WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
+WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
+WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
+WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
+
+#if !defined(NO_CHECK_PRIVATE_KEY)
+ WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
+#endif
+WOLFSSL_API void wolfSSL_ERR_free_strings(void);
+WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
+WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl);
+
+WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void);
+WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode);
+WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx);
+WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m);
+WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);
+
+
+WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
+WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
+ const unsigned char*, unsigned int);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
+#endif
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_want(WOLFSSL*);
+#endif
+WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
+WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
+
+#if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA)
+#include <stdarg.h> /* var_arg */
+WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format,
+ va_list args);
+#endif
+WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...);
+WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char*, int);
+WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*,
+ const WOLFSSL_ASN1_UTCTIME*);
+WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*,
+ const WOLFSSL_ASN1_GENERALIZEDTIME*);
+WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*);
+WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME*);
+WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
+ const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
+WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
+#endif
+
+WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
+WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
+
+#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL)
+
+WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
+ int idx);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
+ WOLFSSL_CRYPTO_EX_DATA* ex_data,
+ int idx,
+ void *data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
+ void *data);
+#endif
+
+/* stunnel 4.28 needs */
+WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
+WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
+ WOLFSSL_CTX* ctx,
+ int idx,
+ void* data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
+ WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
+WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
+ int (*f)(WOLFSSL*, WOLFSSL_SESSION*));
+WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*,
+ void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*));
+
+WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**,
+ const unsigned char**, long);
+
+WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
+WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
+WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
+
+
+/* extra ends */
+
+
+/* wolfSSL extensions */
+
+/* call before SSL_connect, if verifying will add name check to
+ date check and signature check */
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL*, const char*);
+
+/* need to call once to load library (session cache) */
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
+/* call when done to cleanup/free session cache mutex / resources */
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
+
+/* which library version do we have */
+WOLFSSL_API const char* wolfSSL_lib_version(void);
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+WOLFSSL_API const char* wolfSSL_OpenSSL_version(int a);
+#else
+WOLFSSL_API const char* wolfSSL_OpenSSL_version(void);
+#endif
+/* which library version do we have in hex */
+WOLFSSL_API word32 wolfSSL_lib_version_hex(void);
+
+/* do accept or connect depedning on side */
+WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl);
+/* turn on wolfSSL data compression */
+WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl);
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int);
+WOLFSSL_API void wolfSSL_CTX_set_current_time_cb(WOLFSSL_CTX* ctx,
+ void (*cb)(const WOLFSSL* ssl, WOLFSSL_TIMEVAL* out_clock));
+
+/* get wolfSSL peer X509_CHAIN */
+WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+WOLFSSL_API int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl);
+/* get wolfSSL alternate peer X509_CHAIN */
+WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl);
+#endif
+/* peer chain count */
+WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
+/* index cert length */
+WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx);
+/* index cert */
+WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx);
+/* index cert in X509 */
+WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx);
+/* free X509 */
+#define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509))
+WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*);
+/* get index cert in PEM */
+WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx,
+ unsigned char* buf, int inLen, int* outLen);
+WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(
+ const WOLFSSL_SESSION* s);
+WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*);
+WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
+WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*);
+WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*);
+WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509*);
+WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
+
+WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
+
+WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_X509_add_altname_ex(WOLFSSL_X509*, const char*, word32, int);
+WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int);
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
+ const unsigned char** in, int len);
+WOLFSSL_API WOLFSSL_X509*
+ wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API WOLFSSL_X509*
+ wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
+#endif
+WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
+ const unsigned char *in, int len);
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
+ WOLFSSL_X509_CRL **crl);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
+#endif
+WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
+
+#ifndef NO_FILESYSTEM
+ #ifndef NO_STDIO_FILESYSTEM
+ WOLFSSL_API WOLFSSL_X509*
+ wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
+ #endif
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
+ wolfSSL_X509_load_certificate_file(const char* fname, int format);
+#endif
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
+ const unsigned char* buf, int sz, int format);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
+ const unsigned char* buf, int sz, int format);
+#endif
+
+#ifdef WOLFSSL_SEP
+ WOLFSSL_API unsigned char*
+ wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*);
+ WOLFSSL_API unsigned char*
+ wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*);
+ WOLFSSL_API unsigned char*
+ wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*);
+#endif
+
+/* connect enough to get peer cert */
+WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl);
+
+
+
+/* PKCS12 compatibility */
+typedef struct WC_PKCS12 WC_PKCS12;
+WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
+ WC_PKCS12** pkcs12);
+WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
+ WOLFSSL_X509_PKCS12** pkcs12);
+#endif
+WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
+ WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
+ WOLF_STACK_OF(WOLFSSL_X509)** ca);
+WOLFSSL_API int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
+ int pswLen);
+WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
+ WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
+ WOLF_STACK_OF(WOLFSSL_X509)* ca,
+ int keyNID, int certNID, int itt, int macItt, int keytype);
+WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
+
+
+
+#ifndef NO_DH
+/* server Diffie-Hellman parameters */
+WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
+ const unsigned char* g, int gSz);
+WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
+ int format);
+WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int);
+#ifndef NO_FILESYSTEM
+ WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
+#endif
+
+/* server ctx Diffie-Hellman parameters */
+WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
+ int pSz, const unsigned char* g, int gSz);
+WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
+ long sz, int format);
+
+#ifndef NO_FILESYSTEM
+ WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
+ int format);
+#endif
+
+WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, word16);
+WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, word16);
+WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX*, word16);
+WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL*, word16);
+WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
+#endif /* NO_DH */
+
+#ifndef NO_RSA
+WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short);
+WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short);
+#endif /* NO_RSA */
+
+#ifdef HAVE_ECC
+WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short);
+WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short);
+#endif /* NO_RSA */
+
+WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, word16);
+WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, word16);
+
+/* keyblock size in bytes or -1 */
+/* need to call wolfSSL_KeepArrays before handshake to save keys */
+WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);
+WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen,
+ unsigned char** sr, unsigned int* srLen,
+ unsigned char** cr, unsigned int* crLen);
+
+/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
+WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
+ const char* label);
+
+
+#ifndef _WIN32
+ #ifndef NO_WRITEV
+ #ifdef __PPU
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \
+ !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
+ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \
+ !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \
+ !defined(WOLFSSL_ZEPHYR)
+ #include <sys/uio.h>
+ #endif
+ /* allow writev style writing */
+ WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
+ int iovcnt);
+ #endif
+#endif
+
+
+#ifndef NO_CERTS
+ /* SSL_CTX versions */
+ WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
+ WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*,
+ const unsigned char*, long, int);
+#endif
+ WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX*,
+ const unsigned char*, long, int,
+ int, word32);
+ WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
+ const unsigned char*, long, int);
+ WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*,
+ const unsigned char*, long, int);
+ WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*,
+ const unsigned char*, long, int);
+ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
+ const unsigned char*, long, int);
+ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*,
+ const unsigned char*, long,
+ int, long);
+ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX*,
+ const unsigned char*, long,
+ int);
+ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX*, const char*,
+ int);
+ WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*,
+ const unsigned char*, long, int);
+ WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
+ const unsigned char*, long);
+
+ /* SSL versions */
+ WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*,
+ long, int);
+ WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl,
+ const unsigned char* der, int derSz);
+ WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
+ long, int);
+ WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*,
+ long, int, long);
+ WOLFSSL_API int wolfSSL_use_PrivateKey_Id(WOLFSSL*, const unsigned char*,
+ long, int);
+ WOLFSSL_API int wolfSSL_use_PrivateKey_Label(WOLFSSL*, const char*, int);
+ WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
+ const unsigned char*, long, int);
+ WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
+ const unsigned char*, long);
+ WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
+
+ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
+ defined(KEEP_OUR_CERT)
+ WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
+ WOLFSSL_API WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx);
+ #endif
+#endif
+
+WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
+WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*);
+
+
+#ifdef HAVE_FUZZER
+enum fuzzer_type {
+ FUZZ_HMAC = 0,
+ FUZZ_ENCRYPT = 1,
+ FUZZ_SIGNATURE = 2,
+ FUZZ_HASH = 3,
+ FUZZ_HEAD = 4
+};
+
+typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz,
+ int type, void* fuzzCtx);
+
+WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
+#endif
+
+
+WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, const byte*, word32);
+
+
+/* I/O Callback default errors */
+enum IOerrors {
+ WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
+ WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */
+ WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */
+ WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */
+ WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */
+ WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */
+ WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */
+};
+
+
+/* CA cache callbacks */
+enum {
+ WOLFSSL_SSLV3 = 0,
+ WOLFSSL_TLSV1 = 1,
+ WOLFSSL_TLSV1_1 = 2,
+ WOLFSSL_TLSV1_2 = 3,
+ WOLFSSL_TLSV1_3 = 4,
+ WOLFSSL_USER_CA = 1, /* user added as trusted */
+ WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */
+};
+
+WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*);
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX*, int);
+WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */
+WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void);
+WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
+WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetVersion(const WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
+
+/* moved to asn.c, old names kept for backwards compatibility */
+#define wolfSSL_KeyPemToDer wc_KeyPemToDer
+#define wolfSSL_CertPemToDer wc_CertPemToDer
+#define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer
+#define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer
+#define wolfSSL_PemCertToDer wc_PemCertToDer
+
+
+typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
+typedef void (*CbMissingCRL)(const char* url);
+typedef int (*CbOCSPIO)(void*, const char*, int,
+ unsigned char*, int, unsigned char**);
+typedef void (*CbOCSPRespFree)(void*,unsigned char*);
+
+#ifdef HAVE_CRL_IO
+typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
+#endif
+
+/* User Atomic Record Layer CallBacks */
+typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
+ const unsigned char* macIn, unsigned int macInSz, int macContent,
+ int macVerify, unsigned char* encOut, const unsigned char* encIn,
+ unsigned int encSz, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt);
+WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl,
+ unsigned char* decOut, const unsigned char* decIn,
+ unsigned int decSz, int content, int verify, unsigned int* padSz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*,
+ CallbackDecryptVerify);
+WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackEncryptMac)(WOLFSSL* ssl, unsigned char* macOut,
+ int content, int macVerify, unsigned char* encOut,
+ const unsigned char* encIn, unsigned int encSz, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX*, CallbackEncryptMac);
+WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl,
+ unsigned char* decOut, const unsigned char* decIn,
+ unsigned int decSz, int content, int verify, unsigned int* padSz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetVerifyDecryptCb(WOLFSSL_CTX*,
+ CallbackVerifyDecrypt);
+WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl);
+
+WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
+WOLFSSL_API const unsigned char* wolfSSL_GetDtlsMacSecret(WOLFSSL*, int, int);
+WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
+WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
+WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
+WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*);
+WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*);
+WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*);
+WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*,
+ word32, int, int);
+
+/* Atomic User Needs */
+enum {
+ WOLFSSL_SERVER_END = 0,
+ WOLFSSL_CLIENT_END = 1,
+ WOLFSSL_NEITHER_END = 3,
+ WOLFSSL_BLOCK_TYPE = 2,
+ WOLFSSL_STREAM_TYPE = 3,
+ WOLFSSL_AEAD_TYPE = 4,
+ WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
+};
+
+/* for GetBulkCipher and internal use */
+enum BulkCipherAlgorithm {
+ wolfssl_cipher_null,
+ wolfssl_rc4,
+ wolfssl_rc2,
+ wolfssl_des,
+ wolfssl_triple_des, /* leading 3 (3des) not valid identifier */
+ wolfssl_des40,
+#ifdef HAVE_IDEA
+ wolfssl_idea,
+#endif
+ wolfssl_aes,
+ wolfssl_aes_gcm,
+ wolfssl_aes_ccm,
+ wolfssl_chacha,
+ wolfssl_camellia,
+ wolfssl_hc128, /* wolfSSL extensions */
+ wolfssl_rabbit
+};
+
+
+/* for KDF TLS 1.2 mac types */
+enum KDF_MacAlgorithm {
+ wolfssl_sha256 = 4, /* needs to match hash.h wc_MACAlgorithm */
+ wolfssl_sha384,
+ wolfssl_sha512
+};
+
+
+/* Public Key Callback support */
+#ifdef HAVE_PK_CALLBACKS
+#ifdef HAVE_ECC
+
+struct ecc_key;
+
+typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key,
+ unsigned int keySz, int ecc_curve, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen);
+WOLFSSL_API void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackEccSign)(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, word32* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*,
+ CallbackEccSign);
+WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackEccVerify)(WOLFSSL* ssl,
+ const unsigned char* sig, unsigned int sigSz,
+ const unsigned char* hash, unsigned int hashSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ int* result, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
+WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey,
+ unsigned char* pubKeyDer, word32* pubKeySz,
+ unsigned char* out, word32* outlen,
+ int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
+WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret);
+WOLFSSL_API void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl);
+#endif
+
+#ifndef NO_DH
+/* Public DH Key Callback support */
+struct DhKey;
+typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
+ const unsigned char* priv, unsigned int privSz,
+ const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
+ unsigned char* out, word32* outlen,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
+WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl);
+#endif /* !NO_DH */
+
+#ifdef HAVE_ED25519
+struct ed25519_key;
+typedef int (*CallbackEd25519Sign)(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, unsigned int* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX*,
+ CallbackEd25519Sign);
+WOLFSSL_API void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackEd25519Verify)(WOLFSSL* ssl,
+ const unsigned char* sig, unsigned int sigSz,
+ const unsigned char* msg, unsigned int msgSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ int* result, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX*,
+ CallbackEd25519Verify);
+WOLFSSL_API void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl);
+#endif
+
+#ifdef HAVE_CURVE25519
+struct curve25519_key;
+
+typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key,
+ unsigned int keySz, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen);
+WOLFSSL_API void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackX25519SharedSecret)(WOLFSSL* ssl,
+ struct curve25519_key* otherKey,
+ unsigned char* pubKeyDer, unsigned int* pubKeySz,
+ unsigned char* out, unsigned int* outlen,
+ int side, void* ctx);
+ /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
+WOLFSSL_API void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX*,
+ CallbackX25519SharedSecret);
+WOLFSSL_API void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl);
+#endif
+
+#ifdef HAVE_ED448
+struct ed448_key;
+typedef int (*CallbackEd448Sign)(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, unsigned int* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX*,
+ CallbackEd448Sign);
+WOLFSSL_API void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackEd448Verify)(WOLFSSL* ssl,
+ const unsigned char* sig, unsigned int sigSz,
+ const unsigned char* msg, unsigned int msgSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ int* result, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX*,
+ CallbackEd448Verify);
+WOLFSSL_API void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl);
+#endif
+
+#ifdef HAVE_CURVE448
+struct curve448_key;
+
+typedef int (*CallbackX448KeyGen)(WOLFSSL* ssl, struct curve448_key* key,
+ unsigned int keySz, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX*, CallbackX448KeyGen);
+WOLFSSL_API void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackX448SharedSecret)(WOLFSSL* ssl,
+ struct curve448_key* otherKey,
+ unsigned char* pubKeyDer, unsigned int* pubKeySz,
+ unsigned char* out, unsigned int* outlen,
+ int side, void* ctx);
+ /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
+WOLFSSL_API void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX*,
+ CallbackX448SharedSecret);
+WOLFSSL_API void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl);
+#endif
+
+#ifndef NO_RSA
+typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, word32* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
+WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackRsaVerify)(WOLFSSL* ssl,
+ unsigned char* sig, unsigned int sigSz,
+ unsigned char** out,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify);
+WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify);
+WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
+
+#ifdef WC_RSA_PSS
+typedef int (*CallbackRsaPssSign)(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, unsigned int* outSz,
+ int hash, int mgf,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX*, CallbackRsaPssSign);
+WOLFSSL_API void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl);
+
+typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl,
+ unsigned char* sig, unsigned int sigSz,
+ unsigned char** out,
+ int hash, int mgf,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*,
+ CallbackRsaPssVerify);
+WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*,
+ CallbackRsaPssVerify);
+WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
+#endif
+
+/* RSA Public Encrypt cb */
+typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
+ const unsigned char* in, unsigned int inSz,
+ unsigned char* out, word32* outSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
+WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
+
+/* RSA Private Decrypt cb */
+typedef int (*CallbackRsaDec)(WOLFSSL* ssl,
+ unsigned char* in, unsigned int inSz,
+ unsigned char** out,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec);
+WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
+#endif
+#endif /* HAVE_PK_CALLBACKS */
+
+#ifndef NO_CERTS
+ WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
+
+ WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX*);
+
+ WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
+ WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
+ WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
+ WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER*);
+
+ WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
+ const char* d);
+ WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*,
+ const unsigned char* in, long sz, int format);
+ WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm);
+#endif
+ WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f,
+ int format);
+ WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
+ const unsigned char* buff, long sz, int format);
+ WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*,
+ unsigned char*, int sz);
+ WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*,
+ int options);
+ WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
+ WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
+ VerifyCallback vc);
+ WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*,
+ const char*, int, int);
+ WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*,
+ const unsigned char*, long sz, int);
+ WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*,
+ CbMissingCRL);
+ WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *);
+#ifdef HAVE_CRL_IO
+ WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*,
+ CbCrlIO);
+#endif
+#if defined(HAVE_OCSP)
+ WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *,
+ byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer,
+ CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest);
+#endif
+ WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*,
+ unsigned char*, int sz);
+ WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*,
+ int options);
+ WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
+ WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*,
+ const char*);
+ WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*,
+ CbOCSPIO, CbOCSPRespFree, void*);
+
+ WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(
+ WOLFSSL_CERT_MANAGER* cm);
+ WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
+ WOLFSSL_CERT_MANAGER* cm);
+ WOLFSSL_API int wolfSSL_CertManagerEnableOCSPMustStaple(
+ WOLFSSL_CERT_MANAGER* cm);
+ WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple(
+ WOLFSSL_CERT_MANAGER* cm);
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
+ !defined(NO_FILESYSTEM)
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
+ WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
+#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
+ WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
+ WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
+ WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int);
+ WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*,
+ const unsigned char*, long sz, int);
+ WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL);
+#ifdef HAVE_CRL_IO
+ WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
+#endif
+ WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options);
+ WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
+ WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
+ WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*);
+ WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL*);
+ WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL*);
+
+ WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
+ WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
+ WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int);
+ WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*,
+ const unsigned char*, long sz, int);
+ WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL);
+#ifdef HAVE_CRL_IO
+ WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO);
+#endif
+
+ WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
+ WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
+ WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);
+ WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*,
+ CbOCSPIO, CbOCSPRespFree, void*);
+ WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
+ WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*);
+ WOLFSSL_API int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX*);
+ WOLFSSL_API int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX*);
+#endif /* !NO_CERTS */
+
+
+#ifdef SINGLE_THREADED
+ WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX*);
+#endif
+
+/* end of handshake frees temporary arrays, if user needs for get_keys or
+ psk hints, call KeepArrays before handshake and then FreeArrays when done
+ if don't want to wait for object free */
+WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
+WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
+
+WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl);
+
+WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl);
+
+/* async additions */
+#define wolfSSL_UseAsync wolfSSL_SetDevId
+#define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId);
+
+/* helpers to get device id and heap */
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX*, WOLFSSL*);
+WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
+
+/* TLS Extensions */
+
+/* Server Name Indication */
+#ifdef HAVE_SNI
+
+/* SNI types */
+enum {
+ WOLFSSL_SNI_HOST_NAME = 0
+};
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL*, unsigned char,
+ const void*, unsigned short);
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX*, unsigned char,
+ const void*, unsigned short);
+
+#ifndef NO_WOLFSSL_SERVER
+
+/* SNI options */
+enum {
+ /* Do not abort the handshake if the requested SNI didn't match. */
+ WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
+
+ /* Behave as if the requested SNI matched in a case of mismatch. */
+ /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */
+ WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02,
+
+ /* Abort the handshake if the client didn't send a SNI request. */
+ WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04,
+};
+
+WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
+ unsigned char options);
+WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
+ unsigned char type, unsigned char options);
+WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
+ const unsigned char* clientHello, unsigned int helloSz,
+ unsigned char type, unsigned char* sni, unsigned int* inOutSz);
+
+#endif /* NO_WOLFSSL_SERVER */
+
+/* SNI status */
+enum {
+ WOLFSSL_SNI_NO_MATCH = 0,
+ WOLFSSL_SNI_FAKE_MATCH = 1, /**< @see WOLFSSL_SNI_ANSWER_ON_MISMATCH */
+ WOLFSSL_SNI_REAL_MATCH = 2,
+ WOLFSSL_SNI_FORCE_KEEP = 3 /** Used with -DWOLFSSL_ALWAYS_KEEP_SNI */
+};
+
+WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
+
+WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
+ unsigned char type, void** data);
+
+#endif /* HAVE_SNI */
+
+/* Trusted CA Key Indication - RFC 6066 (Section 6) */
+#ifdef HAVE_TRUSTED_CA
+
+/* TCA Identifier Type */
+enum {
+ WOLFSSL_TRUSTED_CA_PRE_AGREED = 0,
+ WOLFSSL_TRUSTED_CA_KEY_SHA1 = 1,
+ WOLFSSL_TRUSTED_CA_X509_NAME = 2,
+ WOLFSSL_TRUSTED_CA_CERT_SHA1 = 3
+};
+
+WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, unsigned char type,
+ const unsigned char* certId, unsigned int certIdSz);
+#endif /* HAVE_TRUSTED_CA */
+
+/* Application-Layer Protocol Negotiation */
+#ifdef HAVE_ALPN
+
+/* ALPN status code */
+enum {
+ WOLFSSL_ALPN_NO_MATCH = 0,
+ WOLFSSL_ALPN_MATCH = 1,
+ WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2,
+ WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4,
+};
+
+enum {
+ WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255,
+ WOLFSSL_MAX_ALPN_NUMBER = 257
+};
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
+ unsigned char* outLen, const unsigned char* in, unsigned int inLen,
+ void *arg);
+#endif
+
+WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl,
+ char *protocol_name_list,
+ unsigned int protocol_name_listSz,
+ unsigned char options);
+
+WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name,
+ unsigned short *size);
+
+WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
+ unsigned short *listSz);
+WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list);
+#endif /* HAVE_ALPN */
+
+/* Maximum Fragment Length */
+#ifdef HAVE_MAX_FRAGMENT
+
+/* Fragment lengths */
+enum {
+ WOLFSSL_MFL_2_9 = 1, /* 512 bytes */
+ WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
+ WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
+ WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */
+ WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
+ WOLFSSL_MFL_2_8 = 6, /* 256 bytes *//* wolfSSL ONLY!!! */
+ WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9,
+ WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8,
+};
+
+#ifndef NO_WOLFSSL_CLIENT
+
+WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
+WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
+
+#endif
+#endif /* HAVE_MAX_FRAGMENT */
+
+/* Truncated HMAC */
+#ifdef HAVE_TRUNCATED_HMAC
+#ifndef NO_WOLFSSL_CLIENT
+
+WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
+
+#endif
+#endif
+
+/* Certificate Status Request */
+/* Certificate Status Type */
+enum {
+ WOLFSSL_CSR_OCSP = 1
+};
+
+/* Certificate Status Options (flags) */
+enum {
+ WOLFSSL_CSR_OCSP_USE_NONCE = 0x01
+};
+
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+#ifndef NO_WOLFSSL_CLIENT
+
+WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl,
+ unsigned char status_type, unsigned char options);
+
+WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
+ unsigned char status_type, unsigned char options);
+
+#endif
+#endif
+
+/* Certificate Status Request v2 */
+/* Certificate Status Type */
+enum {
+ WOLFSSL_CSR2_OCSP = 1,
+ WOLFSSL_CSR2_OCSP_MULTI = 2
+};
+
+/* Certificate Status v2 Options (flags) */
+enum {
+ WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01
+};
+
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+#ifndef NO_WOLFSSL_CLIENT
+
+WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl,
+ unsigned char status_type, unsigned char options);
+
+WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
+ unsigned char status_type, unsigned char options);
+
+#endif
+#endif
+
+/* Named Groups */
+enum {
+#if 0 /* Not Supported */
+ WOLFSSL_ECC_SECT163K1 = 1,
+ WOLFSSL_ECC_SECT163R1 = 2,
+ WOLFSSL_ECC_SECT163R2 = 3,
+ WOLFSSL_ECC_SECT193R1 = 4,
+ WOLFSSL_ECC_SECT193R2 = 5,
+ WOLFSSL_ECC_SECT233K1 = 6,
+ WOLFSSL_ECC_SECT233R1 = 7,
+ WOLFSSL_ECC_SECT239K1 = 8,
+ WOLFSSL_ECC_SECT283K1 = 9,
+ WOLFSSL_ECC_SECT283R1 = 10,
+ WOLFSSL_ECC_SECT409K1 = 11,
+ WOLFSSL_ECC_SECT409R1 = 12,
+ WOLFSSL_ECC_SECT571K1 = 13,
+ WOLFSSL_ECC_SECT571R1 = 14,
+#endif
+ WOLFSSL_ECC_SECP160K1 = 15,
+ WOLFSSL_ECC_SECP160R1 = 16,
+ WOLFSSL_ECC_SECP160R2 = 17,
+ WOLFSSL_ECC_SECP192K1 = 18,
+ WOLFSSL_ECC_SECP192R1 = 19,
+ WOLFSSL_ECC_SECP224K1 = 20,
+ WOLFSSL_ECC_SECP224R1 = 21,
+ WOLFSSL_ECC_SECP256K1 = 22,
+ WOLFSSL_ECC_SECP256R1 = 23,
+ WOLFSSL_ECC_SECP384R1 = 24,
+ WOLFSSL_ECC_SECP521R1 = 25,
+ WOLFSSL_ECC_BRAINPOOLP256R1 = 26,
+ WOLFSSL_ECC_BRAINPOOLP384R1 = 27,
+ WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
+ WOLFSSL_ECC_X25519 = 29,
+ WOLFSSL_ECC_X448 = 30,
+ WOLFSSL_ECC_MAX = 30,
+
+ WOLFSSL_FFDHE_2048 = 256,
+ WOLFSSL_FFDHE_3072 = 257,
+ WOLFSSL_FFDHE_4096 = 258,
+ WOLFSSL_FFDHE_6144 = 259,
+ WOLFSSL_FFDHE_8192 = 260,
+};
+
+enum {
+ WOLFSSL_EC_PF_UNCOMPRESSED = 0,
+#if 0 /* Not Supported */
+ WOLFSSL_EC_PF_X962_COMP_PRIME = 1,
+ WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2,
+#endif
+};
+
+#ifdef HAVE_SUPPORTED_CURVES
+WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name);
+WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
+ word16 name);
+#endif
+
+#ifdef WOLFSSL_TLS13
+WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
+WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
+#endif
+
+
+/* Secure Renegotiation */
+#ifdef HAVE_SECURE_RENEGOTIATION
+
+WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume);
+WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_SecureResume(WOLFSSL* ssl);
+WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl);
+
+#endif
+
+#if defined(HAVE_SELFTEST) && \
+ (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
+
+ /* Needed by session ticket stuff below */
+ #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
+ #define WOLFSSL_AES_KEY_SIZE_ENUM
+ enum SSL_Misc {
+ AES_IV_SIZE = 16,
+ AES_128_KEY_SIZE = 16,
+ AES_192_KEY_SIZE = 24,
+ AES_256_KEY_SIZE = 32
+ };
+ #endif
+#endif
+
+/* Session Ticket */
+#ifdef HAVE_SESSION_TICKET
+
+#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER)
+ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+ !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \
+ !defined(WOLFSSL_TICKET_ENC_AES256_GCM)
+ #define WOLFSSL_TICKET_KEY_SZ CHACHA20_POLY1305_AEAD_KEYSIZE
+ #elif defined(WOLFSSL_TICKET_ENC_AES256_GCM)
+ #define WOLFSSL_TICKET_KEY_SZ AES_256_KEY_SIZE
+ #else
+ #define WOLFSSL_TICKET_KEY_SZ AES_128_KEY_SIZE
+ #endif
+
+ #define WOLFSSL_TICKET_KEYS_SZ (WOLFSSL_TICKET_NAME_SZ + \
+ 2 * WOLFSSL_TICKET_KEY_SZ + \
+ sizeof(word32) * 2)
+#endif
+
+#ifndef NO_WOLFSSL_CLIENT
+WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, word32*);
+WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, word32);
+typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
+WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
+ CallbackSessionTicket, void*);
+#endif /* NO_WOLFSSL_CLIENT */
+
+
+#define WOLFSSL_TICKET_NAME_SZ 16
+#define WOLFSSL_TICKET_IV_SZ 16
+#define WOLFSSL_TICKET_MAC_SZ 32
+
+enum TicketEncRet {
+ WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */
+ WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */
+ WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */
+ WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */
+};
+
+#ifndef NO_WOLFSSL_SERVER
+
+WOLFSSL_API int wolfSSL_CTX_NoTicketTLSv12(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_NoTicketTLSv12(WOLFSSL* ssl);
+
+typedef int (*SessionTicketEncCb)(WOLFSSL*,
+ unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
+ unsigned char iv[WOLFSSL_TICKET_IV_SZ],
+ unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
+ int enc, unsigned char*, int, int*, void*);
+WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
+ SessionTicketEncCb);
+WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
+WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
+WOLFSSL_API void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx);
+
+#endif /* NO_WOLFSSL_SERVER */
+
+#endif /* HAVE_SESSION_TICKET */
+
+#ifdef HAVE_QSH
+/* Quantum-safe Crypto Schemes */
+enum {
+ WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */
+ WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */
+ WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */
+ WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */
+ WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */
+ WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */
+};
+
+
+/* test if the connection is using a QSH secure connection return 1 if so */
+WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
+#ifndef NO_WOLFSSL_CLIENT
+ /* user control over sending client public key in hello
+ when flag = 1 will send keys if flag is 0 or function is not called
+ then will not send keys in the hello extension */
+ WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
+#endif
+
+#endif /* QSH */
+
+/* TLS Extended Master Secret Extension */
+WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
+
+
+#define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */
+#define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */
+
+
+/* notify user the handshake is done */
+typedef int (*HandShakeDoneCb)(WOLFSSL*, void*);
+WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*);
+
+
+WOLFSSL_API int wolfSSL_PrintSessionStats(void);
+WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
+ unsigned int* total,
+ unsigned int* peak,
+ unsigned int* maxSessions);
+/* External facing KDF */
+WOLFSSL_API
+int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, word32 msLen,
+ const unsigned char* pms, word32 pmsLen,
+ const unsigned char* cr, const unsigned char* sr,
+ int tls1_2, int hash_type);
+
+WOLFSSL_API
+int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, word32 msLen,
+ const unsigned char* pms, word32 pmsLen,
+ const unsigned char* sHash, word32 sHashLen,
+ int tls1_2, int hash_type);
+
+WOLFSSL_API
+int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen,
+ const unsigned char* ms, word32 msLen,
+ const unsigned char* sr, const unsigned char* cr,
+ int tls1_2, int hash_type);
+
+#ifdef WOLFSSL_CALLBACKS
+
+typedef int (*HandShakeCallBack)(HandShakeInfo*);
+typedef int (*TimeoutCallBack)(TimeoutInfo*);
+
+/* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
+ for diagnostics */
+WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
+ WOLFSSL_TIMEVAL);
+WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
+ WOLFSSL_TIMEVAL);
+
+#endif /* WOLFSSL_CALLBACKS */
+
+
+#ifdef WOLFSSL_HAVE_WOLFSCEP
+ WOLFSSL_API void wolfSSL_wolfSCEP(void);
+#endif /* WOLFSSL_HAVE_WOLFSCEP */
+
+#ifdef WOLFSSL_HAVE_CERT_SERVICE
+ WOLFSSL_API void wolfSSL_cert_service(void);
+#endif
+
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+/* Smaller subset of X509 compatibility functions. Avoid increasing the size of
+ * this subset and its memory usage */
+
+#include <wolfssl/openssl/asn1.h>
+struct WOLFSSL_X509_NAME_ENTRY {
+ WOLFSSL_ASN1_OBJECT* object; /* static object just for keeping grp, type */
+ WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
+ int nid; /* i.e. ASN_COMMON_NAME */
+ int set;
+ int size;
+};
+
+WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
+ const WOLFSSL_ASN1_OBJECT *obj,
+ int idx);
+
+
+
+enum {
+ WOLFSSL_SYS_ACCEPT = 0,
+ WOLFSSL_SYS_BIND,
+ WOLFSSL_SYS_CONNECT,
+ WOLFSSL_SYS_FOPEN,
+ WOLFSSL_SYS_FREAD,
+ WOLFSSL_SYS_GETADDRINFO,
+ WOLFSSL_SYS_GETSOCKOPT,
+ WOLFSSL_SYS_GETSOCKNAME,
+ WOLFSSL_SYS_GETHOSTBYNAME,
+ WOLFSSL_SYS_GETNAMEINFO,
+ WOLFSSL_SYS_GETSERVBYNAME,
+ WOLFSSL_SYS_IOCTLSOCKET,
+ WOLFSSL_SYS_LISTEN,
+ WOLFSSL_SYS_OPENDIR,
+ WOLFSSL_SYS_SETSOCKOPT,
+ WOLFSSL_SYS_SOCKET
+};
+
+/* Object functions */
+WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n);
+WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
+WOLFSSL_API int wolfSSL_OBJ_get_type(const WOLFSSL_ASN1_OBJECT *o);
+WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
+
+WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n);
+WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln);
+WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a,
+ const WOLFSSL_ASN1_OBJECT* b);
+WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name);
+
+WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n);
+WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj);
+WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name);
+
+WOLFSSL_API void wolfSSL_OBJ_cleanup(void);
+WOLFSSL_API int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln);
+#ifdef HAVE_ECC
+WOLFSSL_LOCAL int NIDToEccEnum(int n);
+#endif
+/* end of object functions */
+
+WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line);
+WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
+WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void));
+WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx);
+
+#ifndef NO_CERTS
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID(
+ WOLFSSL_X509_NAME_ENTRY** out, int nid, int type,
+ const unsigned char* data, int dataSz);
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_txt(
+ WOLFSSL_X509_NAME_ENTRY **neIn, const char *txt, int format,
+ const unsigned char *data, int dataSz);
+WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name,
+ WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set);
+WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
+ const char *field, int type, const unsigned char *bytes, int len, int loc,
+ int set);
+WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
+ int type, const unsigned char *bytes,
+ int len, int loc, int set);
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry(
+ WOLFSSL_X509_NAME *name, int loc);
+WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
+ const WOLFSSL_X509_NAME* y);
+WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
+WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
+WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*);
+WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
+#endif /* !NO_CERTS */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
+ || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
+WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
+ int nid, int* c, int* idx);
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+#ifndef NO_CERTS
+WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
+WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
+WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
+WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
+ void *data);
+WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc);
+WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
+ WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
+ char* value);
+WOLFSSL_API void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx,
+ WOLFSSL_X509* issuer, WOLFSSL_X509* subject, WOLFSSL_X509* req,
+ WOLFSSL_X509_CRL* crl, int flag);
+WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx);
+WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
+ const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
+WOLFSSL_API int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
+ const WOLFSSL_EVP_MD *digest, unsigned char* buf, unsigned int* len);
+WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
+WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
+ const unsigned char* der, long derSz);
+WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
+#ifndef NO_RSA
+WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
+ long derSz);
+#endif
+WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
+ unsigned char* der, long derSz);
+
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b);
+WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x);
+WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X509 *x);
+WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
+WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
+ const WOLFSSL_ASN1_OBJECT *obj, int lastpos);
+WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
+WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
+WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
+WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
+ WOLFSSL_X509_EXTENSION* ext);
+WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk);
+WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
+#endif
+
+WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
+#endif /* !NO_CERTS */
+
+WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
+
+WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
+ unsigned char* out, int outSz);
+WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
+
+WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
+#endif
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
+ WOLFSSL_X509** x509);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s);
+#endif
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
+ WOLFSSL_X509** x509);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio,
+ WOLFSSL_X509** x509);
+#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
+ WOLFSSL_X509_STORE* str);
+WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
+ defined(HAVE_SECRET_CALLBACK)
+WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
+ unsigned char *out, size_t outlen);
+WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
+ unsigned char* out, size_t outSz);
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
+/* non-standard API to determine if BIO supports "pending" */
+WOLFSSL_API int wolfSSL_BIO_supports_pending(const WOLFSSL_BIO *bio);
+WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
+
+WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
+
+WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
+WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
+WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX*);
+
+WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
+#endif
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
+ WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
+WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
+ (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
+ WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
+ pem_password_cb* cb, void* u);
+#ifndef NO_FILESYSTEM
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp,
+ WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
+#endif
+WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(const char* header,
+ EncryptedInfo* cipher);
+WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
+ unsigned char* data, long* len,
+ pem_password_cb* callback, void* ctx);
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
+
+/*lighttp compatibility */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
+ defined(OPENSSL_EXTRA_X509_SMALL)
+struct WOLFSSL_ASN1_BIT_STRING {
+ int length;
+ int type;
+ byte* data;
+ long flags;
+};
+
+struct WOLFSSL_CONF_CTX {
+ unsigned int flags;
+ WOLFSSL_CTX* ctx;
+ WOLFSSL* ssl;
+};
+
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
+ defined(OPENSSL_EXTRA_X509_SMALL)
+
+#if defined(OPENSSL_EXTRA) \
+ || defined(OPENSSL_ALL) \
+ || defined(HAVE_LIGHTY) \
+ || defined(WOLFSSL_MYSQL_COMPATIBLE) \
+ || defined(HAVE_STUNNEL) \
+ || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY) \
+ || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
+WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
+WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX*, WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
+/* These are to be merged shortly */
+WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
+WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
+WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
+WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
+WOLFSSL_API unsigned char *wolfSSL_SHA224(const unsigned char *d, size_t n, unsigned char *md);
+WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
+WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
+WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);
+WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk );
+WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509);
+
+#ifndef NO_FILESYSTEM
+WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
+WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c);
+#endif
+
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
+
+
+#if defined(OPENSSL_ALL) \
+ || defined(HAVE_STUNNEL) \
+ || defined(HAVE_LIGHTY) \
+ || defined(WOLFSSL_MYSQL_COMPATIBLE) \
+ || defined(WOLFSSL_HAPROXY) \
+ || defined(OPENSSL_EXTRA)
+#define X509_BUFFER_SZ 8192
+
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
+WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
+WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
+ WOLFSSL_DH **x, pem_password_cb *cb, void *u);
+WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
+ WOLFSSL_DSA **x, pem_password_cb *cb, void *u);
+WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
+WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
+WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
+#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
+ defined(WOLFSSL_CERT_REQ)
+WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
+WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
+WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
+ const WOLFSSL_EVP_MD *md);
+WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
+ WOLFSSL_EVP_MD_CTX* md_ctx);
+WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
+ WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext_sk);
+WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
+ WOLFSSL_X509_NAME *name);
+WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
+ WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
+ int nid, int type,
+ const unsigned char *bytes,
+ int len);
+WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
+ int nid, int lastpos);
+WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
+ const char *attrname, int type,
+ const unsigned char *bytes, int len);
+WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
+ const WOLFSSL_X509 *req, int loc);
+WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void);
+WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr);
+WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
+ WOLFSSL_X509_ATTRIBUTE *attr, int idx);
+WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
+ WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
+#endif
+
+
+#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+
+#include <wolfssl/openssl/crypto.h>
+
+WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+ void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
+
+WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
+
+WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size);
+
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn);
+
+WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int, void *), void *cb_arg);
+
+WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int,
+ void (*callback) (int, int, void *));
+
+WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
+
+WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
+
+WOLFSSL_API int wolfSSL_FIPS_mode(void);
+
+WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
+
+WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods);
+
+WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
+
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void);
+WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s);
+
+WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void);
+WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info);
+
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_INFO_new_null(void);
+WOLFSSL_API int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
+WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value(
+ const WOLF_STACK_OF(WOLFSSL_X509_INFO)*, int);
+WOLFSSL_API int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)*,
+ WOLFSSL_X509_INFO*);
+WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
+WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*,
+ void (*f) (WOLFSSL_X509_INFO*));
+WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
+
+typedef int (*wolf_sk_compare_cb)(const void* a,
+ const void* b);
+typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
+ wolf_sk_compare_cb);
+WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
+ WOLFSSL_X509_NAME*);
+WOLFSSL_API int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
+ WOLFSSL_X509_NAME*);
+WOLFSSL_API int wolfSSL_sk_X509_NAME_set_cmp_func(
+ WOLF_STACK_OF(WOLFSSL_X509_NAME)*, wolf_sk_compare_cb);
+WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, int);
+WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
+WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
+WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
+ void (*f) (WOLFSSL_X509_NAME*));
+WOLFSSL_API void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME) *);
+
+WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s);
+
+WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
+ unsigned long);
+#ifndef NO_FILESYSTEM
+WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int,
+ unsigned long);
+#endif
+
+WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc);
+WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk);
+WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk);
+WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(
+ const struct WOLFSSL_STACK *sk, int i);
+WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
+ WOLFSSL_CONF_VALUE* val);
+#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void);
+WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*);
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
+ const WOLFSSL_X509*);
+WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
+ const WOLFSSL_ASN1_BIT_STRING*, int);
+WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
+ WOLFSSL_ASN1_BIT_STRING*, int, int);
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+
+#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+
+WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
+
+WOLFSSL_API int wolfSSL_version(WOLFSSL*);
+
+WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int);
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
+
+WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
+#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
+
+WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup(
+ WOLFSSL_SESSION* session,
+ int idx,
+ void* data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+
+#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+
+WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
+ CRYPTO_free_func*);
+
+WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
+
+WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
+ unsigned int*);
+
+WOLFSSL_API int wolfSSL_SESSION_print(WOLFSSL_BIO*, const WOLFSSL_SESSION*);
+
+WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *);
+
+WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char);
+
+WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*);
+
+WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
+
+WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
+
+#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
+
+#ifdef HAVE_SNI
+/* SNI received callback type */
+typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
+
+WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
+ CallbackSniRecv);
+WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
+ CallbackSniRecv);
+
+WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
+#endif
+
+#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+
+WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);
+
+/* support for deprecated old name */
+#define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state
+
+#ifndef NO_FILESYSTEM
+WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp);
+#endif
+
+WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*));
+
+WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val);
+WOLFSSL_API void wolfSSL_THREADID_current(WOLFSSL_CRYPTO_THREADID* id);
+WOLFSSL_API unsigned long wolfSSL_THREADID_hash(
+ const WOLFSSL_CRYPTO_THREADID* id);
+
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
+ wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *);
+WOLFSSL_API WOLFSSL_X509_OBJECT*
+ wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i);
+WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a);
+#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#include <wolfssl/openssl/stack.h>
+WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
+WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names);
+WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
+#endif /* OPENSSL_EXTRA && HAVE_ECC */
+
+#if defined(OPENSSL_ALL) || \
+ defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+
+WOLFSSL_API int wolfSSL_get_verify_mode(const WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx);
+
+#endif
+
+#ifdef WOLFSSL_JNI
+WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
+WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
+#endif /* WOLFSSL_JNI */
+
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags);
+WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
+ WOLF_EVENT_FLAG flags, int* eventCount);
+#endif /* WOLFSSL_ASYNC_CRYPT */
+
+#ifdef OPENSSL_EXTRA
+typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type,
+ const void *buf, size_t len, WOLFSSL *ssl, void *arg);
+
+#if defined(HAVE_SECRET_CALLBACK)
+typedef void (*wolfSSL_CTX_keylog_cb_func)
+ (const WOLFSSL* ssl, const char* line);
+WOLFSSL_API void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx,
+ wolfSSL_CTX_keylog_cb_func cb);
+WOLFSSL_API wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback(
+ const WOLFSSL_CTX* ctx);
+#endif /* HAVE_SECRET_CALLBACK */
+
+WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb);
+WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
+WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg);
+WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
+WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
+ int *line, const char **data, int *flags);
+WOLFSSL_API int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx,
+ const unsigned char *protos, unsigned int protos_len);
+WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
+ const unsigned char* protos, unsigned int protos_len);
+WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
+ size_t siz, const char* file, int line);
+WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len);
+WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
+WOLFSSL_API void wolfSSL_DH_get0_pqg(const WOLFSSL_DH* dh,
+const WOLFSSL_BIGNUM** p, const WOLFSSL_BIGNUM** q, const WOLFSSL_BIGNUM** g);
+#endif
+
+#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)
+ WOLFSSL_API int wolfSSL_get_ocsp_producedDate(
+ WOLFSSL *ssl,
+ byte *producedDate,
+ size_t producedDate_space,
+ int *producedDateFormat);
+ WOLFSSL_API int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl,
+ struct tm *produced_tm);
+#endif
+
+#if defined(OPENSSL_ALL) \
+ || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY) \
+ || defined(OPENSSL_EXTRA) \
+ || defined(HAVE_STUNNEL)
+WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name);
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+/* Not an OpenSSL API. */
+WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
+/* Not an OpenSSL API. */
+WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
+/* Not an OpenSSL API. */
+WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \
+ || defined(WOLFSSL_WPAS_SMALL)
+WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
+WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
+ void *data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
+ X509 *x509,
+ int idx,
+ void *data,
+ wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
+ || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
+WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
+ void *b, void *c);
+WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
+ const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
+
+WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx);
+WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx,
+ WOLFSSL_EC_KEY *ecdh);
+WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *,
+ WOLFSSL_SESSION *c);
+
+WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s);
+WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s);
+WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s);
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL*);
+#else
+WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL*);
+#endif
+WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*);
+
+#ifndef NO_SESSION_CACHE
+ WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
+#endif
+
+WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
+ const WOLFSSL_ASN1_INTEGER *a);
+
+#ifdef HAVE_SESSION_TICKET
+typedef int (*ticketCompatCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
+ WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc);
+WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, ticketCompatCb);
+#endif
+
+#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,
+ WOLF_STACK_OF(X509)** chain);
+WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
+ int(*)(WOLFSSL*, void*));
+
+WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
+ WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x);
+
+WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x);
+
+WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
+ WOLFSSL_X509 *subject);
+
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void);
+WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk);
+WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(
+ WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
+WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num(
+ WOLF_STACK_OF(WOLFSSL_STRING)* strings);
+#endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+
+WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
+ WOLFSSL_X509 *cert);
+
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
+ OPENSSL_EXTRA || HAVE_LIGHTY */
+
+#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+ !defined(NO_WOLFSSL_SERVER)
+WOLFSSL_API long wolfSSL_CTX_get_tlsext_ticket_keys(WOLFSSL_CTX *ctx,
+ unsigned char *keys, int keylen);
+WOLFSSL_API long wolfSSL_CTX_set_tlsext_ticket_keys(WOLFSSL_CTX *ctx,
+ unsigned char *keys, int keylen);
+#endif
+
+WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
+ const unsigned char **data, unsigned int *len);
+WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in, unsigned int inlen,
+ const unsigned char *client,
+ unsigned int client_len);
+WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
+ int (*cb) (WOLFSSL *ssl,
+ const unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg), void *arg);
+WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
+ int (*cb) (WOLFSSL *ssl,
+ const unsigned char **out,
+ unsigned int *outlen,
+ void *arg), void *arg);
+WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
+ int (*cb) (WOLFSSL *ssl,
+ unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg), void *arg);
+WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
+ unsigned *len);
+
+#ifndef NO_ASN
+WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
+ size_t chklen, unsigned int flags, char **peername);
+WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
+ unsigned int flags);
+#endif
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN)
+WOLFSSL_API int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk,
+ size_t chkLen, unsigned int flags);
+#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
+ const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
+WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count);
+WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count);
+#endif
+
+WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
+WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
+WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void);
+WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg);
+WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
+WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor);
+WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval);
+WOLFSSL_API WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void);
+WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at);
+WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void);
+WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x);
+WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, WOLFSSL_X509_ALGOR **pa, WOLFSSL_X509_PUBKEY *pub);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
+WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
+WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
+ const unsigned char **der,
+ long length);
+WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
+WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
+WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
+WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
+WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
+WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
+WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find(
+ WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind);
+WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
+WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
+WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
+WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i);
+WOLFSSL_API void ERR_load_SSL_strings(void);
+WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
+
+WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
+WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags);
+WOLFSSL_API int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str);
+WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t);
+WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
+WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
+ WOLFSSL_ASN1_TIME **out);
+WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
+WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
+ char *buf, int size);
+WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store);
+WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x);
+WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
+
+WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
+ WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
+ int passwdSz, pem_password_cb* cb, void* ctx);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
+ WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
+ WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
+
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#ifdef HAVE_PK_CALLBACKS
+WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx);
+#endif
+
+#ifdef HAVE_ENCRYPT_THEN_MAC
+WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int);
+WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int);
+#endif
+
+/* This feature is used to set a fixed ephemeral key and is for testing only */
+/* Currently allows ECDHE and DHE only */
+#ifdef WOLFSSL_STATIC_EPHEMERAL
+WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
+ const char* key, unsigned int keySz, int format);
+WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
+ const char* key, unsigned int keySz, int format);
+
+/* returns pointer to loaded key as ASN.1/DER */
+WOLFSSL_API int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
+ const unsigned char** key, unsigned int* keySz);
+WOLFSSL_API int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
+ const unsigned char** key, unsigned int* keySz);
+#endif
+
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx);
+WOLFSSL_API void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level);
+WOLFSSL_API int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx);
+
+WOLFSSL_API int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s);
+
+WOLFSSL_API void wolfSSL_CRYPTO_free(void *str, const char *file, int line);
+WOLFSSL_API void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line);
+
+WOLFSSL_API WOLFSSL_CONF_CTX* wolfSSL_CONF_CTX_new(void);
+WOLFSSL_API void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx);
+WOLFSSL_API void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx);
+WOLFSSL_API unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx, unsigned int flags);
+WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx);
+
+#define WOLFSSL_CONF_FLAG_CMDLINE 0x1
+#define WOLFSSL_CONF_FLAG_FILE 0x2
+#define WOLFSSL_CONF_FLAG_CERTIFICATE 0x20
+
+#define WOLFSSL_CONF_TYPE_STRING 0x1
+#define WOLFSSL_CONF_TYPE_FILE 0x2
+
+WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value);
+#endif /* OPENSSL_EXTRA */
+#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL)
+WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+ WOLFSSL_CRYPTO_EX_new* new_func,
+ WOLFSSL_CRYPTO_EX_dup* dup_func,
+ WOLFSSL_CRYPTO_EX_free* free_func);
+#endif /* HAVE_EX_DATA || FORTRESS */
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLFSSL_SSL_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/test.h b/ap/lib/libwolfssl/install/include/wolfssl/test.h
new file mode 100644
index 0000000..c9ce4c7
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/test.h
@@ -0,0 +1,4805 @@
+/* test.h */
+
+#ifndef wolfSSL_TEST_H
+#define wolfSSL_TEST_H
+
+#ifdef FUSION_RTOS
+ #include <fclstdio.h>
+ #include <fclstdlib.h>
+#else
+ #include <stdio.h>
+ #include <stdlib.h>
+#endif
+#include <assert.h>
+#include <ctype.h>
+#ifdef HAVE_ERRNO_H
+ #include <errno.h>
+#endif
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/error-ssl.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/mem_track.h>
+#include <wolfssl/wolfio.h>
+#if defined(SHOW_CERTS) && \
+ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+ #include <wolfssl/wolfcrypt/asn.h> /* for domain component NID value */
+#endif
+
+#ifdef ATOMIC_USER
+ #include <wolfssl/wolfcrypt/aes.h>
+ #include <wolfssl/wolfcrypt/arc4.h>
+ #include <wolfssl/wolfcrypt/hmac.h>
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ #include <wolfssl/wolfcrypt/asn.h>
+ #ifndef NO_RSA
+ #include <wolfssl/wolfcrypt/rsa.h>
+ #endif
+ #ifdef HAVE_ECC
+ #include <wolfssl/wolfcrypt/ecc.h>
+ #endif /* HAVE_ECC */
+ #ifndef NO_DH
+ #include <wolfssl/wolfcrypt/dh.h>
+ #endif /* !NO_DH */
+ #ifdef HAVE_ED25519
+ #include <wolfssl/wolfcrypt/ed25519.h>
+ #endif /* HAVE_ED25519 */
+ #ifdef HAVE_CURVE25519
+ #include <wolfssl/wolfcrypt/curve25519.h>
+ #endif /* HAVE_ECC */
+ #ifdef HAVE_ED448
+ #include <wolfssl/wolfcrypt/ed448.h>
+ #endif /* HAVE_ED448 */
+ #ifdef HAVE_CURVE448
+ #include <wolfssl/wolfcrypt/curve448.h>
+ #endif /* HAVE_ECC */
+#endif /*HAVE_PK_CALLBACKS */
+
+#ifdef USE_WINDOWS_API
+ #include <winsock2.h>
+ #include <process.h>
+ #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
+ #include <ws2tcpip.h>
+ #include <wspiapi.h>
+ #endif
+ #define SOCKET_T SOCKET
+ #define SNPRINTF _snprintf
+ #define XSLEEP_MS(t) Sleep(t)
+#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ #include <string.h>
+ #include "rl_net.h"
+ #define SOCKET_T int
+ typedef int socklen_t ;
+ #define inet_addr wolfSSL_inet_addr
+ static unsigned long wolfSSL_inet_addr(const char *cp)
+ {
+ unsigned int a[4] ; unsigned long ret ;
+ sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
+ ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
+ return(ret) ;
+ }
+ #if defined(HAVE_KEIL_RTX)
+ #define XSLEEP_MS(t) os_dly_wait(t)
+ #elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2)
+ #define XSLEEP_MS(t) osDelay(t)
+ #endif
+#elif defined(WOLFSSL_TIRTOS)
+ #include <string.h>
+ #include <netdb.h>
+ #include <sys/types.h>
+ #include <arpa/inet.h>
+ #include <sys/socket.h>
+ #include <ti/sysbios/knl/Task.h>
+ struct hostent {
+ char *h_name; /* official name of host */
+ char **h_aliases; /* alias list */
+ int h_addrtype; /* host address type */
+ int h_length; /* length of address */
+ char **h_addr_list; /* list of addresses from name server */
+ };
+ #define SOCKET_T int
+ #define XSLEEP_MS(t) Task_sleep(t/1000)
+#elif defined(WOLFSSL_VXWORKS)
+ #include <hostLib.h>
+ #include <sockLib.h>
+ #include <arpa/inet.h>
+ #include <string.h>
+ #include <selectLib.h>
+ #include <sys/types.h>
+ #include <netinet/in.h>
+ #include <fcntl.h>
+ #include <sys/time.h>
+ #include <netdb.h>
+ #include <pthread.h>
+ #define SOCKET_T int
+#elif defined(WOLFSSL_ZEPHYR)
+ #include <string.h>
+ #include <sys/types.h>
+ #include <net/socket.h>
+ #define SOCKET_T int
+ #define SOL_SOCKET 1
+ #define WOLFSSL_USE_GETADDRINFO
+
+ static unsigned long inet_addr(const char *cp)
+ {
+ unsigned int a[4]; unsigned long ret;
+ int i, j;
+ for (i=0, j=0; i<4; i++) {
+ a[i] = 0;
+ while (cp[j] != '.' && cp[j] != '\0') {
+ a[i] *= 10;
+ a[i] += cp[j] - '0';
+ j++;
+ }
+ }
+ ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
+ return(ret) ;
+ }
+#else
+ #include <string.h>
+ #include <sys/types.h>
+#ifndef WOLFSSL_LEANPSK
+ #include <unistd.h>
+ #include <netdb.h>
+ #include <netinet/in.h>
+ #include <netinet/tcp.h>
+ #include <arpa/inet.h>
+ #include <sys/ioctl.h>
+ #include <sys/time.h>
+ #include <sys/socket.h>
+ #include <pthread.h>
+ #include <fcntl.h>
+ #ifdef TEST_IPV6
+ #include <netdb.h>
+ #endif
+#endif
+ #ifdef FREESCALE_MQX
+ typedef int socklen_t ;
+ #endif
+ #define SOCKET_T int
+ #ifndef SO_NOSIGPIPE
+ #include <signal.h> /* ignore SIGPIPE */
+ #endif
+ #define SNPRINTF snprintf
+
+ #define XSELECT_WAIT(x,y) do { \
+ struct timeval tv = {((x) + ((y) / 1000000)),((y) % 1000000)}; \
+ select(0, NULL, NULL, NULL, &tv); \
+ } while (0)
+ #define XSLEEP_US(u) XSELECT_WAIT(0,u)
+ #define XSLEEP_MS(m) XSELECT_WAIT(0,(m)*1000)
+#endif /* USE_WINDOWS_API */
+
+#ifndef XSLEEP_MS
+ #define XSLEEP_MS(t) sleep(t/1000)
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+#ifdef HAVE_CAVIUM
+ #include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
+#endif
+#ifdef _MSC_VER
+ /* disable conversion warning */
+ /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
+ #pragma warning(disable:4244 4996)
+#endif
+
+#ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE
+ #define WOLFSSL_CIPHER_LIST_MAX_SIZE 4096
+#endif
+/* Buffer for benchmark tests */
+#ifndef TEST_BUFFER_SIZE
+ #define TEST_BUFFER_SIZE 16384
+#endif
+
+#ifndef WOLFSSL_HAVE_MIN
+ #define WOLFSSL_HAVE_MIN
+ static WC_INLINE word32 min(word32 a, word32 b)
+ {
+ return a > b ? b : a;
+ }
+#endif /* WOLFSSL_HAVE_MIN */
+
+/* Socket Handling */
+#ifndef WOLFSSL_SOCKET_INVALID
+#ifdef USE_WINDOWS_API
+ #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET)
+#elif defined(WOLFSSL_TIRTOS)
+ #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1)
+#else
+ #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0)
+#endif
+#endif /* WOLFSSL_SOCKET_INVALID */
+
+#ifndef WOLFSSL_SOCKET_IS_INVALID
+#if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS)
+ #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID)
+#else
+ #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID)
+#endif
+#endif /* WOLFSSL_SOCKET_IS_INVALID */
+
+#if defined(__MACH__) || defined(USE_WINDOWS_API)
+ #ifndef _SOCKLEN_T
+ typedef int socklen_t;
+ #endif
+#endif
+
+
+/* HPUX doesn't use socklent_t for third parameter to accept, unless
+ _XOPEN_SOURCE_EXTENDED is defined */
+#if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\
+ && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET)
+ typedef socklen_t* ACCEPT_THIRD_T;
+#else
+ #if defined _XOPEN_SOURCE_EXTENDED
+ typedef socklen_t* ACCEPT_THIRD_T;
+ #else
+ typedef int* ACCEPT_THIRD_T;
+ #endif
+#endif
+
+
+
+#ifdef SINGLE_THREADED
+ typedef unsigned int THREAD_RETURN;
+ typedef void* THREAD_TYPE;
+ #define WOLFSSL_THREAD
+#else
+ #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
+ typedef void* THREAD_RETURN;
+ typedef pthread_t THREAD_TYPE;
+ #define WOLFSSL_THREAD
+ #define INFINITE -1
+ #define WAIT_OBJECT_0 0L
+ #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) || defined(FREESCALE_MQX)
+ typedef unsigned int THREAD_RETURN;
+ typedef int THREAD_TYPE;
+ #define WOLFSSL_THREAD
+ #elif defined(WOLFSSL_TIRTOS)
+ typedef void THREAD_RETURN;
+ typedef Task_Handle THREAD_TYPE;
+ #define WOLFSSL_THREAD
+ #elif defined(WOLFSSL_ZEPHYR)
+ typedef void THREAD_RETURN;
+ typedef struct k_thread THREAD_TYPE;
+ #define WOLFSSL_THREAD
+ #else
+ typedef unsigned int THREAD_RETURN;
+ typedef intptr_t THREAD_TYPE;
+ #define WOLFSSL_THREAD __stdcall
+ #endif
+#endif
+
+
+#ifdef TEST_IPV6
+ typedef struct sockaddr_in6 SOCKADDR_IN_T;
+ #define AF_INET_V AF_INET6
+#else
+ typedef struct sockaddr_in SOCKADDR_IN_T;
+ #define AF_INET_V AF_INET
+#endif
+
+
+#ifndef WOLFSSL_NO_TLS12
+#define SERVER_DEFAULT_VERSION 3
+#else
+#define SERVER_DEFAULT_VERSION 4
+#endif
+#define SERVER_DTLS_DEFAULT_VERSION (-2)
+#define SERVER_INVALID_VERSION (-99)
+#define SERVER_DOWNGRADE_VERSION (-98)
+#ifndef WOLFSSL_NO_TLS12
+#define CLIENT_DEFAULT_VERSION 3
+#else
+#define CLIENT_DEFAULT_VERSION 4
+#endif
+#define CLIENT_DTLS_DEFAULT_VERSION (-2)
+#define CLIENT_INVALID_VERSION (-99)
+#define CLIENT_DOWNGRADE_VERSION (-98)
+#define EITHER_DOWNGRADE_VERSION (-97)
+#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
+ #define DEFAULT_MIN_DHKEY_BITS 2048
+ #define DEFAULT_MAX_DHKEY_BITS 3072
+#else
+ #define DEFAULT_MIN_DHKEY_BITS 1024
+ #define DEFAULT_MAX_DHKEY_BITS 2048
+#endif
+#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
+ #define DEFAULT_MIN_RSAKEY_BITS 2048
+#else
+ #ifndef DEFAULT_MIN_RSAKEY_BITS
+ #define DEFAULT_MIN_RSAKEY_BITS 1024
+ #endif
+#endif
+#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
+ #define DEFAULT_MIN_ECCKEY_BITS 256
+#else
+ #ifndef DEFAULT_MIN_ECCKEY_BITS
+ #define DEFAULT_MIN_ECCKEY_BITS 224
+ #endif
+#endif
+
+/* all certs relative to wolfSSL home directory now */
+#if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL)
+#define caCertFile "certs/ca-cert.pem"
+#define eccCertFile "certs/server-ecc.pem"
+#define eccKeyFile "certs/ecc-key.pem"
+#define eccRsaCertFile "certs/server-ecc-rsa.pem"
+#define svrCertFile "certs/server-cert.pem"
+#define svrKeyFile "certs/server-key.pem"
+#define cliCertFile "certs/client-cert.pem"
+#define cliCertDerFile "certs/client-cert.der"
+#define cliCertFileExt "certs/client-cert-ext.pem"
+#define cliCertDerFileExt "certs/client-cert-ext.der"
+#define cliKeyFile "certs/client-key.pem"
+#define ntruCertFile "certs/ntru-cert.pem"
+#define ntruKeyFile "certs/ntru-key.raw"
+#define dhParamFile "certs/dh2048.pem"
+#define cliEccKeyFile "certs/ecc-client-key.pem"
+#define cliEccCertFile "certs/client-ecc-cert.pem"
+#define caEccCertFile "certs/ca-ecc-cert.pem"
+#define crlPemDir "certs/crl"
+#define edCertFile "certs/ed25519/server-ed25519-cert.pem"
+#define edKeyFile "certs/ed25519/server-ed25519-priv.pem"
+#define cliEdCertFile "certs/ed25519/client-ed25519.pem"
+#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem"
+#define caEdCertFile "certs/ed25519/ca-ed25519.pem"
+#define ed448CertFile "certs/ed448/server-ed448-cert.pem"
+#define ed448KeyFile "certs/ed448/server-ed448-priv.pem"
+#define cliEd448CertFile "certs/ed448/client-ed448.pem"
+#define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem"
+#define caEd448CertFile "certs/ed448/ca-ed448.pem"
+#define caCertFolder "certs/"
+#ifdef HAVE_WNR
+ /* Whitewood netRandom default config file */
+ #define wnrConfig "wnr-example.conf"
+#endif
+#else
+#define caCertFile "./certs/ca-cert.pem"
+#define eccCertFile "./certs/server-ecc.pem"
+#define eccKeyFile "./certs/ecc-key.pem"
+#define eccRsaCertFile "./certs/server-ecc-rsa.pem"
+#define svrCertFile "./certs/server-cert.pem"
+#define svrKeyFile "./certs/server-key.pem"
+#define cliCertFile "./certs/client-cert.pem"
+#define cliCertDerFile "./certs/client-cert.der"
+#define cliCertFileExt "./certs/client-cert-ext.pem"
+#define cliCertDerFileExt "./certs/client-cert-ext.der"
+#define cliKeyFile "./certs/client-key.pem"
+#define ntruCertFile "./certs/ntru-cert.pem"
+#define ntruKeyFile "./certs/ntru-key.raw"
+#define dhParamFile "./certs/dh2048.pem"
+#define cliEccKeyFile "./certs/ecc-client-key.pem"
+#define cliEccCertFile "./certs/client-ecc-cert.pem"
+#define caEccCertFile "./certs/ca-ecc-cert.pem"
+#define crlPemDir "./certs/crl"
+#define edCertFile "./certs/ed25519/server-ed25519-cert.pem"
+#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem"
+#define cliEdCertFile "./certs/ed25519/client-ed25519.pem"
+#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem"
+#define caEdCertFile "./certs/ed25519/ca-ed25519.pem"
+#define ed448CertFile "./certs/ed448/server-ed448-cert.pem"
+#define ed448KeyFile "./certs/ed448/server-ed448-priv.pem"
+#define cliEd448CertFile "./certs/ed448/client-ed448.pem"
+#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem"
+#define caEd448CertFile "./certs/ed448/ca-ed448.pem"
+#define caCertFolder "./certs/"
+#ifdef HAVE_WNR
+ /* Whitewood netRandom default config file */
+ #define wnrConfig "./wnr-example.conf"
+#endif
+#endif
+
+typedef struct tcp_ready {
+ word16 ready; /* predicate */
+ word16 port;
+ char* srfName; /* server ready file name */
+#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
+ pthread_mutex_t mutex;
+ pthread_cond_t cond;
+#endif
+} tcp_ready;
+
+
+static WC_INLINE void InitTcpReady(tcp_ready* ready)
+{
+ ready->ready = 0;
+ ready->port = 0;
+ ready->srfName = NULL;
+#ifdef SINGLE_THREADED
+#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
+ pthread_mutex_init(&ready->mutex, 0);
+ pthread_cond_init(&ready->cond, 0);
+#endif
+}
+
+
+static WC_INLINE void FreeTcpReady(tcp_ready* ready)
+{
+#ifdef SINGLE_THREADED
+ (void)ready;
+#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
+ pthread_mutex_destroy(&ready->mutex);
+ pthread_cond_destroy(&ready->cond);
+#else
+ (void)ready;
+#endif
+}
+
+typedef WOLFSSL_METHOD* (*method_provider)(void);
+typedef void (*ctx_callback)(WOLFSSL_CTX* ctx);
+typedef void (*ssl_callback)(WOLFSSL* ssl);
+
+typedef struct callback_functions {
+ method_provider method;
+ ctx_callback ctx_ready;
+ ssl_callback ssl_ready;
+ ssl_callback on_result;
+ WOLFSSL_CTX* ctx;
+ unsigned char isSharedCtx:1;
+} callback_functions;
+
+typedef struct func_args {
+ int argc;
+ char** argv;
+ int return_code;
+ tcp_ready* signal;
+ callback_functions *callbacks;
+} func_args;
+
+
+
+
+void wait_tcp_ready(func_args*);
+
+#ifdef WOLFSSL_ZEPHYR
+typedef void THREAD_FUNC(void*, void*, void*);
+#else
+typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
+#endif
+
+void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
+void join_thread(THREAD_TYPE);
+
+/* wolfSSL */
+#ifndef TEST_IPV6
+ static const char* const wolfSSLIP = "127.0.0.1";
+#else
+ static const char* const wolfSSLIP = "::1";
+#endif
+static const word16 wolfSSLPort = 11111;
+
+
+
+#ifndef MY_EX_USAGE
+#define MY_EX_USAGE 2
+#endif
+
+#ifndef EXIT_FAILURE
+#define EXIT_FAILURE 1
+#endif
+
+#if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR)
+ #ifndef EXIT_SUCCESS
+ #define EXIT_SUCCESS 0
+ #endif
+ #define XEXIT(rc) return rc
+ #define XEXIT_T(rc) return (THREAD_RETURN)rc
+#else
+ #define XEXIT(rc) exit((int)(rc))
+ #define XEXIT_T(rc) exit((int)(rc))
+#endif
+
+
+static WC_INLINE
+#if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR)
+THREAD_RETURN
+#else
+WC_NORETURN void
+#endif
+err_sys(const char* msg)
+{
+#if !defined(__GNUC__)
+ /* scan-build (which pretends to be gnuc) can get confused and think the
+ * msg pointer can be null even when hardcoded and then it won't exit,
+ * making null pointer checks above the err_sys() call useless.
+ * We could just always exit() but some compilers will complain about no
+ * possible return, with gcc we know the attribute to handle that with
+ * WC_NORETURN. */
+ if (msg)
+#endif
+ {
+ printf("wolfSSL error: %s\n", msg);
+
+ XEXIT_T(EXIT_FAILURE);
+ }
+}
+
+static WC_INLINE
+#if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR)
+THREAD_RETURN
+#else
+WC_NORETURN void
+#endif
+err_sys_with_errno(const char* msg)
+{
+#if !defined(__GNUC__)
+ /* scan-build (which pretends to be gnuc) can get confused and think the
+ * msg pointer can be null even when hardcoded and then it won't exit,
+ * making null pointer checks above the err_sys() call useless.
+ * We could just always exit() but some compilers will complain about no
+ * possible return, with gcc we know the attribute to handle that with
+ * WC_NORETURN. */
+ if (msg)
+#endif
+ {
+#if defined(HAVE_STRING_H) && defined(HAVE_ERRNO_H)
+ printf("wolfSSL error: %s: %s\n", msg, strerror(errno));
+#else
+ printf("wolfSSL error: %s\n", msg);
+#endif
+
+ XEXIT_T(EXIT_FAILURE);
+ }
+}
+
+
+extern int myoptind;
+extern char* myoptarg;
+
+/**
+ *
+ * @param argc Number of argv strings
+ * @param argv Array of string arguments
+ * @param optstring String containing the supported alphanumeric arguments.
+ * A ':' following a character means that it requires a
+ * value in myoptarg to be set. A ';' means that the
+ * myoptarg is optional. myoptarg is set to "" if not
+ * present.
+ * @return Option letter in argument
+ */
+static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
+{
+ static char* next = NULL;
+
+ char c;
+ char* cp;
+
+ /* Added sanity check because scan-build complains argv[myoptind] access
+ * results in a null pointer dereference. */
+ if (argv == NULL) {
+ myoptarg = NULL;
+ return -1;
+ }
+
+ if (myoptind == 0)
+ next = NULL; /* we're starting new/over */
+
+ if (next == NULL || *next == '\0') {
+ if (myoptind == 0)
+ myoptind++;
+
+ if (myoptind >= argc || argv[myoptind] == NULL ||
+ argv[myoptind][0] != '-' || argv[myoptind][1] == '\0') {
+ myoptarg = NULL;
+ if (myoptind < argc)
+ myoptarg = argv[myoptind];
+
+ return -1;
+ }
+
+ if (strcmp(argv[myoptind], "--") == 0) {
+ myoptind++;
+ myoptarg = NULL;
+
+ if (myoptind < argc)
+ myoptarg = argv[myoptind];
+
+ return -1;
+ }
+
+ next = argv[myoptind];
+ next++; /* skip - */
+ myoptind++;
+ }
+
+ c = *next++;
+ /* The C++ strchr can return a different value */
+ cp = (char*)strchr(optstring, c);
+
+ if (cp == NULL || c == ':' || c == ';')
+ return '?';
+
+ cp++;
+
+ if (*cp == ':') {
+ if (*next != '\0') {
+ myoptarg = next;
+ next = NULL;
+ }
+ else if (myoptind < argc) {
+ myoptarg = argv[myoptind];
+ myoptind++;
+ }
+ else
+ return '?';
+ }
+ else if (*cp == ';') {
+ myoptarg = (char*)"";
+ if (*next != '\0') {
+ myoptarg = next;
+ next = NULL;
+ }
+ else if (myoptind < argc) {
+ /* Check if next argument is not a parameter argument */
+ if (argv[myoptind] && argv[myoptind][0] != '-') {
+ myoptarg = argv[myoptind];
+ myoptind++;
+ }
+ }
+ }
+
+ return c;
+}
+
+struct mygetopt_long_config {
+ const char *name;
+ int takes_arg;
+ int value;
+};
+
+/**
+ *
+ * @param argc Number of argv strings
+ * @param argv Array of string arguments
+ * @param optstring String containing the supported alphanumeric arguments.
+ * A ':' following a character means that it requires a
+ * value in myoptarg to be set. A ';' means that the
+ * myoptarg is optional. myoptarg is set to "" if not
+ * present.
+ * @return Option letter in argument
+ */
+static WC_INLINE int mygetopt_long(int argc, char** argv, const char* optstring,
+ const struct mygetopt_long_config *longopts, int *longindex)
+{
+ static char* next = NULL;
+
+ int c;
+ char* cp;
+
+ /* Added sanity check because scan-build complains argv[myoptind] access
+ * results in a null pointer dereference. */
+ if (argv == NULL) {
+ myoptarg = NULL;
+ return -1;
+ }
+
+ if (myoptind == 0)
+ next = NULL; /* we're starting new/over */
+
+ if (next == NULL || *next == '\0') {
+ if (myoptind == 0)
+ myoptind++;
+
+ if (myoptind >= argc || argv[myoptind] == NULL ||
+ argv[myoptind][0] != '-' || argv[myoptind][1] == '\0') {
+ myoptarg = NULL;
+ if (myoptind < argc)
+ myoptarg = argv[myoptind];
+
+ return -1;
+ }
+
+ if (strcmp(argv[myoptind], "--") == 0) {
+ myoptind++;
+ myoptarg = NULL;
+
+ if (myoptind < argc)
+ myoptarg = argv[myoptind];
+
+ return -1;
+ }
+
+ if (strncmp(argv[myoptind], "--", 2) == 0) {
+ const struct mygetopt_long_config *i;
+ c = -1;
+ myoptarg = NULL;
+ for (i = longopts; i->name; ++i) {
+ if (! strcmp(argv[myoptind] + 2, i->name)) {
+ c = i->value;
+ myoptind++;
+ if (longindex)
+ *longindex = (int)((i - longopts) / sizeof *i);
+ if (i->takes_arg) {
+ if (myoptind < argc) {
+ myoptarg = argv[myoptind];
+ myoptind++;
+ } else
+ return -1;
+ }
+ break;
+ }
+ }
+
+ return c;
+ }
+
+ next = argv[myoptind];
+ next++; /* skip - */
+ myoptind++;
+ }
+
+ c = *next++;
+ /* The C++ strchr can return a different value */
+ cp = (char*)strchr(optstring, c);
+
+ if (cp == NULL || c == ':' || c == ';')
+ return '?';
+
+ cp++;
+
+ if (*cp == ':') {
+ if (*next != '\0') {
+ myoptarg = next;
+ next = NULL;
+ }
+ else if (myoptind < argc) {
+ myoptarg = argv[myoptind];
+ myoptind++;
+ }
+ else
+ return '?';
+ }
+ else if (*cp == ';') {
+ myoptarg = (char*)"";
+ if (*next != '\0') {
+ myoptarg = next;
+ next = NULL;
+ }
+ else if (myoptind < argc) {
+ /* Check if next argument is not a parameter argument */
+ if (argv[myoptind] && argv[myoptind][0] != '-') {
+ myoptarg = argv[myoptind];
+ myoptind++;
+ }
+ }
+ }
+
+ return c;
+}
+
+
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+
+static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
+{
+ (void)rw;
+ (void)userdata;
+ if (userdata != NULL) {
+ strncpy(passwd, (char*)userdata, sz);
+ return (int)XSTRLEN((char*)userdata);
+ }
+ else {
+ strncpy(passwd, "yassl123", sz);
+ return 8;
+ }
+}
+
+#endif
+
+static const char* client_showpeer_msg[][9] = {
+ /* English */
+ {
+ "SSL version is",
+ "SSL cipher suite is",
+ "SSL signature algorithm is",
+ "SSL curve name is",
+ "SSL DH size is",
+ "SSL reused session",
+ "Alternate cert chain used",
+ "peer's cert info:",
+ NULL
+ },
+#ifndef NO_MULTIBYTE_PRINT
+ /* Japanese */
+ {
+ "SSL バージョンは",
+ "SSL 暗号スイートは",
+ "SSL signature algorithm is",
+ "SSL 曲線名は",
+ "SSL DH サイズは",
+ "SSL 再利用セッション",
+ "代替証明チェーンを使用",
+ "相手方証明書情報",
+ NULL
+ },
+#endif
+};
+
+#if defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || defined(SESSION_CERTS)
+static const char* client_showx509_msg[][5] = {
+ /* English */
+ {
+ "issuer",
+ "subject",
+ "altname",
+ "serial number",
+ NULL
+ },
+#ifndef NO_MULTIBYTE_PRINT
+ /* Japanese */
+ {
+ "発行者",
+ "サブジェクト",
+ "代替名",
+ "シリアル番号",
+ NULL
+ },
+#endif
+};
+
+/* lng_index is to specify the language for displaying message. */
+/* 0:English, 1:Japanese */
+static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
+ int lng_index)
+{
+ char* altName;
+ char* issuer;
+ char* subject;
+ byte serial[32];
+ int ret;
+ int sz = sizeof(serial);
+ const char** words = client_showx509_msg[lng_index];
+
+ if (x509 == NULL) {
+ printf("%s No Cert\n", hdr);
+ return;
+ }
+
+ issuer = wolfSSL_X509_NAME_oneline(
+ wolfSSL_X509_get_issuer_name(x509), 0, 0);
+ subject = wolfSSL_X509_NAME_oneline(
+ wolfSSL_X509_get_subject_name(x509), 0, 0);
+
+ printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject);
+
+ while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
+ printf(" %s = %s\n", words[2], altName);
+
+ ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
+ if (ret == WOLFSSL_SUCCESS) {
+ int i;
+ int strLen;
+ char serialMsg[80];
+
+ /* testsuite has multiple threads writing to stdout, get output
+ message ready to write once */
+ strLen = sprintf(serialMsg, " %s", words[3]);
+ for (i = 0; i < sz; i++)
+ sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
+ printf("%s\n", serialMsg);
+ }
+
+ XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+ XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
+
+#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA)
+ {
+ WOLFSSL_BIO* bio;
+ char buf[256]; /* should be size of ASN_NAME_MAX */
+ int textSz;
+
+ /* print out domain component if certificate has it */
+ textSz = wolfSSL_X509_NAME_get_text_by_NID(
+ wolfSSL_X509_get_subject_name(x509), NID_domainComponent,
+ buf, sizeof(buf));
+ if (textSz > 0) {
+ printf("Domain Component = %s\n", buf);
+ }
+
+ bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
+ if (bio != NULL) {
+ wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
+ wolfSSL_X509_print(bio, x509);
+ wolfSSL_BIO_free(bio);
+ }
+ }
+#endif /* SHOW_CERTS && OPENSSL_EXTRA */
+}
+/* original ShowX509 to maintain compatibility */
+static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
+{
+ ShowX509Ex(x509, hdr, 0);
+}
+
+#endif /* KEEP_PEER_CERT || KEEP_OUR_CERT || SESSION_CERTS */
+
+#if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \
+ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count,
+ const char* hdr)
+{
+ int i;
+ int length;
+ unsigned char buffer[3072];
+ WOLFSSL_X509* chainX509;
+
+ for (i = 0; i < count; i++) {
+ wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
+ buffer[length] = 0;
+ printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer);
+
+ chainX509 = wolfSSL_get_chain_X509(chain, i);
+ if (chainX509)
+ ShowX509(chainX509, hdr);
+ else
+ printf("get_chain_X509 failed\n");
+ wolfSSL_FreeX509(chainX509);
+ }
+}
+#endif /* SHOW_CERTS && SESSION_CERTS */
+
+/* lng_index is to specify the language for displaying message. */
+/* 0:English, 1:Japanese */
+static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index)
+{
+ WOLFSSL_CIPHER* cipher;
+ const char** words = client_showpeer_msg[lng_index];
+
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \
+ !defined(NO_DH)
+ const char *name;
+#endif
+#ifndef NO_DH
+ int bits;
+#endif
+#ifdef OPENSSL_EXTRA
+ int nid;
+#endif
+#ifdef KEEP_PEER_CERT
+ WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
+ if (peer)
+ ShowX509Ex(peer, words[6], lng_index);
+ else
+ printf("peer has no cert!\n");
+ wolfSSL_FreeX509(peer);
+#endif
+#if defined(SHOW_CERTS) && defined(KEEP_OUR_CERT) && \
+ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+ ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
+ printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
+#endif /* SHOW_CERTS && KEEP_OUR_CERT */
+ printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
+
+ cipher = wolfSSL_get_current_cipher(ssl);
+#ifdef HAVE_QSH
+ printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
+ wolfSSL_CIPHER_get_name(cipher));
+#else
+ printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
+#endif
+#ifdef OPENSSL_EXTRA
+ if (wolfSSL_get_signature_nid(ssl, &nid) == WOLFSSL_SUCCESS) {
+ printf("%s %s\n", words[2], OBJ_nid2sn(nid));
+ }
+#endif
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \
+ !defined(NO_DH)
+ if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
+ printf("%s %s\n", words[3], name);
+#endif
+#ifndef NO_DH
+ else if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
+ printf("%s %d bits\n", words[4], bits);
+#endif
+ if (wolfSSL_session_reused(ssl))
+ printf("%s\n", words[5]);
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+ if (wolfSSL_is_peer_alt_cert_chain(ssl))
+ printf("%s\n", words[6]);
+#endif
+
+#if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \
+ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+ {
+ WOLFSSL_X509_CHAIN* chain;
+
+ chain = wolfSSL_get_peer_chain(ssl);
+ ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert");
+
+ #ifdef WOLFSSL_ALT_CERT_CHAINS
+ if (wolfSSL_is_peer_alt_cert_chain(ssl)) {
+ chain = wolfSSL_get_peer_alt_chain(ssl);
+ ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert");
+ }
+ #endif
+ }
+#endif /* SHOW_CERTS && SESSION_CERTS */
+ (void)ssl;
+}
+/* original showPeer to maintain compatibility */
+static WC_INLINE void showPeer(WOLFSSL* ssl)
+{
+ showPeerEx(ssl, 0);
+}
+
+static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
+ word16 port, int udp, int sctp)
+{
+ int useLookup = 0;
+ (void)useLookup;
+ (void)udp;
+ (void)sctp;
+
+ if (addr == NULL)
+ err_sys("invalid argument to build_addr, addr is NULL");
+
+ XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T));
+
+#ifndef TEST_IPV6
+ /* peer could be in human readable form */
+ if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) {
+ #ifndef WOLFSSL_USE_GETADDRINFO
+ #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ int err;
+ struct hostent* entry = gethostbyname(peer, &err);
+ #elif defined(WOLFSSL_TIRTOS)
+ struct hostent* entry = DNSGetHostByName(peer);
+ #elif defined(WOLFSSL_VXWORKS)
+ struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
+ #else
+ struct hostent* entry = gethostbyname(peer);
+ #endif
+
+ if (entry) {
+ XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0],
+ entry->h_length);
+ useLookup = 1;
+ }
+ #else
+ struct zsock_addrinfo hints, *addrInfo;
+ char portStr[6];
+ XSNPRINTF(portStr, sizeof(portStr), "%d", port);
+ XMEMSET(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
+ hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
+ if (getaddrinfo((char*)peer, portStr, &hints, &addrInfo) == 0) {
+ XMEMCPY(addr, addrInfo->ai_addr, sizeof(*addr));
+ useLookup = 1;
+ }
+ #endif
+ else
+ err_sys("no entry for host");
+ }
+#endif
+
+
+#ifndef TEST_IPV6
+ #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ addr->sin_family = PF_INET;
+ #else
+ addr->sin_family = AF_INET_V;
+ #endif
+ addr->sin_port = XHTONS(port);
+ if ((size_t)peer == INADDR_ANY)
+ addr->sin_addr.s_addr = INADDR_ANY;
+ else {
+ if (!useLookup)
+ addr->sin_addr.s_addr = inet_addr(peer);
+ }
+#else
+ addr->sin6_family = AF_INET_V;
+ addr->sin6_port = XHTONS(port);
+ if ((size_t)peer == INADDR_ANY) {
+ addr->sin6_addr = in6addr_any;
+ }
+ else {
+ #if defined(HAVE_GETADDRINFO) || defined(WOLF_C99)
+ struct addrinfo hints;
+ struct addrinfo* answer = NULL;
+ int ret;
+ char strPort[80];
+
+ XMEMSET(&hints, 0, sizeof(hints));
+
+ hints.ai_family = AF_INET_V;
+ if (udp) {
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_protocol = IPPROTO_UDP;
+ }
+ #ifdef WOLFSSL_SCTP
+ else if (sctp) {
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_SCTP;
+ }
+ #endif
+ else {
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+ }
+
+ SNPRINTF(strPort, sizeof(strPort), "%d", port);
+ strPort[79] = '\0';
+
+ ret = getaddrinfo(peer, strPort, &hints, &answer);
+ if (ret < 0 || answer == NULL)
+ err_sys("getaddrinfo failed");
+
+ XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen);
+ freeaddrinfo(answer);
+ #else
+ printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
+ addr->sin6_addr = in6addr_loopback;
+ #endif
+ }
+#endif
+}
+
+
+static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
+{
+ (void)sctp;
+
+ if (udp)
+ *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
+#ifdef WOLFSSL_SCTP
+ else if (sctp)
+ *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
+#endif
+ else
+ *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
+
+ if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
+ err_sys_with_errno("socket failed\n");
+ }
+
+#ifndef USE_WINDOWS_API
+#ifdef SO_NOSIGPIPE
+ {
+ int on = 1;
+ socklen_t len = sizeof(on);
+ int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
+ if (res < 0)
+ err_sys_with_errno("setsockopt SO_NOSIGPIPE failed\n");
+ }
+#elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
+ defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
+ /* nothing to define */
+#else /* no S_NOSIGPIPE */
+ signal(SIGPIPE, SIG_IGN);
+#endif /* S_NOSIGPIPE */
+
+#if defined(TCP_NODELAY)
+ if (!udp && !sctp)
+ {
+ int on = 1;
+ socklen_t len = sizeof(on);
+ int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
+ if (res < 0)
+ err_sys_with_errno("setsockopt TCP_NODELAY failed\n");
+ }
+#endif
+#endif /* USE_WINDOWS_API */
+}
+
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && defined(WOLFSENTRY_H)
+
+#include <wolfsentry/wolfsentry_util.h>
+
+#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+#include <wolfsentry/wolfsentry_json.h>
+#endif
+
+struct wolfsentry_data {
+ struct wolfsentry_sockaddr remote;
+ byte remote_addrbuf[16];
+ struct wolfsentry_sockaddr local;
+ byte local_addrbuf[16];
+ wolfsentry_route_flags_t flags;
+ void *heap;
+ int alloctype;
+};
+
+static void free_wolfsentry_data(struct wolfsentry_data *data) {
+ XFREE(data, data->heap, data->alloctype);
+}
+
+static struct wolfsentry_context *wolfsentry = NULL;
+
+static int wolfsentry_data_index = -1;
+
+static WC_INLINE int wolfsentry_store_endpoints(
+ WOLFSSL *ssl,
+ SOCKADDR_IN_T *remote,
+ SOCKADDR_IN_T *local,
+ int proto,
+ wolfsentry_route_flags_t flags,
+ struct wolfsentry_data **wolfsentry_data_out)
+{
+ struct wolfsentry_data *wolfsentry_data = (struct wolfsentry_data *)XMALLOC(
+ sizeof *wolfsentry_data, NULL, DYNAMIC_TYPE_SOCKADDR);
+ if (wolfsentry_data == NULL)
+ return WOLFSSL_FAILURE;
+
+ wolfsentry_data->heap = NULL;
+ wolfsentry_data->alloctype = DYNAMIC_TYPE_SOCKADDR;
+
+#ifdef TEST_IPV6
+ if ((sizeof wolfsentry_data->remote_addrbuf < sizeof remote->sin6_addr) ||
+ (sizeof wolfsentry_data->local_addrbuf < sizeof local->sin6_addr))
+ return WOLFSSL_FAILURE;
+ wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin6_family;
+ wolfsentry_data->remote.sa_port = ntohs(remote->sin6_port);
+ wolfsentry_data->local.sa_port = ntohs(local->sin6_port);
+ if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_ADDR_WILDCARD)) {
+ wolfsentry_data->remote.addr_len = 0;
+ XMEMSET(wolfsentry_data->remote.addr, 0, sizeof remote->sin6_addr);
+ } else {
+ wolfsentry_data->remote.addr_len = sizeof remote->sin6_addr * BITS_PER_BYTE;
+ XMEMCPY(wolfsentry_data->remote.addr, &remote->sin6_addr, sizeof remote->sin6_addr);
+ }
+ if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD)) {
+ wolfsentry_data->local.addr_len = 0;
+ XMEMSET(wolfsentry_data->local.addr, 0, sizeof local->sin6_addr);
+ } else {
+ wolfsentry_data->local.addr_len = sizeof local->sin6_addr * BITS_PER_BYTE;
+ XMEMCPY(wolfsentry_data->local.addr, &local->sin6_addr, sizeof local->sin6_addr);
+ }
+#else
+ if ((sizeof wolfsentry_data->remote_addrbuf < sizeof remote->sin_addr) ||
+ (sizeof wolfsentry_data->local_addrbuf < sizeof local->sin_addr))
+ return WOLFSSL_FAILURE;
+ wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin_family;
+ wolfsentry_data->remote.sa_port = ntohs(remote->sin_port);
+ wolfsentry_data->local.sa_port = ntohs(local->sin_port);
+ if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_ADDR_WILDCARD)) {
+ wolfsentry_data->remote.addr_len = 0;
+ XMEMSET(wolfsentry_data->remote.addr, 0, sizeof remote->sin_addr);
+ } else {
+ wolfsentry_data->remote.addr_len = sizeof remote->sin_addr * BITS_PER_BYTE;
+ XMEMCPY(wolfsentry_data->remote.addr, &remote->sin_addr, sizeof remote->sin_addr);
+ }
+ if (WOLFSENTRY_CHECK_BITS(flags, WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD)) {
+ wolfsentry_data->local.addr_len = 0;
+ XMEMSET(wolfsentry_data->local.addr, 0, sizeof local->sin_addr);
+ } else {
+ wolfsentry_data->local.addr_len = sizeof local->sin_addr * BITS_PER_BYTE;
+ XMEMCPY(wolfsentry_data->local.addr, &local->sin_addr, sizeof local->sin_addr);
+ }
+#endif
+ wolfsentry_data->remote.sa_proto = wolfsentry_data->local.sa_proto = proto;
+ wolfsentry_data->remote.interface = wolfsentry_data->local.interface = 0;
+ wolfsentry_data->flags = flags;
+
+ if (wolfSSL_set_ex_data_with_cleanup(
+ ssl, wolfsentry_data_index, wolfsentry_data,
+ (wolfSSL_ex_data_cleanup_routine_t)free_wolfsentry_data) !=
+ WOLFSSL_SUCCESS) {
+ free_wolfsentry_data(wolfsentry_data);
+ return WOLFSSL_FAILURE;
+ }
+
+ if (wolfsentry_data_out != NULL)
+ *wolfsentry_data_out = wolfsentry_data;
+
+ return WOLFSSL_SUCCESS;
+}
+
+static int wolfSentry_NetworkFilterCallback(
+ WOLFSSL *ssl,
+ struct wolfsentry_context *_wolfsentry,
+ wolfSSL_netfilter_decision_t *decision)
+{
+ struct wolfsentry_data *data;
+ char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
+ wolfsentry_errcode_t ret;
+ wolfsentry_action_res_t action_results;
+
+ if ((data = wolfSSL_get_ex_data(ssl, wolfsentry_data_index)) == NULL)
+ return WOLFSSL_FAILURE;
+
+ ret = wolfsentry_route_event_dispatch(
+ _wolfsentry,
+ &data->remote,
+ &data->local,
+ data->flags,
+ NULL /* event_label */,
+ 0 /* event_label_len */,
+ NULL /* caller_context */,
+ NULL /* id */,
+ NULL /* inexact_matches */,
+ &action_results);
+
+ if (ret >= 0) {
+ if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
+ *decision = WOLFSSL_NETFILTER_REJECT;
+ else if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_ACCEPT))
+ *decision = WOLFSSL_NETFILTER_ACCEPT;
+ else
+ *decision = WOLFSSL_NETFILTER_PASS;
+ } else {
+ printf("wolfsentry_route_event_dispatch error "
+ WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ *decision = WOLFSSL_NETFILTER_PASS;
+ }
+
+ printf("wolfSentry got network filter callback: family=%d proto=%d rport=%d"
+ " lport=%d raddr=%s laddr=%s interface=%d; decision=%d (%s)\n",
+ data->remote.sa_family,
+ data->remote.sa_proto,
+ data->remote.sa_port,
+ data->local.sa_port,
+ inet_ntop(data->remote.sa_family, data->remote.addr, inet_ntop_buf,
+ sizeof inet_ntop_buf),
+ inet_ntop(data->local.sa_family, data->local.addr, inet_ntop_buf2,
+ sizeof inet_ntop_buf2),
+ data->remote.interface,
+ *decision,
+ *decision == WOLFSSL_NETFILTER_REJECT ? "REJECT" :
+ *decision == WOLFSSL_NETFILTER_ACCEPT ? "ACCEPT" :
+ *decision == WOLFSSL_NETFILTER_PASS ? "PASS" :
+ "???");
+
+ return WOLFSSL_SUCCESS;
+}
+
+static int wolfsentry_setup(
+ struct wolfsentry_context **_wolfsentry,
+ const char *_wolfsentry_config_path,
+ wolfsentry_route_flags_t route_flags)
+{
+ wolfsentry_errcode_t ret;
+ ret = wolfsentry_init(NULL /* hpi */, NULL /* default config */,
+ _wolfsentry);
+ if (ret < 0) {
+ fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ err_sys("unable to initialize wolfSentry");
+ }
+
+ if (wolfsentry_data_index < 0)
+ wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL,
+ NULL);
+
+#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+ if (_wolfsentry_config_path != NULL) {
+ char buf[512], err_buf[512];
+ struct wolfsentry_json_process_state *jps;
+
+ FILE *f = fopen(_wolfsentry_config_path, "r");
+
+ if (f == NULL) {
+ fprintf(stderr, "fopen(%s): %s\n",_wolfsentry_config_path,strerror(errno));
+ err_sys("unable to open wolfSentry config file");
+ }
+
+ if ((ret = wolfsentry_config_json_init(
+ *_wolfsentry,
+ WOLFSENTRY_CONFIG_LOAD_FLAG_NONE,
+ &jps)) < 0) {
+ fprintf(stderr, "wolfsentry_config_json_init() returned "
+ WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ err_sys("error while initializing wolfSentry config parser");
+ }
+
+ for (;;) {
+ size_t n = fread(buf, 1, sizeof buf, f);
+ if ((n < sizeof buf) && ferror(f)) {
+ fprintf(stderr,"fread(%s): %s\n",_wolfsentry_config_path, strerror(errno));
+ err_sys("error while reading wolfSentry config file");
+ }
+
+ ret = wolfsentry_config_json_feed(jps, buf, n, err_buf, sizeof err_buf);
+ if (ret < 0) {
+ fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
+ err_sys("error while loading wolfSentry config file");
+ }
+ if ((n < sizeof buf) && feof(f))
+ break;
+ }
+ fclose(f);
+
+ if ((ret = wolfsentry_config_json_fini(jps, err_buf, sizeof err_buf)) < 0) {
+ fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
+ err_sys("error while loading wolfSentry config file");
+ }
+
+ } else
+#endif /* !NO_FILESYSTEM && !WOLFSENTRY_NO_JSON */
+ {
+ struct wolfsentry_route_table *table;
+
+ if ((ret = wolfsentry_route_get_table_static(*_wolfsentry,
+ &table)) < 0)
+ fprintf(stderr, "wolfsentry_route_get_table_static() returned "
+ WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(ret));
+
+ if (ret < 0)
+ return ret;
+
+ if (WOLFSENTRY_CHECK_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT)) {
+ struct {
+ struct wolfsentry_sockaddr sa;
+ byte buf[16];
+ } remote, local;
+ wolfsentry_ent_id_t id;
+ wolfsentry_action_res_t action_results;
+
+ if ((ret = wolfsentry_route_table_default_policy_set(
+ *_wolfsentry, table,
+ WOLFSENTRY_ACTION_RES_ACCEPT))
+ < 0) {
+ fprintf(stderr,
+ "wolfsentry_route_table_default_policy_set() returned "
+ WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ return ret;
+ }
+
+ XMEMSET(&remote, 0, sizeof remote);
+ XMEMSET(&local, 0, sizeof local);
+#ifdef TEST_IPV6
+ remote.sa.sa_family = local.sa.sa_family = AF_INET6;
+ remote.sa.addr_len = 128;
+ XMEMCPY(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
+#else
+ remote.sa.sa_family = local.sa.sa_family = AF_INET;
+ remote.sa.addr_len = 32;
+ XMEMCPY(remote.sa.addr, "\177\000\000\001", 4);
+#endif
+
+ if ((ret = wolfsentry_route_insert_static
+ (*_wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa,
+ route_flags |
+ WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
+ WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_REMOTE_INTERFACE_WILDCARD|
+ WOLFSENTRY_ROUTE_FLAG_LOCAL_INTERFACE_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
+ 0 /* event_label_len */, 0 /* event_label */, &id,
+ &action_results)) < 0) {
+ fprintf(stderr, "wolfsentry_route_insert_static() returned "
+ WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ return ret;
+ }
+ } else if (WOLFSENTRY_CHECK_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN)) {
+ struct {
+ struct wolfsentry_sockaddr sa;
+ byte buf[16];
+ } remote, local;
+ wolfsentry_ent_id_t id;
+ wolfsentry_action_res_t action_results;
+
+ if ((ret = wolfsentry_route_table_default_policy_set(
+ *_wolfsentry, table,
+ WOLFSENTRY_ACTION_RES_REJECT|WOLFSENTRY_ACTION_RES_STOP))
+ < 0) {
+ fprintf(stderr,
+ "wolfsentry_route_table_default_policy_set() returned "
+ WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ return ret;
+ }
+
+ XMEMSET(&remote, 0, sizeof remote);
+ XMEMSET(&local, 0, sizeof local);
+#ifdef TEST_IPV6
+ remote.sa.sa_family = local.sa.sa_family = AF_INET6;
+ remote.sa.addr_len = 128;
+ XMEMCPY(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
+#else
+ remote.sa.sa_family = local.sa.sa_family = AF_INET;
+ remote.sa.addr_len = 32;
+ XMEMCPY(remote.sa.addr, "\177\000\000\001", 4);
+#endif
+
+ if ((ret = wolfsentry_route_insert_static
+ (*_wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa,
+ route_flags |
+ WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
+ WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_REMOTE_INTERFACE_WILDCARD|
+ WOLFSENTRY_ROUTE_FLAG_LOCAL_INTERFACE_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
+ WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
+ 0 /* event_label_len */, 0 /* event_label */, &id,
+ &action_results)) < 0) {
+ fprintf(stderr, "wolfsentry_route_insert_static() returned "
+ WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ return ret;
+ }
+ }
+ }
+
+ return 0;
+}
+
+static WC_INLINE int tcp_connect_with_wolfSentry(
+ SOCKET_T* sockfd,
+ const char* ip,
+ word16 port,
+ int udp,
+ int sctp,
+ WOLFSSL* ssl,
+ struct wolfsentry_context *_wolfsentry)
+{
+ SOCKADDR_IN_T remote_addr;
+ struct wolfsentry_data *wolfsentry_data;
+ char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
+ wolfsentry_errcode_t ret;
+ wolfsentry_action_res_t action_results;
+ wolfSSL_netfilter_decision_t decision;
+
+ build_addr(&remote_addr, ip, port, udp, sctp);
+
+ {
+ SOCKADDR_IN_T local_addr;
+#ifdef TEST_IPV6
+ local_addr.sin6_port = 0;
+#else
+ local_addr.sin_port = 0;
+#endif
+ ((struct sockaddr *)&local_addr)->sa_family = ((struct sockaddr *)&remote_addr)->sa_family;
+
+ if (wolfsentry_store_endpoints(
+ ssl, &remote_addr, &local_addr,
+ udp ? IPPROTO_UDP : IPPROTO_TCP,
+ WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT|
+ WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD|
+ WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD, &wolfsentry_data) != WOLFSSL_SUCCESS)
+ return WOLFSSL_FAILURE;
+ }
+
+ ret = wolfsentry_route_event_dispatch(
+ _wolfsentry,
+ &wolfsentry_data->remote,
+ &wolfsentry_data->local,
+ wolfsentry_data->flags,
+ NULL /* event_label */,
+ 0 /* event_label_len */,
+ NULL /* caller_context */,
+ NULL /* id */,
+ NULL /* inexact_matches */,
+ &action_results);
+
+ if (ret < 0) {
+ printf("wolfsentry_route_event_dispatch error "
+ WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
+ decision = WOLFSSL_NETFILTER_PASS;
+ } else {
+ if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
+ decision = WOLFSSL_NETFILTER_REJECT;
+ else if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_ACCEPT))
+ decision = WOLFSSL_NETFILTER_ACCEPT;
+ else
+ decision = WOLFSSL_NETFILTER_PASS;
+ }
+
+ printf("wolfSentry callin from tcp_connect_with_wolfSentry: family=%d proto=%d rport=%d"
+ " lport=%d raddr=%s laddr=%s interface=%d; decision=%d (%s)\n",
+ wolfsentry_data->remote.sa_family,
+ wolfsentry_data->remote.sa_proto,
+ wolfsentry_data->remote.sa_port,
+ wolfsentry_data->local.sa_port,
+ inet_ntop(wolfsentry_data->remote.sa_family, wolfsentry_data->remote.addr, inet_ntop_buf,
+ sizeof inet_ntop_buf),
+ inet_ntop(wolfsentry_data->local.sa_family, wolfsentry_data->local.addr, inet_ntop_buf2,
+ sizeof inet_ntop_buf2),
+ wolfsentry_data->remote.interface,
+ decision,
+ decision == WOLFSSL_NETFILTER_REJECT ? "REJECT" :
+ decision == WOLFSSL_NETFILTER_ACCEPT ? "ACCEPT" :
+ decision == WOLFSSL_NETFILTER_PASS ? "PASS" :
+ "???");
+
+ if (decision == WOLFSSL_NETFILTER_REJECT)
+ return SOCKET_FILTERED_E;
+
+ if (udp) {
+ wolfSSL_dtls_set_peer(ssl, &remote_addr, sizeof(remote_addr));
+ }
+ tcp_socket(sockfd, udp, sctp);
+
+ if (!udp) {
+ if (connect(*sockfd, (const struct sockaddr*)&remote_addr, sizeof(remote_addr)) != 0)
+ err_sys_with_errno("tcp connect failed");
+ }
+
+ return WOLFSSL_SUCCESS;
+}
+
+#define tcp_connect(sockfd, ip, port, udp, sctp, ssl) \
+ tcp_connect_with_wolfSentry(sockfd, ip, port, udp, sctp, ssl, wolfsentry)
+
+#else /* !WOLFSSL_WOLFSENTRY_HOOKS */
+
+static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
+ int udp, int sctp, WOLFSSL* ssl)
+{
+ SOCKADDR_IN_T addr;
+ build_addr(&addr, ip, port, udp, sctp);
+ if (udp) {
+ wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
+ }
+ tcp_socket(sockfd, udp, sctp);
+
+ if (!udp) {
+ if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+ err_sys_with_errno("tcp connect failed");
+ }
+}
+
+#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
+
+
+static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
+{
+ if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
+ err_sys_with_errno("tcp connect failed");
+}
+
+
+enum {
+ TEST_SELECT_FAIL,
+ TEST_TIMEOUT,
+ TEST_RECV_READY,
+ TEST_SEND_READY,
+ TEST_ERROR_READY
+};
+
+
+#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \
+ !defined(WOLFSSL_TIRTOS)
+static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx)
+{
+ fd_set fds, errfds;
+ fd_set* recvfds = NULL;
+ fd_set* sendfds = NULL;
+ SOCKET_T nfds = socketfd + 1;
+#if !defined(__INTEGRITY)
+ struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0};
+#else
+ struct timeval timeout;
+#endif
+ int result;
+
+ FD_ZERO(&fds);
+ FD_SET(socketfd, &fds);
+ FD_ZERO(&errfds);
+ FD_SET(socketfd, &errfds);
+
+ if (rx)
+ recvfds = &fds;
+ else
+ sendfds = &fds;
+
+#if defined(__INTEGRITY)
+ timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0;
+#endif
+ result = select(nfds, recvfds, sendfds, &errfds, &timeout);
+
+ if (result == 0)
+ return TEST_TIMEOUT;
+ else if (result > 0) {
+ if (FD_ISSET(socketfd, &fds)) {
+ if (rx)
+ return TEST_RECV_READY;
+ else
+ return TEST_SEND_READY;
+ }
+ else if(FD_ISSET(socketfd, &errfds))
+ return TEST_ERROR_READY;
+ }
+
+ return TEST_SELECT_FAIL;
+}
+
+static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
+{
+ return tcp_select_ex(socketfd, to_sec, 1);
+}
+
+static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec)
+{
+ return tcp_select_ex(socketfd, to_sec, 0);
+}
+
+#elif defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_KEIL_TCP_NET)
+static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
+{
+ return TEST_RECV_READY;
+}
+static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec)
+{
+ return TEST_SEND_READY;
+}
+#endif /* !WOLFSSL_MDK_ARM */
+
+
+static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
+ int udp, int sctp)
+{
+ SOCKADDR_IN_T addr;
+
+ /* don't use INADDR_ANY by default, firewall may block, make user switch
+ on */
+ build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
+ tcp_socket(sockfd, udp, sctp);
+
+#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
+ && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR)
+ {
+ int res, on = 1;
+ socklen_t len = sizeof(on);
+ res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
+ if (res < 0)
+ err_sys_with_errno("setsockopt SO_REUSEADDR failed\n");
+ }
+#ifdef SO_REUSEPORT
+ {
+ int res, on = 1;
+ socklen_t len = sizeof(on);
+ res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEPORT, &on, len);
+ if (res < 0)
+ err_sys_with_errno("setsockopt SO_REUSEPORT failed\n");
+ }
+#endif
+#endif
+
+ if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+ err_sys_with_errno("tcp bind failed");
+ if (!udp) {
+ #ifdef WOLFSSL_KEIL_TCP_NET
+ #define SOCK_LISTEN_MAX_QUEUE 1
+ #else
+ #define SOCK_LISTEN_MAX_QUEUE 5
+ #endif
+ if (listen(*sockfd, SOCK_LISTEN_MAX_QUEUE) != 0)
+ err_sys_with_errno("tcp listen failed");
+ }
+ #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) \
+ && !defined(WOLFSSL_ZEPHYR)
+ if (*port == 0) {
+ socklen_t len = sizeof(addr);
+ if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
+ #ifndef TEST_IPV6
+ *port = XNTOHS(addr.sin_port);
+ #else
+ *port = XNTOHS(addr.sin6_port);
+ #endif
+ }
+ }
+ #endif
+}
+
+
+#if 0
+static WC_INLINE int udp_read_connect(SOCKET_T sockfd)
+{
+ SOCKADDR_IN_T cliaddr;
+ byte b[1500];
+ int n;
+ socklen_t len = sizeof(cliaddr);
+
+ n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
+ (struct sockaddr*)&cliaddr, &len);
+ if (n > 0) {
+ if (connect(sockfd, (const struct sockaddr*)&cliaddr,
+ sizeof(cliaddr)) != 0)
+ err_sys("udp connect failed");
+ }
+ else
+ err_sys("recvfrom failed");
+
+ return sockfd;
+}
+#endif
+
+static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
+ int useAnyAddr, word16 port, func_args* args)
+{
+ SOCKADDR_IN_T addr;
+
+ (void)args;
+ build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
+ tcp_socket(sockfd, 1, 0);
+
+
+#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
+ && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR)
+ {
+ int res, on = 1;
+ socklen_t len = sizeof(on);
+ res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
+ if (res < 0)
+ err_sys_with_errno("setsockopt SO_REUSEADDR failed\n");
+ }
+#ifdef SO_REUSEPORT
+ {
+ int res, on = 1;
+ socklen_t len = sizeof(on);
+ res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEPORT, &on, len);
+ if (res < 0)
+ err_sys_with_errno("setsockopt SO_REUSEPORT failed\n");
+ }
+#endif
+#endif
+
+ if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+ err_sys_with_errno("tcp bind failed");
+
+ #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
+ if (port == 0) {
+ socklen_t len = sizeof(addr);
+ if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
+ #ifndef TEST_IPV6
+ port = XNTOHS(addr.sin_port);
+ #else
+ port = XNTOHS(addr.sin6_port);
+ #endif
+ }
+ }
+ #endif
+
+#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
+ /* signal ready to accept data */
+ {
+ tcp_ready* ready = args->signal;
+ pthread_mutex_lock(&ready->mutex);
+ ready->ready = 1;
+ ready->port = port;
+ pthread_cond_signal(&ready->cond);
+ pthread_mutex_unlock(&ready->mutex);
+ }
+#elif defined (WOLFSSL_TIRTOS)
+ /* Need mutex? */
+ tcp_ready* ready = args->signal;
+ ready->ready = 1;
+ ready->port = port;
+#else
+ (void)port;
+#endif
+
+ *clientfd = *sockfd;
+}
+
+static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
+ func_args* args, word16 port, int useAnyAddr,
+ int udp, int sctp, int ready_file, int do_listen,
+ SOCKADDR_IN_T *client_addr, socklen_t *client_len)
+{
+ tcp_ready* ready = NULL;
+
+ (void) ready; /* Account for case when "ready" is not used */
+
+ if (udp) {
+ udp_accept(sockfd, clientfd, useAnyAddr, port, args);
+ return;
+ }
+
+ if(do_listen) {
+ tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
+
+ #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
+ /* signal ready to tcp_accept */
+ if (args)
+ ready = args->signal;
+ if (ready) {
+ pthread_mutex_lock(&ready->mutex);
+ ready->ready = 1;
+ ready->port = port;
+ pthread_cond_signal(&ready->cond);
+ pthread_mutex_unlock(&ready->mutex);
+ }
+ #elif defined (WOLFSSL_TIRTOS)
+ /* Need mutex? */
+ if (args)
+ ready = args->signal;
+ if (ready) {
+ ready->ready = 1;
+ ready->port = port;
+ }
+ #endif
+
+ if (ready_file) {
+ #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
+ XFILE srf = NULL;
+ if (args)
+ ready = args->signal;
+
+ if (ready) {
+ srf = XFOPEN(ready->srfName, "w");
+
+ if (srf) {
+ /* let's write port sever is listening on to ready file
+ external monitor can then do ephemeral ports by passing
+ -p 0 to server on supported platforms with -R ready_file
+ client can then wait for existence of ready_file and see
+ which port the server is listening on. */
+ fprintf(srf, "%d\n", (int)port);
+ fclose(srf);
+ }
+ }
+ #endif
+ }
+ }
+
+ *clientfd = accept(*sockfd, (struct sockaddr*)client_addr,
+ (ACCEPT_THIRD_T)client_len);
+ if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) {
+ err_sys_with_errno("tcp accept failed");
+ }
+}
+
+
+static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
+{
+ #ifdef USE_WINDOWS_API
+ unsigned long blocking = 1;
+ int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
+ if (ret == SOCKET_ERROR)
+ err_sys_with_errno("ioctlsocket failed");
+ #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \
+ || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \
+ || defined(WOLFSSL_ZEPHYR)
+ /* non blocking not supported, for now */
+ #else
+ int flags = fcntl(*sockfd, F_GETFL, 0);
+ if (flags < 0)
+ err_sys_with_errno("fcntl get failed");
+ flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
+ if (flags < 0)
+ err_sys_with_errno("fcntl set failed");
+ #endif
+}
+
+
+#ifndef NO_PSK
+
+/* identity is OpenSSL testing default for openssl s_client, keep same */
+static const char* kIdentityStr = "Client_identity";
+
+static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
+ char* identity, unsigned int id_max_len, unsigned char* key,
+ unsigned int key_max_len)
+{
+ (void)ssl;
+ (void)hint;
+ (void)key_max_len;
+
+ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+ XSTRNCPY(identity, kIdentityStr, id_max_len);
+
+ if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+ /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
+ unsigned binary */
+ key[0] = 0x1a;
+ key[1] = 0x2b;
+ key[2] = 0x3c;
+ key[3] = 0x4d;
+
+ return 4; /* length of key in octets or 0 for error */
+ }
+ else {
+ int i;
+ int b = 0x01;
+
+ for (i = 0; i < 32; i++, b += 0x22) {
+ if (b >= 0x100)
+ b = 0x01;
+ key[i] = b;
+ }
+
+ return 32; /* length of key in octets or 0 for error */
+ }
+}
+
+
+static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
+ unsigned char* key, unsigned int key_max_len)
+{
+ (void)ssl;
+ (void)key_max_len;
+
+ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+ if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
+ return 0;
+
+ if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+ /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
+ unsigned binary */
+ key[0] = 0x1a;
+ key[1] = 0x2b;
+ key[2] = 0x3c;
+ key[3] = 0x4d;
+
+ return 4; /* length of key in octets or 0 for error */
+ }
+ else {
+ int i;
+ int b = 0x01;
+
+ for (i = 0; i < 32; i++, b += 0x22) {
+ if (b >= 0x100)
+ b = 0x01;
+ key[i] = b;
+ }
+
+ return 32; /* length of key in octets or 0 for error */
+ }
+}
+
+#ifdef WOLFSSL_TLS13
+static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
+ const char* hint, char* identity, unsigned int id_max_len,
+ unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
+{
+ int i;
+ int b = 0x01;
+ const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
+
+ (void)ssl;
+ (void)hint;
+ (void)key_max_len;
+
+ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+ XSTRNCPY(identity, kIdentityStr, id_max_len);
+
+ for (i = 0; i < 32; i++, b += 0x22) {
+ if (b >= 0x100)
+ b = 0x01;
+ key[i] = b;
+ }
+
+ *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
+
+ return 32; /* length of key in octets or 0 for error */
+}
+
+
+static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
+ const char* identity, unsigned char* key, unsigned int key_max_len,
+ const char** ciphersuite)
+{
+ int i;
+ int b = 0x01;
+ int kIdLen = (int)XSTRLEN(kIdentityStr);
+ const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
+
+ (void)ssl;
+ (void)key_max_len;
+
+ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+ if (XSTRNCMP(identity, kIdentityStr, kIdLen) != 0)
+ return 0;
+ if (identity[kIdLen] != '\0') {
+ userCipher = wolfSSL_get_cipher_name_by_hash(ssl, identity + kIdLen);
+ }
+
+ for (i = 0; i < 32; i++, b += 0x22) {
+ if (b >= 0x100)
+ b = 0x01;
+ key[i] = b;
+ }
+
+ *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
+
+ return 32; /* length of key in octets or 0 for error */
+}
+#endif
+
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+ !defined(NO_FILESYSTEM)
+static unsigned char local_psk[32];
+#endif
+static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
+ const WOLFSSL_EVP_MD* md, const unsigned char **id,
+ size_t* idlen, WOLFSSL_SESSION **sess)
+{
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+ !defined(NO_FILESYSTEM)
+ int i;
+ int b = 0x01;
+ WOLFSSL_SESSION* lsess;
+ char buf[256];
+ const char* cipher_id = "TLS13-AES128-GCM-SHA256";
+ const SSL_CIPHER* cipher = NULL;
+ STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
+ int numCiphers = 0;
+ (void)ssl;
+ (void)md;
+
+ printf("use psk session callback \n");
+
+ lsess = wolfSSL_SESSION_new();
+ if (lsess == NULL) {
+ return 0;
+ }
+ supportedCiphers = SSL_get_ciphers(ssl);
+ numCiphers = sk_num(supportedCiphers);
+
+ for (i = 0; i < numCiphers; ++i) {
+
+ if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
+ SSL_CIPHER_description(cipher, buf, sizeof(buf));
+ }
+
+ if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
+ break;
+ }
+ }
+
+ if (i != numCiphers) {
+ SSL_SESSION_set_cipher(lsess, cipher);
+ for (i = 0; i < 32; i++, b += 0x22) {
+ if (b >= 0x100)
+ b = 0x01;
+ local_psk[i] = b;
+ }
+
+ *id = local_psk;
+ *idlen = 32;
+ *sess = lsess;
+
+ return 1;
+ }
+ else {
+ *id = NULL;
+ *idlen = 0;
+ *sess = NULL;
+ return 0;
+ }
+#else
+ (void)ssl;
+ (void)md;
+ (void)id;
+ (void)idlen;
+ (void)sess;
+
+ return 0;
+#endif
+}
+
+static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
+ const char* hint, char* identity, unsigned int id_max_len,
+ unsigned char* key, unsigned int key_max_len, const char* ciphersuite)
+{
+ int i;
+ int b = 0x01;
+
+ (void)ssl;
+ (void)hint;
+ (void)key_max_len;
+
+ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+ XSTRNCPY(identity, kIdentityStr, id_max_len);
+ XSTRNCAT(identity, ciphersuite + XSTRLEN(ciphersuite) - 6, id_max_len);
+
+ for (i = 0; i < 32; i++, b += 0x22) {
+ if (b >= 0x100)
+ b = 0x01;
+ key[i] = b;
+ }
+
+ return 32; /* length of key in octets or 0 for error */
+}
+
+#endif /* !NO_PSK */
+
+
+#if defined(WOLFSSL_USER_CURRTIME)
+ extern double current_time(int reset);
+
+#elif defined(USE_WINDOWS_API)
+
+ #define WIN32_LEAN_AND_MEAN
+ #include <windows.h>
+
+ static WC_INLINE double current_time(int reset)
+ {
+ static int init = 0;
+ static LARGE_INTEGER freq;
+
+ LARGE_INTEGER count;
+
+ if (!init) {
+ QueryPerformanceFrequency(&freq);
+ init = 1;
+ }
+
+ QueryPerformanceCounter(&count);
+
+ (void)reset;
+ return (double)count.QuadPart / freq.QuadPart;
+ }
+
+#elif defined(WOLFSSL_TIRTOS)
+ extern double current_time();
+#elif defined(WOLFSSL_ZEPHYR)
+ extern double current_time();
+#else
+
+#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS)
+ #include <sys/time.h>
+
+ static WC_INLINE double current_time(int reset)
+ {
+ struct timeval tv;
+ gettimeofday(&tv, 0);
+ (void)reset;
+
+ return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
+ }
+#else
+ extern double current_time(int reset);
+#endif
+#endif /* USE_WINDOWS_API */
+
+
+#if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP)
+static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz,
+ unsigned char* request, int requestSz, unsigned char** response)
+{
+#ifdef TEST_NONBLOCK_CERTS
+ static int ioCbCnt = 0;
+#endif
+
+ (void)ioCtx;
+ (void)url;
+ (void)urlSz;
+ (void)request;
+ (void)requestSz;
+ (void)response;
+
+#ifdef TEST_NONBLOCK_CERTS
+ if (ioCbCnt) {
+ ioCbCnt = 0;
+ return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
+ }
+ else {
+ ioCbCnt = 1;
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+#else
+ return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
+#endif
+}
+
+static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
+{
+ return EmbedOcspRespFree(ioCtx, response);
+}
+#endif
+
+#if !defined(NO_CERTS)
+ #if !defined(NO_FILESYSTEM) || \
+ (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST))
+
+ /* reads file size, allocates buffer, reads into buffer, returns buffer */
+ static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
+ {
+ int ret;
+ long int fileSz;
+ XFILE lFile;
+
+ if (fname == NULL || buf == NULL || bufLen == NULL)
+ return BAD_FUNC_ARG;
+
+ /* set defaults */
+ *buf = NULL;
+ *bufLen = 0;
+
+ /* open file (read-only binary) */
+ lFile = XFOPEN(fname, "rb");
+ if (!lFile) {
+ printf("Error loading %s\n", fname);
+ return BAD_PATH_ERROR;
+ }
+
+ fseek(lFile, 0, SEEK_END);
+ fileSz = (int)ftell(lFile);
+ rewind(lFile);
+ if (fileSz > 0) {
+ *bufLen = (size_t)fileSz;
+ *buf = (byte*)malloc(*bufLen);
+ if (*buf == NULL) {
+ ret = MEMORY_E;
+ printf("Error allocating %lu bytes\n", (unsigned long)*bufLen);
+ }
+ else {
+ size_t readLen = fread(*buf, *bufLen, 1, lFile);
+
+ /* check response code */
+ ret = (readLen > 0) ? 0 : -1;
+ }
+ }
+ else {
+ ret = BUFFER_E;
+ }
+ fclose(lFile);
+
+ return ret;
+ }
+
+ enum {
+ WOLFSSL_CA = 1,
+ WOLFSSL_CERT = 2,
+ WOLFSSL_KEY = 3,
+ WOLFSSL_CERT_CHAIN = 4,
+ };
+
+ static WC_INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
+ {
+ int format = WOLFSSL_FILETYPE_PEM;
+ byte* buff = NULL;
+ size_t sz = 0;
+
+ if (load_file(fname, &buff, &sz) != 0) {
+ err_sys("can't open file for buffer load "
+ "Please run from wolfSSL home directory if not");
+ }
+
+ /* determine format */
+ if (strstr(fname, ".der"))
+ format = WOLFSSL_FILETYPE_ASN1;
+
+ if (type == WOLFSSL_CA) {
+ if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load buffer ca file");
+ }
+ else if (type == WOLFSSL_CERT) {
+ if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz,
+ format) != WOLFSSL_SUCCESS)
+ err_sys("can't load buffer cert file");
+ }
+ else if (type == WOLFSSL_KEY) {
+ if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz,
+ format) != WOLFSSL_SUCCESS)
+ err_sys("can't load buffer key file");
+ }
+ else if (type == WOLFSSL_CERT_CHAIN) {
+ if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff,
+ (long)sz, format) != WOLFSSL_SUCCESS)
+ err_sys("can't load cert chain buffer");
+ }
+
+ if (buff)
+ free(buff);
+ }
+
+ static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type)
+ {
+ int format = WOLFSSL_FILETYPE_PEM;
+ byte* buff = NULL;
+ size_t sz = 0;
+
+ if (load_file(fname, &buff, &sz) != 0) {
+ err_sys("can't open file for buffer load "
+ "Please run from wolfSSL home directory if not");
+ }
+
+ /* determine format */
+ if (strstr(fname, ".der"))
+ format = WOLFSSL_FILETYPE_ASN1;
+
+ if (type == WOLFSSL_CA) {
+ /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */
+ WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl);
+ if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load buffer ca file");
+ }
+ else if (type == WOLFSSL_CERT) {
+ if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz,
+ format) != WOLFSSL_SUCCESS)
+ err_sys("can't load buffer cert file");
+ }
+ else if (type == WOLFSSL_KEY) {
+ if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz,
+ format) != WOLFSSL_SUCCESS)
+ err_sys("can't load buffer key file");
+ }
+ else if (type == WOLFSSL_CERT_CHAIN) {
+ if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff,
+ (long)sz, format) != WOLFSSL_SUCCESS)
+ err_sys("can't load cert chain buffer");
+ }
+
+ if (buff)
+ free(buff);
+ }
+
+ #ifdef TEST_PK_PRIVKEY
+ static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen)
+ {
+ int ret;
+ byte* buf = NULL;
+ size_t bufLen;
+
+ ret = load_file(fname, &buf, &bufLen);
+ if (ret != 0)
+ return ret;
+
+ *derBuf = (byte*)malloc(bufLen);
+ if (*derBuf == NULL) {
+ free(buf);
+ return MEMORY_E;
+ }
+
+ ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
+ if (ret < 0) {
+ free(buf);
+ free(*derBuf);
+ return ret;
+ }
+ *derLen = ret;
+ free(buf);
+
+ return 0;
+ }
+ #endif /* TEST_PK_PRIVKEY */
+
+ #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
+#endif /* !NO_CERTS */
+
+enum {
+ VERIFY_OVERRIDE_ERROR,
+ VERIFY_FORCE_FAIL,
+ VERIFY_USE_PREVERFIY,
+ VERIFY_OVERRIDE_DATE_ERR,
+};
+static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
+
+/* The verify callback is called for every certificate only when
+ * --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and
+ * WOLFSSL_VERIFY_CB_ALL_CERTS.
+ * Normal cases of the verify callback only occur on certificate failures when the
+ * wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, myVerifyCb); is called
+*/
+
+static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
+{
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ WOLFSSL_X509* peer;
+#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
+ WOLFSSL_BIO* bio = NULL;
+ WOLFSSL_STACK* sk = NULL;
+ X509* x509 = NULL;
+ int i = 0;
+#endif
+#endif
+ (void)preverify;
+
+ /* Verify Callback Arguments:
+ * preverify: 1=Verify Okay, 0=Failure
+ * store->error: Failure error code (0 indicates no failure)
+ * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
+ * store->error_depth: Current Index
+ * store->domain: Subject CN as string (null term)
+ * store->totalCerts: Number of certs presented by peer
+ * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
+ * store->store: WOLFSSL_X509_STORE with CA cert chain
+ * store->store->cm: WOLFSSL_CERT_MANAGER
+ * store->ex_data: The WOLFSSL object pointer
+ * store->discardSessionCerts: When set to non-zero value session certs
+ will be discarded (only with SESSION_CERTS)
+ */
+
+ printf("In verification callback, error = %d, %s\n", store->error,
+ wolfSSL_ERR_error_string(store->error, buffer));
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ peer = store->current_cert;
+ if (peer) {
+ char* issuer = wolfSSL_X509_NAME_oneline(
+ wolfSSL_X509_get_issuer_name(peer), 0, 0);
+ char* subject = wolfSSL_X509_NAME_oneline(
+ wolfSSL_X509_get_subject_name(peer), 0, 0);
+ printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
+ subject);
+ XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+ XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
+#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
+ /* avoid printing duplicate certs */
+ if (store->depth == 1) {
+ /* retrieve x509 certs and display them on stdout */
+ sk = wolfSSL_X509_STORE_GetCerts(store);
+
+ for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
+ x509 = wolfSSL_sk_X509_value(sk, i);
+ bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
+ if (bio != NULL) {
+ wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
+ wolfSSL_X509_print(bio, x509);
+ wolfSSL_BIO_free(bio);
+ }
+ }
+ wolfSSL_sk_X509_free(sk);
+ }
+#endif
+ }
+ else
+ printf("\tPeer has no cert!\n");
+#else
+ printf("\tPeer certs: %d\n", store->totalCerts);
+ #ifdef SHOW_CERTS
+ { int i;
+ for (i=0; i<store->totalCerts; i++) {
+ WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
+ printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
+ }
+ }
+ #endif /* SHOW_CERTS */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+ printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
+
+ /* Testing forced fail case by return zero */
+ if (myVerifyAction == VERIFY_FORCE_FAIL) {
+ return 0; /* test failure case */
+ }
+
+ if (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR &&
+ (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E)) {
+ printf("Overriding cert date error as example for bad clock testing\n");
+ return 1;
+ }
+
+ /* If error indicate we are overriding it for testing purposes */
+ if (store->error != 0 && myVerifyAction == VERIFY_OVERRIDE_ERROR) {
+ printf("\tAllowing failed certificate check, testing only "
+ "(shouldn't do this in production)\n");
+ }
+
+ /* A non-zero return code indicates failure override */
+ return (myVerifyAction == VERIFY_OVERRIDE_ERROR) ? 1 : preverify;
+}
+
+
+#ifdef HAVE_EXT_CACHE
+
+static WC_INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id,
+ int id_len, int* copy)
+{
+ (void)ssl;
+ (void)id;
+ (void)id_len;
+ (void)copy;
+
+ /* using internal cache, this is for testing only */
+ return NULL;
+}
+
+static WC_INLINE int mySessNewCb(WOLFSSL* ssl, WOLFSSL_SESSION* session)
+{
+ (void)ssl;
+ (void)session;
+
+ /* using internal cache, this is for testing only */
+ return 0;
+}
+
+static WC_INLINE void mySessRemCb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
+{
+ (void)ctx;
+ (void)session;
+
+ /* using internal cache, this is for testing only */
+}
+
+#endif /* HAVE_EXT_CACHE */
+
+
+#ifdef HAVE_CRL
+
+static WC_INLINE void CRL_CallBack(const char* url)
+{
+ printf("CRL callback url = %s\n", url);
+}
+
+#endif
+
+#ifndef NO_DH
+static WC_INLINE void SetDH(WOLFSSL* ssl)
+{
+ /* dh1024 p */
+ static const unsigned char p[] =
+ {
+ 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+ 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+ 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+ 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+ 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+ 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+ 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+ 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+ 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+ 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+ 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+ };
+
+ /* dh1024 g */
+ static const unsigned char g[] =
+ {
+ 0x02,
+ };
+
+ wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
+}
+
+static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
+{
+ /* dh1024 p */
+ static const unsigned char p[] =
+ {
+ 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+ 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+ 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+ 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+ 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+ 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+ 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+ 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+ 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+ 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+ 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+ };
+
+ /* dh1024 g */
+ static const unsigned char g[] =
+ {
+ 0x02,
+ };
+
+ wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
+}
+#endif /* NO_DH */
+
+#ifndef NO_CERTS
+
+static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
+{
+ (void)der;
+ printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
+}
+
+#endif /* !NO_CERTS */
+
+
+/* Wolf Root Directory Helper */
+/* KEIL-RL File System does not support relative directory */
+#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS)
+ /* Maximum depth to search for WolfSSL root */
+ #define MAX_WOLF_ROOT_DEPTH 5
+
+ static WC_INLINE int ChangeToWolfRoot(void)
+ {
+ #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
+ int depth, res;
+ XFILE keyFile;
+ for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
+ keyFile = XFOPEN(ntruKeyFile, "rb");
+ if (keyFile != NULL) {
+ fclose(keyFile);
+ return depth;
+ }
+ #ifdef USE_WINDOWS_API
+ res = SetCurrentDirectoryA("..\\");
+ #else
+ res = chdir("../");
+ #endif
+ if (res < 0) {
+ printf("chdir to ../ failed!\n");
+ break;
+ }
+ }
+
+ err_sys("wolf root not found");
+ return -1;
+ #else
+ return 0;
+ #endif
+ }
+#endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */
+
+#ifdef HAVE_STACK_SIZE
+
+typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
+#define STACK_CHECK_VAL 0x01
+
+struct stack_size_debug_context {
+ unsigned char *myStack;
+ size_t stackSize;
+#ifdef HAVE_STACK_SIZE_VERBOSE
+ size_t *stackSizeHWM_ptr;
+ thread_func fn;
+ void *args;
+#endif
+};
+
+#ifdef HAVE_STACK_SIZE_VERBOSE
+
+/* per-subtest stack high water mark tracking.
+ *
+ * enable with
+ *
+ * ./configure --enable-stacksize=verbose [...]
+ */
+
+static THREAD_RETURN debug_stack_size_verbose_shim(struct stack_size_debug_context *shim_args) {
+ StackSizeCheck_myStack = shim_args->myStack;
+ StackSizeCheck_stackSize = shim_args->stackSize;
+ StackSizeCheck_stackSizeHWM_ptr = shim_args->stackSizeHWM_ptr;
+ return shim_args->fn(shim_args->args);
+}
+
+static WC_INLINE int StackSizeSetOffset(const char *funcname, void *p)
+{
+ if (StackSizeCheck_myStack == NULL)
+ return -BAD_FUNC_ARG;
+
+ StackSizeCheck_stackOffsetPointer = p;
+
+ printf("setting stack relative offset reference mark in %s to +%lu\n",
+ funcname, (unsigned long)((char*)(StackSizeCheck_myStack +
+ StackSizeCheck_stackSize) - (char *)p));
+
+ return 0;
+}
+
+static WC_INLINE ssize_t StackSizeHWM(void)
+{
+ size_t i;
+ ssize_t used;
+
+ if (StackSizeCheck_myStack == NULL)
+ return -BAD_FUNC_ARG;
+
+ for (i = 0; i < StackSizeCheck_stackSize; i++) {
+ if (StackSizeCheck_myStack[i] != STACK_CHECK_VAL) {
+ break;
+ }
+ }
+
+ used = StackSizeCheck_stackSize - i;
+ if ((ssize_t)*StackSizeCheck_stackSizeHWM_ptr < used)
+ *StackSizeCheck_stackSizeHWM_ptr = used;
+
+ return used;
+}
+
+static WC_INLINE ssize_t StackSizeHWM_OffsetCorrected(void)
+{
+ ssize_t used = StackSizeHWM();
+ if (used < 0)
+ return used;
+ if (StackSizeCheck_stackOffsetPointer)
+ used -= (ssize_t)(((char *)StackSizeCheck_myStack + StackSizeCheck_stackSize) - (char *)StackSizeCheck_stackOffsetPointer);
+ return used;
+}
+
+static
+#ifdef __GNUC__
+__attribute__((unused)) __attribute__((noinline))
+#endif
+int StackSizeHWMReset(void)
+{
+ volatile ssize_t i;
+
+ if (StackSizeCheck_myStack == NULL)
+ return -BAD_FUNC_ARG;
+
+ for (i = (ssize_t)((char *)&i - (char *)StackSizeCheck_myStack) - (ssize_t)sizeof i - 1; i >= 0; --i)
+ {
+ StackSizeCheck_myStack[i] = STACK_CHECK_VAL;
+ }
+
+ return 0;
+}
+
+#define STACK_SIZE_CHECKPOINT(...) ({ \
+ ssize_t HWM = StackSizeHWM_OffsetCorrected(); \
+ __VA_ARGS__; \
+ printf(" relative stack peak usage = %ld bytes\n", HWM); \
+ StackSizeHWMReset(); \
+ })
+
+#define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) ({ \
+ ssize_t HWM = StackSizeHWM_OffsetCorrected(); \
+ int _ret; \
+ __VA_ARGS__; \
+ printf(" relative stack peak usage = %ld bytes\n", HWM); \
+ _ret = StackSizeHWMReset(); \
+ if ((max >= 0) && (HWM > (ssize_t)(max))) { \
+ printf(" relative stack usage at %s L%d exceeds designated max %ld bytes.\n", __FILE__, __LINE__, (ssize_t)(max)); \
+ _ret = -1; \
+ } \
+ _ret; \
+ })
+
+
+#ifdef __GNUC__
+#define STACK_SIZE_INIT() (void)StackSizeSetOffset(__FUNCTION__, __builtin_frame_address(0))
+#endif
+
+#endif /* HAVE_STACK_SIZE_VERBOSE */
+
+static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
+{
+ size_t i;
+ int ret;
+ void* status;
+ unsigned char* myStack = NULL;
+ size_t stackSize = 1024*1024;
+ pthread_attr_t myAttr;
+ pthread_t threadId;
+#ifdef HAVE_STACK_SIZE_VERBOSE
+ struct stack_size_debug_context shim_args;
+#endif
+
+#ifdef PTHREAD_STACK_MIN
+ if (stackSize < PTHREAD_STACK_MIN)
+ stackSize = PTHREAD_STACK_MIN;
+#endif
+
+ ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+ if (ret != 0 || myStack == NULL)
+ err_sys_with_errno("posix_memalign failed\n");
+
+ XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
+
+ ret = pthread_attr_init(&myAttr);
+ if (ret != 0)
+ err_sys("attr_init failed");
+
+ ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
+ if (ret != 0)
+ err_sys("attr_setstackaddr failed");
+
+#ifdef HAVE_STACK_SIZE_VERBOSE
+ StackSizeCheck_stackSizeHWM = 0;
+ shim_args.myStack = myStack;
+ shim_args.stackSize = stackSize;
+ shim_args.stackSizeHWM_ptr = &StackSizeCheck_stackSizeHWM;
+ shim_args.fn = tf;
+ shim_args.args = args;
+ ret = pthread_create(&threadId, &myAttr, (thread_func)debug_stack_size_verbose_shim, (void *)&shim_args);
+#else
+ ret = pthread_create(&threadId, &myAttr, tf, args);
+#endif
+ if (ret != 0) {
+ perror("pthread_create failed");
+ exit(EXIT_FAILURE);
+ }
+
+ ret = pthread_join(threadId, &status);
+ if (ret != 0)
+ err_sys("pthread_join failed");
+
+ for (i = 0; i < stackSize; i++) {
+ if (myStack[i] != STACK_CHECK_VAL) {
+ break;
+ }
+ }
+
+ free(myStack);
+#ifdef HAVE_STACK_SIZE_VERBOSE
+ printf("stack used = %lu\n", StackSizeCheck_stackSizeHWM > (stackSize - i)
+ ? (unsigned long)StackSizeCheck_stackSizeHWM
+ : (unsigned long)(stackSize - i));
+#else
+ {
+ size_t used = stackSize - i;
+ printf("stack used = %lu\n", (unsigned long)used);
+ }
+#endif
+
+ return (int)((size_t)status);
+}
+
+static WC_INLINE int StackSizeCheck_launch(func_args* args, thread_func tf, pthread_t *threadId, void **stack_context)
+{
+ int ret;
+ unsigned char* myStack = NULL;
+ size_t stackSize = 1024*1024;
+ pthread_attr_t myAttr;
+
+#ifdef PTHREAD_STACK_MIN
+ if (stackSize < PTHREAD_STACK_MIN)
+ stackSize = PTHREAD_STACK_MIN;
+#endif
+
+ struct stack_size_debug_context *shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args);
+ if (! shim_args) {
+ perror("malloc");
+ exit(EXIT_FAILURE);
+ }
+
+ ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+ if (ret != 0 || myStack == NULL)
+ err_sys_with_errno("posix_memalign failed\n");
+
+ XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
+
+ ret = pthread_attr_init(&myAttr);
+ if (ret != 0)
+ err_sys("attr_init failed");
+
+ ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
+ if (ret != 0)
+ err_sys("attr_setstackaddr failed");
+
+ shim_args->myStack = myStack;
+ shim_args->stackSize = stackSize;
+#ifdef HAVE_STACK_SIZE_VERBOSE
+ shim_args->stackSizeHWM_ptr = &StackSizeCheck_stackSizeHWM;
+ shim_args->fn = tf;
+ shim_args->args = args;
+ ret = pthread_create(threadId, &myAttr, (thread_func)debug_stack_size_verbose_shim, (void *)shim_args);
+#else
+ ret = pthread_create(threadId, &myAttr, tf, args);
+#endif
+ if (ret != 0) {
+ fprintf(stderr,"pthread_create failed: %s",strerror(ret));
+ exit(EXIT_FAILURE);
+ }
+
+ *stack_context = (void *)shim_args;
+
+ return 0;
+}
+
+static WC_INLINE int StackSizeCheck_reap(pthread_t threadId, void *stack_context)
+{
+ struct stack_size_debug_context *shim_args = (struct stack_size_debug_context *)stack_context;
+ size_t i;
+ void *status;
+ int ret = pthread_join(threadId, &status);
+ if (ret != 0)
+ err_sys("pthread_join failed");
+
+ for (i = 0; i < shim_args->stackSize; i++) {
+ if (shim_args->myStack[i] != STACK_CHECK_VAL) {
+ break;
+ }
+ }
+
+ free(shim_args->myStack);
+#ifdef HAVE_STACK_SIZE_VERBOSE
+ printf("stack used = %lu\n",
+ *shim_args->stackSizeHWM_ptr > (shim_args->stackSize - i)
+ ? (unsigned long)*shim_args->stackSizeHWM_ptr
+ : (unsigned long)(shim_args->stackSize - i));
+#else
+ {
+ size_t used = shim_args->stackSize - i;
+ printf("stack used = %lu\n", (unsigned long)used);
+ }
+#endif
+ free(shim_args);
+
+ return (int)((size_t)status);
+}
+
+
+#endif /* HAVE_STACK_SIZE */
+
+#ifndef STACK_SIZE_CHECKPOINT
+#define STACK_SIZE_CHECKPOINT(...) (__VA_ARGS__)
+#endif
+#ifndef STACK_SIZE_INIT
+#define STACK_SIZE_INIT()
+#endif
+
+#ifdef STACK_TRAP
+
+/* good settings
+ --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
+
+*/
+
+#ifdef HAVE_STACK_SIZE
+ /* client only for now, setrlimit will fail if pthread_create() called */
+ /* STACK_SIZE does pthread_create() on client */
+ #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
+#endif /* HAVE_STACK_SIZE */
+
+static WC_INLINE void StackTrap(void)
+{
+ struct rlimit rl;
+ if (getrlimit(RLIMIT_STACK, &rl) != 0)
+ err_sys_with_errno("getrlimit failed");
+ printf("rlim_cur = %llu\n", rl.rlim_cur);
+ rl.rlim_cur = 1024*21; /* adjust trap size here */
+ if (setrlimit(RLIMIT_STACK, &rl) != 0)
+ err_sys_with_errno("setrlimit failed");
+}
+
+#else /* STACK_TRAP */
+
+static WC_INLINE void StackTrap(void)
+{
+}
+
+#endif /* STACK_TRAP */
+
+
+#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
+
+/* Atomic Encrypt Context example */
+typedef struct AtomicEncCtx {
+ int keySetup; /* have we done key setup yet */
+ Aes aes; /* for aes example */
+} AtomicEncCtx;
+
+
+/* Atomic Decrypt Context example */
+typedef struct AtomicDecCtx {
+ int keySetup; /* have we done key setup yet */
+ Aes aes; /* for aes example */
+} AtomicDecCtx;
+
+
+static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
+ const unsigned char* macIn, unsigned int macInSz, int macContent,
+ int macVerify, unsigned char* encOut, const unsigned char* encIn,
+ unsigned int encSz, void* ctx)
+{
+ int ret;
+ Hmac hmac;
+ byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
+ AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
+ const char* tlsStr = "TLS";
+
+ /* example supports (d)tls aes */
+ if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
+ printf("myMacEncryptCb not using AES\n");
+ return -1;
+ }
+
+ if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
+ printf("myMacEncryptCb not using (D)TLS\n");
+ return -1;
+ }
+
+ /* hmac, not needed if aead mode */
+ wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
+
+ ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
+ wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, macIn, macInSz);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacFinal(&hmac, macOut);
+ if (ret != 0)
+ return ret;
+
+
+ /* encrypt setup on first time */
+ if (encCtx->keySetup == 0) {
+ int keyLen = wolfSSL_GetKeySize(ssl);
+ const byte* key;
+ const byte* iv;
+
+ if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
+ key = wolfSSL_GetClientWriteKey(ssl);
+ iv = wolfSSL_GetClientWriteIV(ssl);
+ }
+ else {
+ key = wolfSSL_GetServerWriteKey(ssl);
+ iv = wolfSSL_GetServerWriteIV(ssl);
+ }
+
+ ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
+ if (ret != 0) {
+ printf("AesSetKey failed in myMacEncryptCb\n");
+ return ret;
+ }
+ encCtx->keySetup = 1;
+ }
+
+ /* encrypt */
+ return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
+}
+
+
+static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
+ unsigned char* decOut, const unsigned char* decIn,
+ unsigned int decSz, int macContent, int macVerify,
+ unsigned int* padSz, void* ctx)
+{
+ AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
+ int ret = 0;
+ int macInSz = 0;
+ int ivExtra = 0;
+ int digestSz = wolfSSL_GetHmacSize(ssl);
+ unsigned int pad = 0;
+ unsigned int padByte = 0;
+ Hmac hmac;
+ byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
+ byte verify[WC_MAX_DIGEST_SIZE];
+ const char* tlsStr = "TLS";
+
+ /* example supports (d)tls aes */
+ if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
+ printf("myMacEncryptCb not using AES\n");
+ return -1;
+ }
+
+ if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
+ printf("myMacEncryptCb not using (D)TLS\n");
+ return -1;
+ }
+
+ /*decrypt */
+ if (decCtx->keySetup == 0) {
+ int keyLen = wolfSSL_GetKeySize(ssl);
+ const byte* key;
+ const byte* iv;
+
+ /* decrypt is from other side (peer) */
+ if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+ key = wolfSSL_GetClientWriteKey(ssl);
+ iv = wolfSSL_GetClientWriteIV(ssl);
+ }
+ else {
+ key = wolfSSL_GetServerWriteKey(ssl);
+ iv = wolfSSL_GetServerWriteIV(ssl);
+ }
+
+ ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
+ if (ret != 0) {
+ printf("AesSetKey failed in myDecryptVerifyCb\n");
+ return ret;
+ }
+ decCtx->keySetup = 1;
+ }
+
+ /* decrypt */
+ ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
+ if (ret != 0)
+ return ret;
+
+ if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
+ *padSz = wolfSSL_GetAeadMacSize(ssl);
+ return 0; /* hmac, not needed if aead mode */
+ }
+
+ if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
+ pad = *(decOut + decSz - 1);
+ padByte = 1;
+ if (wolfSSL_IsTLSv1_1(ssl))
+ ivExtra = wolfSSL_GetCipherBlockSize(ssl);
+ }
+
+ *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
+ macInSz = decSz - ivExtra - digestSz - pad - padByte;
+
+ wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
+
+ ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
+ wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacFinal(&hmac, verify);
+ if (ret != 0)
+ return ret;
+
+ if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
+ digestSz) != 0) {
+ printf("myDecryptVerify verify failed\n");
+ return -1;
+ }
+
+ return ret;
+}
+
+#if defined(HAVE_ENCRYPT_THEN_MAC)
+
+static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
+ int content, int macVerify, unsigned char* encOut,
+ const unsigned char* encIn, unsigned int encSz, void* ctx)
+{
+ int ret;
+ Hmac hmac;
+ AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
+ byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
+ const char* tlsStr = "TLS";
+
+ /* example supports (d)tls aes */
+ if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
+ printf("myMacEncryptCb not using AES\n");
+ return -1;
+ }
+
+ if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
+ printf("myMacEncryptCb not using (D)TLS\n");
+ return -1;
+ }
+
+ /* encrypt setup on first time */
+ if (encCtx->keySetup == 0) {
+ int keyLen = wolfSSL_GetKeySize(ssl);
+ const byte* key;
+ const byte* iv;
+
+ if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
+ key = wolfSSL_GetClientWriteKey(ssl);
+ iv = wolfSSL_GetClientWriteIV(ssl);
+ }
+ else {
+ key = wolfSSL_GetServerWriteKey(ssl);
+ iv = wolfSSL_GetServerWriteIV(ssl);
+ }
+
+ ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
+ if (ret != 0) {
+ printf("AesSetKey failed in myMacEncryptCb\n");
+ return ret;
+ }
+ encCtx->keySetup = 1;
+ }
+
+ /* encrypt */
+ ret = wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
+ if (ret != 0)
+ return ret;
+
+ /* Reconstruct record header. */
+ wolfSSL_SetTlsHmacInner(ssl, myInner, encSz, content, macVerify);
+
+ ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
+ wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, encOut, encSz);
+ if (ret != 0)
+ return ret;
+ return wc_HmacFinal(&hmac, macOut);
+}
+
+
+static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
+ unsigned char* decOut, const unsigned char* decIn,
+ unsigned int decSz, int content, int macVerify,
+ unsigned int* padSz, void* ctx)
+{
+ AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
+ int ret = 0;
+ int digestSz = wolfSSL_GetHmacSize(ssl);
+ Hmac hmac;
+ byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
+ byte verify[WC_MAX_DIGEST_SIZE];
+ const char* tlsStr = "TLS";
+
+ /* example supports (d)tls aes */
+ if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
+ printf("myMacEncryptCb not using AES\n");
+ return -1;
+ }
+
+ if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
+ printf("myMacEncryptCb not using (D)TLS\n");
+ return -1;
+ }
+
+ /* Reconstruct record header. */
+ wolfSSL_SetTlsHmacInner(ssl, myInner, decSz, content, macVerify);
+
+ ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
+ wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacUpdate(&hmac, decIn, decSz);
+ if (ret != 0)
+ return ret;
+ ret = wc_HmacFinal(&hmac, verify);
+ if (ret != 0)
+ return ret;
+
+ if (XMEMCMP(verify, decOut + decSz, digestSz) != 0) {
+ printf("myDecryptVerify verify failed\n");
+ return -1;
+ }
+
+ /* decrypt */
+ if (decCtx->keySetup == 0) {
+ int keyLen = wolfSSL_GetKeySize(ssl);
+ const byte* key;
+ const byte* iv;
+
+ /* decrypt is from other side (peer) */
+ if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+ key = wolfSSL_GetClientWriteKey(ssl);
+ iv = wolfSSL_GetClientWriteIV(ssl);
+ }
+ else {
+ key = wolfSSL_GetServerWriteKey(ssl);
+ iv = wolfSSL_GetServerWriteIV(ssl);
+ }
+
+ ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
+ if (ret != 0) {
+ printf("AesSetKey failed in myDecryptVerifyCb\n");
+ return ret;
+ }
+ decCtx->keySetup = 1;
+ }
+
+ /* decrypt */
+ ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
+ if (ret != 0)
+ return ret;
+
+ *padSz = *(decOut + decSz - 1) + 1;
+
+ return 0;
+}
+
+#endif
+
+
+static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+ AtomicEncCtx* encCtx;
+ AtomicDecCtx* decCtx;
+
+ encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
+ if (encCtx == NULL)
+ err_sys_with_errno("AtomicEncCtx malloc failed");
+ XMEMSET(encCtx, 0, sizeof(AtomicEncCtx));
+
+ decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
+ if (decCtx == NULL) {
+ free(encCtx);
+ err_sys_with_errno("AtomicDecCtx malloc failed");
+ }
+ XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
+
+ wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
+ wolfSSL_SetMacEncryptCtx(ssl, encCtx);
+
+ wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
+ wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
+
+#if defined(HAVE_ENCRYPT_THEN_MAC)
+ wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb);
+ wolfSSL_SetEncryptMacCtx(ssl, encCtx);
+
+ wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb);
+ wolfSSL_SetVerifyDecryptCtx(ssl, decCtx);
+#endif
+}
+
+
+static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl)
+{
+ AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl);
+ AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl);
+
+ /* Encrypt-Then-MAC callbacks use same contexts. */
+
+ free(decCtx);
+ free(encCtx);
+}
+
+#endif /* ATOMIC_USER */
+
+#ifdef WOLFSSL_STATIC_MEMORY
+static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
+{
+ word16 i;
+
+ if (stats == NULL) {
+ return 0;
+ }
+
+ /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
+ fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
+ fprintf(stderr, "Total frees = %d\n", stats->totalFr);
+ fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
+ fprintf(stderr, "Available IO = %d\n", stats->avaIO);
+ fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa);
+ fprintf(stderr, "Max con. IO = %d\n", stats->maxIO);
+ fprintf(stderr, "State of memory blocks: size : available \n");
+ for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
+ fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i],
+ stats->avaBlock[i]);
+ }
+
+ return 1;
+}
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+#ifdef HAVE_PK_CALLBACKS
+
+typedef struct PkCbInfo {
+ const char* ourKey;
+#ifdef TEST_PK_PRIVKEY
+ union {
+ #ifdef HAVE_ECC
+ ecc_key ecc;
+ #endif
+ #ifdef HAVE_CURVE25519
+ curve25519_key curve;
+ #endif
+ #ifdef HAVE_CURVE448
+ curve448_key curve;
+ #endif
+ } keyGen;
+#endif
+} PkCbInfo;
+
+#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
+ #define WOLFSSL_PKMSG(_f_, ...) printf(_f_, ##__VA_ARGS__)
+#else
+ #define WOLFSSL_PKMSG(_f_, ...)
+#endif
+
+#ifdef HAVE_ECC
+
+static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
+ int ecc_curve, void* ctx)
+{
+ int ret;
+ WC_RNG rng;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+ ecc_key* new_key;
+#ifdef TEST_PK_PRIVKEY
+ byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
+ word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
+
+ new_key = &cbInfo->keyGen.ecc;
+#else
+ new_key = key;
+#endif
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve);
+
+ ret = wc_InitRng(&rng);
+ if (ret != 0)
+ return ret;
+
+ ret = wc_ecc_init(new_key);
+ if (ret == 0) {
+ /* create new key */
+ ret = wc_ecc_make_key_ex(&rng, keySz, new_key, ecc_curve);
+
+ #ifdef TEST_PK_PRIVKEY
+ if (ret == 0) {
+ /* extract public portion from new key into `key` arg */
+ ret = wc_ecc_export_public_raw(new_key, qx, &qxLen, qy, &qyLen);
+ if (ret == 0) {
+ /* load public portion only into key */
+ ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ecc_curve);
+ }
+ (void)qxLen;
+ (void)qyLen;
+ }
+ #endif
+ }
+
+ WOLFSSL_PKMSG("PK ECC KeyGen: ret %d\n", ret);
+
+ wc_FreeRng(&rng);
+
+ return ret;
+}
+
+static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
+ byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ WC_RNG rng;
+ word32 idx = 0;
+ ecc_key myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ ret = wc_InitRng(&rng);
+ if (ret != 0)
+ return ret;
+
+ ret = wc_ecc_init(&myKey);
+ if (ret == 0) {
+ ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0) {
+ WOLFSSL_PKMSG("PK ECC Sign: Curve ID %d\n", myKey.dp->id);
+ ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
+ }
+ wc_ecc_free(&myKey);
+ }
+ wc_FreeRng(&rng);
+
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz);
+
+ return ret;
+}
+
+
+static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
+ const byte* hash, word32 hashSz, const byte* key, word32 keySz,
+ int* result, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ ecc_key myKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz);
+
+ ret = wc_ecc_init(&myKey);
+ if (ret == 0) {
+ ret = wc_EccPublicKeyDecode(key, &idx, &myKey, keySz);
+ if (ret == 0)
+ ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
+ wc_ecc_free(&myKey);
+ }
+
+ WOLFSSL_PKMSG("PK ECC Verify: ret %d, result %d\n", ret, *result);
+
+ return ret;
+}
+
+static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
+ unsigned char* pubKeyDer, unsigned int* pubKeySz,
+ unsigned char* out, unsigned int* outlen,
+ int side, void* ctx)
+{
+ int ret;
+ ecc_key* privKey = NULL;
+ ecc_key* pubKey = NULL;
+ ecc_key tmpKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
+ side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
+
+ ret = wc_ecc_init(&tmpKey);
+ if (ret != 0) {
+ return ret;
+ }
+
+ /* for client: create and export public key */
+ if (side == WOLFSSL_CLIENT_END) {
+ WC_RNG rng;
+
+ privKey = &tmpKey;
+ pubKey = otherKey;
+
+ ret = wc_InitRng(&rng);
+ if (ret == 0) {
+ ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (ret == WC_PENDING_E) {
+ ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE);
+ }
+ #endif
+ if (ret == 0)
+ ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
+ wc_FreeRng(&rng);
+ }
+ }
+
+ /* for server: import public key */
+ else if (side == WOLFSSL_SERVER_END) {
+ #ifdef TEST_PK_PRIVKEY
+ privKey = &cbInfo->keyGen.ecc;
+ #else
+ privKey = otherKey;
+ #endif
+ pubKey = &tmpKey;
+
+ ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
+ otherKey->dp->id);
+ }
+ else {
+ ret = BAD_FUNC_ARG;
+ }
+
+#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST)
+ if (ret == 0) {
+ ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl));
+ }
+#endif
+
+ /* generate shared secret and return it */
+ if (ret == 0) {
+ ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
+
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (ret == WC_PENDING_E) {
+ ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
+ }
+ #endif
+ }
+
+#ifdef TEST_PK_PRIVKEY
+ if (side == WOLFSSL_SERVER_END) {
+ wc_ecc_free(&cbInfo->keyGen.ecc);
+ }
+#endif
+
+ wc_ecc_free(&tmpKey);
+
+ WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
+
+ return ret;
+}
+
+#endif /* HAVE_ECC */
+
+#ifdef HAVE_ED25519
+static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
+ byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ ed25519_key myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 25519 Sign: inSz %d, keySz %d\n", inSz, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ ret = wc_ed25519_init(&myKey);
+ if (ret == 0) {
+ ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0)
+ ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
+ wc_ed25519_free(&myKey);
+ }
+
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK 25519 Sign: ret %d, outSz %d\n", ret, *outSz);
+
+ return ret;
+}
+
+
+static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
+ const byte* msg, word32 msgSz, const byte* key, word32 keySz,
+ int* result, void* ctx)
+{
+ int ret;
+ ed25519_key myKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 25519 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, keySz);
+
+ ret = wc_ed25519_init(&myKey);
+ if (ret == 0) {
+ ret = wc_ed25519_import_public(key, keySz, &myKey);
+ if (ret == 0) {
+ ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
+ }
+ wc_ed25519_free(&myKey);
+ }
+
+ WOLFSSL_PKMSG("PK 25519 Verify: ret %d, result %d\n", ret, *result);
+
+ return ret;
+}
+#endif /* HAVE_ED25519 */
+
+#ifdef HAVE_CURVE25519
+static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key,
+ unsigned int keySz, void* ctx)
+{
+ int ret;
+ WC_RNG rng;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz);
+
+ ret = wc_InitRng(&rng);
+ if (ret != 0)
+ return ret;
+
+ ret = wc_curve25519_make_key(&rng, keySz, key);
+
+ wc_FreeRng(&rng);
+
+ WOLFSSL_PKMSG("PK 25519 KeyGen: ret %d\n", ret);
+
+ return ret;
+}
+
+static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey,
+ unsigned char* pubKeyDer, unsigned int* pubKeySz,
+ unsigned char* out, unsigned int* outlen,
+ int side, void* ctx)
+{
+ int ret;
+ curve25519_key* privKey = NULL;
+ curve25519_key* pubKey = NULL;
+ curve25519_key tmpKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 25519 PMS: side %s\n",
+ side == WOLFSSL_CLIENT_END ? "client" : "server");
+
+ ret = wc_curve25519_init(&tmpKey);
+ if (ret != 0) {
+ return ret;
+ }
+
+ /* for client: create and export public key */
+ if (side == WOLFSSL_CLIENT_END) {
+ WC_RNG rng;
+
+ privKey = &tmpKey;
+ pubKey = otherKey;
+
+ ret = wc_InitRng(&rng);
+ if (ret == 0) {
+ ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey);
+ if (ret == 0) {
+ ret = wc_curve25519_export_public_ex(privKey, pubKeyDer,
+ pubKeySz, EC25519_LITTLE_ENDIAN);
+ }
+ wc_FreeRng(&rng);
+ }
+ }
+
+ /* for server: import public key */
+ else if (side == WOLFSSL_SERVER_END) {
+ privKey = otherKey;
+ pubKey = &tmpKey;
+
+ ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey,
+ EC25519_LITTLE_ENDIAN);
+ }
+ else {
+ ret = BAD_FUNC_ARG;
+ }
+
+ /* generate shared secret and return it */
+ if (ret == 0) {
+ ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen,
+ EC25519_LITTLE_ENDIAN);
+ }
+
+ wc_curve25519_free(&tmpKey);
+
+ WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n",
+ ret, *pubKeySz, *outlen);
+
+ return ret;
+}
+#endif /* HAVE_CURVE25519 */
+
+#ifdef HAVE_ED448
+static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
+ byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ ed448_key myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 448 Sign: inSz %d, keySz %d\n", inSz, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ ret = wc_ed448_init(&myKey);
+ if (ret == 0) {
+ ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0)
+ ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0);
+ wc_ed448_free(&myKey);
+ }
+
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK 448 Sign: ret %d, outSz %d\n", ret, *outSz);
+
+ return ret;
+}
+
+
+static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
+ const byte* msg, word32 msgSz, const byte* key, word32 keySz,
+ int* result, void* ctx)
+{
+ int ret;
+ ed448_key myKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 448 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz,
+ keySz);
+
+ ret = wc_ed448_init(&myKey);
+ if (ret == 0) {
+ ret = wc_ed448_import_public(key, keySz, &myKey);
+ if (ret == 0) {
+ ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey,
+ NULL, 0);
+ }
+ wc_ed448_free(&myKey);
+ }
+
+ WOLFSSL_PKMSG("PK 448 Verify: ret %d, result %d\n", ret, *result);
+
+ return ret;
+}
+#endif /* HAVE_ED448 */
+
+#ifdef HAVE_CURVE448
+static WC_INLINE int myX448KeyGen(WOLFSSL* ssl, curve448_key* key,
+ unsigned int keySz, void* ctx)
+{
+ int ret;
+ WC_RNG rng;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 448 KeyGen: keySz %d\n", keySz);
+
+ ret = wc_InitRng(&rng);
+ if (ret != 0)
+ return ret;
+
+ ret = wc_curve448_make_key(&rng, keySz, key);
+
+ wc_FreeRng(&rng);
+
+ WOLFSSL_PKMSG("PK 448 KeyGen: ret %d\n", ret);
+
+ return ret;
+}
+
+static WC_INLINE int myX448SharedSecret(WOLFSSL* ssl, curve448_key* otherKey,
+ unsigned char* pubKeyDer, unsigned int* pubKeySz,
+ unsigned char* out, unsigned int* outlen,
+ int side, void* ctx)
+{
+ int ret;
+ curve448_key* privKey = NULL;
+ curve448_key* pubKey = NULL;
+ curve448_key tmpKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK 448 PMS: side %s\n",
+ side == WOLFSSL_CLIENT_END ? "client" : "server");
+
+ ret = wc_curve448_init(&tmpKey);
+ if (ret != 0) {
+ return ret;
+ }
+
+ /* for client: create and export public key */
+ if (side == WOLFSSL_CLIENT_END) {
+ WC_RNG rng;
+
+ privKey = &tmpKey;
+ pubKey = otherKey;
+
+ ret = wc_InitRng(&rng);
+ if (ret == 0) {
+ ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, privKey);
+ if (ret == 0) {
+ ret = wc_curve448_export_public_ex(privKey, pubKeyDer,
+ pubKeySz, EC448_LITTLE_ENDIAN);
+ }
+ wc_FreeRng(&rng);
+ }
+ }
+
+ /* for server: import public key */
+ else if (side == WOLFSSL_SERVER_END) {
+ privKey = otherKey;
+ pubKey = &tmpKey;
+
+ ret = wc_curve448_import_public_ex(pubKeyDer, *pubKeySz, pubKey,
+ EC448_LITTLE_ENDIAN);
+ }
+ else {
+ ret = BAD_FUNC_ARG;
+ }
+
+ /* generate shared secret and return it */
+ if (ret == 0) {
+ ret = wc_curve448_shared_secret_ex(privKey, pubKey, out, outlen,
+ EC448_LITTLE_ENDIAN);
+ }
+
+ wc_curve448_free(&tmpKey);
+
+ WOLFSSL_PKMSG("PK 448 PMS: ret %d, pubKeySz %d, outLen %d\n",
+ ret, *pubKeySz, *outlen);
+
+ return ret;
+}
+#endif /* HAVE_CURVE448 */
+
+#ifndef NO_DH
+static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key,
+ const unsigned char* priv, unsigned int privSz,
+ const unsigned char* pubKeyDer, unsigned int pubKeySz,
+ unsigned char* out, unsigned int* outlen,
+ void* ctx)
+{
+ int ret;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ /* return 0 on success */
+ ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
+
+ WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n",
+ ret, privSz, pubKeySz, *outlen);
+
+ return ret;
+}
+
+#endif /* !NO_DH */
+
+#ifndef NO_RSA
+
+static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
+ byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
+{
+ WC_RNG rng;
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ ret = wc_InitRng(&rng);
+ if (ret != 0)
+ return ret;
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0)
+ ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
+ if (ret > 0) { /* save and convert to 0 success */
+ *outSz = ret;
+ ret = 0;
+ }
+ wc_FreeRsaKey(&myKey);
+ }
+ wc_FreeRng(&rng);
+
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz);
+
+ return ret;
+}
+
+
+static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
+ byte** out, const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz);
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
+ if (ret == 0)
+ ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
+ wc_FreeRsaKey(&myKey);
+ }
+
+ WOLFSSL_PKMSG("PK RSA Verify: ret %d\n", ret);
+
+ return ret;
+}
+
+static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
+ byte** out, const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0)
+ ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
+ wc_FreeRsaKey(&myKey);
+ }
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK RSA SignCheck: ret %d\n", ret);
+
+ return ret;
+}
+
+#ifdef WC_RSA_PSS
+static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
+ byte* out, word32* outSz, int hash, int mgf, const byte* key,
+ word32 keySz, void* ctx)
+{
+ enum wc_HashType hashType = WC_HASH_TYPE_NONE;
+ WC_RNG rng;
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n",
+ inSz, hash, mgf, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ switch (hash) {
+#ifndef NO_SHA256
+ case SHA256h:
+ hashType = WC_HASH_TYPE_SHA256;
+ break;
+#endif
+#ifdef WOLFSSL_SHA384
+ case SHA384h:
+ hashType = WC_HASH_TYPE_SHA384;
+ break;
+#endif
+#ifdef WOLFSSL_SHA512
+ case SHA512h:
+ hashType = WC_HASH_TYPE_SHA512;
+ break;
+#endif
+ }
+
+ ret = wc_InitRng(&rng);
+ if (ret != 0)
+ return ret;
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0) {
+ ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
+ &rng);
+ }
+ if (ret > 0) { /* save and convert to 0 success */
+ *outSz = ret;
+ ret = 0;
+ }
+ wc_FreeRsaKey(&myKey);
+ }
+ wc_FreeRng(&rng);
+
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz);
+
+ return ret;
+}
+
+
+static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
+ byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+ enum wc_HashType hashType = WC_HASH_TYPE_NONE;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n",
+ sigSz, hash, mgf, keySz);
+
+ switch (hash) {
+#ifndef NO_SHA256
+ case SHA256h:
+ hashType = WC_HASH_TYPE_SHA256;
+ break;
+#endif
+#ifdef WOLFSSL_SHA384
+ case SHA384h:
+ hashType = WC_HASH_TYPE_SHA384;
+ break;
+#endif
+#ifdef WOLFSSL_SHA512
+ case SHA512h:
+ hashType = WC_HASH_TYPE_SHA512;
+ break;
+#endif
+ }
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
+ if (ret == 0) {
+ ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
+ &myKey);
+ }
+ wc_FreeRsaKey(&myKey);
+ }
+
+ WOLFSSL_PKMSG("PK RSA PSS Verify: ret %d\n", ret);
+
+ return ret;
+}
+
+static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
+ byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+ enum wc_HashType hashType = WC_HASH_TYPE_NONE;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n",
+ sigSz, hash, mgf, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ switch (hash) {
+#ifndef NO_SHA256
+ case SHA256h:
+ hashType = WC_HASH_TYPE_SHA256;
+ break;
+#endif
+#ifdef WOLFSSL_SHA384
+ case SHA384h:
+ hashType = WC_HASH_TYPE_SHA384;
+ break;
+#endif
+#ifdef WOLFSSL_SHA512
+ case SHA512h:
+ hashType = WC_HASH_TYPE_SHA512;
+ break;
+#endif
+ }
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0) {
+ ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
+ &myKey);
+ }
+ wc_FreeRsaKey(&myKey);
+ }
+
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK RSA PSS SignCheck: ret %d\n", ret);
+
+ return ret;
+}
+#endif
+
+
+static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
+ byte* out, word32* outSz, const byte* key,
+ word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ WC_RNG rng;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz);
+
+ ret = wc_InitRng(&rng);
+ if (ret != 0)
+ return ret;
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
+ if (ret == 0) {
+ ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
+ if (ret > 0) {
+ *outSz = ret;
+ ret = 0; /* reset to success */
+ }
+ }
+ wc_FreeRsaKey(&myKey);
+ }
+ wc_FreeRng(&rng);
+
+ WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz);
+
+ return ret;
+}
+
+static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
+ byte** out,
+ const byte* key, word32 keySz, void* ctx)
+{
+ int ret;
+ word32 idx = 0;
+ RsaKey myKey;
+ byte* keyBuf = (byte*)key;
+ PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+ (void)ssl;
+ (void)cbInfo;
+
+ WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz);
+
+#ifdef TEST_PK_PRIVKEY
+ ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
+ if (ret != 0)
+ return ret;
+#endif
+
+ ret = wc_InitRsaKey(&myKey, NULL);
+ if (ret == 0) {
+ ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
+ if (ret == 0) {
+ #ifdef WC_RSA_BLINDING
+ ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
+ if (ret != 0) {
+ wc_FreeRsaKey(&myKey);
+ return ret;
+ }
+ #endif
+ ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
+ }
+ wc_FreeRsaKey(&myKey);
+ }
+
+#ifdef TEST_PK_PRIVKEY
+ free(keyBuf);
+#endif
+
+ WOLFSSL_PKMSG("PK RSA Dec: ret %d\n", ret);
+
+ return ret;
+}
+
+#endif /* NO_RSA */
+
+static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
+{
+ (void)ctx;
+
+ #ifdef HAVE_ECC
+ wolfSSL_CTX_SetEccKeyGenCb(ctx, myEccKeyGen);
+ wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
+ wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
+ wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret);
+ #endif /* HAVE_ECC */
+ #ifndef NO_DH
+ wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback);
+ #endif
+ #ifdef HAVE_ED25519
+ wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign);
+ wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify);
+ #endif
+ #ifdef HAVE_CURVE25519
+ wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen);
+ wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret);
+ #endif
+ #ifdef HAVE_ED448
+ wolfSSL_CTX_SetEd448SignCb(ctx, myEd448Sign);
+ wolfSSL_CTX_SetEd448VerifyCb(ctx, myEd448Verify);
+ #endif
+ #ifdef HAVE_CURVE448
+ wolfSSL_CTX_SetX448KeyGenCb(ctx, myX448KeyGen);
+ wolfSSL_CTX_SetX448SharedSecretCb(ctx, myX448SharedSecret);
+ #endif
+ #ifndef NO_RSA
+ wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
+ wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
+ wolfSSL_CTX_SetRsaSignCheckCb(ctx, myRsaSignCheck);
+ #ifdef WC_RSA_PSS
+ wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
+ wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify);
+ wolfSSL_CTX_SetRsaPssSignCheckCb(ctx, myRsaPssSignCheck);
+ #endif
+ wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
+ wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
+ #endif /* NO_RSA */
+}
+
+static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx)
+{
+ #ifdef HAVE_ECC
+ wolfSSL_SetEccKeyGenCtx(ssl, myCtx);
+ wolfSSL_SetEccSignCtx(ssl, myCtx);
+ wolfSSL_SetEccVerifyCtx(ssl, myCtx);
+ wolfSSL_SetEccSharedSecretCtx(ssl, myCtx);
+ #endif /* HAVE_ECC */
+ #ifndef NO_DH
+ wolfSSL_SetDhAgreeCtx(ssl, myCtx);
+ #endif
+ #ifdef HAVE_ED25519
+ wolfSSL_SetEd25519SignCtx(ssl, myCtx);
+ wolfSSL_SetEd25519VerifyCtx(ssl, myCtx);
+ #endif
+ #ifdef HAVE_CURVE25519
+ wolfSSL_SetX25519KeyGenCtx(ssl, myCtx);
+ wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx);
+ #endif
+ #ifdef HAVE_ED448
+ wolfSSL_SetEd448SignCtx(ssl, myCtx);
+ wolfSSL_SetEd448VerifyCtx(ssl, myCtx);
+ #endif
+ #ifdef HAVE_CURVE448
+ wolfSSL_SetX448KeyGenCtx(ssl, myCtx);
+ wolfSSL_SetX448SharedSecretCtx(ssl, myCtx);
+ #endif
+ #ifndef NO_RSA
+ wolfSSL_SetRsaSignCtx(ssl, myCtx);
+ wolfSSL_SetRsaVerifyCtx(ssl, myCtx);
+ #ifdef WC_RSA_PSS
+ wolfSSL_SetRsaPssSignCtx(ssl, myCtx);
+ wolfSSL_SetRsaPssVerifyCtx(ssl, myCtx);
+ #endif
+ wolfSSL_SetRsaEncCtx(ssl, myCtx);
+ wolfSSL_SetRsaDecCtx(ssl, myCtx);
+ #endif /* NO_RSA */
+}
+
+#endif /* HAVE_PK_CALLBACKS */
+
+#ifdef USE_WOLFSSL_IO
+static WC_INLINE int SimulateWantWriteIOSendCb(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+ static int wantWriteFlag = 1;
+
+ int sent;
+ int sd = *(int*)ctx;
+
+ (void)ssl;
+
+ if (!wantWriteFlag)
+ {
+ wantWriteFlag = 1;
+
+ sent = wolfIO_Send(sd, buf, sz, 0);
+ if (sent < 0) {
+ int err = errno;
+
+ if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ }
+ else if (err == SOCKET_ECONNRESET) {
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (err == SOCKET_EINTR) {
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (err == SOCKET_EPIPE) {
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else {
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+
+ return sent;
+ }
+ else
+ {
+ wantWriteFlag = 0;
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ }
+}
+#endif /* USE_WOLFSSL_IO */
+
+#if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
+ || defined(_MSC_VER)
+
+/* HP/UX doesn't have strsep, needed by test/suites.c */
+static WC_INLINE char* strsep(char **stringp, const char *delim)
+{
+ char* start;
+ char* end;
+
+ start = *stringp;
+ if (start == NULL)
+ return NULL;
+
+ if ((end = strpbrk(start, delim))) {
+ *end++ = '\0';
+ *stringp = end;
+ } else {
+ *stringp = NULL;
+ }
+
+ return start;
+}
+
+#endif /* __hpux__ and others */
+
+/* Create unique filename, len is length of tempfn name, assuming
+ len does not include null terminating character,
+ num is number of characters in tempfn name to randomize */
+static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
+{
+ int x, size;
+ static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz";
+ WC_RNG rng;
+ byte out;
+
+ if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
+ printf("Bad input\n");
+ return NULL;
+ }
+
+ size = len - 1;
+
+ if (wc_InitRng(&rng) != 0) {
+ printf("InitRng failed\n");
+ return NULL;
+ }
+
+ for (x = size; x > size - num; x--) {
+ if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
+ printf("RNG_GenerateBlock failed\n");
+ return NULL;
+ }
+ tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
+ }
+ tempfn[len] = '\0';
+
+ wc_FreeRng(&rng);
+ (void)rng; /* for WC_NO_RNG case */
+
+ return tempfn;
+}
+
+
+
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
+ defined(HAVE_AESGCM))
+
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+ #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+ #define WOLFSSL_TICKET_KEY_SZ CHACHA20_POLY1305_AEAD_KEYSIZE
+#elif defined(HAVE_AESGCM)
+ #include <wolfssl/wolfcrypt/aes.h>
+ #include <wolfssl/wolfcrypt/wc_encrypt.h> /* AES IV sizes in FIPS mode */
+ #define WOLFSSL_TICKET_KEY_SZ AES_256_KEY_SIZE
+#endif
+
+ typedef struct key_ctx {
+ byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
+ byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
+ } key_ctx;
+
+ static THREAD_LS_T key_ctx myKey_ctx;
+ static THREAD_LS_T WC_RNG myKey_rng;
+
+ static WC_INLINE int TicketInit(void)
+ {
+ int ret = wc_InitRng(&myKey_rng);
+ if (ret != 0) return ret;
+
+ ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key));
+ if (ret != 0) return ret;
+
+ ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name));
+ if (ret != 0) return ret;
+
+ return 0;
+ }
+
+ static WC_INLINE void TicketCleanup(void)
+ {
+ wc_FreeRng(&myKey_rng);
+ }
+
+ static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
+ byte key_name[WOLFSSL_TICKET_NAME_SZ],
+ byte iv[WOLFSSL_TICKET_IV_SZ],
+ byte mac[WOLFSSL_TICKET_MAC_SZ],
+ int enc, byte* ticket, int inLen, int* outLen,
+ void* userCtx)
+ {
+ int ret;
+ word16 sLen = XHTONS(inLen);
+ byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
+ int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
+ byte* tmp = aad;
+ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+ /* chahca20/poly1305 */
+ #elif defined(HAVE_AESGCM)
+ Aes aes;
+ #endif
+
+ (void)ssl;
+ (void)userCtx;
+
+ /* encrypt */
+ if (enc) {
+ XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
+
+ ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ);
+ if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+
+ /* build aad from key name, iv, and length */
+ XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
+ tmp += WOLFSSL_TICKET_NAME_SZ;
+ XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
+ tmp += WOLFSSL_TICKET_IV_SZ;
+ XMEMCPY(tmp, &sLen, sizeof(sLen));
+
+ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+ ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
+ aad, aadSz,
+ ticket, inLen,
+ ticket,
+ mac);
+ #elif defined(HAVE_AESGCM)
+ ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
+ if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+
+ ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
+ if (ret == 0) {
+ ret = wc_AesGcmEncrypt(&aes, ticket, ticket, inLen,
+ iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
+ aad, aadSz);
+ }
+ wc_AesFree(&aes);
+ #endif
+
+ if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+ *outLen = inLen; /* no padding in this mode */
+ }
+ /* decrypt */
+ else {
+ /* see if we know this key */
+ if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
+ printf("client presented unknown ticket key name %s\n", key_name);
+ return WOLFSSL_TICKET_RET_FATAL;
+ }
+
+ /* build aad from key name, iv, and length */
+ XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
+ tmp += WOLFSSL_TICKET_NAME_SZ;
+ XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
+ tmp += WOLFSSL_TICKET_IV_SZ;
+ XMEMCPY(tmp, &sLen, sizeof(sLen));
+
+ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+ ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
+ aad, aadSz,
+ ticket, inLen,
+ mac,
+ ticket);
+ #elif defined(HAVE_AESGCM)
+ ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
+ if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+
+ ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
+ if (ret == 0) {
+ ret = wc_AesGcmDecrypt(&aes, ticket, ticket, inLen,
+ iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
+ aad, aadSz);
+ }
+ wc_AesFree(&aes);
+ #endif
+
+ if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+ *outLen = inLen; /* no padding in this mode */
+ }
+
+ return WOLFSSL_TICKET_RET_OK;
+ }
+
+#endif /* HAVE_SESSION_TICKET && ((HAVE_CHACHA && HAVE_POLY1305) || HAVE_AESGCM) */
+
+
+static WC_INLINE word16 GetRandomPort(void)
+{
+ word16 port = 0;
+
+ /* Generate random port for testing */
+ WC_RNG rng;
+ if (wc_InitRng(&rng) == 0) {
+ if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) {
+ port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
+ }
+ wc_FreeRng(&rng);
+ }
+ (void)rng; /* for WC_NO_RNG case */
+ return port;
+}
+
+#ifdef WOLFSSL_EARLY_DATA
+static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl)
+{
+ int earlyData_status;
+#ifdef OPENSSL_EXTRA
+ earlyData_status = SSL_get_early_data_status(ssl);
+#else
+ earlyData_status = wolfSSL_get_early_data_status(ssl);
+#endif
+ if (earlyData_status < 0) return;
+
+ printf("Early Data was ");
+
+ switch(earlyData_status) {
+ case WOLFSSL_EARLY_DATA_NOT_SENT:
+ printf("not sent.\n");
+ break;
+ case WOLFSSL_EARLY_DATA_REJECTED:
+ printf("rejected.\n");
+ break;
+ case WOLFSSL_EARLY_DATA_ACCEPTED:
+ printf("accepted\n");
+ break;
+ default:
+ printf("unknown...\n");
+ }
+}
+#endif /* WOLFSSL_EARLY_DATA */
+
+#endif /* wolfSSL_TEST_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/version.h b/ap/lib/libwolfssl/install/include/wolfssl/version.h
new file mode 100644
index 0000000..471f563
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/version.h
@@ -0,0 +1,40 @@
+/* wolfssl_version.h.in
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_VERSION_H
+#define WOLFSSL_VERSION_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LIBWOLFSSL_VERSION_STRING "4.8.1"
+#define LIBWOLFSSL_VERSION_HEX 0x04008001
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_VERSION_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/aes.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/aes.h
new file mode 100644
index 0000000..21908ac
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/aes.h
@@ -0,0 +1,505 @@
+/* aes.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/aes.h
+*/
+/*
+
+DESCRIPTION
+This library provides the interfaces to the Advanced Encryption Standard (AES)
+for encrypting and decrypting data. AES is the standard known for a symmetric
+block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
+192-bits, and 256-bits of key sizes.
+
+*/
+#ifndef WOLF_CRYPT_AES_H
+#define WOLF_CRYPT_AES_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_AES
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+/* included for fips @wc_fips */
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+#include <cyassl/ctaocrypt/aes.h>
+#if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER)
+ #define WOLFSSL_AES_COUNTER
+#endif
+#if !defined(WOLFSSL_AES_DIRECT) && defined(CYASSL_AES_DIRECT)
+ #define WOLFSSL_AES_DIRECT
+#endif
+#endif
+
+#ifndef WC_NO_RNG
+ #include <wolfssl/wolfcrypt/random.h>
+#endif
+#ifdef STM32_CRYPTO
+ #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+
+#ifdef WOLFSSL_IMXRT_DCP
+ #include "fsl_dcp.h"
+#endif
+
+#ifdef WOLFSSL_XILINX_CRYPT
+#include "xsecure_aes.h"
+#endif
+
+#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES)
+/* included for struct msghdr */
+#include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
+#endif
+
+#if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)
+#include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
+#endif
+
+#ifdef WOLFSSL_SILABS_SE_ACCEL
+ #include <wolfssl/wolfcrypt/port/silabs/silabs_aes.h>
+#endif
+
+
+#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG)
+ #include <wolfssl/wolfcrypt/random.h>
+#endif
+
+#if defined(WOLFSSL_CRYPTOCELL)
+ #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
+#endif
+
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+ defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
+ #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
+#define WOLFSSL_AES_KEY_SIZE_ENUM
+/* these are required for FIPS and non-FIPS */
+enum {
+ AES_128_KEY_SIZE = 16, /* for 128 bit */
+ AES_192_KEY_SIZE = 24, /* for 192 bit */
+ AES_256_KEY_SIZE = 32, /* for 256 bit */
+
+ AES_IV_SIZE = 16, /* always block size */
+};
+#endif
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+enum {
+ AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */
+ AES_ENCRYPTION = 0,
+ AES_DECRYPTION = 1,
+
+ AES_BLOCK_SIZE = 16,
+
+ KEYWRAP_BLOCK_SIZE = 8,
+
+ GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */
+ GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
+ GCM_NONCE_MIN_SZ = 8, /* wolfCrypt's minimum nonce size allowed. */
+ CCM_NONCE_MIN_SZ = 7,
+ CCM_NONCE_MAX_SZ = 13,
+ CTR_SZ = 4,
+ AES_IV_FIXED_SZ = 4,
+#ifdef WOLFSSL_AES_CFB
+ AES_CFB_MODE = 1,
+#endif
+#ifdef WOLFSSL_AES_OFB
+ AES_OFB_MODE = 2,
+#endif
+#ifdef WOLFSSL_AES_XTS
+ AES_XTS_MODE = 3,
+#endif
+
+#ifdef HAVE_PKCS11
+ AES_MAX_ID_LEN = 32,
+ AES_MAX_LABEL_LEN = 32,
+#endif
+};
+
+
+struct Aes {
+ /* AESNI needs key first, rounds 2nd, not sure why yet */
+ ALIGN16 word32 key[60];
+ word32 rounds;
+ int keylen;
+
+ ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */
+
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+ word32 invokeCtr[2];
+ word32 nonceSz;
+#endif
+#ifdef HAVE_AESGCM
+ ALIGN16 byte H[AES_BLOCK_SIZE];
+#ifdef OPENSSL_EXTRA
+ word32 aadH[4]; /* additional authenticated data GHASH */
+ word32 aadLen; /* additional authenticated data len */
+#endif
+
+#ifdef GCM_TABLE
+ /* key-based fast multiplication table. */
+ ALIGN16 byte M0[256][AES_BLOCK_SIZE];
+#elif defined(GCM_TABLE_4BIT)
+ #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU)
+ ALIGN16 byte M0[16][AES_BLOCK_SIZE];
+ #else
+ ALIGN16 byte M0[32][AES_BLOCK_SIZE];
+ #endif
+#endif /* GCM_TABLE */
+#ifdef HAVE_CAVIUM_OCTEON_SYNC
+ word32 y0;
+#endif
+#endif /* HAVE_AESGCM */
+#ifdef WOLFSSL_AESNI
+ byte use_aesni;
+#endif /* WOLFSSL_AESNI */
+#ifdef WOLF_CRYPTO_CB
+ int devId;
+ void* devCtx;
+#endif
+#ifdef HAVE_PKCS11
+ byte id[AES_MAX_ID_LEN];
+ int idLen;
+ char label[AES_MAX_LABEL_LEN];
+ int labelLen;
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+ defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
+ word32 left; /* unused bytes left from last call */
+#endif
+#ifdef WOLFSSL_XILINX_CRYPT
+ XSecure_Aes xilAes;
+ XCsuDma dma;
+ word32 key_init[8];
+ word32 kup;
+#endif
+#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES)
+ int alFd; /* server socket to bind to */
+ int rdFd; /* socket to read from */
+ struct msghdr msg;
+ int dir; /* flag for encrpyt or decrypt */
+#ifdef WOLFSSL_AFALG_XILINX_AES
+ word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) +
+ GCM_NONCE_MID_SZ)];
+#endif
+#endif
+#if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \
+ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \
+ (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES))
+ word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */
+#ifdef HAVE_CAVIUM_OCTEON_SYNC
+ int keySet;
+#endif
+#endif
+#if defined(WOLFSSL_DEVCRYPTO) && \
+ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
+ WC_CRYPTODEV ctx;
+#endif
+#if defined(WOLFSSL_CRYPTOCELL)
+ aes_context_t ctx;
+#endif
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+ defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
+ TSIP_AES_CTX ctx;
+#endif
+#if defined(WOLFSSL_IMXRT_DCP)
+ dcp_handle_t handle;
+#endif
+#if defined(WOLFSSL_SILABS_SE_ACCEL)
+ silabs_aes_t ctx;
+#endif
+ void* heap; /* memory hint to use */
+#ifdef WOLFSSL_AESGCM_STREAM
+#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI)
+ ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
+#else
+ byte* streamData;
+#endif
+ word32 aSz;
+ word32 cSz;
+ byte over;
+ byte aOver;
+ byte cOver;
+ byte gcmKeySet:1;
+ byte nonceSet:1;
+ byte ctrSet:1;
+#endif
+};
+
+#ifndef WC_AES_TYPE_DEFINED
+ typedef struct Aes Aes;
+ #define WC_AES_TYPE_DEFINED
+#endif
+
+#ifdef WOLFSSL_AES_XTS
+typedef struct XtsAes {
+ Aes aes;
+ Aes tweak;
+} XtsAes;
+#endif
+
+#ifdef HAVE_AESGCM
+typedef struct Gmac {
+ Aes aes;
+} Gmac;
+#endif /* HAVE_AESGCM */
+#endif /* HAVE_FIPS */
+
+
+/* Authenticate cipher function prototypes */
+typedef int (*wc_AesAuthEncryptFunc)(Aes* aes, byte* out,
+ const byte* in, word32 sz,
+ const byte* iv, word32 ivSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+typedef int (*wc_AesAuthDecryptFunc)(Aes* aes, byte* out,
+ const byte* in, word32 sz,
+ const byte* iv, word32 ivSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+
+/* AES-CBC */
+WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len,
+ const byte* iv, int dir);
+WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
+
+#ifdef HAVE_AES_CBC
+WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#endif
+
+#ifdef WOLFSSL_AES_CFB
+WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_AesCfb1Encrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_AesCfb8Encrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#ifdef HAVE_AES_DECRYPT
+WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_AesCfb1Decrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_AesCfb8Decrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#endif /* HAVE_AES_DECRYPT */
+#endif /* WOLFSSL_AES_CFB */
+
+#ifdef WOLFSSL_AES_OFB
+WOLFSSL_API int wc_AesOfbEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#ifdef HAVE_AES_DECRYPT
+WOLFSSL_API int wc_AesOfbDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#endif /* HAVE_AES_DECRYPT */
+#endif /* WOLFSSL_AES_OFB */
+
+#ifdef HAVE_AES_ECB
+WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#endif
+
+/* AES-CTR */
+#ifdef WOLFSSL_AES_COUNTER
+ WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#endif
+/* AES-DIRECT */
+#if defined(WOLFSSL_AES_DIRECT)
+ WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
+ WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
+ WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
+ const byte* iv, int dir);
+#endif
+
+#ifdef HAVE_AESGCM
+#ifdef WOLFSSL_XILINX_CRYPT
+ WOLFSSL_API int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len,
+ word32 kup);
+#elif defined(WOLFSSL_AFALG_XILINX_AES)
+ WOLFSSL_LOCAL int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len,
+ word32 kup);
+#endif
+ WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
+ WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz,
+ const byte* iv, word32 ivSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+ WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz,
+ const byte* iv, word32 ivSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+#ifdef WOLFSSL_AESGCM_STREAM
+WOLFSSL_API int wc_AesGcmInit(Aes* aes, const byte* key, word32 len,
+ const byte* iv, word32 ivSz);
+
+WOLFSSL_API int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len,
+ const byte* iv, word32 ivSz);
+WOLFSSL_API int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len,
+ byte* ivOut, word32 ivOutSz);
+WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in,
+ word32 sz, const byte* authIn, word32 authInSz);
+WOLFSSL_API int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag,
+ word32 authTagSz);
+
+WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len,
+ const byte* iv, word32 ivSz);
+WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in,
+ word32 sz, const byte* authIn, word32 authInSz);
+WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag,
+ word32 authTagSz);
+#endif
+
+#ifndef WC_NO_RNG
+ WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz);
+ WOLFSSL_API int wc_AesGcmSetIV(Aes* aes, word32 ivSz,
+ const byte* ivFixed, word32 ivFixedSz,
+ WC_RNG* rng);
+ WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out,
+ const byte* in, word32 sz,
+ byte* ivOut, word32 ivOutSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+#endif /* WC_NO_RNG */
+
+ WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
+ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
+ const byte* authIn, word32 authInSz,
+ byte* authTag, word32 authTagSz);
+#ifndef WC_NO_RNG
+ WOLFSSL_API int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
+ const byte* authIn, word32 authInSz,
+ byte* authTag, word32 authTagSz, WC_RNG* rng);
+ WOLFSSL_API int wc_GmacVerify(const byte* key, word32 keySz,
+ const byte* iv, word32 ivSz,
+ const byte* authIn, word32 authInSz,
+ const byte* authTag, word32 authTagSz);
+#endif /* WC_NO_RNG */
+ WOLFSSL_LOCAL void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
+ word32 cSz, byte* s, word32 sSz);
+#endif /* HAVE_AESGCM */
+#ifdef HAVE_AESCCM
+ WOLFSSL_LOCAL int wc_AesCcmCheckTagSize(int sz);
+ WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
+ WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 inSz,
+ const byte* nonce, word32 nonceSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+ WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 inSz,
+ const byte* nonce, word32 nonceSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+ WOLFSSL_API int wc_AesCcmSetNonce(Aes* aes,
+ const byte* nonce, word32 nonceSz);
+ WOLFSSL_API int wc_AesCcmEncrypt_ex(Aes* aes, byte* out,
+ const byte* in, word32 sz,
+ byte* ivOut, word32 ivOutSz,
+ byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+#endif /* HAVE_AESCCM */
+#ifdef HAVE_AES_KEYWRAP
+ WOLFSSL_API int wc_AesKeyWrap(const byte* key, word32 keySz,
+ const byte* in, word32 inSz,
+ byte* out, word32 outSz,
+ const byte* iv);
+ WOLFSSL_API int wc_AesKeyWrap_ex(Aes *aes,
+ const byte* in, word32 inSz,
+ byte* out, word32 outSz,
+ const byte* iv);
+ WOLFSSL_API int wc_AesKeyUnWrap(const byte* key, word32 keySz,
+ const byte* in, word32 inSz,
+ byte* out, word32 outSz,
+ const byte* iv);
+ WOLFSSL_API int wc_AesKeyUnWrap_ex(Aes *aes,
+ const byte* in, word32 inSz,
+ byte* out, word32 outSz,
+ const byte* iv);
+#endif /* HAVE_AES_KEYWRAP */
+
+#ifdef WOLFSSL_AES_XTS
+
+WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key,
+ word32 len, int dir, void* heap, int devId);
+
+WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out,
+ const byte* in, word32 sz, word64 sector);
+
+WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out,
+ const byte* in, word32 sz, word64 sector);
+
+WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out,
+ const byte* in, word32 sz, const byte* i, word32 iSz);
+
+WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out,
+ const byte* in, word32 sz, const byte* i, word32 iSz);
+
+WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
+#endif
+
+WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize);
+
+WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId);
+#ifdef HAVE_PKCS11
+WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap,
+ int devId);
+WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap,
+ int devId);
+#endif
+WOLFSSL_API void wc_AesFree(Aes* aes);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* NO_AES */
+#endif /* WOLF_CRYPT_AES_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/arc4.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/arc4.h
new file mode 100644
index 0000000..2d21f5c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/arc4.h
@@ -0,0 +1,68 @@
+/* arc4.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/arc4.h
+*/
+
+#ifndef WOLF_CRYPT_ARC4_H
+#define WOLF_CRYPT_ARC4_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+enum {
+ ARC4_ENC_TYPE = 4, /* cipher unique type */
+ ARC4_STATE_SIZE = 256,
+ RC4_KEY_SIZE = 16, /* always 128bit */
+};
+
+/* ARC4 encryption and decryption */
+typedef struct Arc4 {
+ byte x;
+ byte y;
+ byte state[ARC4_STATE_SIZE];
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+ void* heap;
+} Arc4;
+
+WOLFSSL_API int wc_Arc4Process(Arc4*, byte*, const byte*, word32);
+WOLFSSL_API int wc_Arc4SetKey(Arc4*, const byte*, word32);
+
+WOLFSSL_API int wc_Arc4Init(Arc4*, void*, int);
+WOLFSSL_API void wc_Arc4Free(Arc4*);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLF_CRYPT_ARC4_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/asn.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/asn.h
new file mode 100644
index 0000000..d46cbbd
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/asn.h
@@ -0,0 +1,1574 @@
+/* asn.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/asn.h
+*/
+
+/*
+
+DESCRIPTION
+This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
+ASN.1 is a standard interface description language for defining data structures
+that can be serialized and deserialized in a cross-platform way.
+
+*/
+#ifndef WOLF_CRYPT_ASN_H
+#define WOLF_CRYPT_ASN_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_ASN
+
+
+#if !defined(NO_ASN_TIME) && defined(NO_TIME_H)
+ #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */
+#endif
+
+#include <wolfssl/wolfcrypt/integer.h>
+
+/* fips declare of RsaPrivateKeyDecode @wc_fips */
+#if defined(HAVE_FIPS) && !defined(NO_RSA) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+ #include <cyassl/ctaocrypt/rsa.h>
+#endif
+
+#ifndef NO_DH
+ #include <wolfssl/wolfcrypt/dh.h>
+#endif
+#ifndef NO_DSA
+ #include <wolfssl/wolfcrypt/dsa.h>
+#endif
+#ifndef NO_SHA
+ #include <wolfssl/wolfcrypt/sha.h>
+#endif
+#ifndef NO_MD5
+ #include <wolfssl/wolfcrypt/md5.h>
+#endif
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
+
+#if defined(NO_SHA) && defined(NO_SHA256)
+ #define WC_SHA256_DIGEST_SIZE 32
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifndef EXTERNAL_SERIAL_SIZE
+ #define EXTERNAL_SERIAL_SIZE 32
+#endif
+
+enum {
+ ISSUER = 0,
+ SUBJECT = 1,
+
+ BEFORE = 0,
+ AFTER = 1
+};
+
+/* ASN Tags */
+enum ASN_Tags {
+ ASN_EOC = 0x00,
+ ASN_BOOLEAN = 0x01,
+ ASN_INTEGER = 0x02,
+ ASN_BIT_STRING = 0x03,
+ ASN_OCTET_STRING = 0x04,
+ ASN_TAG_NULL = 0x05,
+ ASN_OBJECT_ID = 0x06,
+ ASN_ENUMERATED = 0x0a,
+ ASN_UTF8STRING = 0x0c,
+ ASN_SEQUENCE = 0x10,
+ ASN_SET = 0x11,
+ ASN_PRINTABLE_STRING = 0x13,
+ ASN_IA5_STRING = 0x16,
+ ASN_UTC_TIME = 0x17,
+ ASN_OTHER_TYPE = 0x00,
+ ASN_RFC822_TYPE = 0x01,
+ ASN_DNS_TYPE = 0x02,
+ ASN_DIR_TYPE = 0x04,
+ ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
+ ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
+ ASN_GENERALIZED_TIME = 0x18,
+ CRL_EXTENSIONS = 0xa0,
+ ASN_EXTENSIONS = 0xa3,
+ ASN_LONG_LENGTH = 0x80,
+ ASN_INDEF_LENGTH = 0x80,
+
+ /* ASN_Flags - Bitmask */
+ ASN_CONSTRUCTED = 0x20,
+ ASN_APPLICATION = 0x40,
+ ASN_CONTEXT_SPECIFIC = 0x80,
+};
+
+#define ASN_UTC_TIME_SIZE 14
+#define ASN_GENERALIZED_TIME_SIZE 16
+#define ASN_GENERALIZED_TIME_MAX 68
+
+enum DN_Tags {
+ ASN_DN_NULL = 0x00,
+ ASN_COMMON_NAME = 0x03, /* CN */
+ ASN_SUR_NAME = 0x04, /* SN */
+ ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
+ ASN_COUNTRY_NAME = 0x06, /* C */
+ ASN_LOCALITY_NAME = 0x07, /* L */
+ ASN_STATE_NAME = 0x08, /* ST */
+ ASN_ORG_NAME = 0x0a, /* O */
+ ASN_ORGUNIT_NAME = 0x0b, /* OU */
+ ASN_BUS_CAT = 0x0f, /* businessCategory */
+ ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
+
+ /* pilot attribute types
+ * OID values of 0.9.2342.19200300.100.1.* */
+ ASN_USER_ID = 0x01, /* UID */
+ ASN_FAVOURITE_DRINK = 0x05, /* favouriteDrink */
+ ASN_DOMAIN_COMPONENT = 0x19 /* DC */
+};
+
+/* This is the size of the smallest possible PEM header and footer */
+extern const int pem_struct_min_sz;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+typedef struct WOLFSSL_ObjectInfo {
+ int nid;
+ int id;
+ word32 type;
+ const char* sName;
+ const char* lName;
+} WOLFSSL_ObjectInfo;
+extern const size_t wolfssl_object_info_sz;
+extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
+#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */
+
+/* DN Tag Strings */
+#define WOLFSSL_COMMON_NAME "/CN="
+#define WOLFSSL_LN_COMMON_NAME "/commonName="
+#define WOLFSSL_SUR_NAME "/SN="
+#define WOLFSSL_SERIAL_NUMBER "/serialNumber="
+#define WOLFSSL_COUNTRY_NAME "/C="
+#define WOLFSSL_LN_COUNTRY_NAME "/countryName="
+#define WOLFSSL_LOCALITY_NAME "/L="
+#define WOLFSSL_LN_LOCALITY_NAME "/localityName="
+#define WOLFSSL_STATE_NAME "/ST="
+#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName="
+#define WOLFSSL_ORG_NAME "/O="
+#define WOLFSSL_LN_ORG_NAME "/organizationName="
+#define WOLFSSL_ORGUNIT_NAME "/OU="
+#define WOLFSSL_LN_ORGUNIT_NAME "/organizationalUnitName="
+#define WOLFSSL_DOMAIN_COMPONENT "/DC="
+#define WOLFSSL_LN_DOMAIN_COMPONENT "/domainComponent="
+#define WOLFSSL_BUS_CAT "/businessCategory="
+#define WOLFSSL_JOI_C "/jurisdictionC="
+#define WOLFSSL_JOI_ST "/jurisdictionST="
+#define WOLFSSL_EMAIL_ADDR "/emailAddress="
+
+#define WOLFSSL_USER_ID "/UID="
+#define WOLFSSL_DOMAIN_COMPONENT "/DC="
+#define WOLFSSL_FAVOURITE_DRINK "/favouriteDrink="
+
+#if defined(WOLFSSL_APACHE_HTTPD)
+ /* otherName strings */
+ #define WOLFSSL_SN_MS_UPN "msUPN"
+ #define WOLFSSL_LN_MS_UPN "Microsoft User Principal Name"
+ #define WOLFSSL_MS_UPN_SUM 265
+ #define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV"
+ #define WOLFSSL_LN_DNS_SRV "SRVName"
+ /* TLS features extension strings */
+ #define WOLFSSL_SN_TLS_FEATURE "tlsfeature"
+ #define WOLFSSL_LN_TLS_FEATURE "TLS Feature"
+ #define WOLFSSL_TLS_FEATURE_SUM 92
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+/* NIDs */
+enum
+{
+ NID_undef = 0,
+ NID_netscape_cert_type = NID_undef,
+ NID_des = 66,
+ NID_des3 = 67,
+ NID_sha256 = 672,
+ NID_sha384 = 673,
+ NID_sha512 = 674,
+ NID_pkcs9_challengePassword = 54,
+ NID_hw_name_oid = 73,
+ NID_id_pkix_OCSP_basic = 74,
+ NID_any_policy = 75,
+ NID_anyExtendedKeyUsage = 76,
+ NID_givenName = 99,
+ NID_initials = 101,
+ NID_title = 106,
+ NID_description = 107,
+ NID_basic_constraints = 133,
+ NID_key_usage = 129, /* 2.5.29.15 */
+ NID_ext_key_usage = 151, /* 2.5.29.37 */
+ NID_subject_key_identifier = 128,
+ NID_authority_key_identifier = 149,
+ NID_private_key_usage_period = 130, /* 2.5.29.16 */
+ NID_subject_alt_name = 131,
+ NID_issuer_alt_name = 132,
+ NID_info_access = 69,
+ NID_sinfo_access = 79, /* id-pe 11 */
+ NID_name_constraints = 144, /* 2.5.29.30 */
+ NID_crl_distribution_points = 145, /* 2.5.29.31 */
+ NID_certificate_policies = 146,
+ NID_policy_mappings = 147,
+ NID_policy_constraints = 150,
+ NID_inhibit_any_policy = 168, /* 2.5.29.54 */
+ NID_tlsfeature = 1020, /* id-pe 24 */
+ NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */
+ NID_buildingName = 1494,
+
+
+ NID_surname = 0x04, /* SN */
+ NID_serialNumber = 0x05, /* serialNumber */
+ NID_countryName = 0x06, /* C */
+ NID_localityName = 0x07, /* L */
+ NID_stateOrProvinceName = 0x08, /* ST */
+ NID_organizationName = 0x0a, /* O */
+ NID_organizationalUnitName = 0x0b, /* OU */
+ NID_jurisdictionCountryName = 0xc,
+ NID_jurisdictionStateOrProvinceName = 0xd,
+ NID_businessCategory = ASN_BUS_CAT,
+ NID_domainComponent = ASN_DOMAIN_COMPONENT,
+ NID_favouriteDrink = 462,
+ NID_userId = 458,
+ NID_emailAddress = 0x30, /* emailAddress */
+ NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
+ NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
+
+ NID_X9_62_prime_field = 406 /* 1.2.840.10045.1.1 */
+};
+#endif /* OPENSSL_EXTRA */
+
+enum ECC_TYPES
+{
+ ECC_PREFIX_0 = 160,
+ ECC_PREFIX_1 = 161
+};
+
+#ifdef WOLFSSL_CERT_PIV
+ enum PIV_Tags {
+ ASN_PIV_CERT = 0x0A,
+ ASN_PIV_NONCE = 0x0B,
+ ASN_PIV_SIGNED_NONCE = 0x0C,
+
+ ASN_PIV_TAG_CERT = 0x70,
+ ASN_PIV_TAG_CERT_INFO = 0x71,
+ ASN_PIV_TAG_MSCUID = 0x72,
+ ASN_PIV_TAG_ERR_DET = 0xFE,
+
+ /* certificate info masks */
+ ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
+ ASN_PIV_CERT_INFO_ISX509 = 0x04,
+ };
+#endif /* WOLFSSL_CERT_PIV */
+
+
+#define ASN_JOI_PREFIX_SZ 10
+#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01"
+#define ASN_JOI_C 0x3
+#define ASN_JOI_ST 0x2
+
+#ifndef WC_ASN_NAME_MAX
+ #ifdef OPENSSL_EXTRA
+ #define WC_ASN_NAME_MAX 300
+ #else
+ #define WC_ASN_NAME_MAX 256
+ #endif
+#endif
+#define ASN_NAME_MAX WC_ASN_NAME_MAX
+
+enum Misc_ASN {
+ MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
+ MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
+ ASN_BOOL_SIZE = 2, /* including type */
+ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
+ ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
+#ifdef NO_SHA
+ KEYID_SIZE = WC_SHA256_DIGEST_SIZE,
+#else
+ KEYID_SIZE = WC_SHA_DIGEST_SIZE,
+#endif
+ RSA_INTS = 8, /* RSA ints in private key */
+ DSA_PARAM_INTS = 3, /* DSA paramater ints */
+ DSA_INTS = 5, /* DSA ints in private key */
+ MIN_DATE_SIZE = 12,
+ MAX_DATE_SIZE = 32,
+ ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
+#ifndef NO_RSA
+ MAX_ENCODED_SIG_SZ = 512,
+#elif defined(HAVE_ECC)
+ MAX_ENCODED_SIG_SZ = 140,
+#elif defined(HAVE_CURVE448)
+ MAX_ENCODED_SIG_SZ = 114,
+#else
+ MAX_ENCODED_SIG_SZ = 64,
+#endif
+ MAX_SIG_SZ = 256,
+ MAX_ALGO_SZ = 20,
+ MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */
+ MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
+ MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
+ MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
+ MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
+ MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
+ MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
+ MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */
+ MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */
+ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
+ MAX_DSA_INT_SZ = 389, /* DSA raw sz 3072 for bits + tag + len(4) */
+ MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
+ MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
+ MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
+ MAX_RSA_E_SZ = 16, /* Max RSA public e size */
+ MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
+ MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
+ MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
+ /* Maximum DER digest size */
+ MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
+ /* Maximum DER digest ASN header size */
+ /* Max X509 header length indicates the max length + 2 ('\n', '\0') */
+ MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */
+#ifdef WOLFSSL_CERT_GEN
+ #ifdef WOLFSSL_CERT_REQ
+ /* Max encoded cert req attributes length */
+ MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
+ MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
+ #endif
+ #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT)
+ MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
+ #else
+ MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
+ #endif
+ /* Max total extensions, id + len + others */
+#endif
+#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
+ defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL)
+ MAX_OID_SZ = 32, /* Max DER length of OID*/
+ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
+#endif
+#ifdef WOLFSSL_CERT_EXT
+ MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */
+ MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */
+ MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) +
+ CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage
+ (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ +
+ (6 * (SEQ + OID))) */
+ MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
+ MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
+#endif
+ MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
+ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
+ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
+ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
+ EIGHTK_BUF = 8192, /* Tmp buffer size */
+ MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
+ /* use bigger NTRU size */
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
+#else
+ HEADER_ENCRYPTED_KEY_SIZE = 0,
+#endif
+ TRAILING_ZERO = 1, /* Used for size of zero pad */
+ ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
+ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
+ MAX_X509_VERSION = 3, /* Max X509 version allowed */
+ MIN_X509_VERSION = 0, /* Min X509 version allowed */
+ WOLFSSL_X509_V1 = 0,
+ WOLFSSL_X509_V2 = 1,
+ WOLFSSL_X509_V3 = 2,
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+ defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
+ MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */
+#endif
+
+ PKCS5_SALT_SZ = 8,
+
+ PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */
+ PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */
+};
+
+#ifndef WC_MAX_NAME_ENTRIES
+ /* entries added to x509 name struct */
+ #define WC_MAX_NAME_ENTRIES 13
+#endif
+#define MAX_NAME_ENTRIES WC_MAX_NAME_ENTRIES
+
+
+enum Oid_Types {
+ oidHashType = 0,
+ oidSigType = 1,
+ oidKeyType = 2,
+ oidCurveType = 3,
+ oidBlkType = 4,
+ oidOcspType = 5,
+ oidCertExtType = 6,
+ oidCertAuthInfoType = 7,
+ oidCertPolicyType = 8,
+ oidCertAltNameType = 9,
+ oidCertKeyUseType = 10,
+ oidKdfType = 11,
+ oidKeyWrapType = 12,
+ oidCmsKeyAgreeType = 13,
+ oidPBEType = 14,
+ oidHmacType = 15,
+ oidCompressType = 16,
+ oidCertNameType = 17,
+ oidTlsExtType = 18,
+ oidCrlExtType = 19,
+ oidCsrAttrType = 20,
+ oidIgnoreType
+};
+
+
+enum Hash_Sum {
+ MD2h = 646,
+ MD5h = 649,
+ SHAh = 88,
+ SHA224h = 417,
+ SHA256h = 414,
+ SHA384h = 415,
+ SHA512h = 416,
+ SHA3_224h = 420,
+ SHA3_256h = 421,
+ SHA3_384h = 422,
+ SHA3_512h = 423
+};
+
+
+#if !defined(NO_DES3) || !defined(NO_AES)
+enum Block_Sum {
+#ifdef WOLFSSL_AES_128
+ AES128CBCb = 414,
+ AES128GCMb = 418,
+ AES128CCMb = 419,
+#endif
+#ifdef WOLFSSL_AES_192
+ AES192CBCb = 434,
+ AES192GCMb = 438,
+ AES192CCMb = 439,
+#endif
+#ifdef WOLFSSL_AES_256
+ AES256CBCb = 454,
+ AES256GCMb = 458,
+ AES256CCMb = 459,
+#endif
+#ifndef NO_DES3
+ DESb = 69,
+ DES3b = 652
+#endif
+};
+#endif /* !NO_DES3 || !NO_AES */
+
+
+enum Key_Sum {
+ DSAk = 515,
+ RSAk = 645,
+ NTRUk = 274,
+ ECDSAk = 518,
+ ED25519k = 256,
+ ED448k = 257,
+ DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
+};
+
+#if !defined(NO_AES) || defined(HAVE_PKCS7)
+enum KeyWrap_Sum {
+#ifdef WOLFSSL_AES_128
+ AES128_WRAP = 417,
+#endif
+#ifdef WOLFSSL_AES_192
+ AES192_WRAP = 437,
+#endif
+#ifdef WOLFSSL_AES_256
+ AES256_WRAP = 457,
+#endif
+#ifdef HAVE_PKCS7
+ PWRI_KEK_WRAP = 680 /*id-alg-PWRI-KEK, 1.2.840.113549.1.9.16.3.9 */
+#endif
+};
+#endif /* !NO_AES || PKCS7 */
+
+enum Key_Agree {
+ dhSinglePass_stdDH_sha1kdf_scheme = 464,
+ dhSinglePass_stdDH_sha224kdf_scheme = 188,
+ dhSinglePass_stdDH_sha256kdf_scheme = 189,
+ dhSinglePass_stdDH_sha384kdf_scheme = 190,
+ dhSinglePass_stdDH_sha512kdf_scheme = 191,
+};
+
+
+
+enum KDF_Sum {
+ PBKDF2_OID = 660
+};
+
+
+enum HMAC_Sum {
+ HMAC_SHA224_OID = 652,
+ HMAC_SHA256_OID = 653,
+ HMAC_SHA384_OID = 654,
+ HMAC_SHA512_OID = 655,
+ HMAC_SHA3_224_OID = 426,
+ HMAC_SHA3_256_OID = 427,
+ HMAC_SHA3_384_OID = 428,
+ HMAC_SHA3_512_OID = 429
+};
+
+
+enum Extensions_Sum {
+ BASIC_CA_OID = 133, /* 2.5.29.19 */
+ ALT_NAMES_OID = 131, /* 2.5.29.17 */
+ CRL_DIST_OID = 145, /* 2.5.29.31 */
+ AUTH_INFO_OID = 69, /* 1.3.6.1.5.5.7.1.1 */
+ AUTH_KEY_OID = 149, /* 2.5.29.35 */
+ SUBJ_KEY_OID = 128, /* 2.5.29.14 */
+ CERT_POLICY_OID = 146, /* 2.5.29.32 */
+ KEY_USAGE_OID = 129, /* 2.5.29.15 */
+ INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
+ EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
+ NAME_CONS_OID = 144, /* 2.5.29.30 */
+ PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */
+ SUBJECT_INFO_ACCESS = 79, /* 1.3.6.1.5.5.7.1.11 */
+ POLICY_MAP_OID = 147, /* 2.5.29.33 */
+ POLICY_CONST_OID = 150, /* 2.5.29.36 */
+ ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */
+ TLS_FEATURE_OID = 92, /* 1.3.6.1.5.5.7.1.24 */
+ NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */
+ OCSP_NOCHECK_OID = 121 /* 1.3.6.1.5.5.7.48.1.5
+ id-pkix-ocsp-nocheck */
+};
+
+enum CertificatePolicy_Sum {
+ CP_ANY_OID = 146 /* id-ce 32 0 */
+};
+
+enum SepHardwareName_Sum {
+ HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
+};
+
+enum AuthInfo_Sum {
+ AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
+ AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
+};
+
+enum ExtKeyUsage_Sum { /* From RFC 5280 */
+ EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
+ EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
+ EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
+ EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */
+ EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */
+ EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */
+ EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */
+};
+
+#ifdef HAVE_LIBZ
+enum CompressAlg_Sum {
+ ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */
+};
+#endif
+
+enum VerifyType {
+ NO_VERIFY = 0,
+ VERIFY = 1,
+ VERIFY_CRL = 2,
+ VERIFY_OCSP = 3,
+ VERIFY_NAME = 4,
+ VERIFY_SKIP_DATE = 5,
+ VERIFY_OCSP_CERT = 6,
+};
+
+#ifdef WOLFSSL_CERT_EXT
+enum KeyIdType {
+ SKID_TYPE = 0,
+ AKID_TYPE = 1
+};
+#endif
+
+#ifdef WOLFSSL_CERT_REQ
+enum CsrAttrType {
+ CHALLENGE_PASSWORD_OID = 659,
+ SERIAL_NUMBER_OID = 94,
+ EXTENSION_REQUEST_OID = 666,
+};
+#endif
+
+/* Key usage extension bits (based on RFC 5280) */
+#define KEYUSE_DIGITAL_SIG 0x0080
+#define KEYUSE_CONTENT_COMMIT 0x0040
+#define KEYUSE_KEY_ENCIPHER 0x0020
+#define KEYUSE_DATA_ENCIPHER 0x0010
+#define KEYUSE_KEY_AGREE 0x0008
+#define KEYUSE_KEY_CERT_SIGN 0x0004
+#define KEYUSE_CRL_SIGN 0x0002
+#define KEYUSE_ENCIPHER_ONLY 0x0001
+#define KEYUSE_DECIPHER_ONLY 0x8000
+
+/* Extended Key Usage bits (internal mapping only) */
+#define EXTKEYUSE_USER 0x80
+#define EXTKEYUSE_OCSP_SIGN 0x40
+#define EXTKEYUSE_TIMESTAMP 0x20
+#define EXTKEYUSE_EMAILPROT 0x10
+#define EXTKEYUSE_CODESIGN 0x08
+#define EXTKEYUSE_CLIENT_AUTH 0x04
+#define EXTKEYUSE_SERVER_AUTH 0x02
+#define EXTKEYUSE_ANY 0x01
+
+typedef struct DNS_entry DNS_entry;
+
+struct DNS_entry {
+ DNS_entry* next; /* next on DNS list */
+ int type; /* i.e. ASN_DNS_TYPE */
+ int len; /* actual DNS len */
+ char* name; /* actual DNS name */
+};
+
+
+typedef struct Base_entry Base_entry;
+
+struct Base_entry {
+ Base_entry* next; /* next on name base list */
+ char* name; /* actual name base */
+ int nameSz; /* name length */
+ byte type; /* Name base type (DNS or RFC822) */
+};
+
+
+enum SignatureState {
+ SIG_STATE_BEGIN,
+ SIG_STATE_HASH,
+ SIG_STATE_KEY,
+ SIG_STATE_DO,
+ SIG_STATE_CHECK,
+};
+
+
+#ifdef HAVE_PK_CALLBACKS
+#ifdef HAVE_ECC
+ typedef int (*wc_CallbackEccVerify)(
+ const unsigned char* sig, unsigned int sigSz,
+ const unsigned char* hash, unsigned int hashSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ int* result, void* ctx);
+#endif
+#ifndef NO_RSA
+ typedef int (*wc_CallbackRsaVerify)(
+ unsigned char* sig, unsigned int sigSz,
+ unsigned char** out,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+#endif
+#endif /* HAVE_PK_CALLBACKS */
+
+struct SignatureCtx {
+ void* heap;
+ byte* digest;
+#ifndef NO_RSA
+ byte* out;
+#endif
+#if !(defined(NO_RSA) && defined(NO_DSA))
+ byte* sigCpy;
+#endif
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
+ !defined(NO_DSA)
+ int verify;
+#endif
+ union {
+ #ifndef NO_RSA
+ struct RsaKey* rsa;
+ #endif
+ #ifndef NO_DSA
+ struct DsaKey* dsa;
+ #endif
+ #ifdef HAVE_ECC
+ struct ecc_key* ecc;
+ #endif
+ #ifdef HAVE_ED25519
+ struct ed25519_key* ed25519;
+ #endif
+ #ifdef HAVE_ED448
+ struct ed448_key* ed448;
+ #endif
+ void* ptr;
+ } key;
+ int devId;
+ int state;
+ int typeH;
+ int digestSz;
+ word32 keyOID;
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV* asyncDev;
+ void* asyncCtx;
+#endif
+
+#ifdef HAVE_PK_CALLBACKS
+#ifdef HAVE_ECC
+ wc_CallbackEccVerify pkCbEcc;
+ void* pkCtxEcc;
+#endif
+#ifndef NO_RSA
+ wc_CallbackRsaVerify pkCbRsa;
+ void* pkCtxRsa;
+#endif
+#endif /* HAVE_PK_CALLBACKS */
+#ifndef NO_RSA
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
+ byte verifyByTSIP;
+ word32 certBegin;
+ word32 pubkey_n_start;
+ word32 pubkey_n_len;
+ word32 pubkey_e_start;
+ word32 pubkey_e_len;
+#endif
+#endif
+};
+
+enum CertSignState {
+ CERTSIGN_STATE_BEGIN,
+ CERTSIGN_STATE_DIGEST,
+ CERTSIGN_STATE_ENCODE,
+ CERTSIGN_STATE_DO,
+};
+
+struct CertSignCtx {
+ byte* sig;
+ byte* digest;
+ #ifndef NO_RSA
+ byte* encSig;
+ int encSigSz;
+ #endif
+ int state; /* enum CertSignState */
+};
+
+#ifndef WOLFSSL_MAX_PATH_LEN
+ /* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines
+ * (k) max_path_length: this integer is initialized to "n", is
+ * decremented for each non-self-issued certificate in the path,
+ * and may be reduced to the value in the path length constraint
+ * field within the basic constraints extension of a CA
+ * certificate.
+ *
+ * wolfSSL has arbitrarily selected the value 127 for "n" in the above
+ * description. Users can modify the maximum path length by setting
+ * WOLFSSL_MAX_PATH_LEN to a preferred value at build time
+ */
+ #define WOLFSSL_MAX_PATH_LEN 127
+#endif
+
+typedef struct DecodedCert DecodedCert;
+typedef struct Signer Signer;
+#ifdef WOLFSSL_TRUST_PEER_CERT
+typedef struct TrustedPeerCert TrustedPeerCert;
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+typedef struct SignatureCtx SignatureCtx;
+typedef struct CertSignCtx CertSignCtx;
+
+
+struct DecodedCert {
+ const byte* publicKey;
+ word32 pubKeySize;
+ int pubKeyStored;
+ word32 certBegin; /* offset to start of cert */
+ word32 sigIndex; /* offset to start of signature */
+ word32 sigLength; /* length of signature */
+ word32 signatureOID; /* sum of algorithm object id */
+ word32 keyOID; /* sum of key algo object id */
+ int version; /* cert version, 1 or 3 */
+ DNS_entry* altNames; /* alt names list of dns entries */
+#ifndef IGNORE_NAME_CONSTRAINTS
+ DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
+ DNS_entry* altDirNames; /* alt names list of DIR entries */
+ Base_entry* permittedNames; /* Permitted name bases */
+ Base_entry* excludedNames; /* Excluded name bases */
+#endif /* IGNORE_NAME_CONSTRAINTS */
+ byte subjectHash[KEYID_SIZE]; /* hash of all Names */
+ byte issuerHash[KEYID_SIZE]; /* hash of all Names */
+#ifdef HAVE_OCSP
+ byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
+ byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
+#endif /* HAVE_OCSP */
+ const byte* signature; /* not owned, points into raw cert */
+ char* subjectCN; /* CommonName */
+ int subjectCNLen; /* CommonName Length */
+ char subjectCNEnc; /* CommonName Encoding */
+ char issuer[ASN_NAME_MAX]; /* full name including common name */
+ char subject[ASN_NAME_MAX]; /* full name including common name */
+ int verify; /* Default to yes, but could be off */
+ const byte* source; /* byte buffer holder cert, NOT owner */
+ word32 srcIdx; /* current offset into buffer */
+ word32 maxIdx; /* max offset based on init size */
+ void* heap; /* for user memory overrides */
+ byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
+ int serialSz; /* raw serial bytes stored */
+ const byte* extensions; /* not owned, points into raw cert */
+ int extensionsSz; /* length of cert extensions */
+ word32 extensionsIdx; /* if want to go back and parse later */
+ const byte* extAuthInfo; /* Authority Information Access URI */
+ int extAuthInfoSz; /* length of the URI */
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
+ int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */
+#endif
+ const byte* extCrlInfo; /* CRL Distribution Points */
+ int extCrlInfoSz; /* length of the URI */
+ byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
+ byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
+ byte pathLength; /* CA basic constraint path length */
+ byte maxPathLen; /* max_path_len see RFC 5280 section
+ * 6.1.2 "Initialization" - (k) for
+ * description of max_path_len */
+ byte policyConstSkip; /* Policy Constraints skip certs value */
+ word16 extKeyUsage; /* Key usage bitfield */
+ byte extExtKeyUsage; /* Extended Key usage bitfield */
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ const byte* extExtKeyUsageSrc;
+ word32 extExtKeyUsageSz;
+ word32 extExtKeyUsageCount;
+ const byte* extAuthKeyIdSrc;
+ word32 extAuthKeyIdSz;
+ const byte* extSubjKeyIdSrc;
+ word32 extSubjKeyIdSz;
+#endif
+
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
+ word32 pkCurveOID; /* Public Key's curve OID */
+#endif /* HAVE_ECC */
+ const byte* beforeDate;
+ int beforeDateLen;
+ const byte* afterDate;
+ int afterDateLen;
+#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
+ const byte* issuerRaw; /* pointer to issuer inside source */
+ int issuerRawLen;
+#endif
+#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
+ const byte* subjectRaw; /* pointer to subject inside source */
+ int subjectRawLen;
+#endif
+#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
+ /* easy access to subject info for other sign */
+ char* subjectSN;
+ int subjectSNLen;
+ char subjectSNEnc;
+ char* subjectC;
+ int subjectCLen;
+ char subjectCEnc;
+ char* subjectL;
+ int subjectLLen;
+ char subjectLEnc;
+ char* subjectST;
+ int subjectSTLen;
+ char subjectSTEnc;
+ char* subjectO;
+ int subjectOLen;
+ char subjectOEnc;
+ char* subjectOU;
+ int subjectOULen;
+ char subjectOUEnc;
+ char* subjectSND;
+ int subjectSNDLen;
+ char subjectSNDEnc;
+#ifdef WOLFSSL_CERT_EXT
+ char* subjectBC;
+ int subjectBCLen;
+ char subjectBCEnc;
+ char* subjectJC;
+ int subjectJCLen;
+ char subjectJCEnc;
+ char* subjectJS;
+ int subjectJSLen;
+ char subjectJSEnc;
+#endif
+ char* subjectEmail;
+ int subjectEmailLen;
+#endif /* WOLFSSL_CERT_GEN */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
+ void* issuerName;
+ void* subjectName;
+#endif /* OPENSSL_EXTRA */
+#ifdef WOLFSSL_SEP
+ int deviceTypeSz;
+ byte* deviceType;
+ int hwTypeSz;
+ byte* hwType;
+ int hwSerialNumSz;
+ byte* hwSerialNum;
+#endif /* WOLFSSL_SEP */
+#ifdef WOLFSSL_CERT_EXT
+ char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
+ int extCertPoliciesNb;
+#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
+
+#ifdef WOLFSSL_CERT_REQ
+ /* CSR attributes */
+ char* cPwd; /* challengePassword */
+ int cPwdLen;
+ char* sNum; /* Serial Number */
+ int sNumLen;
+#endif /* WOLFSSL_CERT_REQ */
+
+ Signer* ca;
+#ifndef NO_CERTS
+ SignatureCtx sigCtx;
+#endif
+#ifdef WOLFSSL_RENESAS_TSIP
+ byte* tsip_encRsaKeyIdx;
+#endif
+
+ int badDate;
+ int criticalExt;
+
+ /* Option Bits */
+ byte subjectCNStored : 1; /* have we saved a copy we own */
+ byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */
+ byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */
+#ifndef IGNORE_NAME_CONSTRAINTS
+ byte extNameConstraintSet : 1;
+#endif
+ byte isCA : 1; /* CA basic constraint true */
+ byte pathLengthSet : 1; /* CA basic const path length set */
+ byte weOwnAltNames : 1; /* altNames haven't been given to copy */
+ byte extKeyUsageSet : 1;
+ byte extExtKeyUsageSet : 1; /* Extended Key Usage set */
+#ifdef HAVE_OCSP
+ byte ocspNoCheckSet : 1; /* id-pkix-ocsp-nocheck set */
+#endif
+ byte extCRLdistSet : 1;
+ byte extAuthInfoSet : 1;
+ byte extBasicConstSet : 1;
+ byte extPolicyConstSet : 1;
+ byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */
+ byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */
+ byte extSubjAltNameSet : 1;
+ byte inhibitAnyOidSet : 1;
+ byte selfSigned : 1; /* Indicates subject and issuer are same */
+#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+ byte extCertPolicySet : 1;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ byte extCRLdistCrit : 1;
+ byte extAuthInfoCrit : 1;
+ byte extBasicConstCrit : 1;
+ byte extPolicyConstCrit : 1;
+ byte extSubjAltNameCrit : 1;
+ byte extAuthKeyIdCrit : 1;
+ #ifndef IGNORE_NAME_CONSTRAINTS
+ byte extNameConstraintCrit : 1;
+ #endif
+ byte extSubjKeyIdCrit : 1;
+ byte extKeyUsageCrit : 1;
+ byte extExtKeyUsageCrit : 1;
+#endif /* OPENSSL_EXTRA */
+#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+ byte extCertPolicyCrit : 1;
+#endif
+#ifdef WOLFSSL_CERT_REQ
+ byte isCSR : 1; /* Do we intend on parsing a CSR? */
+#endif
+};
+
+/* ASN Encoded Name field */
+typedef struct EncodedName {
+ int nameLen; /* actual string value length */
+ int totalLen; /* total encoded length */
+ int type; /* type of name */
+ int used; /* are we actually using this one */
+ byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
+} EncodedName;
+
+#ifdef NO_SHA
+ #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
+#else
+ #define SIGNER_DIGEST_SIZE WC_SHA_DIGEST_SIZE
+#endif
+
+/* CA Signers */
+/* if change layout change PERSIST_CERT_CACHE functions too */
+struct Signer {
+ word32 pubKeySize;
+ word32 keyOID; /* key type */
+ word16 keyUsage;
+ byte maxPathLen;
+ byte pathLength;
+ byte pathLengthSet : 1;
+ byte selfSigned : 1;
+ const byte* publicKey;
+ int nameLen;
+ char* name; /* common name */
+#ifndef IGNORE_NAME_CONSTRAINTS
+ Base_entry* permittedNames;
+ Base_entry* excludedNames;
+#endif /* IGNORE_NAME_CONSTRAINTS */
+ byte subjectNameHash[SIGNER_DIGEST_SIZE];
+ /* sha hash of names in certificate */
+ #ifndef NO_SKID
+ byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
+ /* sha hash of names in certificate */
+ #endif
+ #ifdef HAVE_OCSP
+ byte subjectKeyHash[KEYID_SIZE];
+ #endif
+#ifdef WOLFSSL_SIGNER_DER_CERT
+ DerBuffer* derCert;
+#endif
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
+ word32 cm_idx;
+#endif
+ Signer* next;
+};
+
+
+#ifdef WOLFSSL_TRUST_PEER_CERT
+/* used for having trusted peer certs rather then CA */
+struct TrustedPeerCert {
+ int nameLen;
+ char* name; /* common name */
+ #ifndef IGNORE_NAME_CONSTRAINTS
+ Base_entry* permittedNames;
+ Base_entry* excludedNames;
+ #endif /* IGNORE_NAME_CONSTRAINTS */
+ byte subjectNameHash[SIGNER_DIGEST_SIZE];
+ /* sha hash of names in certificate */
+ #ifndef NO_SKID
+ byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
+ /* sha hash of names in certificate */
+ #endif
+ word32 sigLen;
+ byte* sig;
+ struct TrustedPeerCert* next;
+};
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+
+
+/* for testing or custom openssl wrappers */
+#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
+ defined(OPENSSL_EXTRA_X509_SMALL)
+ #define WOLFSSL_ASN_API WOLFSSL_API
+#else
+ #define WOLFSSL_ASN_API WOLFSSL_LOCAL
+#endif
+
+#ifdef HAVE_SMIME
+#define MIME_HEADER_ASCII_MIN 33
+#define MIME_HEADER_ASCII_MAX 126
+
+typedef struct MimeParam MimeParam;
+typedef struct MimeHdr MimeHdr;
+
+struct MimeParam
+{
+ MimeParam* next;
+ char* attribute;
+ char* value;
+};
+
+struct MimeHdr
+{
+ MimeHdr* next;
+ MimeParam* params;
+ char* name;
+ char* body;
+};
+
+typedef enum MimeTypes
+{
+ MIME_HDR,
+ MIME_PARAM
+} MimeTypes;
+
+typedef enum MimeStatus
+{
+ MIME_NAMEATTR,
+ MIME_BODYVAL
+} MimeStatus;
+#endif /* HAVE_SMIME */
+
+
+WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
+WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
+
+WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
+ word32* derSz);
+
+WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*);
+#ifndef IGNORE_NAME_CONSTRAINTS
+ WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*);
+#endif /* IGNORE_NAME_CONSTRAINTS */
+WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*);
+WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*);
+WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
+
+WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz,
+ const byte *in, word32 inSz);
+WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
+ const char *in, void* heap);
+WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
+WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
+ void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
+ const byte* pubKey, word32 pubKeySz, int pubKeyOID);
+#endif /* WOLFSSL_CERT_REQ */
+WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
+ int sigAlgoType);
+WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
+WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
+WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
+
+WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
+WOLFSSL_LOCAL Signer* MakeSigner(void*);
+WOLFSSL_LOCAL void FreeSigner(Signer*, void*);
+WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*);
+#ifdef WOLFSSL_TRUST_PEER_CERT
+WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*);
+WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*);
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+
+WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length);
+WOLFSSL_ASN_API int ToTraditional_ex(byte* buffer, word32 length,
+ word32* algId);
+WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx,
+ word32 length);
+WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx,
+ word32 length, word32* algId);
+WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int,
+ word32* algId);
+WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out,
+ word32* outSz, const char* password, int passwordSz, int vPKCS,
+ int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
+WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out,
+ word32* outSz, const char* password, int passwordSz, int vPKCS,
+ int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt,
+ WC_RNG* rng, void* heap);
+WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz);
+WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz,
+ const char* password,int passwordSz, int vPKCS, int vAlgo,
+ byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
+WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
+ word32* oidSz, int* algoID, void* heap);
+
+typedef struct tm wolfssl_tm;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
+ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
+#endif
+#if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7)
+WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len);
+#endif
+WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
+ wolfssl_tm* certTime, int* idx);
+WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
+WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
+WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
+
+WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
+ char nameType, byte type);
+WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
+ char nameType, byte type);
+/* ASN.1 helper functions */
+#ifdef WOLFSSL_CERT_GEN
+WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
+WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
+WOLFSSL_LOCAL byte GetCertNameId(int idx);
+#endif
+WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
+ word32 maxIdx);
+WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number,
+ word32 maxIdx);
+
+WOLFSSL_LOCAL const char* GetSigName(int oid);
+WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx);
+WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx, int check);
+WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx);
+WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx, int check);
+WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx);
+WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx, int zeroBits, byte* unusedBits);
+WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx);
+WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx, int check);
+WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
+ int* version, word32 maxIdx);
+WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
+ word32 maxIdx);
+#ifdef HAVE_OID_ENCODING
+ WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
+ byte* out, word32* outSz);
+#endif
+#ifdef HAVE_OID_DECODING
+ WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz,
+ word16* out, word32* outSz);
+#endif
+WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx);
+WOLFSSL_LOCAL int SetObjectId(int len, byte* output);
+WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
+ word32 oidType, word32 maxIdx);
+WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
+ word32 oidType, word32 maxIdx);
+WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
+ word32 inputSz);
+WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
+WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
+WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
+WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
+WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
+WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
+WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
+WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
+ word32 outputSz, int maxSnSz);
+WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
+ byte* serial, int* serialSz, word32 maxIdx);
+WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
+ int maxIdx);
+WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
+WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
+ const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
+WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
+WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
+
+#ifdef HAVE_ECC
+ /* ASN sig helpers */
+ WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
+ mp_int* s);
+ WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen,
+ const byte* r, word32 rLen, const byte* s, word32 sLen);
+ WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen,
+ byte* r, word32* rLen, byte* s, word32* sLen);
+#endif
+#if defined(HAVE_ECC) || !defined(NO_DSA)
+ WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
+ mp_int* r, mp_int* s);
+#endif
+#if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+WOLFSSL_API int EccEnumToNID(int n);
+#endif
+
+WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId);
+WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx);
+
+#ifndef NO_CERTS
+
+WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info,
+ const char** pBuffer, size_t bufSz);
+
+WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
+ DerBuffer** pDer, void* heap, EncryptedInfo* info,
+ int* eccKey);
+WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
+WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
+
+#endif /* !NO_CERTS */
+
+#ifdef HAVE_SMIME
+WOLFSSL_LOCAL int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** hdrs);
+WOLFSSL_LOCAL int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end);
+WOLFSSL_LOCAL int wc_MIME_create_header(char* name, char* body, MimeHdr** hdr);
+WOLFSSL_LOCAL int wc_MIME_create_parameter(char* attribute, char* value, MimeParam** param);
+WOLFSSL_LOCAL MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* hdr);
+WOLFSSL_LOCAL MimeParam* wc_MIME_find_param_attr(const char* attribute, MimeParam* param);
+WOLFSSL_LOCAL char* wc_MIME_canonicalize(const char* line);
+WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
+#endif /* HAVE_SMIME */
+
+#ifdef WOLFSSL_CERT_GEN
+
+enum cert_enums {
+#ifdef WOLFSSL_CERT_EXT
+ NAME_ENTRIES = 10,
+#else
+ NAME_ENTRIES = 9,
+#endif
+ JOINT_LEN = 2,
+ EMAIL_JOINT_LEN = 9,
+ PILOT_JOINT_LEN = 10,
+ RSA_KEY = 10,
+ NTRU_KEY = 11,
+ ECC_KEY = 12,
+ ED25519_KEY = 13,
+ ED448_KEY = 14,
+ DSA_KEY = 15
+};
+
+#endif /* WOLFSSL_CERT_GEN */
+
+
+
+/* for pointer use */
+typedef struct CertStatus CertStatus;
+
+#ifdef HAVE_OCSP
+
+enum Ocsp_Response_Status {
+ OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
+ OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
+ OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
+ OCSP_TRY_LATER = 3, /* Try again later */
+ OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
+ OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
+};
+
+
+enum Ocsp_Cert_Status {
+ CERT_GOOD = 0,
+ CERT_REVOKED = 1,
+ CERT_UNKNOWN = 2
+};
+
+
+enum Ocsp_Sums {
+ OCSP_BASIC_OID = 117,
+ OCSP_NONCE_OID = 118
+};
+
+#ifdef OPENSSL_EXTRA
+enum Ocsp_Verify_Error {
+ OCSP_VERIFY_ERROR_NONE = 0,
+ OCSP_BAD_ISSUER = 1
+};
+#endif
+
+
+typedef struct OcspRequest OcspRequest;
+typedef struct OcspResponse OcspResponse;
+
+
+struct CertStatus {
+ CertStatus* next;
+
+ byte serial[EXTERNAL_SERIAL_SIZE];
+ int serialSz;
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_ASN1_INTEGER* serialInt;
+#endif
+
+ int status;
+
+ byte thisDate[MAX_DATE_SIZE];
+ byte nextDate[MAX_DATE_SIZE];
+ byte thisDateFormat;
+ byte nextDateFormat;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+ WOLFSSL_ASN1_TIME thisDateParsed;
+ WOLFSSL_ASN1_TIME nextDateParsed;
+ byte* thisDateAsn;
+ byte* nextDateAsn;
+#endif
+
+ byte* rawOcspResponse;
+ word32 rawOcspResponseSz;
+};
+
+typedef struct OcspEntry OcspEntry;
+
+#ifdef NO_SHA
+#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
+#else
+#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
+#endif
+
+struct OcspEntry
+{
+ OcspEntry *next; /* next entry */
+ word32 hashAlgoOID; /* hash algo ID */
+ byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
+ byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
+ CertStatus *status; /* OCSP response list */
+ int totalStatus; /* number on list */
+ byte* rawCertId; /* raw bytes of the CertID */
+ int rawCertIdSize; /* num bytes in raw CertID */
+ /* option bits - using 32-bit for alignment */
+ word32 ownStatus:1; /* do we need to free the status
+ * response list */
+ word32 isDynamic:1; /* was dynamically allocated */
+
+};
+
+/* TODO: Long-term, it would be helpful if we made this struct and other OCSP
+ structs conform to the ASN spec as described in RFC 6960. It will help
+ with readability and with implementing OpenSSL compatibility API
+ functions, because OpenSSL's OCSP data structures conform to the
+ RFC. */
+struct OcspResponse {
+ int responseStatus; /* return code from Responder */
+
+ byte* response; /* Pointer to beginning of OCSP Response */
+ word32 responseSz; /* length of the OCSP Response */
+
+ byte producedDate[MAX_DATE_SIZE];
+ /* Date at which this response was signed */
+ byte producedDateFormat; /* format of the producedDate */
+
+ byte* cert;
+ word32 certSz;
+
+ byte* sig; /* Pointer to sig in source */
+ word32 sigSz; /* Length in octets for the sig */
+ word32 sigOID; /* OID for hash used for sig */
+
+ OcspEntry* single; /* chain of OCSP single responses */
+
+ byte* nonce; /* pointer to nonce inside ASN.1 response */
+ int nonceSz; /* length of the nonce string */
+
+ byte* source; /* pointer to source buffer, not owned */
+ word32 maxIdx; /* max offset based on init size */
+
+#ifdef OPENSSL_EXTRA
+ int verifyError;
+#endif
+ void* heap;
+};
+
+
+struct OcspRequest {
+ byte issuerHash[KEYID_SIZE];
+ byte issuerKeyHash[KEYID_SIZE];
+ byte* serial; /* copy of the serial number in source cert */
+ int serialSz;
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_ASN1_INTEGER* serialInt;
+#endif
+ byte* url; /* copy of the extAuthInfo in source cert */
+ int urlSz;
+
+ byte nonce[MAX_OCSP_NONCE_SZ];
+ int nonceSz;
+ void* heap;
+ void* ssl;
+};
+
+WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*);
+WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*);
+WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
+
+WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
+WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*);
+WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32);
+WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32);
+
+
+WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
+
+
+#endif /* HAVE_OCSP */
+
+
+/* for pointer use */
+typedef struct RevokedCert RevokedCert;
+
+#ifdef HAVE_CRL
+
+struct RevokedCert {
+ byte serialNumber[EXTERNAL_SERIAL_SIZE];
+ int serialSz;
+ RevokedCert* next;
+};
+
+typedef struct DecodedCRL DecodedCRL;
+
+struct DecodedCRL {
+ word32 certBegin; /* offset to start of cert */
+ word32 sigIndex; /* offset to start of signature */
+ word32 sigLength; /* length of signature */
+ word32 signatureOID; /* sum of algorithm object id */
+ byte* signature; /* pointer into raw source, not owned */
+ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
+ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
+ byte lastDate[MAX_DATE_SIZE]; /* last date updated */
+ byte nextDate[MAX_DATE_SIZE]; /* next update date */
+ byte lastDateFormat; /* format of last date */
+ byte nextDateFormat; /* format of next date */
+ RevokedCert* certs; /* revoked cert list */
+ int totalCerts; /* number on list */
+ void* heap;
+#ifndef NO_SKID
+ byte extAuthKeyIdSet;
+ byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */
+#endif
+};
+
+WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap);
+WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
+ const byte* toBeSigned, word32 tbsSz,
+ const byte* signature, word32 sigSz,
+ word32 signatureOID, Signer *ca,
+ void* heap);
+WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
+WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
+
+
+#endif /* HAVE_CRL */
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* !NO_ASN */
+
+
+#if !defined(NO_ASN) || !defined(NO_PWDBASED)
+
+#ifndef MAX_KEY_SIZE
+ #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */
+#endif
+#ifndef MAX_UNICODE_SZ
+ #define MAX_UNICODE_SZ 256
+#endif
+
+enum PBESTypes {
+ PBE_MD5_DES = 0,
+ PBE_SHA1_RC4_128 = 1,
+ PBE_SHA1_DES = 2,
+ PBE_SHA1_DES3 = 3,
+ PBE_AES256_CBC = 4,
+ PBE_AES128_CBC = 5,
+ PBE_SHA1_40RC2_CBC = 6,
+
+ PBE_SHA1_RC4_128_SUM = 657,
+ PBE_SHA1_DES3_SUM = 659,
+ PBES2 = 13 /* algo ID */
+};
+
+enum PKCSTypes {
+ PKCS5v2 = 6, /* PKCS #5 v2.0 */
+ PKCS12v1 = 12, /* PKCS #12 */
+ PKCS5 = 5, /* PKCS oid tag */
+ PKCS8v0 = 0, /* default PKCS#8 version */
+};
+
+#endif /* !NO_ASN || !NO_PWDBASED */
+
+#endif /* WOLF_CRYPT_ASN_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/asn_public.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/asn_public.h
new file mode 100644
index 0000000..01af995
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/asn_public.h
@@ -0,0 +1,658 @@
+/* asn_public.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/asn_public.h
+*/
+
+/*
+DESCRIPTION
+This library defines the interface APIs for X509 certificates.
+
+*/
+#ifndef WOLF_CRYPT_ASN_PUBLIC_H
+#define WOLF_CRYPT_ASN_PUBLIC_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/dsa.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* guard on redeclaration */
+#ifndef WC_ECCKEY_TYPE_DEFINED
+ typedef struct ecc_key ecc_key;
+ #define WC_ECCKEY_TYPE_DEFINED
+#endif
+#ifndef WC_ED25519KEY_TYPE_DEFINED
+ typedef struct ed25519_key ed25519_key;
+ #define WC_ED25519KEY_TYPE_DEFINED
+#endif
+#ifndef WC_ED448KEY_TYPE_DEFINED
+ typedef struct ed448_key ed448_key;
+ #define WC_ED448KEY_TYPE_DEFINED
+#endif
+#ifndef WC_RSAKEY_TYPE_DEFINED
+ typedef struct RsaKey RsaKey;
+ #define WC_RSAKEY_TYPE_DEFINED
+#endif
+#ifndef WC_RNG_TYPE_DEFINED
+ typedef struct WC_RNG WC_RNG;
+ #define WC_RNG_TYPE_DEFINED
+#endif
+#ifndef WC_DH_TYPE_DEFINED
+ typedef struct DhKey DhKey;
+ #define WC_DH_TYPE_DEFINED
+#endif
+
+enum Ecc_Sum {
+ ECC_SECP112R1_OID = 182,
+ ECC_SECP112R2_OID = 183,
+ ECC_SECP128R1_OID = 204,
+ ECC_SECP128R2_OID = 205,
+ ECC_SECP160R1_OID = 184,
+ ECC_SECP160R2_OID = 206,
+ ECC_SECP160K1_OID = 185,
+ ECC_BRAINPOOLP160R1_OID = 98,
+ ECC_SECP192R1_OID = 520,
+ ECC_PRIME192V2_OID = 521,
+ ECC_PRIME192V3_OID = 522,
+ ECC_SECP192K1_OID = 207,
+ ECC_BRAINPOOLP192R1_OID = 100,
+ ECC_SECP224R1_OID = 209,
+ ECC_SECP224K1_OID = 208,
+ ECC_BRAINPOOLP224R1_OID = 102,
+ ECC_PRIME239V1_OID = 523,
+ ECC_PRIME239V2_OID = 524,
+ ECC_PRIME239V3_OID = 525,
+ ECC_SECP256R1_OID = 526,
+ ECC_SECP256K1_OID = 186,
+ ECC_BRAINPOOLP256R1_OID = 104,
+ ECC_X25519_OID = 365,
+ ECC_ED25519_OID = 256,
+ ECC_BRAINPOOLP320R1_OID = 106,
+ ECC_X448_OID = 362,
+ ECC_ED448_OID = 257,
+ ECC_SECP384R1_OID = 210,
+ ECC_BRAINPOOLP384R1_OID = 108,
+ ECC_BRAINPOOLP512R1_OID = 110,
+ ECC_SECP521R1_OID = 211,
+};
+
+
+/* Certificate file Type */
+enum CertType {
+ CERT_TYPE = 0,
+ PRIVATEKEY_TYPE,
+ DH_PARAM_TYPE,
+ DSA_PARAM_TYPE,
+ CRL_TYPE,
+ CA_TYPE,
+ ECC_PRIVATEKEY_TYPE,
+ DSA_PRIVATEKEY_TYPE,
+ CERTREQ_TYPE,
+ DSA_TYPE,
+ ECC_TYPE,
+ RSA_TYPE,
+ PUBLICKEY_TYPE,
+ RSA_PUBLICKEY_TYPE,
+ ECC_PUBLICKEY_TYPE,
+ TRUSTED_PEER_TYPE,
+ EDDSA_PRIVATEKEY_TYPE,
+ ED25519_TYPE,
+ ED448_TYPE,
+ PKCS12_TYPE,
+ PKCS8_PRIVATEKEY_TYPE,
+ PKCS8_ENC_PRIVATEKEY_TYPE,
+ DETECT_CERT_TYPE,
+ DH_PRIVATEKEY_TYPE,
+};
+
+
+/* Signature type, by OID sum */
+enum Ctc_SigType {
+ CTC_SHAwDSA = 517,
+ CTC_SHA256wDSA = 416,
+ CTC_MD2wRSA = 646,
+ CTC_MD5wRSA = 648,
+ CTC_SHAwRSA = 649,
+ CTC_SHAwECDSA = 520,
+ CTC_SHA224wRSA = 658,
+ CTC_SHA224wECDSA = 523,
+ CTC_SHA256wRSA = 655,
+ CTC_SHA256wECDSA = 524,
+ CTC_SHA384wRSA = 656,
+ CTC_SHA384wECDSA = 525,
+ CTC_SHA512wRSA = 657,
+ CTC_SHA512wECDSA = 526,
+
+ /* https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration */
+ CTC_SHA3_224wECDSA = 423,
+ CTC_SHA3_256wECDSA = 424,
+ CTC_SHA3_384wECDSA = 425,
+ CTC_SHA3_512wECDSA = 426,
+ CTC_SHA3_224wRSA = 427,
+ CTC_SHA3_256wRSA = 428,
+ CTC_SHA3_384wRSA = 429,
+ CTC_SHA3_512wRSA = 430,
+
+ CTC_ED25519 = 256,
+ CTC_ED448 = 257
+};
+
+enum Ctc_Encoding {
+ CTC_UTF8 = 0x0c, /* utf8 */
+ CTC_PRINTABLE = 0x13 /* printable */
+};
+
+#ifndef WC_CTC_NAME_SIZE
+ #define WC_CTC_NAME_SIZE 64
+#endif
+#ifndef WC_CTC_MAX_ALT_SIZE
+ #define WC_CTC_MAX_ALT_SIZE 16384
+#endif
+
+enum Ctc_Misc {
+ CTC_COUNTRY_SIZE = 2,
+ CTC_NAME_SIZE = WC_CTC_NAME_SIZE,
+ CTC_DATE_SIZE = 32,
+ CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */
+ CTC_SERIAL_SIZE = 20,
+ CTC_GEN_SERIAL_SZ = 16,
+#ifdef WOLFSSL_CERT_EXT
+ /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum
+ * We support only hash */
+ CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
+ CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
+ CTC_MAX_CERTPOL_SZ = 64,
+ CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */
+#endif /* WOLFSSL_CERT_EXT */
+};
+
+/* DER buffer */
+typedef struct DerBuffer {
+ byte* buffer;
+ void* heap;
+ word32 length;
+ int type; /* enum CertType */
+ int dynType; /* DYNAMIC_TYPE_* */
+} DerBuffer;
+
+typedef struct WOLFSSL_ASN1_TIME {
+ unsigned char data[CTC_DATE_SIZE]; /* date bytes */
+ int length;
+ int type;
+} WOLFSSL_ASN1_TIME;
+
+enum {
+ IV_SZ = 32, /* max iv sz */
+ NAME_SZ = 80, /* max one line */
+
+ PEM_PASS_READ = 0,
+ PEM_PASS_WRITE = 1,
+};
+
+
+typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
+
+typedef struct EncryptedInfo {
+ pem_password_cb* passwd_cb;
+ void* passwd_userdata;
+
+ long consumed; /* tracks PEM bytes consumed */
+
+ int cipherType;
+ word32 keySz;
+ word32 ivSz; /* salt or encrypted IV size */
+
+ char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */
+ byte iv[IV_SZ]; /* salt or encrypted IV */
+
+ word16 set:1; /* if encryption set */
+} EncryptedInfo;
+
+
+#define WOLFSSL_ASN1_INTEGER_MAX 20
+typedef struct WOLFSSL_ASN1_INTEGER {
+ /* size can be increased set at 20 for tag, length then to hold at least 16
+ * byte type */
+ unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX];
+ /* ASN_INTEGER | LENGTH | hex of number */
+ unsigned char negative; /* negative number flag */
+
+ unsigned char* data;
+ unsigned int dataMax; /* max size of data buffer */
+ unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
+
+ int length;
+ int type;
+} WOLFSSL_ASN1_INTEGER;
+
+
+#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
+#ifdef WOLFSSL_EKU_OID
+ #ifndef CTC_MAX_EKU_NB
+ #define CTC_MAX_EKU_NB 1
+ #endif
+ #ifndef CTC_MAX_EKU_OID_SZ
+ #define CTC_MAX_EKU_OID_SZ 30
+ #endif
+#else
+ #undef CTC_MAX_EKU_OID_SZ
+ #define CTC_MAX_EKU_OID_SZ 0
+#endif
+#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
+
+#ifdef WOLFSSL_CERT_GEN
+
+#ifdef WOLFSSL_MULTI_ATTRIB
+#ifndef CTC_MAX_ATTRIB
+ #define CTC_MAX_ATTRIB 4
+#endif
+
+/* ASN Encoded Name field */
+typedef struct NameAttrib {
+ int sz; /* actual string value length */
+ int id; /* id of name */
+ int type; /* enc of name */
+ char value[CTC_NAME_SIZE]; /* name */
+} NameAttrib;
+#endif /* WOLFSSL_MULTI_ATTRIB */
+
+
+typedef struct CertName {
+ char country[CTC_NAME_SIZE];
+ char countryEnc;
+ char state[CTC_NAME_SIZE];
+ char stateEnc;
+ char locality[CTC_NAME_SIZE];
+ char localityEnc;
+ char sur[CTC_NAME_SIZE];
+ char surEnc;
+ char org[CTC_NAME_SIZE];
+ char orgEnc;
+ char unit[CTC_NAME_SIZE];
+ char unitEnc;
+ char commonName[CTC_NAME_SIZE];
+ char commonNameEnc;
+ char serialDev[CTC_NAME_SIZE];
+ char serialDevEnc;
+#ifdef WOLFSSL_CERT_EXT
+ char busCat[CTC_NAME_SIZE];
+ char busCatEnc;
+ char joiC[CTC_NAME_SIZE];
+ char joiCEnc;
+ char joiSt[CTC_NAME_SIZE];
+ char joiStEnc;
+#endif
+ char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */
+#ifdef WOLFSSL_MULTI_ATTRIB
+ NameAttrib name[CTC_MAX_ATTRIB];
+#endif
+} CertName;
+
+
+/* for user to fill for certificate generation */
+typedef struct Cert {
+ int version; /* x509 version */
+ byte serial[CTC_SERIAL_SIZE]; /* serial number */
+ int serialSz; /* serial size */
+ int sigType; /* signature algo type */
+ CertName issuer; /* issuer info */
+ int daysValid; /* validity days */
+ int selfSigned; /* self signed flag */
+ CertName subject; /* subject info */
+ int isCA; /* is this going to be a CA */
+ /* internal use only */
+ int bodySz; /* pre sign total size */
+ int keyType; /* public key type of subject */
+#ifdef WOLFSSL_ALT_NAMES
+ byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
+ int altNamesSz; /* altNames size in bytes */
+ byte beforeDate[CTC_DATE_SIZE]; /* before date copy */
+ int beforeDateSz; /* size of copy */
+ byte afterDate[CTC_DATE_SIZE]; /* after date copy */
+ int afterDateSz; /* size of copy */
+#endif
+#ifdef WOLFSSL_CERT_EXT
+ byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */
+ int skidSz; /* SKID size in bytes */
+ byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */
+ int akidSz; /* AKID size in bytes */
+ word16 keyUsage; /* Key Usage */
+ byte extKeyUsage; /* Extended Key Usage */
+#ifdef WOLFSSL_EKU_OID
+ /* Extended Key Usage OIDs */
+ byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ];
+ byte extKeyUsageOIDSz[CTC_MAX_EKU_NB];
+#endif
+ char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
+ word16 certPoliciesNb; /* Number of Cert Policy */
+#endif
+#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
+ defined(WOLFSSL_CERT_REQ)
+ byte issRaw[sizeof(CertName)]; /* raw issuer info */
+ byte sbjRaw[sizeof(CertName)]; /* raw subject info */
+#endif
+#ifdef WOLFSSL_CERT_REQ
+ char challengePw[CTC_NAME_SIZE];
+ int challengePwPrintableString; /* encode as PrintableString */
+#endif
+ void* decodedCert; /* internal DecodedCert allocated from heap */
+ byte* der; /* Pointer to buffer of current DecodedCert cache */
+ void* heap; /* heap hint */
+} Cert;
+
+
+/* Initialize and Set Certificate defaults:
+ version = 3 (0x2)
+ serial = 0 (Will be randomly generated)
+ sigType = SHA_WITH_RSA
+ issuer = blank
+ daysValid = 500
+ selfSigned = 1 (true) use subject as issuer
+ subject = blank
+ isCA = 0 (false)
+ keyType = RSA_KEY (default)
+*/
+WOLFSSL_API int wc_InitCert(Cert*);
+WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
+ int keyType, void* key, WC_RNG* rng);
+WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
+ ecc_key*, WC_RNG*);
+#ifdef WOLFSSL_CERT_REQ
+ WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
+ int, void*);
+ WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
+ RsaKey*, ecc_key*);
+#endif
+WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
+ word32 buffSz, int keyType, void* key,
+ WC_RNG* rng);
+WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
+ word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
+WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
+ WC_RNG*);
+WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
+WOLFSSL_API int wc_SetSubject(Cert*, const char*);
+#ifdef WOLFSSL_ALT_NAMES
+ WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
+#endif
+
+#ifdef WOLFSSL_CERT_GEN_CACHE
+WOLFSSL_API void wc_SetCert_Free(Cert* cert);
+#endif
+
+WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
+WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
+WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
+WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
+
+#ifndef NO_ASN_TIME
+WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before,
+ struct tm* after);
+#endif
+
+#ifdef WOLFSSL_CERT_EXT
+WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType,
+ void* key);
+WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
+ ecc_key *eckey);
+WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
+WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
+WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType,
+ void* key);
+WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
+ ecc_key *eckey);
+WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
+WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
+WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz);
+WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
+
+#ifdef HAVE_NTRU
+WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
+ word16 ntruKeySz);
+#endif
+
+/* Set the KeyUsage.
+ * Value is a string separated tokens with ','. Accepted tokens are :
+ * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign,
+ * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly.
+ *
+ * nonRepudiation and contentCommitment are for the same usage.
+ */
+WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
+
+/* Set ExtendedKeyUsage
+ * Value is a string separated tokens with ','. Accepted tokens are :
+ * any,serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning
+ */
+WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value);
+
+
+#ifdef WOLFSSL_EKU_OID
+/* Set ExtendedKeyUsage with unique OID
+ * oid is expected to be in byte representation
+ */
+WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
+ byte idx, void* heap);
+#endif /* WOLFSSL_EKU_OID */
+#endif /* WOLFSSL_CERT_EXT */
+
+ #ifdef HAVE_NTRU
+ WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
+ const byte* ntruKey, word16 keySz,
+ WC_RNG*);
+ #endif
+
+#endif /* WOLFSSL_CERT_GEN */
+
+WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz,
+ const byte** date, byte* format, int* length);
+#ifndef NO_ASN_TIME
+WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length,
+ byte format, struct tm* time);
+#endif
+
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
+
+ WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header,
+ const char** footer);
+
+#endif
+
+WOLFSSL_API int wc_AllocDer(DerBuffer** pDer, word32 length, int type, void* heap);
+WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
+
+#ifdef WOLFSSL_PEM_TO_DER
+ WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
+ DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
+
+ WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
+ unsigned char*, int, const char*);
+ WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
+ unsigned char*, int, int);
+#endif /* WOLFSSL_PEM_TO_DER */
+
+#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
+ #ifndef NO_FILESYSTEM
+ WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
+ unsigned char* derBuf, int derSz);
+ #endif
+
+ WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
+ unsigned char*, int);
+#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
+
+#ifdef WOLFSSL_CERT_GEN
+ #ifndef NO_FILESYSTEM
+ WOLFSSL_API int wc_PemCertToDer(const char* fileName,
+ unsigned char* derBuf, int derSz);
+ #endif
+#endif /* WOLFSSL_CERT_GEN */
+
+#ifdef WOLFSSL_DER_TO_PEM
+ WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
+ word32 outputSz, int type);
+ WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
+ word32 outputSz, byte *cipherIno, int type);
+#endif
+
+#ifndef NO_RSA
+ #if !defined(HAVE_USER_RSA)
+ WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
+ word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
+ #endif
+ WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header);
+#endif
+
+#ifndef NO_DSA
+ /* DSA parameter DER helper functions */
+ WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx,
+ DsaKey*, word32);
+ WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen);
+#endif
+
+#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
+WOLFSSL_LOCAL int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv);
+WOLFSSL_API int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
+WOLFSSL_API int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
+WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
+#endif
+
+#ifdef HAVE_ECC
+ /* private key helpers */
+ WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
+ ecc_key*, word32);
+ WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
+ WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output,
+ word32 inLen);
+ WOLFSSL_API int wc_EccKeyDerSize(ecc_key*, int pub);
+ WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output,
+ word32* outLen);
+ WOLFSSL_API int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
+ word32* outLen);
+
+ /* public key helper */
+ WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
+ ecc_key*, word32);
+ WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
+ word32 inLen, int with_AlgCurve);
+ WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key*, int with_AlgCurve);
+#endif
+
+#ifdef HAVE_ED25519
+ /* private key helpers */
+ WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*,
+ ed25519_key*, word32);
+ WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output,
+ word32 inLen);
+ WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output,
+ word32 inLen);
+
+ /* public key helper */
+ WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*,
+ ed25519_key*, word32);
+ #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+ WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output,
+ word32 inLen, int with_AlgCurve);
+ #endif
+#endif
+
+#ifdef HAVE_ED448
+ /* private key helpers */
+ WOLFSSL_API int wc_Ed448PrivateKeyDecode(const byte*, word32*,
+ ed448_key*, word32);
+ WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output,
+ word32 inLen);
+ WOLFSSL_API int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output,
+ word32 inLen);
+
+ /* public key helper */
+ WOLFSSL_API int wc_Ed448PublicKeyDecode(const byte*, word32*,
+ ed448_key*, word32);
+ #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+ WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte* output,
+ word32 inLen, int with_AlgCurve);
+ #endif
+#endif
+
+/* DER encode signature */
+WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
+ word32 digSz, int hashOID);
+WOLFSSL_API int wc_GetCTC_HashOID(int type);
+
+WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input,
+ word32* inOutIdx, word32 sz);
+WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
+ byte* key, word32 keySz, int algoID, const byte* curveOID,
+ word32 oidSz);
+WOLFSSL_API int wc_EncryptPKCS8Key(byte*, word32, byte*, word32*, const char*,
+ int, int, int, int, byte*, word32, int, WC_RNG*, void*);
+WOLFSSL_API int wc_DecryptPKCS8Key(byte*, word32, const char*, int);
+WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte*, word32, byte*, word32*,
+ const char*, int, int, int, int, byte*, word32, int, WC_RNG*, void*);
+
+#ifndef NO_ASN_TIME
+/* Time */
+/* Returns seconds (Epoch/UTC)
+ * timePtr: is "time_t", which is typically "long"
+ * Example:
+ long lTime;
+ rc = wc_GetTime(&lTime, (word32)sizeof(lTime));
+*/
+WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize);
+#endif
+
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ WOLFSSL_API int wc_EncryptedInfoGet(EncryptedInfo* info,
+ const char* cipherInfo);
+#endif
+
+
+#ifdef WOLFSSL_CERT_PIV
+
+typedef struct _wc_CertPIV {
+ const byte* cert;
+ word32 certSz;
+ const byte* certErrDet;
+ word32 certErrDetSz;
+ const byte* nonce; /* Identiv Only */
+ word32 nonceSz; /* Identiv Only */
+ const byte* signedNonce; /* Identiv Only */
+ word32 signedNonceSz; /* Identiv Only */
+
+ /* flags */
+ word16 compression:2;
+ word16 isX509:1;
+ word16 isIdentiv:1;
+} wc_CertPIV;
+
+WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
+#endif /* WOLFSSL_CERT_PIV */
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_ASN_PUBLIC_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2-impl.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2-impl.h
new file mode 100644
index 0000000..c6a4bec
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2-impl.h
@@ -0,0 +1,155 @@
+/*
+ BLAKE2 reference source code package - reference C implementations
+
+ Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+/* blake2-impl.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLFCRYPT_BLAKE2_IMPL_H
+#define WOLFCRYPT_BLAKE2_IMPL_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+static WC_INLINE word32 load32( const void *src )
+{
+#if defined(LITTLE_ENDIAN_ORDER)
+ return *( word32 * )( src );
+#else
+ const byte *p = ( byte * )src;
+ word32 w = *p++;
+ w |= ( word32 )( *p++ ) << 8;
+ w |= ( word32 )( *p++ ) << 16;
+ w |= ( word32 )( *p++ ) << 24;
+ return w;
+#endif
+}
+
+static WC_INLINE word64 load64( const void *src )
+{
+#if defined(LITTLE_ENDIAN_ORDER)
+ return *( word64 * )( src );
+#else
+ const byte *p = ( byte * )src;
+ word64 w = *p++;
+ w |= ( word64 )( *p++ ) << 8;
+ w |= ( word64 )( *p++ ) << 16;
+ w |= ( word64 )( *p++ ) << 24;
+ w |= ( word64 )( *p++ ) << 32;
+ w |= ( word64 )( *p++ ) << 40;
+ w |= ( word64 )( *p++ ) << 48;
+ w |= ( word64 )( *p++ ) << 56;
+ return w;
+#endif
+}
+
+static WC_INLINE void store32( void *dst, word32 w )
+{
+#if defined(LITTLE_ENDIAN_ORDER)
+ *( word32 * )( dst ) = w;
+#else
+ byte *p = ( byte * )dst;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w;
+#endif
+}
+
+static WC_INLINE void store64( void *dst, word64 w )
+{
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT)
+ *( word64 * )( dst ) = w;
+#else
+ byte *p = ( byte * )dst;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w;
+#endif
+}
+
+static WC_INLINE word64 load48( const void *src )
+{
+ const byte *p = ( const byte * )src;
+ word64 w = *p++;
+ w |= ( word64 )( *p++ ) << 8;
+ w |= ( word64 )( *p++ ) << 16;
+ w |= ( word64 )( *p++ ) << 24;
+ w |= ( word64 )( *p++ ) << 32;
+ w |= ( word64 )( *p++ ) << 40;
+ return w;
+}
+
+static WC_INLINE void store48( void *dst, word64 w )
+{
+ byte *p = ( byte * )dst;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w; w >>= 8;
+ *p++ = ( byte )w;
+}
+
+static WC_INLINE word32 rotl32( const word32 w, const unsigned c )
+{
+ return ( w << c ) | ( w >> ( 32 - c ) );
+}
+
+static WC_INLINE word64 rotl64( const word64 w, const unsigned c )
+{
+ return ( w << c ) | ( w >> ( 64 - c ) );
+}
+
+static WC_INLINE word32 rotr32( const word32 w, const unsigned c )
+{
+ return ( w >> c ) | ( w << ( 32 - c ) );
+}
+
+static WC_INLINE word64 rotr64( const word64 w, const unsigned c )
+{
+ return ( w >> c ) | ( w << ( 64 - c ) );
+}
+
+/* prevents compiler optimizing out memset() */
+static WC_INLINE void secure_zero_memory( void *v, word64 n )
+{
+ volatile byte *p = ( volatile byte * )v;
+
+ while( n-- ) *p++ = 0;
+}
+
+#endif /* WOLFCRYPT_BLAKE2_IMPL_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2-int.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2-int.h
new file mode 100644
index 0000000..be280db
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2-int.h
@@ -0,0 +1,174 @@
+/*
+ BLAKE2 reference source code package - reference C implementations
+
+ Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+/* blake2-int.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+#ifndef WOLFCRYPT_BLAKE2_INT_H
+#define WOLFCRYPT_BLAKE2_INT_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(__cplusplus)
+ extern "C" {
+#endif
+
+ enum blake2s_constant
+ {
+ BLAKE2S_BLOCKBYTES = 64,
+ BLAKE2S_OUTBYTES = 32,
+ BLAKE2S_KEYBYTES = 32,
+ BLAKE2S_SALTBYTES = 8,
+ BLAKE2S_PERSONALBYTES = 8
+ };
+
+ enum blake2b_constant
+ {
+ BLAKE2B_BLOCKBYTES = 128,
+ BLAKE2B_OUTBYTES = 64,
+ BLAKE2B_KEYBYTES = 64,
+ BLAKE2B_SALTBYTES = 16,
+ BLAKE2B_PERSONALBYTES = 16
+ };
+
+#pragma pack(push, 1)
+ typedef struct __blake2s_param
+ {
+ byte digest_length; /* 1 */
+ byte key_length; /* 2 */
+ byte fanout; /* 3 */
+ byte depth; /* 4 */
+ word32 leaf_length; /* 8 */
+ byte node_offset[6];/* 14 */
+ byte node_depth; /* 15 */
+ byte inner_length; /* 16 */
+ /* byte reserved[0]; */
+ byte salt[BLAKE2B_SALTBYTES]; /* 24 */
+ byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */
+ } blake2s_param;
+
+ typedef struct ALIGN32 __blake2s_state
+ {
+ word32 h[8];
+ word32 t[2];
+ word32 f[2];
+ byte buf[2 * BLAKE2S_BLOCKBYTES];
+ word32 buflen;
+ byte last_node;
+ } blake2s_state ;
+
+ typedef struct __blake2b_param
+ {
+ byte digest_length; /* 1 */
+ byte key_length; /* 2 */
+ byte fanout; /* 3 */
+ byte depth; /* 4 */
+ word32 leaf_length; /* 8 */
+ word64 node_offset; /* 16 */
+ byte node_depth; /* 17 */
+ byte inner_length; /* 18 */
+ byte reserved[14]; /* 32 */
+ byte salt[BLAKE2B_SALTBYTES]; /* 48 */
+ byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */
+ } blake2b_param;
+
+ typedef struct ALIGN64 __blake2b_state
+ {
+ word64 h[8];
+ word64 t[2];
+ word64 f[2];
+ byte buf[2 * BLAKE2B_BLOCKBYTES];
+ word64 buflen;
+ byte last_node;
+ } blake2b_state;
+
+ typedef struct __blake2sp_state
+ {
+ blake2s_state S[8][1];
+ blake2s_state R[1];
+ byte buf[8 * BLAKE2S_BLOCKBYTES];
+ word32 buflen;
+ } blake2sp_state;
+
+ typedef struct __blake2bp_state
+ {
+ blake2b_state S[4][1];
+ blake2b_state R[1];
+ byte buf[4 * BLAKE2B_BLOCKBYTES];
+ word64 buflen;
+ } blake2bp_state;
+#pragma pack(pop)
+
+ /* Streaming API */
+ int blake2s_init( blake2s_state *S, const byte outlen );
+ int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen );
+ int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
+ int blake2s_update( blake2s_state *S, const byte *in, word32 inlen );
+ int blake2s_final( blake2s_state *S, byte *out, byte outlen );
+
+ int blake2b_init( blake2b_state *S, const byte outlen );
+ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen );
+ int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
+ int blake2b_update( blake2b_state *S, const byte *in, word64 inlen );
+ int blake2b_final( blake2b_state *S, byte *out, byte outlen );
+
+ int blake2sp_init( blake2sp_state *S, const byte outlen );
+ int blake2sp_init_key( blake2sp_state *S, const byte outlen, const void *key, const byte keylen );
+ int blake2sp_update( blake2sp_state *S, const byte *in, word32 inlen );
+ int blake2sp_final( blake2sp_state *S, byte *out, byte outlen );
+
+ int blake2bp_init( blake2bp_state *S, const byte outlen );
+ int blake2bp_init_key( blake2bp_state *S, const byte outlen, const void *key, const byte keylen );
+ int blake2bp_update( blake2bp_state *S, const byte *in, word64 inlen );
+ int blake2bp_final( blake2bp_state *S, byte *out, byte outlen );
+
+ /* Simple API */
+ int blake2s( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen );
+ int blake2b( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
+
+ int blake2sp( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen );
+ int blake2bp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
+
+ static WC_INLINE int blake2( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen )
+ {
+ return blake2b( out, in, key, outlen, inlen, keylen );
+ }
+
+
+
+#if defined(__cplusplus)
+ }
+#endif
+
+#endif /* WOLFCRYPT_BLAKE2_INT_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2.h
new file mode 100644
index 0000000..cdcb066
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/blake2.h
@@ -0,0 +1,98 @@
+/* blake2.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/blake2.h
+*/
+
+#ifndef WOLF_CRYPT_BLAKE2_H
+#define WOLF_CRYPT_BLAKE2_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
+
+#include <wolfssl/wolfcrypt/blake2-int.h>
+
+/* call old functions if using fips for the sake of hmac @wc_fips */
+#ifdef HAVE_FIPS
+ /* Since hmac can call blake functions provide original calls */
+ #define wc_InitBlake2b InitBlake2b
+ #define wc_Blake2bUpdate Blake2bUpdate
+ #define wc_Blake2bFinal Blake2bFinal
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* in bytes, variable digest size up to 512 bits (64 bytes) */
+enum {
+#ifdef HAVE_BLAKE2B
+ BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B,
+ BLAKE2B_256 = 32, /* 256 bit type, SSL default */
+#endif
+#ifdef HAVE_BLAKE2S
+ BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S,
+ BLAKE2S_256 = 32 /* 256 bit type */
+#endif
+};
+
+
+#ifdef HAVE_BLAKE2B
+/* BLAKE2b digest */
+typedef struct Blake2b {
+ blake2b_state S[1]; /* our state */
+ word32 digestSz; /* digest size used on init */
+} Blake2b;
+#endif
+
+#ifdef HAVE_BLAKE2S
+/* BLAKE2s digest */
+typedef struct Blake2s {
+ blake2s_state S[1]; /* our state */
+ word32 digestSz; /* digest size used on init */
+} Blake2s;
+#endif
+
+
+#ifdef HAVE_BLAKE2B
+WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32);
+WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b*, word32, const byte *, word32);
+WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32);
+WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32);
+#endif
+
+#ifdef HAVE_BLAKE2S
+WOLFSSL_API int wc_InitBlake2s(Blake2s*, word32);
+WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s*, word32, const byte *, word32);
+WOLFSSL_API int wc_Blake2sUpdate(Blake2s*, const byte*, word32);
+WOLFSSL_API int wc_Blake2sFinal(Blake2s*, byte*, word32);
+#endif
+
+
+#ifdef __cplusplus
+ }
+#endif
+
+#endif /* HAVE_BLAKE2 || HAVE_BLAKE2S */
+#endif /* WOLF_CRYPT_BLAKE2_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/camellia.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/camellia.h
new file mode 100644
index 0000000..7ef0270
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/camellia.h
@@ -0,0 +1,101 @@
+/* camellia.h ver 1.2.0
+ *
+ * Copyright (c) 2006,2007
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer as
+ * the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* camellia.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/camellia.h
+*/
+
+
+#ifndef WOLF_CRYPT_CAMELLIA_H
+#define WOLF_CRYPT_CAMELLIA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_CAMELLIA
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum {
+ CAMELLIA_BLOCK_SIZE = 16
+};
+
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / sizeof(word32))
+
+typedef word32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+typedef struct Camellia {
+ word32 keySz;
+ KEY_TABLE_TYPE key;
+ word32 reg[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ word32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+} Camellia;
+
+
+WOLFSSL_API int wc_CamelliaSetKey(Camellia* cam,
+ const byte* key, word32 len, const byte* iv);
+WOLFSSL_API int wc_CamelliaSetIV(Camellia* cam, const byte* iv);
+WOLFSSL_API int wc_CamelliaEncryptDirect(Camellia* cam, byte* out,
+ const byte* in);
+WOLFSSL_API int wc_CamelliaDecryptDirect(Camellia* cam, byte* out,
+ const byte* in);
+WOLFSSL_API int wc_CamelliaCbcEncrypt(Camellia* cam,
+ byte* out, const byte* in, word32 sz);
+WOLFSSL_API int wc_CamelliaCbcDecrypt(Camellia* cam,
+ byte* out, const byte* in, word32 sz);
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CAMELLIA */
+#endif /* WOLF_CRYPT_CAMELLIA_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/chacha.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/chacha.h
new file mode 100644
index 0000000..0d84c5b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/chacha.h
@@ -0,0 +1,115 @@
+/* chacha.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+/*
+
+DESCRIPTION
+This library contains implementation for the ChaCha20 stream cipher.
+
+*/
+/*!
+ \file wolfssl/wolfcrypt/chacha.h
+*/
+
+
+#ifndef WOLF_CRYPT_CHACHA_H
+#define WOLF_CRYPT_CHACHA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_CHACHA
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/*
+Initialization vector starts at 13 with zero being the index origin of a matrix.
+Block counter is located at index 12.
+ 0 1 2 3
+ 4 5 6 7
+ 8 9 10 11
+ 12 13 14 15
+*/
+#define CHACHA_MATRIX_CNT_IV 12
+
+/* Size of the IV */
+#define CHACHA_IV_WORDS 3
+
+/* Size of IV in bytes*/
+#define CHACHA_IV_BYTES 12
+#ifdef HAVE_XCHACHA
+#define XCHACHA_NONCE_BYTES 24
+#endif
+
+/* Size of ChaCha chunks */
+#define CHACHA_CHUNK_WORDS 16
+#define CHACHA_CHUNK_BYTES (CHACHA_CHUNK_WORDS * sizeof(word32))
+
+#ifdef WOLFSSL_X86_64_BUILD
+#if defined(USE_INTEL_SPEEDUP) && !defined(NO_CHACHA_ASM)
+ #define USE_INTEL_CHACHA_SPEEDUP
+ #define HAVE_INTEL_AVX1
+#endif
+#endif
+
+enum {
+ CHACHA_ENC_TYPE = WC_CIPHER_CHACHA, /* cipher unique type */
+ CHACHA_MAX_KEY_SZ = 32,
+};
+
+typedef struct ChaCha {
+ word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */
+#ifdef HAVE_INTEL_AVX1
+ /* vpshufd reads 16 bytes but we only use bottom 4. */
+ byte extra[12];
+#endif
+ word32 left; /* number of bytes leftover */
+#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM)
+ word32 over[CHACHA_CHUNK_WORDS];
+#endif
+} ChaCha;
+
+/**
+ * IV(nonce) changes with each record
+ * counter is for what value the block counter should start ... usually 0
+ */
+WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
+
+WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
+ word32 msglen);
+
+WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
+
+WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
+
+#ifdef HAVE_XCHACHA
+WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
+ const byte *nonce, word32 nonceSz,
+ word32 counter);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLF_CRYPT_CHACHA_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/chacha20_poly1305.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/chacha20_poly1305.h
new file mode 100644
index 0000000..44631bf
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/chacha20_poly1305.h
@@ -0,0 +1,157 @@
+/* chacha20_poly1305.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+/*
+
+DESCRIPTION
+This library contains implementation for the ChaCha20 stream cipher and
+the Poly1305 authenticator, both as as combined-mode,
+or Authenticated Encryption with Additional Data (AEAD) algorithm.
+
+*/
+
+/*!
+ \file wolfssl/wolfcrypt/chacha20_poly1305.h
+*/
+
+#ifndef WOLF_CRYPT_CHACHA20_POLY1305_H
+#define WOLF_CRYPT_CHACHA20_POLY1305_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#define CHACHA20_POLY1305_AEAD_KEYSIZE 32
+#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
+#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
+#define CHACHA20_POLY1305_MAX 4294967295U
+#define XCHACHA20_POLY1305_AEAD_NONCE_SIZE 24
+
+enum {
+ CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */
+
+ /* AEAD Cipher Direction */
+ CHACHA20_POLY1305_AEAD_DECRYPT = 0,
+ CHACHA20_POLY1305_AEAD_ENCRYPT = 1,
+
+ /* AEAD State */
+ CHACHA20_POLY1305_STATE_INIT = 0,
+ CHACHA20_POLY1305_STATE_READY = 1,
+ CHACHA20_POLY1305_STATE_AAD = 2,
+ CHACHA20_POLY1305_STATE_DATA = 3,
+};
+
+typedef struct ChaChaPoly_Aead {
+ ChaCha chacha;
+ Poly1305 poly;
+
+ word32 aadLen;
+ word32 dataLen;
+
+ byte state;
+ byte isEncrypt:1;
+} ChaChaPoly_Aead;
+
+
+/*
+ * The IV for this implementation is 96 bits to give the most flexibility.
+ *
+ * Some protocols may have unique per-invocation inputs that are not
+ * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In
+ * such a case, it is up to the protocol document to define how to
+ * transform the protocol nonce into a 96-bit nonce, for example by
+ * concatenating a constant value.
+ */
+
+WOLFSSL_API
+int wc_ChaCha20Poly1305_Encrypt(
+ const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
+ const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
+ const byte* inAAD, const word32 inAADLen,
+ const byte* inPlaintext, const word32 inPlaintextLen,
+ byte* outCiphertext,
+ byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
+
+WOLFSSL_API
+int wc_ChaCha20Poly1305_Decrypt(
+ const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
+ const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
+ const byte* inAAD, const word32 inAADLen,
+ const byte* inCiphertext, const word32 inCiphertextLen,
+ const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
+ byte* outPlaintext);
+
+WOLFSSL_API
+int wc_ChaCha20Poly1305_CheckTag(
+ const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
+ const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
+
+
+
+/* Implementation of AEAD, which includes support for adding
+ data, then final calculation of authentication tag */
+WOLFSSL_API int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
+ const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
+ const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
+ int isEncrypt);
+WOLFSSL_API int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
+ const byte* inAAD, word32 inAADLen);
+WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
+ const byte* inData, byte* outData, word32 dataLen);
+WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
+ byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
+
+#ifdef HAVE_XCHACHA
+
+WOLFSSL_API int wc_XChaCha20Poly1305_Init(
+ ChaChaPoly_Aead* aead,
+ const byte *ad, word32 ad_len,
+ const byte *inKey, word32 inKeySz,
+ const byte *inIV, word32 inIVSz,
+ int isEncrypt);
+
+WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt(
+ byte *dst, const size_t dst_space,
+ const byte *src, const size_t src_len,
+ const byte *ad, const size_t ad_len,
+ const byte *nonce, const size_t nonce_len,
+ const byte *key, const size_t key_len);
+
+WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt(
+ byte *dst, const size_t dst_space,
+ const byte *src, const size_t src_len,
+ const byte *ad, const size_t ad_len,
+ const byte *nonce, const size_t nonce_len,
+ const byte *key, const size_t key_len);
+
+#endif /* HAVE_XCHACHA */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CHACHA && HAVE_POLY1305 */
+#endif /* WOLF_CRYPT_CHACHA20_POLY1305_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cmac.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cmac.h
new file mode 100644
index 0000000..9519af9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cmac.h
@@ -0,0 +1,113 @@
+/* cmac.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_CMAC_H
+#define WOLF_CRYPT_CMAC_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/aes.h>
+
+#if !defined(NO_AES) && defined(WOLFSSL_CMAC)
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifndef WC_CMAC_TYPE_DEFINED
+ typedef struct Cmac Cmac;
+ #define WC_CMAC_TYPE_DEFINED
+#endif
+struct Cmac {
+ Aes aes;
+ byte buffer[AES_BLOCK_SIZE]; /* partially stored block */
+ byte digest[AES_BLOCK_SIZE]; /* running digest */
+ byte k1[AES_BLOCK_SIZE];
+ byte k2[AES_BLOCK_SIZE];
+ word32 bufferSz;
+ word32 totalSz;
+#ifdef WOLF_CRYPTO_CB
+ int devId;
+ void* devCtx;
+ #ifdef WOLFSSL_QNX_CAAM
+ byte ctx[32]; /* hold state for save and return */
+ word32 blackKey;
+ word32 keylen;
+ byte initialized;
+ #endif
+#endif
+};
+
+
+
+typedef enum CmacType {
+ WC_CMAC_AES = 1
+} CmacType;
+
+#define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE
+#define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4)
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API
+int wc_InitCmac(Cmac* cmac,
+ const byte* key, word32 keySz,
+ int type, void* unused);
+
+WOLFSSL_API
+int wc_InitCmac_ex(Cmac* cmac,
+ const byte* key, word32 keySz,
+ int type, void* unused, void* heap, int devId);
+
+WOLFSSL_API
+int wc_CmacUpdate(Cmac* cmac,
+ const byte* in, word32 inSz);
+WOLFSSL_API
+int wc_CmacFinal(Cmac* cmac,
+ byte* out, word32* outSz);
+
+WOLFSSL_API
+int wc_AesCmacGenerate(byte* out, word32* outSz,
+ const byte* in, word32 inSz,
+ const byte* key, word32 keySz);
+
+WOLFSSL_API
+int wc_AesCmacVerify(const byte* check, word32 checkSz,
+ const byte* in, word32 inSz,
+ const byte* key, word32 keySz);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* NO_AES && WOLFSSL_CMAC */
+#endif /* WOLF_CRYPT_CMAC_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/coding.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/coding.h
new file mode 100644
index 0000000..bcc4c5b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/coding.h
@@ -0,0 +1,90 @@
+/* coding.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/coding.h
+*/
+
+#ifndef WOLF_CRYPT_CODING_H
+#define WOLF_CRYPT_CODING_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
+ word32* outLen);
+
+#if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(WOLFSSL_KEY_GEN) \
+ || defined(WOLFSSL_CERT_GEN) || defined(HAVE_WEBSERVER) || !defined(NO_DSA)
+ #ifndef WOLFSSL_BASE64_ENCODE
+ #define WOLFSSL_BASE64_ENCODE
+ #endif
+#endif
+
+
+#ifdef WOLFSSL_BASE64_ENCODE
+ enum Escaped {
+ WC_STD_ENC = 0, /* normal \n line ending encoding */
+ WC_ESC_NL_ENC, /* use escape sequence encoding */
+ WC_NO_NL_ENC /* no encoding at all */
+ }; /* Encoding types */
+
+ /* encode isn't */
+ WOLFSSL_API
+ int Base64_Encode(const byte* in, word32 inLen, byte* out,
+ word32* outLen);
+ WOLFSSL_API
+ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
+ word32* outLen);
+ WOLFSSL_API
+ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
+ word32* outLen);
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+ defined(HAVE_WEBSERVER) || defined(HAVE_FIPS) || \
+ defined(HAVE_ECC_CDH) || defined(HAVE_SELFTEST) || \
+ defined(WOLFSSL_ENCRYPTED_KEYS)
+ #ifndef WOLFSSL_BASE16
+ #define WOLFSSL_BASE16
+ #endif
+#endif
+
+#ifdef WOLFSSL_BASE16
+ WOLFSSL_API
+ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
+ WOLFSSL_API
+ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen);
+#endif
+
+ WOLFSSL_LOCAL int Base64_SkipNewline(const byte* in, word32* inLen,
+ word32* outJ);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_CODING_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/compress.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/compress.h
new file mode 100644
index 0000000..985f1e0
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/compress.h
@@ -0,0 +1,60 @@
+/* compress.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/compress.h
+*/
+
+
+#ifndef WOLF_CRYPT_COMPRESS_H
+#define WOLF_CRYPT_COMPRESS_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_LIBZ
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+#define COMPRESS_FIXED 1
+
+#define LIBZ_WINBITS_GZIP 16
+
+
+WOLFSSL_API int wc_Compress(byte*, word32, const byte*, word32, word32);
+WOLFSSL_API int wc_Compress_ex(byte* out, word32 outSz, const byte* in,
+ word32 inSz, word32 flags, word32 windowBits);
+WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32);
+WOLFSSL_API int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in,
+ word32 inSz, int windowBits);
+WOLFSSL_API int wc_DeCompressDynamic(byte** out, int max, int memoryType,
+ const byte* in, word32 inSz, int windowBits, void* heap);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* HAVE_LIBZ */
+#endif /* WOLF_CRYPT_COMPRESS_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cpuid.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cpuid.h
new file mode 100644
index 0000000..91a725b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cpuid.h
@@ -0,0 +1,72 @@
+/* cpuid.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLF_CRYPT_CPUID_H
+#define WOLF_CRYPT_CPUID_H
+
+
+#include <wolfssl/wolfcrypt/types.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#if (defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \
+ defined(WOLFSSL_AESNI) || defined(WOLFSSL_SP_X86_64_ASM)) && \
+ !defined(WOLFSSL_NO_ASM)
+
+ #define CPUID_AVX1 0x0001
+ #define CPUID_AVX2 0x0002
+ #define CPUID_RDRAND 0x0004
+ #define CPUID_RDSEED 0x0008
+ #define CPUID_BMI2 0x0010 /* MULX, RORX */
+ #define CPUID_AESNI 0x0020
+ #define CPUID_ADX 0x0040 /* ADCX, ADOX */
+ #define CPUID_MOVBE 0x0080 /* Move and byte swap */
+
+ #define IS_INTEL_AVX1(f) ((f) & CPUID_AVX1)
+ #define IS_INTEL_AVX2(f) ((f) & CPUID_AVX2)
+ #define IS_INTEL_RDRAND(f) ((f) & CPUID_RDRAND)
+ #define IS_INTEL_RDSEED(f) ((f) & CPUID_RDSEED)
+ #define IS_INTEL_BMI2(f) ((f) & CPUID_BMI2)
+ #define IS_INTEL_AESNI(f) ((f) & CPUID_AESNI)
+ #define IS_INTEL_ADX(f) ((f) & CPUID_ADX)
+ #define IS_INTEL_MOVBE(f) ((f) & CPUID_MOVBE)
+
+ void cpuid_set_flags(void);
+ word32 cpuid_get_flags(void);
+
+ /* Public APIs to modify flags. */
+ WOLFSSL_API void cpuid_select_flags(word32 flags);
+ WOLFSSL_API void cpuid_set_flag(word32 flag);
+ WOLFSSL_API void cpuid_clear_flag(word32 flag);
+
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLF_CRYPT_CPUID_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cryptocb.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cryptocb.h
new file mode 100644
index 0000000..7b17533
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/cryptocb.h
@@ -0,0 +1,425 @@
+/* cryptocb.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLF_CRYPTO_CB_H_
+#define _WOLF_CRYPTO_CB_H_
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Defines the Crypto Callback interface version, for compatibility */
+/* Increment this when Crypto Callback interface changes are made */
+#define CRYPTO_CB_VER 2
+
+
+#ifdef WOLF_CRYPTO_CB
+
+#ifndef NO_RSA
+ #include <wolfssl/wolfcrypt/rsa.h>
+#endif
+#ifdef HAVE_ECC
+ #include <wolfssl/wolfcrypt/ecc.h>
+#endif
+#ifndef NO_AES
+ #include <wolfssl/wolfcrypt/aes.h>
+#endif
+#ifndef NO_SHA
+ #include <wolfssl/wolfcrypt/sha.h>
+#endif
+#ifndef NO_SHA256
+ #include <wolfssl/wolfcrypt/sha256.h>
+#endif
+#ifndef NO_HMAC
+ #include <wolfssl/wolfcrypt/hmac.h>
+#endif
+#ifndef WC_NO_RNG
+ #include <wolfssl/wolfcrypt/random.h>
+#endif
+#ifndef NO_DES3
+ #include <wolfssl/wolfcrypt/des3.h>
+#endif
+#ifdef WOLFSSL_CMAC
+ #include <wolfssl/wolfcrypt/cmac.h>
+#endif
+#ifdef HAVE_ED25519
+ #include <wolfssl/wolfcrypt/ed25519.h>
+#endif
+#ifdef HAVE_CURVE25519
+ #include <wolfssl/wolfcrypt/curve25519.h>
+#endif
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+ #include <wolfssl/wolfcrypt/sha512.h>
+#endif
+
+/* Crypto Information Structure for callbacks */
+typedef struct wc_CryptoInfo {
+ int algo_type; /* enum wc_AlgoType */
+#if !defined(NO_RSA) || defined(HAVE_ECC)
+ struct {
+ int type; /* enum wc_PkType */
+ union {
+ #ifndef NO_RSA
+ struct {
+ const byte* in;
+ word32 inLen;
+ byte* out;
+ word32* outLen;
+ int type;
+ RsaKey* key;
+ WC_RNG* rng;
+ } rsa;
+ #ifdef WOLFSSL_KEY_GEN
+ struct {
+ RsaKey* key;
+ int size;
+ long e;
+ WC_RNG* rng;
+ } rsakg;
+ #endif
+ struct {
+ RsaKey* key;
+ const byte* pubKey;
+ word32 pubKeySz;
+ } rsa_check;
+ #endif
+ #ifdef HAVE_ECC
+ struct {
+ WC_RNG* rng;
+ int size;
+ ecc_key* key;
+ int curveId;
+ } eckg;
+ struct {
+ ecc_key* private_key;
+ ecc_key* public_key;
+ byte* out;
+ word32* outlen;
+ } ecdh;
+ struct {
+ const byte* in;
+ word32 inlen;
+ byte* out;
+ word32* outlen;
+ WC_RNG* rng;
+ ecc_key* key;
+ } eccsign;
+ struct {
+ const byte* sig;
+ word32 siglen;
+ const byte* hash;
+ word32 hashlen;
+ int* res;
+ ecc_key* key;
+ } eccverify;
+ struct {
+ ecc_key* key;
+ const byte* pubKey;
+ word32 pubKeySz;
+ } ecc_check;
+ #endif
+ #ifdef HAVE_CURVE25519
+ struct {
+ WC_RNG* rng;
+ int size;
+ curve25519_key* key;
+ int curveId;
+ } curve25519kg;
+ struct {
+ curve25519_key* private_key;
+ curve25519_key* public_key;
+ byte* out;
+ word32* outlen;
+ int endian;
+ } curve25519;
+ #endif
+ #ifdef HAVE_ED25519
+ struct {
+ WC_RNG* rng;
+ int size;
+ ed25519_key* key;
+ int curveId;
+ } ed25519kg;
+ struct {
+ const byte* in;
+ word32 inLen;
+ byte* out;
+ word32* outLen;
+ ed25519_key* key;
+ byte type;
+ const byte* context;
+ byte contextLen;
+ } ed25519sign;
+ struct {
+ const byte* sig;
+ word32 sigLen;
+ const byte* msg;
+ word32 msgLen;
+ int* res;
+ ed25519_key* key;
+ byte type;
+ const byte* context;
+ byte contextLen;
+ } ed25519verify;
+ #endif
+ };
+ } pk;
+#endif /* !NO_RSA || HAVE_ECC */
+#if !defined(NO_AES) || !defined(NO_DES3)
+ struct {
+ int type; /* enum wc_CipherType */
+ int enc;
+ union {
+ #ifdef HAVE_AESGCM
+ struct {
+ Aes* aes;
+ byte* out;
+ const byte* in;
+ word32 sz;
+ const byte* iv;
+ word32 ivSz;
+ byte* authTag;
+ word32 authTagSz;
+ const byte* authIn;
+ word32 authInSz;
+ } aesgcm_enc;
+ struct {
+ Aes* aes;
+ byte* out;
+ const byte* in;
+ word32 sz;
+ const byte* iv;
+ word32 ivSz;
+ const byte* authTag;
+ word32 authTagSz;
+ const byte* authIn;
+ word32 authInSz;
+ } aesgcm_dec;
+ #endif /* HAVE_AESGCM */
+ #ifdef HAVE_AES_CBC
+ struct {
+ Aes* aes;
+ byte* out;
+ const byte* in;
+ word32 sz;
+ } aescbc;
+ #endif /* HAVE_AES_CBC */
+ #ifndef NO_DES3
+ struct {
+ Des3* des;
+ byte* out;
+ const byte* in;
+ word32 sz;
+ } des3;
+ #endif
+ };
+ } cipher;
+#endif /* !NO_AES || !NO_DES3 */
+#if !defined(NO_SHA) || !defined(NO_SHA256) || \
+ defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+ struct {
+ int type; /* enum wc_HashType */
+ const byte* in;
+ word32 inSz;
+ byte* digest;
+ union {
+ #ifndef NO_SHA
+ wc_Sha* sha1;
+ #endif
+ #ifndef NO_SHA256
+ wc_Sha256* sha256;
+ #endif
+ #ifdef WOLFSSL_SHA384
+ wc_Sha384* sha384;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ wc_Sha512* sha512;
+ #endif
+ };
+ } hash;
+#endif /* !NO_SHA || !NO_SHA256 */
+#ifndef NO_HMAC
+ struct {
+ int macType; /* enum wc_HashType */
+ const byte* in;
+ word32 inSz;
+ byte* digest;
+ Hmac* hmac;
+ } hmac;
+#endif
+#ifndef WC_NO_RNG
+ struct {
+ WC_RNG* rng;
+ byte* out;
+ word32 sz;
+ } rng;
+ struct {
+ OS_Seed* os;
+ byte* seed;
+ word32 sz;
+ } seed;
+#endif
+#ifdef WOLFSSL_CMAC
+ struct {
+ Cmac* cmac;
+ void* ctx;
+ const byte* key;
+ const byte* in;
+ byte* out;
+ word32* outSz;
+ word32 keySz;
+ word32 inSz;
+ int type;
+ } cmac;
+#endif
+} wc_CryptoInfo;
+
+
+typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx);
+
+WOLFSSL_LOCAL void wc_CryptoCb_Init(void);
+WOLFSSL_LOCAL int wc_CryptoCb_GetDevIdAtIndex(int startIdx);
+WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
+WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId);
+
+/* old function names */
+#define wc_CryptoDev_RegisterDevice wc_CryptoCb_RegisterDevice
+#define wc_CryptoDev_UnRegisterDevice wc_CryptoCb_UnRegisterDevice
+
+
+#ifndef NO_RSA
+WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
+ word32* outLen, int type, RsaKey* key, WC_RNG* rng);
+
+#ifdef WOLFSSL_KEY_GEN
+WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e,
+ WC_RNG* rng);
+#endif /* WOLFSSL_KEY_GEN */
+
+WOLFSSL_LOCAL int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey,
+ word32 pubKeySz);
+#endif /* !NO_RSA */
+
+#ifdef HAVE_ECC
+WOLFSSL_LOCAL int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize,
+ ecc_key* key, int curveId);
+
+WOLFSSL_LOCAL int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key,
+ byte* out, word32* outlen);
+
+WOLFSSL_LOCAL int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
+ word32 *outlen, WC_RNG* rng, ecc_key* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
+ const byte* hash, word32 hashlen, int* res, ecc_key* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
+ word32 pubKeySz);
+#endif /* HAVE_ECC */
+
+#ifdef HAVE_CURVE25519
+WOLFSSL_LOCAL int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize,
+ curve25519_key* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_Curve25519(curve25519_key* private_key,
+ curve25519_key* public_key, byte* out, word32* outlen, int endian);
+#endif /* HAVE_CURVE25519 */
+
+#ifdef HAVE_ED25519
+WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize,
+ ed25519_key* key);
+WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen,
+ byte* out, word32 *outLen, ed25519_key* key, byte type, const byte* context,
+ byte contextLen);
+WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
+ const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type,
+ const byte* context, byte contextLen);
+#endif /* HAVE_ED25519 */
+
+#ifndef NO_AES
+#ifdef HAVE_AESGCM
+WOLFSSL_LOCAL int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz, const byte* iv, word32 ivSz,
+ byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz);
+
+WOLFSSL_LOCAL int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz, const byte* iv, word32 ivSz,
+ const byte* authTag, word32 authTagSz,
+ const byte* authIn, word32 authInSz);
+#endif /* HAVE_AESGCM */
+#ifdef HAVE_AES_CBC
+WOLFSSL_LOCAL int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_LOCAL int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out,
+ const byte* in, word32 sz);
+#endif /* HAVE_AES_CBC */
+#endif /* !NO_AES */
+
+#ifndef NO_DES3
+WOLFSSL_LOCAL int wc_CryptoCb_Des3Encrypt(Des3* des3, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_LOCAL int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out,
+ const byte* in, word32 sz);
+#endif /* !NO_DES3 */
+
+#ifndef NO_SHA
+WOLFSSL_LOCAL int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in,
+ word32 inSz, byte* digest);
+#endif /* !NO_SHA */
+
+#ifndef NO_SHA256
+WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
+ word32 inSz, byte* digest);
+#endif /* !NO_SHA256 */
+#ifdef WOLFSSL_SHA384
+WOLFSSL_LOCAL int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
+ word32 inSz, byte* digest);
+#endif
+#ifdef WOLFSSL_SHA512
+WOLFSSL_LOCAL int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
+ word32 inSz, byte* digest);
+#endif
+
+#ifndef NO_HMAC
+WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in,
+ word32 inSz, byte* digest);
+#endif /* !NO_HMAC */
+
+#ifndef WC_NO_RNG
+WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz);
+WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz);
+#endif
+
+#ifdef WOLFSSL_CMAC
+WOLFSSL_LOCAL int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
+ const byte* in, word32 inSz, byte* out, word32* outSz, int type,
+ void* ctx);
+#endif
+
+#endif /* WOLF_CRYPTO_CB */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* _WOLF_CRYPTO_CB_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/curve25519.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/curve25519.h
new file mode 100644
index 0000000..3646667
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/curve25519.h
@@ -0,0 +1,182 @@
+/* curve25519.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/curve25519.h
+*/
+
+
+#ifndef WOLF_CRYPT_CURVE25519_H
+#define WOLF_CRYPT_CURVE25519_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_CURVE25519
+
+#include <wolfssl/wolfcrypt/fe_operations.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#define CURVE25519_KEYSIZE 32
+
+#ifdef WOLFSSL_NAMES_STATIC
+typedef char curve25519_str[12];
+#else
+typedef const char* curve25519_str;
+#endif
+
+/* curve25519 set type */
+typedef struct {
+ int size; /* The size of the curve in octets */
+ curve25519_str name; /* name of this curve */
+} curve25519_set_type;
+
+
+/* ECC point, the internal structure is Little endian
+ * the mathematical functions used the endianness */
+typedef struct {
+ byte point[CURVE25519_KEYSIZE];
+ #ifdef FREESCALE_LTC_ECC
+ byte pointY[CURVE25519_KEYSIZE];
+ #endif
+} ECPoint;
+
+/* A CURVE25519 Key */
+typedef struct curve25519_key {
+ int idx; /* Index into the ecc_sets[] for the parameters of
+ this curve if -1, this key is using user supplied
+ curve in dp */
+ const curve25519_set_type* dp; /* domain parameters, either points to
+ curves (idx >= 0) or user supplied */
+ ECPoint p; /* public key */
+ ECPoint k; /* private key */
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+#if defined(WOLF_CRYPTO_CB)
+ int devId;
+#endif
+} curve25519_key;
+
+enum {
+ EC25519_LITTLE_ENDIAN=0,
+ EC25519_BIG_ENDIAN=1
+};
+
+WOLFSSL_API
+int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
+ const byte* priv);
+
+WOLFSSL_API
+int wc_curve25519_generic(int public_size, byte* pub,
+ int private_size, const byte* priv,
+ int basepoint_size, const byte* basepoint);
+
+WOLFSSL_API
+int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv);
+
+WOLFSSL_API
+int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
+
+WOLFSSL_API
+int wc_curve25519_shared_secret(curve25519_key* private_key,
+ curve25519_key* public_key,
+ byte* out, word32* outlen);
+
+WOLFSSL_API
+int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
+ curve25519_key* public_key,
+ byte* out, word32* outlen, int endian);
+
+WOLFSSL_API
+int wc_curve25519_init(curve25519_key* key);
+WOLFSSL_API
+int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId);
+
+WOLFSSL_API
+void wc_curve25519_free(curve25519_key* key);
+
+
+/* raw key helpers */
+WOLFSSL_API
+int wc_curve25519_import_private(const byte* priv, word32 privSz,
+ curve25519_key* key);
+WOLFSSL_API
+int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
+ curve25519_key* key, int endian);
+
+WOLFSSL_API
+int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz, curve25519_key* key);
+WOLFSSL_API
+int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz,
+ curve25519_key* key, int endian);
+WOLFSSL_API
+int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
+ word32* outLen);
+WOLFSSL_API
+int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
+ word32* outLen, int endian);
+
+WOLFSSL_API
+int wc_curve25519_import_public(const byte* in, word32 inLen,
+ curve25519_key* key);
+WOLFSSL_API
+int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
+ curve25519_key* key, int endian);
+WOLFSSL_API
+int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian);
+
+WOLFSSL_API
+int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
+ word32* outLen, int endian);
+
+WOLFSSL_API
+int wc_curve25519_export_key_raw(curve25519_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz);
+WOLFSSL_API
+int wc_curve25519_export_key_raw_ex(curve25519_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz,
+ int endian);
+/* size helper */
+WOLFSSL_API
+int wc_curve25519_size(curve25519_key* key);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CURVE25519 */
+#endif /* WOLF_CRYPT_CURVE25519_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/curve448.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/curve448.h
new file mode 100644
index 0000000..ba20594
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/curve448.h
@@ -0,0 +1,139 @@
+/* curve448.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Implemented to: RFC 7748 */
+
+
+#ifndef WOLF_CRYPT_CURVE448_H
+#define WOLF_CRYPT_CURVE448_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_CURVE448
+
+#include <wolfssl/wolfcrypt/fe_448.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#define CURVE448_KEY_SIZE 56
+#define CURVE448_PUB_KEY_SIZE 56
+
+
+/* A CURVE448 Key */
+typedef struct curve448_key {
+ byte p[CURVE448_PUB_KEY_SIZE]; /* public key */
+ byte k[CURVE448_KEY_SIZE]; /* private key */
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+} curve448_key;
+
+enum {
+ EC448_LITTLE_ENDIAN = 0,
+ EC448_BIG_ENDIAN = 1
+};
+
+WOLFSSL_API
+int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key);
+
+WOLFSSL_API
+int wc_curve448_shared_secret(curve448_key* private_key,
+ curve448_key* public_key,
+ byte* out, word32* outlen);
+
+WOLFSSL_API
+int wc_curve448_shared_secret_ex(curve448_key* private_key,
+ curve448_key* public_key,
+ byte* out, word32* outlen, int endian);
+
+WOLFSSL_API
+int wc_curve448_init(curve448_key* key);
+
+WOLFSSL_API
+void wc_curve448_free(curve448_key* key);
+
+
+/* raw key helpers */
+WOLFSSL_API
+int wc_curve448_import_private(const byte* priv, word32 privSz,
+ curve448_key* key);
+WOLFSSL_API
+int wc_curve448_import_private_ex(const byte* priv, word32 privSz,
+ curve448_key* key, int endian);
+
+WOLFSSL_API
+int wc_curve448_import_private_raw(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz,
+ curve448_key* key);
+WOLFSSL_API
+int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz,
+ curve448_key* key, int endian);
+WOLFSSL_API
+int wc_curve448_export_private_raw(curve448_key* key, byte* out,
+ word32* outLen);
+WOLFSSL_API
+int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out,
+ word32* outLen, int endian);
+
+WOLFSSL_API
+int wc_curve448_import_public(const byte* in, word32 inLen,
+ curve448_key* key);
+WOLFSSL_API
+int wc_curve448_import_public_ex(const byte* in, word32 inLen,
+ curve448_key* key, int endian);
+WOLFSSL_API
+int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian);
+
+WOLFSSL_API
+int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_curve448_export_public_ex(curve448_key* key, byte* out,
+ word32* outLen, int endian);
+
+WOLFSSL_API
+int wc_curve448_export_key_raw(curve448_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz);
+WOLFSSL_API
+int wc_curve448_export_key_raw_ex(curve448_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz,
+ int endian);
+/* size helper */
+WOLFSSL_API
+int wc_curve448_size(curve448_key* key);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CURVE448 */
+#endif /* WOLF_CRYPT_CURVE448_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/des3.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/des3.h
new file mode 100644
index 0000000..b87737e
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/des3.h
@@ -0,0 +1,158 @@
+/* des3.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/des3.h
+*/
+
+#ifndef WOLF_CRYPT_DES3_H
+#define WOLF_CRYPT_DES3_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_DES3
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+/* included for fips @wc_fips */
+#include <cyassl/ctaocrypt/des3.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* these are required for FIPS and non-FIPS */
+enum {
+ DES_KEY_SIZE = 8, /* des */
+ DES3_KEY_SIZE = 24, /* 3 des ede */
+ DES_IV_SIZE = 8, /* should be the same as DES_BLOCK_SIZE */
+};
+
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+enum {
+ DES_ENC_TYPE = WC_CIPHER_DES, /* cipher unique type */
+ DES3_ENC_TYPE = WC_CIPHER_DES3, /* cipher unique type */
+
+ DES_BLOCK_SIZE = 8,
+ DES_KS_SIZE = 32, /* internal DES key buffer size */
+
+ DES_ENCRYPTION = 0,
+ DES_DECRYPTION = 1
+};
+
+#define DES_IVLEN 8
+#define DES_KEYLEN 8
+#define DES3_IVLEN 8
+#define DES3_KEYLEN 24
+
+
+#if defined(STM32_CRYPTO)
+enum {
+ DES_CBC = 0,
+ DES_ECB = 1
+};
+#endif
+
+
+/* DES encryption and decryption */
+typedef struct Des {
+ word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
+ word32 key[DES_KS_SIZE];
+} Des;
+
+
+/* DES3 encryption and decryption */
+struct Des3 {
+ word32 key[3][DES_KS_SIZE];
+ word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+#if defined(WOLF_CRYPTO_CB) || \
+ (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES))
+ word32 devKey[DES3_KEYLEN/sizeof(word32)]; /* raw key */
+#endif
+#ifdef WOLF_CRYPTO_CB
+ int devId;
+ void* devCtx;
+#endif
+ void* heap;
+};
+
+#ifndef WC_DES3_TYPE_DEFINED
+ typedef struct Des3 Des3;
+ #define WC_DES3_TYPE_DEFINED
+#endif
+#endif /* HAVE_FIPS */
+
+
+WOLFSSL_API int wc_Des_SetKey(Des* des, const byte* key,
+ const byte* iv, int dir);
+WOLFSSL_API void wc_Des_SetIV(Des* des, const byte* iv);
+WOLFSSL_API int wc_Des_CbcEncrypt(Des* des, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out,
+ const byte* in, word32 sz);
+
+/* ECB decrypt same process as encrypt but with decrypt key */
+#define wc_Des_EcbDecrypt wc_Des_EcbEncrypt
+#define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt
+
+WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key,
+ const byte* iv,int dir);
+WOLFSSL_API int wc_Des3_SetIV(Des3* des, const byte* iv);
+WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out,
+ const byte* in,word32 sz);
+WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out,
+ const byte* in,word32 sz);
+
+/* These are only required when using either:
+ static memory (WOLFSSL_STATIC_MEMORY) or asynchronous (WOLFSSL_ASYNC_CRYPT) */
+WOLFSSL_API int wc_Des3Init(Des3*, void*, int);
+WOLFSSL_API void wc_Des3Free(Des3*);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_DES3 */
+#endif /* WOLF_CRYPT_DES3_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/dh.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/dh.h
new file mode 100644
index 0000000..1f53f31
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/dh.h
@@ -0,0 +1,146 @@
+/* dh.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/dh.h
+*/
+
+#ifndef WOLF_CRYPT_DH_H
+#define WOLF_CRYPT_DH_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_DH
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+#include <wolfssl/wolfcrypt/integer.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+typedef struct DhParams {
+#ifdef HAVE_FFDHE_Q
+ const byte* q;
+ word32 q_len;
+#endif /* HAVE_FFDHE_Q */
+ const byte* p;
+ word32 p_len;
+ const byte* g;
+ word32 g_len;
+} DhParams;
+
+/* Diffie-Hellman Key */
+struct DhKey {
+ mp_int p, g, q; /* group parameters */
+#ifdef WOLFSSL_DH_EXTRA
+ mp_int pub;
+ mp_int priv;
+#endif
+ void* heap;
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+};
+
+#ifndef WC_DH_TYPE_DEFINED
+ typedef struct DhKey DhKey;
+ #define WC_DH_TYPE_DEFINED
+#endif
+
+#ifdef HAVE_FFDHE_2048
+WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void);
+#endif
+#ifdef HAVE_FFDHE_3072
+WOLFSSL_API const DhParams* wc_Dh_ffdhe3072_Get(void);
+#endif
+#ifdef HAVE_FFDHE_4096
+WOLFSSL_API const DhParams* wc_Dh_ffdhe4096_Get(void);
+#endif
+#ifdef HAVE_FFDHE_6144
+WOLFSSL_API const DhParams* wc_Dh_ffdhe6144_Get(void);
+#endif
+#ifdef HAVE_FFDHE_8192
+WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
+#endif
+
+WOLFSSL_API int wc_InitDhKey(DhKey* key);
+WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
+WOLFSSL_API int wc_FreeDhKey(DhKey* key);
+
+WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
+ word32* privSz, byte* pub, word32* pubSz);
+WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
+ const byte* priv, word32 privSz, const byte* otherPub,
+ word32 pubSz);
+
+WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
+ word32); /* wc_DhKeyDecode is in asn.c */
+
+WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
+ word32 gSz);
+WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz,
+ const byte* g, word32 gSz, const byte* q, word32 qSz);
+
+#ifdef WOLFSSL_DH_EXTRA
+WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
+ DhKey* key, word32 inSz);
+WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz);
+WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
+ byte* pub, word32* pPubSz);
+WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst);
+#endif
+WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
+ const byte* g, word32 gSz, const byte* q, word32 qSz,
+ int trusted, WC_RNG* rng);
+WOLFSSL_API int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
+ word32* pInOutSz, byte* g, word32* gInOutSz);
+WOLFSSL_API int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz);
+WOLFSSL_API int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
+ const byte* prime, word32 primeSz);
+WOLFSSL_API int wc_DhCheckPubValue(const byte* prime, word32 primeSz,
+ const byte* pub, word32 pubSz);
+WOLFSSL_API int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz);
+WOLFSSL_API int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 pubSz,
+ const byte* prime, word32 primeSz);
+WOLFSSL_API int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
+ const byte* priv, word32 privSz);
+WOLFSSL_API int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh);
+WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
+ byte* q, word32* qSz, byte* g, word32* gSz);
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_DH */
+#endif /* WOLF_CRYPT_DH_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/dsa.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/dsa.h
new file mode 100644
index 0000000..0bb00fb
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/dsa.h
@@ -0,0 +1,105 @@
+/* dsa.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/dsa.h
+*/
+
+#ifndef WOLF_CRYPT_DSA_H
+#define WOLF_CRYPT_DSA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_DSA
+
+#include <wolfssl/wolfcrypt/integer.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+/* for DSA reverse compatibility */
+#define InitDsaKey wc_InitDsaKey
+#define FreeDsaKey wc_FreeDsaKey
+#define DsaSign wc_DsaSign
+#define DsaVerify wc_DsaVerify
+#define DsaPublicKeyDecode wc_DsaPublicKeyDecode
+#define DsaPrivateKeyDecode wc_DsaPrivateKeyDecode
+#define DsaKeyToDer wc_DsaKeyToDer
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+enum {
+ DSA_PUBLIC = 0,
+ DSA_PRIVATE = 1
+};
+
+enum {
+ DSA_HALF_SIZE = 20, /* r and s size */
+ DSA_SIG_SIZE = 40 /* signature size */
+};
+
+/* DSA */
+typedef struct DsaKey {
+ mp_int p, q, g, y, x;
+ int type; /* public or private */
+ void* heap; /* memory hint */
+} DsaKey;
+
+WOLFSSL_API int wc_InitDsaKey(DsaKey* key);
+WOLFSSL_API int wc_InitDsaKey_h(DsaKey* key, void* h);
+WOLFSSL_API void wc_FreeDsaKey(DsaKey* key);
+WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out,
+ DsaKey* key, WC_RNG* rng);
+WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig,
+ DsaKey* key, int* answer);
+WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
+ DsaKey*, word32);
+WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
+ DsaKey*, word32);
+WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
+WOLFSSL_API int wc_SetDsaPublicKey(byte* output, DsaKey* key,
+ int outLen, int with_header);
+WOLFSSL_API int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen);
+
+#ifdef WOLFSSL_KEY_GEN
+WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
+WOLFSSL_API int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa);
+#endif
+
+/* raw export functions */
+WOLFSSL_API int wc_DsaImportParamsRaw(DsaKey* dsa, const char* p,
+ const char* q, const char* g);
+WOLFSSL_API int wc_DsaImportParamsRawCheck(DsaKey* dsa, const char* p,
+ const char* q, const char* g,
+ int trusted, WC_RNG* rng);
+WOLFSSL_API int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz,
+ byte* q, word32* qSz, byte* g,
+ word32* gSz);
+WOLFSSL_API int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y,
+ word32* ySz);
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_DSA */
+#endif /* WOLF_CRYPT_DSA_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ecc.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ecc.h
new file mode 100644
index 0000000..a0de8df
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ecc.h
@@ -0,0 +1,874 @@
+/* ecc.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/ecc.h
+*/
+
+
+#ifndef WOLF_CRYPT_ECC_H
+#define WOLF_CRYPT_ECC_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_ECC
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+#include <wolfssl/wolfcrypt/integer.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef HAVE_X963_KDF
+ #include <wolfssl/wolfcrypt/hash.h>
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+ #ifdef WOLFSSL_CERT_GEN
+ #include <wolfssl/wolfcrypt/asn.h>
+ #endif
+#endif
+
+#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
+ #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
+#endif /* WOLFSSL_ATECC508A */
+
+#if defined(WOLFSSL_CRYPTOCELL)
+ #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
+#endif
+
+#ifdef WOLFSSL_SILABS_SE_ACCEL
+ #include <wolfssl/wolfcrypt/port/silabs/silabs_ecc.h>
+#endif
+
+#ifdef WOLFSSL_HAVE_SP_ECC
+ #include <wolfssl/wolfcrypt/sp_int.h>
+#endif
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+/* Enable curve B parameter if needed */
+#if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE)
+ #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */
+ #define USE_ECC_B_PARAM
+ #endif
+#endif
+
+
+/* Use this as the key->idx if a custom ecc_set is used for key->dp */
+#define ECC_CUSTOM_IDX (-1)
+
+
+/* Determine max ECC bits based on enabled curves */
+#if defined(WOLFCRYPT_HAVE_SAKKE)
+ #define MAX_ECC_BITS 1024
+#elif defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+ #define MAX_ECC_BITS 521
+#elif defined(HAVE_ECC512)
+ #define MAX_ECC_BITS 512
+#elif defined(HAVE_ECC384)
+ #define MAX_ECC_BITS 384
+#elif defined(HAVE_ECC320)
+ #define MAX_ECC_BITS 320
+#elif !defined(NO_ECC256)
+ #define MAX_ECC_BITS 256
+#elif defined(HAVE_ECC239)
+ #define MAX_ECC_BITS 239
+#elif defined(HAVE_ECC224)
+ #define MAX_ECC_BITS 224
+#elif defined(HAVE_ECC192)
+ #define MAX_ECC_BITS 192
+#elif defined(HAVE_ECC160)
+ #define MAX_ECC_BITS 160
+#elif defined(HAVE_ECC128)
+ #define MAX_ECC_BITS 128
+#elif defined(HAVE_ECC112)
+ #define MAX_ECC_BITS 112
+#endif
+
+/* calculate max ECC bytes */
+#if ((MAX_ECC_BITS * 2) % 8) == 0
+ #define MAX_ECC_BYTES (MAX_ECC_BITS / 8)
+#else
+ /* add byte if not aligned */
+ #define MAX_ECC_BYTES ((MAX_ECC_BITS / 8) + 1)
+#endif
+
+#ifndef ECC_MAX_PAD_SZ
+ /* ECC maximum padding size (when MSB is set extra byte required for R and S) */
+ #define ECC_MAX_PAD_SZ 2
+#endif
+
+enum {
+ ECC_PUBLICKEY = 1,
+ ECC_PRIVATEKEY = 2,
+ ECC_PRIVATEKEY_ONLY = 3,
+ ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
+ SIG_HEADER_SZ = 7, /* ECC signature header size (30 81 87 02 42 [R] 02 42 [S]) */
+ ECC_BUFSIZE = 257, /* for exported keys temp buffer */
+ ECC_MINSIZE = ECC_MIN_KEY_SZ/8, /* MIN Private Key size */
+#ifdef WOLFCRYPT_HAVE_SAKKE
+ ECC_MAXSIZE = 128, /* MAX Private Key size */
+ ECC_MAXSIZE_GEN = 128, /* MAX Buffer size required when generating ECC keys*/
+#else
+ ECC_MAXSIZE = 66, /* MAX Private Key size */
+ ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
+#endif
+ ECC_MAX_OID_LEN = 16,
+ ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
+
+ /* max crypto hardware size */
+#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
+ ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
+ ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
+#elif defined(PLUTON_CRYPTO_ECC)
+ ECC_MAX_CRYPTO_HW_SIZE = 32,
+#elif defined(WOLFSSL_SILABS_SE_ACCEL)
+ ECC_MAX_CRYPTO_HW_SIZE = 32,
+#elif defined(WOLFSSL_CRYPTOCELL)
+ #ifndef CRYPTOCELL_KEY_SIZE
+ CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE,
+ #endif
+ ECC_MAX_CRYPTO_HW_SIZE = CRYPTOCELL_KEY_SIZE,
+#endif
+
+ /* point compression type */
+ ECC_POINT_COMP_EVEN = 0x02,
+ ECC_POINT_COMP_ODD = 0x03,
+ ECC_POINT_UNCOMP = 0x04,
+
+ /* Shamir's dual add constants */
+ SHAMIR_PRECOMP_SZ = 16,
+
+#ifdef WOLF_CRYPTO_CB
+ ECC_MAX_ID_LEN = 32,
+ ECC_MAX_LABEL_LEN = 32,
+#endif
+};
+
+/* Curve Types */
+typedef enum ecc_curve_id {
+ ECC_CURVE_INVALID = -1,
+ ECC_CURVE_DEF = 0, /* NIST or SECP */
+
+ /* NIST Prime Curves */
+ ECC_SECP192R1,
+ ECC_PRIME192V2,
+ ECC_PRIME192V3,
+ ECC_PRIME239V1,
+ ECC_PRIME239V2,
+ ECC_PRIME239V3,
+ ECC_SECP256R1,
+
+ /* SECP Curves */
+ ECC_SECP112R1,
+ ECC_SECP112R2,
+ ECC_SECP128R1,
+ ECC_SECP128R2,
+ ECC_SECP160R1,
+ ECC_SECP160R2,
+ ECC_SECP224R1,
+ ECC_SECP384R1,
+ ECC_SECP521R1,
+
+ /* Koblitz */
+ ECC_SECP160K1,
+ ECC_SECP192K1,
+ ECC_SECP224K1,
+ ECC_SECP256K1,
+
+ /* Brainpool Curves */
+ ECC_BRAINPOOLP160R1,
+ ECC_BRAINPOOLP192R1,
+ ECC_BRAINPOOLP224R1,
+ ECC_BRAINPOOLP256R1,
+ ECC_BRAINPOOLP320R1,
+ ECC_BRAINPOOLP384R1,
+ ECC_BRAINPOOLP512R1,
+
+ /* Twisted Edwards Curves */
+#ifdef HAVE_CURVE25519
+ ECC_X25519,
+#endif
+#ifdef HAVE_CURVE448
+ ECC_X448,
+#endif
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
+ ECC_SAKKE_1,
+#endif
+
+#ifdef WOLFSSL_CUSTOM_CURVES
+ ECC_CURVE_CUSTOM,
+#endif
+ ECC_CURVE_MAX
+} ecc_curve_id;
+
+#ifdef HAVE_OID_ENCODING
+typedef word16 ecc_oid_t;
+#else
+typedef byte ecc_oid_t;
+ /* OID encoded with ASN scheme:
+ first element = (oid[0] * 40) + oid[1]
+ if any element > 127 then MSB 0x80 indicates additional byte */
+#endif
+
+
+#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API)
+ /* MSC does something different with the pointers to the arrays than GCC,
+ * and it causes the FIPS checksum to fail. In the case of windows builds,
+ * store everything as arrays instead of pointers to strings. */
+
+ #define WOLFSSL_ECC_CURVE_STATIC
+#endif
+
+/* ECC set type defined a GF(p) curve */
+#ifndef WOLFSSL_ECC_CURVE_STATIC
+typedef struct ecc_set_type {
+ int size; /* The size of the curve in octets */
+ int id; /* id of this curve */
+ const char* name; /* name of this curve */
+ const char* prime; /* prime that defines the field, curve is in (hex) */
+ const char* Af; /* fields A param (hex) */
+ const char* Bf; /* fields B param (hex) */
+ const char* order; /* order of the curve (hex) */
+ const char* Gx; /* x coordinate of the base point on curve (hex) */
+ const char* Gy; /* y coordinate of the base point on curve (hex) */
+ const ecc_oid_t* oid;
+ word32 oidSz;
+ word32 oidSum; /* sum of encoded OID bytes */
+ int cofactor;
+} ecc_set_type;
+#else
+#define MAX_ECC_NAME 16
+#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1)
+ /* The values are stored as text strings. */
+
+typedef struct ecc_set_type {
+ int size; /* The size of the curve in octets */
+ int id; /* id of this curve */
+ const char name[MAX_ECC_NAME]; /* name of this curve */
+ const char prime[MAX_ECC_STRING]; /* prime that defines the field, curve is in (hex) */
+ const char Af[MAX_ECC_STRING]; /* fields A param (hex) */
+ const char Bf[MAX_ECC_STRING]; /* fields B param (hex) */
+ const char order[MAX_ECC_STRING]; /* order of the curve (hex) */
+ const char Gx[MAX_ECC_STRING]; /* x coordinate of the base point on curve (hex) */
+ const char Gy[MAX_ECC_STRING]; /* y coordinate of the base point on curve (hex) */
+ const ecc_oid_t oid[10];
+ word32 oidSz;
+ word32 oidSum; /* sum of encoded OID bytes */
+ int cofactor;
+} ecc_set_type;
+#endif
+
+
+#ifdef ALT_ECC_SIZE
+
+/* Note on ALT_ECC_SIZE:
+ * The fast math code uses an array of a fixed size to store the big integers.
+ * By default, the array is big enough for RSA keys. There is a size,
+ * FP_MAX_BITS which can be used to make the array smaller when one wants ECC
+ * but not RSA. Some people want fast math sized for both RSA and ECC, where
+ * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate
+ * ecc_point structure that uses an alternate fp_int that has a shorter array
+ * of fp_digits.
+ *
+ * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of
+ * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
+ * of the point are pointers that are set to each of a three item array of
+ * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
+ * structure, the alt_fp_int will only have 512 bits for ECC 256-bit and
+ * 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well,
+ * and is set by mp_init() and alt_fp_init(). The functions fp_zero() and
+ * fp_copy() use the size parameter. An int needs to be initialized before
+ * using it instead of just fp_zeroing it, the init will call zero. The
+ * FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but
+ * can be set to change the number of bits used in the alternate FP_INT.
+ *
+ * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH.
+ */
+
+#ifndef USE_FAST_MATH
+ #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE
+#endif
+#ifdef WOLFSSL_NO_MALLOC
+ #error ALT_ECC_SIZE cannot be used with no malloc (WOLFSSL_NO_MALLOC)
+#endif
+
+/* determine max bits required for ECC math */
+#ifndef FP_MAX_BITS_ECC
+ /* max bits rounded up by 8 then doubled */
+ /* (ROUND8(MAX_ECC_BITS) * 2) */
+ #define FP_MAX_BITS_ECC (2 * \
+ ((MAX_ECC_BITS + DIGIT_BIT - 1) / DIGIT_BIT) * DIGIT_BIT)
+
+ /* Note: For ECC verify only FP_MAX_BITS_ECC can be reduced to:
+ ROUND8(MAX_ECC_BITS) + ROUND8(DIGIT_BIT) */
+#endif
+
+/* verify alignment */
+#if FP_MAX_BITS_ECC % CHAR_BIT
+ #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
+#endif
+
+/* determine buffer size */
+/* Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod(). */
+#define FP_SIZE_ECC ((FP_MAX_BITS_ECC/DIGIT_BIT) + 1)
+
+
+/* This needs to match the size of the fp_int struct, except the
+ * fp_digit array will be shorter. */
+typedef struct alt_fp_int {
+ int used, sign, size;
+ mp_digit dp[FP_SIZE_ECC];
+} alt_fp_int;
+#endif /* ALT_ECC_SIZE */
+
+#ifndef WC_ECCKEY_TYPE_DEFINED
+ typedef struct ecc_key ecc_key;
+ #define WC_ECCKEY_TYPE_DEFINED
+#endif
+
+
+/* A point on an ECC curve, stored in Jacobian format such that (x,y,z) =>
+ (x/z^2, y/z^3, 1) when interpreted as affine */
+typedef struct {
+#ifndef ALT_ECC_SIZE
+ mp_int x[1]; /* The x coordinate */
+ mp_int y[1]; /* The y coordinate */
+ mp_int z[1]; /* The z coordinate */
+#else
+ mp_int* x; /* The x coordinate */
+ mp_int* y; /* The y coordinate */
+ mp_int* z; /* The z coordinate */
+ alt_fp_int xyz[3];
+#endif
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+ ecc_key* key;
+#endif
+} ecc_point;
+
+/* ECC Flags */
+enum {
+ WC_ECC_FLAG_NONE = 0x00,
+#ifdef HAVE_ECC_CDH
+ WC_ECC_FLAG_COFACTOR = 0x01,
+#endif
+ WC_ECC_FLAG_DEC_SIGN = 0x02,
+};
+
+/* ECC non-blocking */
+#ifdef WC_ECC_NONBLOCK
+ typedef struct ecc_nb_ctx {
+ #if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
+ sp_ecc_ctx_t sp_ctx;
+ #else
+ /* build configuration not supported */
+ #error ECC non-blocking only supports SP (--enable-sp=nonblock)
+ #endif
+ } ecc_nb_ctx_t;
+#endif /* WC_ECC_NONBLOCK */
+
+
+/* An ECC Key */
+struct ecc_key {
+ int type; /* Public or Private */
+ int idx; /* Index into the ecc_sets[] for the parameters of
+ this curve if -1, this key is using user supplied
+ curve in dp */
+ int state;
+ word32 flags;
+ const ecc_set_type* dp; /* domain parameters, either points to NIST
+ curves (idx >= 0) or user supplied */
+#ifdef WOLFSSL_CUSTOM_CURVES
+ int deallocSet;
+#endif
+ void* heap; /* heap hint */
+ ecc_point pubkey; /* public key */
+ mp_int k; /* private key */
+
+#ifdef WOLFSSL_QNX_CAAM
+ word32 blackKey; /* address of key encrypted and in secure memory */
+ word32 securePubKey; /* address of public key in secure memory */
+ int partNum; /* partition number*/
+#endif
+#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
+ int slot; /* Key Slot Number (-1 unknown) */
+ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
+#endif
+#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB)
+ int devId;
+#endif
+#ifdef WOLFSSL_SILABS_SE_ACCEL
+ sl_se_command_context_t cmd_ctx;
+ sl_se_key_descriptor_t key;
+ /* Used for SiLabs "plaintext" with public X, public Y, and
+ * private D concatenated. These are respectively at offset `0`,
+ * offset `keysize`, and offset `2 * keysize`.
+ */
+ byte key_raw[3 * ECC_MAX_CRYPTO_HW_SIZE];
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ mp_int* r; /* sign/verify temps */
+ mp_int* s;
+ WC_ASYNC_DEV asyncDev;
+ #ifdef HAVE_CAVIUM_V
+ mp_int* e; /* Sign, Verify and Shared Secret */
+ mp_int* signK;
+ #endif
+ #ifdef WOLFSSL_CERT_GEN
+ CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
+ #endif
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#ifdef WOLF_CRYPTO_CB
+ byte id[ECC_MAX_ID_LEN];
+ int idLen;
+ char label[ECC_MAX_LABEL_LEN];
+ int labelLen;
+#endif
+#if defined(WOLFSSL_CRYPTOCELL)
+ ecc_context_t ctx;
+#endif
+
+#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
+ defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
+ mp_int *sign_k;
+#endif
+#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
+ byte deterministic:1;
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+ mp_int* t1;
+ mp_int* t2;
+#ifdef ALT_ECC_SIZE
+ mp_int* x;
+ mp_int* y;
+ mp_int* z;
+#endif
+#endif
+
+#ifdef WOLFSSL_DSP
+ remote_handle64 handle;
+#endif
+#ifdef ECC_TIMING_RESISTANT
+ WC_RNG* rng;
+#endif
+#ifdef WC_ECC_NONBLOCK
+ ecc_nb_ctx_t* nb_ctx;
+#endif
+};
+
+
+WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void*);
+WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key*);
+
+
+/* ECC predefined curve sets */
+extern const ecc_set_type ecc_sets[];
+extern const size_t ecc_sets_count;
+
+WOLFSSL_API
+const char* wc_ecc_get_name(int curve_id);
+
+#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
+
+#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
+ #define ECC_API WOLFSSL_API
+#else
+ #define ECC_API WOLFSSL_LOCAL
+#endif
+
+ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA,
+ ecc_point* B, mp_int* kB,
+ ecc_point* C, mp_int* a, mp_int* modulus, void* heap);
+
+ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit);
+ECC_API int ecc_map_ex(ecc_point*, mp_int*, mp_digit, int ct);
+ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
+ mp_int* a, mp_int* modulus, mp_digit mp);
+ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
+ mp_int* modulus, mp_digit mp);
+
+WOLFSSL_LOCAL
+int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R,
+ mp_int* a, mp_int* modulus, mp_digit mp, int* infinity);
+WOLFSSL_LOCAL
+int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a,
+ mp_int* modulus, mp_digit mp);
+
+#endif
+
+WOLFSSL_API
+int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
+WOLFSSL_ABI WOLFSSL_API
+int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
+WOLFSSL_API
+int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
+ int flags);
+WOLFSSL_API
+int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
+WOLFSSL_API
+int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);
+WOLFSSL_API
+int wc_ecc_check_key(ecc_key* key);
+WOLFSSL_API
+int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
+WOLFSSL_API
+int wc_ecc_get_generator(ecc_point* ecp, int curve_idx);
+
+#ifdef HAVE_ECC_DHE
+WOLFSSL_API
+int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
+ word32* outlen);
+WOLFSSL_LOCAL
+int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point,
+ byte* out, word32 *outlen);
+WOLFSSL_API
+int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
+ byte* out, word32 *outlen);
+
+#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
+ defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
+#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
+#else
+#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
+#endif
+
+#endif /* HAVE_ECC_DHE */
+
+#ifdef HAVE_ECC_SIGN
+WOLFSSL_ABI WOLFSSL_API
+int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
+ WC_RNG* rng, ecc_key* key);
+WOLFSSL_API
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
+ ecc_key* key, mp_int *r, mp_int *s);
+#ifdef WOLFSSL_ECDSA_DETERMINISTIC_K
+WOLFSSL_API
+int wc_ecc_set_deterministic(ecc_key* key, byte flag);
+WOLFSSL_API
+int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
+ enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
+ void* heap);
+#endif
+#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP)
+WOLFSSL_API
+int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key);
+#endif
+#endif /* HAVE_ECC_SIGN */
+
+#ifdef HAVE_ECC_VERIFY
+WOLFSSL_API
+int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
+ word32 hashlen, int* stat, ecc_key* key);
+WOLFSSL_API
+int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
+ word32 hashlen, int* stat, ecc_key* key);
+#endif /* HAVE_ECC_VERIFY */
+
+WOLFSSL_API
+int wc_ecc_init(ecc_key* key);
+WOLFSSL_ABI WOLFSSL_API
+int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
+#ifdef WOLF_CRYPTO_CB
+WOLFSSL_API
+int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
+ int devId);
+WOLFSSL_API
+int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId);
+#endif
+#ifdef WOLFSSL_CUSTOM_CURVES
+WOLFSSL_LOCAL
+void wc_ecc_free_curve(const ecc_set_type* curve, void* heap);
+#endif
+WOLFSSL_ABI WOLFSSL_API
+int wc_ecc_free(ecc_key* key);
+WOLFSSL_API
+int wc_ecc_set_flags(ecc_key* key, word32 flags);
+WOLFSSL_API
+void wc_ecc_fp_free(void);
+WOLFSSL_LOCAL
+void wc_ecc_fp_init(void);
+#ifdef ECC_TIMING_RESISTANT
+WOLFSSL_API
+int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
+#endif
+
+WOLFSSL_API
+int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
+
+WOLFSSL_API
+int wc_ecc_is_valid_idx(int n);
+WOLFSSL_API
+int wc_ecc_get_curve_idx(int curve_id);
+WOLFSSL_API
+int wc_ecc_get_curve_id(int curve_idx);
+#define wc_ecc_get_curve_name_from_id wc_ecc_get_name
+WOLFSSL_API
+int wc_ecc_get_curve_size_from_id(int curve_id);
+
+WOLFSSL_API
+int wc_ecc_get_curve_idx_from_name(const char* curveName);
+WOLFSSL_API
+int wc_ecc_get_curve_size_from_name(const char* curveName);
+WOLFSSL_API
+int wc_ecc_get_curve_id_from_name(const char* curveName);
+WOLFSSL_API
+int wc_ecc_get_curve_id_from_params(int fieldSize,
+ const byte* prime, word32 primeSz, const byte* Af, word32 AfSz,
+ const byte* Bf, word32 BfSz, const byte* order, word32 orderSz,
+ const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor);
+WOLFSSL_API
+int wc_ecc_get_curve_id_from_dp_params(const ecc_set_type* dp);
+
+WOLFSSL_API
+int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len);
+
+WOLFSSL_API const ecc_set_type* wc_ecc_get_curve_params(int curve_idx);
+
+WOLFSSL_API
+ecc_point* wc_ecc_new_point(void);
+WOLFSSL_API
+ecc_point* wc_ecc_new_point_h(void* h);
+WOLFSSL_API
+void wc_ecc_del_point(ecc_point* p);
+WOLFSSL_API
+void wc_ecc_del_point_h(ecc_point* p, void* h);
+WOLFSSL_API
+void wc_ecc_forcezero_point(ecc_point* p);
+WOLFSSL_API
+int wc_ecc_copy_point(const ecc_point* p, ecc_point *r);
+WOLFSSL_API
+int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
+WOLFSSL_API
+int wc_ecc_point_is_at_infinity(ecc_point *p);
+WOLFSSL_API
+int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
+
+#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
+WOLFSSL_API
+int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R,
+ mp_int* a, mp_int* modulus, int map);
+WOLFSSL_LOCAL
+int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R,
+ mp_int* a, mp_int* modulus, int map, void* heap);
+WOLFSSL_LOCAL
+int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
+ mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
+ void* heap);
+#endif /* !WOLFSSL_ATECC508A */
+
+
+#ifdef HAVE_ECC_KEY_EXPORT
+/* ASN key helpers */
+WOLFSSL_API
+int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
+ /* extended functionality with compressed option */
+#endif /* HAVE_ECC_KEY_EXPORT */
+
+#ifdef HAVE_ECC_KEY_IMPORT
+WOLFSSL_ABI WOLFSSL_API
+int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
+WOLFSSL_API
+int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
+ int curve_id);
+WOLFSSL_API
+int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
+ word32 pubSz, ecc_key* key);
+WOLFSSL_API
+int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz, ecc_key* key, int curve_id);
+WOLFSSL_API
+int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
+WOLFSSL_API
+int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz,
+ byte* out, word32* outlen);
+WOLFSSL_API
+int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen,
+ byte* s, word32* sLen);
+WOLFSSL_API
+int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
+ const char* d, const char* curveName);
+WOLFSSL_API
+int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy,
+ const char* d, int curve_id);
+WOLFSSL_API
+int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy,
+ byte* d, int curve_id);
+#endif /* HAVE_ECC_KEY_IMPORT */
+
+#ifdef HAVE_ECC_KEY_EXPORT
+WOLFSSL_API
+int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
+ byte* qy, word32* qyLen, byte* d, word32* dLen,
+ int encType);
+WOLFSSL_API
+int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen,
+ byte* qy, word32* qyLen);
+WOLFSSL_API
+int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen,
+ byte* qy, word32* qyLen, byte* d, word32* dLen);
+#endif /* HAVE_ECC_KEY_EXPORT */
+
+#ifdef HAVE_ECC_KEY_EXPORT
+WOLFSSL_API
+int wc_ecc_export_point_der_ex(const int curve_idx, ecc_point* point, byte* out,
+ word32* outLen, int compressed);
+WOLFSSL_API
+int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
+ byte* out, word32* outLen);
+WOLFSSL_LOCAL
+int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
+ byte* out, word32* outLen);
+#endif /* HAVE_ECC_KEY_EXPORT */
+
+
+#ifdef HAVE_ECC_KEY_IMPORT
+WOLFSSL_API
+int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
+ const int curve_idx, ecc_point* point,
+ int shortKeySize);
+WOLFSSL_API
+int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx,
+ ecc_point* point);
+#endif /* HAVE_ECC_KEY_IMPORT */
+
+/* size helper */
+WOLFSSL_API
+int wc_ecc_size(ecc_key* key);
+WOLFSSL_API
+int wc_ecc_sig_size_calc(int sz);
+WOLFSSL_API
+int wc_ecc_sig_size(const ecc_key* key);
+
+WOLFSSL_API
+int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz);
+
+#ifdef WOLFSSL_CUSTOM_CURVES
+ WOLFSSL_API
+ int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp);
+#endif
+
+#ifdef HAVE_ECC_ENCRYPT
+/* ecc encrypt */
+
+enum ecEncAlgo {
+ ecAES_128_CBC = 1, /* default */
+ ecAES_256_CBC = 2
+};
+
+enum ecKdfAlgo {
+ ecHKDF_SHA256 = 1, /* default */
+ ecHKDF_SHA1 = 2
+};
+
+enum ecMacAlgo {
+ ecHMAC_SHA256 = 1, /* default */
+ ecHMAC_SHA1 = 2
+};
+
+enum {
+ KEY_SIZE_128 = 16,
+ KEY_SIZE_256 = 32,
+ IV_SIZE_64 = 8,
+ IV_SIZE_128 = 16,
+ EXCHANGE_SALT_SZ = 16,
+ EXCHANGE_INFO_SZ = 23
+};
+
+enum ecFlags {
+ REQ_RESP_CLIENT = 1,
+ REQ_RESP_SERVER = 2
+};
+
+
+typedef struct ecEncCtx ecEncCtx;
+
+WOLFSSL_API
+ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
+WOLFSSL_API
+ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap);
+WOLFSSL_API
+void wc_ecc_ctx_free(ecEncCtx*);
+WOLFSSL_API
+int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */
+
+WOLFSSL_API
+const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
+WOLFSSL_API
+int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
+WOLFSSL_API
+int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
+
+WOLFSSL_API
+int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
+ word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
+WOLFSSL_API
+int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
+ word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
+
+#endif /* HAVE_ECC_ENCRYPT */
+
+#ifdef HAVE_X963_KDF
+WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret,
+ word32 secretSz, const byte* sinfo, word32 sinfoSz,
+ byte* out, word32 outSz);
+#endif
+
+#ifdef ECC_CACHE_CURVE
+WOLFSSL_API int wc_ecc_curve_cache_init(void);
+WOLFSSL_API void wc_ecc_curve_cache_free(void);
+#endif
+
+WOLFSSL_API
+int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order);
+
+#ifdef WOLFSSL_DSP
+WOLFSSL_API
+int wc_ecc_set_handle(ecc_key* key, remote_handle64 handle);
+WOLFSSL_LOCAL
+int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashLen, mp_int* pX,
+ mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
+#endif
+
+#ifdef WC_ECC_NONBLOCK
+ WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_ECC */
+#endif /* WOLF_CRYPT_ECC_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/eccsi.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/eccsi.h
new file mode 100644
index 0000000..b563514
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/eccsi.h
@@ -0,0 +1,176 @@
+/* eccsi.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/eccsi.h
+*/
+
+
+#ifndef WOLF_CRYPT_ECCSI_H
+#define WOLF_CRYPT_ECCSI_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFCRYPT_HAVE_ECCSI
+
+#include <wolfssl/wolfcrypt/integer.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/hmac.h>
+
+#define WOLFCRYPT_ECCSI_KMS
+#define WOLFCRYPT_ECCSI_CLIENT
+
+#define MAX_ECCSI_BYTES (256 / 8)
+
+/* Maximum number of loops of attempting to generate key pairs and signatures.
+ */
+#ifndef ECCSI_MAX_GEN_COUNT
+ #define ECCSI_MAX_GEN_COUNT 10
+#endif
+
+typedef struct EccsiKeyParams {
+ /** Order (q) of elliptic curve as an MP integer. */
+ mp_int order;
+#ifdef WOLFCRYPT_ECCSI_CLIENT
+ /** A parameter of elliptic curve as an MP integer. */
+ mp_int a;
+ /** P parameter of elliptic curve as an MP integer. */
+ mp_int b;
+ /** Prime of elliptic curve as an MP integer. */
+ mp_int prime;
+#endif
+ /** Base point for elliptic curve operations as an ECC point. */
+ ecc_point* base;
+
+ /** Bit indicates order (q) is set as an MP integer in ECCSI key. */
+ byte haveOrder:1;
+ /** Bit indicates A is set as an MP integer in ECCSI key. */
+ byte haveA:1;
+ /** Bit indicates B is set as an MP integer in ECCSI key. */
+ byte haveB:1;
+ /** Bit indicates prime is set as an MP integer in ECCSI key. */
+ byte havePrime:1;
+ /** Bit indicates base point is set as an MP integer in ECCSI key. */
+ byte haveBase:1;
+} EccsiKeyParams;
+
+/**
+ * ECCSI key.
+ */
+typedef struct EccsiKey {
+ /** ECC key to perform elliptic curve operations with. */
+ ecc_key ecc;
+ /** ECC key to perform public key elliptic curve operations with. */
+ ecc_key pubkey;
+ /** ECC parameter in forms that can be used in computation. */
+ EccsiKeyParams params;
+#ifdef WOLFCRYPT_ECCSI_CLIENT
+ /** Temporary MP integer used during operations.. */
+ mp_int tmp;
+ /** Secret Signing Key */
+ mp_int ssk;
+ /** Public Validation Token (PVT) */
+ ecc_point* pvt;
+#endif
+ /** Generic hash algorithm object. */
+ wc_HashAlg hash;
+ /** Temporary buffer for use in operations. */
+ byte data[(MAX_ECCSI_BYTES * 2) + 1];
+#ifdef WOLFCRYPT_ECCSI_CLIENT
+ /** Hash of identity - used in signing/verification. */
+ byte idHash[WC_MAX_DIGEST_SIZE];
+ /** Size of hash of identity in bytes. */
+ byte idHashSz;
+#endif
+ /** Heap hint for dynamic memory allocation. */
+ void* heap;
+ /** Bit indicates KPAK (public key) is in montogmery form. */
+ word16 kpakMont:1;
+} EccsiKey;
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+WOLFSSL_API int wc_InitEccsiKey(EccsiKey* key, void* heap, int devId);
+WOLFSSL_API int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId,
+ void* heap, int devId);
+WOLFSSL_API void wc_FreeEccsiKey(EccsiKey* key);
+
+WOLFSSL_API int wc_MakeEccsiKey(EccsiKey* key, WC_RNG* rng);
+
+WOLFSSL_API int wc_MakeEccsiPair(EccsiKey* key, WC_RNG* rng,
+ enum wc_HashType hashType, const byte* id, word32 idSz, mp_int* ssk,
+ ecc_point* pvt);
+WOLFSSL_API int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
+ const byte* id, word32 idSz, const mp_int* ssk, ecc_point* pvt,
+ int* valid);
+WOLFSSL_API int wc_ValidateEccsiPvt(EccsiKey* key, const ecc_point* pvt,
+ int* valid);
+WOLFSSL_API int wc_EncodeEccsiPair(const EccsiKey* key, mp_int* ssk,
+ ecc_point* pvt, byte* data, word32* sz);
+WOLFSSL_API int wc_EncodeEccsiSsk(const EccsiKey* key, mp_int* ssk, byte* data,
+ word32* sz);
+WOLFSSL_API int wc_EncodeEccsiPvt(const EccsiKey* key, ecc_point* pvt,
+ byte* data, word32* sz, int raw);
+WOLFSSL_API int wc_DecodeEccsiPair(const EccsiKey* key, const byte* data,
+ word32 sz, mp_int* ssk, ecc_point* pvt);
+WOLFSSL_API int wc_DecodeEccsiSsk(const EccsiKey* key, const byte* data,
+ word32 sz, mp_int* ssk);
+WOLFSSL_API int wc_DecodeEccsiPvt(const EccsiKey* key, const byte* data,
+ word32 sz, ecc_point* pvt);
+WOLFSSL_API int wc_DecodeEccsiPvtFromSig(const EccsiKey* key, const byte* sig,
+ word32 sz, ecc_point* pvt);
+
+WOLFSSL_API int wc_ExportEccsiKey(EccsiKey* key, byte* data, word32* sz);
+WOLFSSL_API int wc_ImportEccsiKey(EccsiKey* key, const byte* data, word32 sz);
+
+WOLFSSL_API int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz);
+WOLFSSL_API int wc_ImportEccsiPrivateKey(EccsiKey* key, const byte* data,
+ word32 sz);
+
+WOLFSSL_API int wc_ExportEccsiPublicKey(EccsiKey* key, byte* data, word32* sz,
+ int raw);
+WOLFSSL_API int wc_ImportEccsiPublicKey(EccsiKey* key, const byte* data,
+ word32 sz, int trusted);
+
+WOLFSSL_API int wc_HashEccsiId(EccsiKey* key, enum wc_HashType hashType,
+ const byte* id, word32 idSz, ecc_point* pvt, byte* hash, byte* hashSz);
+WOLFSSL_API int wc_SetEccsiHash(EccsiKey* key, const byte* hash, byte hashSz);
+WOLFSSL_API int wc_SetEccsiPair(EccsiKey* key, const mp_int* ssk,
+ const ecc_point* pvt);
+
+WOLFSSL_API int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng,
+ enum wc_HashType hashType, const byte* msg, word32 msgSz, byte* sig,
+ word32* sigSz);
+WOLFSSL_API int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
+ const byte* msg, word32 msgSz, const byte* sig, word32 sigSz,
+ int* verified);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFCRYPT_HAVE_ECCSI */
+
+#endif /* WOLF_CRYPT_ECCSI_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ed25519.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ed25519.h
new file mode 100644
index 0000000..7289923
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ed25519.h
@@ -0,0 +1,183 @@
+/* ed25519.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/ed25519.h
+*/
+
+
+#ifndef WOLF_CRYPT_ED25519_H
+#define WOLF_CRYPT_ED25519_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_ED25519
+
+#include <wolfssl/wolfcrypt/fe_operations.h>
+#include <wolfssl/wolfcrypt/ge_operations.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+/* info about EdDSA curve specifically ed25519, defined as an elliptic curve
+ over GF(p) */
+/*
+ 32, key size
+ "ED25519", curve name
+ "2^255-19", prime number
+ "SHA512", hash function
+ "-121665/121666", value of d
+*/
+
+#define ED25519_KEY_SIZE 32 /* private key only */
+#define ED25519_SIG_SIZE 64
+
+#define ED25519_PUB_KEY_SIZE 32 /* compressed */
+/* both private and public key */
+#define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE)
+
+
+enum {
+ Ed25519 = -1,
+ Ed25519ctx = 0,
+ Ed25519ph = 1,
+};
+
+#ifndef WC_ED25519KEY_TYPE_DEFINED
+ typedef struct ed25519_key ed25519_key;
+ #define WC_ED25519KEY_TYPE_DEFINED
+#endif
+
+/* An ED25519 Key */
+struct ed25519_key {
+ byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */
+ byte k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */
+#ifdef FREESCALE_LTC_ECC
+ /* uncompressed point coordinates */
+ byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */
+ byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
+#endif
+ word16 pubKeySet:1;
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+#if defined(WOLF_CRYPTO_CB)
+ int devId;
+#endif
+};
+
+
+WOLFSSL_API
+int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
+ word32 pubKeySz);
+WOLFSSL_API
+int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
+ word32 *outLen, ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519ctx_sign_msg(const byte* in, word32 inLen, byte* out,
+ word32 *outLen, ed25519_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
+ word32 *outLen, ed25519_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out,
+ word32 *outLen, ed25519_key* key, const byte* context,
+ byte contextLen);
+WOLFSSL_API
+int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
+ word32 *outLen, ed25519_key* key, byte type,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
+ word32 msgLen, int* stat, ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
+ word32 msgLen, int* stat, ed25519_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash,
+ word32 hashLen, int* stat, ed25519_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
+ word32 msgLen, int* stat, ed25519_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
+ word32 msgLen, int* res, ed25519_key* key,
+ byte type, const byte* context, byte contextLen);
+
+WOLFSSL_API
+int wc_ed25519_init(ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId);
+WOLFSSL_API
+void wc_ed25519_free(ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_import_private_only(const byte* priv, word32 privSz,
+ ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz, ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed25519_export_key(ed25519_key* key,
+ byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz);
+
+WOLFSSL_API
+int wc_ed25519_check_key(ed25519_key* key);
+
+/* size helper */
+WOLFSSL_API
+int wc_ed25519_size(ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_priv_size(ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_pub_size(ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_sig_size(ed25519_key* key);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_ED25519 */
+#endif /* WOLF_CRYPT_ED25519_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ed448.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ed448.h
new file mode 100644
index 0000000..d45585a
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ed448.h
@@ -0,0 +1,160 @@
+/* ed448.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/ed448.h
+*/
+
+
+#ifndef WOLF_CRYPT_ED448_H
+#define WOLF_CRYPT_ED448_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_ED448
+
+#include <wolfssl/wolfcrypt/fe_448.h>
+#include <wolfssl/wolfcrypt/ge_448.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/sha3.h>
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+/* info about EdDSA curve specifically ed448, defined as an elliptic curve
+ * over GF(p)
+ *
+ * 56 key size
+ * "ED448" curve name
+ * "2^448-2^224-1" prime number
+ * "-39081" value of d
+ * "SHAKE256" hash function
+ */
+
+#define ED448_KEY_SIZE 57 /* private key only */
+#define ED448_SIG_SIZE 114 /* two elements */
+
+#define ED448_PUB_KEY_SIZE 57 /* compressed */
+/* both private and public key */
+#define ED448_PRV_KEY_SIZE (ED448_PUB_KEY_SIZE+ED448_KEY_SIZE)
+
+
+enum {
+ Ed448 = 0,
+ Ed448ph = 1,
+};
+
+#ifndef WC_ED448KEY_TYPE_DEFINED
+ typedef struct ed448_key ed448_key;
+ #define WC_ED448KEY_TYPE_DEFINED
+#endif
+
+/* An ED448 Key */
+struct ed448_key {
+ byte p[ED448_PUB_KEY_SIZE]; /* compressed public key */
+ byte k[ED448_PRV_KEY_SIZE]; /* private key : 56 secret -- 56 public */
+#ifdef FREESCALE_LTC_ECC
+ /* uncompressed point coordinates */
+ byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */
+ byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
+#endif
+ word16 pubKeySet:1;
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+};
+
+
+WOLFSSL_API
+int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
+ word32 pubKeySz);
+WOLFSSL_API
+int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key);
+WOLFSSL_API
+int wc_ed448_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
+ ed448_key* key, const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed448ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
+ word32 *outLen, ed448_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out,
+ word32 *outLen, ed448_key* key, const byte* context,
+ byte contextLen);
+WOLFSSL_API
+int wc_ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
+ word32 msgLen, int* stat, ed448_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed448ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash,
+ word32 hashLen, int* stat, ed448_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed448ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
+ word32 msgLen, int* stat, ed448_key* key,
+ const byte* context, byte contextLen);
+WOLFSSL_API
+int wc_ed448_init(ed448_key* key);
+WOLFSSL_API
+void wc_ed448_free(ed448_key* key);
+WOLFSSL_API
+int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key);
+WOLFSSL_API
+int wc_ed448_import_private_only(const byte* priv, word32 privSz,
+ ed448_key* key);
+WOLFSSL_API
+int wc_ed448_import_private_key(const byte* priv, word32 privSz,
+ const byte* pub, word32 pubSz, ed448_key* key);
+WOLFSSL_API
+int wc_ed448_export_public(ed448_key*, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz,
+ byte* pub, word32 *pubSz);
+
+WOLFSSL_API
+int wc_ed448_check_key(ed448_key* key);
+
+/* size helper */
+WOLFSSL_API
+int wc_ed448_size(ed448_key* key);
+WOLFSSL_API
+int wc_ed448_priv_size(ed448_key* key);
+WOLFSSL_API
+int wc_ed448_pub_size(ed448_key* key);
+WOLFSSL_API
+int wc_ed448_sig_size(ed448_key* key);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_ED448 */
+#endif /* WOLF_CRYPT_ED448_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/error-crypt.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/error-crypt.h
new file mode 100644
index 0000000..dd6ac17
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/error-crypt.h
@@ -0,0 +1,264 @@
+/* error-crypt.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/error-crypt.h
+*/
+/*
+DESCRIPTION
+This library defines error codes and contians routines for setting and examining
+the error status.
+*/
+
+#ifndef WOLF_CRYPT_ERROR_H
+#define WOLF_CRYPT_ERROR_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+ #include <cyassl/ctaocrypt/error-crypt.h>
+#endif /* HAVE_FIPS V1 */
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+/* error codes, add string for new errors !!! */
+enum {
+ MAX_CODE_E = -100, /* errors -101 - -299 */
+ OPEN_RAN_E = -101, /* opening random device error */
+ READ_RAN_E = -102, /* reading random device error */
+ WINCRYPT_E = -103, /* windows crypt init error */
+ CRYPTGEN_E = -104, /* windows crypt generation error */
+ RAN_BLOCK_E = -105, /* reading random device would block */
+ BAD_MUTEX_E = -106, /* Bad mutex operation */
+ WC_TIMEOUT_E = -107, /* timeout error */
+ WC_PENDING_E = -108, /* wolfCrypt operation pending (would block) */
+ WC_NOT_PENDING_E = -109, /* wolfCrypt operation not pending */
+
+ MP_INIT_E = -110, /* mp_init error state */
+ MP_READ_E = -111, /* mp_read error state */
+ MP_EXPTMOD_E = -112, /* mp_exptmod error state */
+ MP_TO_E = -113, /* mp_to_xxx error state, can't convert */
+ MP_SUB_E = -114, /* mp_sub error state, can't subtract */
+ MP_ADD_E = -115, /* mp_add error state, can't add */
+ MP_MUL_E = -116, /* mp_mul error state, can't multiply */
+ MP_MULMOD_E = -117, /* mp_mulmod error state, can't multiply mod */
+ MP_MOD_E = -118, /* mp_mod error state, can't mod */
+ MP_INVMOD_E = -119, /* mp_invmod error state, can't inv mod */
+ MP_CMP_E = -120, /* mp_cmp error state */
+ MP_ZERO_E = -121, /* got a mp zero result, not expected */
+
+ MEMORY_E = -125, /* out of memory error */
+ VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */
+
+ RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */
+ RSA_BUFFER_E = -131, /* RSA buffer error, output too small or
+ input too large */
+ BUFFER_E = -132, /* output buffer too small or input too large */
+ ALGO_ID_E = -133, /* setting algo id error */
+ PUBLIC_KEY_E = -134, /* setting public key error */
+ DATE_E = -135, /* setting date validity error */
+ SUBJECT_E = -136, /* setting subject name error */
+ ISSUER_E = -137, /* setting issuer name error */
+ CA_TRUE_E = -138, /* setting CA basic constraint true error */
+ EXTENSIONS_E = -139, /* setting extensions error */
+
+ ASN_PARSE_E = -140, /* ASN parsing error, invalid input */
+ ASN_VERSION_E = -141, /* ASN version error, invalid number */
+ ASN_GETINT_E = -142, /* ASN get big int error, invalid data */
+ ASN_RSA_KEY_E = -143, /* ASN key init error, invalid input */
+ ASN_OBJECT_ID_E = -144, /* ASN object id error, invalid id */
+ ASN_TAG_NULL_E = -145, /* ASN tag error, not null */
+ ASN_EXPECT_0_E = -146, /* ASN expect error, not zero */
+ ASN_BITSTR_E = -147, /* ASN bit string error, wrong id */
+ ASN_UNKNOWN_OID_E = -148, /* ASN oid error, unknown sum id */
+ ASN_DATE_SZ_E = -149, /* ASN date error, bad size */
+ ASN_BEFORE_DATE_E = -150, /* ASN date error, current date before */
+ ASN_AFTER_DATE_E = -151, /* ASN date error, current date after */
+ ASN_SIG_OID_E = -152, /* ASN signature error, mismatched oid */
+ ASN_TIME_E = -153, /* ASN time error, unknown time type */
+ ASN_INPUT_E = -154, /* ASN input error, not enough data */
+ ASN_SIG_CONFIRM_E = -155, /* ASN sig error, confirm failure */
+ ASN_SIG_HASH_E = -156, /* ASN sig error, unsupported hash type */
+ ASN_SIG_KEY_E = -157, /* ASN sig error, unsupported key type */
+ ASN_DH_KEY_E = -158, /* ASN key init error, invalid input */
+ ASN_NTRU_KEY_E = -159, /* ASN ntru key decode error, invalid input */
+ ASN_CRIT_EXT_E = -160, /* ASN unsupported critical extension */
+ ASN_ALT_NAME_E = -161, /* ASN alternate name error */
+ ASN_NO_PEM_HEADER = -162, /* ASN no PEM header found */
+
+ ECC_BAD_ARG_E = -170, /* ECC input argument of wrong type */
+ ASN_ECC_KEY_E = -171, /* ASN ECC bad input */
+ ECC_CURVE_OID_E = -172, /* Unsupported ECC OID curve type */
+ BAD_FUNC_ARG = -173, /* Bad function argument provided */
+ NOT_COMPILED_IN = -174, /* Feature not compiled in */
+ UNICODE_SIZE_E = -175, /* Unicode password too big */
+ NO_PASSWORD = -176, /* no password provided by user */
+ ALT_NAME_E = -177, /* alt name size problem, too big */
+ BAD_OCSP_RESPONDER = -178, /* missing key usage extensions */
+
+ AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */
+ AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */
+
+ ASYNC_INIT_E = -182, /* Async Init type error */
+
+ COMPRESS_INIT_E = -183, /* Compress init error */
+ COMPRESS_E = -184, /* Compress error */
+ DECOMPRESS_INIT_E = -185, /* DeCompress init error */
+ DECOMPRESS_E = -186, /* DeCompress error */
+
+ BAD_ALIGN_E = -187, /* Bad alignment for operation, no alloc */
+ ASN_NO_SIGNER_E = -188, /* ASN no signer to confirm failure */
+ ASN_CRL_CONFIRM_E = -189, /* ASN CRL signature confirm failure */
+ ASN_CRL_NO_SIGNER_E = -190, /* ASN CRL no signer to confirm failure */
+ ASN_OCSP_CONFIRM_E = -191, /* ASN OCSP signature confirm failure */
+
+ BAD_STATE_E = -192, /* Bad state operation */
+ BAD_PADDING_E = -193, /* Bad padding, msg not correct length */
+
+ REQ_ATTRIBUTE_E = -194, /* setting cert request attributes error */
+
+ PKCS7_OID_E = -195, /* PKCS#7, mismatched OID error */
+ PKCS7_RECIP_E = -196, /* PKCS#7, recipient error */
+ FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */
+ ASN_NAME_INVALID_E = -198, /* ASN name constraint error */
+
+ RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */
+ HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */
+ RSA_PAD_E = -201, /* RSA Padding Error */
+ LENGTH_ONLY_E = -202, /* Returning output length only */
+
+ IN_CORE_FIPS_E = -203, /* In Core Integrity check failure */
+ AES_KAT_FIPS_E = -204, /* AES KAT failure */
+ DES3_KAT_FIPS_E = -205, /* DES3 KAT failure */
+ HMAC_KAT_FIPS_E = -206, /* HMAC KAT failure */
+ RSA_KAT_FIPS_E = -207, /* RSA KAT failure */
+ DRBG_KAT_FIPS_E = -208, /* HASH DRBG KAT failure */
+ DRBG_CONT_FIPS_E = -209, /* HASH DRBG Continuous test failure */
+ AESGCM_KAT_FIPS_E = -210, /* AESGCM KAT failure */
+ THREAD_STORE_KEY_E = -211, /* Thread local storage key create failure */
+ THREAD_STORE_SET_E = -212, /* Thread local storage key set failure */
+
+ MAC_CMP_FAILED_E = -213, /* MAC comparison failed */
+ IS_POINT_E = -214, /* ECC is point on curve failed */
+ ECC_INF_E = -215, /* ECC point infinity error */
+ ECC_PRIV_KEY_E = -216, /* ECC private key not valid error */
+ ECC_OUT_OF_RANGE_E = -217, /* ECC key component out of range */
+
+ SRP_CALL_ORDER_E = -218, /* SRP function called in the wrong order. */
+ SRP_VERIFY_E = -219, /* SRP proof verification failed. */
+ SRP_BAD_KEY_E = -220, /* SRP bad ephemeral values. */
+
+ ASN_NO_SKID = -221, /* ASN no Subject Key Identifier found */
+ ASN_NO_AKID = -222, /* ASN no Authority Key Identifier found */
+ ASN_NO_KEYUSAGE = -223, /* ASN no Key Usage found */
+ SKID_E = -224, /* setting Subject Key Identifier error */
+ AKID_E = -225, /* setting Authority Key Identifier error */
+ KEYUSAGE_E = -226, /* Bad Key Usage value */
+ CERTPOLICIES_E = -227, /* setting Certificate Policies error */
+
+ WC_INIT_E = -228, /* wolfcrypt failed to initialize */
+ SIG_VERIFY_E = -229, /* wolfcrypt signature verify error */
+ BAD_COND_E = -230, /* Bad condition variable operation */
+ SIG_TYPE_E = -231, /* Signature Type not enabled/available */
+ HASH_TYPE_E = -232, /* Hash Type not enabled/available */
+
+ WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */
+ ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */
+ MISSING_RNG_E = -236, /* RNG required but not provided */
+ ASN_PATHLEN_SIZE_E = -237, /* ASN CA path length too large error */
+ ASN_PATHLEN_INV_E = -238, /* ASN CA path length inversion error */
+
+ BAD_KEYWRAP_ALG_E = -239,
+ BAD_KEYWRAP_IV_E = -240, /* Decrypted AES key wrap IV incorrect */
+ WC_CLEANUP_E = -241, /* wolfcrypt cleanup failed */
+ ECC_CDH_KAT_FIPS_E = -242, /* ECC CDH Known Answer Test failure */
+ DH_CHECK_PUB_E = -243, /* DH Check Pub Key error */
+ BAD_PATH_ERROR = -244, /* Bad path for opendir */
+
+ ASYNC_OP_E = -245, /* Async operation error */
+
+ ECC_PRIVATEONLY_E = -246, /* Invalid use of private only ECC key*/
+ EXTKEYUSAGE_E = -247, /* Bad Extended Key Usage value */
+ WC_HW_E = -248, /* Error with hardware crypto use */
+ WC_HW_WAIT_E = -249, /* Hardware waiting on resource */
+
+ PSS_SALTLEN_E = -250, /* PSS length of salt is too long for hash */
+ PRIME_GEN_E = -251, /* Failure finding a prime. */
+ BER_INDEF_E = -252, /* Cannot decode indefinite length BER. */
+ RSA_OUT_OF_RANGE_E = -253, /* Ciphertext to decrypt out of range. */
+ RSAPSS_PAT_FIPS_E = -254, /* RSA-PSS PAT failure */
+ ECDSA_PAT_FIPS_E = -255, /* ECDSA PAT failure */
+ DH_KAT_FIPS_E = -256, /* DH KAT failure */
+ AESCCM_KAT_FIPS_E = -257, /* AESCCM KAT failure */
+ SHA3_KAT_FIPS_E = -258, /* SHA-3 KAT failure */
+ ECDHE_KAT_FIPS_E = -259, /* ECDHE KAT failure */
+ AES_GCM_OVERFLOW_E = -260, /* AES-GCM invocation counter overflow. */
+ AES_CCM_OVERFLOW_E = -261, /* AES-CCM invocation counter overflow. */
+ RSA_KEY_PAIR_E = -262, /* RSA Key Pair-Wise Consistency check fail. */
+ DH_CHECK_PRIV_E = -263, /* DH Check Priv Key error */
+
+ WC_AFALG_SOCK_E = -264, /* AF_ALG socket error */
+ WC_DEVCRYPTO_E = -265, /* /dev/crypto error */
+
+ ZLIB_INIT_ERROR = -266, /* zlib init error */
+ ZLIB_COMPRESS_ERROR = -267, /* zlib compression error */
+ ZLIB_DECOMPRESS_ERROR = -268, /* zlib decompression error */
+
+ PKCS7_NO_SIGNER_E = -269, /* No signer in PKCS#7 signed data msg */
+ WC_PKCS7_WANT_READ_E= -270, /* PKCS7 operations wants more input */
+
+ CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */
+ PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */
+ PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */
+ CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
+ ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
+ SAKKE_VERIFY_FAIL_E = -276, /* SAKKE derivation verification error */
+ MISSING_IV = -277, /* IV was not set */
+ MISSING_KEY = -278, /* Key was not set */
+ BAD_LENGTH_E = -279, /* Value of length parameter is invalid. */
+
+ WC_LAST_E = -279, /* Update this to indicate last error */
+ MIN_CODE_E = -300 /* errors -101 - -299 */
+
+ /* add new companion error id strings for any new error codes
+ wolfcrypt/src/error.c !!! */
+};
+
+
+#ifdef NO_ERROR_STRINGS
+ #define wc_GetErrorString(error) "no support for error strings built in"
+ #define wc_ErrorString(err, buf) \
+ (void)err; XSTRNCPY((buf), wc_GetErrorString((err)), \
+ WOLFSSL_MAX_ERROR_SZ);
+
+#else
+WOLFSSL_API void wc_ErrorString(int err, char* buff);
+WOLFSSL_API const char* wc_GetErrorString(int error);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+#endif /* WOLF_CRYPT_ERROR_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fe_448.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fe_448.h
new file mode 100644
index 0000000..6be82cd
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fe_448.h
@@ -0,0 +1,121 @@
+/* fe448_448.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_FE_448_H
+#define WOLF_CRYPT_FE_448_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(HAVE_CURVE448) || defined(HAVE_ED448)
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT)
+ #define CURVED448_128BIT
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* default to be faster but take more memory */
+#if !defined(CURVE448_SMALL) && !defined(ED448_SMALL)
+
+#if defined(CURVED448_128BIT)
+ typedef sword64 fe448;
+ #ifndef WOLFSSL_UINT128_T_DEFINED
+ #ifdef __SIZEOF_INT128__
+ typedef __uint128_t uint128_t;
+ typedef __int128_t int128_t;
+ typedef __uint128_t word128;
+ typedef __int128_t sword128;
+ #else
+ typedef unsigned long uint128_t __attribute__ ((mode(TI)));
+ typedef long int128_t __attribute__ ((mode(TI)));
+ typedef uint128_t word128;
+ typedef int128_t sword128;
+ #endif
+ #define WOLFSSL_UINT128_T_DEFINED
+ #endif
+#else
+ typedef sword32 fe448;
+#endif
+
+WOLFSSL_LOCAL void fe448_init(void);
+WOLFSSL_LOCAL int curve448(byte* r, const byte* n, const byte* a);
+
+#if !defined(CURVED448_128BIT)
+WOLFSSL_LOCAL void fe448_reduce(fe448*);
+#else
+#define fe448_reduce(a)
+#endif
+WOLFSSL_LOCAL void fe448_neg(fe448*,const fe448*);
+WOLFSSL_LOCAL void fe448_add(fe448*, const fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_sub(fe448*, const fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_mul(fe448*,const fe448*,const fe448*);
+WOLFSSL_LOCAL void fe448_sqr(fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_mul39081(fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_invert(fe448*, const fe448*);
+
+WOLFSSL_LOCAL void fe448_0(fe448*);
+WOLFSSL_LOCAL void fe448_1(fe448*);
+WOLFSSL_LOCAL void fe448_copy(fe448*, const fe448*);
+WOLFSSL_LOCAL int fe448_isnonzero(const fe448*);
+WOLFSSL_LOCAL int fe448_isnegative(const fe448*);
+
+WOLFSSL_LOCAL void fe448_from_bytes(fe448*,const unsigned char *);
+WOLFSSL_LOCAL void fe448_to_bytes(unsigned char *, const fe448*);
+
+WOLFSSL_LOCAL void fe448_cmov(fe448*,const fe448*, int);
+WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448*,const fe448*);
+
+#else
+
+WOLFSSL_LOCAL void fe448_init(void);
+WOLFSSL_LOCAL int curve448(byte* r, const byte* n, const byte* a);
+
+#define fe448_reduce(a)
+WOLFSSL_LOCAL void fe448_neg(word8*,const word8*);
+WOLFSSL_LOCAL void fe448_add(word8*, const word8*, const word8*);
+WOLFSSL_LOCAL void fe448_sub(word8*, const word8*, const word8*);
+WOLFSSL_LOCAL void fe448_mul(word8*,const word8*,const word8*);
+WOLFSSL_LOCAL void fe448_sqr(word8*, const word8*);
+WOLFSSL_LOCAL void fe448_mul39081(word8*, const word8*);
+WOLFSSL_LOCAL void fe448_invert(word8*, const word8*);
+
+WOLFSSL_LOCAL void fe448_copy(word8*, const word8*);
+WOLFSSL_LOCAL int fe448_isnonzero(const word8*);
+
+WOLFSSL_LOCAL void fe448_norm(byte *a);
+
+WOLFSSL_LOCAL void fe448_cmov(word8*,const word8*, int);
+WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8*,const word8*);
+
+#endif /* !CURVE448_SMALL || !ED448_SMALL */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CURVE448 || HAVE_ED448 */
+
+#endif /* WOLF_CRYPT_FE_448_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fe_operations.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fe_operations.h
new file mode 100644
index 0000000..03d3afa
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fe_operations.h
@@ -0,0 +1,206 @@
+/* fe_operations.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_FE_OPERATIONS_H
+#define WOLF_CRYPT_FE_OPERATIONS_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(USE_INTEL_SPEEDUP) && !defined(NO_CURVED25519_X64)
+ #define CURVED25519_X64
+#elif defined(HAVE___UINT128_T) && !defined(NO_CURVED25519_128BIT)
+ #define CURVED25519_128BIT
+#endif
+
+#if defined(CURVED25519_X64)
+ #define CURVED25519_ASM_64BIT
+ #define CURVED25519_ASM
+#endif
+#if defined(WOLFSSL_ARMASM)
+ #ifdef __aarch64__
+ #define CURVED25519_ASM_64BIT
+ #else
+ #define CURVED25519_ASM_32BIT
+ #endif
+ #define CURVED25519_ASM
+#endif
+
+/*
+fe means field element.
+Here the field is \Z/(2^255-19).
+An element t, entries t[0]...t[9], represents the integer
+t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
+Bounds on each t[i] vary depending on context.
+*/
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#if defined(CURVE25519_SMALL) || defined(ED25519_SMALL)
+ #define F25519_SIZE 32
+
+ WOLFSSL_LOCAL void lm_copy(byte*, const byte*);
+ WOLFSSL_LOCAL void lm_add(byte*, const byte*, const byte*);
+ WOLFSSL_LOCAL void lm_sub(byte*, const byte*, const byte*);
+ WOLFSSL_LOCAL void lm_neg(byte*,const byte*);
+ WOLFSSL_LOCAL void lm_invert(byte*, const byte*);
+ WOLFSSL_LOCAL void lm_mul(byte*,const byte*,const byte*);
+#endif
+
+
+#if !defined(FREESCALE_LTC_ECC)
+WOLFSSL_LOCAL void fe_init(void);
+
+WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p);
+#endif
+
+/* default to be faster but take more memory */
+#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
+
+#ifdef CURVED25519_ASM_64BIT
+ typedef sword64 fe[4];
+#elif defined(CURVED25519_ASM_32BIT)
+ typedef sword32 fe[8];
+#elif defined(CURVED25519_128BIT)
+ typedef sword64 fe[5];
+#else
+ typedef sword32 fe[10];
+#endif
+
+WOLFSSL_LOCAL void fe_copy(fe, const fe);
+WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
+WOLFSSL_LOCAL void fe_neg(fe,const fe);
+WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
+WOLFSSL_LOCAL void fe_invert(fe, const fe);
+WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
+
+
+/* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
+ work. */
+
+WOLFSSL_LOCAL void fe_0(fe);
+WOLFSSL_LOCAL void fe_1(fe);
+WOLFSSL_LOCAL int fe_isnonzero(const fe);
+WOLFSSL_LOCAL int fe_isnegative(const fe);
+WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe);
+WOLFSSL_LOCAL void fe_sq(fe, const fe);
+WOLFSSL_LOCAL void fe_sq2(fe,const fe);
+WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *);
+WOLFSSL_LOCAL void fe_cswap(fe, fe, int);
+WOLFSSL_LOCAL void fe_mul121666(fe,fe);
+WOLFSSL_LOCAL void fe_cmov(fe,const fe, int);
+WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
+
+/* 64 type needed for SHA512 */
+WOLFSSL_LOCAL word64 load_3(const unsigned char *in);
+WOLFSSL_LOCAL word64 load_4(const unsigned char *in);
+
+#ifdef CURVED25519_ASM
+WOLFSSL_LOCAL void fe_ge_to_p2(fe rx, fe ry, fe rz, const fe px, const fe py,
+ const fe pz, const fe pt);
+WOLFSSL_LOCAL void fe_ge_to_p3(fe rx, fe ry, fe rz, fe rt, const fe px,
+ const fe py, const fe pz, const fe pt);
+WOLFSSL_LOCAL void fe_ge_dbl(fe rx, fe ry, fe rz, fe rt, const fe px,
+ const fe py, const fe pz);
+WOLFSSL_LOCAL void fe_ge_madd(fe rx, fe ry, fe rz, fe rt, const fe px,
+ const fe py, const fe pz, const fe pt,
+ const fe qxy2d, const fe qyplusx,
+ const fe qyminusx);
+WOLFSSL_LOCAL void fe_ge_msub(fe rx, fe ry, fe rz, fe rt, const fe px,
+ const fe py, const fe pz, const fe pt,
+ const fe qxy2d, const fe qyplusx,
+ const fe qyminusx);
+WOLFSSL_LOCAL void fe_ge_add(fe rx, fe ry, fe rz, fe rt, const fe px,
+ const fe py, const fe pz, const fe pt, const fe qz,
+ const fe qt2d, const fe qyplusx,
+ const fe qyminusx);
+WOLFSSL_LOCAL void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px,
+ const fe py, const fe pz, const fe pt, const fe qz,
+ const fe qt2d, const fe qyplusx,
+ const fe qyminusx);
+WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b);
+#endif /* CURVED25519_ASM */
+#endif /* !CURVE25519_SMALL || !ED25519_SMALL */
+
+/* Use less memory and only 32bit types or less, but is slower
+ Based on Daniel Beer's public domain work. */
+#if defined(CURVE25519_SMALL) || defined(ED25519_SMALL)
+static const byte c25519_base_x[F25519_SIZE] = {9};
+static const byte f25519_zero[F25519_SIZE] = {0};
+static const byte f25519_one[F25519_SIZE] = {1};
+static const byte fprime_zero[F25519_SIZE] = {0};
+static const byte fprime_one[F25519_SIZE] = {1};
+
+WOLFSSL_LOCAL void fe_load(byte *x, word32 c);
+WOLFSSL_LOCAL void fe_normalize(byte *x);
+WOLFSSL_LOCAL void fe_inv__distinct(byte *r, const byte *x);
+
+/* Conditional copy. If condition == 0, then zero is copied to dst. If
+ * condition == 1, then one is copied to dst. Any other value results in
+ * undefined behavior.
+ */
+WOLFSSL_LOCAL void fe_select(byte *dst, const byte *zero, const byte *one,
+ byte condition);
+
+/* Multiply a point by a small constant. The two pointers are not
+ * required to be distinct.
+ *
+ * The constant must be less than 2^24.
+ */
+WOLFSSL_LOCAL void fe_mul_c(byte *r, const byte *a, word32 b);
+WOLFSSL_LOCAL void fe_mul__distinct(byte *r, const byte *a, const byte *b);
+
+/* Compute one of the square roots of the field element, if the element
+ * is square. The other square is -r.
+ *
+ * If the input is not square, the returned value is a valid field
+ * element, but not the correct answer. If you don't already know that
+ * your element is square, you should square the return value and test.
+ */
+WOLFSSL_LOCAL void fe_sqrt(byte *r, const byte *x);
+
+/* Conditional copy. If condition == 0, then zero is copied to dst. If
+ * condition == 1, then one is copied to dst. Any other value results in
+ * undefined behavior.
+ */
+WOLFSSL_LOCAL void fprime_select(byte *dst, const byte *zero, const byte *one,
+ byte condition);
+WOLFSSL_LOCAL void fprime_add(byte *r, const byte *a, const byte *modulus);
+WOLFSSL_LOCAL void fprime_sub(byte *r, const byte *a, const byte *modulus);
+WOLFSSL_LOCAL void fprime_mul(byte *r, const byte *a, const byte *b,
+ const byte *modulus);
+WOLFSSL_LOCAL void fprime_copy(byte *x, const byte *a);
+
+#endif /* CURVE25519_SMALL || ED25519_SMALL */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_CURVE25519 || HAVE_ED25519 */
+
+#endif /* WOLF_CRYPT_FE_OPERATIONS_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fips_test.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fips_test.h
new file mode 100644
index 0000000..9d139fd
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/fips_test.h
@@ -0,0 +1,59 @@
+/* fips_test.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#ifndef WOLF_CRYPT_FIPS_TEST_H
+#define WOLF_CRYPT_FIPS_TEST_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Known Answer Test string inputs are hex, internal */
+WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int);
+
+
+/* FIPS failure callback */
+typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash);
+
+/* Public set function */
+WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
+
+/* Public get status functions */
+WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
+WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
+
+#ifdef HAVE_FORCE_FIPS_FAILURE
+ /* Public function to force failure mode for operational testing */
+ WOLFSSL_API int wolfCrypt_SetStatus_fips(int);
+#endif
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_FIPS_TEST_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ge_448.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ge_448.h
new file mode 100644
index 0000000..befedce
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ge_448.h
@@ -0,0 +1,86 @@
+/* ge_448.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_GE_448_H
+#define WOLF_CRYPT_GE_448_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef HAVE_ED448
+
+#include <wolfssl/wolfcrypt/fe_448.h>
+
+/*
+ge448 means group element.
+
+Here the group is the set of pairs (x,y) of field elements (see fe.h)
+satisfying -x^2 + y^2 = 1 + d x^2y^2
+where d = -39081.
+
+Representations:
+ ge448_p2 (projective) : (X:Y:Z) satisfying x=X/Z, y=Y/Z
+ ge448_precomp (affine): (x,y)
+*/
+
+#ifdef ED448_SMALL
+ typedef byte ge448;
+ #define GE448_WORDS 56
+#elif defined(CURVED448_128BIT)
+ typedef sword64 ge448;
+ #define GE448_WORDS 8
+#else
+ typedef sword32 ge448;
+ #define GE448_WORDS 16
+#endif
+
+typedef struct {
+ ge448 X[GE448_WORDS];
+ ge448 Y[GE448_WORDS];
+ ge448 Z[GE448_WORDS];
+} ge448_p2;
+
+
+WOLFSSL_LOCAL int ge448_compress_key(byte*, const byte*, const byte*);
+WOLFSSL_LOCAL int ge448_from_bytes_negate_vartime(ge448_p2 *,
+ const unsigned char *);
+
+WOLFSSL_LOCAL int ge448_double_scalarmult_vartime(ge448_p2 *,
+ const unsigned char *,
+ const ge448_p2 *,
+ const unsigned char *);
+WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2 *, const unsigned char *);
+WOLFSSL_LOCAL void sc448_reduce(byte*);
+WOLFSSL_LOCAL void sc448_muladd(byte*, const byte*, const byte*, const byte*);
+WOLFSSL_LOCAL void ge448_to_bytes(unsigned char *, const ge448_p2 *);
+
+
+#ifndef ED448_SMALL
+typedef struct {
+ ge448 x[GE448_WORDS];
+ ge448 y[GE448_WORDS];
+} ge448_precomp;
+
+#endif /* !ED448_SMALL */
+
+#endif /* HAVE_ED448 */
+
+#endif /* WOLF_CRYPT_GE_448_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ge_operations.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ge_operations.h
new file mode 100644
index 0000000..5ad7814
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ge_operations.h
@@ -0,0 +1,113 @@
+/* ge_operations.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+ /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
+
+#ifndef WOLF_CRYPT_GE_OPERATIONS_H
+#define WOLF_CRYPT_GE_OPERATIONS_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef HAVE_ED25519
+
+#include <wolfssl/wolfcrypt/fe_operations.h>
+
+/*
+ge means group element.
+
+Here the group is the set of pairs (x,y) of field elements (see fe.h)
+satisfying -x^2 + y^2 = 1 + d x^2y^2
+where d = -121665/121666.
+
+Representations:
+ ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+ ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+ ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+ ge_precomp (Duif): (y+x,y-x,2dxy)
+*/
+
+#ifdef ED25519_SMALL
+ typedef byte ge[F25519_SIZE];
+#elif defined(CURVED25519_ASM_64BIT)
+ typedef sword64 ge[4];
+#elif defined(CURVED25519_ASM_32BIT)
+ typedef sword32 ge[8];
+#elif defined(CURVED25519_128BIT)
+ typedef sword64 ge[5];
+#else
+ typedef sword32 ge[10];
+#endif
+
+typedef struct {
+ ge X;
+ ge Y;
+ ge Z;
+} ge_p2;
+
+typedef struct {
+ ge X;
+ ge Y;
+ ge Z;
+ ge T;
+} ge_p3;
+
+
+WOLFSSL_LOCAL int ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
+ word32 keySz);
+WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
+
+WOLFSSL_LOCAL int ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,
+ const ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL void sc_reduce(byte* s);
+WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b,
+ const byte* c);
+WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *);
+WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *);
+
+
+#ifndef ED25519_SMALL
+typedef struct {
+ ge X;
+ ge Y;
+ ge Z;
+ ge T;
+} ge_p1p1;
+
+typedef struct {
+ ge yplusx;
+ ge yminusx;
+ ge xy2d;
+} ge_precomp;
+
+typedef struct {
+ ge YplusX;
+ ge YminusX;
+ ge Z;
+ ge T2d;
+} ge_cached;
+
+#endif /* !ED25519_SMALL */
+
+#endif /* HAVE_ED25519 */
+
+#endif /* WOLF_CRYPT_GE_OPERATIONS_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hash.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hash.h
new file mode 100644
index 0000000..0c6bc77
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hash.h
@@ -0,0 +1,252 @@
+/* hash.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/hash.h
+*/
+
+#ifndef WOLF_CRYPT_HASH_H
+#define WOLF_CRYPT_HASH_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_MD5
+ #include <wolfssl/wolfcrypt/md5.h>
+#endif
+#ifndef NO_SHA
+ #include <wolfssl/wolfcrypt/sha.h>
+#endif
+#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
+ #include <wolfssl/wolfcrypt/sha256.h>
+#endif
+#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
+ #include <wolfssl/wolfcrypt/sha512.h>
+#endif
+#ifdef HAVE_BLAKE2
+ #include <wolfssl/wolfcrypt/blake2.h>
+#endif
+#ifdef WOLFSSL_SHA3
+ #include <wolfssl/wolfcrypt/sha3.h>
+#endif
+#ifndef NO_MD4
+ #include <wolfssl/wolfcrypt/md4.h>
+#endif
+#ifdef WOLFSSL_MD2
+ #include <wolfssl/wolfcrypt/md2.h>
+#endif
+#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
+ #include <wolfssl/wolfcrypt/blake2.h>
+#endif
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#if !defined(HAVE_FIPS) && !defined(NO_OLD_WC_NAMES)
+ #define MAX_DIGEST_SIZE WC_MAX_DIGEST_SIZE
+#endif
+
+
+/* Supported Message Authentication Codes from page 43 */
+enum wc_MACAlgorithm {
+ no_mac,
+ md5_mac,
+ sha_mac,
+ sha224_mac,
+ sha256_mac, /* needs to match external KDF_MacAlgorithm */
+ sha384_mac,
+ sha512_mac,
+ rmd_mac,
+ blake2b_mac
+};
+
+enum wc_HashFlags {
+ WC_HASH_FLAG_NONE = 0x00000000,
+ WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */
+ WC_HASH_FLAG_ISCOPY = 0x00000002, /* hash is copy */
+#ifdef WOLFSSL_SHA3
+ WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */
+#endif
+};
+
+#ifndef NO_HASH_WRAPPER
+typedef union {
+ #ifndef NO_MD5
+ wc_Md5 md5;
+ #endif
+ #ifndef NO_SHA
+ wc_Sha sha;
+ #endif
+ #ifdef WOLFSSL_SHA224
+ wc_Sha224 sha224;
+ #endif
+ #ifndef NO_SHA256
+ wc_Sha256 sha256;
+ #endif
+ #ifdef WOLFSSL_SHA384
+ wc_Sha384 sha384;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ wc_Sha512 sha512;
+ #endif
+ #ifdef WOLFSSL_SHA3
+ wc_Sha3 sha3;
+ #endif
+} wc_HashAlg;
+#endif /* !NO_HASH_WRAPPER */
+
+/* Find largest possible digest size
+ Note if this gets up to the size of 80 or over check smallstack build */
+#if defined(WOLFSSL_SHA3)
+ #define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE
+ #define WC_MAX_BLOCK_SIZE WC_SHA3_224_BLOCK_SIZE /* 224 is the largest block size */
+#elif defined(WOLFSSL_SHA512)
+ #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
+ #define WC_MAX_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
+#elif defined(HAVE_BLAKE2)
+ #define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES
+ #define WC_MAX_BLOCK_SIZE BLAKE2B_BLOCKBYTES
+#elif defined(WOLFSSL_SHA384)
+ #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
+ #define WC_MAX_BLOCK_SIZE WC_SHA384_BLOCK_SIZE
+#elif !defined(NO_SHA256)
+ #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
+ #define WC_MAX_BLOCK_SIZE WC_SHA256_BLOCK_SIZE
+#elif defined(WOLFSSL_SHA224)
+ #define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
+ #define WC_MAX_BLOCK_SIZE WC_SHA224_BLOCK_SIZE
+#elif !defined(NO_SHA)
+ #define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE
+ #define WC_MAX_BLOCK_SIZE WC_SHA_BLOCK_SIZE
+#elif !defined(NO_MD5)
+ #define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE
+ #define WC_MAX_BLOCK_SIZE WC_MD5_BLOCK_SIZE
+#else
+ #define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */
+ #define WC_MAX_BLOCK_SIZE 128
+#endif
+
+#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
+WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
+WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid);
+#endif
+
+WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType);
+
+#ifndef NO_HASH_WRAPPER
+
+WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
+WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type);
+WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
+ const byte* data, word32 data_len,
+ byte* hash, word32 hash_len);
+
+/* generic hash operation wrappers */
+WOLFSSL_API int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type,
+ void* heap, int devId);
+WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type);
+WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type,
+ const byte* data, word32 dataSz);
+WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
+ byte* out);
+WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type,
+ word32 flags);
+ WOLFSSL_API int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type,
+ word32* flags);
+#endif
+
+#ifndef NO_MD5
+#include <wolfssl/wolfcrypt/md5.h>
+WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash);
+#endif
+
+#ifndef NO_SHA
+#include <wolfssl/wolfcrypt/sha.h>
+WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
+#endif
+
+#ifdef WOLFSSL_SHA224
+#include <wolfssl/wolfcrypt/sha256.h>
+WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*);
+#endif /* defined(WOLFSSL_SHA224) */
+
+#ifndef NO_SHA256
+#include <wolfssl/wolfcrypt/sha256.h>
+WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
+#endif
+
+#ifdef WOLFSSL_SHA384
+#include <wolfssl/wolfcrypt/sha512.h>
+WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
+#endif /* defined(WOLFSSL_SHA384) */
+
+#ifdef WOLFSSL_SHA512
+#include <wolfssl/wolfcrypt/sha512.h>
+WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
+#endif /* WOLFSSL_SHA512 */
+
+#ifdef WOLFSSL_SHA3
+#include <wolfssl/wolfcrypt/sha3.h>
+WOLFSSL_API int wc_Sha3_224Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_256Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_384Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_512Hash(const byte*, word32, byte*);
+#ifdef WOLFSSL_SHAKE256
+WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32);
+#endif
+#endif /* WOLFSSL_SHA3 */
+
+#endif /* !NO_HASH_WRAPPER */
+
+enum max_prf {
+#ifdef HAVE_FFDHE_8192
+ MAX_PRF_HALF = 516, /* Maximum half secret len */
+#elif defined(HAVE_FFDHE_6144)
+ MAX_PRF_HALF = 388, /* Maximum half secret len */
+#else
+ MAX_PRF_HALF = 260, /* Maximum half secret len */
+#endif
+ MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
+ MAX_PRF_DIG = 224 /* Maximum digest len */
+};
+
+#ifdef WOLFSSL_HAVE_PRF
+WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret,
+ word32 secLen, const byte* seed, word32 seedLen, int hash,
+ void* heap, int devId);
+WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
+ word32 secLen, const byte* label, word32 labLen,
+ const byte* seed, word32 seedLen, void* heap, int devId);
+WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret,
+ word32 secLen, const byte* label, word32 labLen,
+ const byte* seed, word32 seedLen, int useAtLeastSha256,
+ int hash_type, void* heap, int devId);
+#endif /* WOLFSSL_HAVE_PRF */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_HASH_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hc128.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hc128.h
new file mode 100644
index 0000000..2b93a24
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hc128.h
@@ -0,0 +1,67 @@
+/* hc128.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/hc128.h
+*/
+
+
+#ifndef WOLF_CRYPT_HC128_H
+#define WOLF_CRYPT_HC128_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_HC128
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum {
+ HC128_ENC_TYPE = WC_CIPHER_HC128, /* cipher unique type */
+};
+
+/* HC-128 stream cipher */
+typedef struct HC128 {
+ word32 T[1024]; /* P[i] = T[i]; Q[i] = T[1024 + i ]; */
+ word32 X[16];
+ word32 Y[16];
+ word32 counter1024; /* counter1024 = i mod 1024 at the ith step */
+ word32 key[8];
+ word32 iv[8];
+#ifdef XSTREAM_ALIGN
+ void* heap; /* heap hint, currently XMALLOC only used with aligning */
+#endif
+} HC128;
+
+
+WOLFSSL_API int wc_Hc128_Process(HC128*, byte*, const byte*, word32);
+WOLFSSL_API int wc_Hc128_SetKey(HC128*, const byte* key, const byte* iv);
+
+WOLFSSL_LOCAL int wc_Hc128_SetHeap(HC128* ctx, void* heap);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_HC128 */
+#endif /* WOLF_CRYPT_HC128_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hmac.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hmac.h
new file mode 100644
index 0000000..a8d12a7
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/hmac.h
@@ -0,0 +1,214 @@
+/* hmac.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/hmac.h
+*/
+
+#ifndef NO_HMAC
+
+#ifndef WOLF_CRYPT_HMAC_H
+#define WOLF_CRYPT_HMAC_H
+
+#include <wolfssl/wolfcrypt/hash.h>
+
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+/* for fips @wc_fips */
+ #include <cyassl/ctaocrypt/hmac.h>
+ #define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE
+#endif
+
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+#ifndef NO_OLD_WC_NAMES
+ #define HMAC_BLOCK_SIZE WC_HMAC_BLOCK_SIZE
+#endif
+
+#define WC_HMAC_INNER_HASH_KEYED_SW 1
+#define WC_HMAC_INNER_HASH_KEYED_DEV 2
+
+enum {
+ HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
+
+ IPAD = 0x36,
+ OPAD = 0x5C,
+
+/* If any hash is not enabled, add the ID here. */
+#ifdef NO_MD5
+ WC_MD5 = WC_HASH_TYPE_MD5,
+#endif
+#ifdef NO_SHA
+ WC_SHA = WC_HASH_TYPE_SHA,
+#endif
+#ifdef NO_SHA256
+ WC_SHA256 = WC_HASH_TYPE_SHA256,
+#endif
+#ifndef WOLFSSL_SHA512
+ WC_SHA512 = WC_HASH_TYPE_SHA512,
+#endif
+#ifndef WOLFSSL_SHA384
+ WC_SHA384 = WC_HASH_TYPE_SHA384,
+#endif
+#ifndef WOLFSSL_SHA224
+ WC_SHA224 = WC_HASH_TYPE_SHA224,
+#endif
+#ifndef WOLFSSL_SHA3
+ WC_SHA3_224 = WC_HASH_TYPE_SHA3_224,
+ WC_SHA3_256 = WC_HASH_TYPE_SHA3_256,
+ WC_SHA3_384 = WC_HASH_TYPE_SHA3_384,
+ WC_SHA3_512 = WC_HASH_TYPE_SHA3_512,
+#endif
+#ifdef HAVE_PKCS11
+ HMAC_MAX_ID_LEN = 32,
+ HMAC_MAX_LABEL_LEN = 32,
+#endif
+};
+
+/* Select the largest available hash for the buffer size. */
+#define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE
+
+#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && \
+ !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && \
+ defined(WOLFSSL_SHA224) && defined(NO_SHA) && defined(NO_MD5)
+ #error "You have to have some kind of hash if you want to use HMAC."
+#endif
+
+
+/* hash union */
+typedef union {
+#ifndef NO_MD5
+ wc_Md5 md5;
+#endif
+#ifndef NO_SHA
+ wc_Sha sha;
+#endif
+#ifdef WOLFSSL_SHA224
+ wc_Sha224 sha224;
+#endif
+#ifndef NO_SHA256
+ wc_Sha256 sha256;
+#endif
+#ifdef WOLFSSL_SHA384
+ wc_Sha384 sha384;
+#endif
+#ifdef WOLFSSL_SHA512
+ wc_Sha512 sha512;
+#endif
+#ifdef WOLFSSL_SHA3
+ wc_Sha3 sha3;
+#endif
+} wc_Hmac_Hash;
+
+/* Hmac digest */
+struct Hmac {
+ wc_Hmac_Hash hash;
+ word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
+ word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)];
+ word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];
+ void* heap; /* heap hint */
+ byte macType; /* md5 sha or sha256 */
+ byte innerHashKeyed; /* keyed flag */
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#ifdef WOLF_CRYPTO_CB
+ int devId;
+ void* devCtx;
+ const byte* keyRaw;
+#endif
+#ifdef HAVE_PKCS11
+ byte id[HMAC_MAX_ID_LEN];
+ int idLen;
+ char label[HMAC_MAX_LABEL_LEN];
+ int labelLen;
+#endif
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
+ word16 keyLen; /* hmac key length (key in ipad) */
+#endif
+};
+
+#ifndef WC_HMAC_TYPE_DEFINED
+ typedef struct Hmac Hmac;
+ #define WC_HMAC_TYPE_DEFINED
+#endif
+
+
+#endif /* HAVE_FIPS */
+
+/* does init */
+WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
+WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
+WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
+WOLFSSL_API int wc_HmacSizeByType(int type);
+
+WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId);
+#ifdef HAVE_PKCS11
+WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
+ int devId);
+WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
+ int devId);
+#endif
+WOLFSSL_API void wc_HmacFree(Hmac*);
+
+WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
+
+WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap);
+
+#ifdef HAVE_HKDF
+
+WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
+ const byte* inKey, word32 inKeySz, byte* out);
+WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
+ const byte* info, word32 infoSz,
+ byte* out, word32 outSz);
+
+WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
+ const byte* salt, word32 saltSz,
+ const byte* info, word32 infoSz,
+ byte* out, word32 outSz);
+
+#endif /* HAVE_HKDF */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_HMAC_H */
+
+#endif /* NO_HMAC */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/idea.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/idea.h
new file mode 100644
index 0000000..16a3817
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/idea.h
@@ -0,0 +1,70 @@
+/* idea.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/idea.h
+*/
+
+#ifndef WOLF_CRYPT_IDEA_H
+#define WOLF_CRYPT_IDEA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_IDEA
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum {
+ IDEA_MODULO = 0x10001, /* 2^16+1 */
+ IDEA_2EXP16 = 0x10000, /* 2^16 */
+ IDEA_MASK = 0xFFFF, /* 16 bits set to one */
+ IDEA_ROUNDS = 8, /* number of rounds for IDEA */
+ IDEA_SK_NUM = (6*IDEA_ROUNDS + 4), /* number of subkeys */
+ IDEA_KEY_SIZE = 16, /* size of key in bytes */
+ IDEA_BLOCK_SIZE = 8, /* size of IDEA blocks in bytes */
+ IDEA_IV_SIZE = 8, /* size of IDEA IV in bytes */
+ IDEA_ENCRYPTION = 0,
+ IDEA_DECRYPTION = 1
+};
+
+/* IDEA encryption and decryption */
+typedef struct Idea {
+ word32 reg[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ word32 tmp[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ word16 skey[IDEA_SK_NUM]; /* 832 bits expanded key */
+} Idea;
+
+WOLFSSL_API int wc_IdeaSetKey(Idea *idea, const byte* key, word16 keySz,
+ const byte *iv, int dir);
+WOLFSSL_API int wc_IdeaSetIV(Idea *idea, const byte* iv);
+WOLFSSL_API int wc_IdeaCipher(Idea *idea, byte* out, const byte* in);
+WOLFSSL_API int wc_IdeaCbcEncrypt(Idea *idea, byte* out,
+ const byte* in, word32 len);
+WOLFSSL_API int wc_IdeaCbcDecrypt(Idea *idea, byte* out,
+ const byte* in, word32 len);
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_IDEA */
+#endif /* WOLF_CRYPT_IDEA_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/integer.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/integer.h
new file mode 100644
index 0000000..255f55c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/integer.h
@@ -0,0 +1,416 @@
+/* integer.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/*
+ * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
+ * http://math.libtomcrypt.com
+ */
+
+
+#ifndef WOLF_CRYPT_INTEGER_H
+#define WOLF_CRYPT_INTEGER_H
+
+/* may optionally use fast math instead, not yet supported on all platforms and
+ may not be faster on all
+*/
+#include <wolfssl/wolfcrypt/types.h> /* will set MP_xxBIT if not default */
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+ #include <wolfssl/wolfcrypt/sp_int.h>
+#elif defined(USE_FAST_MATH)
+ #include <wolfssl/wolfcrypt/tfm.h>
+#else
+
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifndef CHAR_BIT
+ #if defined(WOLFSSL_LINUXKM)
+ #include <linux/limits.h>
+ #else
+ #include <limits.h>
+ #endif
+#endif
+
+#include <wolfssl/wolfcrypt/mpi_class.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+
+/* C++ compilers don't like assigning void * to mp_digit * */
+#define OPT_CAST(x) (x *)
+
+#elif defined(_SH3)
+
+/* SuperH SH3 compiler doesn't like assigning voi* to mp_digit* */
+#define OPT_CAST(x) (x *)
+
+#else
+
+/* C on the other hand doesn't care */
+#define OPT_CAST(x)
+
+#endif /* __cplusplus */
+
+
+/* detect 64-bit mode if possible */
+#if (defined(__x86_64__) || defined(__aarch64__)) && !(defined (_MSC_VER) && defined(__clang__))
+ #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
+ #define MP_64BIT
+ #endif
+#endif
+/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
+#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
+ #undef MP_64BIT
+#endif
+
+
+/* allow user to define on mp_digit, mp_word, DIGIT_BIT types */
+#ifndef WOLFSSL_BIGINT_TYPES
+
+/* some default configurations.
+ *
+ * A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
+ * A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
+ *
+ * At the very least a mp_digit must be able to hold 7 bits
+ * [any size beyond that is ok provided it doesn't overflow the data type]
+ */
+#ifdef MP_8BIT
+ /* 8-bit */
+ typedef unsigned char mp_digit;
+ typedef unsigned short mp_word;
+ /* don't define DIGIT_BIT, so its calculated below */
+#elif defined(MP_16BIT)
+ /* 16-bit */
+ typedef unsigned int mp_digit;
+ typedef unsigned long mp_word;
+ /* don't define DIGIT_BIT, so its calculated below */
+#elif defined(NO_64BIT)
+ /* 32-bit forced to 16-bit */
+ typedef unsigned short mp_digit;
+ typedef unsigned int mp_word;
+ #define DIGIT_BIT 12
+#elif defined(MP_64BIT)
+ /* 64-bit */
+ /* for GCC only on supported platforms */
+ typedef unsigned long long mp_digit; /* 64 bit type, 128 uses mode(TI) */
+ typedef unsigned long mp_word __attribute__ ((mode(TI)));
+ #define DIGIT_BIT 60
+#else
+ /* 32-bit default case */
+
+ #if defined(_MSC_VER) || defined(__BORLANDC__)
+ typedef unsigned __int64 ulong64;
+ #else
+ typedef unsigned long long ulong64;
+ #endif
+
+ typedef unsigned int mp_digit; /* long could be 64 now, changed TAO */
+ typedef ulong64 mp_word;
+
+ #ifdef MP_31BIT
+ /* this is an extension that uses 31-bit digits */
+ #define DIGIT_BIT 31
+ #else
+ /* default case is 28-bit digits, defines MP_28BIT as a handy test macro */
+ #define DIGIT_BIT 28
+ #define MP_28BIT
+ #endif
+#endif
+
+#endif /* WOLFSSL_BIGINT_TYPES */
+
+/* otherwise the bits per digit is calculated automatically from the size of
+ a mp_digit */
+#ifndef DIGIT_BIT
+ #define DIGIT_BIT ((int)((CHAR_BIT * sizeof(mp_digit) - 1)))
+ /* bits per digit */
+#endif
+
+#define MP_DIGIT_BIT DIGIT_BIT
+#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
+#define MP_DIGIT_MAX MP_MASK
+
+/* equalities */
+#define MP_LT -1 /* less than */
+#define MP_EQ 0 /* equal to */
+#define MP_GT 1 /* greater than */
+
+#define MP_ZPOS 0 /* positive integer */
+#define MP_NEG 1 /* negative */
+
+#define MP_OKAY 0 /* ok result */
+#define MP_MEM -2 /* out of mem */
+#define MP_VAL -3 /* invalid input */
+#define MP_NOT_INF -4 /* point not at infinity */
+#define MP_RANGE MP_NOT_INF
+
+#define MP_YES 1 /* yes response */
+#define MP_NO 0 /* no response */
+
+/* Primality generation flags */
+#define LTM_PRIME_BBS 0x0001 /* BBS style prime */
+#define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */
+#define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */
+
+typedef int mp_err;
+
+/* define this to use lower memory usage routines (exptmods mostly) */
+#define MP_LOW_MEM
+
+/* default precision */
+#ifndef MP_PREC
+ #ifndef MP_LOW_MEM
+ #define MP_PREC 32 /* default digits of precision */
+ #else
+ #define MP_PREC 1 /* default digits of precision */
+ #endif
+#endif
+
+/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD -
+ BITS_PER_DIGIT*2) */
+#define MP_WARRAY ((mp_word)1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
+
+#ifdef HAVE_WOLF_BIGINT
+ /* raw big integer */
+ typedef struct WC_BIGINT {
+ byte* buf;
+ word32 len;
+ void* heap;
+ } WC_BIGINT;
+ #define WOLF_BIGINT_DEFINED
+#endif
+
+/* the mp_int structure */
+typedef struct mp_int {
+ int used, alloc, sign;
+ mp_digit *dp;
+
+#ifdef HAVE_WOLF_BIGINT
+ struct WC_BIGINT raw; /* unsigned binary (big endian) */
+#endif
+} mp_int;
+
+/* wolf big int and common functions */
+#include <wolfssl/wolfcrypt/wolfmath.h>
+
+
+/* callback for mp_prime_random, should fill dst with random bytes and return
+ how many read [up to len] */
+typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
+
+
+#define USED(m) ((m)->used)
+#define DIGIT(m,k) ((m)->dp[(k)])
+#define SIGN(m) ((m)->sign)
+
+
+/* ---> Basic Manipulations <--- */
+#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
+#define mp_isone(a) \
+ (((((a)->used == 1)) && ((a)->dp[0] == 1u) && ((a)->sign == MP_ZPOS)) \
+ ? MP_YES : MP_NO)
+#define mp_iseven(a) \
+ (((a)->used > 0 && (((a)->dp[0] & 1u) == 0u)) ? MP_YES : MP_NO)
+#define mp_isodd(a) \
+ (((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO)
+#define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO)
+#define mp_isword(a, w) \
+ ((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \
+ ? MP_YES : MP_NO)
+
+/* number of primes */
+#ifdef MP_8BIT
+ #define PRIME_SIZE 31
+#else
+ #define PRIME_SIZE 256
+#endif
+
+#ifndef MAX_INVMOD_SZ
+ #if defined(WOLFSSL_MYSQL_COMPATIBLE)
+ #define MAX_INVMOD_SZ 8192
+ #else
+ #define MAX_INVMOD_SZ 4096
+ #endif
+#endif
+
+#define mp_prime_random(a, t, size, bbs, cb, dat) \
+ mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat)
+
+#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
+#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
+#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
+
+#define MP_RADIX_BIN 2
+#define MP_RADIX_OCT 8
+#define MP_RADIX_DEC 10
+#define MP_RADIX_HEX 16
+#define MP_RADIX_MAX 64
+
+#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN)
+#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT)
+#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC)
+#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
+
+#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
+
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
+ defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL)
+extern const char *mp_s_rmap;
+#endif
+
+/* 6 functions needed by Rsa */
+MP_API int mp_init (mp_int * a);
+MP_API void mp_clear (mp_int * a);
+MP_API void mp_free (mp_int * a);
+MP_API void mp_forcezero(mp_int * a);
+MP_API int mp_unsigned_bin_size(const mp_int * a);
+MP_API int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
+MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b);
+MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
+MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c);
+MP_API int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
+MP_API int mp_exptmod_ex (mp_int * G, mp_int * X, int digits, mp_int * P,
+ mp_int * Y);
+/* end functions needed by Rsa */
+
+/* functions added to support above needed, removed TOOM and KARATSUBA */
+MP_API int mp_count_bits (const mp_int * a);
+MP_API int mp_leading_bit (mp_int * a);
+MP_API int mp_init_copy (mp_int * a, mp_int * b);
+MP_API int mp_copy (const mp_int * a, mp_int * b);
+MP_API int mp_grow (mp_int * a, int size);
+MP_API int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
+MP_API void mp_zero (mp_int * a);
+MP_API void mp_clamp (mp_int * a);
+MP_API void mp_exch (mp_int * a, mp_int * b);
+MP_API int mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m);
+MP_API void mp_rshd (mp_int * a, int b);
+MP_API void mp_rshb (mp_int * a, int b);
+MP_API int mp_mod_2d (mp_int * a, int b, mp_int * c);
+MP_API int mp_mul_2d (mp_int * a, int b, mp_int * c);
+MP_API int mp_lshd (mp_int * a, int b);
+MP_API int mp_abs (mp_int * a, mp_int * b);
+MP_API int mp_invmod (mp_int * a, mp_int * b, mp_int * c);
+int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_cmp_mag (mp_int * a, mp_int * b);
+MP_API int mp_cmp (mp_int * a, mp_int * b);
+MP_API int mp_cmp_d(mp_int * a, mp_digit b);
+MP_API int mp_set (mp_int * a, mp_digit b);
+MP_API int mp_is_bit_set (mp_int * a, mp_digit b);
+MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
+MP_API int mp_div_2(mp_int * a, mp_int * b);
+MP_API int mp_div_2_mod_ct (mp_int* a, mp_int* b, mp_int* c);
+MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c);
+int s_mp_add (mp_int * a, mp_int * b, mp_int * c);
+int s_mp_sub (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_sub (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_reduce_is_2k_l(mp_int *a);
+MP_API int mp_reduce_is_2k(mp_int *a);
+MP_API int mp_dr_is_modulus(mp_int *a);
+MP_API int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
+ int);
+MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y);
+#define mp_exptmod_nct(G,X,P,Y) mp_exptmod_fast(G,X,P,Y,0)
+MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho);
+int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
+MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
+#define mp_montgomery_reduce_ex(x, n, rho, ct) mp_montgomery_reduce (x, n, rho)
+MP_API void mp_dr_setup(mp_int *a, mp_digit *d);
+MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k);
+MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
+int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
+int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
+MP_API int mp_reduce_2k_setup_l(mp_int *a, mp_int *d);
+MP_API int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d);
+MP_API int mp_reduce (mp_int * x, mp_int * m, mp_int * mu);
+MP_API int mp_reduce_setup (mp_int * a, mp_int * b);
+int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode);
+MP_API int mp_montgomery_calc_normalization (mp_int * a, mp_int * b);
+int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
+int s_mp_sqr (mp_int * a, mp_int * b);
+int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
+int fast_s_mp_sqr (mp_int * a, mp_int * b);
+MP_API int mp_init_size (mp_int * a, int size);
+MP_API int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d);
+MP_API int mp_mul_2(mp_int * a, mp_int * b);
+MP_API int mp_mul (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_sqr (mp_int * a, mp_int * b);
+MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
+MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
+MP_API int mp_2expt (mp_int * a, int b);
+MP_API int mp_set_bit (mp_int * a, int b);
+MP_API int mp_reduce_2k_setup(mp_int *a, mp_digit *d);
+MP_API int mp_add_d (mp_int* a, mp_digit b, mp_int* c);
+MP_API int mp_set_int (mp_int * a, unsigned long b);
+MP_API int mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
+/* end support added functions */
+
+/* added */
+MP_API int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
+ mp_int* f);
+MP_API int mp_toradix (mp_int *a, char *str, int radix);
+MP_API int mp_radix_size (mp_int * a, int radix, int *size);
+
+#ifdef WOLFSSL_DEBUG_MATH
+ MP_API void mp_dump(const char* desc, mp_int* a, byte verbose);
+#else
+ #define mp_dump(desc, a, verbose)
+#endif
+
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || \
+ !defined(NO_DSA) || !defined(NO_DH)
+ MP_API int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
+#endif
+#if !defined(NO_DSA) || defined(HAVE_ECC)
+ MP_API int mp_read_radix(mp_int* a, const char* str, int radix);
+#endif
+
+#if defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH)
+ MP_API int mp_prime_is_prime (mp_int * a, int t, int *result);
+ MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG*);
+#endif /* WOLFSSL_KEY_GEN NO_RSA NO_DSA NO_DH */
+#ifdef WOLFSSL_KEY_GEN
+ MP_API int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
+ MP_API int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
+ MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
+#endif
+
+MP_API int mp_cnt_lsb(mp_int *a);
+MP_API int mp_mod_d(mp_int* a, mp_digit b, mp_digit* c);
+
+
+#ifdef __cplusplus
+ }
+#endif
+
+
+#endif /* USE_FAST_MATH */
+
+#endif /* WOLF_CRYPT_INTEGER_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/logging.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/logging.h
new file mode 100644
index 0000000..0921864
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/logging.h
@@ -0,0 +1,206 @@
+/* logging.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/logging.h
+*/
+
+
+/* submitted by eof */
+
+
+#ifndef WOLFSSL_LOGGING_H
+#define WOLFSSL_LOGGING_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+enum wc_LogLevels {
+ ERROR_LOG = 0,
+ INFO_LOG,
+ ENTER_LOG,
+ LEAVE_LOG,
+ OTHER_LOG
+};
+
+#ifdef WOLFSSL_FUNC_TIME
+/* WARNING: This code is only to be used for debugging performance.
+ * The code is not thread-safe.
+ * Do not use WOLFSSL_FUNC_TIME in production code.
+ */
+enum wc_FuncNum {
+ WC_FUNC_HELLO_REQUEST_SEND = 0,
+ WC_FUNC_HELLO_REQUEST_DO,
+ WC_FUNC_CLIENT_HELLO_SEND,
+ WC_FUNC_CLIENT_HELLO_DO,
+ WC_FUNC_SERVER_HELLO_SEND,
+ WC_FUNC_SERVER_HELLO_DO,
+ WC_FUNC_ENCRYPTED_EXTENSIONS_SEND,
+ WC_FUNC_ENCRYPTED_EXTENSIONS_DO,
+ WC_FUNC_CERTIFICATE_REQUEST_SEND,
+ WC_FUNC_CERTIFICATE_REQUEST_DO,
+ WC_FUNC_CERTIFICATE_SEND,
+ WC_FUNC_CERTIFICATE_DO,
+ WC_FUNC_CERTIFICATE_VERIFY_SEND,
+ WC_FUNC_CERTIFICATE_VERIFY_DO,
+ WC_FUNC_FINISHED_SEND,
+ WC_FUNC_FINISHED_DO,
+ WC_FUNC_KEY_UPDATE_SEND,
+ WC_FUNC_KEY_UPDATE_DO,
+ WC_FUNC_EARLY_DATA_SEND,
+ WC_FUNC_EARLY_DATA_DO,
+ WC_FUNC_NEW_SESSION_TICKET_SEND,
+ WC_FUNC_NEW_SESSION_TICKET_DO,
+ WC_FUNC_SERVER_HELLO_DONE_SEND,
+ WC_FUNC_SERVER_HELLO_DONE_DO,
+ WC_FUNC_TICKET_SEND,
+ WC_FUNC_TICKET_DO,
+ WC_FUNC_CLIENT_KEY_EXCHANGE_SEND,
+ WC_FUNC_CLIENT_KEY_EXCHANGE_DO,
+ WC_FUNC_CERTIFICATE_STATUS_SEND,
+ WC_FUNC_CERTIFICATE_STATUS_DO,
+ WC_FUNC_SERVER_KEY_EXCHANGE_SEND,
+ WC_FUNC_SERVER_KEY_EXCHANGE_DO,
+ WC_FUNC_END_OF_EARLY_DATA_SEND,
+ WC_FUNC_END_OF_EARLY_DATA_DO,
+ WC_FUNC_COUNT
+};
+#endif
+
+typedef void (*wolfSSL_Logging_cb)(const int logLevel,
+ const char *const logMessage);
+
+WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
+WOLFSSL_API wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void);
+
+/* turn logging on, only if compiled in */
+WOLFSSL_API int wolfSSL_Debugging_ON(void);
+/* turn logging off */
+WOLFSSL_API void wolfSSL_Debugging_OFF(void);
+
+#ifdef HAVE_WC_INTROSPECTION
+ WOLFSSL_API const char *wolfSSL_configure_args(void);
+ WOLFSSL_API const char *wolfSSL_global_cflags(void);
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
+ WOLFSSL_LOCAL int wc_LoggingInit(void);
+ WOLFSSL_LOCAL int wc_LoggingCleanup(void);
+ WOLFSSL_LOCAL int wc_AddErrorNode(int error, int line, char* buf,
+ char* file);
+ WOLFSSL_LOCAL int wc_PeekErrorNode(int index, const char **file,
+ const char **reason, int *line);
+ WOLFSSL_LOCAL void wc_RemoveErrorNode(int index);
+ WOLFSSL_LOCAL void wc_ClearErrorNodes(void);
+ WOLFSSL_LOCAL int wc_PullErrorNode(const char **file, const char **reason,
+ int *line);
+ WOLFSSL_API int wc_SetLoggingHeap(void* h);
+ WOLFSSL_API int wc_ERR_remove_state(void);
+ #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+ WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp);
+ WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str,
+ size_t len, void *u), void *u);
+ #endif
+#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
+
+#ifdef WOLFSSL_FUNC_TIME
+ /* WARNING: This code is only to be used for debugging performance.
+ * The code is not thread-safe.
+ * Do not use WOLFSSL_FUNC_TIME in production code.
+ */
+ WOLFSSL_API void WOLFSSL_START(int funcNum);
+ WOLFSSL_API void WOLFSSL_END(int funcNum);
+ WOLFSSL_API void WOLFSSL_TIME(int count);
+#else
+ #define WOLFSSL_START(n)
+ #define WOLFSSL_END(n)
+ #define WOLFSSL_TIME(n)
+#endif
+
+#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
+ #if defined(_WIN32)
+ #if defined(INTIME_RTOS)
+ #define __func__ NULL
+ #else
+ #define __func__ __FUNCTION__
+ #endif
+ #endif
+
+ /* a is prepended to m and b is appended, creating a log msg a + m + b */
+ #define WOLFSSL_LOG_CAT(a, m, b) #a " " m " " #b
+
+ WOLFSSL_API void WOLFSSL_ENTER(const char* msg);
+ WOLFSSL_API void WOLFSSL_LEAVE(const char* msg, int ret);
+ #define WOLFSSL_STUB(m) \
+ WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
+ WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
+
+ WOLFSSL_API void WOLFSSL_MSG(const char* msg);
+ WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
+
+#else
+
+ #define WOLFSSL_ENTER(m)
+ #define WOLFSSL_LEAVE(m, r)
+ #define WOLFSSL_STUB(m)
+ #define WOLFSSL_IS_DEBUG_ON() 0
+
+ #define WOLFSSL_MSG(m)
+ #define WOLFSSL_BUFFER(b, l)
+
+#endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */
+
+#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
+ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
+
+ #if (!defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && !defined(_WIN32))\
+ || defined(DEBUG_WOLFSSL_VERBOSE)
+ WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
+ const char* file, void* ctx);
+ #define WOLFSSL_ERROR(x) \
+ WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
+ #else
+ WOLFSSL_API void WOLFSSL_ERROR(int err);
+ #endif
+ WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg);
+
+#else
+ #define WOLFSSL_ERROR(e)
+ #define WOLFSSL_ERROR_MSG(m)
+#endif
+
+#ifdef HAVE_STACK_SIZE_VERBOSE
+ extern WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack;
+ extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSize;
+ extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSizeHWM;
+ extern WOLFSSL_API THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr;
+ extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* WOLFSSL_LOGGING_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md2.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md2.h
new file mode 100644
index 0000000..8aeb4f4
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md2.h
@@ -0,0 +1,69 @@
+/* md2.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/md2.h
+*/
+
+
+#ifndef WOLF_CRYPT_MD2_H
+#define WOLF_CRYPT_MD2_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFSSL_MD2
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* in bytes */
+enum {
+ MD2 = WC_HASH_TYPE_MD2,
+ MD2_BLOCK_SIZE = 16,
+ MD2_DIGEST_SIZE = 16,
+ MD2_PAD_SIZE = 16,
+ MD2_X_SIZE = 48
+};
+
+
+/* Md2 digest */
+typedef struct Md2 {
+ word32 count; /* bytes % PAD_SIZE */
+ byte X[MD2_X_SIZE];
+ byte C[MD2_BLOCK_SIZE];
+ byte buffer[MD2_BLOCK_SIZE];
+} Md2;
+
+
+WOLFSSL_API void wc_InitMd2(Md2*);
+WOLFSSL_API void wc_Md2Update(Md2*, const byte*, word32);
+WOLFSSL_API void wc_Md2Final(Md2*, byte*);
+WOLFSSL_API int wc_Md2Hash(const byte*, word32, byte*);
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_MD2 */
+#endif /* WOLF_CRYPT_MD2_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md4.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md4.h
new file mode 100644
index 0000000..cf203d9
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md4.h
@@ -0,0 +1,67 @@
+/* md4.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/md4.h
+*/
+
+#ifndef WOLF_CRYPT_MD4_H
+#define WOLF_CRYPT_MD4_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_MD4
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* in bytes */
+enum {
+ MD4 = WC_HASH_TYPE_MD4,
+ MD4_BLOCK_SIZE = 64,
+ MD4_DIGEST_SIZE = 16,
+ MD4_PAD_SIZE = 56
+};
+
+
+/* MD4 digest */
+typedef struct Md4 {
+ word32 buffLen; /* in bytes */
+ word32 loLen; /* length in bytes */
+ word32 hiLen; /* length in bytes */
+ word32 digest[MD4_DIGEST_SIZE / sizeof(word32)];
+ word32 buffer[MD4_BLOCK_SIZE / sizeof(word32)];
+} Md4;
+
+
+WOLFSSL_API void wc_InitMd4(Md4*);
+WOLFSSL_API void wc_Md4Update(Md4*, const byte*, word32);
+WOLFSSL_API void wc_Md4Final(Md4*, byte*);
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_MD4 */
+#endif /* WOLF_CRYPT_MD4_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md5.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md5.h
new file mode 100644
index 0000000..d469147
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/md5.h
@@ -0,0 +1,136 @@
+/* md5.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/md5.h
+*/
+
+
+#ifndef WOLF_CRYPT_MD5_H
+#define WOLF_CRYPT_MD5_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_MD5
+
+#ifdef HAVE_FIPS
+ #define wc_InitMd5 InitMd5
+ #define wc_Md5Update Md5Update
+ #define wc_Md5Final Md5Final
+ #define wc_Md5Hash Md5Hash
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#if !defined(NO_OLD_MD5_NAME)
+ #define MD5 WC_MD5
+#endif
+
+#ifndef NO_OLD_WC_NAMES
+ #define Md5 wc_Md5
+ #define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE
+ #define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
+ #define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
+#endif
+
+/* in bytes */
+enum {
+ WC_MD5 = WC_HASH_TYPE_MD5,
+ WC_MD5_BLOCK_SIZE = 64,
+ WC_MD5_DIGEST_SIZE = 16,
+ WC_MD5_PAD_SIZE = 56
+};
+
+
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+ #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
+#endif
+#ifdef STM32_HASH
+ #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+#ifdef WOLFSSL_TI_HASH
+ #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#elif defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
+ #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
+#else
+
+/* MD5 digest */
+typedef struct wc_Md5 {
+#ifdef STM32_HASH
+ STM32_HASH_Context stmCtx;
+#else
+ word32 buffLen; /* in bytes */
+ word32 loLen; /* length in bytes */
+ word32 hiLen; /* length in bytes */
+ word32 buffer[WC_MD5_BLOCK_SIZE / sizeof(word32)];
+#ifdef WOLFSSL_PIC32MZ_HASH
+ word32 digest[PIC32_DIGEST_SIZE / sizeof(word32)];
+#else
+ word32 digest[WC_MD5_DIGEST_SIZE / sizeof(word32)];
+#endif
+ void* heap;
+#ifdef WOLFSSL_PIC32MZ_HASH
+ hashUpdCache cache; /* cache for updates */
+#endif
+#endif /* STM32_HASH */
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ word32 flags; /* enum wc_HashFlags in hash.h */
+#endif
+} wc_Md5;
+
+#endif /* WOLFSSL_TI_HASH */
+
+WOLFSSL_API int wc_InitMd5(wc_Md5*);
+WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int);
+WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32);
+WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*);
+WOLFSSL_API void wc_Md5Free(wc_Md5*);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wc_Md5Transform(wc_Md5*, const byte*);
+#endif
+
+WOLFSSL_API int wc_Md5GetHash(wc_Md5*, byte*);
+WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*);
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len);
+#endif
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_Md5SetFlags(wc_Md5* md5, word32 flags);
+ WOLFSSL_API int wc_Md5GetFlags(wc_Md5* md5, word32* flags);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_MD5 */
+#endif /* WOLF_CRYPT_MD5_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mem_track.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mem_track.h
new file mode 100644
index 0000000..362ef39
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mem_track.h
@@ -0,0 +1,423 @@
+/* mem_track.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* The memory tracker overrides the wolfSSL memory callback system and uses a
+ * static to track the total, peak and currently allocated bytes.
+ *
+ * If you are already using the memory callbacks then enabling this will
+ * override the memory callbacks and prevent your memory callbacks from
+ * working. This assumes malloc() and free() are available. Feel free to
+ * customize this for your needs.
+
+ * The enable this feature define the following:
+ * #define USE_WOLFSSL_MEMORY
+ * #define WOLFSSL_TRACK_MEMORY
+ *
+ * On startup call:
+ * InitMemoryTracker();
+ *
+ * When ready to dump the memory report call:
+ * ShowMemoryTracker();
+ *
+ * Report example:
+ * total Allocs = 228
+ * total Bytes = 93442
+ * peak Bytes = 8840
+ * current Bytes = 0
+ *
+ *
+ * You can also:
+ * #define WOLFSSL_DEBUG_MEMORY
+ *
+ * To print every alloc/free along with the function and line number.
+ * Example output:
+ * Alloc: 0x7fa14a500010 -> 120 at wc_InitRng:496
+ * Free: 0x7fa14a500010 -> 120 at wc_FreeRng:606
+ */
+
+
+#ifndef WOLFSSL_MEM_TRACK_H
+#define WOLFSSL_MEM_TRACK_H
+
+#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
+
+ #include "wolfssl/wolfcrypt/logging.h"
+
+ #if defined(WOLFSSL_TRACK_MEMORY)
+ #define DO_MEM_STATS
+ #if defined(__linux__) || defined(__MACH__)
+ #define DO_MEM_LIST
+ #endif
+ #endif
+
+
+ typedef struct memoryStats {
+ long totalAllocs; /* number of allocations */
+ long totalDeallocs; /* number of deallocations */
+ long totalBytes; /* total number of bytes allocated */
+ long peakBytes; /* concurrent max bytes */
+ long currentBytes; /* total current bytes in use */
+#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
+ long peakAllocsTripOdometer; /* peak number of concurrent allocations,
+ * subject to reset by
+ * wolfCrypt_heap_peak_checkpoint()
+ */
+ long peakBytesTripOdometer; /* peak concurrent bytes, subject to reset
+ * by wolfCrypt_heap_peak_checkpoint()
+ */
+#endif
+ } memoryStats;
+
+ typedef struct memHint {
+ size_t thisSize; /* size of this memory */
+
+ #ifdef DO_MEM_LIST
+ struct memHint* next;
+ struct memHint* prev;
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ const char* func;
+ unsigned int line;
+ #endif
+ #endif
+ void* thisMemory; /* actual memory for user */
+ } memHint;
+
+ typedef struct memoryTrack {
+ union {
+ memHint hint;
+ byte alignit[sizeof(memHint) + ((16-1) & ~(16-1))]; /* make sure we have strong alignment */
+ } u;
+ } memoryTrack;
+
+#ifdef DO_MEM_LIST
+ /* track allocations and report at end */
+ typedef struct memoryList {
+ memHint* head;
+ memHint* tail;
+ word32 count;
+ } memoryList;
+#endif
+
+#if defined(WOLFSSL_TRACK_MEMORY)
+ static memoryStats ourMemStats;
+
+ #ifdef DO_MEM_LIST
+ #include <pthread.h>
+ static memoryList ourMemList;
+ static pthread_mutex_t memLock = PTHREAD_MUTEX_INITIALIZER;
+ #endif
+#endif
+
+
+ /* if defined to not using inline then declare function prototypes */
+ #ifdef NO_INLINE
+ #define WC_STATIC
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ WOLFSSL_LOCAL void* TrackMalloc(size_t sz, const char* func, unsigned int line);
+ WOLFSSL_LOCAL void TrackFree(void* ptr, const char* func, unsigned int line);
+ WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line);
+ #else
+ WOLFSSL_LOCAL void* TrackMalloc(size_t sz);
+ WOLFSSL_LOCAL void TrackFree(void* ptr);
+ WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz);
+ #endif
+ WOLFSSL_LOCAL int InitMemoryTracker(void);
+ WOLFSSL_LOCAL void ShowMemoryTracker(void);
+ #else
+ #define WC_STATIC static
+ #endif
+
+#ifdef WOLFSSL_DEBUG_MEMORY
+ WC_STATIC WC_INLINE void* TrackMalloc(size_t sz, const char* func, unsigned int line)
+#else
+ WC_STATIC WC_INLINE void* TrackMalloc(size_t sz)
+#endif
+ {
+ memoryTrack* mt;
+ memHint* header;
+
+ if (sz == 0)
+ return NULL;
+
+ mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
+ if (mt == NULL)
+ return NULL;
+
+ header = &mt->u.hint;
+ header->thisSize = sz;
+ header->thisMemory = (byte*)mt + sizeof(memoryTrack);
+
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ #ifdef WOLFSSL_DEBUG_MEMORY_PRINT
+ printf("Alloc: %p -> %u at %s:%d\n", header->thisMemory, (word32)sz, func, line);
+ #else
+ (void)func;
+ (void)line;
+ #endif
+ #endif
+
+ #ifdef DO_MEM_STATS
+ ourMemStats.totalAllocs++;
+ ourMemStats.totalBytes += sz;
+ ourMemStats.currentBytes += sz;
+ #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
+ if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - ourMemStats.totalDeallocs)
+ ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - ourMemStats.totalDeallocs;
+ if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) {
+ ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes;
+ #endif
+ if (ourMemStats.currentBytes > ourMemStats.peakBytes)
+ ourMemStats.peakBytes = ourMemStats.currentBytes;
+ #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
+ }
+ #endif
+ #endif
+ #ifdef DO_MEM_LIST
+ if (pthread_mutex_lock(&memLock) == 0) {
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ header->func = func;
+ header->line = line;
+ #endif
+
+ /* Setup event */
+ header->next = NULL;
+ if (ourMemList.tail == NULL) {
+ ourMemList.head = header;
+ header->prev = NULL;
+ }
+ else {
+ ourMemList.tail->next = header;
+ header->prev = ourMemList.tail;
+ }
+ ourMemList.tail = header; /* add to the end either way */
+ ourMemList.count++;
+
+ pthread_mutex_unlock(&memLock);
+ }
+ #endif
+
+ return header->thisMemory;
+ }
+
+
+#ifdef WOLFSSL_DEBUG_MEMORY
+ WC_STATIC WC_INLINE void TrackFree(void* ptr, const char* func, unsigned int line)
+#else
+ WC_STATIC WC_INLINE void TrackFree(void* ptr)
+#endif
+ {
+ memoryTrack* mt;
+ memHint* header;
+ size_t sz;
+
+ if (ptr == NULL) {
+ return;
+ }
+
+ mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
+ header = &mt->u.hint;
+ sz = header->thisSize;
+
+ #ifdef DO_MEM_LIST
+ if (pthread_mutex_lock(&memLock) == 0)
+ {
+ #endif
+
+ #ifdef DO_MEM_STATS
+ ourMemStats.currentBytes -= header->thisSize;
+ ourMemStats.totalDeallocs++;
+ #endif
+
+ #ifdef DO_MEM_LIST
+ if (header == ourMemList.head && header == ourMemList.tail) {
+ ourMemList.head = NULL;
+ ourMemList.tail = NULL;
+ }
+ else if (header == ourMemList.head) {
+ ourMemList.head = header->next;
+ ourMemList.head->prev = NULL;
+ }
+ else if (header == ourMemList.tail) {
+ ourMemList.tail = header->prev;
+ ourMemList.tail->next = NULL;
+ }
+ else {
+ memHint* next = header->next;
+ memHint* prev = header->prev;
+ if (next)
+ next->prev = prev;
+ if (prev)
+ prev->next = next;
+ }
+ ourMemList.count--;
+
+ pthread_mutex_unlock(&memLock);
+ }
+ #endif
+
+#ifdef WOLFSSL_DEBUG_MEMORY
+#ifdef WOLFSSL_DEBUG_MEMORY_PRINT
+ printf("Free: %p -> %u at %s:%d\n", ptr, (word32)sz, func, line);
+#else
+ (void)func;
+ (void)line;
+#endif
+#endif
+ (void)sz;
+
+ free(mt);
+ }
+
+
+#ifdef WOLFSSL_DEBUG_MEMORY
+ WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line)
+#else
+ WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz)
+#endif
+ {
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ void* ret = TrackMalloc(sz, func, line);
+ #else
+ void* ret = TrackMalloc(sz);
+ #endif
+
+ if (ptr) {
+ /* if realloc is bigger, don't overread old ptr */
+ memoryTrack* mt;
+ memHint* header;
+
+ mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
+ header = &mt->u.hint;
+
+ if (header->thisSize < sz)
+ sz = header->thisSize;
+ }
+
+ if (ret && ptr)
+ XMEMCPY(ret, ptr, sz);
+
+ if (ret) {
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ TrackFree(ptr, func, line);
+ #else
+ TrackFree(ptr);
+ #endif
+ }
+
+ return ret;
+ }
+
+#ifdef WOLFSSL_TRACK_MEMORY
+ static wolfSSL_Malloc_cb mfDefault = NULL;
+ static wolfSSL_Free_cb ffDefault = NULL;
+ static wolfSSL_Realloc_cb rfDefault = NULL;
+
+ WC_STATIC WC_INLINE int InitMemoryTracker(void)
+ {
+ int ret;
+
+ ret = wolfSSL_GetAllocators(&mfDefault, &ffDefault, &rfDefault);
+ if (ret < 0) {
+ printf("wolfSSL GetAllocators failed to get the defaults\n");
+ }
+ ret = wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc);
+ if (ret < 0) {
+ printf("wolfSSL SetAllocators failed for track memory\n");
+ return ret;
+ }
+
+ #ifdef DO_MEM_LIST
+ if (pthread_mutex_lock(&memLock) == 0)
+ {
+ #endif
+
+ #ifdef DO_MEM_STATS
+ ourMemStats.totalAllocs = 0;
+ ourMemStats.totalDeallocs = 0;
+ ourMemStats.totalBytes = 0;
+ ourMemStats.peakBytes = 0;
+ ourMemStats.currentBytes = 0;
+#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
+ ourMemStats.peakAllocsTripOdometer = 0;
+ ourMemStats.peakBytesTripOdometer = 0;
+#endif
+ #endif
+
+ #ifdef DO_MEM_LIST
+ XMEMSET(&ourMemList, 0, sizeof(ourMemList));
+
+ pthread_mutex_unlock(&memLock);
+ }
+ #endif
+
+ return ret;
+ }
+
+ WC_STATIC WC_INLINE void ShowMemoryTracker(void)
+ {
+ #ifdef DO_MEM_LIST
+ if (pthread_mutex_lock(&memLock) == 0)
+ {
+ #endif
+
+ #ifdef DO_MEM_STATS
+ printf("total Allocs = %9ld\n", ourMemStats.totalAllocs);
+ printf("total Deallocs = %9ld\n", ourMemStats.totalDeallocs);
+ printf("total Bytes = %9ld\n", ourMemStats.totalBytes);
+ printf("peak Bytes = %9ld\n", ourMemStats.peakBytes);
+ printf("current Bytes = %9ld\n", ourMemStats.currentBytes);
+ #endif
+
+ #ifdef DO_MEM_LIST
+ if (ourMemList.count > 0) {
+ /* print list of allocations */
+ memHint* header;
+ for (header = ourMemList.head; header != NULL; header = header->next) {
+ printf("Leak: Ptr %p, Size %u"
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ ", Func %s, Line %d"
+ #endif
+ "\n",
+ (byte*)header + sizeof(memHint), (unsigned int)header->thisSize
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ , header->func, header->line
+ #endif
+ );
+ }
+ }
+
+ pthread_mutex_unlock(&memLock);
+ }
+ #endif
+ }
+
+ WC_STATIC WC_INLINE int CleanupMemoryTracker(void)
+ {
+ /* restore default allocators */
+ return wolfSSL_SetAllocators(mfDefault, ffDefault, rfDefault);
+ }
+#endif
+
+#endif /* USE_WOLFSSL_MEMORY */
+
+#endif /* WOLFSSL_MEM_TRACK_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/memory.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/memory.h
new file mode 100644
index 0000000..42e3609
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/memory.h
@@ -0,0 +1,237 @@
+/* memory.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* submitted by eof */
+
+/*!
+ \file wolfssl/wolfcrypt/memory.h
+*/
+
+#ifndef WOLFSSL_MEMORY_H
+#define WOLFSSL_MEMORY_H
+
+#if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
+#include <stdlib.h>
+#endif
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST
+ WOLFSSL_API void wolfSSL_SetMemFailCount(int memFailCount);
+#endif
+
+#ifdef WOLFSSL_STATIC_MEMORY
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type, const char* func, unsigned int line);
+ typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type, const char* func, unsigned int line);
+ typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
+ WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line);
+ WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line);
+ WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
+ #else
+ typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type);
+ typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type);
+ typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type);
+ WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
+ WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type);
+ WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
+ #endif /* WOLFSSL_DEBUG_MEMORY */
+#else
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ typedef void *(*wolfSSL_Malloc_cb)(size_t size, const char* func, unsigned int line);
+ typedef void (*wolfSSL_Free_cb)(void *ptr, const char* func, unsigned int line);
+ typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, const char* func, unsigned int line);
+
+ /* Public in case user app wants to use XMALLOC/XFREE */
+ WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line);
+ WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
+ WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line);
+ #else
+ typedef void *(*wolfSSL_Malloc_cb)(size_t size);
+ typedef void (*wolfSSL_Free_cb)(void *ptr);
+ typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size);
+ /* Public in case user app wants to use XMALLOC/XFREE */
+ WOLFSSL_API void* wolfSSL_Malloc(size_t size);
+ WOLFSSL_API void wolfSSL_Free(void *ptr);
+ WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size);
+ #endif /* WOLFSSL_DEBUG_MEMORY */
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+/* Public get/set functions */
+WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
+ wolfSSL_Free_cb,
+ wolfSSL_Realloc_cb);
+WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
+ wolfSSL_Free_cb*,
+ wolfSSL_Realloc_cb*);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+ #define WOLFSSL_STATIC_TIMEOUT 1
+ #ifndef WOLFSSL_STATIC_ALIGN
+ #define WOLFSSL_STATIC_ALIGN 16
+ #endif
+ #ifndef WOLFMEM_MAX_BUCKETS
+ #define WOLFMEM_MAX_BUCKETS 9
+ #endif
+ #define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */
+ #ifndef WOLFMEM_IO_SZ
+ #define WOLFMEM_IO_SZ 16992 /* 16 byte aligned */
+ #endif
+ #ifndef WOLFMEM_BUCKETS
+ #ifndef SESSION_CERTS
+ /* default size of chunks of memory to separate into */
+ #ifndef LARGEST_MEM_BUCKET
+ #define LARGEST_MEM_BUCKET 16128
+ #endif
+ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\
+ LARGEST_MEM_BUCKET
+ #elif defined (OPENSSL_EXTRA)
+ /* extra storage in structs for multiple attributes and order */
+ #ifndef LARGEST_MEM_BUCKET
+ #ifdef WOLFSSL_TLS13
+ #define LARGEST_MEM_BUCKET 30400
+ #else
+ #define LARGEST_MEM_BUCKET 25600
+ #endif
+ #endif
+ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\
+ LARGEST_MEM_BUCKET
+ #elif defined (WOLFSSL_CERT_EXT)
+ /* certificate extensions requires 24k for the SSL struct */
+ #ifndef LARGEST_MEM_BUCKET
+ #define LARGEST_MEM_BUCKET 24576
+ #endif
+ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\
+ LARGEST_MEM_BUCKET
+ #else
+ /* increase 23k for object member of WOLFSSL_X509_NAME_ENTRY */
+ #ifndef LARGEST_MEM_BUCKET
+ #define LARGEST_MEM_BUCKET 23440
+ #endif
+ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\
+ LARGEST_MEM_BUCKET
+ #endif
+ #endif
+ #ifndef WOLFMEM_DIST
+ #ifndef WOLFSSL_STATIC_MEMORY_SMALL
+ #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1
+ #else
+ /* Low resource and not RSA */
+ #define WOLFMEM_DIST 29, 7,6, 9,4,4,0,0,0
+ #endif
+ #endif
+
+ /* flags for loading static memory (one hot bit) */
+ #define WOLFMEM_GENERAL 0x01
+ #define WOLFMEM_IO_POOL 0x02
+ #define WOLFMEM_IO_POOL_FIXED 0x04
+ #define WOLFMEM_TRACK_STATS 0x08
+
+ #ifndef WOLFSSL_MEM_GUARD
+ #define WOLFSSL_MEM_GUARD
+ typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS;
+ typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS;
+ #endif
+
+ struct WOLFSSL_MEM_CONN_STATS {
+ word32 peakMem; /* peak memory usage */
+ word32 curMem; /* current memory usage */
+ word32 peakAlloc; /* peak memory allocations */
+ word32 curAlloc; /* current memory allocations */
+ word32 totalAlloc;/* total memory allocations for lifetime */
+ word32 totalFr; /* total frees for lifetime */
+ };
+
+ struct WOLFSSL_MEM_STATS {
+ word32 curAlloc; /* current memory allocations */
+ word32 totalAlloc;/* total memory allocations for lifetime */
+ word32 totalFr; /* total frees for lifetime */
+ word32 totalUse; /* total amount of memory used in blocks */
+ word32 avaIO; /* available IO specific pools */
+ word32 maxHa; /* max number of concurrent handshakes allowed */
+ word32 maxIO; /* max number of concurrent IO connections allowed */
+ word32 blockSz[WOLFMEM_MAX_BUCKETS]; /* block sizes in stacks */
+ word32 avaBlock[WOLFMEM_MAX_BUCKETS];/* ava block sizes */
+ word32 usedBlock[WOLFMEM_MAX_BUCKETS];
+ int flag; /* flag used */
+ };
+
+ typedef struct wc_Memory wc_Memory; /* internal structure for mem bucket */
+ typedef struct WOLFSSL_HEAP {
+ wc_Memory* ava[WOLFMEM_MAX_BUCKETS];
+ wc_Memory* io; /* list of buffers to use for IO */
+ word32 maxHa; /* max concurrent handshakes */
+ word32 curHa;
+ word32 maxIO; /* max concurrent IO connections */
+ word32 curIO;
+ word32 sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */
+ word32 distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
+ word32 inUse; /* amount of memory currently in use */
+ word32 ioUse;
+ word32 alloc; /* total number of allocs */
+ word32 frAlc; /* total number of frees */
+ int flag;
+ wolfSSL_Mutex memory_mutex;
+ } WOLFSSL_HEAP;
+
+ /* structure passed into XMALLOC as heap hint
+ * having this abstraction allows tracking statistics of individual ssl's
+ */
+ typedef struct WOLFSSL_HEAP_HINT {
+ WOLFSSL_HEAP* memory;
+ WOLFSSL_MEM_CONN_STATS* stats; /* hold individual connection stats */
+ wc_Memory* outBuf; /* set if using fixed io buffers */
+ wc_Memory* inBuf;
+ byte haFlag; /* flag used for checking handshake count */
+ } WOLFSSL_HEAP_HINT;
+
+ WOLFSSL_API int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
+ unsigned char* buf, unsigned int sz, int flag, int max);
+
+ WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap);
+ WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz,
+ int flag, WOLFSSL_HEAP* heap);
+ WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap,
+ WOLFSSL_MEM_STATS* stats);
+ WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
+ WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
+
+ WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
+ WOLFSSL_API int wolfSSL_MemoryPaddingSz(void);
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+#ifdef WOLFSSL_STACK_LOG
+ WOLFSSL_API void __attribute__((no_instrument_function))
+ __cyg_profile_func_enter(void *func, void *caller);
+ WOLFSSL_API void __attribute__((no_instrument_function))
+ __cyg_profile_func_exit(void *func, void *caller);
+#endif /* WOLFSSL_STACK_LOG */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_MEMORY_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/misc.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/misc.h
new file mode 100644
index 0000000..748688f
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/misc.h
@@ -0,0 +1,136 @@
+/* misc.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+/*
+
+DESCRIPTION
+This module implements the arithmetic-shift right, left, byte swapping, XOR,
+masking and clearing memory logic.
+
+*/
+#ifndef WOLF_CRYPT_MISC_H
+#define WOLF_CRYPT_MISC_H
+
+
+#include <wolfssl/wolfcrypt/types.h>
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+#ifdef NO_INLINE
+WOLFSSL_LOCAL
+word32 rotlFixed(word32, word32);
+WOLFSSL_LOCAL
+word32 rotrFixed(word32, word32);
+
+#ifdef WC_RC2
+WOLFSSL_LOCAL
+word16 rotlFixed16(word16, word16);
+WOLFSSL_LOCAL
+word16 rotrFixed16(word16, word16);
+#endif
+
+WOLFSSL_LOCAL
+word32 ByteReverseWord32(word32);
+WOLFSSL_LOCAL
+void ByteReverseWords(word32*, const word32*, word32);
+
+WOLFSSL_LOCAL
+void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b,
+ word32 n);
+WOLFSSL_LOCAL
+void xorbufout(void*, const void*, const void*, word32);
+WOLFSSL_LOCAL
+void XorWords(wolfssl_word*, const wolfssl_word*, word32);
+WOLFSSL_LOCAL
+void xorbuf(void*, const void*, word32);
+
+WOLFSSL_LOCAL
+void ForceZero(const void*, word32);
+
+WOLFSSL_LOCAL
+int ConstantCompare(const byte*, const byte*, int);
+
+#ifdef WORD64_AVAILABLE
+WOLFSSL_LOCAL
+word64 rotlFixed64(word64, word64);
+WOLFSSL_LOCAL
+word64 rotrFixed64(word64, word64);
+
+WOLFSSL_LOCAL
+word64 ByteReverseWord64(word64);
+WOLFSSL_LOCAL
+void ByteReverseWords64(word64*, const word64*, word32);
+#endif /* WORD64_AVAILABLE */
+
+#ifndef WOLFSSL_HAVE_MIN
+ #if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
+ #define min min
+ #endif
+ WOLFSSL_LOCAL word32 min(word32 a, word32 b);
+#endif
+
+#ifndef WOLFSSL_HAVE_MAX
+ #if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */
+ #define max max
+ #endif
+ WOLFSSL_LOCAL word32 max(word32 a, word32 b);
+#endif /* WOLFSSL_HAVE_MAX */
+
+
+void c32to24(word32 in, word24 out);
+void c16toa(word16 u16, byte* c);
+void c32toa(word32 u32, byte* c);
+void c24to32(const word24 u24, word32* u32);
+void ato16(const byte* c, word16* u16);
+void ato24(const byte* c, word32* u24);
+void ato32(const byte* c, word32* u32);
+word32 btoi(byte b);
+
+
+WOLFSSL_LOCAL byte ctMaskGT(int a, int b);
+WOLFSSL_LOCAL byte ctMaskGTE(int a, int b);
+WOLFSSL_LOCAL int ctMaskIntGTE(int a, int b);
+WOLFSSL_LOCAL byte ctMaskLT(int a, int b);
+WOLFSSL_LOCAL byte ctMaskLTE(int a, int b);
+WOLFSSL_LOCAL byte ctMaskEq(int a, int b);
+WOLFSSL_LOCAL word16 ctMask16GT(int a, int b);
+WOLFSSL_LOCAL word16 ctMask16GTE(int a, int b);
+WOLFSSL_LOCAL word16 ctMask16LT(int a, int b);
+WOLFSSL_LOCAL word16 ctMask16LTE(int a, int b);
+WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b);
+WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b);
+WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b);
+WOLFSSL_LOCAL int ctMaskSelInt(byte m, int a, int b);
+WOLFSSL_LOCAL byte ctSetLTE(int a, int b);
+
+#endif /* NO_INLINE */
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* WOLF_CRYPT_MISC_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mpi_class.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mpi_class.h
new file mode 100644
index 0000000..e04acc2
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mpi_class.h
@@ -0,0 +1,1021 @@
+/* mpi_class.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+#if !(defined(LTM1) && defined(LTM2) && defined(LTM3))
+#if defined(LTM2)
+#define LTM3
+#endif
+#if defined(LTM1)
+#define LTM2
+#endif
+#define LTM1
+
+#if defined(LTM_ALL)
+#define BN_ERROR_C
+#define BN_FAST_MP_INVMOD_C
+#define BN_FAST_MP_MONTGOMERY_REDUCE_C
+#define BN_FAST_S_MP_MUL_DIGS_C
+#define BN_FAST_S_MP_MUL_HIGH_DIGS_C
+#define BN_FAST_S_MP_SQR_C
+#define BN_MP_2EXPT_C
+#define BN_MP_ABS_C
+#define BN_MP_ADD_C
+#define BN_MP_ADD_D_C
+#define BN_MP_ADDMOD_C
+#define BN_MP_AND_C
+#define BN_MP_CLAMP_C
+#define BN_MP_CLEAR_C
+#define BN_MP_CLEAR_MULTI_C
+#define BN_MP_CMP_C
+#define BN_MP_CMP_D_C
+#define BN_MP_CMP_MAG_C
+#define BN_MP_CNT_LSB_C
+#define BN_MP_COPY_C
+#define BN_MP_COUNT_BITS_C
+#define BN_MP_DIV_C
+#define BN_MP_DIV_2_C
+#define BN_MP_DIV_2D_C
+#define BN_MP_DIV_3_C
+#define BN_MP_DIV_D_C
+#define BN_MP_DR_IS_MODULUS_C
+#define BN_MP_DR_REDUCE_C
+#define BN_MP_DR_SETUP_C
+#define BN_MP_EXCH_C
+#define BN_MP_EXPT_D_C
+#define BN_MP_EXPTMOD_BASE_2
+#define BN_MP_EXPTMOD_C
+#define BN_MP_EXPTMOD_FAST_C
+#define BN_MP_EXTEUCLID_C
+#define BN_MP_FREAD_C
+#define BN_MP_FWRITE_C
+#define BN_MP_GCD_C
+#define BN_MP_GET_INT_C
+#define BN_MP_GROW_C
+#define BN_MP_INIT_C
+#define BN_MP_INIT_COPY_C
+#define BN_MP_INIT_MULTI_C
+#define BN_MP_INIT_SET_C
+#define BN_MP_INIT_SET_INT_C
+#define BN_MP_INIT_SIZE_C
+#define BN_MP_INVMOD_C
+#define BN_MP_INVMOD_SLOW_C
+#define BN_MP_IS_SQUARE_C
+#define BN_MP_JACOBI_C
+#define BN_MP_KARATSUBA_MUL_C
+#define BN_MP_KARATSUBA_SQR_C
+#define BN_MP_LCM_C
+#define BN_MP_LSHD_C
+#define BN_MP_MOD_C
+#define BN_MP_MOD_2D_C
+#define BN_MP_MOD_D_C
+#define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
+#define BN_MP_MONTGOMERY_REDUCE_C
+#define BN_MP_MONTGOMERY_SETUP_C
+#define BN_MP_MUL_C
+#define BN_MP_MUL_2_C
+#define BN_MP_MUL_2D_C
+#define BN_MP_MUL_D_C
+#define BN_MP_MULMOD_C
+#define BN_MP_N_ROOT_C
+#define BN_MP_NEG_C
+#define BN_MP_OR_C
+#define BN_MP_PRIME_FERMAT_C
+#define BN_MP_PRIME_IS_DIVISIBLE_C
+#define BN_MP_PRIME_IS_PRIME_C
+#define BN_MP_PRIME_MILLER_RABIN_C
+#define BN_MP_PRIME_NEXT_PRIME_C
+#define BN_MP_PRIME_RABIN_MILLER_TRIALS_C
+#define BN_MP_PRIME_RANDOM_EX_C
+#define BN_MP_RADIX_SIZE_C
+#define BN_MP_RADIX_SMAP_C
+#define BN_MP_RAND_C
+#define BN_MP_READ_RADIX_C
+#define BN_MP_READ_SIGNED_BIN_C
+#define BN_MP_READ_UNSIGNED_BIN_C
+#define BN_MP_REDUCE_C
+#define BN_MP_REDUCE_2K_C
+#define BN_MP_REDUCE_2K_L_C
+#define BN_MP_REDUCE_2K_SETUP_C
+#define BN_MP_REDUCE_2K_SETUP_L_C
+#define BN_MP_REDUCE_IS_2K_C
+#define BN_MP_REDUCE_IS_2K_L_C
+#define BN_MP_REDUCE_SETUP_C
+#define BN_MP_RSHD_C
+#define BN_MP_SET_C
+#define BN_MP_SET_INT_C
+#define BN_MP_SHRINK_C
+#define BN_MP_SIGNED_BIN_SIZE_C
+#define BN_MP_SQR_C
+#define BN_MP_SQRMOD_C
+#define BN_MP_SQRT_C
+#define BN_MP_SUB_C
+#define BN_MP_SUB_D_C
+#define BN_MP_SUBMOD_C
+#define BN_MP_TO_SIGNED_BIN_C
+#define BN_MP_TO_SIGNED_BIN_N_C
+#define BN_MP_TO_UNSIGNED_BIN_C
+#define BN_MP_TO_UNSIGNED_BIN_N_C
+#define BN_MP_TOOM_MUL_C
+#define BN_MP_TOOM_SQR_C
+#define BN_MP_TORADIX_C
+#define BN_MP_TORADIX_N_C
+#define BN_MP_UNSIGNED_BIN_SIZE_C
+#define BN_MP_XOR_C
+#define BN_MP_ZERO_C
+#define BN_PRIME_TAB_C
+#define BN_REVERSE_C
+#define BN_S_MP_ADD_C
+#define BN_S_MP_EXPTMOD_C
+#define BN_S_MP_MUL_DIGS_C
+#define BN_S_MP_MUL_HIGH_DIGS_C
+#define BN_S_MP_SQR_C
+#define BN_S_MP_SUB_C
+#define BNCORE_C
+#endif
+
+#if defined(BN_ERROR_C)
+ #define BN_MP_ERROR_TO_STRING_C
+#endif
+
+#if defined(BN_FAST_MP_INVMOD_C)
+ #define BN_MP_ISEVEN_C
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_COPY_C
+ #define BN_MP_MOD_C
+ #define BN_MP_SET_C
+ #define BN_MP_DIV_2_C
+ #define BN_MP_ISODD_C
+ #define BN_MP_SUB_C
+ #define BN_MP_CMP_C
+ #define BN_MP_ISZERO_C
+ #define BN_MP_CMP_D_C
+ #define BN_MP_ADD_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_MULTI_C
+#endif
+
+#if defined(BN_FAST_MP_MONTGOMERY_REDUCE_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+#endif
+
+#if defined(BN_FAST_S_MP_MUL_DIGS_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_FAST_S_MP_SQR_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_2EXPT_C)
+ #define BN_MP_ZERO_C
+ #define BN_MP_GROW_C
+#endif
+
+#if defined(BN_MP_ABS_C)
+ #define BN_MP_COPY_C
+#endif
+
+#if defined(BN_MP_ADD_C)
+ #define BN_S_MP_ADD_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+#endif
+
+#if defined(BN_MP_ADD_D_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_SUB_D_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_ADDMOD_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_ADD_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_MOD_C
+#endif
+
+#if defined(BN_MP_AND_C)
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_CLAMP_C)
+#endif
+
+#if defined(BN_MP_CLEAR_C)
+#endif
+
+#if defined(BN_MP_CLEAR_MULTI_C)
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_CMP_C)
+ #define BN_MP_CMP_MAG_C
+#endif
+
+#if defined(BN_MP_CMP_D_C)
+#endif
+
+#if defined(BN_MP_CMP_MAG_C)
+#endif
+
+#if defined(BN_MP_CNT_LSB_C)
+ #define BN_MP_ISZERO_C
+#endif
+
+#if defined(BN_MP_COPY_C)
+ #define BN_MP_GROW_C
+#endif
+
+#if defined(BN_MP_COUNT_BITS_C)
+#endif
+
+#if defined(BN_MP_DIV_C)
+ #define BN_MP_ISZERO_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_MP_COPY_C
+ #define BN_MP_ZERO_C
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_SET_C
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_ABS_C
+ #define BN_MP_MUL_2D_C
+ #define BN_MP_CMP_C
+ #define BN_MP_SUB_C
+ #define BN_MP_ADD_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_MULTI_C
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_INIT_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_LSHD_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_MUL_D_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_DIV_2_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_DIV_2D_C)
+ #define BN_MP_COPY_C
+ #define BN_MP_ZERO_C
+ #define BN_MP_INIT_C
+ #define BN_MP_MOD_2D_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+#endif
+
+#if defined(BN_MP_DIV_3_C)
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_DIV_D_C)
+ #define BN_MP_ISZERO_C
+ #define BN_MP_COPY_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_DIV_3_C
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_DR_IS_MODULUS_C)
+#endif
+
+#if defined(BN_MP_DR_REDUCE_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+#endif
+
+#if defined(BN_MP_DR_SETUP_C)
+#endif
+
+#if defined(BN_MP_EXCH_C)
+#endif
+
+#if defined(BN_MP_EXPT_D_C)
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_SET_C
+ #define BN_MP_SQR_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_MUL_C
+#endif
+
+#if defined(BN_MP_EXPTMOD_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_INVMOD_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_ABS_C
+ #define BN_MP_CLEAR_MULTI_C
+ #define BN_MP_REDUCE_IS_2K_L_C
+ #define BN_S_MP_EXPTMOD_C
+ #define BN_MP_DR_IS_MODULUS_C
+ #define BN_MP_REDUCE_IS_2K_C
+ #define BN_MP_ISODD_C
+ #define BN_MP_EXPTMOD_FAST_C
+ #define BN_MP_EXPTMOD_BASE_2
+#endif
+
+#if defined(BN_MP_EXPTMOD_FAST_C)
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_INIT_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_MONTGOMERY_SETUP_C
+ #define BN_FAST_MP_MONTGOMERY_REDUCE_C
+ #define BN_MP_MONTGOMERY_REDUCE_C
+ #define BN_MP_DR_SETUP_C
+ #define BN_MP_DR_REDUCE_C
+ #define BN_MP_REDUCE_2K_SETUP_C
+ #define BN_MP_REDUCE_2K_C
+ #define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
+ #define BN_MP_MULMOD_C
+ #define BN_MP_SET_C
+ #define BN_MP_MOD_C
+ #define BN_MP_COPY_C
+ #define BN_MP_SQR_C
+ #define BN_MP_MUL_C
+ #define BN_MP_EXCH_C
+#endif
+
+#if defined(BN_MP_EXTEUCLID_C)
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_SET_C
+ #define BN_MP_COPY_C
+ #define BN_MP_ISZERO_C
+ #define BN_MP_DIV_C
+ #define BN_MP_MUL_C
+ #define BN_MP_SUB_C
+ #define BN_MP_NEG_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_MULTI_C
+#endif
+
+#if defined(BN_MP_FREAD_C)
+ #define BN_MP_ZERO_C
+ #define BN_MP_S_RMAP_C
+ #define BN_MP_MUL_D_C
+ #define BN_MP_ADD_D_C
+ #define BN_MP_CMP_D_C
+#endif
+
+#if defined(BN_MP_FWRITE_C)
+ #define BN_MP_RADIX_SIZE_C
+ #define BN_MP_TORADIX_C
+#endif
+
+#if defined(BN_MP_GCD_C)
+ #define BN_MP_ISZERO_C
+ #define BN_MP_ABS_C
+ #define BN_MP_ZERO_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_CNT_LSB_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_MP_EXCH_C
+ #define BN_S_MP_SUB_C
+ #define BN_MP_MUL_2D_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_GET_INT_C)
+#endif
+
+#if defined(BN_MP_GROW_C)
+#endif
+
+#if defined(BN_MP_INIT_C)
+#endif
+
+#if defined(BN_MP_INIT_COPY_C)
+ #define BN_MP_COPY_C
+#endif
+
+#if defined(BN_MP_INIT_MULTI_C)
+ #define BN_MP_ERR_C
+ #define BN_MP_INIT_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_INIT_SET_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_SET_C
+#endif
+
+#if defined(BN_MP_INIT_SET_INT_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_SET_INT_C
+#endif
+
+#if defined(BN_MP_INIT_SIZE_C)
+ #define BN_MP_INIT_C
+#endif
+
+#if defined(BN_MP_INVMOD_C)
+ #define BN_MP_ISZERO_C
+ #define BN_MP_ISODD_C
+ #define BN_FAST_MP_INVMOD_C
+ #define BN_MP_INVMOD_SLOW_C
+#endif
+
+#if defined(BN_MP_INVMOD_SLOW_C)
+ #define BN_MP_ISZERO_C
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_MOD_C
+ #define BN_MP_COPY_C
+ #define BN_MP_ISEVEN_C
+ #define BN_MP_SET_C
+ #define BN_MP_DIV_2_C
+ #define BN_MP_ISODD_C
+ #define BN_MP_ADD_C
+ #define BN_MP_SUB_C
+ #define BN_MP_CMP_C
+ #define BN_MP_CMP_D_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_MULTI_C
+#endif
+
+#if defined(BN_MP_IS_SQUARE_C)
+ #define BN_MP_MOD_D_C
+ #define BN_MP_INIT_SET_INT_C
+ #define BN_MP_MOD_C
+ #define BN_MP_GET_INT_C
+ #define BN_MP_SQRT_C
+ #define BN_MP_SQR_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_JACOBI_C)
+ #define BN_MP_CMP_D_C
+ #define BN_MP_ISZERO_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_CNT_LSB_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_MOD_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_KARATSUBA_MUL_C)
+ #define BN_MP_MUL_C
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_SUB_C
+ #define BN_MP_ADD_C
+ #define BN_MP_LSHD_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_KARATSUBA_SQR_C)
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_SQR_C
+ #define BN_MP_SUB_C
+ #define BN_S_MP_ADD_C
+ #define BN_MP_LSHD_C
+ #define BN_MP_ADD_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_LCM_C)
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_GCD_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_MP_DIV_C
+ #define BN_MP_MUL_C
+ #define BN_MP_CLEAR_MULTI_C
+#endif
+
+#if defined(BN_MP_LSHD_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_RSHD_C
+#endif
+
+#if defined(BN_MP_MOD_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_DIV_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_ADD_C
+ #define BN_MP_EXCH_C
+#endif
+
+#if defined(BN_MP_MOD_2D_C)
+ #define BN_MP_ZERO_C
+ #define BN_MP_COPY_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_MOD_D_C)
+ #define BN_MP_DIV_D_C
+#endif
+
+#if defined(BN_MP_MONTGOMERY_CALC_NORMALIZATION_C)
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_2EXPT_C
+ #define BN_MP_SET_C
+ #define BN_MP_MUL_2_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+#endif
+
+#if defined(BN_MP_MONTGOMERY_REDUCE_C)
+ #define BN_FAST_MP_MONTGOMERY_REDUCE_C
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+#endif
+
+#if defined(BN_MP_MONTGOMERY_SETUP_C)
+#endif
+
+#if defined(BN_MP_MUL_C)
+ #define BN_MP_TOOM_MUL_C
+ #define BN_MP_KARATSUBA_MUL_C
+ #define BN_FAST_S_MP_MUL_DIGS_C
+ #define BN_S_MP_MUL_C
+ #define BN_S_MP_MUL_DIGS_C
+#endif
+
+#if defined(BN_MP_MUL_2_C)
+ #define BN_MP_GROW_C
+#endif
+
+#if defined(BN_MP_MUL_2D_C)
+ #define BN_MP_COPY_C
+ #define BN_MP_GROW_C
+ #define BN_MP_LSHD_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_MUL_D_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_MULMOD_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_MUL_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_MOD_C
+#endif
+
+#if defined(BN_MP_N_ROOT_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_SET_C
+ #define BN_MP_COPY_C
+ #define BN_MP_EXPT_D_C
+ #define BN_MP_MUL_C
+ #define BN_MP_SUB_C
+ #define BN_MP_MUL_D_C
+ #define BN_MP_DIV_C
+ #define BN_MP_CMP_C
+ #define BN_MP_SUB_D_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_NEG_C)
+ #define BN_MP_COPY_C
+ #define BN_MP_ISZERO_C
+#endif
+
+#if defined(BN_MP_OR_C)
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_PRIME_FERMAT_C)
+ #define BN_MP_CMP_D_C
+ #define BN_MP_INIT_C
+ #define BN_MP_EXPTMOD_C
+ #define BN_MP_CMP_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_PRIME_IS_DIVISIBLE_C)
+ #define BN_MP_MOD_D_C
+#endif
+
+#if defined(BN_MP_PRIME_IS_PRIME_C)
+ #define BN_MP_CMP_D_C
+ #define BN_MP_PRIME_IS_DIVISIBLE_C
+ #define BN_MP_INIT_C
+ #define BN_MP_SET_C
+ #define BN_MP_PRIME_MILLER_RABIN_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_PRIME_MILLER_RABIN_C)
+ #define BN_MP_CMP_D_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_SUB_D_C
+ #define BN_MP_CNT_LSB_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_EXPTMOD_C
+ #define BN_MP_CMP_C
+ #define BN_MP_SQRMOD_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_PRIME_NEXT_PRIME_C)
+ #define BN_MP_CMP_D_C
+ #define BN_MP_SET_C
+ #define BN_MP_SUB_D_C
+ #define BN_MP_ISEVEN_C
+ #define BN_MP_MOD_D_C
+ #define BN_MP_INIT_C
+ #define BN_MP_ADD_D_C
+ #define BN_MP_PRIME_MILLER_RABIN_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_PRIME_RABIN_MILLER_TRIALS_C)
+#endif
+
+#if defined(BN_MP_PRIME_RANDOM_EX_C)
+ #define BN_MP_READ_UNSIGNED_BIN_C
+ #define BN_MP_PRIME_IS_PRIME_C
+ #define BN_MP_SUB_D_C
+ #define BN_MP_DIV_2_C
+ #define BN_MP_MUL_2_C
+ #define BN_MP_ADD_D_C
+#endif
+
+#if defined(BN_MP_RADIX_SIZE_C)
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_ISZERO_C
+ #define BN_MP_DIV_D_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_RADIX_SMAP_C)
+ #define BN_MP_S_RMAP_C
+#endif
+
+#if defined(BN_MP_RAND_C)
+ #define BN_MP_ZERO_C
+ #define BN_MP_ADD_D_C
+ #define BN_MP_LSHD_C
+#endif
+
+#if defined(BN_MP_READ_RADIX_C)
+ #define BN_MP_ZERO_C
+ #define BN_MP_S_RMAP_C
+ #define BN_MP_RADIX_SMAP_C
+ #define BN_MP_MUL_D_C
+ #define BN_MP_ADD_D_C
+ #define BN_MP_ISZERO_C
+#endif
+
+#if defined(BN_MP_READ_SIGNED_BIN_C)
+ #define BN_MP_READ_UNSIGNED_BIN_C
+#endif
+
+#if defined(BN_MP_READ_UNSIGNED_BIN_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_ZERO_C
+ #define BN_MP_MUL_2D_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_REDUCE_C)
+ #define BN_MP_REDUCE_SETUP_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_MUL_C
+ #define BN_S_MP_MUL_HIGH_DIGS_C
+ #define BN_FAST_S_MP_MUL_HIGH_DIGS_C
+ #define BN_MP_MOD_2D_C
+ #define BN_S_MP_MUL_DIGS_C
+ #define BN_MP_SUB_C
+ #define BN_MP_CMP_D_C
+ #define BN_MP_SET_C
+ #define BN_MP_LSHD_C
+ #define BN_MP_ADD_C
+ #define BN_MP_CMP_C
+ #define BN_S_MP_SUB_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_REDUCE_2K_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_MUL_D_C
+ #define BN_S_MP_ADD_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_REDUCE_2K_L_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_MUL_C
+ #define BN_S_MP_ADD_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_REDUCE_2K_SETUP_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_2EXPT_C
+ #define BN_MP_CLEAR_C
+ #define BN_S_MP_SUB_C
+#endif
+
+#if defined(BN_MP_REDUCE_2K_SETUP_L_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_2EXPT_C
+ #define BN_MP_COUNT_BITS_C
+ #define BN_S_MP_SUB_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_REDUCE_IS_2K_C)
+ #define BN_MP_REDUCE_2K_C
+ #define BN_MP_COUNT_BITS_C
+#endif
+
+#if defined(BN_MP_REDUCE_IS_2K_L_C)
+#endif
+
+#if defined(BN_MP_REDUCE_SETUP_C)
+ #define BN_MP_2EXPT_C
+ #define BN_MP_DIV_C
+#endif
+
+#if defined(BN_MP_RSHD_C)
+ #define BN_MP_ZERO_C
+#endif
+
+#if defined(BN_MP_SET_C)
+ #define BN_MP_ZERO_C
+#endif
+
+#if defined(BN_MP_SET_INT_C)
+ #define BN_MP_ZERO_C
+ #define BN_MP_MUL_2D_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_SHRINK_C)
+#endif
+
+#if defined(BN_MP_SIGNED_BIN_SIZE_C)
+ #define BN_MP_UNSIGNED_BIN_SIZE_C
+#endif
+
+#if defined(BN_MP_SQR_C)
+ #define BN_MP_TOOM_SQR_C
+ #define BN_MP_KARATSUBA_SQR_C
+ #define BN_FAST_S_MP_SQR_C
+ #define BN_S_MP_SQR_C
+#endif
+
+#if defined(BN_MP_SQRMOD_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_SQR_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_MOD_C
+#endif
+
+#if defined(BN_MP_SQRT_C)
+ #define BN_MP_N_ROOT_C
+ #define BN_MP_ISZERO_C
+ #define BN_MP_ZERO_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_DIV_C
+ #define BN_MP_ADD_C
+ #define BN_MP_DIV_2_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_SUB_C)
+ #define BN_S_MP_ADD_C
+ #define BN_MP_CMP_MAG_C
+ #define BN_S_MP_SUB_C
+#endif
+
+#if defined(BN_MP_SUB_D_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_ADD_D_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_MP_SUBMOD_C)
+ #define BN_MP_INIT_C
+ #define BN_MP_SUB_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_MOD_C
+#endif
+
+#if defined(BN_MP_TO_SIGNED_BIN_C)
+ #define BN_MP_TO_UNSIGNED_BIN_C
+#endif
+
+#if defined(BN_MP_TO_SIGNED_BIN_N_C)
+ #define BN_MP_SIGNED_BIN_SIZE_C
+ #define BN_MP_TO_SIGNED_BIN_C
+#endif
+
+#if defined(BN_MP_TO_UNSIGNED_BIN_C)
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_ISZERO_C
+ #define BN_MP_DIV_2D_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_TO_UNSIGNED_BIN_N_C)
+ #define BN_MP_UNSIGNED_BIN_SIZE_C
+ #define BN_MP_TO_UNSIGNED_BIN_C
+#endif
+
+#if defined(BN_MP_TOOM_MUL_C)
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_MOD_2D_C
+ #define BN_MP_COPY_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_MUL_C
+ #define BN_MP_MUL_2_C
+ #define BN_MP_ADD_C
+ #define BN_MP_SUB_C
+ #define BN_MP_DIV_2_C
+ #define BN_MP_MUL_2D_C
+ #define BN_MP_MUL_D_C
+ #define BN_MP_DIV_3_C
+ #define BN_MP_LSHD_C
+ #define BN_MP_CLEAR_MULTI_C
+#endif
+
+#if defined(BN_MP_TOOM_SQR_C)
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_MOD_2D_C
+ #define BN_MP_COPY_C
+ #define BN_MP_RSHD_C
+ #define BN_MP_SQR_C
+ #define BN_MP_MUL_2_C
+ #define BN_MP_ADD_C
+ #define BN_MP_SUB_C
+ #define BN_MP_DIV_2_C
+ #define BN_MP_MUL_2D_C
+ #define BN_MP_MUL_D_C
+ #define BN_MP_DIV_3_C
+ #define BN_MP_LSHD_C
+ #define BN_MP_CLEAR_MULTI_C
+#endif
+
+#if defined(BN_MP_TORADIX_C)
+ #define BN_MP_ISZERO_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_DIV_D_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_S_RMAP_C
+#endif
+
+#if defined(BN_MP_TORADIX_N_C)
+ #define BN_MP_ISZERO_C
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_DIV_D_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_S_RMAP_C
+#endif
+
+#if defined(BN_MP_UNSIGNED_BIN_SIZE_C)
+ #define BN_MP_COUNT_BITS_C
+#endif
+
+#if defined(BN_MP_XOR_C)
+ #define BN_MP_INIT_COPY_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_MP_ZERO_C)
+#endif
+
+#if defined(BN_PRIME_TAB_C)
+#endif
+
+#if defined(BN_REVERSE_C)
+#endif
+
+#if defined(BN_S_MP_ADD_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BN_S_MP_EXPTMOD_C)
+ #define BN_MP_COUNT_BITS_C
+ #define BN_MP_INIT_C
+ #define BN_MP_CLEAR_C
+ #define BN_MP_REDUCE_SETUP_C
+ #define BN_MP_REDUCE_C
+ #define BN_MP_REDUCE_2K_SETUP_L_C
+ #define BN_MP_REDUCE_2K_L_C
+ #define BN_MP_MOD_C
+ #define BN_MP_COPY_C
+ #define BN_MP_SQR_C
+ #define BN_MP_MUL_C
+ #define BN_MP_SET_C
+ #define BN_MP_EXCH_C
+#endif
+
+#if defined(BN_S_MP_MUL_DIGS_C)
+ #define BN_FAST_S_MP_MUL_DIGS_C
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_S_MP_MUL_HIGH_DIGS_C)
+ #define BN_FAST_S_MP_MUL_HIGH_DIGS_C
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_S_MP_SQR_C)
+ #define BN_MP_INIT_SIZE_C
+ #define BN_MP_CLAMP_C
+ #define BN_MP_EXCH_C
+ #define BN_MP_CLEAR_C
+#endif
+
+#if defined(BN_S_MP_SUB_C)
+ #define BN_MP_GROW_C
+ #define BN_MP_CLAMP_C
+#endif
+
+#if defined(BNCORE_C)
+#endif
+
+#ifdef LTM3
+#define LTM_LAST
+#endif
+#include "mpi_superclass.h"
+#include "mpi_class.h"
+#else
+#define LTM_LAST
+#endif
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mpi_superclass.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mpi_superclass.h
new file mode 100644
index 0000000..91ebad8
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/mpi_superclass.h
@@ -0,0 +1,96 @@
+/* mpi_superclass.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* super class file for PK algos */
+
+/* default ... include all MPI */
+#define LTM_ALL
+
+/* RSA only (does not support DH/DSA/ECC) */
+/* #define SC_RSA_1 */
+
+/* For reference.... On an Athlon64 optimizing for speed...
+
+ LTM's mpi.o with all functions [striped] is 142KiB in size.
+
+*/
+
+/* Works for RSA only, mpi.o is 68KiB */
+#ifdef SC_RSA_1
+ #define BN_MP_SHRINK_C
+ #define BN_MP_LCM_C
+ #define BN_MP_PRIME_RANDOM_EX_C
+ #define BN_MP_INVMOD_C
+ #define BN_MP_GCD_C
+ #define BN_MP_MOD_C
+ #define BN_MP_MULMOD_C
+ #define BN_MP_ADDMOD_C
+ #define BN_MP_EXPTMOD_C
+ #define BN_MP_SET_INT_C
+ #define BN_MP_INIT_MULTI_C
+ #define BN_MP_CLEAR_MULTI_C
+ #define BN_MP_UNSIGNED_BIN_SIZE_C
+ #define BN_MP_TO_UNSIGNED_BIN_C
+ #define BN_MP_MOD_D_C
+ #define BN_MP_PRIME_RABIN_MILLER_TRIALS_C
+ #define BN_REVERSE_C
+ #define BN_PRIME_TAB_C
+
+ /* other modifiers */
+ #define BN_MP_DIV_SMALL /* Slower division, not critical */
+
+ /* here we are on the last pass so we turn things off. The functions classes are still there
+ * but we remove them specifically from the build. This also invokes tweaks in functions
+ * like removing support for even moduli, etc...
+ */
+#ifdef LTM_LAST
+ #undef BN_MP_TOOM_MUL_C
+ #undef BN_MP_TOOM_SQR_C
+ #undef BN_MP_KARATSUBA_MUL_C
+ #undef BN_MP_KARATSUBA_SQR_C
+ #undef BN_MP_REDUCE_C
+ #undef BN_MP_REDUCE_SETUP_C
+ #undef BN_MP_DR_IS_MODULUS_C
+ #undef BN_MP_DR_SETUP_C
+ #undef BN_MP_DR_REDUCE_C
+ #undef BN_MP_REDUCE_IS_2K_C
+ #undef BN_MP_REDUCE_2K_SETUP_C
+ #undef BN_MP_REDUCE_2K_C
+ #undef BN_S_MP_EXPTMOD_C
+ #undef BN_MP_DIV_3_C
+ #undef BN_S_MP_MUL_HIGH_DIGS_C
+ #undef BN_FAST_S_MP_MUL_HIGH_DIGS_C
+ #undef BN_FAST_MP_INVMOD_C
+
+ /* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold
+ * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines]
+ * which means roughly speaking you can handle up to 2536-bit RSA keys with these defined without
+ * trouble.
+ */
+ #undef BN_S_MP_MUL_DIGS_C
+ #undef BN_S_MP_SQR_C
+ #undef BN_MP_MONTGOMERY_REDUCE_C
+#endif
+
+#endif
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pkcs12.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pkcs12.h
new file mode 100644
index 0000000..fa8b331
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pkcs12.h
@@ -0,0 +1,74 @@
+/* pkcs12.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_PKCS12_H
+#define WOLF_CRYPT_PKCS12_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifndef WOLFSSL_TYPES_DEFINED /* do not redeclare from ssl.h */
+ typedef struct WC_PKCS12 WC_PKCS12;
+#endif
+
+typedef struct WC_DerCertList { /* dereferenced in ssl.c */
+ byte* buffer;
+ word32 bufferSz;
+ struct WC_DerCertList* next;
+} WC_DerCertList;
+
+/* default values for creating PKCS12 */
+enum {
+ WC_PKCS12_ITT_DEFAULT = 2048,
+ WC_PKCS12_VERSION_DEFAULT = 3,
+ WC_PKCS12_MAC_DEFAULT = 1,
+};
+
+WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void);
+WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12);
+WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12);
+WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz);
+WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
+ byte** pkey, word32* pkeySz, byte** cert, word32* certSz,
+ WC_DerCertList** ca);
+WOLFSSL_LOCAL int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12,
+ const byte* psw, word32 pswSz);
+WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz,
+ char* name, byte* key, word32 keySz, byte* cert, word32 certSz,
+ WC_DerCertList* ca, int nidKey, int nidCert, int iter, int macIter,
+ int keyType, void* heap);
+
+
+WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap);
+WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12);
+
+WOLFSSL_LOCAL void wc_FreeCertList(WC_DerCertList* list, void* heap);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_PKCS12_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pkcs7.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pkcs7.h
new file mode 100644
index 0000000..4f24e81
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pkcs7.h
@@ -0,0 +1,501 @@
+/* pkcs7.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/pkcs7.h
+*/
+
+#ifndef WOLF_CRYPT_PKCS7_H
+#define WOLF_CRYPT_PKCS7_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_PKCS7
+
+#ifndef NO_ASN
+ #include <wolfssl/wolfcrypt/asn.h>
+#endif
+#include <wolfssl/wolfcrypt/asn_public.h>
+#include <wolfssl/wolfcrypt/random.h>
+#ifndef NO_AES
+ #include <wolfssl/wolfcrypt/aes.h>
+#endif
+#ifndef NO_DES3
+ #include <wolfssl/wolfcrypt/des3.h>
+#endif
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Max number of certificates that PKCS7 structure can parse */
+#ifndef MAX_PKCS7_CERTS
+#ifdef OPENSSL_ALL
+ #define MAX_PKCS7_CERTS 15
+#else
+ #define MAX_PKCS7_CERTS 4
+#endif
+#endif
+
+#ifndef MAX_ORI_TYPE_SZ
+ #define MAX_ORI_TYPE_SZ MAX_OID_SZ
+#endif
+#ifndef MAX_ORI_VALUE_SZ
+ #define MAX_ORI_VALUE_SZ 512
+#endif
+
+#ifndef MAX_SIGNED_ATTRIBS_SZ
+ #define MAX_SIGNED_ATTRIBS_SZ 7
+#endif
+
+#ifndef MAX_AUTH_ATTRIBS_SZ
+ #define MAX_AUTH_ATTRIBS_SZ 7
+#endif
+
+#ifndef MAX_UNAUTH_ATTRIBS_SZ
+ #define MAX_UNAUTH_ATTRIBS_SZ 7
+#endif
+
+/* PKCS#7 content types, ref RFC 2315 (Section 14) */
+enum PKCS7_TYPES {
+ PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
+ DATA = 651, /* 1.2.840.113549.1.7.1 */
+ SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */
+ ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */
+ SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */
+ DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */
+ ENCRYPTED_DATA = 656, /* 1.2.840.113549.1.7.6 */
+#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
+ COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9, RFC 3274 */
+#endif
+ FIRMWARE_PKG_DATA = 685, /* 1.2.840.113549.1.9.16.1.16, RFC 4108 */
+ AUTH_ENVELOPED_DATA = 692 /* 1.2.840.113549.1.9.16.1.23, RFC 5083 */
+};
+
+enum PKCS7_STATE {
+ WC_PKCS7_START = 0,
+
+ /* decode encrypted */
+ WC_PKCS7_STAGE2,
+ WC_PKCS7_STAGE3,
+ WC_PKCS7_STAGE4,
+ WC_PKCS7_STAGE5,
+ WC_PKCS7_STAGE6,
+
+ WC_PKCS7_VERIFY_STAGE2,
+ WC_PKCS7_VERIFY_STAGE3,
+ WC_PKCS7_VERIFY_STAGE4,
+ WC_PKCS7_VERIFY_STAGE5,
+ WC_PKCS7_VERIFY_STAGE6,
+
+ /* parse info set */
+ WC_PKCS7_INFOSET_START,
+ WC_PKCS7_INFOSET_BER,
+ WC_PKCS7_INFOSET_STAGE1,
+ WC_PKCS7_INFOSET_STAGE2,
+ WC_PKCS7_INFOSET_END,
+
+ /* decode enveloped data */
+ WC_PKCS7_ENV_2,
+ WC_PKCS7_ENV_3,
+ WC_PKCS7_ENV_4,
+ WC_PKCS7_ENV_5,
+
+ /* decode auth enveloped */
+ WC_PKCS7_AUTHENV_2,
+ WC_PKCS7_AUTHENV_3,
+ WC_PKCS7_AUTHENV_4,
+ WC_PKCS7_AUTHENV_5,
+ WC_PKCS7_AUTHENV_6,
+ WC_PKCS7_AUTHENV_ATRB,
+ WC_PKCS7_AUTHENV_ATRBEND,
+ WC_PKCS7_AUTHENV_7,
+
+ /* decryption state types */
+ WC_PKCS7_DECRYPT_KTRI,
+ WC_PKCS7_DECRYPT_KTRI_2,
+ WC_PKCS7_DECRYPT_KTRI_3,
+
+
+ WC_PKCS7_DECRYPT_KARI,
+ WC_PKCS7_DECRYPT_KEKRI,
+ WC_PKCS7_DECRYPT_PWRI,
+ WC_PKCS7_DECRYPT_ORI,
+
+ WC_PKCS7_DECRYPT_DONE,
+
+};
+
+enum Pkcs7_Misc {
+ PKCS7_NONCE_SZ = 16,
+ MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
+ MAX_CONTENT_KEY_LEN = 32, /* highest current cipher is AES-256-CBC */
+ MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */
+#ifndef NO_AES
+ MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
+#else
+ MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
+#endif
+ MAX_RECIP_SZ = MAX_VERSION_SZ +
+ MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
+ MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
+};
+
+enum Cms_Options {
+ CMS_SKID = 1,
+ CMS_ISSUER_AND_SERIAL_NUMBER = 2,
+};
+#define DEGENERATE_SID 3
+
+/* CMS/PKCS#7 RecipientInfo types, RFC 5652, Section 6.2 */
+enum Pkcs7_RecipientInfo_Types {
+ PKCS7_KTRI = 0,
+ PKCS7_KARI = 1,
+ PKCS7_KEKRI = 2,
+ PKCS7_PWRI = 3,
+ PKCS7_ORI = 4
+};
+
+typedef struct PKCS7Attrib {
+ const byte* oid;
+ word32 oidSz;
+ const byte* value;
+ word32 valueSz;
+} PKCS7Attrib;
+
+
+typedef struct PKCS7DecodedAttrib {
+ struct PKCS7DecodedAttrib* next;
+ byte* oid;
+ word32 oidSz;
+ byte* value;
+ word32 valueSz;
+} PKCS7DecodedAttrib;
+
+typedef struct PKCS7State PKCS7State;
+typedef struct Pkcs7Cert Pkcs7Cert;
+typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
+typedef struct PKCS7 PKCS7;
+typedef struct PKCS7 PKCS7_SIGNED;
+typedef struct PKCS7SignerInfo PKCS7SignerInfo;
+
+/* OtherRecipientInfo decrypt callback prototype */
+typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
+ byte* oriValue, word32 oriValueSz,
+ byte* decryptedKey, word32* decryptedKeySz,
+ void* ctx);
+typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+ byte* oriType, word32* oriTypeSz,
+ byte* oriValue, word32* oriValueSz,
+ void* ctx);
+typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID,
+ byte* iv, int ivSz, byte* aad, word32 aadSz,
+ byte* authTag, word32 authTagSz, byte* in,
+ int inSz, byte* out, void* ctx);
+typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+ byte* keyId, word32 keyIdSz,
+ byte* originKey, word32 originKeySz,
+ byte* out, word32 outSz,
+ int keyWrapAlgo, int type, int dir);
+
+#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
+/* RSA sign raw digest callback, user builds DigestInfo */
+typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
+ word32 digestSz, byte* out, word32 outSz,
+ byte* privateKey, word32 privateKeySz,
+ int devId, int hashOID);
+#endif
+
+/* Public Structure Warning:
+ * Existing members must not be changed to maintain backwards compatibility!
+ */
+struct PKCS7 {
+ WC_RNG* rng;
+ PKCS7Attrib* signedAttribs;
+ byte* content; /* inner content, not owner */
+ byte* contentDynamic; /* content if constructed OCTET_STRING */
+ byte* singleCert; /* recipient cert, DER, not owner */
+ const byte* issuer; /* issuer name of singleCert */
+ byte* privateKey; /* private key, DER, not owner */
+ void* heap; /* heap hint for dynamic memory */
+#ifdef ASN_BER_TO_DER
+ byte* der; /* DER encoded version of message */
+ word32 derSz;
+#endif
+ byte* cert[MAX_PKCS7_CERTS];
+
+ /* Encrypted-data Content Type */
+ byte* encryptionKey; /* block cipher encryption key */
+ PKCS7Attrib* unprotectedAttribs; /* optional */
+ PKCS7DecodedAttrib* decodedAttrib; /* linked list of decoded attribs */
+
+ /* Enveloped-data optional ukm, not owner */
+ byte* ukm;
+ word32 ukmSz;
+
+ word32 encryptionKeySz; /* size of key buffer, bytes */
+ word32 unprotectedAttribsSz;
+ word32 contentSz; /* content size */
+ word32 singleCertSz; /* size of recipient cert buffer, bytes */
+ word32 issuerSz; /* length of issuer name */
+ word32 issuerSnSz; /* length of serial number */
+
+ word32 publicKeySz;
+ word32 publicKeyOID; /* key OID (RSAk, ECDSAk, etc) */
+ word32 privateKeySz; /* size of private key buffer, bytes */
+ word32 signedAttribsSz;
+ int contentOID; /* PKCS#7 content type OID sum */
+ int hashOID;
+ int encryptOID; /* key encryption algorithm OID */
+ int keyWrapOID; /* key wrap algorithm OID */
+ int keyAgreeOID; /* key agreement algorithm OID */
+ int devId; /* device ID for HW based private key */
+ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
+ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
+ byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
+ word32 certSz[MAX_PKCS7_CERTS];
+
+ /* flags - up to 16-bits */
+ word16 isDynamic:1;
+ word16 noDegenerate:1; /* allow degenerate case in verify function */
+ word16 detached:1; /* generate detached SignedData signature bundles */
+
+ byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
+ word32 contentTypeSz; /* size of contentType, bytes */
+
+ int sidType; /* SignerIdentifier type to use, of type
+ Pkcs7_SignerIdentifier_Types, default to
+ SID_ISSUER_AND_SERIAL_NUMBER */
+ byte issuerSubjKeyId[KEYID_SIZE]; /* SubjectKeyIdentifier of singleCert */
+ Pkcs7Cert* certList; /* certificates list for SignedData set */
+ Pkcs7EncodedRecip* recipList; /* recipients list */
+ byte* cek; /* content encryption key, random, dynamic */
+ word32 cekSz; /* size of cek, bytes */
+ byte* pass; /* password, for PWRI decryption */
+ word32 passSz; /* size of pass, bytes */
+ int kekEncryptOID; /* KEK encryption algorithm OID */
+
+ CallbackOriEncrypt oriEncryptCb; /* ORI encrypt callback */
+ CallbackOriDecrypt oriDecryptCb; /* ORI decrypt callback */
+ void* oriEncryptCtx; /* ORI encrypt user context ptr */
+ void* oriDecryptCtx; /* ORI decrypt user context ptr */
+
+ PKCS7Attrib* authAttribs; /* authenticated attribs */
+ word32 authAttribsSz;
+ PKCS7Attrib* unauthAttribs; /* unauthenticated attribs */
+ word32 unauthAttribsSz;
+
+#ifndef NO_PKCS7_STREAM
+ PKCS7State* stream;
+#endif
+ word32 state;
+
+ word16 skipDefaultSignedAttribs:1; /* skip adding default signed attribs */
+
+ byte version; /* 1 for RFC 2315 and 3 for RFC 4108 */
+ PKCS7SignerInfo* signerInfo;
+ CallbackDecryptContent decryptionCb;
+ CallbackWrapCEK wrapCEKCb;
+ void* decryptionCtx;
+
+ byte* signature;
+ byte* plainDigest;
+ byte* pkcs7Digest;
+ word32 signatureSz;
+ word32 plainDigestSz;
+ word32 pkcs7DigestSz;
+
+#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
+ CallbackRsaSignRawDigest rsaSignRawDigestCb;
+#endif
+
+ /* used by DecodeEnvelopedData with multiple encrypted contents */
+ byte* cachedEncryptedContent;
+ word32 cachedEncryptedContentSz;
+ /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
+};
+
+WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
+WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
+WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
+
+WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
+ word32 oidSz, byte* out, word32* outSz);
+
+WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type);
+WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
+ word32 sz);
+WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
+WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
+ word32 blockSz);
+
+/* CMS/PKCS#7 Data */
+WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
+ word32 outputSz);
+
+/* CMS/PKCS#7 SignedData */
+WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
+WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
+ byte* output, word32 outputSz);
+WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+ word32 hashSz, byte* outputHead,
+ word32* outputHeadSz,
+ byte* outputFoot,
+ word32* outputFootSz);
+WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
+ byte* pkiMsg, word32 pkiMsgSz);
+WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+ word32 hashSz, byte* pkiMsgHead,
+ word32 pkiMsgHeadSz, byte* pkiMsgFoot,
+ word32 pkiMsgFootSz);
+
+WOLFSSL_API int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz);
+
+/* CMS single-shot API for Signed FirmwarePkgData */
+WOLFSSL_API int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
+ word32 privateKeySz, int signOID,
+ int hashOID, byte* content,
+ word32 contentSz,
+ PKCS7Attrib* signedAttribs,
+ word32 signedAttribsSz, byte* output,
+ word32 outputSz);
+#ifndef NO_PKCS7_ENCRYPTED_DATA
+/* CMS single-shot API for Signed Encrypted FirmwarePkgData */
+WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
+ byte* encryptKey, word32 encryptKeySz,
+ byte* privateKey, word32 privateKeySz,
+ int encryptOID, int signOID,
+ int hashOID, byte* content,
+ word32 contentSz,
+ PKCS7Attrib* unprotectedAttribs,
+ word32 unprotectedAttribsSz,
+ PKCS7Attrib* signedAttribs,
+ word32 signedAttribsSz,
+ byte* output, word32 outputSz);
+#endif /* NO_PKCS7_ENCRYPTED_DATA */
+#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
+/* CMS single-shot API for Signed Compressed FirmwarePkgData */
+WOLFSSL_API int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
+ byte* privateKey, word32 privateKeySz,
+ int signOID, int hashOID,
+ byte* content, word32 contentSz,
+ PKCS7Attrib* signedAttribs,
+ word32 signedAttribsSz, byte* output,
+ word32 outputSz);
+
+#ifndef NO_PKCS7_ENCRYPTED_DATA
+/* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */
+WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
+ byte* encryptKey, word32 encryptKeySz,
+ byte* privateKey, word32 privateKeySz,
+ int encryptOID, int signOID,
+ int hashOID, byte* content,
+ word32 contentSz,
+ PKCS7Attrib* unprotectedAttribs,
+ word32 unprotectedAttribsSz,
+ PKCS7Attrib* signedAttribs,
+ word32 signedAttribsSz,
+ byte* output, word32 outputSz);
+#endif /* !NO_PKCS7_ENCRYPTED_DATA */
+#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
+
+/* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
+WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
+ word32 certSz, int options);
+WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
+ word32 certSz, int keyWrapOID,
+ int keyAgreeOID, byte* ukm,
+ word32 ukmSz, int options);
+
+WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz);
+WOLFSSL_API int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID,
+ byte* kek, word32 kekSz,
+ byte* keyID, word32 keyIdSz,
+ void* timePtr, byte* otherOID,
+ word32 otherOIDSz, byte* other,
+ word32 otherSz, int options);
+
+WOLFSSL_API int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen);
+WOLFSSL_API int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd,
+ word32 pLen, byte* salt,
+ word32 saltSz, int kdfOID,
+ int prfOID, int iterations,
+ int kekEncryptOID, int options);
+WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
+WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
+ int options);
+WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7,
+ CallbackWrapCEK wrapCEKCb);
+
+#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
+WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7,
+ CallbackRsaSignRawDigest cb);
+#endif
+
+/* CMS/PKCS#7 EnvelopedData */
+WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
+ byte* output, word32 outputSz);
+WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+ word32 pkiMsgSz, byte* output,
+ word32 outputSz);
+
+/* CMS/PKCS#7 AuthEnvelopedData */
+WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7,
+ byte* output, word32 outputSz);
+WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+ word32 pkiMsgSz, byte* output,
+ word32 outputSz);
+
+/* CMS/PKCS#7 EncryptedData */
+#ifndef NO_PKCS7_ENCRYPTED_DATA
+WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
+ byte* output, word32 outputSz);
+WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
+ word32 pkiMsgSz, byte* output,
+ word32 outputSz);
+WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
+ CallbackDecryptContent decryptionCb);
+WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx);
+#endif /* NO_PKCS7_ENCRYPTED_DATA */
+
+/* CMS/PKCS#7 CompressedData */
+#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
+WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output,
+ word32 outputSz);
+WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg,
+ word32 pkiMsgSz, byte* output,
+ word32 outputSz);
+#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_PKCS7 */
+#endif /* WOLF_CRYPT_PKCS7_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/poly1305.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/poly1305.h
new file mode 100644
index 0000000..a0e0b3a
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/poly1305.h
@@ -0,0 +1,138 @@
+/* poly1305.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/poly1305.h
+*/
+
+#ifndef WOLF_CRYPT_POLY1305_H
+#define WOLF_CRYPT_POLY1305_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_POLY1305
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* auto detect between 32bit / 64bit */
+#if defined(__SIZEOF_INT128__) && defined(__LP64__)
+#define WC_HAS_SIZEOF_INT128_64BIT
+#endif
+
+#if defined(_MSC_VER) && defined(_M_X64)
+#define WC_HAS_MSVC_64BIT
+#endif
+
+#if (defined(__GNUC__) && defined(__LP64__) && \
+ ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4))))
+#define WC_HAS_GCC_4_4_64BIT
+#endif
+
+#ifdef USE_INTEL_SPEEDUP
+#elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) || \
+ defined(WC_HAS_GCC_4_4_64BIT))
+#define POLY130564
+#else
+#define POLY130532
+#endif
+
+enum {
+ POLY1305 = 7,
+ POLY1305_BLOCK_SIZE = 16,
+ POLY1305_DIGEST_SIZE = 16,
+};
+
+#define WC_POLY1305_PAD_SZ 16
+#define WC_POLY1305_MAC_SZ 16
+
+/* Poly1305 state */
+typedef struct Poly1305 {
+#ifdef USE_INTEL_SPEEDUP
+ word64 r[3];
+ word64 h[3];
+ word64 pad[2];
+ word64 hh[20];
+ word32 r1[8];
+ word32 r2[8];
+ word32 r3[8];
+ word32 r4[8];
+ word64 hm[16];
+ unsigned char buffer[8*POLY1305_BLOCK_SIZE];
+ size_t leftover;
+ unsigned char finished;
+ unsigned char started;
+#else
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+ ALIGN128 word32 r[5];
+ ALIGN128 word32 r_2[5]; // r^2
+ ALIGN128 word32 r_4[5]; // r^4
+ ALIGN128 word32 h[5];
+ word32 pad[4];
+ word64 leftover;
+#else
+#if defined(POLY130564)
+ word64 r[3];
+ word64 h[3];
+ word64 pad[2];
+#else
+ word32 r[5];
+ word32 h[5];
+ word32 pad[4];
+#endif
+ size_t leftover;
+#endif /* WOLFSSL_ARMASM */
+ unsigned char buffer[POLY1305_BLOCK_SIZE];
+ unsigned char finished;
+#endif
+} Poly1305;
+
+/* does init */
+
+WOLFSSL_API int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
+ word32 kySz);
+WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte*, word32);
+WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
+
+/* AEAD Functions */
+WOLFSSL_API int wc_Poly1305_Pad(Poly1305* ctx, word32 lenToPad);
+WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz,
+ word32 dataSz);
+#ifdef WORD64_AVAILABLE
+WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz,
+ word64 dataSz);
+#endif
+WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional,
+ word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz);
+
+#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
+void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
+ size_t bytes);
+void poly1305_block(Poly1305* ctx, const unsigned char *m);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* HAVE_POLY1305 */
+#endif /* WOLF_CRYPT_POLY1305_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pwdbased.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pwdbased.h
new file mode 100644
index 0000000..e142adb
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/pwdbased.h
@@ -0,0 +1,77 @@
+/* pwdbased.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/pwdbased.h
+*/
+
+#ifndef WOLF_CRYPT_PWDBASED_H
+#define WOLF_CRYPT_PWDBASED_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_PWDBASED
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/*
+ * hashType renamed to typeH to avoid shadowing global declaration here:
+ * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types
+ */
+WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
+ const byte* passwd, int passwdLen,
+ const byte* salt, int saltLen, int iterations,
+ int hashType, void* heap);
+WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
+ const byte* salt, int sLen, int iterations, int kLen,
+ int typeH);
+WOLFSSL_API int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen,
+ const byte* salt, int sLen, int iterations, int kLen,
+ int typeH, void* heap, int devId);
+WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
+ const byte* salt, int sLen, int iterations, int kLen,
+ int typeH);
+WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
+ const byte* salt, int sLen, int iterations,
+ int kLen, int typeH, int purpose);
+WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
+ const byte* salt, int saltLen, int iterations, int kLen,
+ int hashType, int id, void* heap);
+
+#ifdef HAVE_SCRYPT
+WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen,
+ const byte* salt, int saltLen, int cost,
+ int blockSize, int parallel, int dkLen);
+WOLFSSL_API int wc_scrypt_ex(byte* output, const byte* passwd, int passLen,
+ const byte* salt, int saltLen, word32 iterations,
+ int blockSize, int parallel, int dkLen);
+#endif
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_PWDBASED */
+#endif /* WOLF_CRYPT_PWDBASED_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rabbit.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rabbit.h
new file mode 100644
index 0000000..836b737
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rabbit.h
@@ -0,0 +1,73 @@
+/* rabbit.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/rabbit.h
+*/
+
+
+#ifndef WOLF_CRYPT_RABBIT_H
+#define WOLF_CRYPT_RABBIT_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_RABBIT
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+enum {
+ RABBIT_ENC_TYPE = 5 /* cipher unique type */
+};
+
+
+/* Rabbit Context */
+typedef struct RabbitCtx {
+ word32 x[8];
+ word32 c[8];
+ word32 carry;
+} RabbitCtx;
+
+
+/* Rabbit stream cipher */
+typedef struct Rabbit {
+ RabbitCtx masterCtx;
+ RabbitCtx workCtx;
+#ifdef XSTREAM_ALIGN
+ void* heap; /* heap hint, currently XMALLOC only used with aligning */
+#endif
+} Rabbit;
+
+
+WOLFSSL_API int wc_RabbitProcess(Rabbit*, byte*, const byte*, word32);
+WOLFSSL_API int wc_RabbitSetKey(Rabbit*, const byte* key, const byte* iv);
+
+WOLFSSL_LOCAL int wc_Rabbit_SetHeap(Rabbit* ctx, void* heap);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_RABBIT */
+#endif /* WOLF_CRYPT_RABBIT_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/random.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/random.h
new file mode 100644
index 0000000..066eaff
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/random.h
@@ -0,0 +1,261 @@
+/* random.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/random.h
+*/
+
+
+
+#ifndef WOLF_CRYPT_RANDOM_H
+#define WOLF_CRYPT_RANDOM_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+/* included for fips @wc_fips */
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+#include <cyassl/ctaocrypt/random.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+ /* Maximum generate block length */
+#ifndef RNG_MAX_BLOCK_LEN
+ #ifdef HAVE_INTEL_QA
+ #define RNG_MAX_BLOCK_LEN (0xFFFFl)
+ #else
+ #define RNG_MAX_BLOCK_LEN (0x10000l)
+ #endif
+#endif
+
+/* Size of the BRBG seed */
+#ifndef DRBG_SEED_LEN
+ #define DRBG_SEED_LEN (440/8)
+#endif
+
+
+#if !defined(CUSTOM_RAND_TYPE)
+ /* To maintain compatibility the default is byte */
+ #define CUSTOM_RAND_TYPE byte
+#endif
+
+/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
+ or CUSTOM_RAND_GENERATE_BLOCK is defined */
+#if !defined(WC_NO_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+ #undef HAVE_HASHDRBG
+ #define HAVE_HASHDRBG
+ #ifndef WC_RESEED_INTERVAL
+ #define WC_RESEED_INTERVAL (1000000)
+ #endif
+#endif
+
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+/* RNG supports the following sources (in order):
+ * 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
+ * bypasses the options below.
+ * 2. HAVE_INTEL_RDRAND: Uses the Intel RDRAND if supported by CPU.
+ * 3. HAVE_HASHDRBG (requires SHA256 enabled): Uses SHA256 based P-RNG
+ * seeded via wc_GenerateSeed. This is the default source.
+ */
+
+ /* Seed source can be overridden by defining one of these:
+ CUSTOM_RAND_GENERATE_SEED
+ CUSTOM_RAND_GENERATE_SEED_OS
+ CUSTOM_RAND_GENERATE */
+
+
+#if defined(CUSTOM_RAND_GENERATE_BLOCK)
+ /* To use define the following:
+ * #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
+ * extern int myRngFunc(byte* output, word32 sz);
+ */
+#elif defined(HAVE_HASHDRBG)
+ #ifdef NO_SHA256
+ #error "Hash DRBG requires SHA-256."
+ #endif /* NO_SHA256 */
+ #include <wolfssl/wolfcrypt/sha256.h>
+#elif defined(HAVE_WNR)
+ /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
+#elif defined(HAVE_INTEL_RDRAND)
+ /* Intel RDRAND or RDSEED */
+#elif !defined(WC_NO_RNG)
+ #error No RNG source defined!
+#endif
+
+#ifdef HAVE_WNR
+ #include <wnr.h>
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+
+#if defined(USE_WINDOWS_API)
+ #if defined(_WIN64)
+ typedef unsigned __int64 ProviderHandle;
+ /* type HCRYPTPROV, avoid #include <windows.h> */
+ #else
+ typedef unsigned long ProviderHandle;
+ #endif
+#endif
+
+
+/* OS specific seeder */
+typedef struct OS_Seed {
+ #if defined(USE_WINDOWS_API)
+ ProviderHandle handle;
+ #else
+ int fd;
+ #endif
+ #if defined(WOLF_CRYPTO_CB)
+ int devId;
+ #endif
+} OS_Seed;
+
+
+#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
+ typedef struct WC_RNG WC_RNG;
+ #define WC_RNG_TYPE_DEFINED
+#endif
+
+#ifdef HAVE_HASHDRBG
+struct DRBG_internal {
+ word32 reseedCtr;
+ word32 lastBlock;
+ byte V[DRBG_SEED_LEN];
+ byte C[DRBG_SEED_LEN];
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
+ void* heap;
+ int devId;
+#endif
+ byte matchCount;
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+ wc_Sha256 sha256;
+#endif
+};
+#endif
+
+/* RNG context */
+struct WC_RNG {
+ OS_Seed seed;
+ void* heap;
+#ifdef HAVE_HASHDRBG
+ /* Hash-based Deterministic Random Bit Generator */
+ struct DRBG* drbg;
+#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
+ struct DRBG_internal drbg_data;
+#endif
+ byte status;
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
+ int devId;
+#endif
+};
+
+#endif /* NO FIPS or have FIPS v2*/
+
+/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
+ * can't be used with CTaoCrypt FIPS */
+#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS)
+ #define RNG WC_RNG
+#endif
+
+
+WOLFSSL_LOCAL
+int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
+
+
+#ifdef HAVE_WNR
+ /* Whitewood netRandom client library */
+ WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int);
+ WOLFSSL_API int wc_FreeNetRandom(void);
+#endif /* HAVE_WNR */
+
+
+WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte*, word32, void*);
+WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG*);
+
+
+#ifndef WC_NO_RNG
+WOLFSSL_API int wc_InitRng(WC_RNG*);
+WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
+WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
+WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
+ void* heap, int devId);
+WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
+WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*);
+WOLFSSL_API int wc_FreeRng(WC_RNG*);
+#else
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#define wc_InitRng(rng) NOT_COMPILED_IN
+#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
+#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
+#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
+#if defined(__ghs__) || defined(WC_NO_RNG_SIMPLE)
+/* some older compilers do not like macro function in expression */
+#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
+#else
+#define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
+#endif
+#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
+#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
+#endif
+
+
+
+#ifdef HAVE_HASHDRBG
+ WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
+ word32 entropySz);
+ WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
+ WOLFSSL_API int wc_RNG_HealthTest(int reseed,
+ const byte* entropyA, word32 entropyASz,
+ const byte* entropyB, word32 entropyBSz,
+ byte* output, word32 outputSz);
+ WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed,
+ const byte* nonce, word32 nonceSz,
+ const byte* entropyA, word32 entropyASz,
+ const byte* entropyB, word32 entropyBSz,
+ byte* output, word32 outputSz,
+ void* heap, int devId);
+#endif /* HAVE_HASHDRBG */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_RANDOM_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rc2.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rc2.h
new file mode 100644
index 0000000..5aa641a
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rc2.h
@@ -0,0 +1,68 @@
+/* rc2.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLF_CRYPT_RC2_H
+#define WOLF_CRYPT_RC2_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WC_RC2
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum {
+ RC2_MAX_KEY_SIZE = 128, /* max effective key size, octets */
+ RC2_BLOCK_SIZE = 8
+};
+
+/* RC2 encryption and decryption */
+typedef struct Rc2 {
+ ALIGN16 word16 key[RC2_MAX_KEY_SIZE/2];
+ ALIGN16 word32 reg[RC2_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+ ALIGN16 word32 tmp[RC2_BLOCK_SIZE / sizeof(word32)]; /* same */
+ word32 keylen; /* key length, octets */
+ word32 bits; /* effective key length, bits */
+} Rc2;
+
+WOLFSSL_API int wc_Rc2SetKey(Rc2* rc2, const byte* key, word32 length,
+ const byte* iv, word32 bits);
+WOLFSSL_API int wc_Rc2SetIV(Rc2* rc2, const byte* iv);
+
+/* RC2-ECB */
+WOLFSSL_API int wc_Rc2EcbEncrypt(Rc2* rc2, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_Rc2EcbDecrypt(Rc2* rc2, byte* out,
+ const byte* in, word32 sz);
+
+/* RC2-CBC */
+WOLFSSL_API int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out,
+ const byte* in, word32 sz);
+WOLFSSL_API int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out,
+ const byte* in, word32 sz);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WC_RC2 */
+#endif /* WOLF_CRYPT_RC2_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ripemd.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ripemd.h
new file mode 100644
index 0000000..1e4c6b3
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/ripemd.h
@@ -0,0 +1,67 @@
+/* ripemd.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/ripemd.h
+*/
+
+#ifndef WOLF_CRYPT_RIPEMD_H
+#define WOLF_CRYPT_RIPEMD_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFSSL_RIPEMD
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+/* in bytes */
+enum {
+ RIPEMD = 3, /* hash type unique */
+ RIPEMD_BLOCK_SIZE = 64,
+ RIPEMD_DIGEST_SIZE = 20,
+ RIPEMD_PAD_SIZE = 56
+};
+
+
+/* RipeMd 160 digest */
+typedef struct RipeMd {
+ word32 buffLen; /* in bytes */
+ word32 loLen; /* length in bytes */
+ word32 hiLen; /* length in bytes */
+ word32 digest[RIPEMD_DIGEST_SIZE / sizeof(word32)];
+ word32 buffer[RIPEMD_BLOCK_SIZE / sizeof(word32)];
+} RipeMd;
+
+
+WOLFSSL_API int wc_InitRipeMd(RipeMd*);
+WOLFSSL_API int wc_RipeMdUpdate(RipeMd*, const byte*, word32);
+WOLFSSL_API int wc_RipeMdFinal(RipeMd*, byte*);
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_RIPEMD */
+#endif /* WOLF_CRYPT_RIPEMD_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rsa.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rsa.h
new file mode 100644
index 0000000..3164351
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/rsa.h
@@ -0,0 +1,388 @@
+/* rsa.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/rsa.h
+*/
+
+/*
+
+DESCRIPTION
+This library provides the interface to the RSA.
+RSA keys can be used to encrypt, decrypt, sign and verify data.
+
+*/
+#ifndef WOLF_CRYPT_RSA_H
+#define WOLF_CRYPT_RSA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_RSA
+
+
+/* RSA default exponent */
+#ifndef WC_RSA_EXPONENT
+ #define WC_RSA_EXPONENT 65537L
+#endif
+
+#if defined(WC_RSA_NONBLOCK)
+ /* enable support for fast math based non-blocking exptmod */
+ /* this splits the RSA function into many smaller operations */
+ #ifndef USE_FAST_MATH
+ #error RSA non-blocking mode only supported using fast math
+ #endif
+ #ifndef TFM_TIMING_RESISTANT
+ #error RSA non-blocking mode only supported with timing resistance enabled
+ #endif
+
+ /* RSA bounds check is not supported with RSA non-blocking mode */
+ #undef NO_RSA_BOUNDS_CHECK
+ #define NO_RSA_BOUNDS_CHECK
+#endif
+
+/* allow for user to plug in own crypto */
+#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))
+ #include "user_rsa.h"
+#else
+
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+/* for fips @wc_fips */
+#include <cyassl/ctaocrypt/rsa.h>
+#if defined(CYASSL_KEY_GEN) && !defined(WOLFSSL_KEY_GEN)
+ #define WOLFSSL_KEY_GEN
+#endif
+#else
+ #include <wolfssl/wolfcrypt/integer.h>
+ #include <wolfssl/wolfcrypt/random.h>
+#endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#include <wolfssl/wolfcrypt/fips.h>
+#endif
+
+/* header file needed for OAEP padding */
+#include <wolfssl/wolfcrypt/hash.h>
+
+#ifdef WOLFSSL_XILINX_CRYPT
+#include "xsecure_rsa.h"
+#endif
+
+#if defined(WOLFSSL_CRYPTOCELL)
+ #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum {
+ RSA_MIN_SIZE = 512,
+ RSA_MAX_SIZE = 4096,
+};
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+ #ifdef WOLFSSL_CERT_GEN
+ #include <wolfssl/wolfcrypt/asn.h>
+ #endif
+#endif
+
+enum {
+ RSA_PUBLIC = 0,
+ RSA_PRIVATE = 1,
+
+ RSA_TYPE_UNKNOWN = -1,
+ RSA_PUBLIC_ENCRYPT = 0,
+ RSA_PUBLIC_DECRYPT = 1,
+ RSA_PRIVATE_ENCRYPT = 2,
+ RSA_PRIVATE_DECRYPT = 3,
+
+ RSA_BLOCK_TYPE_1 = 1,
+ RSA_BLOCK_TYPE_2 = 2,
+
+ RSA_MIN_PAD_SZ = 11, /* separator + 0 + pad value + 8 pads */
+
+ RSA_PSS_PAD_SZ = 8,
+ RSA_PSS_SALT_MAX_SZ = 62,
+
+#ifdef OPENSSL_EXTRA
+ RSA_PKCS1_PADDING_SIZE = 11,
+ RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
+#endif
+#ifdef WC_RSA_PSS
+ RSA_PSS_PAD_TERM = 0xBC,
+#endif
+
+ RSA_PSS_SALT_LEN_DEFAULT = -1,
+#ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER
+ RSA_PSS_SALT_LEN_DISCOVER = -2,
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+ RSA_MAX_ID_LEN = 32,
+ RSA_MAX_LABEL_LEN = 32,
+#endif
+};
+
+#ifdef WC_RSA_NONBLOCK
+typedef struct RsaNb {
+ exptModNb_t exptmod; /* non-block expt_mod */
+ mp_int tmp;
+} RsaNb;
+#endif
+
+/* RSA */
+struct RsaKey {
+ mp_int n, e;
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+ mp_int d, p, q;
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+ mp_int dP, dQ, u;
+#endif
+#endif
+ void* heap; /* for user memory overrides */
+ byte* data; /* temp buffer for async RSA */
+ int type; /* public or private */
+ int state;
+ word32 dataLen;
+#ifdef WC_RSA_BLINDING
+ WC_RNG* rng; /* for PrivateDecrypt blinding */
+#endif
+#ifdef WOLF_CRYPTO_CB
+ int devId;
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+ #ifdef WOLFSSL_CERT_GEN
+ CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
+ #endif
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#ifdef WOLFSSL_XILINX_CRYPT
+ word32 pubExp; /* to keep values in scope they are here in struct */
+ byte* mod;
+ XSecure_Rsa xRsa;
+#endif
+#ifdef WOLF_CRYPTO_CB
+ byte id[RSA_MAX_ID_LEN];
+ int idLen;
+ char label[RSA_MAX_LABEL_LEN];
+ int labelLen;
+#endif
+#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE)
+ byte dataIsAlloc;
+#endif
+#ifdef WC_RSA_NONBLOCK
+ RsaNb* nb;
+#endif
+#ifdef WOLFSSL_AFALG_XILINX_RSA
+ int alFd;
+ int rdFd;
+#endif
+#if defined(WOLFSSL_CRYPTOCELL)
+ rsa_context_t ctx;
+#endif
+};
+
+#ifndef WC_RSAKEY_TYPE_DEFINED
+ typedef struct RsaKey RsaKey;
+ #define WC_RSAKEY_TYPE_DEFINED
+#endif
+
+#endif /*HAVE_FIPS */
+
+WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
+WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
+WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
+#ifdef WOLF_CRYPTO_CB
+WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
+ void* heap, int devId);
+WOLFSSL_API int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap,
+ int devId);
+#endif
+WOLFSSL_API int wc_CheckRsaKey(RsaKey* key);
+#ifdef WOLFSSL_XILINX_CRYPT
+WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key);
+#endif /* WOLFSSL_XILINX_CRYPT */
+
+WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
+ word32* outLen, int type, RsaKey* key, WC_RNG* rng);
+
+WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
+ word32 outLen, RsaKey* key, WC_RNG* rng);
+WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
+ RsaKey* key);
+WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
+ word32 outLen, RsaKey* key);
+WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
+ word32 outLen, RsaKey* key, WC_RNG* rng);
+WOLFSSL_API int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,
+ word32 outLen, enum wc_HashType hash, int mgf,
+ RsaKey* key, WC_RNG* rng);
+WOLFSSL_API int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out,
+ word32 outLen, enum wc_HashType hash,
+ int mgf, int saltLen, RsaKey* key,
+ WC_RNG* rng);
+WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
+ RsaKey* key);
+WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
+ word32 outLen, RsaKey* key);
+WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,
+ word32 outLen, RsaKey* key, int pad_type);
+WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out,
+ word32 outLen, RsaKey* key, int pad_type,
+ enum wc_HashType hash);
+WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
+ enum wc_HashType hash, int mgf,
+ RsaKey* key);
+WOLFSSL_API int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out,
+ enum wc_HashType hash, int mgf,
+ int saltLen, RsaKey* key);
+WOLFSSL_API int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out,
+ word32 outLen, enum wc_HashType hash, int mgf,
+ RsaKey* key);
+WOLFSSL_API int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out,
+ word32 outLen, enum wc_HashType hash,
+ int mgf, int saltLen, RsaKey* key);
+WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
+ word32 sigSz,
+ enum wc_HashType hashType);
+WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen,
+ byte* sig, word32 sigSz,
+ enum wc_HashType hashType,
+ int saltLen, int bits);
+WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
+ const byte* digest, word32 digentLen,
+ enum wc_HashType hash, int mgf,
+ RsaKey* key);
+WOLFSSL_API int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen,
+ byte* out, word32 outLen,
+ const byte* digest, word32 digestLen,
+ enum wc_HashType hash, int mgf,
+ RsaKey* key);
+
+WOLFSSL_API int wc_RsaEncryptSize(const RsaKey* key);
+
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+/* to avoid asn duplicate symbols @wc_fips */
+WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
+ RsaKey*, word32);
+WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
+ RsaKey*, word32);
+WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
+ const byte* e, word32 eSz, RsaKey* key);
+#ifdef WOLFSSL_KEY_GEN
+ WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
+#endif
+
+#ifdef WC_RSA_BLINDING
+ WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
+#endif
+#ifdef WC_RSA_NONBLOCK
+ WOLFSSL_API int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb);
+ #ifdef WC_RSA_NONBLOCK_TIME
+ WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs,
+ word32 cpuMHz);
+ #endif
+#endif
+
+/*
+ choice of padding added after fips, so not available when using fips RSA
+ */
+
+/* Mask Generation Function Identifiers */
+#define WC_MGF1NONE 0
+#define WC_MGF1SHA1 26
+#define WC_MGF1SHA224 4
+#define WC_MGF1SHA256 1
+#define WC_MGF1SHA384 2
+#define WC_MGF1SHA512 3
+
+/* Padding types */
+#define WC_RSA_PKCSV15_PAD 0
+#define WC_RSA_OAEP_PAD 1
+#define WC_RSA_PSS_PAD 2
+#define WC_RSA_NO_PAD 3
+
+WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
+ word32 outLen, RsaKey* key, WC_RNG* rng, int type,
+ enum wc_HashType hash, int mgf, byte* label, word32 lableSz);
+WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
+ byte* out, word32 outLen, RsaKey* key, int type,
+ enum wc_HashType hash, int mgf, byte* label, word32 lableSz);
+WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
+ byte** out, RsaKey* key, int type, enum wc_HashType hash,
+ int mgf, byte* label, word32 lableSz);
+#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
+WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
+ RsaKey* key, int type, WC_RNG* rng);
+#endif
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
+ word32*);
+WOLFSSL_API int wc_RsaExportKey(RsaKey* key,
+ byte* e, word32* eSz,
+ byte* n, word32* nSz,
+ byte* d, word32* dSz,
+ byte* p, word32* pSz,
+ byte* q, word32* qSz);
+
+WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
+
+#ifdef WOLFSSL_KEY_GEN
+ WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
+ WOLFSSL_API int wc_CheckProbablePrime_ex(const byte* p, word32 pSz,
+ const byte* q, word32 qSz,
+ const byte* e, word32 eSz,
+ int nlen, int* isPrime, WC_RNG* rng);
+ WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz,
+ const byte* q, word32 qSz,
+ const byte* e, word32 eSz,
+ int nlen, int* isPrime);
+#endif
+
+WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
+ word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,
+ enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen,
+ int saltLen, int bits, void* heap);
+WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
+ byte padValue, int padType, enum wc_HashType hType,
+ int mgf, byte* optLabel, word32 labelLen, int saltLen,
+ int bits, void* heap);
+
+WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType);
+
+#endif /* HAVE_USER_RSA */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_RSA */
+#endif /* WOLF_CRYPT_RSA_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sakke.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sakke.h
new file mode 100644
index 0000000..79fc314
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sakke.h
@@ -0,0 +1,228 @@
+/* sakke.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/sakke.h
+*/
+
+
+#ifndef WOLF_CRYPT_SAKKE_H
+#define WOLF_CRYPT_SAKKE_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
+
+#include <wolfssl/wolfcrypt/integer.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/hmac.h>
+
+#define WOLFCRYPT_SAKKE_KMS
+#define WOLFCRYPT_SAKKE_CLIENT
+
+#define SAKKE_ID_MAX_SIZE 128
+
+/* Maximum number of loops of attempting to generate a key. */
+#ifndef SAKKE_MAX_GEN_COUNT
+ #define SAKKE_MAX_GEN_COUNT 10
+#endif
+
+
+/** MP integer in projective form. */
+typedef ecc_point mp_proj;
+
+/** SAKKE ECC parameters in usable format. */
+typedef struct SakkeKeyParams {
+ /** Prime as an MP integer. */
+ mp_int prime;
+ /** Q (order) as an MP integer. */
+ mp_int q;
+ /** G (pairing base) as an MP integer. */
+ mp_int g;
+ /** Temporary MP integer used during operations. */
+ mp_int a;
+ /** Base point for elliptic curve operations as an ECC point. */
+ ecc_point* base;
+
+ /** Bit indicate prime is set as an MP integer in SAKKE key. */
+ byte havePrime:1;
+ /** Bit indicates q (order) is set as an MP integer in SAKKE key. */
+ byte haveQ:1;
+ /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */
+ byte haveG:1;
+ /** Bit indicates a is set as an MP integer in SAKKE key. */
+ byte haveA:1;
+ /** Bit indicates base point is set as an ECC point in SAKKE key. */
+ byte haveBase:1;
+} SakkeKeyParams;
+
+/** Temporary values to use in SAKKE calculations. */
+typedef struct SakkeKeyTmp {
+ /** Temporary MP integer used during operations. */
+ mp_int m1;
+ /** Temporary MP integer used during operations. */
+ mp_int m2;
+
+#ifdef WOLFCRYPT_SAKKE_CLIENT
+ /** Temporary elliptic curve point for use in operations. */
+ ecc_point* p1;
+ /** Temporary elliptic curve point for use in operations. */
+ ecc_point* p2;
+ /** Temporary MP projective integer for use in operations. */
+ mp_proj* p3;
+#endif
+} SakkeKeyTmp;
+
+#ifdef WOLFCRYPT_SAKKE_CLIENT
+/** SAKKE data for the intermediate point I. */
+typedef struct SakkeKeyPointI {
+ /** Temporary elliptic curve point for use in operations. */
+ ecc_point* i;
+ /** Table associated with point I. */
+ byte* table;
+ /** Length of table */
+ int tableLen;
+ /** Identity associated with point I. */
+ byte id[SAKKE_ID_MAX_SIZE];
+ /** Size of identity associated with point I. */
+ word16 idSz;
+} SakkeKeyPointI;
+
+/** SAKKE data for the Receiver Secret Key (RSK). */
+typedef struct SakkeKeyRsk {
+ /** RSK (Receiver Secret Key). */
+ ecc_point* rsk;
+ /** Table associated with point I. */
+ byte* table;
+ /** Length of table */
+ int tableLen;
+ /** Indicates whether an RSK value has been set. */
+ byte set:1;
+} SakkeKeyRsk;
+#endif
+
+/**
+ * SAKKE key.
+ */
+typedef struct SakkeKey {
+ /** ECC key to perform elliptic curve operations with. */
+ ecc_key ecc;
+
+ /** ECC parameter in forms that can be used in computation. */
+ SakkeKeyParams params;
+ /** Temporaries used during calculations. */
+ SakkeKeyTmp tmp;
+
+#ifdef WOLFCRYPT_SAKKE_CLIENT
+ /** Data relating to the RSK (Receiver Secret Key). */
+ SakkeKeyRsk rsk;
+ /** Identity to perform operations with. */
+ byte id[SAKKE_ID_MAX_SIZE];
+ /** Size of identity in bytes. */
+ word16 idSz;
+
+ /** Data relating to the intermediate point I. */
+ SakkeKeyPointI i;
+
+ /** Generic hash algorithm object. */
+ wc_HashAlg hash;
+ /** Temporary buffer for use in operations. */
+ byte data[(MAX_ECC_BYTES * 2) + 1];
+#endif
+
+ /** Heap hint for dynamic memory allocation. */
+ void* heap;
+
+ /** Bit indicates Z, public key, is in montgomery form. */
+ byte zMont:1;
+ /** Bit indicate MP integers have been initialized. */
+ byte mpInit:1;
+} SakkeKey;
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+WOLFSSL_API int wc_InitSakkeKey(SakkeKey* key, void* heap, int devId);
+WOLFSSL_API int wc_InitSakkeKey_ex(SakkeKey* key, int keySize, int curveId,
+ void* heap, int devId);
+WOLFSSL_API void wc_FreeSakkeKey(SakkeKey* key);
+
+WOLFSSL_API int wc_MakeSakkeKey(SakkeKey* key, WC_RNG* rng);
+WOLFSSL_API int wc_MakeSakkePublicKey(SakkeKey* key, ecc_point* pub);
+
+WOLFSSL_API int wc_MakeSakkeRsk(SakkeKey* key, const byte* id, word16 idSz,
+ ecc_point* rsk);
+WOLFSSL_API int wc_ValidateSakkeRsk(SakkeKey* key, const byte* id, word16 idSz,
+ ecc_point* rsk, int* valid);
+
+WOLFSSL_API int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz);
+WOLFSSL_API int wc_ImportSakkeKey(SakkeKey* key, const byte* data, word32 sz);
+WOLFSSL_API int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz);
+WOLFSSL_API int wc_ImportSakkePrivateKey(SakkeKey* key, const byte* data,
+ word32 sz);
+WOLFSSL_API int wc_ExportSakkePublicKey(SakkeKey* key, byte* data,
+ word32* sz, int raw);
+WOLFSSL_API int wc_ImportSakkePublicKey(SakkeKey* key, const byte* data,
+ word32 sz, int trusted);
+
+WOLFSSL_API int wc_EncodeSakkeRsk(const SakkeKey* key, ecc_point* rsk,
+ byte* out, word32* sz, int raw);
+WOLFSSL_API int wc_DecodeSakkeRsk(const SakkeKey* key, const byte* data,
+ word32 sz, ecc_point* rsk);
+WOLFSSL_API int wc_ImportSakkeRsk(SakkeKey* key, const byte* data, word32 sz);
+
+WOLFSSL_API int wc_GetSakkeAuthSize(SakkeKey* key, word16* authSz);
+
+WOLFSSL_API int wc_SetSakkeIdentity(SakkeKey* key, const byte* id, word16 idSz);
+WOLFSSL_API int wc_MakeSakkePointI(SakkeKey* key, const byte* id, word16 idSz);
+WOLFSSL_API int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz);
+WOLFSSL_API int wc_SetSakkePointI(SakkeKey* key, const byte* id, word16 idSz,
+ const byte* data, word32 sz);
+WOLFSSL_API int wc_GenerateSakkePointITable(SakkeKey* key, byte* table,
+ word32* len);
+WOLFSSL_API int wc_SetSakkePointITable(SakkeKey* key, byte* table, word32 len);
+WOLFSSL_API int wc_ClearSakkePointITable(SakkeKey* key);
+
+WOLFSSL_API int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key,
+ enum wc_HashType hashType, byte* ssv, word16 ssvSz, byte* auth,
+ word16* authSz);
+
+WOLFSSL_API int wc_GenerateSakkeRskTable(const SakkeKey* key,
+ const ecc_point* rsk, byte* table, word32* len);
+WOLFSSL_API int wc_SetSakkeRsk(SakkeKey* key, const ecc_point* rsk, byte* table,
+ word32 len);
+
+WOLFSSL_API int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv,
+ word16* ssvSz);
+WOLFSSL_API int wc_DeriveSakkeSSV(SakkeKey* key, enum wc_HashType hashType,
+ byte* ssv, word16 ssvSz, const byte* auth,
+ word16 authSz);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+
+#endif /* WOLF_CRYPT_SAKKE_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/settings.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/settings.h
new file mode 100644
index 0000000..3a3dfae
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/settings.h
@@ -0,0 +1,2494 @@
+/* settings.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* Place OS specific preprocessor flags, defines, includes here, will be
+ included into every file because types.h includes it */
+
+
+#ifndef WOLF_CRYPT_SETTINGS_H
+#define WOLF_CRYPT_SETTINGS_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* This flag allows wolfSSL to include options.h instead of having client
+ * projects do it themselves. This should *NEVER* be defined when building
+ * wolfSSL as it can cause hard to debug problems. */
+#ifdef EXTERNAL_OPTS_OPENVPN
+#include <wolfssl/options.h>
+#endif
+
+/* Uncomment next line if using IPHONE */
+/* #define IPHONE */
+
+/* Uncomment next line if using ThreadX */
+/* #define THREADX */
+
+/* Uncomment next line if using Micrium uC/OS-III */
+/* #define MICRIUM */
+
+/* Uncomment next line if using Deos RTOS*/
+/* #define WOLFSSL_DEOS*/
+
+/* Uncomment next line if using Mbed */
+/* #define MBED */
+
+/* Uncomment next line if using Microchip PIC32 ethernet starter kit */
+/* #define MICROCHIP_PIC32 */
+
+/* Uncomment next line if using Microchip TCP/IP stack, version 5 */
+/* #define MICROCHIP_TCPIP_V5 */
+
+/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
+/* #define MICROCHIP_TCPIP */
+
+/* Uncomment next line if using above Microchip TCP/IP defines with BSD API */
+/* #define MICROCHIP_TCPIP_BSD_API */
+
+/* Uncomment next line if using PIC32MZ Crypto Engine */
+/* #define WOLFSSL_MICROCHIP_PIC32MZ */
+
+/* Uncomment next line if using FreeRTOS */
+/* #define FREERTOS */
+
+/* Uncomment next line if using FreeRTOS+ TCP */
+/* #define FREERTOS_TCP */
+
+/* Uncomment next line if using FreeRTOS Windows Simulator */
+/* #define FREERTOS_WINSIM */
+
+/* Uncomment next line if using RTIP */
+/* #define EBSNET */
+
+/* Uncomment next line if using lwip */
+/* #define WOLFSSL_LWIP */
+
+/* Uncomment next line if building wolfSSL for a game console */
+/* #define WOLFSSL_GAME_BUILD */
+
+/* Uncomment next line if building wolfSSL for LSR */
+/* #define WOLFSSL_LSR */
+
+/* Uncomment next line if building for Freescale Classic MQX version 5.0 */
+/* #define FREESCALE_MQX_5_0 */
+
+/* Uncomment next line if building for Freescale Classic MQX version 4.0 */
+/* #define FREESCALE_MQX_4_0 */
+
+/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */
+/* #define FREESCALE_MQX */
+
+/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */
+/* #define FREESCALE_KSDK_MQX */
+
+/* Uncomment next line if building for Freescale KSDK Bare Metal */
+/* #define FREESCALE_KSDK_BM */
+
+/* Uncomment next line if building for Freescale KSDK FreeRTOS, */
+/* (old name FREESCALE_FREE_RTOS) */
+/* #define FREESCALE_KSDK_FREERTOS */
+
+/* Uncomment next line if using STM32F2 */
+/* #define WOLFSSL_STM32F2 */
+
+/* Uncomment next line if using STM32F4 */
+/* #define WOLFSSL_STM32F4 */
+
+/* Uncomment next line if using STM32FL */
+/* #define WOLFSSL_STM32FL */
+
+/* Uncomment next line if using STM32F7 */
+/* #define WOLFSSL_STM32F7 */
+
+/* Uncomment next line if using QL SEP settings */
+/* #define WOLFSSL_QL */
+
+/* Uncomment next line if building for EROAD */
+/* #define WOLFSSL_EROAD */
+
+/* Uncomment next line if building for IAR EWARM */
+/* #define WOLFSSL_IAR_ARM */
+
+/* Uncomment next line if building for Rowley CrossWorks ARM */
+/* #define WOLFSSL_ROWLEY_ARM */
+
+/* Uncomment next line if using TI-RTOS settings */
+/* #define WOLFSSL_TIRTOS */
+
+/* Uncomment next line if building with PicoTCP */
+/* #define WOLFSSL_PICOTCP */
+
+/* Uncomment next line if building for PicoTCP demo bundle */
+/* #define WOLFSSL_PICOTCP_DEMO */
+
+/* Uncomment next line if building for uITRON4 */
+/* #define WOLFSSL_uITRON4 */
+
+/* Uncomment next line if building for uT-Kernel */
+/* #define WOLFSSL_uTKERNEL2 */
+
+/* Uncomment next line if using Max Strength build */
+/* #define WOLFSSL_MAX_STRENGTH */
+
+/* Uncomment next line if building for VxWorks */
+/* #define WOLFSSL_VXWORKS */
+
+/* Uncomment next line if building for Nordic nRF5x platform */
+/* #define WOLFSSL_NRF5x */
+
+/* Uncomment next line to enable deprecated less secure static DH suites */
+/* #define WOLFSSL_STATIC_DH */
+
+/* Uncomment next line to enable deprecated less secure static RSA suites */
+/* #define WOLFSSL_STATIC_RSA */
+
+/* Uncomment next line if building for ARDUINO */
+/* Uncomment both lines if building for ARDUINO on INTEL_GALILEO */
+/* #define WOLFSSL_ARDUINO */
+/* #define INTEL_GALILEO */
+
+/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */
+/* #define WOLFSSL_ASYNC_CRYPT */
+
+/* Uncomment next line if building for uTasker */
+/* #define WOLFSSL_UTASKER */
+
+/* Uncomment next line if building for embOS */
+/* #define WOLFSSL_EMBOS */
+
+/* Uncomment next line if building for RIOT-OS */
+/* #define WOLFSSL_RIOT_OS */
+
+/* Uncomment next line if building for using XILINX hardened crypto */
+/* #define WOLFSSL_XILINX_CRYPT */
+
+/* Uncomment next line if building for using XILINX */
+/* #define WOLFSSL_XILINX */
+
+/* Uncomment next line if building for WICED Studio. */
+/* #define WOLFSSL_WICED */
+
+/* Uncomment next line if building for Nucleus 1.2 */
+/* #define WOLFSSL_NUCLEUS_1_2 */
+
+/* Uncomment next line if building for using Apache mynewt */
+/* #define WOLFSSL_APACHE_MYNEWT */
+
+/* Uncomment next line if building for using ESP-IDF */
+/* #define WOLFSSL_ESPIDF */
+
+/* Uncomment next line if using Espressif ESP32-WROOM-32 */
+/* #define WOLFSSL_ESPWROOM32 */
+
+/* Uncomment next line if using Espressif ESP32-WROOM-32SE */
+/* #define WOLFSSL_ESPWROOM32SE */
+
+/* Uncomment next line if using ARM CRYPTOCELL*/
+/* #define WOLFSSL_CRYPTOCELL */
+
+/* Uncomment next line if using RENESAS TSIP */
+/* #define WOLFSSL_RENESAS_TSIP */
+
+/* Uncomment next line if using RENESAS RX64N */
+/* #define WOLFSSL_RENESAS_RX65N */
+
+/* Uncomment next line if using Solaris OS*/
+/* #define WOLFSSL_SOLARIS */
+
+/* Uncomment next line if building for Linux Kernel Module */
+/* #define WOLFSSL_LINUXKM */
+
+/* Uncomment next line if building for devkitPro */
+/* #define DEVKITPRO */
+
+/* Uncomment next line if building for Dolphin Emulator */
+/* #define DOLPHIN_EMULATOR */
+
+#include <wolfssl/wolfcrypt/visibility.h>
+
+#ifdef WOLFSSL_USER_SETTINGS
+ #include "user_settings.h"
+#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
+ /* STM Configuration File (generated by CubeMX) */
+ #include "wolfSSL.I-CUBE-wolfSSL_conf.h"
+#endif
+
+/* make sure old RNG name is used with CTaoCrypt FIPS */
+#ifdef HAVE_FIPS
+ #if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
+ #define WC_RNG RNG
+ #else
+ #ifndef WOLFSSL_STM32L4
+ #define RNG WC_RNG
+ #endif
+ #endif
+ /* blinding adds API not available yet in FIPS mode */
+ #undef WC_RSA_BLINDING
+#endif
+
+
+#if defined(_WIN32) && !defined(_M_X64) && \
+ defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI)
+
+/* The _M_X64 macro is what's used in the headers for MSC to tell if it
+ * has the 64-bit versions of the 128-bit integers available. If one is
+ * building on 32-bit Windows with AES-NI, turn off the AES-GCMloop
+ * unrolling. */
+
+ #define AES_GCM_AESNI_NO_UNROLL
+#endif
+
+#ifdef IPHONE
+ #define SIZEOF_LONG_LONG 8
+#endif
+
+#ifdef THREADX
+ #define SIZEOF_LONG_LONG 8
+#endif
+
+#ifdef HAVE_NETX
+ #ifdef NEED_THREADX_TYPES
+ #include <types.h>
+ #endif
+ #include <nx_api.h>
+#endif
+
+#if defined(WOLFSSL_ESPIDF)
+ #define FREERTOS
+ #define WOLFSSL_LWIP
+ #define NO_WRITEV
+ #define SIZEOF_LONG_LONG 8
+ #define NO_WOLFSSL_DIR
+ #define WOLFSSL_NO_CURRDIR
+
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+ #define WC_RSA_BLINDING
+
+#if defined(WOLFSSL_ESPWROOM32) || defined(WOLFSSL_ESPWROOM32SE)
+ #ifndef NO_ESP32WROOM32_CRYPT
+ #define WOLFSSL_ESP32WROOM32_CRYPT
+ #if defined(ESP32_USE_RSA_PRIMITIVE) && \
+ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI)
+ #define WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI
+ #define USE_FAST_MATH
+ #define WOLFSSL_SMALL_STACK
+ #endif
+ #endif
+#endif
+#endif /* WOLFSSL_ESPIDF */
+
+#if defined(WOLFSSL_RENESAS_TSIP)
+ #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
+ #define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */
+ #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */
+ #if !defined(NO_RENESAS_TSIP_CRYPT) && defined(WOLFSSL_RENESAS_RX65N)
+ #define WOLFSSL_RENESAS_TSIP_CRYPT
+ #define WOLFSSL_RENESAS_TSIP_TLS
+ #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
+ #endif
+#endif
+
+#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3)
+ /* settings in user_settings.h */
+#endif
+
+#if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */
+ #define WOLFSSL_LWIP
+ #define NO_WRITEV
+ #define SINGLE_THREADED
+ #define WOLFSSL_USER_IO
+ #define NO_FILESYSTEM
+#endif
+
+#if defined(WOLFSSL_CONTIKI)
+ #include <contiki.h>
+ #define WOLFSSL_UIP
+ #define NO_WOLFSSL_MEMORY
+ #define NO_WRITEV
+ #define SINGLE_THREADED
+ #define WOLFSSL_USER_IO
+ #define NO_FILESYSTEM
+ #define CUSTOM_RAND_TYPE uint16_t
+ #define CUSTOM_RAND_GENERATE random_rand
+ static inline word32 LowResTimer(void)
+ {
+ return clock_seconds();
+ }
+#endif
+
+#if defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_ROWLEY_ARM)
+ #define NO_MAIN_DRIVER
+ #define SINGLE_THREADED
+ #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096)
+ #define USE_CERT_BUFFERS_1024
+ #endif
+ #define BENCH_EMBEDDED
+ #define NO_FILESYSTEM
+ #define NO_WRITEV
+ #define WOLFSSL_USER_IO
+ #define BENCH_EMBEDDED
+#endif
+
+#ifdef MICROCHIP_PIC32
+ /* #define WOLFSSL_MICROCHIP_PIC32MZ */
+ #define SIZEOF_LONG_LONG 8
+ #define SINGLE_THREADED
+ #ifndef MICROCHIP_TCPIP_BSD_API
+ #define WOLFSSL_USER_IO
+ #endif
+ #define NO_WRITEV
+ #define NO_DEV_RANDOM
+ #define NO_FILESYSTEM
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define NO_BIG_INT
+#endif
+
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+ #define WOLFSSL_HAVE_MIN
+ #define WOLFSSL_HAVE_MAX
+
+ #ifndef NO_PIC32MZ_CRYPT
+ #define WOLFSSL_PIC32MZ_CRYPT
+ #endif
+ #ifndef NO_PIC32MZ_RNG
+ #define WOLFSSL_PIC32MZ_RNG
+ #endif
+ #ifndef NO_PIC32MZ_HASH
+ #define WOLFSSL_PIC32MZ_HASH
+ #endif
+#endif
+
+#ifdef MICROCHIP_TCPIP_V5
+ /* include timer functions */
+ #include "TCPIP Stack/TCPIP.h"
+#endif
+
+#ifdef MICROCHIP_TCPIP
+ /* include timer, NTP functions */
+ #ifdef MICROCHIP_MPLAB_HARMONY
+ #include "tcpip/tcpip.h"
+ #else
+ #include "system/system_services.h"
+ #include "tcpip/sntp.h"
+ #endif
+#endif
+
+#ifdef WOLFSSL_ATECC508A
+ /* backwards compatibility */
+#ifndef WOLFSSL_ATECC_NO_ECDH_ENC
+ #define WOLFSSL_ATECC_ECDH_ENC
+#endif
+ #ifdef WOLFSSL_ATECC508A_DEBUG
+ #define WOLFSSL_ATECC_DEBUG
+ #endif
+#endif
+
+#ifdef MBED
+ #define WOLFSSL_USER_IO
+ #define NO_FILESYSTEM
+ #define NO_CERTS
+ #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096)
+ #define USE_CERT_BUFFERS_1024
+ #endif
+ #define NO_WRITEV
+ #define NO_DEV_RANDOM
+ #define NO_SHA512
+ #define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
+ #define NO_DSA
+ #define NO_HC128
+ #define HAVE_ECC
+ #define NO_SESSION_CACHE
+ #define WOLFSSL_CMSIS_RTOS
+#endif
+
+
+#ifdef WOLFSSL_EROAD
+ #define FREESCALE_MQX
+ #define FREESCALE_MMCAU
+ #define SINGLE_THREADED
+ #define NO_STDIO_FILESYSTEM
+ #define WOLFSSL_LEANPSK
+ #define HAVE_NULL_CIPHER
+ #define NO_OLD_TLS
+ #define NO_ASN
+ #define NO_BIG_INT
+ #define NO_RSA
+ #define NO_DSA
+ #define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
+ #define NO_CERTS
+ #define NO_PWDBASED
+ #define NO_DES3
+ #define NO_MD4
+ #define NO_RC4
+ #define NO_MD5
+ #define NO_SESSION_CACHE
+ #define NO_MAIN_DRIVER
+#endif
+
+#ifdef WOLFSSL_PICOTCP
+ #ifndef errno
+ #define errno pico_err
+ #endif
+ #include "pico_defines.h"
+ #include "pico_stack.h"
+ #include "pico_constants.h"
+ #include "pico_protocol.h"
+ #define CUSTOM_RAND_GENERATE pico_rand
+#endif
+
+#ifdef WOLFSSL_PICOTCP_DEMO
+ #define WOLFSSL_STM32
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define XMALLOC(s, h, type) PICO_ZALLOC((s))
+ #define XFREE(p, h, type) PICO_FREE((p))
+ #define SINGLE_THREADED
+ #define NO_WRITEV
+ #define WOLFSSL_USER_IO
+ #define NO_DEV_RANDOM
+ #define NO_FILESYSTEM
+#endif
+
+#ifdef FREERTOS_WINSIM
+ #define FREERTOS
+ #define USE_WINDOWS_API
+#endif
+
+
+#ifdef WOLFSSL_VXWORKS
+ /* VxWorks simulator incorrectly detects building for i386 */
+ #ifdef VXWORKS_SIM
+ #define TFM_NO_ASM
+ #endif
+ /* For VxWorks pthreads wrappers for mutexes uncomment the next line. */
+ /* #define WOLFSSL_PTHREADS */
+ #define WOLFSSL_HAVE_MIN
+ #define WOLFSSL_HAVE_MAX
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define NO_MAIN_DRIVER
+ #define NO_DEV_RANDOM
+ #define NO_WRITEV
+ #define HAVE_STRINGS_H
+#endif
+
+
+#ifdef WOLFSSL_ARDUINO
+ #define NO_WRITEV
+ #define NO_WOLFSSL_DIR
+ #define SINGLE_THREADED
+ #define NO_DEV_RANDOM
+ #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */
+ #define TIME_OVERRIDES
+ #ifndef XTIME
+ #error "Must define XTIME externally see porting guide"
+ #error "https://www.wolfssl.com/docs/porting-guide/"
+ #endif
+ #ifndef XGMTIME
+ #error "Must define XGMTIME externally see porting guide"
+ #error "https://www.wolfssl.com/docs/porting-guide/"
+ #endif
+ #endif
+ #define WOLFSSL_USER_IO
+ #define HAVE_ECC
+ #define NO_DH
+ #define NO_SESSION_CACHE
+#endif
+
+
+#ifdef WOLFSSL_UTASKER
+ /* uTasker configuration - used for fnRandom() */
+ #include "config.h"
+
+ #define SINGLE_THREADED
+ #define NO_WOLFSSL_DIR
+ #define WOLFSSL_HAVE_MIN
+ #define NO_WRITEV
+
+ #define HAVE_ECC
+ #define ALT_ECC_SIZE
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+
+ /* used in wolfCrypt test */
+ #define NO_MAIN_DRIVER
+ #define USE_CERT_BUFFERS_2048
+
+ /* uTasker port uses RAW sockets, use I/O callbacks
+ * See wolfSSL uTasker example for sample callbacks */
+ #define WOLFSSL_USER_IO
+
+ /* uTasker filesystem not ported */
+ #define NO_FILESYSTEM
+
+ /* uTasker RNG is abstracted, calls HW RNG when available */
+ #define CUSTOM_RAND_GENERATE fnRandom
+ #define CUSTOM_RAND_TYPE unsigned short
+
+ /* user needs to define XTIME to function that provides
+ * seconds since Unix epoch */
+ #ifndef XTIME
+ #error XTIME must be defined in wolfSSL settings.h
+ /* #define XTIME fnSecondsSinceEpoch */
+ #endif
+
+ /* use uTasker std library replacements where available */
+ #define STRING_USER
+ #define XMEMCPY(d,s,l) uMemcpy((d),(s),(l))
+ #define XMEMSET(b,c,l) uMemset((b),(c),(l))
+ #define XMEMCMP(s1,s2,n) uMemcmp((s1),(s2),(n))
+ #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
+
+ #define XSTRLEN(s1) uStrlen((s1))
+ #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
+ #define XSTRSTR(s1,s2) strstr((s1),(s2))
+ #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
+ #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
+ #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
+ #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
+ #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \
+ || defined(HAVE_ALPN)
+ #define XSTRTOK strtok_r
+ #endif
+#endif
+
+#ifdef WOLFSSL_EMBOS
+ #define NO_FILESYSTEM /* Not ported at this time */
+ #define USE_CERT_BUFFERS_2048 /* use when NO_FILESYSTEM */
+ #define NO_MAIN_DRIVER
+ #define NO_RC4
+ #define SINGLE_THREADED /* Not ported at this time */
+#endif
+
+#ifdef WOLFSSL_RIOT_OS
+ #define NO_WRITEV
+ #define TFM_NO_ASM
+ #define NO_FILESYSTEM
+ #define USE_CERT_BUFFERS_2048
+ #if defined(WOLFSSL_GNRC) && !defined(WOLFSSL_DTLS)
+ #define WOLFSSL_DTLS
+ #endif
+#endif
+
+#ifdef WOLFSSL_CHIBIOS
+ /* ChibiOS definitions. This file is distributed with chibiOS. */
+ #include "wolfssl_chibios.h"
+#endif
+
+#ifdef WOLFSSL_PB
+ /* PB is using older 1.2 version of Nucleus */
+ #undef WOLFSSL_NUCLEUS
+ #define WOLFSSL_NUCLEUS_1_2
+#endif
+
+#ifdef WOLFSSL_NUCLEUS_1_2
+ #define NO_WRITEV
+ #define NO_WOLFSSL_DIR
+
+ #if !defined(NO_ASN_TIME) && !defined(USER_TIME)
+ #error User must define XTIME, see manual
+ #endif
+
+ #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
+ extern void* nucleus_malloc(unsigned long size, void* heap, int type);
+ extern void* nucleus_realloc(void* ptr, unsigned long size, void* heap,
+ int type);
+ extern void nucleus_free(void* ptr, void* heap, int type);
+
+ #define XMALLOC(s, h, type) nucleus_malloc((s), (h), (type))
+ #define XREALLOC(p, n, h, t) nucleus_realloc((p), (n), (h), (t))
+ #define XFREE(p, h, type) nucleus_free((p), (h), (type))
+ #endif
+#endif
+
+#ifdef WOLFSSL_NRF5x
+ #define SIZEOF_LONG 4
+ #define SIZEOF_LONG_LONG 8
+ #define NO_DEV_RANDOM
+ #define NO_FILESYSTEM
+ #define NO_MAIN_DRIVER
+ #define NO_WRITEV
+ #define SINGLE_THREADED
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define WOLFSSL_NRF51
+ #define WOLFSSL_USER_IO
+ #define NO_SESSION_CACHE
+#endif
+
+/* Micrium will use Visual Studio for compilation but not the Win32 API */
+#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
+ !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
+ !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
+ #define USE_WINDOWS_API
+#endif
+
+#if defined(WOLFSSL_uITRON4)
+
+#define XMALLOC_USER
+#include <stddef.h>
+#define ITRON_POOL_SIZE 1024*20
+extern int uITRON4_minit(size_t poolsz) ;
+extern void *uITRON4_malloc(size_t sz) ;
+extern void *uITRON4_realloc(void *p, size_t sz) ;
+extern void uITRON4_free(void *p) ;
+
+#define XMALLOC(sz, heap, type) uITRON4_malloc(sz)
+#define XREALLOC(p, sz, heap, type) uITRON4_realloc(p, sz)
+#define XFREE(p, heap, type) uITRON4_free(p)
+#endif
+
+#if defined(WOLFSSL_uTKERNEL2)
+ #ifndef NO_TKERNEL_MEM_POOL
+ #define XMALLOC_OVERRIDE
+ int uTKernel_init_mpool(unsigned int sz); /* initializing malloc pool */
+ void* uTKernel_malloc(unsigned int sz);
+ void* uTKernel_realloc(void *p, unsigned int sz);
+ void uTKernel_free(void *p);
+ #define XMALLOC(s, h, type) uTKernel_malloc((s))
+ #define XREALLOC(p, n, h, t) uTKernel_realloc((p), (n))
+ #define XFREE(p, h, type) uTKernel_free((p))
+ #endif
+
+ #ifndef NO_STDIO_FGETS_REMAP
+ #include <stdio.h>
+ #include "tm/tmonitor.h"
+
+ /* static char* gets(char *buff); */
+ static char* fgets(char *buff, int sz, XFILE fp) {
+ char * s = buff;
+ *s = '\0';
+ while (1) {
+ *s = tm_getchar(-1);
+ tm_putchar(*s);
+ if (*s == '\r') {
+ tm_putchar('\n');
+ *s = '\0';
+ break;
+ }
+ s++;
+ }
+ return buff;
+ }
+ #endif /* !NO_STDIO_FGETS_REMAP */
+#endif
+
+
+#if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \
+ !defined(NO_WOLFSSL_MEMORY)
+ #include <stdlib.h>
+ #define XMALLOC(s, h, type) malloc((s))
+ #define XFREE(p, h, type) free((p))
+ #define XREALLOC(p, n, h, t) realloc((p), (n))
+#endif
+
+#if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
+ #undef XMALLOC
+ #define XMALLOC yaXMALLOC
+ #undef XFREE
+ #define XFREE yaXFREE
+ #undef XREALLOC
+ #define XREALLOC yaXREALLOC
+#endif
+
+
+#ifdef FREERTOS
+ #include "FreeRTOS.h"
+
+ #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
+ !defined(WOLFSSL_STATIC_MEMORY)
+ #define XMALLOC(s, h, type) pvPortMalloc((s))
+ #define XFREE(p, h, type) vPortFree((p))
+ /* FreeRTOS pvPortRealloc() implementation can be found here:
+ https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
+ #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || \
+ defined(HAVE_ED448)
+ #if defined(WOLFSSL_ESPIDF)
+ /*In IDF, realloc(p, n) is equivalent to
+ heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */
+ #define XREALLOC(p, n, h, t) realloc((p), (n))
+ #else
+ #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
+ #endif
+ #endif
+ #endif
+
+ #ifndef NO_WRITEV
+ #define NO_WRITEV
+ #endif
+ #ifndef HAVE_SHA512
+ #ifndef NO_SHA512
+ #define NO_SHA512
+ #endif
+ #endif
+ #ifndef HAVE_DH
+ #ifndef NO_DH
+ #define NO_DH
+ #endif
+ #endif
+ #ifndef NO_DSA
+ #define NO_DSA
+ #endif
+ #ifndef NO_HC128
+ #define NO_HC128
+ #endif
+
+ #ifndef SINGLE_THREADED
+ #include "semphr.h"
+ #endif
+#endif
+
+#ifdef FREERTOS_TCP
+ #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \
+ !defined(WOLFSSL_STATIC_MEMORY)
+ #define XMALLOC(s, h, type) pvPortMalloc((s))
+ #define XFREE(p, h, type) vPortFree((p))
+ #endif
+
+ #define WOLFSSL_GENSEED_FORTEST
+
+ #define NO_WOLFSSL_DIR
+ #define NO_WRITEV
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define NO_MAIN_DRIVER
+#endif
+
+#ifdef WOLFSSL_TIRTOS
+ #define SIZEOF_LONG_LONG 8
+ #define NO_WRITEV
+ #define NO_WOLFSSL_DIR
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+ #define WC_RSA_BLINDING
+ #define NO_DEV_RANDOM
+ #define NO_FILESYSTEM
+ #define USE_CERT_BUFFERS_2048
+ #define NO_ERROR_STRINGS
+ /* Uncomment this setting if your toolchain does not offer time.h header */
+ /* #define USER_TIME */
+ #define HAVE_ECC
+ #define HAVE_ALPN
+ #define USE_WOLF_STRTOK /* use with HAVE_ALPN */
+ #define HAVE_TLS_EXTENSIONS
+ #define HAVE_AESGCM
+ #ifdef WOLFSSL_TI_CRYPT
+ #define NO_GCM_ENCRYPT_EXTRA
+ #define NO_PUBLIC_GCM_SET_IV
+ #define NO_PUBLIC_CCM_SET_NONCE
+ #endif
+ #define HAVE_SUPPORTED_CURVES
+ #define ALT_ECC_SIZE
+
+ #ifdef __IAR_SYSTEMS_ICC__
+ #pragma diag_suppress=Pa089
+ #elif !defined(__GNUC__)
+ /* Suppress the sslpro warning */
+ #pragma diag_suppress=11
+ #endif
+
+ #include <ti/sysbios/hal/Seconds.h>
+#endif
+
+#ifdef EBSNET
+ #include "rtip.h"
+
+ /* #define DEBUG_WOLFSSL */
+ #define NO_WOLFSSL_DIR /* tbd */
+
+ #if (POLLOS)
+ #define SINGLE_THREADED
+ #endif
+
+ #if (RTPLATFORM)
+ #if (!RTP_LITTLE_ENDIAN)
+ #define BIG_ENDIAN_ORDER
+ #endif
+ #else
+ #if (!KS_LITTLE_ENDIAN)
+ #define BIG_ENDIAN_ORDER
+ #endif
+ #endif
+
+ #if (WINMSP3)
+ #undef SIZEOF_LONG
+ #define SIZEOF_LONG_LONG 8
+ #else
+ #if !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
+ #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG
+ #endif
+ #endif
+
+ #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC))
+ #define XFREE(p, h, type) (rtp_free(p))
+ #define XREALLOC(p, n, h, t) (rtp_realloc((p), (n)))
+
+ #if (WINMSP3)
+ #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
+ #else
+ #ifndef XSTRNCASECMP
+ #error settings.h - please implement XSTRNCASECMP - needed for HAVE_ECC
+ #endif
+ #endif
+
+ #define WOLFSSL_HAVE_MAX
+ #define WOLFSSL_HAVE_MIN
+
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define WC_RSA_BLINDING
+ #define ECC_TIMING_RESISTANT
+
+ #define HAVE_ECC
+
+#endif /* EBSNET */
+
+#ifdef WOLFSSL_GAME_BUILD
+ #define SIZEOF_LONG_LONG 8
+ #if defined(__PPU) || defined(__XENON)
+ #define BIG_ENDIAN_ORDER
+ #endif
+#endif
+
+#ifdef WOLFSSL_LSR
+ #define HAVE_WEBSERVER
+ #define SIZEOF_LONG_LONG 8
+ #define WOLFSSL_LOW_MEMORY
+ #define NO_WRITEV
+ #define NO_SHA512
+ #define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
+ #define NO_DSA
+ #define NO_HC128
+ #define NO_DEV_RANDOM
+ #define NO_WOLFSSL_DIR
+ #define NO_RABBIT
+ #ifndef NO_FILESYSTEM
+ #define LSR_FS
+ #include "inc/hw_types.h"
+ #include "fs.h"
+ #endif
+ #define WOLFSSL_LWIP
+ #include <errno.h> /* for tcp errno */
+ #define WOLFSSL_SAFERTOS
+ #if defined(__IAR_SYSTEMS_ICC__)
+ /* enum uses enum */
+ #pragma diag_suppress=Pa089
+ #endif
+#endif
+
+#ifdef WOLFSSL_SAFERTOS
+ #ifndef SINGLE_THREADED
+ #include "SafeRTOS/semphr.h"
+ #endif
+ #ifndef WOLFSSL_NO_MALLOC
+ #include "SafeRTOS/heap.h"
+ #endif
+ #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
+ !defined(WOLFSSL_STATIC_MEMORY)
+ #define XMALLOC(s, h, type) pvPortMalloc((s))
+ #define XFREE(p, h, type) vPortFree((p))
+
+ /* FreeRTOS pvPortRealloc() implementation can be found here:
+ https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
+ #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || \
+ defined(HAVE_ED448)
+ #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
+ #endif
+ #endif
+#endif
+
+#ifdef WOLFSSL_LOW_MEMORY
+ #undef RSA_LOW_MEM
+ #define RSA_LOW_MEM
+ #undef WOLFSSL_SMALL_STACK
+ #define WOLFSSL_SMALL_STACK
+ #undef TFM_TIMING_RESISTANT
+ #define TFM_TIMING_RESISTANT
+#endif
+
+/* To support storing some of the large constant tables in flash memory rather than SRAM.
+ Useful for processors that have limited SRAM, such as the AVR family of microtrollers. */
+#ifdef WOLFSSL_USE_FLASHMEM
+ /* This is supported on the avr-gcc compiler, for more information see:
+ https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html */
+ #define FLASH_QUALIFIER __flash
+
+ /* Copy data out of flash memory and into SRAM */
+ #define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
+#else
+ #define FLASH_QUALIFIER
+#endif
+
+#ifdef FREESCALE_MQX_5_0
+ /* use normal Freescale MQX port, but with minor changes for 5.0 */
+ #define FREESCALE_MQX
+#endif
+
+#ifdef FREESCALE_MQX_4_0
+ /* use normal Freescale MQX port, but with minor changes for 4.0 */
+ #define FREESCALE_MQX
+#endif
+
+#ifdef FREESCALE_MQX
+ #define FREESCALE_COMMON
+ #include "mqx.h"
+ #ifndef NO_FILESYSTEM
+ #include "mfs.h"
+ #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \
+ defined(FREESCALE_MQX_5_0)
+ #include "fio.h"
+ #define NO_STDIO_FILESYSTEM
+ #else
+ #include "nio.h"
+ #endif
+ #endif
+ #ifndef SINGLE_THREADED
+ #include "mutex.h"
+ #endif
+
+ #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
+ #define XMALLOC_OVERRIDE
+ #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s))
+ #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));}
+ /* Note: MQX has no realloc, using fastmath above */
+ #endif
+ #ifdef USE_FAST_MATH
+ /* Undef first to avoid re-definition if user_settings.h defines */
+ #undef TFM_TIMING_RESISTANT
+ #define TFM_TIMING_RESISTANT
+ #undef ECC_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+ #undef WC_RSA_BLINDING
+ #define WC_RSA_BLINDING
+ #endif
+#endif
+
+#ifdef FREESCALE_KSDK_MQX
+ #define FREESCALE_COMMON
+ #include <mqx.h>
+ #ifndef NO_FILESYSTEM
+ #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \
+ defined(FREESCALE_MQX_5_0)
+ #include <fio.h>
+ #else
+ #include <stdio.h>
+ #include <nio.h>
+ #endif
+ #endif
+ #ifndef SINGLE_THREADED
+ #include <mutex.h>
+ #endif
+
+ #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s))
+ #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));}
+ #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */
+
+ #define MQX_FILE_PTR FILE *
+ #define IO_SEEK_SET SEEK_SET
+ #define IO_SEEK_END SEEK_END
+#endif /* FREESCALE_KSDK_MQX */
+
+#if defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
+ #define NO_FILESYSTEM
+ #define WOLFSSL_CRYPT_HW_MUTEX 1
+
+ #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
+ #define XMALLOC(s, h, type) pvPortMalloc((s))
+ #define XFREE(p, h, type) vPortFree((p))
+ #endif
+
+ //#define USER_TICKS
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
+ #define WOLFSSL_LWIP
+ #define FREERTOS_TCP
+
+ #define FREESCALE_FREE_RTOS
+ #define FREERTOS_SOCKET_ERROR ( -1 )
+ #define FREERTOS_EWOULDBLOCK ( -2 )
+ #define FREERTOS_EINVAL ( -4 )
+ #define FREERTOS_EADDRNOTAVAIL ( -5 )
+ #define FREERTOS_EADDRINUSE ( -6 )
+ #define FREERTOS_ENOBUFS ( -7 )
+ #define FREERTOS_ENOPROTOOPT ( -8 )
+#endif /* FREESCALE_FREE_RTOS || FREESCALE_KSDK_FREERTOS */
+
+#ifdef FREESCALE_KSDK_BM
+ #define FREESCALE_COMMON
+ #define WOLFSSL_USER_IO
+ #define SINGLE_THREADED
+ #define NO_FILESYSTEM
+ #ifndef TIME_OVERRIDES
+ #define USER_TICKS
+ #endif
+#endif /* FREESCALE_KSDK_BM */
+
+#ifdef FREESCALE_COMMON
+ #define SIZEOF_LONG_LONG 8
+
+ /* disable features */
+ #undef NO_WRITEV
+ #define NO_WRITEV
+ #undef NO_DEV_RANDOM
+ #define NO_DEV_RANDOM
+ #undef NO_RABBIT
+ #define NO_RABBIT
+ #undef NO_WOLFSSL_DIR
+ #define NO_WOLFSSL_DIR
+ #undef NO_RC4
+ #define NO_RC4
+
+ /* enable features */
+ #undef USE_FAST_MATH
+ #define USE_FAST_MATH
+
+ #define USE_CERT_BUFFERS_2048
+ #define BENCH_EMBEDDED
+
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+
+ #undef HAVE_ECC
+ #ifndef WOLFCRYPT_FIPS_RAND
+ #define HAVE_ECC
+ #endif
+ #ifndef NO_AES
+ #undef HAVE_AESCCM
+ #define HAVE_AESCCM
+ #undef HAVE_AESGCM
+ #define HAVE_AESGCM
+ #undef WOLFSSL_AES_COUNTER
+ #define WOLFSSL_AES_COUNTER
+ #undef WOLFSSL_AES_DIRECT
+ #define WOLFSSL_AES_DIRECT
+ #endif
+
+ #ifdef FREESCALE_KSDK_1_3
+ #include "fsl_device_registers.h"
+ #elif !defined(FREESCALE_MQX)
+ /* Classic MQX does not have fsl_common.h */
+ #include "fsl_common.h"
+ #endif
+
+ /* random seed */
+ #define NO_OLD_RNGNAME
+ #if defined(FREESCALE_NO_RNG)
+ /* nothing to define */
+ #elif defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0)
+ #define FREESCALE_KSDK_2_0_TRNG
+ #elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0)
+ #ifdef FREESCALE_KSDK_1_3
+ #include "fsl_rnga_driver.h"
+ #define FREESCALE_RNGA
+ #define RNGA_INSTANCE (0)
+ #else
+ #define FREESCALE_KSDK_2_0_RNGA
+ #endif
+ #elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS) && !defined(FREESCALE_KSDK_FREERTOS)
+ #define FREESCALE_RNGA
+ #define RNGA_INSTANCE (0)
+ /* defaulting to K70 RNGA, user should change if different */
+ /* #define FREESCALE_K53_RNGB */
+ #define FREESCALE_K70_RNGA
+ #endif
+
+ /* HW crypto */
+ /* automatic enable based on Kinetis feature */
+ /* if case manual selection is required, for example for benchmarking purposes,
+ * just define FREESCALE_USE_MMCAU or FREESCALE_USE_LTC or none of these two macros (for software only)
+ * both can be enabled simultaneously as LTC has priority over MMCAU in source code.
+ */
+ /* #define FSL_HW_CRYPTO_MANUAL_SELECTION */
+ #ifndef FSL_HW_CRYPTO_MANUAL_SELECTION
+ #if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && FSL_FEATURE_SOC_MMCAU_COUNT
+ #define FREESCALE_USE_MMCAU
+ #endif
+
+ #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT
+ #define FREESCALE_USE_LTC
+ #endif
+ #else
+ /* #define FREESCALE_USE_MMCAU */
+ /* #define FREESCALE_USE_LTC */
+ #endif
+#endif /* FREESCALE_COMMON */
+
+/* Classic pre-KSDK mmCAU library */
+#ifdef FREESCALE_USE_MMCAU_CLASSIC
+ #define FREESCALE_USE_MMCAU
+ #define FREESCALE_MMCAU_CLASSIC
+ #define FREESCALE_MMCAU_CLASSIC_SHA
+#endif
+
+/* KSDK mmCAU library */
+#ifdef FREESCALE_USE_MMCAU
+ /* AES and DES */
+ #define FREESCALE_MMCAU
+ /* MD5, SHA-1 and SHA-256 */
+ #define FREESCALE_MMCAU_SHA
+#endif /* FREESCALE_USE_MMCAU */
+
+#ifdef FREESCALE_USE_LTC
+ #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT
+ #define FREESCALE_LTC
+ #define LTC_BASE LTC0
+
+ #if defined(FSL_FEATURE_LTC_HAS_DES) && FSL_FEATURE_LTC_HAS_DES
+ #define FREESCALE_LTC_DES
+ #endif
+
+ #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM
+ #define FREESCALE_LTC_AES_GCM
+ #endif
+
+ #if defined(FSL_FEATURE_LTC_HAS_SHA) && FSL_FEATURE_LTC_HAS_SHA
+ #define FREESCALE_LTC_SHA
+ #endif
+
+ #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA
+ #ifndef WOLFCRYPT_FIPS_RAND
+ #define FREESCALE_LTC_ECC
+ #endif
+ #define FREESCALE_LTC_TFM
+
+ /* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic.
+ the LTC_MAX_INT_BYTES defines the size of local variables that hold big integers. */
+ /* size is multiplication of 2 big ints */
+ #if !defined(NO_RSA) || !defined(NO_DH)
+ #define LTC_MAX_INT_BYTES (256*2)
+ #else
+ #define LTC_MAX_INT_BYTES (48*2)
+ #endif
+
+ /* This FREESCALE_LTC_TFM_RSA_4096_ENABLE macro can be defined.
+ * In such a case both software and hardware algorithm
+ * for TFM is linked in. The decision for which algorithm is used is determined at runtime
+ * from size of inputs. If inputs and result can fit into LTC (see LTC_MAX_INT_BYTES)
+ * then we call hardware algorithm, otherwise we call software algorithm.
+ *
+ * Chinese reminder theorem is used to break RSA 4096 exponentiations (both public and private key)
+ * into several computations with 2048-bit modulus and exponents.
+ */
+ /* #define FREESCALE_LTC_TFM_RSA_4096_ENABLE */
+
+ /* ECC-384, ECC-256, ECC-224 and ECC-192 have been enabled with LTC PKHA acceleration */
+ #ifdef HAVE_ECC
+ #undef ECC_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+
+ /* the LTC PKHA hardware limit is 512 bits (64 bytes) for ECC.
+ the LTC_MAX_ECC_BITS defines the size of local variables that hold ECC parameters
+ and point coordinates */
+ #ifndef LTC_MAX_ECC_BITS
+ #define LTC_MAX_ECC_BITS (384)
+ #endif
+
+ /* Enable curves up to 384 bits */
+ #if !defined(ECC_USER_CURVES) && !defined(HAVE_ALL_CURVES)
+ #define ECC_USER_CURVES
+ #define HAVE_ECC192
+ #define HAVE_ECC224
+ #undef NO_ECC256
+ #define HAVE_ECC384
+ #endif
+ #endif
+ #endif
+ #endif
+#endif /* FREESCALE_USE_LTC */
+
+#ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE
+ #undef USE_CERT_BUFFERS_4096
+ #define USE_CERT_BUFFERS_4096
+ #undef FP_MAX_BITS
+ #define FP_MAX_BITS (8192)
+ #undef SP_INT_BITS
+ #define SP_INT_BITS (4096)
+
+ #undef NO_DH
+ #define NO_DH
+ #undef NO_DSA
+ #define NO_DSA
+#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
+
+/* if LTC has AES engine but doesn't have GCM, use software with LTC AES ECB mode */
+#if defined(FREESCALE_USE_LTC) && !defined(FREESCALE_LTC_AES_GCM)
+ #define GCM_TABLE
+#endif
+
+#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
+ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
+ defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
+ defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
+ defined(WOLFSSL_STM32G0)
+
+ #define SIZEOF_LONG_LONG 8
+ #ifndef CHAR_BIT
+ #define CHAR_BIT 8
+ #endif
+ #define NO_DEV_RANDOM
+ #define NO_WOLFSSL_DIR
+ #undef NO_RABBIT
+ #define NO_RABBIT
+ #ifndef NO_STM32_RNG
+ #undef STM32_RNG
+ #define STM32_RNG
+ #ifdef WOLFSSL_STM32F427_RNG
+ #include "stm32f427xx.h"
+ #endif
+ #endif
+ #ifndef NO_STM32_CRYPTO
+ #undef STM32_CRYPTO
+ #define STM32_CRYPTO
+
+ #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
+ defined(WOLFSSL_STM32WB)
+ #define NO_AES_192 /* hardware does not support 192-bit */
+ #endif
+ #endif
+ #ifndef NO_STM32_HASH
+ #undef STM32_HASH
+ #define STM32_HASH
+ #endif
+ #if !defined(__GNUC__) && !defined(__ICCARM__)
+ #define KEIL_INTRINSICS
+ #endif
+ #define NO_OLD_RNGNAME
+ #ifdef WOLFSSL_STM32_CUBEMX
+ #if defined(WOLFSSL_STM32F1)
+ #include "stm32f1xx_hal.h"
+ #elif defined(WOLFSSL_STM32F2)
+ #include "stm32f2xx_hal.h"
+ #elif defined(WOLFSSL_STM32L5)
+ #include "stm32l5xx_hal.h"
+ #elif defined(WOLFSSL_STM32L4)
+ #include "stm32l4xx_hal.h"
+ #elif defined(WOLFSSL_STM32F4)
+ #include "stm32f4xx_hal.h"
+ #elif defined(WOLFSSL_STM32F7)
+ #include "stm32f7xx_hal.h"
+ #elif defined(WOLFSSL_STM32F1)
+ #include "stm32f1xx_hal.h"
+ #elif defined(WOLFSSL_STM32H7)
+ #include "stm32h7xx_hal.h"
+ #elif defined(WOLFSSL_STM32WB)
+ #include "stm32wbxx_hal.h"
+ #elif defined(WOLFSSL_STM32G0)
+ #include "stm32g0xx_hal.h"
+ #endif
+ #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
+ #include "stm32l4xx_ll_rng.h"
+ #endif
+
+ #ifndef STM32_HAL_TIMEOUT
+ #define STM32_HAL_TIMEOUT 0xFF
+ #endif
+ #else
+ #if defined(WOLFSSL_STM32F2)
+ #include "stm32f2xx.h"
+ #ifdef STM32_CRYPTO
+ #include "stm32f2xx_cryp.h"
+ #endif
+ #ifdef STM32_HASH
+ #include "stm32f2xx_hash.h"
+ #endif
+ #elif defined(WOLFSSL_STM32F4)
+ #include "stm32f4xx.h"
+ #ifdef STM32_CRYPTO
+ #include "stm32f4xx_cryp.h"
+ #endif
+ #ifdef STM32_HASH
+ #include "stm32f4xx_hash.h"
+ #endif
+ #elif defined(WOLFSSL_STM32L5)
+ #include "stm32l5xx.h"
+ #ifdef STM32_CRYPTO
+ #include "stm32l5xx_cryp.h"
+ #endif
+ #ifdef STM32_HASH
+ #include "stm32l5xx_hash.h"
+ #endif
+ #elif defined(WOLFSSL_STM32L4)
+ #include "stm32l4xx.h"
+ #ifdef STM32_CRYPTO
+ #include "stm32l4xx_cryp.h"
+ #endif
+ #ifdef STM32_HASH
+ #include "stm32l4xx_hash.h"
+ #endif
+ #elif defined(WOLFSSL_STM32F7)
+ #include "stm32f7xx.h"
+ #elif defined(WOLFSSL_STM32H7)
+ #include "stm32h7xx.h"
+ #elif defined(WOLFSSL_STM32F1)
+ #include "stm32f1xx.h"
+ #endif
+ #endif /* WOLFSSL_STM32_CUBEMX */
+#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
+ WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
+ WOLFSSL_STM32H7 || WOLFSSL_STM32G0 */
+#ifdef WOLFSSL_DEOS
+ #include <deos.h>
+ #include <timeout.h>
+ #include <socketapi.h>
+ #include <lwip-socket.h>
+ #include <mem.h>
+ #include <string.h>
+ #include <stdlib.h> /* for rand_r: pseudo-random number generator */
+ #include <stdio.h> /* for snprintf */
+
+ /* use external memory XMALLOC, XFREE and XREALLOC functions */
+ #define XMALLOC_USER
+
+ /* disable fall-back case, malloc, realloc and free are unavailable */
+ #define WOLFSSL_NO_MALLOC
+
+ /* file system has not been ported since it is a separate product. */
+
+ #define NO_FILESYSTEM
+
+ #ifdef NO_FILESYSTEM
+ #define NO_WOLFSSL_DIR
+ #define NO_WRITEV
+ #endif
+
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+ #define WC_RSA_BLINDING
+
+ #define HAVE_ECC
+ #define TFM_ECC192
+ #define TFM_ECC224
+ #define TFM_ECC256
+ #define TFM_ECC384
+ #define TFM_ECC521
+
+ #define HAVE_TLS_EXTENSIONS
+ #define HAVE_SUPPORTED_CURVES
+ #define HAVE_EXTENDED_MASTER
+
+ #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
+ #define BIG_ENDIAN_ORDER
+ #else
+ #undef BIG_ENDIAN_ORDER
+ #define LITTLE_ENDIAN_ORDER
+ #endif
+#endif /* WOLFSSL_DEOS*/
+
+#ifdef MICRIUM
+ #include <stdlib.h>
+ #include <os.h>
+ #if defined(RTOS_MODULE_NET_AVAIL) || (APP_CFG_TCPIP_EN == DEF_ENABLED)
+ #include <net_cfg.h>
+ #include <net_sock.h>
+ #if (OS_VERSION < 50000)
+ #include <net_err.h>
+ #endif
+ #endif
+ #include <lib_mem.h>
+ #include <lib_math.h>
+ #include <lib_str.h>
+ #include <stdio.h>
+ #include <string.h>
+
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+ #define WC_RSA_BLINDING
+ #define HAVE_HASHDRBG
+
+ #define HAVE_ECC
+ #define ALT_ECC_SIZE
+ #define TFM_ECC192
+ #define TFM_ECC224
+ #define TFM_ECC256
+ #define TFM_ECC384
+ #define TFM_ECC521
+
+ #define NO_RC4
+ #define HAVE_TLS_EXTENSIONS
+ #define HAVE_SUPPORTED_CURVES
+ #define HAVE_EXTENDED_MASTER
+
+ #define NO_WOLFSSL_DIR
+ #define NO_WRITEV
+
+ #if ! defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(CUSTOM_RAND_GENERATE)
+ #define CUSTOM_RAND_TYPE RAND_NBR
+ #define CUSTOM_RAND_GENERATE Math_Rand
+ #endif
+ #define STRING_USER
+ #define XSTRLEN(pstr) ((CPU_SIZE_T)Str_Len((CPU_CHAR *)(pstr)))
+ #define XSTRNCPY(pstr_dest, pstr_src, len_max) \
+ ((CPU_CHAR *)Str_Copy_N((CPU_CHAR *)(pstr_dest), \
+ (CPU_CHAR *)(pstr_src), (CPU_SIZE_T)(len_max)))
+ #define XSTRNCMP(pstr_1, pstr_2, len_max) \
+ ((CPU_INT16S)Str_Cmp_N((CPU_CHAR *)(pstr_1), \
+ (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
+ #define XSTRNCASECMP(pstr_1, pstr_2, len_max) \
+ ((CPU_INT16S)Str_CmpIgnoreCase_N((CPU_CHAR *)(pstr_1), \
+ (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
+ #define XSTRSTR(pstr, pstr_srch) \
+ ((CPU_CHAR *)Str_Str((CPU_CHAR *)(pstr), \
+ (CPU_CHAR *)(pstr_srch)))
+ #define XSTRNSTR(pstr, pstr_srch, len_max) \
+ ((CPU_CHAR *)Str_Str_N((CPU_CHAR *)(pstr), \
+ (CPU_CHAR *)(pstr_srch),(CPU_SIZE_T)(len_max)))
+ #define XSTRNCAT(pstr_dest, pstr_cat, len_max) \
+ ((CPU_CHAR *)Str_Cat_N((CPU_CHAR *)(pstr_dest), \
+ (const CPU_CHAR *)(pstr_cat),(CPU_SIZE_T)(len_max)))
+ #define XMEMSET(pmem, data_val, size) \
+ ((void)Mem_Set((void *)(pmem), \
+ (CPU_INT08U) (data_val), \
+ (CPU_SIZE_T)(size)))
+ #define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \
+ (void *)(psrc), (CPU_SIZE_T)(size)))
+
+ #if (OS_VERSION < 50000)
+ #define XMEMCMP(pmem_1, pmem_2, size) \
+ (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \
+ (void *)(pmem_2), \
+ (CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES)
+ #else
+ /* Work around for Micrium OS version 5.8 change in behavior
+ * that returns DEF_NO for 0 size compare
+ */
+ #define XMEMCMP(pmem_1, pmem_2, size) \
+ (( (size < 1 ) || \
+ ((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \
+ (void *)(pmem_2), \
+ (CPU_SIZE_T)(size)) == DEF_YES)) \
+ ? 0 : 1)
+ #define XSNPRINTF snprintf
+ #endif
+
+ #define XMEMMOVE XMEMCPY
+
+ #if (OS_CFG_MUTEX_EN == DEF_DISABLED)
+ #define SINGLE_THREADED
+ #endif
+
+ #if (CPU_CFG_ENDIAN_TYPE == CPU_ENDIAN_TYPE_BIG)
+ #define BIG_ENDIAN_ORDER
+ #else
+ #undef BIG_ENDIAN_ORDER
+ #define LITTLE_ENDIAN_ORDER
+ #endif
+#endif /* MICRIUM */
+
+#if defined(sun) || defined(__sun)
+# if defined(__SVR4) || defined(__svr4__)
+ /* Solaris */
+ #ifndef WOLFSSL_SOLARIS
+ #define WOLFSSL_SOLARIS
+ #endif
+# else
+ /* SunOS */
+# endif
+#endif
+
+#ifdef WOLFSSL_SOLARIS
+ /* Avoid naming clash with fp_zero from math.h > ieefp.h */
+ #define WOLFSSL_DH_CONST
+#endif
+
+#ifdef WOLFSSL_MCF5441X
+ #define BIG_ENDIAN_ORDER
+ #ifndef SIZEOF_LONG
+ #define SIZEOF_LONG 4
+ #endif
+ #ifndef SIZEOF_LONG_LONG
+ #define SIZEOF_LONG_LONG 8
+ #endif
+#endif
+
+#ifdef WOLFSSL_QL
+ #ifndef WOLFSSL_SEP
+ #define WOLFSSL_SEP
+ #endif
+ #ifndef OPENSSL_EXTRA
+ #define OPENSSL_EXTRA
+ #endif
+ #ifndef SESSION_CERTS
+ #define SESSION_CERTS
+ #endif
+ #ifndef HAVE_AESCCM
+ #define HAVE_AESCCM
+ #endif
+ #ifndef ATOMIC_USER
+ #define ATOMIC_USER
+ #endif
+ #ifndef WOLFSSL_DER_LOAD
+ #define WOLFSSL_DER_LOAD
+ #endif
+ #ifndef KEEP_PEER_CERT
+ #define KEEP_PEER_CERT
+ #endif
+ #ifndef HAVE_ECC
+ #define HAVE_ECC
+ #endif
+ #ifndef SESSION_INDEX
+ #define SESSION_INDEX
+ #endif
+#endif /* WOLFSSL_QL */
+
+
+#if defined(WOLFSSL_XILINX)
+ #define NO_WOLFSSL_DIR
+ #define NO_DEV_RANDOM
+ #define HAVE_AESGCM
+#endif
+
+#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX)
+ #if defined(WOLFSSL_ARMASM)
+ #error can not use both ARMv8 instructions and XILINX hardened crypto
+ #endif
+ #if defined(WOLFSSL_SHA3)
+ /* only SHA3-384 is supported */
+ #undef WOLFSSL_NOSHA3_224
+ #undef WOLFSSL_NOSHA3_256
+ #undef WOLFSSL_NOSHA3_512
+ #define WOLFSSL_NOSHA3_224
+ #define WOLFSSL_NOSHA3_256
+ #define WOLFSSL_NOSHA3_512
+ #endif
+ #ifdef WOLFSSL_AFALG_XILINX_AES
+ #undef WOLFSSL_AES_DIRECT
+ #define WOLFSSL_AES_DIRECT
+ #endif
+#endif /*(WOLFSSL_XILINX_CRYPT)*/
+
+#if defined(WOLFSSL_APACHE_MYNEWT)
+ #include "os/os_malloc.h"
+ #if !defined(WOLFSSL_LWIP)
+ #include <mn_socket/mn_socket.h>
+ #endif
+
+ #if !defined(SIZEOF_LONG)
+ #define SIZEOF_LONG 4
+ #endif
+ #if !defined(SIZEOF_LONG_LONG)
+ #define SIZEOF_LONG_LONG 8
+ #endif
+ #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
+ #define BIG_ENDIAN_ORDER
+ #else
+ #undef BIG_ENDIAN_ORDER
+ #define LITTLE_ENDIAN_ORDER
+ #endif
+ #define NO_WRITEV
+ #define WOLFSSL_USER_IO
+ #define SINGLE_THREADED
+ #define NO_DEV_RANDOM
+ #define NO_DH
+ #define NO_WOLFSSL_DIR
+ #define NO_ERROR_STRINGS
+ #define HAVE_ECC
+ #define NO_SESSION_CACHE
+ #define NO_ERROR_STRINGS
+ #define XMALLOC_USER
+ #define XMALLOC(sz, heap, type) os_malloc(sz)
+ #define XREALLOC(p, sz, heap, type) os_realloc(p, sz)
+ #define XFREE(p, heap, type) os_free(p)
+
+#endif /*(WOLFSSL_APACHE_MYNEWT)*/
+
+#ifdef WOLFSSL_ZEPHYR
+ #include <zephyr.h>
+ #include <sys/printk.h>
+ #include <sys/util.h>
+ #include <stdlib.h>
+
+ #define WOLFSSL_DH_CONST
+ #define WOLFSSL_HAVE_MAX
+ #define NO_WRITEV
+
+ #define USE_FLAT_BENCHMARK_H
+ #define USE_FLAT_TEST_H
+ #define EXIT_FAILURE 1
+ #define MAIN_NO_ARGS
+
+ void *z_realloc(void *ptr, size_t size);
+ #define realloc z_realloc
+
+ #ifndef CONFIG_NET_SOCKETS_POSIX_NAMES
+ #define CONFIG_NET_SOCKETS_POSIX_NAMES
+ #endif
+#endif
+
+#ifdef WOLFSSL_IMX6
+ #ifndef SIZEOF_LONG_LONG
+ #define SIZEOF_LONG_LONG 8
+ #endif
+#endif
+
+/* if defined turn on all CAAM support */
+#ifdef WOLFSSL_IMX6_CAAM
+ #undef WOLFSSL_IMX6_CAAM_RNG
+ #define WOLFSSL_IMX6_CAAM_RNG
+
+ #undef WOLFSSL_IMX6_CAAM_BLOB
+ #define WOLFSSL_IMX6_CAAM_BLOB
+
+#if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_XTS)
+ /* large performance gain with HAVE_AES_ECB defined */
+ #undef HAVE_AES_ECB
+ #define HAVE_AES_ECB
+
+ //@TODO used for now until plugging in caam aes use with qnx
+ #undef WOLFSSL_AES_DIRECT
+ #define WOLFSSL_AES_DIRECT
+#endif
+#endif
+
+/* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */
+#if defined(WOLFSSL_IMXRT_DCP) && !defined(SINGLE_THREADED)
+ #undef WOLFSSL_CRYPT_HW_MUTEX
+ #define WOLFSSL_CRYPT_HW_MUTEX 1
+#endif
+
+#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
+ !defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \
+ !defined(XMALLOC_OVERRIDE)
+ #define USE_WOLFSSL_MEMORY
+#endif
+
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+ #undef KEEP_PEER_CERT
+ #define KEEP_PEER_CERT
+#endif
+
+
+/* stream ciphers except arc4 need 32bit alignment, intel ok without */
+#ifndef XSTREAM_ALIGN
+ #if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
+ #define NO_XSTREAM_ALIGN
+ #else
+ #define XSTREAM_ALIGN
+ #endif
+#endif
+
+/* write dup cannot be used with secure renegotiation because write dup
+ * make write side write only and read side read only */
+#if defined(HAVE_WRITE_DUP) && defined(HAVE_SECURE_RENEGOTIATION)
+ #error "WRITE DUP and SECURE RENEGOTIATION cannot both be on"
+#endif
+
+#ifdef WOLFSSL_SGX
+ #ifdef _MSC_VER
+ #define NO_RC4
+ #ifndef HAVE_FIPS
+ #define WOLFCRYPT_ONLY
+ #define NO_DES3
+ #define NO_SHA
+ #define NO_MD5
+ #else
+ #define TFM_TIMING_RESISTANT
+ #define NO_WOLFSSL_DIR
+ #define NO_WRITEV
+ #define NO_MAIN_DRIVER
+ #define WOLFSSL_LOG_PRINTF
+ #define WOLFSSL_DH_CONST
+ #endif
+ #else
+ #define HAVE_ECC
+ #define NO_WRITEV
+ #define NO_MAIN_DRIVER
+ #define USER_TICKS
+ #define WOLFSSL_LOG_PRINTF
+ #define WOLFSSL_DH_CONST
+ #endif /* _MSC_VER */
+ #if !defined(HAVE_FIPS) && !defined(NO_RSA)
+ #define WC_RSA_BLINDING
+ #endif
+
+ #define NO_FILESYSTEM
+ #define ECC_TIMING_RESISTANT
+ #define TFM_TIMING_RESISTANT
+ #define SINGLE_THREADED
+ #define NO_ASN_TIME /* can not use headers such as windows.h */
+ #define HAVE_AESGCM
+ #define USE_CERT_BUFFERS_2048
+ #define USE_FAST_MATH
+#endif /* WOLFSSL_SGX */
+
+/* FreeScale MMCAU hardware crypto has 4 byte alignment.
+ However, KSDK fsl_mmcau.h gives API with no alignment
+ requirements (4 byte alignment is managed internally by fsl_mmcau.c) */
+#ifdef FREESCALE_MMCAU
+ #ifdef FREESCALE_MMCAU_CLASSIC
+ #define WOLFSSL_MMCAU_ALIGNMENT 4
+ #else
+ #define WOLFSSL_MMCAU_ALIGNMENT 0
+ #endif
+#endif
+
+/* if using hardware crypto and have alignment requirements, specify the
+ requirement here. The record header of SSL/TLS will prevent easy alignment.
+ This hint tries to help as much as possible. */
+#ifndef WOLFSSL_GENERAL_ALIGNMENT
+ #ifdef WOLFSSL_AESNI
+ #define WOLFSSL_GENERAL_ALIGNMENT 16
+ #elif defined(XSTREAM_ALIGN)
+ #define WOLFSSL_GENERAL_ALIGNMENT 4
+ #elif defined(FREESCALE_MMCAU) || defined(FREESCALE_MMCAU_CLASSIC)
+ #define WOLFSSL_GENERAL_ALIGNMENT WOLFSSL_MMCAU_ALIGNMENT
+ #else
+ #define WOLFSSL_GENERAL_ALIGNMENT 0
+ #endif
+#endif
+
+#if defined(WOLFSSL_GENERAL_ALIGNMENT) && (WOLFSSL_GENERAL_ALIGNMENT > 0)
+ #if defined(_MSC_VER)
+ #define XGEN_ALIGN __declspec(align(WOLFSSL_GENERAL_ALIGNMENT))
+ #elif defined(__GNUC__)
+ #define XGEN_ALIGN __attribute__((aligned(WOLFSSL_GENERAL_ALIGNMENT)))
+ #else
+ #define XGEN_ALIGN
+ #endif
+#else
+ #define XGEN_ALIGN
+#endif
+
+
+#ifdef __INTEL_COMPILER
+ #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
+#endif
+
+/* user can specify what curves they want with ECC_USER_CURVES otherwise
+ * all curves are on by default for now */
+#ifndef ECC_USER_CURVES
+ #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_ALL_CURVES)
+ #define HAVE_ALL_CURVES
+ #endif
+#endif
+
+/* The minimum allowed ECC key size */
+/* Note: 224-bits is equivelant to 2048-bit RSA */
+#ifndef ECC_MIN_KEY_SZ
+ #ifdef WOLFSSL_MIN_ECC_BITS
+ #define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS
+ #else
+ #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2
+ /* FIPSv2 and ready (for now) includes 192-bit support */
+ #define ECC_MIN_KEY_SZ 192
+ #else
+ #define ECC_MIN_KEY_SZ 224
+ #endif
+ #endif
+#endif
+
+/* ECC Configs */
+#ifdef HAVE_ECC
+ /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
+ #if !defined(NO_ECC_SIGN) && \
+ (!defined(ECC_TIMING_RESISTANT) || \
+ (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
+ #undef HAVE_ECC_SIGN
+ #define HAVE_ECC_SIGN
+ #endif
+ #ifndef NO_ECC_VERIFY
+ #undef HAVE_ECC_VERIFY
+ #define HAVE_ECC_VERIFY
+ #endif
+ #ifndef NO_ECC_CHECK_KEY
+ #undef HAVE_ECC_CHECK_KEY
+ #define HAVE_ECC_CHECK_KEY
+ #endif
+ #if !defined(NO_ECC_DHE) && !defined(WC_NO_RNG)
+ #undef HAVE_ECC_DHE
+ #define HAVE_ECC_DHE
+ #endif
+ #ifndef NO_ECC_KEY_IMPORT
+ #undef HAVE_ECC_KEY_IMPORT
+ #define HAVE_ECC_KEY_IMPORT
+ #endif
+ #ifndef NO_ECC_KEY_EXPORT
+ #undef HAVE_ECC_KEY_EXPORT
+ #define HAVE_ECC_KEY_EXPORT
+ #endif
+#endif /* HAVE_ECC */
+
+/* Curve25519 Configs */
+#ifdef HAVE_CURVE25519
+ /* By default enable shared secret, key export and import */
+ #ifndef NO_CURVE25519_SHARED_SECRET
+ #undef HAVE_CURVE25519_SHARED_SECRET
+ #define HAVE_CURVE25519_SHARED_SECRET
+ #endif
+ #ifndef NO_CURVE25519_KEY_EXPORT
+ #undef HAVE_CURVE25519_KEY_EXPORT
+ #define HAVE_CURVE25519_KEY_EXPORT
+ #endif
+ #ifndef NO_CURVE25519_KEY_IMPORT
+ #undef HAVE_CURVE25519_KEY_IMPORT
+ #define HAVE_CURVE25519_KEY_IMPORT
+ #endif
+#endif /* HAVE_CURVE25519 */
+
+/* Ed25519 Configs */
+#ifdef HAVE_ED25519
+ /* By default enable sign, verify, key export and import */
+ #ifndef NO_ED25519_SIGN
+ #undef HAVE_ED25519_SIGN
+ #define HAVE_ED25519_SIGN
+ #endif
+ #ifndef NO_ED25519_VERIFY
+ #undef HAVE_ED25519_VERIFY
+ #define HAVE_ED25519_VERIFY
+ #endif
+ #ifndef NO_ED25519_KEY_EXPORT
+ #undef HAVE_ED25519_KEY_EXPORT
+ #define HAVE_ED25519_KEY_EXPORT
+ #endif
+ #ifndef NO_ED25519_KEY_IMPORT
+ #undef HAVE_ED25519_KEY_IMPORT
+ #define HAVE_ED25519_KEY_IMPORT
+ #endif
+#endif /* HAVE_ED25519 */
+
+/* Curve448 Configs */
+#ifdef HAVE_CURVE448
+ /* By default enable shared secret, key export and import */
+ #ifndef NO_CURVE448_SHARED_SECRET
+ #undef HAVE_CURVE448_SHARED_SECRET
+ #define HAVE_CURVE448_SHARED_SECRET
+ #endif
+ #ifndef NO_CURVE448_KEY_EXPORT
+ #undef HAVE_CURVE448_KEY_EXPORT
+ #define HAVE_CURVE448_KEY_EXPORT
+ #endif
+ #ifndef NO_CURVE448_KEY_IMPORT
+ #undef HAVE_CURVE448_KEY_IMPORT
+ #define HAVE_CURVE448_KEY_IMPORT
+ #endif
+#endif /* HAVE_CURVE448 */
+
+/* Ed448 Configs */
+#ifdef HAVE_ED448
+ /* By default enable sign, verify, key export and import */
+ #ifndef NO_ED448_SIGN
+ #undef HAVE_ED448_SIGN
+ #define HAVE_ED448_SIGN
+ #endif
+ #ifndef NO_ED448_VERIFY
+ #undef HAVE_ED448_VERIFY
+ #define HAVE_ED448_VERIFY
+ #endif
+ #ifndef NO_ED448_KEY_EXPORT
+ #undef HAVE_ED448_KEY_EXPORT
+ #define HAVE_ED448_KEY_EXPORT
+ #endif
+ #ifndef NO_ED448_KEY_IMPORT
+ #undef HAVE_ED448_KEY_IMPORT
+ #define HAVE_ED448_KEY_IMPORT
+ #endif
+#endif /* HAVE_ED448 */
+
+/* AES Config */
+#ifndef NO_AES
+ /* By default enable all AES key sizes, decryption and CBC */
+ #ifndef AES_MAX_KEY_SIZE
+ #undef AES_MAX_KEY_SIZE
+ #define AES_MAX_KEY_SIZE 256
+ #endif
+
+ #ifndef NO_AES_128
+ #undef WOLFSSL_AES_128
+ #define WOLFSSL_AES_128
+ #endif
+ #if !defined(NO_AES_192) && AES_MAX_KEY_SIZE >= 192
+ #undef WOLFSSL_AES_192
+ #define WOLFSSL_AES_192
+ #endif
+ #if !defined(NO_AES_256) && AES_MAX_KEY_SIZE >= 256
+ #undef WOLFSSL_AES_256
+ #define WOLFSSL_AES_256
+ #endif
+ #if !defined(WOLFSSL_AES_128) && defined(HAVE_ECC_ENCRYPT)
+ #warning HAVE_ECC_ENCRYPT uses AES 128 bit keys
+ #endif
+
+ #ifndef NO_AES_DECRYPT
+ #undef HAVE_AES_DECRYPT
+ #define HAVE_AES_DECRYPT
+ #endif
+ #ifndef NO_AES_CBC
+ #undef HAVE_AES_CBC
+ #define HAVE_AES_CBC
+ #endif
+ #ifdef WOLFSSL_AES_XTS
+ /* AES-XTS makes calls to AES direct functions */
+ #ifndef WOLFSSL_AES_DIRECT
+ #define WOLFSSL_AES_DIRECT
+ #endif
+ #endif
+ #ifdef WOLFSSL_AES_CFB
+ /* AES-CFB makes calls to AES direct functions */
+ #ifndef WOLFSSL_AES_DIRECT
+ #define WOLFSSL_AES_DIRECT
+ #endif
+ #endif
+#endif
+
+#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \
+ (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
+ !defined(HAVE_CAMELLIA) && !defined(HAVE_IDEA) && \
+ !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
+ #define WOLFSSL_AEAD_ONLY
+#endif
+
+#if !defined(NO_DH) && !defined(HAVE_FFDHE)
+ #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || \
+ defined(HAVE_FFDHE_4096) || defined(HAVE_FFDHE_6144) || \
+ defined(HAVE_FFDHE_8192)
+ #define HAVE_FFDHE
+ #endif
+#endif
+#if defined(HAVE_FFDHE_8192)
+ #define MIN_FFDHE_FP_MAX_BITS 16384
+#elif defined(HAVE_FFDHE_6144)
+ #define MIN_FFDHE_FP_MAX_BITS 12288
+#elif defined(HAVE_FFDHE_4096)
+ #define MIN_FFDHE_FP_MAX_BITS 8192
+#elif defined(HAVE_FFDHE_3072)
+ #define MIN_FFDHE_FP_MAX_BITS 6144
+#elif defined(HAVE_FFDHE_2048)
+ #define MIN_FFDHE_FP_MAX_BITS 4096
+#else
+ #define MIN_FFDHE_FP_MAX_BITS 0
+#endif
+#if defined(HAVE_FFDHE) && defined(FP_MAX_BITS)
+ #if MIN_FFDHE_FP_MAX_BITS > FP_MAX_BITS
+ #error "FFDHE parameters are too large for FP_MAX_BIT as set"
+ #endif
+#endif
+#if defined(HAVE_FFDHE) && defined(SP_INT_BITS)
+ #if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2
+ #error "FFDHE parameters are too large for SP_INT_BIT as set"
+ #endif
+#endif
+
+/* if desktop type system and fastmath increase default max bits */
+#if defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD)
+ #if defined(USE_FAST_MATH) && !defined(FP_MAX_BITS)
+ #if MIN_FFDHE_FP_MAX_BITS <= 8192
+ #define FP_MAX_BITS 8192
+ #else
+ #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+ #endif
+ #endif
+ #if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS)
+ #if MIN_FFDHE_FP_MAX_BITS <= 8192
+ #define SP_INT_BITS 4096
+ #else
+ #define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2
+ #endif
+ #endif
+#endif
+
+/* If using the max strength build, ensure OLD TLS is disabled. */
+#ifdef WOLFSSL_MAX_STRENGTH
+ #undef NO_OLD_TLS
+ #define NO_OLD_TLS
+#endif
+
+
+/* Default AES minimum auth tag sz, allow user to override */
+#ifndef WOLFSSL_MIN_AUTH_TAG_SZ
+ #define WOLFSSL_MIN_AUTH_TAG_SZ 12
+#endif
+
+
+/* sniffer requires:
+ * static RSA cipher suites
+ * session stats and peak stats
+ */
+#ifdef WOLFSSL_SNIFFER
+ #ifndef WOLFSSL_STATIC_RSA
+ #define WOLFSSL_STATIC_RSA
+ #endif
+ #ifndef WOLFSSL_STATIC_DH
+ #define WOLFSSL_STATIC_DH
+ #endif
+ /* Allow option to be disabled. */
+ #ifndef WOLFSSL_NO_SESSION_STATS
+ #ifndef WOLFSSL_SESSION_STATS
+ #define WOLFSSL_SESSION_STATS
+ #endif
+ #ifndef WOLFSSL_PEAK_SESSIONS
+ #define WOLFSSL_PEAK_SESSIONS
+ #endif
+ #endif
+#endif
+
+/* Decode Public Key extras on by default, user can turn off with
+ * WOLFSSL_NO_DECODE_EXTRA */
+#ifndef WOLFSSL_NO_DECODE_EXTRA
+ #ifndef RSA_DECODE_EXTRA
+ #define RSA_DECODE_EXTRA
+ #endif
+ #ifndef ECC_DECODE_EXTRA
+ #define ECC_DECODE_EXTRA
+ #endif
+#endif
+
+/* C Sharp wrapper defines */
+#ifdef HAVE_CSHARP
+ #ifndef WOLFSSL_DTLS
+ #define WOLFSSL_DTLS
+ #endif
+ #undef NO_PSK
+ #undef NO_SHA256
+ #undef NO_DH
+#endif
+
+/* Asynchronous Crypto */
+#ifdef WOLFSSL_ASYNC_CRYPT
+ /* Make sure wolf events are enabled */
+ #undef HAVE_WOLF_EVENT
+ #define HAVE_WOLF_EVENT
+
+ #ifdef WOLFSSL_ASYNC_CRYPT_TEST
+ #define WC_ASYNC_DEV_SIZE 168
+ #else
+ #define WC_ASYNC_DEV_SIZE 336
+ #endif
+
+ #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
+ !defined(WOLFSSL_ASYNC_CRYPT_TEST)
+ #error No async hardware defined with WOLFSSL_ASYNC_CRYPT!
+ #endif
+
+ /* Enable ECC_CACHE_CURVE for ASYNC */
+ #if !defined(ECC_CACHE_CURVE)
+ #define ECC_CACHE_CURVE
+ #endif
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#ifndef WC_ASYNC_DEV_SIZE
+ #define WC_ASYNC_DEV_SIZE 0
+#endif
+
+/* leantls checks */
+#ifdef WOLFSSL_LEANTLS
+ #ifndef HAVE_ECC
+ #error leantls build needs ECC
+ #endif
+#endif /* WOLFSSL_LEANTLS*/
+
+/* restriction with static memory */
+#ifdef WOLFSSL_STATIC_MEMORY
+ #if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY)
+ #error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY
+ #endif
+ #if !defined(WOLFSSL_SP_NO_MALLOC) && \
+ !defined(USE_FAST_MATH) && !defined(NO_BIG_INT)
+ #error The static memory option is only supported for fast math or SP with no malloc
+ #endif
+ #ifdef WOLFSSL_SMALL_STACK
+ #error static memory does not support small stack please undefine
+ #endif
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+#ifdef HAVE_AES_KEYWRAP
+ #ifndef WOLFSSL_AES_DIRECT
+ #error AES key wrap requires AES direct please define WOLFSSL_AES_DIRECT
+ #endif
+#endif
+
+#ifdef HAVE_PKCS7
+ #if defined(NO_AES) && defined(NO_DES3)
+ #error PKCS7 needs either AES or 3DES enabled, please enable one
+ #endif
+ #ifndef HAVE_AES_KEYWRAP
+ #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP
+ #endif
+ #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
+ #error PKCS7 requires X963 KDF please define HAVE_X963_KDF
+ #endif
+#endif
+
+#ifndef NO_PKCS12
+ #undef HAVE_PKCS12
+ #define HAVE_PKCS12
+#endif
+
+#ifndef NO_PKCS8
+ #undef HAVE_PKCS8
+ #define HAVE_PKCS8
+#endif
+
+#if !defined(NO_PBKDF1) || defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
+ #undef HAVE_PBKDF1
+ #define HAVE_PBKDF1
+#endif
+
+#if !defined(NO_PBKDF2) || defined(HAVE_PKCS7) || defined(HAVE_SCRYPT)
+ #undef HAVE_PBKDF2
+ #define HAVE_PBKDF2
+#endif
+
+
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_OLD_TLS) && \
+ (defined(NO_SHA) || defined(NO_MD5))
+ #error old TLS requires MD5 and SHA
+#endif
+
+/* for backwards compatibility */
+#if defined(TEST_IPV6) && !defined(WOLFSSL_IPV6)
+ #define WOLFSSL_IPV6
+#endif
+
+
+#ifdef WOLFSSL_LINUXKM
+ #ifndef NO_DEV_RANDOM
+ #define NO_DEV_RANDOM
+ #endif
+ #ifndef NO_WRITEV
+ #define NO_WRITEV
+ #endif
+ #ifndef NO_FILESYSTEM
+ #define NO_FILESYSTEM
+ #endif
+ #ifndef NO_STDIO_FILESYSTEM
+ #define NO_STDIO_FILESYSTEM
+ #endif
+ #ifndef WOLFSSL_NO_SOCK
+ #define WOLFSSL_NO_SOCK
+ #endif
+ #ifndef WOLFSSL_DH_CONST
+ #define WOLFSSL_DH_CONST
+ #endif
+ #ifndef WOLFSSL_USER_IO
+ #define WOLFSSL_USER_IO
+ #endif
+ #ifndef USE_WOLF_STRTOK
+ #define USE_WOLF_STRTOK
+ #endif
+ #ifndef WOLFSSL_SP_DIV_WORD_HALF
+ #define WOLFSSL_SP_DIV_WORD_HALF
+ #endif
+ #ifndef WOLFSSL_OLD_PRIME_CHECK
+ #define WOLFSSL_OLD_PRIME_CHECK
+ #endif
+ #ifndef WOLFSSL_TEST_SUBROUTINE
+ #define WOLFSSL_TEST_SUBROUTINE static
+ #endif
+ #undef HAVE_STRINGS_H
+ #undef HAVE_ERRNO_H
+ #undef HAVE_THREAD_LS
+ #undef WOLFSSL_HAVE_MIN
+ #undef WOLFSSL_HAVE_MAX
+ #define SIZEOF_LONG 8
+ #define SIZEOF_LONG_LONG 8
+ #define CHAR_BIT 8
+ #ifndef WOLFSSL_SP_DIV_64
+ #define WOLFSSL_SP_DIV_64
+ #endif
+ #ifndef WOLFSSL_SP_DIV_WORD_HALF
+ #define WOLFSSL_SP_DIV_WORD_HALF
+ #endif
+#endif
+
+
+/* Place any other flags or defines here */
+
+#if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \
+ && defined(HAVE_GMTIME_R)
+ #undef HAVE_GMTIME_R /* don't trust macro with windows */
+#endif /* WOLFSSL_MYSQL_COMPATIBLE */
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
+ || defined(HAVE_LIGHTY)
+ #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
+ #define OPENSSL_NO_ENGINE
+ #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ #ifndef OPENSSL_EXTRA
+ #define OPENSSL_EXTRA
+ #endif
+ #ifndef HAVE_SESSION_TICKET
+ #define HAVE_SESSION_TICKET
+ #endif
+ #ifndef HAVE_OCSP
+ #define HAVE_OCSP
+ #endif
+ #ifndef KEEP_OUR_CERT
+ #define KEEP_OUR_CERT
+ #endif
+ #ifndef HAVE_SNI
+ #define HAVE_SNI
+ #endif
+#endif
+
+#ifdef HAVE_SNI
+ #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+#endif
+
+
+/* both CURVE and ED small math should be enabled */
+#ifdef CURVED25519_SMALL
+ #define CURVE25519_SMALL
+ #define ED25519_SMALL
+#endif
+
+/* both CURVE and ED small math should be enabled */
+#ifdef CURVED448_SMALL
+ #define CURVE448_SMALL
+ #define ED448_SMALL
+#endif
+
+
+#ifndef WOLFSSL_ALERT_COUNT_MAX
+ #define WOLFSSL_ALERT_COUNT_MAX 5
+#endif
+
+/* warning for not using harden build options (default with ./configure) */
+#ifndef WC_NO_HARDEN
+ #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
+ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
+ (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
+ !defined(WC_NO_RNG))
+
+ #ifndef _MSC_VER
+ #warning "For timing resistance / side-channel attack prevention consider using harden options"
+ #else
+ #pragma message("Warning: For timing resistance / side-channel attack prevention consider using harden options")
+ #endif
+ #endif
+#endif
+
+#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
+ /* added to have compatibility with SHA256() */
+ #if !defined(NO_OLD_SHA_NAMES) && (!defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+ #define NO_OLD_SHA_NAMES
+ #endif
+ #if !defined(NO_OLD_MD5_NAME) && (!defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+ #define NO_OLD_MD5_NAME
+ #endif
+#endif
+
+/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509
+ * When opensslextra is enabled all subparts should be turned on. */
+#ifdef OPENSSL_EXTRA
+ #undef OPENSSL_EXTRA_X509_SMALL
+ #define OPENSSL_EXTRA_X509_SMALL
+#endif /* OPENSSL_EXTRA */
+
+/* support for converting DER to PEM */
+#if (defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_DER_TO_PEM)) || \
+ defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)
+ #undef WOLFSSL_DER_TO_PEM
+ #define WOLFSSL_DER_TO_PEM
+#endif
+
+/* keep backwards compatibility enabling encrypted private key */
+#ifndef WOLFSSL_ENCRYPTED_KEYS
+ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+ defined(HAVE_WEBSERVER)
+ #define WOLFSSL_ENCRYPTED_KEYS
+ #endif
+#endif
+
+/* support for disabling PEM to DER */
+#if !defined(WOLFSSL_NO_PEM) && !defined(NO_CODING)
+ #undef WOLFSSL_PEM_TO_DER
+ #define WOLFSSL_PEM_TO_DER
+#endif
+
+/* Parts of the openssl compatibility layer require peer certs */
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
+ || defined(HAVE_LIGHTY)
+ #undef KEEP_PEER_CERT
+ #define KEEP_PEER_CERT
+#endif
+
+/* RAW hash function APIs are not implemented */
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH)
+ #undef WOLFSSL_NO_HASH_RAW
+ #define WOLFSSL_NO_HASH_RAW
+#endif
+
+/* XChacha not implemented with ARM assembly ChaCha */
+#if defined(WOLFSSL_ARMASM)
+ #undef HAVE_XCHACHA
+#endif
+
+#if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \
+ !defined(WOLFSSL_SHA3)
+ #undef WOLFSSL_NO_WORD64_OPS
+ #define WOLFSSL_NO_WORD64_OPS
+#endif
+
+#if !defined(WOLFCRYPT_ONLY) && !defined(WOLFSSL_NO_TLS12)
+ #undef WOLFSSL_HAVE_PRF
+ #define WOLFSSL_HAVE_PRF
+#endif
+
+#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_CAMELLIA) && \
+ !defined(WOLFSSL_HAVE_PRF) && defined(NO_PWDBASED) && !defined(HAVE_IDEA)
+ #undef WOLFSSL_NO_XOR_OPS
+ #define WOLFSSL_NO_XOR_OPS
+#endif
+
+#if defined(NO_ASN) && defined(WOLFCRYPT_ONLY)
+ #undef WOLFSSL_NO_INT_ENCODE
+ #define WOLFSSL_NO_INT_ENCODE
+ #undef WOLFSSL_NO_INT_DECODE
+ #define WOLFSSL_NO_INT_DECODE
+#endif
+
+#if defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+ defined(WC_NO_RSA_OAEP)
+ #undef WOLFSSL_NO_CT_OPS
+ #define WOLFSSL_NO_CT_OPS
+#endif
+
+#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(HAVE_CURVE25519) && \
+ !defined(HAVE_CURVE448) && defined(WC_NO_RNG) && defined(WC_NO_RSA_OAEP)
+ #undef WOLFSSL_NO_CONST_CMP
+ #define WOLFSSL_NO_CONST_CMP
+#endif
+
+#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
+ !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
+ (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+ defined(WOLFSSL_RSA_PUBLIC_ONLY)
+ #undef WOLFSSL_NO_FORCE_ZERO
+ #define WOLFSSL_NO_FORCE_ZERO
+#endif
+
+/* Detect old cryptodev name */
+#if defined(WOLF_CRYPTO_DEV) && !defined(WOLF_CRYPTO_CB)
+ #define WOLF_CRYPTO_CB
+#endif
+
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_SIGALG)
+ #error TLS 1.3 requires the Signature Algorithms extension to be enabled
+#endif
+
+#ifndef NO_WOLFSSL_BASE64_DECODE
+ #define WOLFSSL_BASE64_DECODE
+#endif
+
+#if defined(HAVE_EX_DATA) || defined(FORTRESS)
+ #define MAX_EX_DATA 5 /* allow for five items of ex_data */
+#endif
+
+#ifdef NO_WOLFSSL_SMALL_STACK
+ #undef WOLFSSL_SMALL_STACK
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK_STATIC
+ #undef WOLFSSL_SMALL_STACK_STATIC
+ #define WOLFSSL_SMALL_STACK_STATIC static
+#else
+ #define WOLFSSL_SMALL_STACK_STATIC
+#endif
+
+/* The client session cache requires time for timeout */
+#if defined(NO_ASN_TIME) && !defined(NO_SESSION_CACHE)
+ #define NO_SESSION_CACHE
+#endif
+
+/* Use static ECC structs for Position Independant Code (PIC) */
+#if defined(__IAR_SYSTEMS_ICC__) && defined(__ROPI__)
+ #define WOLFSSL_ECC_CURVE_STATIC
+ #define WOLFSSL_NAMES_STATIC
+ #define WOLFSSL_NO_CONSTCHARCONST
+#endif
+
+/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */
+#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION)
+ #undef WC_RSA_PSS
+ #undef WOLFSSL_TLS13
+#endif
+
+/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
+ * but make sure users consider enabling it */
+#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ /* ECDSA length checks off by default for CAVP testing
+ * consider enabling strict checks in production */
+ #define NO_STRICT_ECDSA_LEN
+#endif
+
+/* Do not allow using small stack with no malloc */
+#if defined(WOLFSSL_NO_MALLOC) && \
+ (defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_SMALL_STACK_CACHE))
+ #error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC)
+#endif
+
+/* Enable DH Extra for QT, openssl all, openssh and static ephemeral */
+/* Allows export/import of DH key and params as DER */
+#if !defined(NO_DH) && !defined(WOLFSSL_DH_EXTRA) && \
+ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
+ defined(WOLFSSL_STATIC_EPHEMERAL))
+ #define WOLFSSL_DH_EXTRA
+#endif
+
+/* DH Extra is not supported on FIPS v1 or v2 (is missing DhKey .pub/.priv) */
+#if defined(WOLFSSL_DH_EXTRA) && defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || HAVE_FIPS_VERSION <= 2)
+ #undef WOLFSSL_DH_EXTRA
+#endif
+
+/* Check for insecure build combination:
+ * secure renegotiation [enabled]
+ * extended master secret [disabled]
+ * session resumption [enabled]
+ */
+#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(HAVE_EXTENDED_MASTER) && \
+ (defined(HAVE_SESSION_TICKET) || !defined(NO_SESSION_CACHE))
+ /* secure renegotiation requires extended master secret with resumption */
+ #ifndef _MSC_VER
+ #warning Extended master secret must be enabled with secure renegotiation and session resumption
+ #else
+ #pragma message("Warning: Extended master secret must be enabled with secure renegotiation and session resumption")
+ #endif
+
+ /* Note: "--enable-renegotiation-indication" ("HAVE_RENEGOTIATION_INDICATION")
+ * only sends the secure renegotiation extension, but is not actually supported.
+ * This was added because some TLS peers required it even if not used, so we call
+ * this "(FAKE Secure Renegotiation)"
+ */
+#endif
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha.h
new file mode 100644
index 0000000..cc55fa0
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha.h
@@ -0,0 +1,193 @@
+/* sha.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/sha.h
+*/
+
+
+#ifndef WOLF_CRYPT_SHA_H
+#define WOLF_CRYPT_SHA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_SHA
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+#define wc_Sha Sha
+#define WC_SHA SHA
+#define WC_SHA_BLOCK_SIZE SHA_BLOCK_SIZE
+#define WC_SHA_DIGEST_SIZE SHA_DIGEST_SIZE
+#define WC_SHA_PAD_SIZE SHA_PAD_SIZE
+
+/* for fips @wc_fips */
+#include <cyassl/ctaocrypt/sha.h>
+#endif
+
+#ifdef FREESCALE_LTC_SHA
+ #include "fsl_ltc.h"
+#endif
+
+#ifdef WOLFSSL_IMXRT_DCP
+ #include "fsl_dcp.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+ #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
+#endif
+#ifdef STM32_HASH
+ #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+#ifdef WOLFSSL_ESP32WROOM32_CRYPT
+ #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#endif
+#if defined(WOLFSSL_SILABS_SE_ACCEL)
+ #include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
+#endif
+
+#if !defined(NO_OLD_SHA_NAMES)
+ #define SHA WC_SHA
+#endif
+
+#ifndef NO_OLD_WC_NAMES
+ #define Sha wc_Sha
+ #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE
+ #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE
+ #define SHA_PAD_SIZE WC_SHA_PAD_SIZE
+#endif
+
+/* in bytes */
+enum {
+ WC_SHA = WC_HASH_TYPE_SHA,
+ WC_SHA_BLOCK_SIZE = 64,
+ WC_SHA_DIGEST_SIZE = 20,
+ WC_SHA_PAD_SIZE = 56
+};
+
+
+#if defined(WOLFSSL_TI_HASH)
+ #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+
+#elif defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
+ #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
+#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
+ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
+ #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
+#else
+
+/* Sha digest */
+struct wc_Sha {
+#ifdef FREESCALE_LTC_SHA
+ ltc_hash_ctx_t ctx;
+#elif defined(STM32_HASH)
+ STM32_HASH_Context stmCtx;
+#elif defined(WOLFSSL_SILABS_SE_ACCEL)
+ wc_silabs_sha_t silabsCtx;
+#elif defined(WOLFSSL_IMXRT_DCP)
+ dcp_handle_t handle;
+ dcp_hash_ctx_t ctx;
+#else
+ word32 buffLen; /* in bytes */
+ word32 loLen; /* length in bytes */
+ word32 hiLen; /* length in bytes */
+ word32 buffer[WC_SHA_BLOCK_SIZE / sizeof(word32)];
+ #ifdef WOLFSSL_PIC32MZ_HASH
+ word32 digest[PIC32_DIGEST_SIZE / sizeof(word32)];
+ #else
+ word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
+ #endif
+ void* heap;
+ #ifdef WOLFSSL_PIC32MZ_HASH
+ hashUpdCache cache; /* cache for updates */
+ #endif
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+ #endif /* WOLFSSL_ASYNC_CRYPT */
+ #ifdef WOLF_CRYPTO_CB
+ int devId;
+ void* devCtx; /* generic crypto callback context */
+ #endif
+#endif
+#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
+ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
+ WC_ESP32SHA ctx;
+#endif
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ word32 flags; /* enum wc_HashFlags in hash.h */
+#endif
+};
+
+#ifndef WC_SHA_TYPE_DEFINED
+ typedef struct wc_Sha wc_Sha;
+ #define WC_SHA_TYPE_DEFINED
+#endif
+
+#endif /* WOLFSSL_TI_HASH */
+
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha(wc_Sha*);
+WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId);
+WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32);
+WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*);
+WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*);
+WOLFSSL_API void wc_ShaFree(wc_Sha*);
+
+WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*);
+WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*);
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*);
+#endif
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);
+#endif
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_ShaSetFlags(wc_Sha* sha, word32 flags);
+ WOLFSSL_API int wc_ShaGetFlags(wc_Sha* sha, word32* flags);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_SHA */
+#endif /* WOLF_CRYPT_SHA_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha256.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha256.h
new file mode 100644
index 0000000..8774472
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha256.h
@@ -0,0 +1,282 @@
+/* sha256.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/sha256.h
+*/
+
+
+
+#ifndef WOLF_CRYPT_SHA256_H
+#define WOLF_CRYPT_SHA256_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_SHA256
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+ #define wc_Sha256 Sha256
+ #define WC_SHA256 SHA256
+ #define WC_SHA256_BLOCK_SIZE SHA256_BLOCK_SIZE
+ #define WC_SHA256_DIGEST_SIZE SHA256_DIGEST_SIZE
+ #define WC_SHA256_PAD_SIZE SHA256_PAD_SIZE
+
+ #ifdef WOLFSSL_SHA224
+ #define wc_Sha224 Sha224
+ #define WC_SHA224 SHA224
+ #define WC_SHA224_BLOCK_SIZE SHA224_BLOCK_SIZE
+ #define WC_SHA224_DIGEST_SIZE SHA224_DIGEST_SIZE
+ #define WC_SHA224_PAD_SIZE SHA224_PAD_SIZE
+ #endif
+
+ /* for fips @wc_fips */
+ #include <cyassl/ctaocrypt/sha256.h>
+#endif
+
+#ifdef FREESCALE_LTC_SHA
+ #include "fsl_ltc.h"
+#endif
+
+#ifdef WOLFSSL_IMXRT_DCP
+ #include "fsl_dcp.h"
+#endif
+
+#if defined(WOLFSSL_PSOC6_CRYPTO)
+#include "cy_crypto_core_sha.h"
+#include "cy_device_headers.h"
+#include "cy_crypto_common.h"
+#include "cy_crypto_core.h"
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+ #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
+#endif
+#ifdef STM32_HASH
+ #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_DEVCRYPTO_HASH)
+ #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
+#endif
+#if defined(WOLFSSL_ESP32WROOM32_CRYPT)
+ #include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h"
+#endif
+#if defined(WOLFSSL_CRYPTOCELL)
+ #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
+#endif
+#if defined(WOLFSSL_SILABS_SE_ACCEL)
+ #include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
+#endif
+
+#if defined(_MSC_VER)
+ #define SHA256_NOINLINE __declspec(noinline)
+#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define SHA256_NOINLINE __attribute__((noinline))
+#else
+ #define SHA256_NOINLINE
+#endif
+
+#if !defined(NO_OLD_SHA_NAMES)
+ #define SHA256 WC_SHA256
+#endif
+
+#ifndef NO_OLD_WC_NAMES
+ #define Sha256 wc_Sha256
+ #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE
+ #define SHA256_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
+ #define SHA256_PAD_SIZE WC_SHA256_PAD_SIZE
+#endif
+
+/* in bytes */
+enum {
+ WC_SHA256 = WC_HASH_TYPE_SHA256,
+ WC_SHA256_BLOCK_SIZE = 64,
+ WC_SHA256_DIGEST_SIZE = 32,
+ WC_SHA256_PAD_SIZE = 56
+};
+
+
+#ifdef WOLFSSL_TI_HASH
+ #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#elif defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
+ #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
+#elif defined(WOLFSSL_AFALG_HASH)
+ #include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h"
+#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
+ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
+ #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
+#else
+
+/* wc_Sha256 digest */
+struct wc_Sha256 {
+#ifdef FREESCALE_LTC_SHA
+ ltc_hash_ctx_t ctx;
+#elif defined(STM32_HASH_SHA2)
+ STM32_HASH_Context stmCtx;
+#elif defined(WOLFSSL_SILABS_SE_ACCEL)
+ wc_silabs_sha_t silabsCtx;
+#elif defined(WOLFSSL_IMXRT_DCP)
+ dcp_handle_t handle;
+ dcp_hash_ctx_t ctx;
+#elif defined(WOLFSSL_PSOC6_CRYPTO)
+ cy_stc_crypto_sha_state_t hash_state;
+ cy_en_crypto_sha_mode_t sha_mode;
+ cy_stc_crypto_v2_sha256_buffers_t sha_buffers;
+#else
+ /* alignment on digest and buffer speeds up ARMv8 crypto operations */
+ ALIGN16 word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
+ ALIGN16 word32 buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32)];
+ word32 buffLen; /* in bytes */
+ word32 loLen; /* length in bytes */
+ word32 hiLen; /* length in bytes */
+ void* heap;
+#endif
+#ifdef WOLFSSL_PIC32MZ_HASH
+ hashUpdCache cache; /* cache for updates */
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+ word32* W;
+#endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */
+#ifdef WOLFSSL_DEVCRYPTO_HASH
+ WC_CRYPTODEV ctx;
+ byte* msg;
+ word32 used;
+ word32 len;
+#endif
+#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
+ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
+ WC_ESP32SHA ctx;
+#endif
+#ifdef WOLFSSL_CRYPTOCELL
+ CRYS_HASHUserContext_t ctx;
+#endif
+#ifdef WOLF_CRYPTO_CB
+ int devId;
+ void* devCtx; /* generic crypto callback context */
+#endif
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ word32 flags; /* enum wc_HashFlags in hash.h */
+#endif
+};
+
+#ifndef WC_SHA256_TYPE_DEFINED
+ typedef struct wc_Sha256 wc_Sha256;
+ #define WC_SHA256_TYPE_DEFINED
+#endif
+
+#endif
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha256(wc_Sha256*);
+WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int);
+WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32);
+WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*);
+WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*);
+WOLFSSL_API void wc_Sha256Free(wc_Sha256*);
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int wc_Sha256Transform(wc_Sha256*, const byte*);
+#endif
+WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*);
+WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
+#endif
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags);
+ WOLFSSL_API int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags);
+#endif
+
+#ifdef WOLFSSL_SHA224
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#if !defined(NO_OLD_SHA_NAMES)
+ #define SHA224 WC_SHA224
+#endif
+
+#ifndef NO_OLD_WC_NAMES
+ #define Sha224 wc_Sha224
+ #define SHA224_BLOCK_SIZE WC_SHA224_BLOCK_SIZE
+ #define SHA224_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
+ #define SHA224_PAD_SIZE WC_SHA224_PAD_SIZE
+#endif
+
+/* in bytes */
+enum {
+ WC_SHA224 = WC_HASH_TYPE_SHA224,
+ WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE,
+ WC_SHA224_DIGEST_SIZE = 28,
+ WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE
+};
+
+
+#ifndef WC_SHA224_TYPE_DEFINED
+ typedef struct wc_Sha256 wc_Sha224;
+ #define WC_SHA224_TYPE_DEFINED
+#endif
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha224(wc_Sha224*);
+WOLFSSL_API int wc_InitSha224_ex(wc_Sha224*, void*, int);
+WOLFSSL_API int wc_Sha224Update(wc_Sha224*, const byte*, word32);
+WOLFSSL_API int wc_Sha224Final(wc_Sha224*, byte*);
+WOLFSSL_API void wc_Sha224Free(wc_Sha224*);
+
+WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*);
+WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags);
+ WOLFSSL_API int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags);
+#endif
+
+#endif /* WOLFSSL_SHA224 */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* NO_SHA256 */
+#endif /* WOLF_CRYPT_SHA256_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha3.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha3.h
new file mode 100644
index 0000000..19347b0
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha3.h
@@ -0,0 +1,166 @@
+/* sha3.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLF_CRYPT_SHA3_H
+#define WOLF_CRYPT_SHA3_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFSSL_SHA3
+
+#ifdef HAVE_FIPS
+ /* for fips @wc_fips */
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+
+/* in bytes */
+enum {
+ WC_SHA3_224 = WC_HASH_TYPE_SHA3_224,
+ WC_SHA3_224_DIGEST_SIZE = 28,
+ WC_SHA3_224_COUNT = 18,
+
+ WC_SHA3_256 = WC_HASH_TYPE_SHA3_256,
+ WC_SHA3_256_DIGEST_SIZE = 32,
+ WC_SHA3_256_COUNT = 17,
+
+ WC_SHA3_384 = WC_HASH_TYPE_SHA3_384,
+ WC_SHA3_384_DIGEST_SIZE = 48,
+ WC_SHA3_384_COUNT = 13,
+
+ WC_SHA3_512 = WC_HASH_TYPE_SHA3_512,
+ WC_SHA3_512_DIGEST_SIZE = 64,
+ WC_SHA3_512_COUNT = 9,
+
+#if !defined(HAVE_SELFTEST) || \
+ defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2)
+ /* These values are used for HMAC, not SHA-3 directly.
+ * They come from from FIPS PUB 202. */
+ WC_SHA3_224_BLOCK_SIZE = 144,
+ WC_SHA3_256_BLOCK_SIZE = 136,
+ WC_SHA3_384_BLOCK_SIZE = 104,
+ WC_SHA3_512_BLOCK_SIZE = 72,
+#endif
+};
+
+#ifndef NO_OLD_WC_NAMES
+ #define SHA3_224 WC_SHA3_224
+ #define SHA3_224_DIGEST_SIZE WC_SHA3_224_DIGEST_SIZE
+ #define SHA3_256 WC_SHA3_256
+ #define SHA3_256_DIGEST_SIZE WC_SHA3_256_DIGEST_SIZE
+ #define SHA3_384 WC_SHA3_384
+ #define SHA3_384_DIGEST_SIZE WC_SHA3_384_DIGEST_SIZE
+ #define SHA3_512 WC_SHA3_512
+ #define SHA3_512_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE
+ #define Sha3 wc_Sha3
+#endif
+
+
+
+#ifdef WOLFSSL_XILINX_CRYPT
+ #include "wolfssl/wolfcrypt/port/xilinx/xil-sha3.h"
+#elif defined(WOLFSSL_AFALG_XILINX_SHA3)
+ #include <wolfssl/wolfcrypt/port/af_alg/afalg_hash.h>
+#else
+
+/* Sha3 digest */
+struct wc_Sha3 {
+ /* State data that is processed for each block. */
+ word64 s[25];
+ /* Unprocessed message data. */
+ byte t[200];
+ /* Index into unprocessed data to place next message byte. */
+ byte i;
+
+ void* heap;
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ word32 flags; /* enum wc_HashFlags in hash.h */
+#endif
+};
+
+#ifndef WC_SHA3_TYPE_DEFINED
+ typedef struct wc_Sha3 wc_Sha3;
+ #define WC_SHA3_TYPE_DEFINED
+#endif
+
+#endif
+
+typedef wc_Sha3 wc_Shake;
+
+
+WOLFSSL_API int wc_InitSha3_224(wc_Sha3*, void*, int);
+WOLFSSL_API int wc_Sha3_224_Update(wc_Sha3*, const byte*, word32);
+WOLFSSL_API int wc_Sha3_224_Final(wc_Sha3*, byte*);
+WOLFSSL_API void wc_Sha3_224_Free(wc_Sha3*);
+WOLFSSL_API int wc_Sha3_224_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_Sha3_224_Copy(wc_Sha3* src, wc_Sha3* dst);
+
+WOLFSSL_API int wc_InitSha3_256(wc_Sha3*, void*, int);
+WOLFSSL_API int wc_Sha3_256_Update(wc_Sha3*, const byte*, word32);
+WOLFSSL_API int wc_Sha3_256_Final(wc_Sha3*, byte*);
+WOLFSSL_API void wc_Sha3_256_Free(wc_Sha3*);
+WOLFSSL_API int wc_Sha3_256_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_Sha3_256_Copy(wc_Sha3* src, wc_Sha3* dst);
+
+WOLFSSL_API int wc_InitSha3_384(wc_Sha3*, void*, int);
+WOLFSSL_API int wc_Sha3_384_Update(wc_Sha3*, const byte*, word32);
+WOLFSSL_API int wc_Sha3_384_Final(wc_Sha3*, byte*);
+WOLFSSL_API void wc_Sha3_384_Free(wc_Sha3*);
+WOLFSSL_API int wc_Sha3_384_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst);
+
+WOLFSSL_API int wc_InitSha3_512(wc_Sha3*, void*, int);
+WOLFSSL_API int wc_Sha3_512_Update(wc_Sha3*, const byte*, word32);
+WOLFSSL_API int wc_Sha3_512_Final(wc_Sha3*, byte*);
+WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3*);
+WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3*, byte*);
+WOLFSSL_API int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst);
+
+WOLFSSL_API int wc_InitShake256(wc_Shake*, void*, int);
+WOLFSSL_API int wc_Shake256_Update(wc_Shake*, const byte*, word32);
+WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32);
+WOLFSSL_API void wc_Shake256_Free(wc_Shake*);
+WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst);
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags);
+ WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_SHA3 */
+#endif /* WOLF_CRYPT_SHA3_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha512.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha512.h
new file mode 100644
index 0000000..81da52e
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/sha512.h
@@ -0,0 +1,256 @@
+/* sha512.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/sha512.h
+*/
+
+
+#ifndef WOLF_CRYPT_SHA512_H
+#define WOLF_CRYPT_SHA512_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+
+
+#if defined(HAVE_FIPS) && \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+ #ifdef WOLFSSL_SHA512
+ #define wc_Sha512 Sha512
+ #define WC_SHA512 SHA512
+ #define WC_SHA512_BLOCK_SIZE SHA512_BLOCK_SIZE
+ #define WC_SHA512_DIGEST_SIZE SHA512_DIGEST_SIZE
+ #define WC_SHA512_PAD_SIZE SHA512_PAD_SIZE
+ #endif /* WOLFSSL_SHA512 */
+ #ifdef WOLFSSL_SHA384
+ #define wc_Sha384 Sha384
+ #define WC_SHA384 SHA384
+ #define WC_SHA384_BLOCK_SIZE SHA384_BLOCK_SIZE
+ #define WC_SHA384_DIGEST_SIZE SHA384_DIGEST_SIZE
+ #define WC_SHA384_PAD_SIZE SHA384_PAD_SIZE
+ #endif /* WOLFSSL_SHA384 */
+
+ #define CYASSL_SHA512
+ #if defined(WOLFSSL_SHA384)
+ #define CYASSL_SHA384
+ #endif
+ /* for fips @wc_fips */
+ #include <cyassl/ctaocrypt/sha512.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ #include <wolfssl/wolfcrypt/async.h>
+#endif
+#ifdef WOLFSSL_ESP32WROOM32_CRYPT
+ #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#endif
+#if defined(WOLFSSL_SILABS_SE_ACCEL)
+ #include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
+#endif
+#if defined(WOLFSSL_PSOC6_CRYPTO)
+ #include "cy_crypto_core_sha.h"
+ #include "cy_device_headers.h"
+ #include "cy_crypto_common.h"
+ #include "cy_crypto_core.h"
+#endif
+
+#if defined(_MSC_VER)
+ #define SHA512_NOINLINE __declspec(noinline)
+#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define SHA512_NOINLINE __attribute__((noinline))
+#else
+ #define SHA512_NOINLINE
+#endif
+
+#ifdef WOLFSSL_SHA512
+
+#if !defined(NO_OLD_SHA_NAMES)
+ #define SHA512 WC_SHA512
+#endif
+
+#if !defined(NO_OLD_WC_NAMES)
+ #define Sha512 wc_Sha512
+ #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
+ #define SHA512_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
+ #define SHA512_PAD_SIZE WC_SHA512_PAD_SIZE
+#endif
+
+#endif /* WOLFSSL_SHA512 */
+
+/* in bytes */
+enum {
+#ifdef WOLFSSL_SHA512
+ WC_SHA512 = WC_HASH_TYPE_SHA512,
+#endif
+ WC_SHA512_BLOCK_SIZE = 128,
+ WC_SHA512_DIGEST_SIZE = 64,
+ WC_SHA512_PAD_SIZE = 112
+};
+
+
+#if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
+ #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
+#else
+/* wc_Sha512 digest */
+struct wc_Sha512 {
+#ifdef WOLFSSL_PSOC6_CRYPTO
+ cy_stc_crypto_sha_state_t hash_state;
+ cy_en_crypto_sha_mode_t sha_mode;
+ cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
+#else
+ word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
+ word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];
+ word32 buffLen; /* in bytes */
+ word64 loLen; /* length in bytes */
+ word64 hiLen; /* length in bytes */
+ void* heap;
+#ifdef USE_INTEL_SPEEDUP
+ const byte* data;
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV asyncDev;
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+ word64* W;
+#endif
+#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
+ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
+ WC_ESP32SHA ctx;
+#endif
+#if defined(WOLFSSL_SILABS_SE_ACCEL)
+ wc_silabs_sha_t silabsCtx;
+#endif
+#ifdef WOLF_CRYPTO_CB
+ int devId;
+ void* devCtx; /* generic crypto callback context */
+#endif
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ word32 flags; /* enum wc_HashFlags in hash.h */
+#endif
+#endif /* WOLFSSL_PSOC6_CRYPTO */
+};
+
+#ifndef WC_SHA512_TYPE_DEFINED
+ typedef struct wc_Sha512 wc_Sha512;
+ #define WC_SHA512_TYPE_DEFINED
+#endif
+#endif
+
+#endif /* HAVE_FIPS */
+
+#ifdef WOLFSSL_ARMASM
+WOLFSSL_LOCAL void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
+ word32 len);
+#endif
+
+#ifdef WOLFSSL_SHA512
+
+
+WOLFSSL_API int wc_InitSha512(wc_Sha512*);
+WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int);
+WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32);
+WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*);
+WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*);
+WOLFSSL_API void wc_Sha512Free(wc_Sha512*);
+
+WOLFSSL_API int wc_Sha512GetHash(wc_Sha512*, byte*);
+WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags);
+ WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags);
+#endif
+
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data);
+#endif
+#endif /* WOLFSSL_SHA512 */
+
+#if defined(WOLFSSL_SHA384)
+
+/* avoid redefinition of structs */
+#if !defined(HAVE_FIPS) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+
+#if !defined(NO_OLD_SHA_NAMES)
+ #define SHA384 WC_SHA384
+#endif
+
+#if !defined(NO_OLD_WC_NAMES)
+ #define Sha384 wc_Sha384
+ #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE
+ #define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
+ #define SHA384_PAD_SIZE WC_SHA384_PAD_SIZE
+#endif
+
+/* in bytes */
+enum {
+ WC_SHA384 = WC_HASH_TYPE_SHA384,
+ WC_SHA384_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
+ WC_SHA384_DIGEST_SIZE = 48,
+ WC_SHA384_PAD_SIZE = WC_SHA512_PAD_SIZE
+};
+
+
+#ifndef WC_SHA384_TYPE_DEFINED
+ typedef struct wc_Sha512 wc_Sha384;
+ #define WC_SHA384_TYPE_DEFINED
+#endif
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha384(wc_Sha384*);
+WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int);
+WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32);
+WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*);
+WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*);
+WOLFSSL_API void wc_Sha384Free(wc_Sha384*);
+
+WOLFSSL_API int wc_Sha384GetHash(wc_Sha384*, byte*);
+WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst);
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+ WOLFSSL_API int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags);
+ WOLFSSL_API int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags);
+#endif
+
+#endif /* WOLFSSL_SHA384 */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* WOLF_CRYPT_SHA512_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/signature.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/signature.h
new file mode 100644
index 0000000..d7c4188
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/signature.h
@@ -0,0 +1,87 @@
+/* signature.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/signature.h
+*/
+
+
+#ifndef WOLF_CRYPT_SIGNATURE_H
+#define WOLF_CRYPT_SIGNATURE_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+enum wc_SignatureType {
+ WC_SIGNATURE_TYPE_NONE = 0,
+ WC_SIGNATURE_TYPE_ECC = 1,
+ WC_SIGNATURE_TYPE_RSA = 2,
+ WC_SIGNATURE_TYPE_RSA_W_ENC = 3, /* Adds DER header via wc_EncodeSignature */
+};
+
+WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type,
+ const void* key, word32 key_len);
+
+WOLFSSL_API int wc_SignatureVerifyHash(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* hash_data, word32 hash_len,
+ const byte* sig, word32 sig_len,
+ const void* key, word32 key_len);
+
+WOLFSSL_API int wc_SignatureVerify(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* data, word32 data_len,
+ const byte* sig, word32 sig_len,
+ const void* key, word32 key_len);
+
+WOLFSSL_API int wc_SignatureGenerateHash(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* hash_data, word32 hash_len,
+ byte* sig, word32 *sig_len,
+ const void* key, word32 key_len, WC_RNG* rng);
+WOLFSSL_API int wc_SignatureGenerateHash_ex(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* hash_data, word32 hash_len,
+ byte* sig, word32 *sig_len,
+ const void* key, word32 key_len, WC_RNG* rng, int verify);
+WOLFSSL_API int wc_SignatureGenerate(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* data, word32 data_len,
+ byte* sig, word32 *sig_len,
+ const void* key, word32 key_len,
+ WC_RNG* rng);
+WOLFSSL_API int wc_SignatureGenerate_ex(
+ enum wc_HashType hash_type, enum wc_SignatureType sig_type,
+ const byte* data, word32 data_len,
+ byte* sig, word32 *sig_len,
+ const void* key, word32 key_len,
+ WC_RNG* rng, int verify);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_SIGNATURE_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/srp.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/srp.h
new file mode 100644
index 0000000..fcf1f4a
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/srp.h
@@ -0,0 +1,311 @@
+/* srp.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/srp.h
+*/
+
+#ifdef WOLFCRYPT_HAVE_SRP
+
+#ifndef WOLFCRYPT_SRP_H
+#define WOLFCRYPT_SRP_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/integer.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Select the largest available hash for the buffer size. */
+#if defined(WOLFSSL_SHA512)
+ #define SRP_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
+#elif defined(WOLFSSL_SHA384)
+ #define SRP_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
+#elif !defined(NO_SHA256)
+ #define SRP_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
+#elif !defined(NO_SHA)
+ #define SRP_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE
+#else
+ #error "You have to have some kind of SHA hash if you want to use SRP."
+#endif
+
+/* Set the minimum number of bits acceptable in an SRP modulus */
+#define SRP_MODULUS_MIN_BITS 512
+
+/* Set the minimum number of bits acceptable for private keys (RFC 5054) */
+#define SRP_PRIVATE_KEY_MIN_BITS 256
+
+/* salt size for SRP password */
+#define SRP_SALT_SIZE 16
+
+/**
+ * SRP side, client or server.
+ */
+typedef enum {
+ SRP_CLIENT_SIDE = 0,
+ SRP_SERVER_SIDE = 1,
+} SrpSide;
+
+/**
+ * SRP hash type, SHA[1|256|384|512].
+ */
+typedef enum {
+ SRP_TYPE_SHA = 1,
+ SRP_TYPE_SHA256 = 2,
+ SRP_TYPE_SHA384 = 3,
+ SRP_TYPE_SHA512 = 4,
+} SrpType;
+
+
+/**
+ * SRP hash struct.
+ */
+typedef struct {
+ byte type;
+ union {
+ #ifndef NO_SHA
+ wc_Sha sha;
+ #endif
+ #ifndef NO_SHA256
+ wc_Sha256 sha256;
+ #endif
+ #ifdef WOLFSSL_SHA384
+ wc_Sha384 sha384;
+ #endif
+ #ifdef WOLFSSL_SHA512
+ wc_Sha512 sha512;
+ #endif
+ } data;
+} SrpHash;
+
+typedef struct Srp {
+ SrpSide side; /**< Client or Server, @see SrpSide. */
+ SrpType type; /**< Hash type, @see SrpType. */
+ byte* user; /**< Username, login. */
+ word32 userSz; /**< Username length. */
+ byte* salt; /**< Small salt. */
+ word32 saltSz; /**< Salt length. */
+ mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes.*/
+ mp_int g; /**< Generator. A generator modulo N. */
+ byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameter. k = H(N, g) */
+ mp_int auth; /**< Client: x = H(salt + H(user:pswd)) */
+ /**< Server: v = g ^ x % N */
+ mp_int priv; /**< Private ephemeral value. */
+ SrpHash client_proof; /**< Client proof. Sent to the Server. */
+ SrpHash server_proof; /**< Server proof. Sent to the Client. */
+ byte* key; /**< Session key. */
+ word32 keySz; /**< Session key length. */
+ int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size);
+ /**< Function responsible for generating the session key. */
+ /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the */
+ /**< key buffer for this structure and set keySz to the buffer size. */
+ /**< The default function used by this implementation is a modified */
+ /**< version of t_mgf1 that uses the proper hash function according */
+ /**< to srp->type. */
+ void* heap; /**< heap hint pointer */
+} Srp;
+
+/**
+ * Initializes the Srp struct for usage.
+ *
+ * @param[out] srp the Srp structure to be initialized.
+ * @param[in] type the hash type to be used.
+ * @param[in] side the side of the communication.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
+
+/**
+ * Releases the Srp struct resources after usage.
+ *
+ * @param[in,out] srp the Srp structure to be terminated.
+ */
+WOLFSSL_API void wc_SrpTerm(Srp* srp);
+
+/**
+ * Sets the username.
+ *
+ * This function MUST be called after wc_SrpInit.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] username the buffer containing the username.
+ * @param[in] size the username size in bytes
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);
+
+
+/**
+ * Sets the srp parameters based on the username.
+ *
+ * This function MUST be called after wc_SrpSetUsername.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] N the Modulus. N = 2q+1, [q, N] are primes.
+ * @param[in] nSz the N size in bytes.
+ * @param[in] g the Generator modulo N.
+ * @param[in] gSz the g size in bytes
+ * @param[in] salt a small random salt. Specific for each username.
+ * @param[in] saltSz the salt size in bytes
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
+ const byte* g, word32 gSz,
+ const byte* salt, word32 saltSz);
+
+/**
+ * Sets the password.
+ *
+ * Setting the password does not persists the clear password data in the
+ * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores
+ * it in the auth field.
+ *
+ * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] password the buffer containing the password.
+ * @param[in] size the password size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
+
+/**
+ * Sets the verifier.
+ *
+ * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] verifier the buffer containing the verifier.
+ * @param[in] size the verifier size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
+
+/**
+ * Gets the verifier.
+ *
+ * The client calculates the verifier with v = g ^ x % N.
+ * This function MAY be called after wc_SrpSetPassword and is CLIENT SIDE ONLY.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[out] verifier the buffer to write the verifier.
+ * @param[in,out] size the buffer size in bytes. Will be updated with the
+ * verifier size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
+
+/**
+ * Sets the private ephemeral value.
+ *
+ * The private ephemeral value is known as:
+ * a at the client side. a = random()
+ * b at the server side. b = random()
+ * This function is handy for unit test cases or if the developer wants to use
+ * an external random source to set the ephemeral value.
+ * This function MAY be called before wc_SrpGetPublic.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] priv the ephemeral value.
+ * @param[in] size the private size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size);
+
+/**
+ * Gets the public ephemeral value.
+ *
+ * The public ephemeral value is known as:
+ * A at the client side. A = g ^ a % N
+ * B at the server side. B = (k * v + (g ^ b % N)) % N
+ * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[out] pub the buffer to write the public ephemeral value.
+ * @param[in,out] size the the buffer size in bytes. Will be updated with
+ * the ephemeral value size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size);
+
+
+/**
+ * Computes the session key.
+ *
+ * The key can be accessed at srp->key after success.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] clientPubKey the client's public ephemeral value.
+ * @param[in] clientPubKeySz the client's public ephemeral value size.
+ * @param[in] serverPubKey the server's public ephemeral value.
+ * @param[in] serverPubKeySz the server's public ephemeral value size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
+ byte* clientPubKey, word32 clientPubKeySz,
+ byte* serverPubKey, word32 serverPubKeySz);
+
+/**
+ * Gets the proof.
+ *
+ * This function MUST be called after wc_SrpComputeKey.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[out] proof the buffer to write the proof.
+ * @param[in,out] size the buffer size in bytes. Will be updated with the
+ * proof size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
+
+/**
+ * Verifies the peers proof.
+ *
+ * This function MUST be called before wc_SrpGetSessionKey.
+ *
+ * @param[in,out] srp the Srp structure.
+ * @param[in] proof the peers proof.
+ * @param[in] size the proof size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFCRYPT_SRP_H */
+#endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/tfm.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/tfm.h
new file mode 100644
index 0000000..cc96e3b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/tfm.h
@@ -0,0 +1,859 @@
+/* tfm.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/*
+ * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
+ * http://math.libtomcrypt.com
+ */
+
+
+/**
+ * Edited by Moises Guimaraes (moises.guimaraes@phoebus.com.br)
+ * to fit CyaSSL's needs.
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/tfm.h
+*/
+
+#ifndef WOLF_CRYPT_TFM_H
+#define WOLF_CRYPT_TFM_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#ifndef CHAR_BIT
+ #include <limits.h>
+#endif
+
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef WOLFSSL_NO_ASM
+ #undef TFM_NO_ASM
+ #define TFM_NO_ASM
+#endif
+
+#ifdef NO_64BIT
+ #undef NO_TFM_64BIT
+ #define NO_TFM_64BIT
+#endif
+
+#ifndef NO_TFM_64BIT
+/* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */
+#if defined(__x86_64__)
+ #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM)
+ #error x86-64 detected, x86-32/SSE2/ARM optimizations are not valid!
+ #endif
+ #if !defined(TFM_X86_64) && !defined(TFM_NO_ASM)
+ #define TFM_X86_64
+ #endif
+#endif
+#if defined(__aarch64__) && defined(__APPLE__)
+ #if !defined(TFM_AARCH_64) && !defined(TFM_NO_ASM)
+ #define TFM_AARCH_64
+ #endif
+#endif
+#if defined(TFM_X86_64) || defined(TFM_AARCH_64)
+ #if !defined(FP_64BIT)
+ #define FP_64BIT
+ #endif
+#endif
+/* use 64-bit digit even if not using asm on x86_64 */
+#if defined(__x86_64__) && !defined(FP_64BIT)
+ #define FP_64BIT
+#endif
+/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
+#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
+ #undef FP_64BIT
+ #undef TFM_X86_64
+#endif
+#endif /* NO_TFM_64BIT */
+
+/* try to detect x86-32 */
+#if defined(__i386__) && !defined(TFM_SSE2)
+ #if defined(TFM_X86_64) || defined(TFM_ARM)
+ #error x86-32 detected, x86-64/ARM optimizations are not valid!
+ #endif
+ #if !defined(TFM_X86) && !defined(TFM_NO_ASM)
+ #define TFM_X86
+ #endif
+#endif
+
+/* make sure we're 32-bit for x86-32/sse/arm/ppc32 */
+#if (defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) || defined(TFM_PPC32)) && defined(FP_64BIT)
+ #warning x86-32, SSE2 and ARM, PPC32 optimizations require 32-bit digits (undefining)
+ #undef FP_64BIT
+#endif
+
+/* multi asms? */
+#ifdef TFM_X86
+ #define TFM_ASM
+#endif
+#ifdef TFM_X86_64
+ #ifdef TFM_ASM
+ #error TFM_ASM already defined!
+ #endif
+ #define TFM_ASM
+#endif
+#ifdef TFM_SSE2
+ #ifdef TFM_ASM
+ #error TFM_ASM already defined!
+ #endif
+ #define TFM_ASM
+#endif
+#ifdef TFM_ARM
+ #ifdef TFM_ASM
+ #error TFM_ASM already defined!
+ #endif
+ #define TFM_ASM
+#endif
+#ifdef TFM_PPC32
+ #ifdef TFM_ASM
+ #error TFM_ASM already defined!
+ #endif
+ #define TFM_ASM
+#endif
+#ifdef TFM_PPC64
+ #ifdef TFM_ASM
+ #error TFM_ASM already defined!
+ #endif
+ #define TFM_ASM
+#endif
+#ifdef TFM_AVR32
+ #ifdef TFM_ASM
+ #error TFM_ASM already defined!
+ #endif
+ #define TFM_ASM
+#endif
+
+/* we want no asm? */
+#ifdef TFM_NO_ASM
+ #undef TFM_X86
+ #undef TFM_X86_64
+ #undef TFM_SSE2
+ #undef TFM_ARM
+ #undef TFM_PPC32
+ #undef TFM_PPC64
+ #undef TFM_AVR32
+ #undef TFM_ASM
+#endif
+
+/* ECC helpers */
+#ifdef TFM_ECC192
+ #ifdef FP_64BIT
+ #define TFM_MUL3
+ #define TFM_SQR3
+ #else
+ #define TFM_MUL6
+ #define TFM_SQR6
+ #endif
+#endif
+
+#ifdef TFM_ECC224
+ #ifdef FP_64BIT
+ #define TFM_MUL4
+ #define TFM_SQR4
+ #else
+ #define TFM_MUL7
+ #define TFM_SQR7
+ #endif
+#endif
+
+#ifdef TFM_ECC256
+ #ifdef FP_64BIT
+ #define TFM_MUL4
+ #define TFM_SQR4
+ #else
+ #define TFM_MUL8
+ #define TFM_SQR8
+ #endif
+#endif
+
+#ifdef TFM_ECC384
+ #ifdef FP_64BIT
+ #define TFM_MUL6
+ #define TFM_SQR6
+ #else
+ #define TFM_MUL12
+ #define TFM_SQR12
+ #endif
+#endif
+
+#ifdef TFM_ECC521
+ #ifdef FP_64BIT
+ #define TFM_MUL9
+ #define TFM_SQR9
+ #else
+ #define TFM_MUL17
+ #define TFM_SQR17
+ #endif
+#endif
+
+
+/* allow user to define on fp_digit, fp_word types */
+#ifndef WOLFSSL_BIGINT_TYPES
+
+/* some default configurations.
+ */
+#if defined(WC_16BIT_CPU)
+ typedef unsigned int fp_digit;
+ #define SIZEOF_FP_DIGIT 2
+ typedef unsigned long fp_word;
+#elif defined(FP_64BIT)
+ /* for GCC only on supported platforms */
+ typedef unsigned long long fp_digit; /* 64bit, 128 uses mode(TI) below */
+ #define SIZEOF_FP_DIGIT 8
+ typedef unsigned long fp_word __attribute__ ((mode(TI)));
+#else
+
+ #ifndef NO_TFM_64BIT
+ #if defined(_MSC_VER) || defined(__BORLANDC__)
+ typedef unsigned __int64 ulong64;
+ #else
+ typedef unsigned long long ulong64;
+ #endif
+ typedef unsigned int fp_digit;
+ #define SIZEOF_FP_DIGIT 4
+ typedef ulong64 fp_word;
+ #define FP_32BIT
+ #else
+ /* some procs like coldfire prefer not to place multiply into 64bit type
+ even though it exists */
+ typedef unsigned short fp_digit;
+ #define SIZEOF_FP_DIGIT 2
+ typedef unsigned int fp_word;
+ #endif
+#endif
+
+#endif /* WOLFSSL_BIGINT_TYPES */
+
+
+/* # of digits this is */
+#define DIGIT_BIT ((CHAR_BIT) * SIZEOF_FP_DIGIT)
+
+/* Max size of any number in bits. Basically the largest size you will be
+ * multiplying should be half [or smaller] of FP_MAX_SIZE-four_digit
+ *
+ * It defaults to 4096-bits [allowing multiplications up to 2048x2048 bits ]
+ */
+
+
+#ifndef FP_MAX_BITS
+ #define FP_MAX_BITS 4096
+#endif
+#ifdef WOLFSSL_OPENSSH
+ /* OpenSSH uses some BIG primes so we need to accommodate for that */
+ #undef FP_MAX_BITS
+ #define FP_MAX_BITS 16384
+#endif
+#define FP_MAX_SIZE (FP_MAX_BITS+(8*DIGIT_BIT))
+
+/* will this lib work? */
+#if (CHAR_BIT & 7)
+ #error CHAR_BIT must be a multiple of eight.
+#endif
+#if FP_MAX_BITS % CHAR_BIT
+ #error FP_MAX_BITS must be a multiple of CHAR_BIT
+#endif
+
+#define FP_MASK (fp_digit)(-1)
+#define FP_DIGIT_MAX FP_MASK
+#define FP_SIZE (FP_MAX_SIZE/DIGIT_BIT)
+
+#define FP_MAX_PRIME_SIZE (FP_MAX_BITS/(2*CHAR_BIT))
+/* In terms of FP_MAX_BITS, it is double the size possible for a number
+ * to allow for multiplication, divide that 2 out. Also divide by CHAR_BIT
+ * to convert from bits to bytes. (Note, FP_PRIME_SIZE is the number of
+ * values in the canned prime number list.) */
+
+/* signs */
+#define FP_ZPOS 0
+#define FP_NEG 1
+
+/* return codes */
+#define FP_OKAY 0
+#define FP_VAL -1
+#define FP_MEM -2
+#define FP_NOT_INF -3
+#define FP_WOULDBLOCK -4
+
+/* equalities */
+#define FP_LT -1 /* less than */
+#define FP_EQ 0 /* equal to */
+#define FP_GT 1 /* greater than */
+
+/* replies */
+#define FP_YES 1 /* yes response */
+#define FP_NO 0 /* no response */
+
+#ifdef HAVE_WOLF_BIGINT
+ /* raw big integer */
+ typedef struct WC_BIGINT {
+ byte* buf;
+ word32 len;
+ void* heap;
+ } WC_BIGINT;
+ #define WOLF_BIGINT_DEFINED
+#endif
+
+/* a FP type */
+typedef struct fp_int {
+ int used;
+ int sign;
+#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
+ int size;
+#endif
+ fp_digit dp[FP_SIZE];
+
+#ifdef HAVE_WOLF_BIGINT
+ struct WC_BIGINT raw; /* unsigned binary (big endian) */
+#endif
+} fp_int;
+
+/* Types */
+typedef fp_digit mp_digit;
+typedef fp_word mp_word;
+typedef fp_int mp_int;
+
+
+/* wolf big int and common functions */
+#include <wolfssl/wolfcrypt/wolfmath.h>
+
+
+/* externally define this symbol to ignore the default settings, useful for changing the build from the make process */
+#ifndef TFM_ALREADY_SET
+
+/* do we want the large set of small multiplications ?
+ Enable these if you are going to be doing a lot of small (<= 16 digit) multiplications say in ECC
+ Or if you're on a 64-bit machine doing RSA as a 1024-bit integer == 16 digits ;-)
+ */
+/* need to refactor the function */
+/*#define TFM_SMALL_SET */
+
+/* do we want huge code
+ Enable these if you are doing 20, 24, 28, 32, 48, 64 digit multiplications (useful for RSA)
+ Less important on 64-bit machines as 32 digits == 2048 bits
+ */
+#if 0
+#define TFM_MUL3
+#define TFM_MUL4
+#define TFM_MUL6
+#define TFM_MUL7
+#define TFM_MUL8
+#define TFM_MUL9
+#define TFM_MUL12
+#define TFM_MUL17
+#endif
+#ifdef TFM_HUGE_SET
+#define TFM_MUL20
+#define TFM_MUL24
+#define TFM_MUL28
+#define TFM_MUL32
+#if (FP_MAX_BITS >= 6144) && defined(FP_64BIT)
+ #define TFM_MUL48
+#endif
+#if (FP_MAX_BITS >= 8192) && defined(FP_64BIT)
+ #define TFM_MUL64
+#endif
+#endif
+
+#if 0
+#define TFM_SQR3
+#define TFM_SQR4
+#define TFM_SQR6
+#define TFM_SQR7
+#define TFM_SQR8
+#define TFM_SQR9
+#define TFM_SQR12
+#define TFM_SQR17
+#endif
+#ifdef TFM_HUGE_SET
+#define TFM_SQR20
+#define TFM_SQR24
+#define TFM_SQR28
+#define TFM_SQR32
+#define TFM_SQR48
+#define TFM_SQR64
+#endif
+
+/* Optional math checks (enable WOLFSSL_DEBUG_MATH to print info) */
+/* #define TFM_CHECK */
+
+/* Is the target a P4 Prescott
+ */
+/* #define TFM_PRESCOTT */
+
+/* Do we want timing resistant fp_exptmod() ?
+ * This makes it slower but also timing invariant with respect to the exponent
+ */
+/* #define TFM_TIMING_RESISTANT */
+
+#endif /* TFM_ALREADY_SET */
+
+/* functions */
+
+/* returns a TFM ident string useful for debugging... */
+/*const char *fp_ident(void);*/
+
+/* initialize [or zero] an fp int */
+void fp_init(fp_int *a);
+MP_API void fp_zero(fp_int *a);
+MP_API void fp_clear(fp_int *a); /* uses ForceZero to clear sensitive memory */
+MP_API void fp_forcezero (fp_int * a);
+MP_API void fp_free(fp_int* a);
+
+/* zero/one/even/odd/neg/word ? */
+#define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO)
+#define fp_isone(a) \
+ ((((a)->used == 1) && ((a)->dp[0] == 1) && ((a)->sign == FP_ZPOS)) \
+ ? FP_YES : FP_NO)
+#define fp_iseven(a) \
+ (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
+#define fp_isodd(a) \
+ (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
+#define fp_isneg(a) (((a)->sign != FP_ZPOS) ? FP_YES : FP_NO)
+#define fp_isword(a, w) \
+ (((((a)->used == 1) && ((a)->dp[0] == w)) || \
+ ((w == 0) && ((a)->used == 0))) ? FP_YES : FP_NO)
+
+/* set to a small digit */
+void fp_set(fp_int *a, fp_digit b);
+int fp_set_int(fp_int *a, unsigned long b);
+
+/* check if a bit is set */
+int fp_is_bit_set(fp_int *a, fp_digit b);
+/* set the b bit to 1 */
+int fp_set_bit (fp_int * a, fp_digit b);
+
+/* copy from a to b */
+void fp_copy(const fp_int *a, fp_int *b);
+void fp_init_copy(fp_int *a, fp_int *b);
+
+/* clamp digits */
+#define fp_clamp(a) { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : FP_ZPOS; }
+#define mp_clamp(a) fp_clamp(a)
+#define mp_grow(a,s) MP_OKAY
+
+/* negate and absolute */
+#define fp_neg(a, b) { fp_copy(a, b); (b)->sign ^= 1; fp_clamp(b); }
+#define fp_abs(a, b) { fp_copy(a, b); (b)->sign = 0; }
+
+/* right shift x digits */
+void fp_rshd(fp_int *a, int x);
+
+/* right shift x bits */
+void fp_rshb(fp_int *a, int x);
+
+/* left shift x digits */
+int fp_lshd(fp_int *a, int x);
+
+/* signed comparison */
+int fp_cmp(fp_int *a, fp_int *b);
+
+/* unsigned comparison */
+int fp_cmp_mag(fp_int *a, fp_int *b);
+
+/* power of 2 operations */
+void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);
+void fp_mod_2d(fp_int *a, int b, fp_int *c);
+int fp_mul_2d(fp_int *a, int b, fp_int *c);
+void fp_2expt (fp_int *a, int b);
+int fp_mul_2(fp_int *a, fp_int *c);
+void fp_div_2(fp_int *a, fp_int *c);
+/* c = a / 2 (mod b) - constant time (a < b and positive) */
+int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c);
+
+
+/* Counts the number of lsbs which are zero before the first zero bit */
+int fp_cnt_lsb(fp_int *a);
+
+/* c = a + b */
+int fp_add(fp_int *a, fp_int *b, fp_int *c);
+
+/* c = a - b */
+int fp_sub(fp_int *a, fp_int *b, fp_int *c);
+
+/* c = a * b */
+int fp_mul(fp_int *a, fp_int *b, fp_int *c);
+
+/* b = a*a */
+int fp_sqr(fp_int *a, fp_int *b);
+
+/* a/b => cb + d == a */
+int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+/* c = a mod b, 0 <= c < b */
+int fp_mod(fp_int *a, fp_int *b, fp_int *c);
+
+/* compare against a single digit */
+int fp_cmp_d(fp_int *a, fp_digit b);
+
+/* c = a + b */
+int fp_add_d(fp_int *a, fp_digit b, fp_int *c);
+
+/* c = a - b */
+int fp_sub_d(fp_int *a, fp_digit b, fp_int *c);
+
+/* c = a * b */
+int fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
+
+/* a/b => cb + d == a */
+/*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/
+
+/* c = a mod b, 0 <= c < b */
+/*int fp_mod_d(fp_int *a, fp_digit b, fp_digit *c);*/
+
+/* ---> number theory <--- */
+/* d = a + b (mod c) */
+/*int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);*/
+
+/* d = a - b (mod c) */
+/*int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);*/
+
+/* d = a * b (mod c) */
+int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+/* d = a - b (mod c) */
+int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+/* d = a + b (mod c) */
+int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+/* d = a - b (mod c) - constant time (a < c and b < c) */
+int fp_submod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+/* d = a + b (mod c) - constant time (a < c and b < c) */
+int fp_addmod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+/* c = a * a (mod b) */
+int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c);
+
+/* c = 1/a (mod b) */
+int fp_invmod(fp_int *a, fp_int *b, fp_int *c);
+int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp);
+
+/* c = (a, b) */
+/*int fp_gcd(fp_int *a, fp_int *b, fp_int *c);*/
+
+/* c = [a, b] */
+/*int fp_lcm(fp_int *a, fp_int *b, fp_int *c);*/
+
+/* setups the montgomery reduction */
+int fp_montgomery_setup(fp_int *a, fp_digit *mp);
+
+/* computes a = B**n mod b without division or multiplication useful for
+ * normalizing numbers in a Montgomery system.
+ */
+int fp_montgomery_calc_normalization(fp_int *a, fp_int *b);
+
+/* computes x/R == x (mod N) via Montgomery Reduction */
+int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
+int fp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct);
+
+/* d = a**b (mod c) */
+int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+int fp_exptmod_ex(fp_int *a, fp_int *b, int minDigits, fp_int *c, fp_int *d);
+int fp_exptmod_nct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
+
+#ifdef WC_RSA_NONBLOCK
+
+enum tfmExptModNbState {
+ TFM_EXPTMOD_NB_INIT = 0,
+ TFM_EXPTMOD_NB_MONT,
+ TFM_EXPTMOD_NB_MONT_RED,
+ TFM_EXPTMOD_NB_MONT_MUL,
+ TFM_EXPTMOD_NB_MONT_MOD,
+ TFM_EXPTMOD_NB_MONT_MODCHK,
+ TFM_EXPTMOD_NB_NEXT,
+ TFM_EXPTMOD_NB_MUL,
+ TFM_EXPTMOD_NB_MUL_RED,
+ TFM_EXPTMOD_NB_SQR,
+ TFM_EXPTMOD_NB_SQR_RED,
+ TFM_EXPTMOD_NB_RED,
+ TFM_EXPTMOD_NB_COUNT /* last item for total state count only */
+};
+
+typedef struct {
+#ifndef WC_NO_CACHE_RESISTANT
+ fp_int R[3];
+#else
+ fp_int R[2];
+#endif
+ fp_digit buf;
+ fp_digit mp;
+ int bitcnt;
+ int digidx;
+ int y;
+ int state; /* tfmExptModNbState */
+#ifdef WC_RSA_NONBLOCK_TIME
+ word32 maxBlockInst; /* maximum instructions to block */
+ word32 totalInst; /* tracks total instructions */
+#endif
+} exptModNb_t;
+
+#ifdef WC_RSA_NONBLOCK_TIME
+enum {
+ TFM_EXPTMOD_NB_STOP = 0, /* stop and return FP_WOULDBLOCK */
+ TFM_EXPTMOD_NB_CONTINUE = 1, /* keep blocking */
+};
+#endif
+
+/* non-blocking version of timing resistant fp_exptmod function */
+/* supports cache resistance */
+int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y);
+
+#endif /* WC_RSA_NONBLOCK */
+
+/* primality stuff */
+
+/* perform a Miller-Rabin test of a to the base b and store result in "result" */
+/*void fp_prime_miller_rabin (fp_int * a, fp_int * b, int *result);*/
+
+#define FP_PRIME_SIZE 256
+/* 256 trial divisions + 8 Miller-Rabins, returns FP_YES if probable prime */
+/*int fp_isprime(fp_int *a);*/
+/* extended version of fp_isprime, do 't' Miller-Rabins instead of only 8 */
+/*int fp_isprime_ex(fp_int *a, int t, int* result);*/
+
+/* Primality generation flags */
+/*#define TFM_PRIME_BBS 0x0001 */ /* BBS style prime */
+/*#define TFM_PRIME_SAFE 0x0002 */ /* Safe prime (p-1)/2 == prime */
+/*#define TFM_PRIME_2MSB_OFF 0x0004 */ /* force 2nd MSB to 0 */
+/*#define TFM_PRIME_2MSB_ON 0x0008 */ /* force 2nd MSB to 1 */
+
+/* callback for fp_prime_random, should fill dst with random bytes and return how many read [up to len] */
+/*typedef int tfm_prime_callback(unsigned char *dst, int len, void *dat);*/
+
+/*#define fp_prime_random(a, t, size, bbs, cb, dat) fp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?TFM_PRIME_BBS:0, cb, dat)*/
+
+/*int fp_prime_random_ex(fp_int *a, int t, int size, int flags, tfm_prime_callback cb, void *dat);*/
+
+/* radix conversions */
+int fp_count_bits(const fp_int *a);
+int fp_leading_bit(fp_int *a);
+
+int fp_unsigned_bin_size(const fp_int *a);
+int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c);
+int fp_to_unsigned_bin(fp_int *a, unsigned char *b);
+int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c);
+int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b);
+
+/*int fp_read_radix(fp_int *a, char *str, int radix);*/
+/*int fp_toradix(fp_int *a, char *str, int radix);*/
+/*int fp_toradix_n(fp_int * a, char *str, int radix, int maxlen);*/
+
+
+/* VARIOUS LOW LEVEL STUFFS */
+int s_fp_add(fp_int *a, fp_int *b, fp_int *c);
+void s_fp_sub(fp_int *a, fp_int *b, fp_int *c);
+void fp_reverse(unsigned char *s, int len);
+
+int fp_mul_comba(fp_int *a, fp_int *b, fp_int *c);
+
+int fp_mul_comba_small(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba3(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba4(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba6(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba7(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba8(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba9(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba12(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba17(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba20(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba24(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba28(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba32(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba48(fp_int *a, fp_int *b, fp_int *c);
+int fp_mul_comba64(fp_int *a, fp_int *b, fp_int *c);
+int fp_sqr_comba(fp_int *a, fp_int *b);
+int fp_sqr_comba_small(fp_int *a, fp_int *b);
+int fp_sqr_comba3(fp_int *a, fp_int *b);
+int fp_sqr_comba4(fp_int *a, fp_int *b);
+int fp_sqr_comba6(fp_int *a, fp_int *b);
+int fp_sqr_comba7(fp_int *a, fp_int *b);
+int fp_sqr_comba8(fp_int *a, fp_int *b);
+int fp_sqr_comba9(fp_int *a, fp_int *b);
+int fp_sqr_comba12(fp_int *a, fp_int *b);
+int fp_sqr_comba17(fp_int *a, fp_int *b);
+int fp_sqr_comba20(fp_int *a, fp_int *b);
+int fp_sqr_comba24(fp_int *a, fp_int *b);
+int fp_sqr_comba28(fp_int *a, fp_int *b);
+int fp_sqr_comba32(fp_int *a, fp_int *b);
+int fp_sqr_comba48(fp_int *a, fp_int *b);
+int fp_sqr_comba64(fp_int *a, fp_int *b);
+
+
+/**
+ * Used by wolfSSL
+ */
+
+/* Constants */
+#define MP_LT FP_LT /* less than */
+#define MP_EQ FP_EQ /* equal to */
+#define MP_GT FP_GT /* greater than */
+#define MP_VAL FP_VAL /* invalid */
+#define MP_MEM FP_MEM /* memory error */
+#define MP_NOT_INF FP_NOT_INF /* point not at infinity */
+#define MP_OKAY FP_OKAY /* ok result */
+#define MP_NO FP_NO /* yes/no result */
+#define MP_YES FP_YES /* yes/no result */
+#define MP_ZPOS FP_ZPOS
+#define MP_NEG FP_NEG
+#define MP_MASK FP_MASK
+
+/* Prototypes */
+#define mp_zero(a) fp_zero(a)
+#define mp_isone(a) fp_isone(a)
+#define mp_iseven(a) fp_iseven(a)
+#define mp_isneg(a) fp_isneg(a)
+#define mp_isword(a, w) fp_isword(a, w)
+
+#define MP_RADIX_BIN 2
+#define MP_RADIX_OCT 8
+#define MP_RADIX_DEC 10
+#define MP_RADIX_HEX 16
+#define MP_RADIX_MAX 64
+
+#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN)
+#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT)
+#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC)
+#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
+
+MP_API int mp_init (mp_int * a);
+MP_API int mp_init_copy(fp_int * a, fp_int * b);
+MP_API void mp_clear (mp_int * a);
+MP_API void mp_free (mp_int * a);
+MP_API void mp_forcezero (mp_int * a);
+MP_API int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
+ mp_int* f);
+
+MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_sub (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_add_d (mp_int * a, mp_digit b, mp_int * c);
+
+MP_API int mp_mul (mp_int * a, mp_int * b, mp_int * c);
+MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
+MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
+MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
+MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c);
+MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
+MP_API int mp_invmod_mont_ct(mp_int *a, mp_int *b, mp_int *c, fp_digit mp);
+MP_API int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y);
+MP_API int mp_exptmod_ex (mp_int * g, mp_int * x, int minDigits, mp_int * p,
+ mp_int * y);
+MP_API int mp_exptmod_nct (mp_int * g, mp_int * x, mp_int * p, mp_int * y);
+MP_API int mp_mul_2d(mp_int *a, int b, mp_int *c);
+MP_API int mp_2expt(mp_int* a, int b);
+
+MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
+
+MP_API int mp_cmp(mp_int *a, mp_int *b);
+MP_API int mp_cmp_d(mp_int *a, mp_digit b);
+
+MP_API int mp_unsigned_bin_size(const mp_int * a);
+MP_API int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
+MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b);
+MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
+MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c);
+
+MP_API int mp_sub_d(fp_int *a, fp_digit b, fp_int *c);
+MP_API int mp_copy(const fp_int* a, fp_int* b);
+MP_API int mp_isodd(mp_int* a);
+MP_API int mp_iszero(mp_int* a);
+MP_API int mp_count_bits(const mp_int *a);
+MP_API int mp_leading_bit(mp_int *a);
+MP_API int mp_set_int(mp_int *a, unsigned long b);
+MP_API int mp_is_bit_set (mp_int * a, mp_digit b);
+MP_API int mp_set_bit (mp_int * a, mp_digit b);
+MP_API void mp_rshb(mp_int *a, int x);
+MP_API void mp_rshd(mp_int *a, int x);
+MP_API int mp_toradix (mp_int *a, char *str, int radix);
+MP_API int mp_radix_size (mp_int * a, int radix, int *size);
+
+#ifdef WOLFSSL_DEBUG_MATH
+ MP_API void mp_dump(const char* desc, mp_int* a, byte verbose);
+#else
+ #define mp_dump(desc, a, verbose)
+#endif
+
+#if !defined(NO_DSA) || defined(HAVE_ECC)
+ MP_API int mp_read_radix(mp_int* a, const char* str, int radix);
+#endif
+
+#ifdef HAVE_ECC
+ MP_API int mp_sqr(fp_int *a, fp_int *b);
+ MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
+ MP_API int mp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp,
+ int ct);
+ MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho);
+ MP_API int mp_div_2(fp_int * a, fp_int * b);
+ MP_API int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c);
+#endif
+
+#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \
+ defined(WOLFSSL_KEY_GEN)
+ MP_API int mp_set(fp_int *a, fp_digit b);
+#endif
+
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || \
+ !defined(NO_DSA) || !defined(NO_DH)
+ MP_API int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
+ MP_API int mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
+#endif
+
+#if !defined(NO_DH) || !defined(NO_DSA) || !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
+MP_API int mp_prime_is_prime(mp_int* a, int t, int* result);
+MP_API int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng);
+#endif /* !NO_DH || !NO_DSA || !NO_RSA || WOLFSSL_KEY_GEN */
+#ifdef WOLFSSL_KEY_GEN
+MP_API int mp_gcd(fp_int *a, fp_int *b, fp_int *c);
+MP_API int mp_lcm(fp_int *a, fp_int *b, fp_int *c);
+MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
+MP_API int mp_exch(mp_int *a, mp_int *b);
+#endif /* WOLFSSL_KEY_GEN */
+MP_API int mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m);
+
+MP_API int mp_cnt_lsb(fp_int *a);
+MP_API int mp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);
+MP_API int mp_mod_d(fp_int* a, fp_digit b, fp_digit* c);
+MP_API int mp_lshd (mp_int * a, int b);
+MP_API int mp_abs(mp_int* a, mp_int* b);
+
+WOLFSSL_API word32 CheckRunTimeFastMath(void);
+
+/* If user uses RSA, DH, DSA, or ECC math lib directly then fast math FP_SIZE
+ must match, return 1 if a match otherwise 0 */
+#define CheckFastMathSettings() (FP_SIZE == CheckRunTimeFastMath())
+
+
+#ifdef __cplusplus
+ }
+#endif
+
+#endif /* WOLF_CRYPT_TFM_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/types.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/types.h
new file mode 100644
index 0000000..54cfce6
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/types.h
@@ -0,0 +1,1103 @@
+/* types.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/types.h
+*/
+/*
+DESCRIPTION
+This library defines the primitive data types and abstraction macros to
+decouple library dependencies with standard string, memory and so on.
+
+*/
+#ifndef WOLF_CRYPT_TYPES_H
+#define WOLF_CRYPT_TYPES_H
+
+ #include <wolfssl/wolfcrypt/settings.h>
+ #include <wolfssl/wolfcrypt/wc_port.h>
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+
+
+ #define WOLFSSL_ABI
+ /* Tag for all the APIs that are a part of the fixed ABI. */
+
+ /*
+ * This struct is used multiple time by other structs and
+ * needs to be defined somwhere that all structs can import
+ * (with minimal depencencies).
+ */
+ #if defined(HAVE_EX_DATA) || defined(FORTRESS)
+ #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+ typedef void (*wolfSSL_ex_data_cleanup_routine_t)(void *data);
+ #endif
+ typedef struct WOLFSSL_CRYPTO_EX_DATA {
+ void* ex_data[MAX_EX_DATA];
+ #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+ wolfSSL_ex_data_cleanup_routine_t ex_data_cleanup_routines[MAX_EX_DATA];
+ #endif
+ } WOLFSSL_CRYPTO_EX_DATA;
+ #endif
+
+ #if defined(WORDS_BIGENDIAN)
+ #define BIG_ENDIAN_ORDER
+ #endif
+
+ #ifndef BIG_ENDIAN_ORDER
+ #define LITTLE_ENDIAN_ORDER
+ #endif
+
+ #ifndef WOLFSSL_TYPES
+ #ifndef byte
+ typedef unsigned char byte;
+ typedef signed char sword8;
+ typedef unsigned char word8;
+ #endif
+ #ifdef WC_16BIT_CPU
+ typedef int sword16;
+ typedef unsigned int word16;
+ typedef long sword32;
+ typedef unsigned long word32;
+ #else
+ typedef short sword16;
+ typedef unsigned short word16;
+ typedef int sword32;
+ typedef unsigned int word32;
+ #endif
+ typedef byte word24[3];
+ #endif
+
+
+ /* constant pointer to a constant char */
+ #ifdef WOLFSSL_NO_CONSTCHARCONST
+ typedef const char* wcchar;
+ #else
+ typedef const char* const wcchar;
+ #endif
+
+
+ /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */
+ #if defined(_MSC_VER) || defined(HAVE_LIMITS_H)
+ /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set,
+ * otherwise causes issues with CTC_SETTINGS */
+ #if !defined(SIZEOF_LONG_LONG) || !defined(SIZEOF_LONG)
+ #include <limits.h>
+ #if !defined(SIZEOF_LONG) && defined(ULONG_MAX) && \
+ (ULONG_MAX == 0xffffffffUL)
+ #define SIZEOF_LONG 4
+ #endif
+ #if !defined(SIZEOF_LONG_LONG) && defined(ULLONG_MAX) && \
+ (ULLONG_MAX == 0xffffffffffffffffULL)
+ #define SIZEOF_LONG_LONG 8
+ #endif
+ #endif
+ #elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
+ #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
+ #if (defined(__alpha__) || defined(__ia64__) || \
+ defined(_ARCH_PPC64) || defined(__mips64) || \
+ defined(__x86_64__) || defined(__s390x__ ) || \
+ ((defined(sun) || defined(__sun)) && \
+ (defined(LP64) || defined(_LP64))))
+ /* long should be 64bit */
+ #define SIZEOF_LONG 8
+ #elif defined(__i386__) || defined(__CORTEX_M3__)
+ /* long long should be 64bit */
+ #define SIZEOF_LONG_LONG 8
+ #endif
+ #endif
+ #endif
+
+ #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
+ #define WORD64_AVAILABLE
+ #define W64LIT(x) x##ui64
+ typedef __int64 sword64;
+ typedef unsigned __int64 word64;
+ #elif defined(__EMSCRIPTEN__)
+ #define WORD64_AVAILABLE
+ #define W64LIT(x) x##ull
+ typedef long long sword64;
+ typedef unsigned long long word64;
+ #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
+ #define WORD64_AVAILABLE
+ #define W64LIT(x) x##LL
+ typedef long sword64;
+ typedef unsigned long word64;
+ #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8
+ #define WORD64_AVAILABLE
+ #define W64LIT(x) x##LL
+ typedef long long sword64;
+ typedef unsigned long long word64;
+ #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8
+ #define WORD64_AVAILABLE
+ #define W64LIT(x) x##LL
+ typedef long long sword64;
+ typedef unsigned long long word64;
+ #endif
+
+#if defined(WORD64_AVAILABLE) && !defined(WC_16BIT_CPU)
+ /* These platforms have 64-bit CPU registers. */
+ #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
+ defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \
+ defined(__aarch64__) || defined(__sparc64__) || defined(__s390x__ ) || \
+ (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64)
+ #define WC_64BIT_CPU
+ #elif (defined(sun) || defined(__sun)) && \
+ (defined(LP64) || defined(_LP64))
+ /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits
+ * and int uses 32 bits. When using Solaris Studio sparc and __sparc are
+ * available for 32 bit detection but __sparc64__ could be missed. This
+ * uses LP64 for checking 64 bit CPU arch. */
+ #define WC_64BIT_CPU
+ #else
+ #define WC_32BIT_CPU
+ #endif
+
+ #if defined(NO_64BIT)
+ typedef word32 wolfssl_word;
+ #undef WORD64_AVAILABLE
+ #else
+ #ifdef WC_64BIT_CPU
+ typedef word64 wolfssl_word;
+ #else
+ typedef word32 wolfssl_word;
+ #ifdef WORD64_AVAILABLE
+ #define WOLFCRYPT_SLOW_WORD64
+ #endif
+ #endif
+ #endif
+
+#elif defined(WC_16BIT_CPU)
+ #undef WORD64_AVAILABLE
+ typedef word16 wolfssl_word;
+ #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
+ mp_digit, no 64 bit type so make mp_digit 16 bit */
+
+#else
+ #undef WORD64_AVAILABLE
+ typedef word32 wolfssl_word;
+ #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
+ mp_digit, no 64 bit type so make mp_digit 16 bit */
+#endif
+
+#ifdef WC_PTR_TYPE /* Allow user suppied type */
+ typedef WC_PTR_TYPE wc_ptr_t;
+#elif defined(HAVE_UINTPTR_T)
+ #include <stdint.h>
+ typedef uintptr_t wc_ptr_t;
+#else /* fallback to architecture size_t for pointer size */
+ #include <stddef.h> /* included for getting size_t type */
+ typedef size_t wc_ptr_t;
+#endif
+
+ enum {
+ WOLFSSL_WORD_SIZE = sizeof(wolfssl_word),
+ WOLFSSL_BIT_SIZE = 8,
+ WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE
+ };
+
+ #define WOLFSSL_MAX_16BIT 0xffffU
+
+ /* use inlining if compiler allows */
+ #ifndef WC_INLINE
+ #ifndef NO_INLINE
+ #ifdef _MSC_VER
+ #define WC_INLINE __inline
+ #elif defined(__GNUC__)
+ #ifdef WOLFSSL_VXWORKS
+ #define WC_INLINE __inline__
+ #else
+ #define WC_INLINE inline
+ #endif
+ #elif defined(__IAR_SYSTEMS_ICC__)
+ #define WC_INLINE inline
+ #elif defined(THREADX)
+ #define WC_INLINE _Inline
+ #elif defined(__ghc__)
+ #ifndef __cplusplus
+ #define WC_INLINE __inline
+ #else
+ #define WC_INLINE inline
+ #endif
+ #elif defined(__CCRX__)
+ #define WC_INLINE inline
+ #else
+ #define WC_INLINE
+ #endif
+ #else
+ #ifdef __GNUC__
+ #define WC_INLINE __attribute__((unused))
+ #else
+ #define WC_INLINE
+ #endif
+ #endif
+ #endif
+
+ #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
+ #define INLINE WC_INLINE
+ #endif
+
+
+ /* set up rotate style */
+ #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \
+ !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
+ #define INTEL_INTRINSICS
+ #define FAST_ROTATE
+ #elif defined(__MWERKS__) && TARGET_CPU_PPC
+ #define PPC_INTRINSICS
+ #define FAST_ROTATE
+ #elif defined(__CCRX__)
+ #define FAST_ROTATE
+ #elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
+ /* GCC does peephole optimizations which should result in using rotate
+ instructions */
+ #define FAST_ROTATE
+ #endif
+
+
+ /* set up thread local storage if available */
+ #ifdef HAVE_THREAD_LS
+ #if defined(_MSC_VER)
+ #define THREAD_LS_T __declspec(thread)
+ /* Thread local storage only in FreeRTOS v8.2.1 and higher */
+ #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \
+ defined(WOLFSSL_ZEPHYR)
+ #define THREAD_LS_T
+ #else
+ #define THREAD_LS_T __thread
+ #endif
+ #else
+ #define THREAD_LS_T
+ #endif
+
+ /* GCC 7 has new switch() fall-through detection */
+ /* default to FALL_THROUGH stub */
+ #ifndef FALL_THROUGH
+ #define FALL_THROUGH
+
+ #if defined(__GNUC__)
+ #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
+ #undef FALL_THROUGH
+ #if defined(WOLFSSL_LINUXKM) && defined(fallthrough)
+ #define FALL_THROUGH fallthrough
+ #else
+ #define FALL_THROUGH __attribute__ ((fallthrough));
+ #endif
+ #endif
+ #endif
+ #endif /* FALL_THROUGH */
+
+ /* Micrium will use Visual Studio for compilation but not the Win32 API */
+ #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
+ !defined(FREERTOS_TCP) && !defined(EBSNET) && \
+ !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
+ #define USE_WINDOWS_API
+ #endif
+
+ #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */
+
+ /* idea to add global alloc override by Moises Guimaraes */
+ /* default to libc stuff */
+ /* XREALLOC is used once in normal math lib, not in fast math lib */
+ /* XFREE on some embedded systems doesn't like free(0) so test */
+ #if defined(HAVE_IO_POOL)
+ WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
+ WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
+ WOLFSSL_API void XFREE(void *p, void* heap, int type);
+ #elif (defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA)) || \
+ defined(HAVE_INTEL_QA_SYNC)
+ #ifndef HAVE_INTEL_QA_SYNC
+ #include <wolfssl/wolfcrypt/port/intel/quickassist_mem.h>
+ #undef USE_WOLFSSL_MEMORY
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t), __func__, __LINE__)
+ #define XFREE(p, h, t) IntelQaFree((p), (h), (t), __func__, __LINE__)
+ #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__)
+ #else
+ #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t))
+ #define XFREE(p, h, t) IntelQaFree((p), (h), (t))
+ #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t))
+ #endif /* WOLFSSL_DEBUG_MEMORY */
+ #else
+ #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
+ #undef USE_WOLFSSL_MEMORY
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ #define XMALLOC(s, h, t) wc_CryptoCb_IntelQaMalloc((s), (h), (t), __func__, __LINE__)
+ #define XFREE(p, h, t) wc_CryptoCb_IntelQaFree((p), (h), (t), __func__, __LINE__)
+ #define XREALLOC(p, n, h, t) wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__)
+ #else
+ #define XMALLOC(s, h, t) wc_CryptoCb_IntelQaMalloc((s), (h), (t))
+ #define XFREE(p, h, t) wc_CryptoCb_IntelQaFree((p), (h), (t))
+ #define XREALLOC(p, n, h, t) wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t))
+ #endif /* WOLFSSL_DEBUG_MEMORY */
+ #endif
+ #elif defined(XMALLOC_USER)
+ /* prototypes for user heap override functions */
+ #include <stddef.h> /* for size_t */
+ extern void *XMALLOC(size_t n, void* heap, int type);
+ extern void *XREALLOC(void *p, size_t n, void* heap, int type);
+ extern void XFREE(void *p, void* heap, int type);
+ #elif defined(WOLFSSL_MEMORY_LOG)
+ #define XMALLOC(n, h, t) xmalloc(n, h, t, __func__, __FILE__, __LINE__)
+ #define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __func__, __FILE__, __LINE__)
+ #define XFREE(p, h, t) xfree(p, h, t, __func__, __FILE__, __LINE__)
+
+ /* prototypes for user heap override functions */
+ #include <stddef.h> /* for size_t */
+ #include <stdlib.h>
+ WOLFSSL_API void *xmalloc(size_t n, void* heap, int type,
+ const char* func, const char* file, unsigned int line);
+ WOLFSSL_API void *xrealloc(void *p, size_t n, void* heap, int type,
+ const char* func, const char* file, unsigned int line);
+ WOLFSSL_API void xfree(void *p, void* heap, int type, const char* func,
+ const char* file, unsigned int line);
+ #elif defined(XMALLOC_OVERRIDE)
+ /* override the XMALLOC, XFREE and XREALLOC macros */
+ #elif defined(WOLFSSL_TELIT_M2MB)
+ /* Telit M2MB SDK requires use m2mb_os API's, not std malloc/free */
+ /* Use of malloc/free will cause CPU reboot */
+ #define XMALLOC(s, h, t) ((void)h, (void)t, m2mb_os_malloc((s)))
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) m2mb_os_free((xp));}
+ #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n))
+
+ #elif defined(NO_WOLFSSL_MEMORY)
+ #ifdef WOLFSSL_NO_MALLOC
+ /* this platform does not support heap use */
+ #ifdef WOLFSSL_MALLOC_CHECK
+ #include <stdio.h>
+ static inline void* malloc_check(size_t sz) {
+ printf("wolfSSL_malloc failed");
+ return NULL;
+ };
+ #define XMALLOC(s, h, t) malloc_check((s))
+ #define XFREE(p, h, t)
+ #define XREALLOC(p, n, h, t) (NULL)
+ #else
+ #define XMALLOC(s, h, t) (NULL)
+ #define XFREE(p, h, t)
+ #define XREALLOC(p, n, h, t) (NULL)
+ #endif
+ #else
+ /* just use plain C stdlib stuff if desired */
+ #include <stdlib.h>
+ #define XMALLOC(s, h, t) malloc((size_t)(s))
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
+ #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n))
+ #endif
+
+ #elif defined(WOLFSSL_LINUXKM)
+ /* the requisite linux/slab.h is included in wc_port.h, with incompatible warnings masked out. */
+ #define XMALLOC(s, h, t) ({(void)(h); (void)(t); kmalloc(s, GFP_KERNEL);})
+ #define XFREE(p, h, t) ({void* _xp; (void)(h); _xp = (p); if(_xp) kfree(_xp);})
+ #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); krealloc((p), (n), GFP_KERNEL);})
+
+ #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
+ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
+ && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \
+ && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4)
+ /* default C runtime, can install different routines at runtime via cbs */
+ #include <wolfssl/wolfcrypt/memory.h>
+ #ifdef WOLFSSL_STATIC_MEMORY
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__)
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);}
+ #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
+ #else
+ #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
+ #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
+ #endif /* WOLFSSL_DEBUG_MEMORY */
+ #elif !defined(FREERTOS) && !defined(FREERTOS_TCP)
+ #ifdef WOLFSSL_DEBUG_MEMORY
+ #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
+ #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
+ #else
+ #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
+ #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
+ #endif /* WOLFSSL_DEBUG_MEMORY */
+ #endif /* WOLFSSL_STATIC_MEMORY */
+ #endif
+
+ /* declare/free variable handling for async and smallstack */
+ #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK)
+ #define DECLARE_VAR_IS_HEAP_ALLOC
+ #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
+ VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
+ #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+ VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
+ int idx##VAR_NAME, inner_idx_##VAR_NAME; \
+ for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
+ VAR_NAME[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+ if (VAR_NAME[idx##VAR_NAME] == NULL) { \
+ for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
+ XFREE(VAR_NAME[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_WOLF_BIGINT); \
+ VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+ } \
+ for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < VAR_ITEMS; inner_idx_##VAR_NAME++) { \
+ VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+ } \
+ break; \
+ } \
+ }
+ #define FREE_VAR(VAR_NAME, HEAP) \
+ XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT);
+ #define FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \
+ for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
+ XFREE(VAR_NAME[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+ }
+
+ #define DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+ DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+ #define DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+ #define FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
+ FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)
+ #else
+ #undef DECLARE_VAR_IS_HEAP_ALLOC
+ #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
+ VAR_TYPE VAR_NAME[VAR_SIZE]
+ #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+ VAR_TYPE VAR_NAME[VAR_ITEMS][VAR_SIZE]
+ #define FREE_VAR(VAR_NAME, HEAP) /* nothing to free, its stack */
+ #define FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) /* nothing to free, its stack */
+
+ #define DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+ VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
+ int idx##VAR_NAME, inner_idx_##VAR_NAME;
+ #define DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+ for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
+ VAR_NAME[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+ if (VAR_NAME[idx##VAR_NAME] == NULL) { \
+ for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
+ XFREE(VAR_NAME[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_TMP_BUFFER); \
+ VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+ } \
+ for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < VAR_ITEMS; inner_idx_##VAR_NAME++) { \
+ VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+ } \
+ break; \
+ } \
+ }
+ #define FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
+ for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
+ XFREE(VAR_NAME[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+ }
+ #endif
+
+ #if !defined(USE_WOLF_STRTOK) && \
+ ((defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR)) || \
+ defined(WOLFSSL_TIRTOS) || defined(WOLF_C99))
+ #define USE_WOLF_STRTOK
+ #endif
+ #if !defined(USE_WOLF_STRSEP) && (defined(WOLF_C99))
+ #define USE_WOLF_STRSEP
+ #endif
+
+ #ifndef STRING_USER
+ #if defined(WOLFSSL_LINUXKM)
+ #include <linux/string.h>
+ #else
+ #include <string.h>
+ #endif
+
+ #define XMEMCPY(d,s,l) memcpy((d),(s),(l))
+ #define XMEMSET(b,c,l) memset((b),(c),(l))
+ #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
+ #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
+
+ #define XSTRLEN(s1) strlen((s1))
+ #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
+ /* strstr, strncmp, strcmp, and strncat only used by wolfSSL proper,
+ * not required for wolfCrypt only */
+ #define XSTRSTR(s1,s2) strstr((s1),(s2))
+ #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
+ #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
+ #define XSTRCMP(s1,s2) strcmp((s1),(s2))
+ #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
+
+ #ifdef USE_WOLF_STRSEP
+ #define XSTRSEP(s1,d) wc_strsep((s1),(d))
+ #else
+ #define XSTRSEP(s1,d) strsep((s1),(d))
+ #endif
+
+ #ifndef XSTRNCASECMP
+ #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \
+ defined(WOLFSSL_ZEPHYR)
+ /* XC32 does not support strncasecmp, so use case sensitive one */
+ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
+ #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
+ #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
+ #else
+ #if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \
+ !defined(WOLFSSL_SGX)
+ #include <strings.h>
+ #endif
+ #if defined(WOLFSSL_DEOS)
+ #define XSTRNCASECMP(s1,s2,n) strnicmp((s1),(s2),(n))
+ #elif defined(WOLFSSL_CMSIS_RTOSv2)
+ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
+ #else
+ #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
+ #endif
+ #endif
+ #endif /* !XSTRNCASECMP */
+
+ /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when
+ debugging is turned on */
+ #ifndef USE_WINDOWS_API
+ #ifndef XSNPRINTF
+ #if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \
+ defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM)
+ /* case where stdio is not included else where but is needed
+ for snprintf */
+ #include <stdio.h>
+ #endif
+ #if defined(WOLFSSL_ESPIDF) && \
+ (!defined(NO_ASN_TIME) && defined(HAVE_PKCS7))
+ #include<stdarg.h>
+ /* later gcc than 7.1 introduces -Wformat-truncation */
+ /* In cases when truncation is expected the caller needs*/
+ /* to check the return value from the function so that */
+ /* compiler doesn't complain. */
+ /* xtensa-esp32-elf v8.2.0 warns trancation at */
+ /* GetAsnTimeString() */
+ static WC_INLINE
+ int _xsnprintf_(char *s, size_t n, const char *format, ...)
+ {
+ va_list ap;
+ int ret;
+
+ if ((int)n <= 0) return -1;
+
+ va_start(ap, format);
+
+ ret = XVSNPRINTF(s, n, format, ap);
+ if (ret < 0)
+ ret = -1;
+
+ va_end(ap);
+
+ return ret;
+ }
+ #define XSNPRINTF _xsnprintf_
+ #else
+ #define XSNPRINTF snprintf
+ #endif
+ #endif
+ #else
+ #if defined(_MSC_VER) || defined(__CYGWIN__) || defined(__MINGW32__)
+ #if defined(_MSC_VER) && (_MSC_VER >= 1900)
+ /* Beginning with the UCRT in Visual Studio 2015 and
+ Windows 10, snprintf is no longer identical to
+ _snprintf. The snprintf function behavior is now
+ C99 standard compliant. */
+ #include <stdio.h>
+ #define XSNPRINTF snprintf
+ #else
+ /* 4996 warning to use MS extensions e.g., _sprintf_s
+ instead of _snprintf */
+ #if !defined(__MINGW32__)
+ #pragma warning(disable: 4996)
+ #endif
+ static WC_INLINE
+ int xsnprintf(char *buffer, size_t bufsize,
+ const char *format, ...) {
+ va_list ap;
+ int ret;
+
+ if ((int)bufsize <= 0) return -1;
+ va_start(ap, format);
+ ret = XVSNPRINTF(buffer, bufsize, format, ap);
+ if (ret >= (int)bufsize)
+ ret = -1;
+ va_end(ap);
+ return ret;
+ }
+ #define XSNPRINTF xsnprintf
+ #endif /* (_MSC_VER >= 1900) */
+ #else
+ #define XSNPRINTF snprintf
+ #endif /* _MSC_VER */
+ #endif /* USE_WINDOWS_API */
+
+ #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \
+ || defined(HAVE_ALPN)
+ /* use only Thread Safe version of strtok */
+ #if defined(USE_WOLF_STRTOK)
+ #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+ #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS)
+ #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr))
+ #else
+ #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr))
+ #endif
+ #endif
+
+ #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_OCSP) || \
+ defined(HAVE_CRL_IO) || defined(HAVE_HTTP_CLIENT) || \
+ !defined(NO_CRYPT_BENCHMARK)
+
+ #ifndef XATOI /* if custom XATOI is not already defined */
+ #include <stdlib.h>
+ #define XATOI(s) atoi((s))
+ #endif
+ #endif
+ #endif
+
+ #ifdef USE_WOLF_STRTOK
+ WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp);
+ #endif
+ #ifdef USE_WOLF_STRSEP
+ WOLFSSL_API char* wc_strsep(char **stringp, const char *delim);
+ #endif
+
+ #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
+ !defined(NO_STDIO_FILESYSTEM)
+ #ifndef XGETENV
+ #include <stdlib.h>
+ #define XGETENV getenv
+ #endif
+ #endif /* OPENSSL_EXTRA */
+
+ #ifndef CTYPE_USER
+ #ifndef WOLFSSL_LINUXKM
+ #include <ctype.h>
+ #endif
+ #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
+ defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \
+ defined(OPENSSL_EXTRA)
+ #define XTOUPPER(c) toupper((c))
+ #endif
+ #ifdef OPENSSL_ALL
+ #define XISALNUM(c) isalnum((c))
+ #define XISASCII(c) isascii((c))
+ #define XISSPACE(c) isspace((c))
+ #endif
+ /* needed by wolfSSL_check_domain_name() */
+ #define XTOLOWER(c) tolower((c))
+ #endif
+
+
+ /* memory allocation types for user hints */
+ enum {
+ DYNAMIC_TYPE_CA = 1,
+ DYNAMIC_TYPE_CERT = 2,
+ DYNAMIC_TYPE_KEY = 3,
+ DYNAMIC_TYPE_FILE = 4,
+ DYNAMIC_TYPE_SUBJECT_CN = 5,
+ DYNAMIC_TYPE_PUBLIC_KEY = 6,
+ DYNAMIC_TYPE_SIGNER = 7,
+ DYNAMIC_TYPE_NONE = 8,
+ DYNAMIC_TYPE_BIGINT = 9,
+ DYNAMIC_TYPE_RSA = 10,
+ DYNAMIC_TYPE_METHOD = 11,
+ DYNAMIC_TYPE_OUT_BUFFER = 12,
+ DYNAMIC_TYPE_IN_BUFFER = 13,
+ DYNAMIC_TYPE_INFO = 14,
+ DYNAMIC_TYPE_DH = 15,
+ DYNAMIC_TYPE_DOMAIN = 16,
+ DYNAMIC_TYPE_SSL = 17,
+ DYNAMIC_TYPE_CTX = 18,
+ DYNAMIC_TYPE_WRITEV = 19,
+ DYNAMIC_TYPE_OPENSSL = 20,
+ DYNAMIC_TYPE_DSA = 21,
+ DYNAMIC_TYPE_CRL = 22,
+ DYNAMIC_TYPE_REVOKED = 23,
+ DYNAMIC_TYPE_CRL_ENTRY = 24,
+ DYNAMIC_TYPE_CERT_MANAGER = 25,
+ DYNAMIC_TYPE_CRL_MONITOR = 26,
+ DYNAMIC_TYPE_OCSP_STATUS = 27,
+ DYNAMIC_TYPE_OCSP_ENTRY = 28,
+ DYNAMIC_TYPE_ALTNAME = 29,
+ DYNAMIC_TYPE_SUITES = 30,
+ DYNAMIC_TYPE_CIPHER = 31,
+ DYNAMIC_TYPE_RNG = 32,
+ DYNAMIC_TYPE_ARRAYS = 33,
+ DYNAMIC_TYPE_DTLS_POOL = 34,
+ DYNAMIC_TYPE_SOCKADDR = 35,
+ DYNAMIC_TYPE_LIBZ = 36,
+ DYNAMIC_TYPE_ECC = 37,
+ DYNAMIC_TYPE_TMP_BUFFER = 38,
+ DYNAMIC_TYPE_DTLS_MSG = 39,
+ DYNAMIC_TYPE_X509 = 40,
+ DYNAMIC_TYPE_TLSX = 41,
+ DYNAMIC_TYPE_OCSP = 42,
+ DYNAMIC_TYPE_SIGNATURE = 43,
+ DYNAMIC_TYPE_HASHES = 44,
+ DYNAMIC_TYPE_SRP = 45,
+ DYNAMIC_TYPE_COOKIE_PWD = 46,
+ DYNAMIC_TYPE_USER_CRYPTO = 47,
+ DYNAMIC_TYPE_OCSP_REQUEST = 48,
+ DYNAMIC_TYPE_X509_EXT = 49,
+ DYNAMIC_TYPE_X509_STORE = 50,
+ DYNAMIC_TYPE_X509_CTX = 51,
+ DYNAMIC_TYPE_URL = 52,
+ DYNAMIC_TYPE_DTLS_FRAG = 53,
+ DYNAMIC_TYPE_DTLS_BUFFER = 54,
+ DYNAMIC_TYPE_SESSION_TICK = 55,
+ DYNAMIC_TYPE_PKCS = 56,
+ DYNAMIC_TYPE_MUTEX = 57,
+ DYNAMIC_TYPE_PKCS7 = 58,
+ DYNAMIC_TYPE_AES_BUFFER = 59,
+ DYNAMIC_TYPE_WOLF_BIGINT = 60,
+ DYNAMIC_TYPE_ASN1 = 61,
+ DYNAMIC_TYPE_LOG = 62,
+ DYNAMIC_TYPE_WRITEDUP = 63,
+ DYNAMIC_TYPE_PRIVATE_KEY = 64,
+ DYNAMIC_TYPE_HMAC = 65,
+ DYNAMIC_TYPE_ASYNC = 66,
+ DYNAMIC_TYPE_ASYNC_NUMA = 67,
+ DYNAMIC_TYPE_ASYNC_NUMA64 = 68,
+ DYNAMIC_TYPE_CURVE25519 = 69,
+ DYNAMIC_TYPE_ED25519 = 70,
+ DYNAMIC_TYPE_SECRET = 71,
+ DYNAMIC_TYPE_DIGEST = 72,
+ DYNAMIC_TYPE_RSA_BUFFER = 73,
+ DYNAMIC_TYPE_DCERT = 74,
+ DYNAMIC_TYPE_STRING = 75,
+ DYNAMIC_TYPE_PEM = 76,
+ DYNAMIC_TYPE_DER = 77,
+ DYNAMIC_TYPE_CERT_EXT = 78,
+ DYNAMIC_TYPE_ALPN = 79,
+ DYNAMIC_TYPE_ENCRYPTEDINFO= 80,
+ DYNAMIC_TYPE_DIRCTX = 81,
+ DYNAMIC_TYPE_HASHCTX = 82,
+ DYNAMIC_TYPE_SEED = 83,
+ DYNAMIC_TYPE_SYMMETRIC_KEY= 84,
+ DYNAMIC_TYPE_ECC_BUFFER = 85,
+ DYNAMIC_TYPE_QSH = 86,
+ DYNAMIC_TYPE_SALT = 87,
+ DYNAMIC_TYPE_HASH_TMP = 88,
+ DYNAMIC_TYPE_BLOB = 89,
+ DYNAMIC_TYPE_NAME_ENTRY = 90,
+ DYNAMIC_TYPE_CURVE448 = 91,
+ DYNAMIC_TYPE_ED448 = 92,
+ DYNAMIC_TYPE_AES = 93,
+ DYNAMIC_TYPE_CMAC = 94,
+ DYNAMIC_TYPE_SNIFFER_SERVER = 1000,
+ DYNAMIC_TYPE_SNIFFER_SESSION = 1001,
+ DYNAMIC_TYPE_SNIFFER_PB = 1002,
+ DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003,
+ DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004,
+ DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005,
+ };
+
+ /* max error buffer string size */
+ #ifndef WOLFSSL_MAX_ERROR_SZ
+ #define WOLFSSL_MAX_ERROR_SZ 80
+ #endif
+
+ /* stack protection */
+ enum {
+ MIN_STACK_BUFFER = 8
+ };
+
+
+ /* Algorithm Types */
+ enum wc_AlgoType {
+ WC_ALGO_TYPE_NONE = 0,
+ WC_ALGO_TYPE_HASH = 1,
+ WC_ALGO_TYPE_CIPHER = 2,
+ WC_ALGO_TYPE_PK = 3,
+ WC_ALGO_TYPE_RNG = 4,
+ WC_ALGO_TYPE_SEED = 5,
+ WC_ALGO_TYPE_HMAC = 6,
+ WC_ALGO_TYPE_CMAC = 7,
+
+ WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CMAC
+ };
+
+ /* hash types */
+ enum wc_HashType {
+ #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) && \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))
+ /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types.
+ * Values here are based on old selftest hmac.h enum, with additions.
+ * These values are fixed for backwards FIPS compatibility */
+ WC_HASH_TYPE_NONE = 15,
+ WC_HASH_TYPE_MD2 = 16,
+ WC_HASH_TYPE_MD4 = 17,
+ WC_HASH_TYPE_MD5 = 0,
+ WC_HASH_TYPE_SHA = 1, /* SHA-1 (not old SHA-0) */
+ WC_HASH_TYPE_SHA224 = 8,
+ WC_HASH_TYPE_SHA256 = 2,
+ WC_HASH_TYPE_SHA384 = 5,
+ WC_HASH_TYPE_SHA512 = 4,
+ WC_HASH_TYPE_MD5_SHA = 18,
+ WC_HASH_TYPE_SHA3_224 = 10,
+ WC_HASH_TYPE_SHA3_256 = 11,
+ WC_HASH_TYPE_SHA3_384 = 12,
+ WC_HASH_TYPE_SHA3_512 = 13,
+ WC_HASH_TYPE_BLAKE2B = 14,
+ WC_HASH_TYPE_BLAKE2S = 19,
+
+ WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S
+ #else
+ WC_HASH_TYPE_NONE = 0,
+ WC_HASH_TYPE_MD2 = 1,
+ WC_HASH_TYPE_MD4 = 2,
+ WC_HASH_TYPE_MD5 = 3,
+ WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */
+ WC_HASH_TYPE_SHA224 = 5,
+ WC_HASH_TYPE_SHA256 = 6,
+ WC_HASH_TYPE_SHA384 = 7,
+ WC_HASH_TYPE_SHA512 = 8,
+ WC_HASH_TYPE_MD5_SHA = 9,
+ WC_HASH_TYPE_SHA3_224 = 10,
+ WC_HASH_TYPE_SHA3_256 = 11,
+ WC_HASH_TYPE_SHA3_384 = 12,
+ WC_HASH_TYPE_SHA3_512 = 13,
+ WC_HASH_TYPE_BLAKE2B = 14,
+ WC_HASH_TYPE_BLAKE2S = 15,
+
+ WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S
+ #endif /* HAVE_SELFTEST */
+ };
+
+ /* cipher types */
+ enum wc_CipherType {
+ WC_CIPHER_NONE = 0,
+ WC_CIPHER_AES = 1,
+ WC_CIPHER_AES_CBC = 2,
+ WC_CIPHER_AES_GCM = 3,
+ WC_CIPHER_AES_CTR = 4,
+ WC_CIPHER_AES_XTS = 5,
+ WC_CIPHER_AES_CFB = 6,
+ WC_CIPHER_DES3 = 7,
+ WC_CIPHER_DES = 8,
+ WC_CIPHER_CHACHA = 9,
+ WC_CIPHER_HC128 = 10,
+ WC_CIPHER_IDEA = 11,
+
+ WC_CIPHER_MAX = WC_CIPHER_HC128
+ };
+
+ /* PK=public key (asymmetric) based algorithms */
+ enum wc_PkType {
+ WC_PK_TYPE_NONE = 0,
+ WC_PK_TYPE_RSA = 1,
+ WC_PK_TYPE_DH = 2,
+ WC_PK_TYPE_ECDH = 3,
+ WC_PK_TYPE_ECDSA_SIGN = 4,
+ WC_PK_TYPE_ECDSA_VERIFY = 5,
+ WC_PK_TYPE_ED25519_SIGN = 6,
+ WC_PK_TYPE_CURVE25519 = 7,
+ WC_PK_TYPE_RSA_KEYGEN = 8,
+ WC_PK_TYPE_EC_KEYGEN = 9,
+ WC_PK_TYPE_RSA_CHECK_PRIV_KEY = 10,
+ WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11,
+ WC_PK_TYPE_ED448 = 12,
+ WC_PK_TYPE_CURVE448 = 13,
+ WC_PK_TYPE_ED25519_VERIFY = 14,
+ WC_PK_TYPE_ED25519_KEYGEN = 15,
+ WC_PK_TYPE_CURVE25519_KEYGEN = 16,
+ WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519_KEYGEN
+ };
+
+
+ /* settings detection for compile vs runtime math incompatibilities */
+ enum {
+ #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
+ CTC_SETTINGS = 0x0
+ #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
+ CTC_SETTINGS = 0x1
+ #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
+ CTC_SETTINGS = 0x2
+ #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
+ CTC_SETTINGS = 0x4
+ #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
+ CTC_SETTINGS = 0x8
+ #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
+ CTC_SETTINGS = 0x10
+ #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
+ CTC_SETTINGS = 0x20
+ #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
+ CTC_SETTINGS = 0x40
+ #else
+ #error "bad math long / long long settings"
+ #endif
+ };
+
+
+ WOLFSSL_API word32 CheckRunTimeSettings(void);
+
+ /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long
+ types need to match at compile time and run time, CheckCtcSettings will
+ return 1 if a match otherwise 0 */
+ #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
+
+ /* invalid device id */
+ #define INVALID_DEVID -2
+
+
+ /* AESNI requires alignment and ARMASM gains some performance from it
+ * Xilinx RSA operations require alignment */
+ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
+ defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX)
+ #ifndef WOLFSSL_USE_ALIGN
+ #define WOLFSSL_USE_ALIGN
+ #endif
+ #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */
+
+ #ifdef WOLFSSL_USE_ALIGN
+ #if !defined(ALIGN16)
+ #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define ALIGN16 __attribute__ ( (aligned (16)))
+ #elif defined(_MSC_VER)
+ /* disable align warning, we want alignment ! */
+ #pragma warning(disable: 4324)
+ #define ALIGN16 __declspec (align (16))
+ #else
+ #define ALIGN16
+ #endif
+ #endif /* !ALIGN16 */
+
+ #if !defined (ALIGN32)
+ #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define ALIGN32 __attribute__ ( (aligned (32)))
+ #elif defined(_MSC_VER)
+ /* disable align warning, we want alignment ! */
+ #pragma warning(disable: 4324)
+ #define ALIGN32 __declspec (align (32))
+ #else
+ #define ALIGN32
+ #endif
+ #endif /* !ALIGN32 */
+
+ #if !defined(ALIGN64)
+ #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define ALIGN64 __attribute__ ( (aligned (64)))
+ #elif defined(_MSC_VER)
+ /* disable align warning, we want alignment ! */
+ #pragma warning(disable: 4324)
+ #define ALIGN64 __declspec (align (64))
+ #else
+ #define ALIGN64
+ #endif
+ #endif /* !ALIGN64 */
+
+ #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define ALIGN128 __attribute__ ( (aligned (128)))
+ #elif defined(_MSC_VER)
+ /* disable align warning, we want alignment ! */
+ #pragma warning(disable: 4324)
+ #define ALIGN128 __declspec (align (128))
+ #else
+ #define ALIGN128
+ #endif
+
+ #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define ALIGN256 __attribute__ ( (aligned (256)))
+ #elif defined(_MSC_VER)
+ /* disable align warning, we want alignment ! */
+ #pragma warning(disable: 4324)
+ #define ALIGN256 __declspec (align (256))
+ #else
+ #define ALIGN256
+ #endif
+
+ #else
+ #ifndef ALIGN16
+ #define ALIGN16
+ #endif
+ #ifndef ALIGN32
+ #define ALIGN32
+ #endif
+ #ifndef ALIGN64
+ #define ALIGN64
+ #endif
+ #ifndef ALIGN128
+ #define ALIGN128
+ #endif
+ #ifndef ALIGN256
+ #define ALIGN256
+ #endif
+ #endif /* WOLFSSL_USE_ALIGN */
+
+ #if !defined(PEDANTIC_EXTENSION)
+ #if defined(__GNUC__)
+ #define PEDANTIC_EXTENSION __extension__
+ #else
+ #define PEDANTIC_EXTENSION
+ #endif
+ #endif /* !PEDANTIC_EXTENSION */
+
+
+ #ifndef TRUE
+ #define TRUE 1
+ #endif
+ #ifndef FALSE
+ #define FALSE 0
+ #endif
+
+
+ #if defined(HAVE_STACK_SIZE)
+ #define EXIT_TEST(ret) return (void*)((size_t)(ret))
+ #else
+ #define EXIT_TEST(ret) return ret
+ #endif
+
+
+ #if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \
+ defined(__GNUC__)
+ #define WOLFSSL_PACK __attribute__ ((packed))
+ #else
+ #define WOLFSSL_PACK
+ #endif
+
+ #ifndef __GNUC_PREREQ
+ #if defined(__GNUC__) && defined(__GNUC_MINOR__)
+ #define __GNUC_PREREQ(maj, min) \
+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+ #else
+ #define __GNUC_PREREQ(maj, min) (0) /* not GNUC */
+ #endif
+ #endif
+
+ #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+ #define WC_NORETURN __attribute__((noreturn))
+ #else
+ #define WC_NORETURN
+ #endif
+
+ #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
+ defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) || \
+ defined(WOLFSSL_PUBLIC_MP) || defined(OPENSSL_EXTRA) || \
+ (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT))
+ #undef WC_MP_TO_RADIX
+ #define WC_MP_TO_RADIX
+ #endif
+
+ #if defined(__GNUC__) && __GNUC__ > 5
+ #define PRAGMA_GCC_IGNORE(str) _Pragma(str);
+ #define PRAGMA_GCC_POP _Pragma("GCC diagnostic pop");
+ #else
+ #define PRAGMA_GCC_IGNORE(str)
+ #define PRAGMA_GCC_POP
+ #endif
+
+ #ifdef __cplusplus
+ } /* extern "C" */
+ #endif
+
+#endif /* WOLF_CRYPT_TYPES_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/visibility.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/visibility.h
new file mode 100644
index 0000000..46a31a4
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/visibility.h
@@ -0,0 +1,81 @@
+/* visibility.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* Visibility control macros */
+
+#ifndef WOLF_CRYPT_VISIBILITY_H
+#define WOLF_CRYPT_VISIBILITY_H
+
+
+/* for compatibility and so that fips is using same name of macro @wc_fips */
+/* The following visibility wrappers are for old FIPS. New FIPS should use
+ * the same as a non-FIPS build. */
+#if defined(HAVE_FIPS) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
+ #include <cyassl/ctaocrypt/visibility.h>
+ #define WOLFSSL_API CYASSL_API
+ #define WOLFSSL_LOCAL CYASSL_LOCAL
+#else
+
+/* WOLFSSL_API is used for the public API symbols.
+ It either imports or exports (or does nothing for static builds)
+
+ WOLFSSL_LOCAL is used for non-API symbols (private).
+*/
+
+#if defined(BUILDING_WOLFSSL)
+ #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
+ defined(_WIN32_WCE)
+ #if defined(WOLFSSL_DLL)
+ #define WOLFSSL_API __declspec(dllexport)
+ #else
+ #define WOLFSSL_API
+ #endif
+ #define WOLFSSL_LOCAL
+ #elif defined(HAVE_VISIBILITY) && HAVE_VISIBILITY
+ #define WOLFSSL_API __attribute__ ((visibility("default")))
+ #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden")))
+ #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550)
+ #define WOLFSSL_API __global
+ #define WOLFSSL_LOCAL __hidden
+ #else
+ #define WOLFSSL_API
+ #define WOLFSSL_LOCAL
+ #endif /* HAVE_VISIBILITY */
+#else /* BUILDING_WOLFSSL */
+ #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
+ defined(_WIN32_WCE)
+ #if defined(WOLFSSL_DLL)
+ #define WOLFSSL_API __declspec(dllimport)
+ #else
+ #define WOLFSSL_API
+ #endif
+ #define WOLFSSL_LOCAL
+ #else
+ #define WOLFSSL_API
+ #define WOLFSSL_LOCAL
+ #endif
+#endif /* BUILDING_WOLFSSL */
+
+#endif /* HAVE_FIPS */
+#endif /* WOLF_CRYPT_VISIBILITY_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wc_encrypt.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wc_encrypt.h
new file mode 100644
index 0000000..56d9215
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wc_encrypt.h
@@ -0,0 +1,126 @@
+/* wc_encrypt.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/wc_encrypt.h
+*/
+
+
+#ifndef WOLF_CRYPT_ENCRYPT_H
+#define WOLF_CRYPT_ENCRYPT_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#ifndef NO_AES
+ #include <wolfssl/wolfcrypt/aes.h>
+#endif
+#ifdef HAVE_CHACHA
+ #include <wolfssl/wolfcrypt/chacha.h>
+#endif
+#ifndef NO_DES3
+ #include <wolfssl/wolfcrypt/des3.h>
+#endif
+#ifndef NO_RC4
+ #include <wolfssl/wolfcrypt/arc4.h>
+#endif
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* determine max cipher key size - cannot use enum values here, must be define,
+ * since WC_MAX_SYM_KEY_SIZE is used in if macro logic. */
+#ifndef NO_AES
+ #define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8)
+#elif defined(HAVE_CHACHA)
+ #define WC_MAX_SYM_KEY_SIZE 32 /* CHACHA_MAX_KEY_SZ */
+#elif !defined(NO_DES3)
+ #define WC_MAX_SYM_KEY_SIZE 24 /* DES3_KEY_SIZE */
+#elif !defined(NO_RC4)
+ #define WC_MAX_SYM_KEY_SIZE 16 /* RC4_KEY_SIZE */
+#else
+ #define WC_MAX_SYM_KEY_SIZE 32
+#endif
+
+
+#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+ (HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
+ (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
+ /* In FIPS cert 3389 and CAVP selftest v1 build, these enums are
+ * not in aes.h. Define them here outside the fips boundary.
+ */
+ #ifndef GCM_NONCE_MID_SZ
+ /* The usual default nonce size for AES-GCM. */
+ #define GCM_NONCE_MID_SZ 12
+ #endif
+ #ifndef CCM_NONCE_MIN_SZ
+ #define CCM_NONCE_MIN_SZ 7
+ #endif
+#endif
+
+
+#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+ const byte* key, word32 keySz,
+ const byte* iv);
+WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
+ const byte* key, word32 keySz,
+ const byte* iv);
+#endif /* !NO_AES */
+
+
+#ifndef NO_DES3
+WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out,
+ const byte* in, word32 sz,
+ const byte* key, const byte* iv);
+#endif /* !NO_DES3 */
+
+
+
+
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ struct EncryptedInfo;
+ WOLFSSL_API int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
+ const byte* password, int passwordSz, int hashType);
+ WOLFSSL_API int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
+ const byte* password, int passwordSz, int hashType);
+#endif /* WOLFSSL_ENCRYPTED_KEYS */
+
+#ifndef NO_PWDBASED
+ WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz,
+ byte* salt, int saltSz, int iterations, int id, byte* input, int length,
+ int version, byte* cbcIv, int enc, int shaOid);
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_ENCRYPT_H */
+
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wc_port.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wc_port.h
new file mode 100644
index 0000000..ca71bf7
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wc_port.h
@@ -0,0 +1,1145 @@
+/* wc_port.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfcrypt/wc_port.h
+*/
+
+#ifndef WOLF_CRYPT_PORT_H
+#define WOLF_CRYPT_PORT_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/visibility.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Detect if compiler supports C99. "NO_WOLF_C99" can be defined in
+ * user_settings.h to disable checking for C99 support. */
+#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && \
+ !defined(WOLFSSL_ARDUINO) && !defined(NO_WOLF_C99)
+ #if __STDC_VERSION__ >= 199901L
+ #define WOLF_C99
+ #endif
+#endif
+
+
+/* GENERIC INCLUDE SECTION */
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ #include <mqx.h>
+ #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \
+ defined(FREESCALE_MQX_5_0)
+ #include <fio.h>
+ #else
+ #include <nio.h>
+ #endif
+#endif
+
+#ifdef WOLFSSL_LINUXKM
+ #ifdef HAVE_CONFIG_H
+ #ifndef PACKAGE_NAME
+ #error wc_port.h included before config.h
+ #endif
+ /* config.h is autogenerated without gating, and is subject to repeat
+ * inclusions, so gate it out here to keep autodetection masking
+ * intact:
+ */
+ #undef HAVE_CONFIG_H
+ #endif
+
+ #ifdef BUILDING_WOLFSSL
+
+ _Pragma("GCC diagnostic push");
+
+ /* we include all the needed kernel headers with these masked out. else
+ * there are profuse warnings.
+ */
+ _Pragma("GCC diagnostic ignored \"-Wunused-parameter\"");
+ _Pragma("GCC diagnostic ignored \"-Wpointer-arith\"");
+ _Pragma("GCC diagnostic ignored \"-Wshadow\"");
+ _Pragma("GCC diagnostic ignored \"-Wnested-externs\"");
+ _Pragma("GCC diagnostic ignored \"-Wredundant-decls\"");
+ _Pragma("GCC diagnostic ignored \"-Wsign-compare\"");
+ _Pragma("GCC diagnostic ignored \"-Wpointer-sign\"");
+ _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\"");
+ _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\"");
+ _Pragma("GCC diagnostic ignored \"-Wtype-limits\"");
+
+ /* suppress inclusion of stdint-gcc.h to avoid conflicts with Linux native include/linux/types.h: */
+ #define _GCC_STDINT_H
+
+ #include <linux/kconfig.h>
+ #include <linux/kernel.h>
+ #include <linux/version.h>
+ #include <linux/ctype.h>
+ #include <linux/init.h>
+ #include <linux/module.h>
+ #include <linux/mm.h>
+ #ifndef SINGLE_THREADED
+ #include <linux/kthread.h>
+ #endif
+ #include <linux/net.h>
+ #include <linux/slab.h>
+ #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP)
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
+ #include <asm/i387.h>
+ #else
+ #include <asm/simd.h>
+ #endif
+ #ifndef SAVE_VECTOR_REGISTERS
+ #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin()
+ #endif
+ #ifndef RESTORE_VECTOR_REGISTERS
+ #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end()
+ #endif
+ #elif defined(WOLFSSL_ARMASM)
+ #include <asm/fpsimd.h>
+ #ifndef SAVE_VECTOR_REGISTERS
+ #define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); })
+ #endif
+ #ifndef RESTORE_VECTOR_REGISTERS
+ #define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); })
+ #endif
+ #else
+ #ifndef SAVE_VECTOR_REGISTERS
+ #define SAVE_VECTOR_REGISTERS() ({})
+ #endif
+ #ifndef RESTORE_VECTOR_REGISTERS
+ #define RESTORE_VECTOR_REGISTERS() ({})
+ #endif
+ #endif
+
+ _Pragma("GCC diagnostic pop");
+
+ /* Linux headers define these using C expressions, but we need
+ * them to be evaluable by the preprocessor, for use in sp_int.h.
+ */
+ _Static_assert(sizeof(ULONG_MAX) == 8, "WOLFSSL_LINUXKM supported only on targets with 64 bit long words.");
+ #undef UCHAR_MAX
+ #define UCHAR_MAX 255
+ #undef USHRT_MAX
+ #define USHRT_MAX 65535
+ #undef UINT_MAX
+ #define UINT_MAX 4294967295U
+ #undef ULONG_MAX
+ #define ULONG_MAX 18446744073709551615UL
+ #undef ULLONG_MAX
+ #define ULLONG_MAX ULONG_MAX
+ #undef INT_MAX
+ #define INT_MAX 2147483647
+ #undef LONG_MAX
+ #define LONG_MAX 9223372036854775807L
+ #undef LLONG_MAX
+ #define LLONG_MAX LONG_MAX
+
+ /* remove this multifariously conflicting macro, picked up from
+ * Linux arch/<arch>/include/asm/current.h.
+ */
+ #undef current
+
+ /* prevent gcc's mm_malloc.h from being included, since it unconditionally
+ * includes stdlib.h, which is kernel-incompatible.
+ */
+ #define _MM_MALLOC_H_INCLUDED
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
+ /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */
+ #define malloc(x) kvmalloc(x, GFP_KERNEL)
+ #define free(x) kvfree(x)
+ void *lkm_realloc(void *ptr, size_t newsize);
+ #define realloc(x, y) lkm_realloc(x, y)
+#else
+ #define malloc(x) kmalloc(x, GFP_KERNEL)
+ #define free(x) kfree(x)
+ #define realloc(x,y) krealloc(x, y, GFP_KERNEL)
+#endif
+
+ /* min() and max() in linux/kernel.h over-aggressively type-check, producing
+ * myriad spurious -Werrors throughout the codebase.
+ */
+ #undef min
+ #undef max
+
+ /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType)
+ * and linux/key.h (extern int()).
+ */
+ #define key_update wc_key_update
+
+ #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
+ #define printf(...) lkm_printf(__VA_ARGS__)
+
+ #endif /* BUILDING_WOLFSSL */
+
+ /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */
+ #define XSNPRINTF snprintf
+
+ /* the rigmarole around kstrtol() here is to accommodate its warn-unused-result attribute. */
+ #define XATOI(s) ({ \
+ long _xatoi_res = 0; \
+ int _xatoi_ret = kstrtol(s, 10, &_xatoi_res); \
+ if (_xatoi_ret != 0) { \
+ _xatoi_res = 0; \
+ } \
+ (int)_xatoi_res; \
+ })
+
+#else /* ! WOLFSSL_LINUXKM */
+
+ #ifndef SAVE_VECTOR_REGISTERS
+ #define SAVE_VECTOR_REGISTERS() do{}while(0)
+ #endif
+ #ifndef RESTORE_VECTOR_REGISTERS
+ #define RESTORE_VECTOR_REGISTERS() do{}while(0)
+ #endif
+
+#endif /* WOLFSSL_LINUXKM */
+
+/* THREADING/MUTEX SECTION */
+#ifdef USE_WINDOWS_API
+ #ifdef WOLFSSL_GAME_BUILD
+ #include "system/xtl.h"
+ #else
+ #ifndef WIN32_LEAN_AND_MEAN
+ #define WIN32_LEAN_AND_MEAN
+ #endif
+ #ifndef WOLFSSL_SGX
+ #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
+ /* On WinCE winsock2.h must be included before windows.h */
+ #include <winsock2.h>
+ #endif
+ #include <windows.h>
+ #endif /* WOLFSSL_SGX */
+ #endif
+#elif defined(THREADX)
+ #ifndef SINGLE_THREADED
+ #ifdef NEED_THREADX_TYPES
+ #include <types.h>
+ #endif
+ #include <tx_api.h>
+ #endif
+#elif defined(WOLFSSL_DEOS)
+ #include "mutexapi.h"
+#elif defined(MICRIUM)
+ /* do nothing, just don't pick Unix */
+#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
+ /* do nothing */
+#elif defined(RTTHREAD)
+ /* do nothing */
+#elif defined(EBSNET)
+ /* do nothing */
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ /* do nothing */
+#elif defined(FREESCALE_FREE_RTOS)
+ #include "fsl_os_abstraction.h"
+#elif defined(WOLFSSL_VXWORKS)
+ #include <semLib.h>
+#elif defined(WOLFSSL_uITRON4)
+ #include "stddef.h"
+ #include "kernel.h"
+#elif defined(WOLFSSL_uTKERNEL2)
+ #include "tk/tkernel.h"
+#elif defined(WOLFSSL_CMSIS_RTOS)
+ #include "cmsis_os.h"
+#elif defined(WOLFSSL_CMSIS_RTOSv2)
+ #include "cmsis_os2.h"
+#elif defined(WOLFSSL_MDK_ARM)
+ #if defined(WOLFSSL_MDK5)
+ #include "cmsis_os.h"
+ #else
+ #include <rtl.h>
+ #endif
+#elif defined(WOLFSSL_CMSIS_RTOS)
+ #include "cmsis_os.h"
+#elif defined(WOLFSSL_TIRTOS)
+ #include <ti/sysbios/BIOS.h>
+ #include <ti/sysbios/knl/Semaphore.h>
+#elif defined(WOLFSSL_FROSTED)
+ #include <semaphore.h>
+#elif defined(INTIME_RTOS)
+ #include <rt.h>
+ #include <io.h>
+#elif defined(WOLFSSL_NUCLEUS_1_2)
+ /* NU_DEBUG needed struct access in nucleus_realloc */
+ #define NU_DEBUG
+ #include "plus/nucleus.h"
+ #include "nucleus.h"
+#elif defined(WOLFSSL_APACHE_MYNEWT)
+ /* do nothing */
+#elif defined(WOLFSSL_ZEPHYR)
+ #ifndef SINGLE_THREADED
+ #include <kernel.h>
+ #endif
+#elif defined(WOLFSSL_TELIT_M2MB)
+
+ /* Telit SDK uses C++ compile option (--cpp), which causes link issue
+ to API's if wrapped in extern "C" */
+ #ifdef __cplusplus
+ } /* extern "C" */
+ #endif
+
+ #include "m2mb_types.h"
+ #include "m2mb_os_types.h"
+ #include "m2mb_os_api.h"
+ #include "m2mb_os.h"
+ #include "m2mb_os_mtx.h"
+ #ifndef NO_ASN_TIME
+ #include "m2mb_rtc.h"
+ #endif
+ #ifndef NO_FILESYSTEM
+ #include "m2mb_fs_posix.h"
+ #endif
+
+ #undef kB /* eliminate conflict in asn.h */
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+
+#else
+ #ifndef SINGLE_THREADED
+ #ifndef WOLFSSL_USER_MUTEX
+ #if defined(WOLFSSL_LINUXKM)
+ #define WOLFSSL_KTHREADS
+ #else
+ #define WOLFSSL_PTHREADS
+ #include <pthread.h>
+ #endif
+ #endif
+ #endif
+ #if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \
+ !defined(NO_FILESYSTEM)
+ #ifdef FUSION_RTOS
+ #include <fclunistd.h>
+ #else
+ #include <unistd.h> /* for close of BIO */
+ #endif
+ #endif
+#endif
+
+/* For FIPS keep the function names the same */
+#ifdef HAVE_FIPS
+#define wc_InitMutex InitMutex
+#define wc_FreeMutex FreeMutex
+#define wc_LockMutex LockMutex
+#define wc_UnLockMutex UnLockMutex
+#endif /* HAVE_FIPS */
+
+#ifdef SINGLE_THREADED
+ typedef int wolfSSL_Mutex;
+#else /* MULTI_THREADED */
+ /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
+ #if defined(FREERTOS)
+ typedef xSemaphoreHandle wolfSSL_Mutex;
+ #elif defined(FREERTOS_TCP)
+ #include "FreeRTOS.h"
+ #include "semphr.h"
+ typedef SemaphoreHandle_t wolfSSL_Mutex;
+ #elif defined (RTTHREAD)
+ #include "rtthread.h"
+ typedef rt_mutex_t wolfSSL_Mutex;
+ #elif defined(WOLFSSL_SAFERTOS)
+ typedef struct wolfSSL_Mutex {
+ signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
+ xSemaphoreHandle mutex;
+ } wolfSSL_Mutex;
+ #elif defined(USE_WINDOWS_API)
+ typedef CRITICAL_SECTION wolfSSL_Mutex;
+ #elif defined(WOLFSSL_PTHREADS)
+ typedef pthread_mutex_t wolfSSL_Mutex;
+ #elif defined(WOLFSSL_KTHREADS)
+ typedef struct mutex wolfSSL_Mutex;
+ #elif defined(THREADX)
+ typedef TX_MUTEX wolfSSL_Mutex;
+ #elif defined(WOLFSSL_DEOS)
+ typedef mutex_handle_t wolfSSL_Mutex;
+ #elif defined(MICRIUM)
+ typedef OS_MUTEX wolfSSL_Mutex;
+ #elif defined(EBSNET)
+ typedef RTP_MUTEX wolfSSL_Mutex;
+ #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ typedef MUTEX_STRUCT wolfSSL_Mutex;
+ #elif defined(FREESCALE_FREE_RTOS)
+ typedef mutex_t wolfSSL_Mutex;
+ #elif defined(WOLFSSL_VXWORKS)
+ typedef SEM_ID wolfSSL_Mutex;
+ #elif defined(WOLFSSL_uITRON4)
+ typedef struct wolfSSL_Mutex {
+ T_CSEM sem ;
+ ID id ;
+ } wolfSSL_Mutex;
+ #elif defined(WOLFSSL_uTKERNEL2)
+ typedef struct wolfSSL_Mutex {
+ T_CSEM sem ;
+ ID id ;
+ } wolfSSL_Mutex;
+ #elif defined(WOLFSSL_MDK_ARM)
+ #if defined(WOLFSSL_CMSIS_RTOS)
+ typedef osMutexId wolfSSL_Mutex;
+ #else
+ typedef OS_MUT wolfSSL_Mutex;
+ #endif
+ #elif defined(WOLFSSL_CMSIS_RTOS)
+ typedef osMutexId wolfSSL_Mutex;
+ #elif defined(WOLFSSL_CMSIS_RTOSv2)
+ typedef osMutexId_t wolfSSL_Mutex;
+ #elif defined(WOLFSSL_TIRTOS)
+ typedef ti_sysbios_knl_Semaphore_Handle wolfSSL_Mutex;
+ #elif defined(WOLFSSL_FROSTED)
+ typedef mutex_t * wolfSSL_Mutex;
+ #elif defined(INTIME_RTOS)
+ typedef RTHANDLE wolfSSL_Mutex;
+ #elif defined(WOLFSSL_NUCLEUS_1_2)
+ typedef NU_SEMAPHORE wolfSSL_Mutex;
+ #elif defined(WOLFSSL_ZEPHYR)
+ typedef struct k_mutex wolfSSL_Mutex;
+ #elif defined(WOLFSSL_TELIT_M2MB)
+ typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex;
+ #elif defined(WOLFSSL_USER_MUTEX)
+ /* typedef User_Mutex wolfSSL_Mutex; */
+ #elif defined(WOLFSSL_LINUXKM)
+ typedef struct mutex wolfSSL_Mutex;
+ #else
+ #error Need a mutex type in multithreaded mode
+ #endif /* USE_WINDOWS_API */
+#endif /* SINGLE_THREADED */
+
+/* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
+#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
+ defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
+ #ifndef WOLFSSL_CRYPT_HW_MUTEX
+ #define WOLFSSL_CRYPT_HW_MUTEX 1
+ #endif
+#endif /* FREESCALE_MMCAU */
+
+#ifndef WOLFSSL_CRYPT_HW_MUTEX
+ #define WOLFSSL_CRYPT_HW_MUTEX 0
+#endif
+
+#if WOLFSSL_CRYPT_HW_MUTEX
+ /* wolfSSL_CryptHwMutexInit is called on first wolfSSL_CryptHwMutexLock,
+ however it's recommended to call this directly on Hw init to avoid possible
+ race condition where two calls to wolfSSL_CryptHwMutexLock are made at
+ the same time. */
+ int wolfSSL_CryptHwMutexInit(void);
+ int wolfSSL_CryptHwMutexLock(void);
+ int wolfSSL_CryptHwMutexUnLock(void);
+#else
+ /* Define stubs, since HW mutex is disabled */
+ #define wolfSSL_CryptHwMutexInit() 0 /* Success */
+ #define wolfSSL_CryptHwMutexLock() 0 /* Success */
+ #define wolfSSL_CryptHwMutexUnLock() (void)0 /* Success */
+#endif /* WOLFSSL_CRYPT_HW_MUTEX */
+
+/* Mutex functions */
+WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex*);
+WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void);
+WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex*);
+WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex*);
+WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex*);
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+/* dynamically set which mutex to use. unlock / lock is controlled by flag */
+typedef void (mutex_cb)(int flag, int type, const char* file, int line);
+
+WOLFSSL_API int wc_LockMutex_ex(int flag, int type, const char* file, int line);
+WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb);
+#endif
+
+/* main crypto initialization function */
+WOLFSSL_API int wolfCrypt_Init(void);
+WOLFSSL_API int wolfCrypt_Cleanup(void);
+
+#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
+ WOLFSSL_API long wolfCrypt_heap_peakAllocs_checkpoint(void);
+ WOLFSSL_API long wolfCrypt_heap_peakBytes_checkpoint(void);
+#endif
+
+
+/* FILESYSTEM SECTION */
+/* filesystem abstraction layer, used by ssl.c */
+#ifndef NO_FILESYSTEM
+
+#if defined(EBSNET)
+ #include "vfapi.h"
+ #include "vfile.h"
+
+ int ebsnet_fseek(int a, long b, int c); /* Not prototyped in vfile.h per
+ * EBSnet feedback */
+
+ #define XFILE int
+ #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
+ #define XFSEEK ebsnet_fseek
+ #define XFTELL vf_tell
+ #define XREWIND vf_rewind
+ #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
+ #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
+ #define XFCLOSE vf_close
+ #define XSEEK_END VSEEK_END
+ #define XBADFILE -1
+ #define XFGETS(b,s,f) -2 /* Not ported yet */
+
+#elif defined(LSR_FS)
+ #include <fs.h>
+ #define XFILE struct fs_file*
+ #define XFOPEN(NAME, MODE) fs_open((char*)NAME);
+ #define XFSEEK(F, O, W) (void)F
+ #define XFTELL(F) (F)->len
+ #define XREWIND(F) (void)F
+ #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
+ #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
+ #define XFCLOSE fs_close
+ #define XSEEK_END 0
+ #define XBADFILE NULL
+ #define XFGETS(b,s,f) -2 /* Not ported yet */
+
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ #define XFILE MQX_FILE_PTR
+ #define XFOPEN fopen
+ #define XFSEEK fseek
+ #define XFTELL ftell
+ #define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
+ #define XFREAD fread
+ #define XFWRITE fwrite
+ #define XFCLOSE fclose
+ #define XSEEK_END IO_SEEK_END
+ #define XBADFILE NULL
+ #define XFGETS fgets
+
+#elif defined(WOLFSSL_DEOS)
+ #define NO_FILESYSTEM
+ #warning "TODO - DDC-I Certifiable Fast File System for Deos is not integrated"
+#elif defined(MICRIUM)
+ #include <fs_api.h>
+ #define XFILE FS_FILE*
+ #define XFOPEN fs_fopen
+ #define XFSEEK fs_fseek
+ #define XFTELL fs_ftell
+ #define XREWIND fs_rewind
+ #define XFREAD fs_fread
+ #define XFWRITE fs_fwrite
+ #define XFCLOSE fs_fclose
+ #define XSEEK_END FS_SEEK_END
+ #define XBADFILE NULL
+ #define XFGETS(b,s,f) -2 /* Not ported yet */
+
+#elif defined(WOLFSSL_NUCLEUS_1_2)
+ #include "fal/inc/fal.h"
+ #define XFILE FILE*
+ #define XFOPEN fopen
+ #define XFSEEK fseek
+ #define XFTELL ftell
+ #define XREWIND rewind
+ #define XFREAD fread
+ #define XFWRITE fwrite
+ #define XFCLOSE fclose
+ #define XSEEK_END PSEEK_END
+ #define XBADFILE NULL
+
+#elif defined(WOLFSSL_APACHE_MYNEWT)
+ #include <fs/fs.h>
+ #define XFILE struct fs_file*
+
+ #define XFOPEN mynewt_fopen
+ #define XFSEEK mynewt_fseek
+ #define XFTELL mynewt_ftell
+ #define XREWIND mynewt_rewind
+ #define XFREAD mynewt_fread
+ #define XFWRITE mynewt_fwrite
+ #define XFCLOSE mynewt_fclose
+ #define XSEEK_END 2
+ #define XBADFILE NULL
+ #define XFGETS(b,s,f) -2 /* Not ported yet */
+
+#elif defined(WOLFSSL_ZEPHYR)
+ #include <fs.h>
+
+ #define XFILE struct fs_file_t*
+ #define STAT struct fs_dirent
+
+ XFILE z_fs_open(const char* filename, const char* perm);
+ int z_fs_close(XFILE file);
+
+ #define XFOPEN z_fs_open
+ #define XFCLOSE z_fs_close
+ #define XFSEEK fs_seek
+ #define XFTELL fs_tell
+ #define XFREWIND fs_rewind
+ #define XREWIND(F) fs_seek(F, 0, FS_SEEK_SET)
+ #define XFREAD(P,S,N,F) fs_read(F, P, S*N)
+ #define XFWRITE(P,S,N,F) fs_write(F, P, S*N)
+ #define XSEEK_END FS_SEEK_END
+ #define XBADFILE NULL
+ #define XFGETS(b,s,f) -2 /* Not ported yet */
+
+#elif defined(WOLFSSL_TELIT_M2MB)
+ #define XFILE INT32
+ #define XFOPEN(NAME, MODE) m2mb_fs_open((NAME), 0, (MODE))
+ #define XFSEEK(F, O, W) m2mb_fs_lseek((F), (O), (W))
+ #define XFTELL(F) m2mb_fs_lseek((F), 0, M2MB_SEEK_END)
+ #define XREWIND(F) (void)F
+ #define XFREAD(BUF, SZ, AMT, F) m2mb_fs_read((F), (BUF), (SZ)*(AMT))
+ #define XFWRITE(BUF, SZ, AMT, F) m2mb_fs_write((F), (BUF), (SZ)*(AMT))
+ #define XFCLOSE m2mb_fs_close
+ #define XSEEK_END M2MB_SEEK_END
+ #define XBADFILE -1
+ #define XFGETS(b,s,f) -2 /* Not ported yet */
+
+#elif defined (WOLFSSL_XILINX)
+ #include "xsdps.h"
+ #include "ff.h"
+
+ /* workaround to declare variable and provide type */
+ #define XFILE FIL curFile; FIL*
+ #define XFOPEN(NAME, MODE) ({ FRESULT res; res = f_open(&curFile, (NAME), (FA_OPEN_ALWAYS | FA_WRITE | FA_READ)); (res == FR_OK) ? &curFile : NULL; })
+ #define XFSEEK(F, O, W) f_lseek((F), (O))
+ #define XFTELL(F) f_tell((F))
+ #define XREWIND(F) f_rewind((F))
+ #define XFREAD(BUF, SZ, AMT, F) ({ FRESULT res; UINT br; res = f_read((F), (BUF), (SZ)*(AMT), &br); (void)br; res; })
+ #define XFWRITE(BUF, SZ, AMT, F) ({ FRESULT res; UINT written; res = f_write((F), (BUF), (SZ)*(AMT), &written); (void)written; res; })
+ #define XFCLOSE(F) f_close((F))
+ #define XSEEK_END 0
+ #define XBADFILE NULL
+ #define XFGETS(b,s,f) f_gets((b), (s), (f))
+#elif defined (_WIN32_WCE)
+ /* stdio, WINCE case */
+ #include <stdio.h>
+ #define XFILE FILE*
+ #define XFOPEN fopen
+ #define XFDOPEN fdopen
+ #define XFSEEK fseek
+ #define XFTELL ftell
+ #define XREWIND(F) XFSEEK(F, 0, SEEK_SET)
+ #define XFREAD fread
+ #define XFWRITE fwrite
+ #define XFCLOSE fclose
+ #define XSEEK_END SEEK_END
+ #define XBADFILE NULL
+ #define XFGETS fgets
+ #define XVSNPRINTF _vsnprintf
+
+#elif defined(FUSION_RTOS)
+ #include <fclstdio.h>
+ #include <fclunistd.h>
+ #include <fcldirent.h>
+ #include <sys/fclstat.h>
+ #include <fclstring.h>
+ #include <fcl_os.h>
+ #define XFILE FCL_FILE*
+ #define XFOPEN FCL_FOPEN
+ #define XFSEEK FCL_FSEEK
+ #define XFTELL FCL_FTELL
+ #define XREWIND FCL_REWIND
+ #define XFREAD FCL_FREAD
+ #define XFWRITE FCL_FWRITE
+ #define XFCLOSE FCL_FCLOSE
+ #define XSEEK_END SEEK_END
+ #define XBADFILE NULL
+ #define XFGETS FCL_FGETS
+ #define XFPUTS FCL_FPUTS
+ #define XFPRINTF FCL_FPRINTF
+ #define XVFPRINTF FCL_VFPRINTF
+ #define XVSNPRINTF FCL_VSNPRINTF
+ #define XSNPRINTF FCL_SNPRINTF
+ #define XSPRINTF FCL_SPRINTF
+ #define DIR FCL_DIR
+ #define stat FCL_STAT
+ #define opendir FCL_OPENDIR
+ #define closedir FCL_CLOSEDIR
+ #define readdir FCL_READDIR
+ #define dirent fclDirent
+ #define strncasecmp FCL_STRNCASECMP
+
+ /* FUSION SPECIFIC ERROR CODE */
+ #define FUSION_IO_SEND_E FCL_EWOULDBLOCK
+
+#elif defined(WOLFSSL_USER_FILESYSTEM)
+ /* To be defined in user_settings.h */
+#else
+ /* stdio, default case */
+ #include <stdio.h>
+ #define XFILE FILE*
+ #if defined(WOLFSSL_MDK_ARM)
+ extern FILE * wolfSSL_fopen(const char *name, const char *mode) ;
+ #define XFOPEN wolfSSL_fopen
+ #else
+ #define XFOPEN fopen
+ #endif
+ #define XFDOPEN fdopen
+ #define XFSEEK fseek
+ #define XFTELL ftell
+ #define XREWIND rewind
+ #define XFREAD fread
+ #define XFWRITE fwrite
+ #define XFCLOSE fclose
+ #define XSEEK_END SEEK_END
+ #define XBADFILE NULL
+ #define XFGETS fgets
+ #define XFPRINTF fprintf
+
+ #if !defined(NO_WOLFSSL_DIR)\
+ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
+ #if defined(USE_WINDOWS_API)
+ #include <sys/stat.h>
+ #define XSTAT _stat
+ #define XS_ISREG(s) (s & _S_IFREG)
+ #define SEPARATOR_CHAR ';'
+
+ #elif defined(INTIME_RTOS)
+ #include <sys/stat.h>
+ #define XSTAT _stat64
+ #define XS_ISREG(s) S_ISREG(s)
+ #define SEPARATOR_CHAR ';'
+ #define XWRITE write
+ #define XREAD read
+ #define XCLOSE close
+
+ #elif defined(WOLFSSL_ZEPHYR)
+ #define XSTAT fs_stat
+ #define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE)
+ #define SEPARATOR_CHAR ':'
+ #elif defined(WOLFSSL_TELIT_M2MB)
+ #define XSTAT m2mb_fs_stat
+ #define XS_ISREG(s) (s & M2MB_S_IFREG)
+ #define SEPARATOR_CHAR ':'
+ #else
+ #include <dirent.h>
+ #include <unistd.h>
+ #include <sys/stat.h>
+ #define XWRITE write
+ #define XREAD read
+ #define XCLOSE close
+ #define XSTAT stat
+ #define XS_ISREG(s) S_ISREG(s)
+ #define SEPARATOR_CHAR ':'
+ #endif
+ #endif
+#endif
+
+/* Defaults, user may over-ride with user_settings.h or in a porting section
+ * above
+ */
+#ifndef XVFPRINTF
+ #define XVFPRINTF vfprintf
+#endif
+#ifndef XVSNPRINTF
+ #define XVSNPRINTF vsnprintf
+#endif
+#ifndef XFPUTS
+ #define XFPUTS fputs
+#endif
+#ifndef XSPRINTF
+ #define XSPRINTF sprintf
+#endif
+
+ #ifndef MAX_FILENAME_SZ
+ #define MAX_FILENAME_SZ 256 /* max file name length */
+ #endif
+ #ifndef MAX_PATH
+ #define MAX_PATH 256
+ #endif
+
+ WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf,
+ size_t* bufLen, void* heap);
+
+#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \
+ !defined(WOLFSSL_NUCLEUS_1_2)
+ typedef struct ReadDirCtx {
+ #ifdef USE_WINDOWS_API
+ WIN32_FIND_DATAA FindFileData;
+ HANDLE hFind;
+ struct XSTAT s;
+ #elif defined(WOLFSSL_ZEPHYR)
+ struct fs_dirent entry;
+ struct fs_dir_t dir;
+ struct fs_dirent s;
+ struct fs_dir_t* dirp;
+
+ #elif defined(WOLFSSL_TELIT_M2MB)
+ M2MB_DIR_T* dir;
+ struct M2MB_DIRENT* entry;
+ struct M2MB_STAT s;
+ #elif defined(INTIME_RTOS)
+ struct stat64 s;
+ struct _find64 FindFileData;
+ #define IntimeFindFirst(name, data) (0 == _findfirst64(name, data))
+ #define IntimeFindNext(data) (0 == _findnext64(data))
+ #define IntimeFindClose(data) (0 == _findclose64(data))
+ #define IntimeFilename(ctx) ctx->FindFileData.f_filename
+ #else
+ struct dirent* entry;
+ DIR* dir;
+ struct XSTAT s;
+ #endif
+ char name[MAX_FILENAME_SZ];
+ } ReadDirCtx;
+
+ #define WC_READDIR_NOFILE -1
+
+ WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name);
+ WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
+ WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);
+#endif /* !NO_WOLFSSL_DIR */
+ #define WC_ISFILEEXIST_NOFILE -1
+
+ WOLFSSL_API int wc_FileExists(const char* fname);
+
+#endif /* !NO_FILESYSTEM */
+
+
+/* MIN/MAX MACRO SECTION */
+/* Windows API defines its own min() macro. */
+#if defined(USE_WINDOWS_API)
+ #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+ #define WOLFSSL_HAVE_MIN
+ #endif /* min */
+ #if defined(max) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+ #define WOLFSSL_HAVE_MAX
+ #endif /* max */
+#endif /* USE_WINDOWS_API */
+
+#ifdef __QNXNTO__
+ #define WOLFSSL_HAVE_MIN
+ #define WOLFSSL_HAVE_MAX
+#endif
+
+/* TIME SECTION */
+/* Time functions */
+#ifndef NO_ASN_TIME
+#if defined(USER_TIME)
+ /* Use our gmtime and time_t/struct tm types.
+ Only needs seconds since EPOCH using XTIME function.
+ time_t XTIME(time_t * timer) {}
+ */
+ #define WOLFSSL_GMTIME
+ #ifndef HAVE_TM_TYPE
+ #define USE_WOLF_TM
+ #endif
+ #ifndef HAVE_TIME_T_TYPE
+ #define USE_WOLF_TIME_T
+ #endif
+
+#elif defined(TIME_OVERRIDES)
+ /* Override XTIME() and XGMTIME() functionality.
+ Requires user to provide these functions:
+ time_t XTIME(time_t * timer) {}
+ struct tm* XGMTIME(const time_t* timer, struct tm* tmp) {}
+ */
+ #ifndef HAVE_TIME_T_TYPE
+ #define USE_WOLF_TIME_T
+ #endif
+ #ifndef HAVE_TM_TYPE
+ #define USE_WOLF_TM
+ #endif
+ #define NEED_TMP_TIME
+
+#elif defined(WOLFSSL_XILINX)
+ #ifndef XTIME
+ #define XTIME(t1) xilinx_time((t1))
+ #endif
+ #include <time.h>
+
+#elif defined(HAVE_RTP_SYS)
+ #include "os.h" /* dc_rtc_api needs */
+ #include "dc_rtc_api.h" /* to get current time */
+
+ /* uses parital <time.h> structures */
+ #define XTIME(tl) (0)
+ #define XGMTIME(c, t) rtpsys_gmtime((c))
+
+#elif defined(WOLFSSL_DEOS)
+ #include <time.h>
+
+#elif defined(MICRIUM)
+ #include <clk.h>
+ #include <time.h>
+ #define XTIME(t1) micrium_time((t1))
+ #define WOLFSSL_GMTIME
+
+#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
+ #include <time.h>
+ extern time_t pic32_time(time_t* timer);
+ #define XTIME(t1) pic32_time((t1))
+ #define XGMTIME(c, t) gmtime((c))
+
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ #ifdef FREESCALE_MQX_4_0
+ #include <time.h>
+ extern time_t mqx_time(time_t* timer);
+ #else
+ #define HAVE_GMTIME_R
+ #endif
+ #define XTIME(t1) mqx_time((t1))
+
+#elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
+ #include <time.h>
+ #ifndef XTIME
+ /*extern time_t ksdk_time(time_t* timer);*/
+ #define XTIME(t1) ksdk_time((t1))
+ #endif
+ #define XGMTIME(c, t) gmtime((c))
+
+#elif defined(WOLFSSL_ATMEL) && defined(WOLFSSL_ATMEL_TIME)
+ #define XTIME(t1) atmel_get_curr_time_and_date((t1))
+ #define WOLFSSL_GMTIME
+ #define USE_WOLF_TM
+ #define USE_WOLF_TIME_T
+
+#elif defined(WOLFSSL_WICED)
+ #include <time.h>
+ time_t wiced_pseudo_unix_epoch_time(time_t * timer);
+ #define XTIME(t1) wiced_pseudo_unix_epoch_time((t1))
+ #define HAVE_GMTIME_R
+
+#elif defined(IDIRECT_DEV_TIME)
+ /*Gets the timestamp from cloak software owned by VT iDirect
+ in place of time() from <time.h> */
+ #include <time.h>
+ #define XTIME(t1) idirect_time((t1))
+ #define XGMTIME(c, t) gmtime((c))
+
+#elif defined(_WIN32_WCE)
+ #include <windows.h>
+ #include <stdlib.h> /* For file system */
+
+ time_t windows_time(time_t* timer);
+
+ #define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d)
+ #define FindFirstFileA(fn, d) FindFirstFile((LPCWSTR) fn, \
+ (LPWIN32_FIND_DATAW) d)
+ #define XTIME(t1) windows_time((t1))
+ #define WOLFSSL_GMTIME
+
+ /* if struct tm is not defined in WINCE SDK */
+ #ifndef _TM_DEFINED
+ struct tm {
+ int tm_sec; /* seconds */
+ int tm_min; /* minutes */
+ int tm_hour; /* hours */
+ int tm_mday; /* day of month (month specific) */
+ int tm_mon; /* month */
+ int tm_year; /* year */
+ int tm_wday; /* day of week (out of 1-7)*/
+ int tm_yday; /* day of year (out of 365) */
+ int tm_isdst; /* is it daylight savings */
+ };
+ #define _TM_DEFINED
+ #endif
+
+#elif defined(WOLFSSL_APACHE_MYNEWT)
+ #include "os/os_time.h"
+ #define XTIME(t1) mynewt_time((t1))
+ #define WOLFSSL_GMTIME
+ #define USE_WOLF_TM
+ #define USE_WOLF_TIME_T
+
+#elif defined(WOLFSSL_ZEPHYR)
+ #ifndef _POSIX_C_SOURCE
+ #include <posix/time.h>
+ #else
+ #include <sys/time.h>
+ #endif
+
+ typedef signed int time_t;
+
+ time_t z_time(time_t *timer);
+
+ #define XTIME(tl) z_time((tl))
+ #define XGMTIME(c, t) gmtime((c))
+ #define WOLFSSL_GMTIME
+
+ #define USE_WOLF_TM
+
+#elif defined(WOLFSSL_TELIT_M2MB)
+ typedef long time_t;
+ extern time_t m2mb_xtime(time_t * timer);
+ #define XTIME(tl) m2mb_xtime((tl))
+ #ifdef WOLFSSL_TLS13
+ extern time_t m2mb_xtime_ms(time_t * timer);
+ #define XTIME_MS(tl) m2mb_xtime_ms((tl))
+ #endif
+ #ifndef NO_CRYPT_BENCHMARK
+ extern double m2mb_xtime_bench(int reset);
+ #define WOLFSSL_CURRTIME_REMAP m2mb_xtime_bench
+ #endif
+ #define XGMTIME(c, t) gmtime((c))
+ #define WOLFSSL_GMTIME
+ #define USE_WOLF_TM
+
+
+#elif defined(WOLFSSL_LINUXKM)
+ #ifdef BUILDING_WOLFSSL
+
+ /* includes are all above, with incompatible warnings masked out. */
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)
+ typedef __kernel_time_t time_t;
+ #else
+ typedef __kernel_time64_t time_t;
+ #endif
+ extern time_t time(time_t * timer);
+ #define XTIME time
+ #define WOLFSSL_GMTIME
+ #define XGMTIME(c, t) gmtime(c)
+ #define NO_TIMEVAL 1
+
+ #endif /* BUILDING_WOLFSSL */
+
+#else
+ /* default */
+ /* uses complete <time.h> facility */
+ #include <time.h>
+ #if defined(HAVE_SYS_TIME_H)
+ #include <sys/time.h>
+ #endif
+
+ /* PowerPC time_t is int */
+ #ifdef __PPC__
+ #define TIME_T_NOT_64BIT
+ #endif
+#endif
+
+#ifdef SIZEOF_TIME_T
+ /* check if size of time_t from autoconf is less than 8 bytes (64bits) */
+ #if SIZEOF_TIME_T < 8
+ #undef TIME_T_NOT_64BIT
+ #define TIME_T_NOT_64BIT
+ #endif
+#endif
+#ifdef TIME_T_NOT_LONG
+ /* one old reference to TIME_T_NOT_LONG in GCC-ARM example README
+ * this keeps support for the old macro name */
+ #undef TIME_T_NOT_64BIT
+ #define TIME_T_NOT_64BIT
+#endif
+
+/* Map default time functions */
+#if !defined(XTIME) && !defined(TIME_OVERRIDES) && !defined(USER_TIME)
+ #ifdef TEST_BEFORE_DATE
+ #define XTIME(tl) (946681200UL) /* Jan 1, 2000 */
+ #else
+ #define XTIME(tl) time((tl))
+ #endif
+#endif
+#if !defined(XGMTIME) && !defined(TIME_OVERRIDES)
+ /* Always use gmtime_r if available. */
+ #if defined(HAVE_GMTIME_R)
+ #define XGMTIME(c, t) gmtime_r((c), (t))
+ #define NEED_TMP_TIME
+ #else
+ #define XGMTIME(c, t) gmtime((c))
+ #endif
+#endif
+#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE)
+ #define USE_WOLF_VALIDDATE
+ #define XVALIDATE_DATE(d, f, t) wc_ValidateDate((d), (f), (t))
+#endif
+
+/* wolf struct tm and time_t */
+#if defined(USE_WOLF_TM)
+ struct tm {
+ int tm_sec; /* seconds after the minute [0-60] */
+ int tm_min; /* minutes after the hour [0-59] */
+ int tm_hour; /* hours since midnight [0-23] */
+ int tm_mday; /* day of the month [1-31] */
+ int tm_mon; /* months since January [0-11] */
+ int tm_year; /* years since 1900 */
+ int tm_wday; /* days since Sunday [0-6] */
+ int tm_yday; /* days since January 1 [0-365] */
+ int tm_isdst; /* Daylight Savings Time flag */
+ long tm_gmtoff; /* offset from CUT in seconds */
+ char *tm_zone; /* timezone abbreviation */
+ };
+#endif /* USE_WOLF_TM */
+#if defined(USE_WOLF_TIME_T)
+ typedef long time_t;
+#endif
+#if defined(USE_WOLF_SUSECONDS_T)
+ typedef long suseconds_t;
+#endif
+#if defined(USE_WOLF_TIMEVAL_T)
+ struct timeval
+ {
+ time_t tv_sec;
+ suseconds_t tv_usec;
+ };
+#endif
+
+ /* forward declarations */
+#if defined(USER_TIME)
+ struct tm* gmtime(const time_t* timer);
+ extern time_t XTIME(time_t * timer);
+
+ #ifdef STACK_TRAP
+ /* for stack trap tracking, don't call os gmtime on OS X/linux,
+ uses a lot of stack spce */
+ extern time_t time(time_t * timer);
+ #define XTIME(tl) time((tl))
+ #endif /* STACK_TRAP */
+
+#elif defined(TIME_OVERRIDES)
+ extern time_t XTIME(time_t * timer);
+ extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp);
+#elif defined(WOLFSSL_GMTIME)
+ struct tm* gmtime(const time_t* timer);
+#endif
+#endif /* NO_ASN_TIME */
+
+
+#ifndef WOLFSSL_LEANPSK
+ char* mystrnstr(const char* s1, const char* s2, unsigned int n);
+#endif
+
+#ifndef FILE_BUFFER_SIZE
+ #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, \
+ will use dynamic buffer if not big enough */
+#endif
+
+#ifdef HAVE_CAVIUM_OCTEON_SYNC
+ /* By default, the OCTEON's global variables are all thread local. This
+ * tag allows them to be shared between threads. */
+ #include "cvmx-platform.h"
+ #define WOLFSSL_GLOBAL CVMX_SHARED
+#else
+ #define WOLFSSL_GLOBAL
+#endif
+
+#ifdef WOLFSSL_DSP
+ #include "wolfssl_dsp.h"
+
+ /* callbacks for setting handle */
+ typedef int (*wolfSSL_DSP_Handle_cb)(remote_handle64 *handle, int finished,
+ void *ctx);
+ WOLFSSL_API int wolfSSL_GetHandleCbSet();
+ WOLFSSL_API int wolfSSL_SetHandleCb(wolfSSL_DSP_Handle_cb in);
+ WOLFSSL_LOCAL int wolfSSL_InitHandle();
+ WOLFSSL_LOCAL void wolfSSL_CleanupHandle();
+#endif
+
+#ifdef WOLFSSL_SCE
+ #ifndef WOLFSSL_SCE_GSCE_HANDLE
+ #define WOLFSSL_SCE_GSCE_HANDLE g_sce
+ #endif
+#endif
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_PORT_H */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wolfevent.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wolfevent.h
new file mode 100644
index 0000000..639f548
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wolfevent.h
@@ -0,0 +1,120 @@
+/* wolfevent.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLF_EVENT_H_
+#define _WOLF_EVENT_H_
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifndef SINGLE_THREADED
+ #include <wolfssl/wolfcrypt/wc_port.h>
+#endif
+
+typedef struct WOLF_EVENT WOLF_EVENT;
+typedef unsigned short WOLF_EVENT_FLAG;
+
+typedef enum WOLF_EVENT_TYPE {
+ WOLF_EVENT_TYPE_NONE,
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WOLF_EVENT_TYPE_ASYNC_WOLFSSL, /* context is WOLFSSL* */
+ WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, /* context is WC_ASYNC_DEV */
+ WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_WOLFSSL,
+ WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT,
+#endif /* WOLFSSL_ASYNC_CRYPT */
+} WOLF_EVENT_TYPE;
+
+typedef enum WOLF_EVENT_STATE {
+ WOLF_EVENT_STATE_READY,
+ WOLF_EVENT_STATE_PENDING,
+ WOLF_EVENT_STATE_DONE,
+} WOLF_EVENT_STATE;
+
+struct WOLF_EVENT {
+ /* double linked list */
+ WOLF_EVENT* next;
+ WOLF_EVENT* prev;
+
+ void* context;
+ union {
+ void* ptr;
+#ifdef WOLFSSL_ASYNC_CRYPT
+ struct WC_ASYNC_DEV* async;
+#endif
+ } dev;
+#ifdef HAVE_CAVIUM
+ word64 reqId;
+ #ifdef WOLFSSL_NITROX_DEBUG
+ word32 pendCount;
+ #endif
+#endif
+#ifndef WC_NO_ASYNC_THREADING
+ pthread_t threadId;
+#endif
+ int ret; /* Async return code */
+ unsigned int flags;
+ WOLF_EVENT_TYPE type;
+ WOLF_EVENT_STATE state;
+};
+
+enum WOLF_POLL_FLAGS {
+ WOLF_POLL_FLAG_CHECK_HW = 0x01,
+};
+
+typedef struct {
+ WOLF_EVENT* head; /* head of queue */
+ WOLF_EVENT* tail; /* tail of queue */
+#ifndef SINGLE_THREADED
+ wolfSSL_Mutex lock; /* queue lock */
+#endif
+ int count;
+} WOLF_EVENT_QUEUE;
+
+
+#ifdef HAVE_WOLF_EVENT
+
+/* Event */
+WOLFSSL_API int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context);
+WOLFSSL_API int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags);
+
+/* Event Queue */
+WOLFSSL_API int wolfEventQueue_Init(WOLF_EVENT_QUEUE* queue);
+WOLFSSL_API int wolfEventQueue_Push(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
+WOLFSSL_API int wolfEventQueue_Pop(WOLF_EVENT_QUEUE* queue, WOLF_EVENT** event);
+WOLFSSL_API int wolfEventQueue_Poll(WOLF_EVENT_QUEUE* queue, void* context_filter,
+ WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount);
+WOLFSSL_API int wolfEventQueue_Count(WOLF_EVENT_QUEUE* queue);
+WOLFSSL_API void wolfEventQueue_Free(WOLF_EVENT_QUEUE* queue);
+
+/* the queue mutex must be locked prior to calling these */
+WOLFSSL_API int wolfEventQueue_Add(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
+WOLFSSL_API int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
+
+
+#endif /* HAVE_WOLF_EVENT */
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* _WOLF_EVENT_H_ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wolfmath.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wolfmath.h
new file mode 100644
index 0000000..3430033
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfcrypt/wolfmath.h
@@ -0,0 +1,102 @@
+/* wolfmath.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+DESCRIPTION
+This library provides big integer math functions.
+
+*/
+#ifndef __WOLFMATH_H__
+#define __WOLFMATH_H__
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#ifdef WOLFSSL_PUBLIC_MP
+ #define MP_API WOLFSSL_API
+#else
+ #define MP_API WOLFSSL_LOCAL
+#endif
+
+#ifndef MIN
+ #define MIN(x,y) ((x)<(y)?(x):(y))
+#endif
+
+#ifndef MAX
+ #define MAX(x,y) ((x)>(y)?(x):(y))
+#endif
+
+/* timing resistance array */
+#if !defined(WC_NO_CACHE_RESISTANT) && \
+ ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
+ (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))
+
+ extern const wc_ptr_t wc_off_on_addr[2];
+#endif
+
+
+/* common math functions */
+MP_API int get_digit_count(const mp_int* a);
+MP_API mp_digit get_digit(const mp_int* a, int n);
+MP_API int get_rand_digit(WC_RNG* rng, mp_digit* d);
+
+WOLFSSL_API int mp_cond_copy(mp_int* a, int copy, mp_int* b);
+WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng);
+
+#define WC_TYPE_HEX_STR 1
+#define WC_TYPE_UNSIGNED_BIN 2
+#if defined(WOLFSSL_QNX_CAAM)
+ #define WC_TYPE_BLACK_KEY 3
+#endif
+
+WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len,
+ word32 keySz, int encType);
+
+#ifdef HAVE_WOLF_BIGINT
+ #if !defined(WOLF_BIGINT_DEFINED)
+ /* raw big integer */
+ typedef struct WC_BIGINT {
+ byte* buf;
+ word32 len;
+ void* heap;
+ } WC_BIGINT;
+ #define WOLF_BIGINT_DEFINED
+ #endif
+
+ WOLFSSL_LOCAL void wc_bigint_init(WC_BIGINT* a);
+ WOLFSSL_LOCAL int wc_bigint_alloc(WC_BIGINT* a, word32 sz);
+ WOLFSSL_LOCAL int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen);
+ WOLFSSL_LOCAL int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen);
+ WOLFSSL_LOCAL void wc_bigint_zero(WC_BIGINT* a);
+ WOLFSSL_LOCAL void wc_bigint_free(WC_BIGINT* a);
+
+ WOLFSSL_LOCAL int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst);
+ WOLFSSL_LOCAL int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz);
+ WOLFSSL_LOCAL int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst);
+#endif /* HAVE_WOLF_BIGINT */
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* __WOLFMATH_H__ */
diff --git a/ap/lib/libwolfssl/install/include/wolfssl/wolfio.h b/ap/lib/libwolfssl/install/include/wolfssl/wolfio.h
new file mode 100644
index 0000000..a233b63
--- /dev/null
+++ b/ap/lib/libwolfssl/install/include/wolfssl/wolfio.h
@@ -0,0 +1,657 @@
+/* io.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+ \file wolfssl/wolfio.h
+*/
+
+#ifndef WOLFSSL_IO_H
+#define WOLFSSL_IO_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Micrium uses NetSock I/O callbacks in wolfio.c */
+#if !defined(WOLFSSL_USER_IO)
+ /* OCSP and CRL_IO require HTTP client */
+ #if defined(HAVE_OCSP) || defined(HAVE_CRL_IO)
+ #ifndef HAVE_HTTP_CLIENT
+ #define HAVE_HTTP_CLIENT
+ #endif
+ #endif
+#endif
+
+#if !defined(WOLFSSL_USER_IO)
+ /* Micrium uses NetSock I/O callbacks in wolfio.c */
+ #if !defined(USE_WOLFSSL_IO) && !defined(MICRIUM) && \
+ !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_NO_SOCK)
+ #define USE_WOLFSSL_IO
+ #endif
+#endif
+
+
+#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
+
+#ifdef HAVE_LIBZ
+ #include "zlib.h"
+#endif
+
+#ifndef USE_WINDOWS_API
+ #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
+ /* lwIP needs to be configured to use sockets API in this mode */
+ /* LWIP_SOCKET 1 in lwip/opt.h or in build */
+ #include "lwip/sockets.h"
+ #ifndef LWIP_PROVIDE_ERRNO
+ #include <errno.h>
+ #define LWIP_PROVIDE_ERRNO 1
+ #endif
+ #elif defined(FREESCALE_MQX)
+ #include <posix.h>
+ #include <rtcs.h>
+ #elif defined(FREESCALE_KSDK_MQX)
+ #include <rtcs.h>
+ #elif (defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET))
+ #include "rl_net.h"
+ #include "errno.h"
+ #elif defined(WOLFSSL_CMSIS_RTOS)
+ #include "cmsis_os.h"
+ #elif defined(WOLFSSL_CMSIS_RTOSv2)
+ #include "cmsis_os2.h"
+ #elif defined(WOLFSSL_TIRTOS)
+ #include <sys/socket.h>
+ #elif defined(FREERTOS_TCP)
+ #include "FreeRTOS_Sockets.h"
+ #elif defined(WOLFSSL_IAR_ARM)
+ /* nothing */
+ #elif defined(HAVE_NETX_BSD)
+ #ifdef NETX_DUO
+ #include "nxd_bsd.h"
+ #else
+ #include "nx_bsd.h"
+ #endif
+ #elif defined(WOLFSSL_VXWORKS)
+ #include <sockLib.h>
+ #include <errno.h>
+ #elif defined(WOLFSSL_NUCLEUS_1_2)
+ #include <externs.h>
+ #include <errno.h>
+ #elif defined(WOLFSSL_LINUXKM)
+ /* the requisite linux/net.h is included in wc_port.h, with incompatible warnings masked out. */
+ #elif defined(WOLFSSL_ATMEL)
+ #include "socket/include/socket.h"
+ #elif defined(INTIME_RTOS)
+ #undef MIN
+ #undef MAX
+ #include <rt.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netdb.h>
+ #include <netinet/in.h>
+ #include <io.h>
+ /* <sys/socket.h> defines these, to avoid conflict, do undef */
+ #undef SOCKADDR
+ #undef SOCKADDR_IN
+ #elif defined(WOLFSSL_PRCONNECT_PRO)
+ #include <prconnect_pro/prconnect_pro.h>
+ #include <sys/types.h>
+ #include <errno.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+ #include <netdb.h>
+ #include <sys/ioctl.h>
+ #elif defined(WOLFSSL_SGX)
+ #include <errno.h>
+ #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
+ #include <mn_socket/mn_socket.h>
+ #elif defined(WOLFSSL_DEOS)
+ #include <socketapi.h>
+ #include <lwip-socket.h>
+ #include <errno.h>
+ #elif defined(WOLFSSL_ZEPHYR)
+ #include <net/socket.h>
+ #elif defined(MICROCHIP_PIC32)
+ #include <sys/errno.h>
+ #elif defined(HAVE_NETX)
+ #include "nx_api.h"
+ #include "errno.h"
+ #elif defined(FUSION_RTOS)
+ #include <sys/fcltypes.h>
+ #include <fclerrno.h>
+ #include <fclfcntl.h>
+ #elif !defined(WOLFSSL_NO_SOCK)
+ #include <sys/types.h>
+ #include <errno.h>
+ #ifndef EBSNET
+ #include <unistd.h>
+ #endif
+ #include <fcntl.h>
+ #define XFCNTL(fd, flag, block) fcntl((fd), (flag), (block))
+
+ #if defined(HAVE_RTP_SYS)
+ #include <socket.h>
+ #elif defined(EBSNET)
+ #include "rtipapi.h" /* errno */
+ #include "socket.h"
+ #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \
+ && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
+ && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
+ #include <sys/socket.h>
+ #include <arpa/inet.h>
+ #include <netinet/in.h>
+ #include <netdb.h>
+ #ifdef __PPU
+ #include <netex/errno.h>
+ #else
+ #include <sys/ioctl.h>
+ #endif
+ #endif
+ #endif
+
+ #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) /* Uses FREERTOS_TCP */
+ #include <errno.h>
+ #endif
+
+#endif /* USE_WINDOWS_API */
+
+#ifdef __sun
+ #include <sys/filio.h>
+#endif
+
+#ifdef USE_WINDOWS_API
+ /* no epipe yet */
+ #ifndef WSAEPIPE
+ #define WSAEPIPE -12345
+ #endif
+ #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
+ #define SOCKET_EAGAIN WSAETIMEDOUT
+ #define SOCKET_ECONNRESET WSAECONNRESET
+ #define SOCKET_EINTR WSAEINTR
+ #define SOCKET_EPIPE WSAEPIPE
+ #define SOCKET_ECONNREFUSED WSAENOTCONN
+ #define SOCKET_ECONNABORTED WSAECONNABORTED
+#elif defined(__PPU)
+ #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
+ #define SOCKET_EAGAIN SYS_NET_EAGAIN
+ #define SOCKET_ECONNRESET SYS_NET_ECONNRESET
+ #define SOCKET_EINTR SYS_NET_EINTR
+ #define SOCKET_EPIPE SYS_NET_EPIPE
+ #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
+ #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ #if MQX_USE_IO_OLD
+ /* RTCS old I/O doesn't have an EWOULDBLOCK */
+ #define SOCKET_EWOULDBLOCK EAGAIN
+ #define SOCKET_EAGAIN EAGAIN
+ #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET
+ #define SOCKET_EINTR EINTR
+ #define SOCKET_EPIPE EPIPE
+ #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
+ #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
+ #else
+ #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK
+ #define SOCKET_EAGAIN NIO_EAGAIN
+ #define SOCKET_ECONNRESET NIO_ECONNRESET
+ #define SOCKET_EINTR NIO_EINTR
+ #define SOCKET_EPIPE NIO_EPIPE
+ #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED
+ #define SOCKET_ECONNABORTED NIO_ECONNABORTED
+ #endif
+#elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
+ #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
+ #define SOCKET_EAGAIN BSD_ERROR_LOCKED
+ #define SOCKET_ECONNRESET BSD_ERROR_CLOSED
+ #define SOCKET_EINTR BSD_ERROR
+ #define SOCKET_EPIPE BSD_ERROR
+ #define SOCKET_ECONNREFUSED BSD_ERROR
+ #define SOCKET_ECONNABORTED BSD_ERROR
+#elif defined(WOLFSSL_PICOTCP)
+ #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN
+ #define SOCKET_EAGAIN PICO_ERR_EAGAIN
+ #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET
+ #define SOCKET_EINTR PICO_ERR_EINTR
+ #define SOCKET_EPIPE PICO_ERR_EIO
+ #define SOCKET_ECONNREFUSED PICO_ERR_ECONNREFUSED
+ #define SOCKET_ECONNABORTED PICO_ERR_ESHUTDOWN
+#elif defined(FREERTOS_TCP)
+ #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK
+ #define SOCKET_EAGAIN FREERTOS_EWOULDBLOCK
+ #define SOCKET_ECONNRESET FREERTOS_SOCKET_ERROR
+ #define SOCKET_EINTR FREERTOS_SOCKET_ERROR
+ #define SOCKET_EPIPE FREERTOS_SOCKET_ERROR
+ #define SOCKET_ECONNREFUSED FREERTOS_SOCKET_ERROR
+ #define SOCKET_ECONNABORTED FREERTOS_SOCKET_ERROR
+#elif defined(WOLFSSL_NUCLEUS_1_2)
+ #define SOCKET_EWOULDBLOCK NU_WOULD_BLOCK
+ #define SOCKET_EAGAIN NU_WOULD_BLOCK
+ #define SOCKET_ECONNRESET NU_NOT_CONNECTED
+ #define SOCKET_EINTR NU_NOT_CONNECTED
+ #define SOCKET_EPIPE NU_NOT_CONNECTED
+ #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED
+ #define SOCKET_ECONNABORTED NU_NOT_CONNECTED
+#elif defined(WOLFSSL_DEOS)
+ /* `sockaddr_storage` is not defined in DEOS. This workaround will
+ * work for IPV4, but not IPV6
+ */
+ #define sockaddr_storage sockaddr_in
+ #define SOCKET_EWOULDBLOCK EAGAIN
+ #define SOCKET_EAGAIN EAGAIN
+ #define SOCKET_ECONNRESET EINTR
+ #define SOCKET_EINTR EINTR
+ #define SOCKET_EPIPE EPIPE
+ #define SOCKET_ECONNREFUSED SOCKET_ERROR
+ #define SOCKET_ECONNABORTED SOCKET_ERROR
+#elif defined(HAVE_NETX)
+ #define SOCKET_EWOULDBLOCK NX_NOT_CONNECTED
+ #define SOCKET_EAGAIN NX_NOT_CONNECTED
+ #define SOCKET_ECONNRESET NX_NOT_CONNECTED
+ #define SOCKET_EINTR NX_NOT_CONNECTED
+ #define SOCKET_EPIPE NX_NOT_CONNECTED
+ #define SOCKET_ECONNREFUSED NX_NOT_CONNECTED
+ #define SOCKET_ECONNABORTED NX_NOT_CONNECTED
+#elif defined(FUSION_RTOS)
+ #define SOCKET_EWOULDBLOCK FCL_EWOULDBLOCK
+ #define SOCKET_EAGAIN FCL_EAGAIN
+ #define SOCKET_ECONNRESET FNS_ECONNRESET
+ #define SOCKET_EINTR FCL_EINTR
+ #define SOCKET_EPIPE FCL_EPIPE
+ #define SOCKET_ECONNREFUSED FCL_ECONNREFUSED
+ #define SOCKET_ECONNABORTED FNS_ECONNABORTED
+#else
+ #define SOCKET_EWOULDBLOCK EWOULDBLOCK
+ #define SOCKET_EAGAIN EAGAIN
+ #define SOCKET_ECONNRESET ECONNRESET
+ #define SOCKET_EINTR EINTR
+ #define SOCKET_EPIPE EPIPE
+ #define SOCKET_ECONNREFUSED ECONNREFUSED
+ #define SOCKET_ECONNABORTED ECONNABORTED
+#endif /* USE_WINDOWS_API */
+
+#ifdef DEVKITPRO
+ /* from network.h */
+ #include <network.h>
+ #define SEND_FUNCTION net_send
+ #define RECV_FUNCTION net_recv
+#elif defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
+ #define SEND_FUNCTION lwip_send
+ #define RECV_FUNCTION lwip_recv
+#elif defined(WOLFSSL_PICOTCP)
+ #define SEND_FUNCTION pico_send
+ #define RECV_FUNCTION pico_recv
+#elif defined(FREERTOS_TCP)
+ #define RECV_FUNCTION(a,b,c,d) FreeRTOS_recv((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
+ #define SEND_FUNCTION(a,b,c,d) FreeRTOS_send((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
+#elif defined(WOLFSSL_VXWORKS)
+ #define SEND_FUNCTION send
+ #define RECV_FUNCTION recv
+#elif defined(WOLFSSL_NUCLEUS_1_2)
+ #define SEND_FUNCTION NU_Send
+ #define RECV_FUNCTION NU_Recv
+#elif defined(FUSION_RTOS)
+ #define SEND_FUNCTION FNS_SEND
+ #define RECV_FUNCTION FNS_RECV
+#elif defined(WOLFSSL_ZEPHYR)
+ #ifndef WOLFSSL_MAX_SEND_SZ
+ #define WOLFSSL_MAX_SEND_SZ 256
+ #endif
+
+ #define SEND_FUNCTION send
+ #define RECV_FUNCTION recv
+#elif defined(WOLFSSL_LINUXKM)
+ #define SEND_FUNCTION linuxkm_send
+ #define RECV_FUNCTION linuxkm_recv
+#else
+ #define SEND_FUNCTION send
+ #define RECV_FUNCTION recv
+ #if !defined(HAVE_SOCKADDR) && !defined(WOLFSSL_NO_SOCK)
+ #define HAVE_SOCKADDR
+ #endif
+#endif
+
+#ifdef USE_WINDOWS_API
+ typedef unsigned int SOCKET_T;
+ #ifndef SOCKET_INVALID
+ #define SOCKET_INVALID INVALID_SOCKET
+ #endif
+#else
+ typedef int SOCKET_T;
+ #ifndef SOCKET_INVALID
+ #define SOCKET_INVALID -1
+ #endif
+#endif
+
+#ifndef WOLFSSL_NO_SOCK
+ #ifndef XSOCKLENT
+ #ifdef USE_WINDOWS_API
+ #define XSOCKLENT int
+ #else
+ #define XSOCKLENT socklen_t
+ #endif
+ #endif
+
+ /* Socket Addr Support */
+ #ifdef HAVE_SOCKADDR
+ typedef struct sockaddr SOCKADDR;
+ typedef struct sockaddr_storage SOCKADDR_S;
+ typedef struct sockaddr_in SOCKADDR_IN;
+ #ifdef WOLFSSL_IPV6
+ typedef struct sockaddr_in6 SOCKADDR_IN6;
+ #endif
+ typedef struct hostent HOSTENT;
+ #endif /* HAVE_SOCKADDR */
+
+ /* use gethostbyname for c99 */
+ #if defined(HAVE_GETADDRINFO) && !defined(WOLF_C99)
+ typedef struct addrinfo ADDRINFO;
+ #endif
+#endif /* WOLFSSL_NO_SOCK */
+
+
+/* IO API's */
+#ifdef HAVE_IO_TIMEOUT
+ WOLFSSL_API int wolfIO_SetBlockingMode(SOCKET_T sockfd, int non_blocking);
+ WOLFSSL_API void wolfIO_SetTimeout(int to_sec);
+ WOLFSSL_API int wolfIO_Select(SOCKET_T sockfd, int to_sec);
+#endif
+WOLFSSL_API int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip,
+ unsigned short port, int to_sec);
+WOLFSSL_API int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags);
+WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
+
+#endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */
+
+#ifndef WOLFSSL_NO_SOCK
+#ifdef USE_WINDOWS_API
+ #ifndef CloseSocket
+ #define CloseSocket(s) closesocket(s)
+ #endif
+ #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
+#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ #ifndef CloseSocket
+ extern int closesocket(int);
+ #define CloseSocket(s) closesocket(s)
+ #endif
+ #define StartTCP()
+#elif defined(FUSION_RTOS)
+ #ifndef CloseSocket
+ #define CloseSocket(s) do { \
+ int err; \
+ FNS_CLOSE(s, &err); \
+ } while(0)
+ #endif
+#else
+ #ifndef CloseSocket
+ #define CloseSocket(s) close(s)
+ #endif
+ #define StartTCP()
+ #ifdef FREERTOS_TCP_WINSIM
+ extern int close(int);
+ #endif
+#endif
+#endif /* WOLFSSL_NO_SOCK */
+
+
+WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+#if defined(USE_WOLFSSL_IO)
+ /* default IO callbacks */
+ WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+ WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+
+ #ifdef WOLFSSL_DTLS
+ WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
+ WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+ WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
+ int sz, void*);
+ #ifdef WOLFSSL_MULTICAST
+ WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL* ssl,
+ char* buf, int sz, void*);
+ #endif /* WOLFSSL_MULTICAST */
+ #ifdef WOLFSSL_SESSION_EXPORT
+ WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
+ unsigned short* port, int* fam);
+ WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
+ unsigned short port, int fam);
+ #endif /* WOLFSSL_SESSION_EXPORT */
+ #endif /* WOLFSSL_DTLS */
+#endif /* USE_WOLFSSL_IO */
+
+#ifdef HAVE_OCSP
+ WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName,
+ const char* path, int ocspReqSz, unsigned char* buf, int bufSize);
+ WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd,
+ unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
+ void* heap);
+
+ WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
+ int, unsigned char**);
+ WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);
+#endif
+
+#ifdef HAVE_CRL_IO
+ WOLFSSL_API int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz,
+ const char* domainName, unsigned char* buf, int bufSize);
+ WOLFSSL_API int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd,
+ unsigned char* httpBuf, int httpBufSz);
+
+ WOLFSSL_API int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url,
+ int urlSz);
+#endif
+
+
+#if defined(HAVE_HTTP_CLIENT)
+ WOLFSSL_API int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName,
+ char* outPath, unsigned short* outPort);
+
+ WOLFSSL_API int wolfIO_HttpBuildRequest(const char* reqType,
+ const char* domainName, const char* path, int pathLen, int reqSz,
+ const char* contentType, unsigned char* buf, int bufSize);
+ WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType,
+ const char* domainName, const char* path, int pathLen, int reqSz,
+ const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize);
+ WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
+ unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
+ int dynType, void* heap);
+#endif /* HAVE_HTTP_CLIENT */
+
+
+/* I/O callbacks */
+typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
+typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
+WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
+WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
+WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL*, CallbackIORecv);
+WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL*, CallbackIOSend);
+/* deprecated old name */
+#define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv
+#define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend
+
+WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
+
+WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
+WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
+
+WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
+WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
+
+
+#ifdef HAVE_NETX
+ WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
+ WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
+
+ WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
+ ULONG waitoption);
+#endif /* HAVE_NETX */
+
+#ifdef MICRIUM
+ WOLFSSL_LOCAL int MicriumSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+ WOLFSSL_LOCAL int MicriumReceive(WOLFSSL* ssl, char* buf, int sz,
+ void* ctx);
+ WOLFSSL_LOCAL int MicriumReceiveFrom(WOLFSSL* ssl, char* buf, int sz,
+ void* ctx);
+ WOLFSSL_LOCAL int MicriumSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+#endif /* MICRIUM */
+
+#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
+ WOLFSSL_LOCAL int Mynewt_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
+ WOLFSSL_LOCAL int Mynewt_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+ WOLFSSL_API void wolfSSL_SetIO_Mynewt(WOLFSSL* ssl, struct mn_socket* mnSocket,
+ struct mn_sockaddr_in* mnSockAddrIn);
+#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
+
+#ifdef WOLFSSL_UIP
+
+ struct uip_wolfssl_ctx {
+ union socket_connector {
+ struct tcp_socket tcp;
+ struct udp_socket udp;
+ } conn;
+ WOLFSSL_CTX *ctx;
+ WOLFSSL *ssl;
+ byte *input_databuf;
+ byte *output_databuf;
+ byte *ssl_rx_databuf;
+ int ssl_rb_len;
+ int ssl_rb_off;
+ struct process *process;
+ tcp_socket_data_callback_t input_callback;
+ tcp_socket_event_callback_t event_callback;
+ int closing;
+ uip_ipaddr_t peer_addr;
+ word16 peer_port;
+ };
+
+ typedef struct uip_wolfssl_ctx uip_wolfssl_ctx;
+
+ WOLFSSL_LOCAL int uIPSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+ WOLFSSL_LOCAL int uIPReceive(WOLFSSL* ssl, char* buf, int sz,
+ void* ctx);
+ WOLFSSL_LOCAL int uIPReceiveFrom(WOLFSSL* ssl, char* buf, int sz,
+ void* ctx);
+ WOLFSSL_LOCAL int uIPSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+
+#endif
+
+#ifdef WOLFSSL_GNRC
+ #include <sock_types.h>
+ #include <net/gnrc.h>
+ #include <net/af.h>
+ #include <net/sock.h>
+ #include <net/gnrc/tcp.h>
+ #include <net/gnrc/udp.h>
+
+ struct gnrc_wolfssl_ctx {
+ union socket_connector {
+ #ifdef MODULE_SOCK_TCP
+ sock_tcp_t tcp;
+ #endif
+ sock_udp_t udp;
+ } conn;
+ WOLFSSL_CTX *ctx;
+ WOLFSSL *ssl;
+
+ int closing;
+ struct _sock_tl_ep peer_addr;
+ };
+
+ typedef struct gnrc_wolfssl_ctx sock_tls_t;
+
+ WOLFSSL_LOCAL int GNRC_ReceiveFrom(WOLFSSL* ssl, char* buf, int sz,
+ void* ctx);
+ WOLFSSL_LOCAL int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+
+#endif
+
+
+#ifdef WOLFSSL_DTLS
+ typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
+ void* ctx);
+ WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie);
+ WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
+ WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
+
+ #ifdef WOLFSSL_SESSION_EXPORT
+ typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz,
+ unsigned short* port, int* fam);
+ typedef int (*CallbackSetPeer)(WOLFSSL* ssl, char* ip, int ipSz,
+ unsigned short port, int fam);
+
+ WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer);
+ WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer);
+ #endif /* WOLFSSL_SESSION_EXPORT */
+#endif
+
+
+
+#ifndef XINET_NTOP
+ #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
+ #ifdef USE_WINDOWS_API /* Windows-friendly definition */
+ #undef XINET_NTOP
+ #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d))
+ #endif
+#endif
+#ifndef XINET_PTON
+ #define XINET_PTON(a,b,c) inet_pton((a),(b),(c))
+ #ifdef USE_WINDOWS_API /* Windows-friendly definition */
+ #undef XINET_PTON
+ #define XINET_PTON(a,b,c) InetPton((a),(b),(c))
+ #endif
+#endif
+
+#ifndef XHTONS
+ #if !defined(WOLFSSL_NO_SOCK) && (defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT))
+ #define XHTONS(a) htons((a))
+ #else
+ /* we don't have sockets, so define our own htons and ntohs */
+ #ifdef BIG_ENDIAN_ORDER
+ #define XHTONS(a) (a)
+ #else
+ #define XHTONS(a) ((((a) >> 8) & 0xff) | (((a) & 0xff) << 8))
+ #endif
+ #endif
+#endif
+#ifndef XNTOHS
+ #if !defined(WOLFSSL_NO_SOCK) && (defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT))
+ #define XNTOHS(a) ntohs((a))
+ #else
+ /* we don't have sockets, so define our own htons and ntohs */
+ #ifdef BIG_ENDIAN_ORDER
+ #define XNTOHS(a) (a)
+ #else
+ #define XNTOHS(a) ((((a) >> 8) & 0xff) | (((a) & 0xff) << 8))
+ #endif
+ #endif
+#endif
+
+#ifndef WOLFSSL_IP4
+ #define WOLFSSL_IP4 AF_INET
+#endif
+#ifndef WOLFSSL_IP6
+ #define WOLFSSL_IP6 AF_INET6
+#endif
+
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_IO_H */
diff --git a/ap/lib/libwolfssl/install/lib/libwolfssl.a b/ap/lib/libwolfssl/install/lib/libwolfssl.a
new file mode 100644
index 0000000..f6639a6
--- /dev/null
+++ b/ap/lib/libwolfssl/install/lib/libwolfssl.a
Binary files differ
diff --git a/ap/lib/libwolfssl/install/lib/libwolfssl.la b/ap/lib/libwolfssl/install/lib/libwolfssl.la
new file mode 100755
index 0000000..933ac6a
--- /dev/null
+++ b/ap/lib/libwolfssl/install/lib/libwolfssl.la
@@ -0,0 +1,41 @@
+# libwolfssl.la - a libtool library file
+# Generated by libtool (GNU libtool) 2.4.6 Debian-2.4.6-2
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='libwolfssl.a'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags=' -pthread'
+
+# Libraries that this one depends upon.
+dependency_libs=' -lm -lpthread'
+
+# Names of additional weak libraries provided by this library
+weak_library_names=''
+
+# Version information for libwolfssl.
+current=29
+age=5
+revision=1
+
+# Is this an already installed library?
+installed=yes
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=no
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir='/home/zhouguopo/code2/v3t/ap/project/zx297520v3/prj_mdl/build/../../../../lib/libwolfssl/install/lib'
diff --git a/ap/lib/libwolfssl/install/lib/pkgconfig/wolfssl.pc b/ap/lib/libwolfssl/install/lib/pkgconfig/wolfssl.pc
new file mode 100644
index 0000000..7b682ef
--- /dev/null
+++ b/ap/lib/libwolfssl/install/lib/pkgconfig/wolfssl.pc
@@ -0,0 +1,10 @@
+prefix=/home/zhouguopo/code2/v3t/ap/project/zx297520v3/prj_mdl/build/../../../../lib/libwolfssl/install
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: wolfssl
+Description: wolfssl C library.
+Version: 4.8.1
+Libs: -L${libdir} -lwolfssl
+Cflags: -I${includedir}
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/README.txt b/ap/lib/libwolfssl/install/share/doc/wolfssl/README.txt
new file mode 100644
index 0000000..efaed1b
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/README.txt
@@ -0,0 +1,8 @@
+The wolfSSL manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-Manual.pdf
+
+The wolfSSL API guide is available at:
+https://www.wolfssl.com/doxygen/wolfssl_API.html
+
+The wolfCrypt API guide is available at:
+https://www.wolfssl.com/doxygen/wolfcrypt_API.html
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/client.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/client.c
new file mode 100644
index 0000000..6772c82
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/client.c
@@ -0,0 +1,4018 @@
+/* client.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#ifndef WOLFSSL_USER_SETTINGS
+ #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#include <wolfssl/ssl.h>
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+#include <wolfsentry/wolfsentry.h>
+#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+static const char *wolfsentry_config_path = NULL;
+#endif
+#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
+
+#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ #include <stdio.h>
+ #include <string.h>
+ #include "rl_fs.h"
+ #include "rl_net.h"
+#endif
+
+#include <wolfssl/test.h>
+
+#include <examples/client/client.h>
+#include <wolfssl/error-ssl.h>
+
+#ifndef NO_WOLFSSL_CLIENT
+
+#ifdef NO_FILESYSTEM
+#ifdef NO_RSA
+#error currently the example only tries to load in a RSA buffer
+#endif
+#undef USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+#undef USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#endif
+
+#ifdef USE_FAST_MATH
+ /* included to inspect the size of FP_MAX_BITS */
+ /* need integer.h header to make sure right math version used */
+ #include <wolfssl/wolfcrypt/integer.h>
+#endif
+#ifdef HAVE_ECC
+ #include <wolfssl/wolfcrypt/ecc.h>
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ static int devId = INVALID_DEVID;
+#endif
+
+#define DEFAULT_TIMEOUT_SEC 2
+#ifndef MAX_NON_BLOCK_SEC
+#define MAX_NON_BLOCK_SEC 10
+#endif
+
+#define OCSP_STAPLING 1
+#define OCSP_STAPLINGV2 2
+#define OCSP_STAPLINGV2_MULTI 3
+#define OCSP_STAPLING_OPT_MAX OCSP_STAPLINGV2_MULTI
+
+#ifdef WOLFSSL_ALT_TEST_STRINGS
+ #define TEST_STR_TERM "\n"
+#else
+ #define TEST_STR_TERM
+#endif
+
+static const char kHelloMsg[] = "hello wolfssl!" TEST_STR_TERM;
+#ifndef NO_SESSION_CACHE
+static const char kResumeMsg[] = "resuming wolfssl!" TEST_STR_TERM;
+#endif
+
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_EARLY_DATA)
+ static const char kEarlyMsg[] = "A drop of info" TEST_STR_TERM;
+#endif
+static const char kHttpGetMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
+
+/* Write needs to be largest of the above strings (29) */
+#define CLI_MSG_SZ 32
+/* Read needs to be at least sizeof server.c `webServerMsg` (226) */
+#define CLI_REPLY_SZ 256
+
+#if defined(XSLEEP_US) && defined(NO_MAIN_DRIVER)
+ /* This is to force the server's thread to get a chance to
+ * execute before continuing the resume in non-blocking
+ * DTLS test cases. */
+ #define TEST_DELAY() XSLEEP_US(10000)
+#else
+ #define TEST_DELAY() XSLEEP_MS(1000)
+#endif
+
+/* Note on using port 0: the client standalone example doesn't utilize the
+ * port 0 port sharing; that is used by (1) the server in external control
+ * test mode and (2) the testsuite which uses this code and sets up the correct
+ * port numbers when the internal thread using the server code using port 0. */
+
+static int lng_index = 0;
+#ifdef WOLFSSL_CALLBACKS
+ WOLFSSL_TIMEVAL timeoutConnect;
+ static int handShakeCB(HandShakeInfo* info)
+ {
+ (void)info;
+ return 0;
+ }
+
+ static int timeoutCB(TimeoutInfo* info)
+ {
+ (void)info;
+ return 0;
+ }
+
+#endif
+
+#ifdef HAVE_SESSION_TICKET
+ static int sessionTicketCB(WOLFSSL* ssl,
+ const unsigned char* ticket, int ticketSz,
+ void* ctx)
+ {
+ (void)ssl;
+ (void)ticket;
+ printf("Session Ticket CB: ticketSz = %d, ctx = %s\n",
+ ticketSz, (char*)ctx);
+ return 0;
+ }
+#endif
+
+static int NonBlockingSSL_Connect(WOLFSSL* ssl)
+{
+ int ret;
+ int error;
+ SOCKET_T sockfd;
+ int select_ret = 0;
+ int elapsedSec = 0;
+
+#ifndef WOLFSSL_CALLBACKS
+ ret = wolfSSL_connect(ssl);
+#else
+ ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeoutConnect);
+#endif
+ error = wolfSSL_get_error(ssl, 0);
+ sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
+
+ while (ret != WOLFSSL_SUCCESS &&
+ (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ || error == WC_PENDING_E
+ #endif
+ #ifdef WOLFSSL_NONBLOCK_OCSP
+ || error == OCSP_WANT_READ
+ #endif
+ )) {
+ int currTimeout = 1;
+
+ if (error == WOLFSSL_ERROR_WANT_READ)
+ printf("... client would read block\n");
+ else if (error == WOLFSSL_ERROR_WANT_WRITE)
+ printf("... client would write block\n");
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ if (error == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ else
+#endif
+ {
+ if (error == WOLFSSL_ERROR_WANT_WRITE) {
+ select_ret = tcp_select_tx(sockfd, currTimeout);
+
+ }
+ else
+ {
+ #ifdef WOLFSSL_DTLS
+ currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
+ #endif
+ select_ret = tcp_select(sockfd, currTimeout);
+ }
+ }
+
+ if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
+ || (select_ret == TEST_ERROR_READY)
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ || error == WC_PENDING_E
+ #endif
+ ) {
+ #ifndef WOLFSSL_CALLBACKS
+ ret = wolfSSL_connect(ssl);
+ #else
+ ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB,
+ timeoutConnect);
+ #endif
+ error = wolfSSL_get_error(ssl, 0);
+ elapsedSec = 0; /* reset elapsed */
+ }
+ else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
+ error = WOLFSSL_ERROR_WANT_READ;
+
+ elapsedSec += currTimeout;
+ if (elapsedSec > MAX_NON_BLOCK_SEC) {
+ printf("Nonblocking connect timeout\n");
+ error = WOLFSSL_FATAL_ERROR;
+ }
+ }
+#ifdef WOLFSSL_DTLS
+ else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
+ wolfSSL_dtls_got_timeout(ssl) >= 0) {
+ error = WOLFSSL_ERROR_WANT_READ;
+ }
+#endif
+ else {
+ error = WOLFSSL_FATAL_ERROR;
+ }
+ }
+
+ return ret;
+}
+
+
+static void ShowCiphers(void)
+{
+ static char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
+
+ int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+ if (ret == WOLFSSL_SUCCESS)
+ printf("%s\n", ciphers);
+}
+
+/* Shows which versions are valid */
+static void ShowVersions(void)
+{
+#ifndef NO_OLD_TLS
+ #ifdef WOLFSSL_ALLOW_SSLV3
+ printf("0:");
+ #endif
+ #ifdef WOLFSSL_ALLOW_TLSV10
+ printf("1:");
+ #endif
+ printf("2:");
+#endif /* NO_OLD_TLS */
+#ifndef WOLFSSL_NO_TLS12
+ printf("3:");
+#endif
+#ifdef WOLFSSL_TLS13
+ printf("4:");
+#endif
+ printf("d(downgrade):");
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ printf("e(either):");
+#endif
+ printf("\n");
+}
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+#define MAX_GROUP_NUMBER 4
+static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
+ int useX448, int setGroups)
+{
+ int ret;
+ int groups[MAX_GROUP_NUMBER] = {0};
+ int count = 0;
+
+ (void)useX25519;
+ (void)useX448;
+
+ WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
+ if (onlyKeyShare == 0 || onlyKeyShare == 2) {
+ if (useX25519) {
+ #ifdef HAVE_CURVE25519
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_ECC_X25519;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use curve x25519");
+ } while (ret == WC_PENDING_E);
+ #endif
+ }
+ else if (useX448) {
+ #ifdef HAVE_CURVE448
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_ECC_X448;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use curve x448");
+ } while (ret == WC_PENDING_E);
+ #endif
+ }
+ else {
+ #ifdef HAVE_ECC
+ #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_ECC_SECP256R1;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use curve secp256r1");
+ } while (ret == WC_PENDING_E);
+ #endif
+ #endif
+ }
+ }
+ if (onlyKeyShare == 0 || onlyKeyShare == 1) {
+ #ifdef HAVE_FFDHE_2048
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_FFDHE_2048;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use DH 2048-bit parameters");
+ } while (ret == WC_PENDING_E);
+ #endif
+ }
+ if (count >= MAX_GROUP_NUMBER)
+ err_sys("example group array size error");
+ if (setGroups && count > 0) {
+ if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
+ err_sys("unable to set groups");
+ }
+ WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
+}
+#endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */
+
+#ifdef WOLFSSL_EARLY_DATA
+static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
+ int msgSz, char* buffer)
+{
+ int err;
+ int ret;
+
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
+ if (ret <= 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != msgSz) {
+ printf("SSL_write_early_data msg error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("SSL_write_early_data failed");
+ }
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
+ if (ret <= 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != msgSz) {
+ printf("SSL_write_early_data msg error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl);
+ wolfSSL_CTX_free(ctx);
+ err_sys("SSL_write_early_data failed");
+ }
+}
+#endif
+
+/* Measures average time to create, connect and disconnect a connection (TPS).
+Benchmark = number of connections. */
+static const char* client_bench_conmsg[][5] = {
+ /* English */
+ {
+ "wolfSSL_resume avg took:", "milliseconds\n",
+ "wolfSSL_connect avg took:", "milliseconds\n",
+ NULL
+ },
+ #ifndef NO_MULTIBYTE_PRINT
+ /* Japanese */
+ {
+ "wolfSSL_resume 平均時間:", "ミリ秒\n",
+ "wolfSSL_connect 平均時間:", "ミリ秒\n",
+ }
+ #endif
+};
+
+static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
+ int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
+ int useX448, int helloRetry, int onlyKeyShare, int version, int earlyData)
+{
+ /* time passed in number of connects give average */
+ int times = benchmark, skip = times * 0.1;
+ int loops = resumeSession ? 2 : 1;
+ int i = 0, err, ret;
+#ifndef NO_SESSION_CACHE
+ WOLFSSL_SESSION* benchSession = NULL;
+#endif
+#ifdef WOLFSSL_TLS13
+ byte reply[CLI_REPLY_SZ];
+#endif
+ const char** words = client_bench_conmsg[lng_index];
+
+ (void)resumeSession;
+ (void)useX25519;
+ (void)useX448;
+ (void)helloRetry;
+ (void)onlyKeyShare;
+ (void)version;
+ (void)earlyData;
+
+ while (loops--) {
+ #ifndef NO_SESSION_CACHE
+ int benchResume = resumeSession && loops == 0;
+ #endif
+ double start = current_time(1), avg;
+
+ for (i = 0; i < times; i++) {
+ SOCKET_T sockfd;
+ WOLFSSL* ssl;
+
+ if (i == skip)
+ start = current_time(1);
+
+ ssl = wolfSSL_new(ctx);
+ if (ssl == NULL)
+ err_sys("unable to get SSL object");
+
+ #ifndef NO_SESSION_CACHE
+ if (benchResume)
+ wolfSSL_set_session(ssl, benchSession);
+ #endif
+ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+ else if (version >= 4) {
+ if (!helloRetry)
+ SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, 1);
+ else
+ wolfSSL_NoKeyShares(ssl);
+ }
+ #endif
+
+ tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
+
+ if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
+ err_sys("error in setting fd");
+ }
+
+ #if defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
+ defined(WOLFSSL_EARLY_DATA)
+ if (version >= 4 && benchResume && earlyData) {
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+ EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
+ }
+ #endif
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_connect(ssl);
+#ifdef WOLFSSL_EARLY_DATA
+ EarlyDataStatus(ssl);
+#endif
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != WOLFSSL_SUCCESS) {
+ err_sys("SSL_connect failed");
+ }
+
+ #ifdef WOLFSSL_TLS13
+ #ifndef NO_SESSION_CACHE
+ if (version >= 4 && resumeSession && !benchResume)
+ #else
+ if (version >= 4 && resumeSession)
+ #endif
+ {
+ /* no null term */
+ if (wolfSSL_write(ssl, kHttpGetMsg, sizeof(kHttpGetMsg)-1) <= 0)
+ err_sys("SSL_write failed");
+
+ if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
+ err_sys("SSL_read failed");
+ }
+ #endif
+
+
+ wolfSSL_shutdown(ssl);
+ #ifndef NO_SESSION_CACHE
+ if (i == (times-1) && resumeSession) {
+ benchSession = wolfSSL_get_session(ssl);
+ }
+ #endif
+ wolfSSL_free(ssl); ssl = NULL;
+ CloseSocket(sockfd);
+ }
+ avg = current_time(0) - start;
+ avg /= (times - skip);
+ avg *= 1000; /* milliseconds */
+ #ifndef NO_SESSION_CACHE
+ if (benchResume)
+ printf("%s %8.3f %s\n", words[0],avg, words[1]);
+ else
+ #endif
+ printf("%s %8.3f %s\n", words[2],avg, words[3]);
+
+ WOLFSSL_TIME(times);
+ }
+
+ return EXIT_SUCCESS;
+}
+
+/* Measures throughput in mbps. Throughput = number of bytes */
+static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
+ int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519,
+ int useX448, int exitWithRet, int version, int onlyKeyShare)
+{
+ double start, conn_time = 0, tx_time = 0, rx_time = 0;
+ SOCKET_T sockfd;
+ WOLFSSL* ssl;
+ int ret = 0, err = 0;
+
+ start = current_time(1);
+ ssl = wolfSSL_new(ctx);
+ if (ssl == NULL)
+ err_sys("unable to get SSL object");
+
+ tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
+ if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
+ err_sys("error in setting fd");
+ }
+
+ (void)useX25519;
+ (void)useX448;
+ (void)version;
+ (void)onlyKeyShare;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+ if (version >= 4) {
+ SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, 1);
+ }
+#endif
+
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_connect(ssl);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret == WOLFSSL_SUCCESS) {
+ /* Perform throughput test */
+ char *tx_buffer, *rx_buffer;
+
+ /* Record connection time */
+ conn_time = current_time(0) - start;
+
+ /* Allocate TX/RX buffers */
+ tx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ rx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (tx_buffer && rx_buffer) {
+ WC_RNG rng;
+
+ /* Startup the RNG */
+ #if !defined(HAVE_FIPS) && defined(WOLFSSL_ASYNC_CRYPT)
+ ret = wc_InitRng_ex(&rng, NULL, devId);
+ #else
+ ret = wc_InitRng(&rng);
+ #endif
+ if (ret == 0) {
+ size_t xfer_bytes;
+
+ /* Generate random data to send */
+ ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, block);
+ wc_FreeRng(&rng);
+ if(ret != 0) {
+ err_sys("wc_RNG_GenerateBlock failed");
+ }
+
+ /* Perform TX and RX of bytes */
+ xfer_bytes = 0;
+ while (throughput > xfer_bytes) {
+ int len, rx_pos, select_ret;
+
+ /* Determine packet size */
+ len = min(block, (int)(throughput - xfer_bytes));
+
+ /* Perform TX */
+ start = current_time(1);
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_write(ssl, tx_buffer, len);
+ if (ret <= 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != len) {
+ printf("SSL_write bench error %d!\n", err);
+ if (!exitWithRet)
+ err_sys("SSL_write failed");
+ goto doExit;
+ }
+ tx_time += current_time(0) - start;
+
+ /* Perform RX */
+ select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC);
+ if (select_ret == TEST_RECV_READY) {
+ start = current_time(1);
+ rx_pos = 0;
+ while (rx_pos < len) {
+ ret = wolfSSL_read(ssl, &rx_buffer[rx_pos],
+ len - rx_pos);
+ if (ret <= 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ else
+ #endif
+ if (err != WOLFSSL_ERROR_WANT_READ) {
+ printf("SSL_read bench error %d\n", err);
+ err_sys("SSL_read failed");
+ }
+ }
+ else {
+ rx_pos += ret;
+ }
+ }
+ rx_time += current_time(0) - start;
+ }
+
+ /* Compare TX and RX buffers */
+ if (XMEMCMP(tx_buffer, rx_buffer, len) != 0) {
+ free(tx_buffer);
+ tx_buffer = NULL;
+ free(rx_buffer);
+ rx_buffer = NULL;
+ err_sys("Compare TX and RX buffers failed");
+ }
+
+ /* Update overall position */
+ xfer_bytes += len;
+ }
+ }
+ else {
+ err_sys("wc_InitRng failed");
+ }
+ (void)rng; /* for WC_NO_RNG case */
+ }
+ else {
+ err_sys("Client buffer malloc failed");
+ }
+doExit:
+ if (tx_buffer) XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (rx_buffer) XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ }
+ else {
+ err_sys("wolfSSL_connect failed");
+ }
+
+ wolfSSL_shutdown(ssl);
+ wolfSSL_free(ssl); ssl = NULL;
+ CloseSocket(sockfd);
+
+ if (exitWithRet)
+ return err;
+
+ printf(
+#if !defined(__MINGW32__)
+ "wolfSSL Client Benchmark %zu bytes\n"
+#else
+ "wolfSSL Client Benchmark %d bytes\n"
+#endif
+ "\tConnect %8.3f ms\n"
+ "\tTX %8.3f ms (%8.3f MBps)\n"
+ "\tRX %8.3f ms (%8.3f MBps)\n",
+#if !defined(__MINGW32__)
+ throughput,
+#else
+ (int)throughput,
+#endif
+ conn_time * 1000,
+ tx_time * 1000, throughput / tx_time / 1024 / 1024,
+ rx_time * 1000, throughput / rx_time / 1024 / 1024
+ );
+
+ return EXIT_SUCCESS;
+}
+
+const char* starttlsCmd[6] = {
+ "220",
+ "EHLO mail.example.com\r\n",
+ "250",
+ "STARTTLS\r\n",
+ "220",
+ "QUIT\r\n",
+};
+
+/* Initiates the STARTTLS command sequence over TCP */
+static int StartTLS_Init(SOCKET_T* sockfd)
+{
+ char tmpBuf[256];
+
+ if (sockfd == NULL)
+ return BAD_FUNC_ARG;
+
+ /* S: 220 <host> SMTP service ready */
+ XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
+ if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
+ err_sys("failed to read STARTTLS command\n");
+
+ if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) {
+ printf("%s\n", tmpBuf);
+ } else {
+ err_sys("incorrect STARTTLS command received");
+ }
+
+ /* C: EHLO mail.example.com */
+ if (send(*sockfd, starttlsCmd[1], (int)XSTRLEN(starttlsCmd[1]), 0) !=
+ (int)XSTRLEN(starttlsCmd[1]))
+ err_sys("failed to send STARTTLS EHLO command\n");
+
+ /* S: 250 <host> offers a warm hug of welcome */
+ XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
+ if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
+ err_sys("failed to read STARTTLS command\n");
+
+ if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) {
+ printf("%s\n", tmpBuf);
+ } else {
+ err_sys("incorrect STARTTLS command received");
+ }
+
+ /* C: STARTTLS */
+ if (send(*sockfd, starttlsCmd[3], (int)XSTRLEN(starttlsCmd[3]), 0) !=
+ (int)XSTRLEN(starttlsCmd[3])) {
+ err_sys("failed to send STARTTLS command\n");
+ }
+
+ /* S: 220 Go ahead */
+ XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
+ if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
+ err_sys("failed to read STARTTLS command\n");
+ tmpBuf[sizeof(tmpBuf)-1] = '\0';
+ if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
+ printf("%s\n", tmpBuf);
+ } else {
+ err_sys("incorrect STARTTLS command received, expected 220");
+ }
+
+ return WOLFSSL_SUCCESS;
+}
+
+/* Closes down the SMTP connection */
+static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
+{
+ int ret, err = 0;
+ char tmpBuf[256];
+
+ if (ssl == NULL)
+ return BAD_FUNC_ARG;
+
+ printf("\nwolfSSL client shutting down SMTP connection\n");
+
+ XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
+
+ /* C: QUIT */
+ do {
+ ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5]));
+ if (ret < 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != (int)XSTRLEN(starttlsCmd[5])) {
+ err_sys("failed to send SMTP QUIT command\n");
+ }
+
+ /* S: 221 2.0.0 Service closing transmission channel */
+ do {
+ ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)-1);
+ if (ret < 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret < 0) {
+ err_sys("failed to read SMTP closing down response\n");
+ }
+ tmpBuf[ret] = 0; /* null terminate message */
+ printf("%s\n", tmpBuf);
+
+ ret = wolfSSL_shutdown(ssl);
+ if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+ if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
+ TEST_RECV_READY) {
+ ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+ if (ret == WOLFSSL_SUCCESS)
+ printf("Bidirectional shutdown complete\n");
+ }
+ if (ret != WOLFSSL_SUCCESS)
+ printf("Bidirectional shutdown failed\n");
+ }
+
+ return WOLFSSL_SUCCESS;
+}
+
+static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str,
+ int exitWithRet)
+{
+ int ret, err;
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_write(ssl, msg, msgSz);
+ if (ret <= 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WOLFSSL_ERROR_WANT_WRITE ||
+ err == WOLFSSL_ERROR_WANT_READ
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ || err == WC_PENDING_E
+ #endif
+ );
+ if (ret != msgSz) {
+ printf("SSL_write%s msg error %d, %s\n", str, err,
+ wolfSSL_ERR_error_string(err, buffer));
+ if (!exitWithRet) {
+ err_sys("SSL_write failed");
+ }
+ }
+
+ return err;
+}
+
+static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
+ const char* str, int exitWithRet)
+{
+ int ret, err;
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+ double start = current_time(1), elapsed;
+
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_read(ssl, reply, replyLen);
+ if (ret <= 0) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ else
+ #endif
+ if (err != WOLFSSL_ERROR_WANT_READ) {
+ printf("SSL_read reply error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ if (!exitWithRet) {
+ err_sys("SSL_read failed");
+ }
+ else {
+ break;
+ }
+ }
+ }
+
+ if (mustRead && err == WOLFSSL_ERROR_WANT_READ) {
+ elapsed = current_time(0) - start;
+ if (elapsed > MAX_NON_BLOCK_SEC) {
+ printf("Nonblocking read timeout\n");
+ ret = WOLFSSL_FATAL_ERROR;
+ break;
+ }
+ }
+ } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ || err == WC_PENDING_E
+ #endif
+ );
+ if (ret > 0) {
+ reply[ret] = 0; /* null terminate */
+ printf("%s%s\n", str, reply);
+ }
+
+ return err;
+}
+
+
+/* when adding new option, please follow the steps below: */
+/* 1. add new option message in English section */
+/* 2. increase the number of the second column */
+/* 3. increase the array dimension */
+/* 4. add the same message into Japanese section */
+/* (will be translated later) */
+/* 5. add printf() into suitable position of Usage() */
+static const char* client_usage_msg[][69] = {
+ /* English */
+ {
+ " NOTE: All files relative to wolfSSL home dir\n", /* 0 */
+ "Max RSA key size in bits for build is set at : ", /* 1 */
+#ifdef NO_RSA
+ "RSA not supported\n", /* 2 */
+#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
+#ifdef WOLFSSL_SP_4096
+ "4096\n", /* 2 */
+#elif !defined(WOLFSSL_SP_NO_3072)
+ "3072\n", /* 2 */
+#elif !defined(WOLFSSL_SP_NO_2048)
+ "2048\n", /* 2 */
+#else
+ "0\n", /* 2 */
+#endif
+#elif defined(USE_FAST_MATH)
+#else
+ "INFINITE\n", /* 2 */
+#endif
+ "-? <num> Help, print this usage\n"
+ " 0: English, 1: Japanese\n"
+ "--help Help, in English\n", /* 3 */
+ "-h <host> Host to connect to, default", /* 4 */
+ "-p <num> Port to connect on, not 0, default", /* 5 */
+
+#ifndef WOLFSSL_TLS13
+ "-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 6 */
+ "-V Prints valid ssl version numbers"
+ ", SSLv3(0) - TLS1.2(3)\n", /* 7 */
+#else
+ "-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 6 */
+ "-V Prints valid ssl version numbers,"
+ " SSLv3(0) - TLS1.3(4)\n", /* 7 */
+#endif
+ "-l <str> Cipher suite list (: delimited)\n", /* 8 */
+#ifndef NO_CERTS
+ "-c <file> Certificate file, default", /* 9 */
+ "-k <file> Key file, default", /* 10 */
+ "-A <file> Certificate Authority file, default", /* 11 */
+#endif
+#ifndef NO_DH
+ "-Z <num> Minimum DH key bits, default", /* 12 */
+#endif
+ "-b <num> Benchmark <num> connections and print stats\n", /* 13 */
+#ifdef HAVE_ALPN
+ "-L <str> Application-Layer Protocol"
+ " Negotiation ({C,F}:<list>)\n", /* 14 */
+#endif
+ "-B <num> Benchmark throughput"
+ " using <num> bytes and print stats\n", /* 15 */
+#ifndef NO_PSK
+ "-s Use pre Shared keys\n", /* 16 */
+#endif
+ "-d Disable peer checks\n", /* 17 */
+ "-D Override Date Errors example\n", /* 18 */
+ "-e List Every cipher suite available, \n", /* 19 */
+ "-g Send server HTTP GET\n", /* 20 */
+ "-u Use UDP DTLS,"
+ " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 21 */
+#ifdef WOLFSSL_SCTP
+ "-G Use SCTP DTLS,"
+ " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
+#endif
+#ifndef NO_CERTS
+ "-m Match domain name in cert\n", /* 23 */
+#endif
+ "-N Use Non-blocking sockets\n", /* 24 */
+#ifndef NO_SESSION_CACHE
+ "-r Resume session\n", /* 25 */
+#endif
+ "-w Wait for bidirectional shutdown\n", /* 26 */
+ "-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
+#ifdef HAVE_SECURE_RENEGOTIATION
+ "-R Allow Secure Renegotiation\n", /* 28 */
+ "-i <str> Force client Initiated Secure Renegotiation. If the\n"
+ " string 'scr-app-data' is passed in as the value and\n"
+ " Non-blocking sockets are enabled ('-N') then wolfSSL\n"
+ " sends a test message during the secure renegotiation.\n"
+ " The string parameter is optional.\n", /* 29 */
+#endif
+ "-f Fewer packets/group messages\n", /* 30 */
+#ifndef NO_CERTS
+ "-x Disable client cert/key loading\n", /* 31 */
+#endif
+ "-X Driven by eXternal test case\n", /* 32 */
+ "-j Use verify callback override\n", /* 33 */
+#ifdef SHOW_SIZES
+ "-z Print structure sizes\n", /* 34 */
+#endif
+#ifdef HAVE_SNI
+ "-S <str> Use Host Name Indication\n", /* 35 */
+#endif
+#ifdef HAVE_MAX_FRAGMENT
+ "-F <num> Use Maximum Fragment Length [1-6]\n", /* 36 */
+#endif
+#ifdef HAVE_TRUNCATED_HMAC
+ "-T Use Truncated HMAC\n", /* 37 */
+#endif
+#ifdef HAVE_EXTENDED_MASTER
+ "-n Disable Extended Master Secret\n", /* 38 */
+#endif
+#ifdef HAVE_OCSP
+ "-o Perform OCSP lookup on peer certificate\n", /* 39 */
+ "-O <url> Perform OCSP lookup using <url> as responder\n", /* 40 */
+#endif
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ "-W <num> Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
+ " With 'm' at end indicates MUST staple\n", /* 42 */
+#endif
+#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
+ "-U Atomic User Record Layer Callbacks\n", /* 43 */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ "-P Public Key Callbacks\n", /* 44 */
+#endif
+#ifdef HAVE_ANON
+ "-a Anonymous client\n", /* 45 */
+#endif
+#ifdef HAVE_CRL
+ "-C Disable CRL\n", /* 46 */
+#endif
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ "-E <file> Path to load trusted peer cert\n", /* 47 */
+#endif
+#ifdef HAVE_WNR
+ "-q <file> Whitewood config file, defaults\n", /* 48 */
+#endif
+ "-H <arg> Internal tests"
+ " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
+ " loadSSL, disallowETM]\n", /* 50 */
+#ifdef WOLFSSL_TLS13
+ "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */
+ "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */
+ "-I Update keys and IVs before sending data\n", /* 53 */
+#ifndef NO_DH
+ "-y Key Share with FFDHE named groups only\n", /* 54 */
+#endif
+#ifdef HAVE_ECC
+ "-Y Key Share with ECC named groups only\n", /* 55 */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef HAVE_CURVE25519
+ "-t Use X25519 for key exchange\n", /* 56 */
+#endif
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ "-Q Support requesting certificate post-handshake\n", /* 57 */
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+ "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */
+#endif
+#ifdef WOLFSSL_MULTICAST
+ "-3 <grpid> Multicast, grpid < 256\n", /* 59 */
+#endif
+ "-1 <num> Display a result by specified language.\n"
+ " 0: English, 1: Japanese\n", /* 60 */
+#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ "-2 Disable DH Prime check\n", /* 61 */
+#endif
+#ifdef HAVE_SECURE_RENEGOTIATION
+ "-4 Use resumption for renegotiation\n", /* 62 */
+#endif
+#ifdef HAVE_TRUSTED_CA
+ "-5 Use Trusted CA Key Indication\n", /* 63 */
+#endif
+ "-6 Simulate WANT_WRITE errors on every other IO send\n",
+#ifdef HAVE_CURVE448
+ "-8 Use X448 for key exchange\n", /* 66 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 Use hash dir look up for certificate loading\n"
+ " loading from <wolfSSL home>/certs folder\n"
+ " files in the folder would have the form \"hash.N\" file name\n"
+ " e.g symbolic link to the file at certs folder\n"
+ " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
+ /* 67 */
+#endif
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
+ !defined(WOLFSENTRY_NO_JSON)
+ "--wolfsentry-config <file> Path for JSON wolfSentry config\n",
+ /* 68 */
+#endif
+#ifndef WOLFSSL_TLS13
+ "-7 Set minimum downgrade protocol version [0-3] "
+ " SSLv3(0) - TLS1.2(3)\n",
+#else
+ "-7 Set minimum downgrade protocol version [0-4] "
+ " SSLv3(0) - TLS1.3(4)\n", /* 69 */
+#endif
+ NULL,
+ },
+#ifndef NO_MULTIBYTE_PRINT
+ /* Japanese */
+ {
+ " 注意 : 全てのファイルは wolfSSL ホーム・ディレクトリからの相対です。"
+ "\n", /* 0 */
+ "RSAの最大ビットは次のように設定されています: ", /* 1 */
+#ifdef NO_RSA
+ "RSAはサポートされていません。\n", /* 2 */
+#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
+#ifndef WOLFSSL_SP_NO_3072
+ "3072\n", /* 2 */
+#elif !defined(WOLFSSL_SP_NO_2048)
+ "2048\n", /* 2 */
+#else
+ "0\n", /* 2 */
+#endif
+#elif defined(USE_FAST_MATH)
+#else
+ "無限\n", /* 2 */
+#endif
+ "-? <num> ヘルプ, 使い方を表示\n"
+ " 0: 英語、 1: 日本語\n"
+ "--ヘルプ 使い方を表示, 日本語で\n", /* 3 */
+ "-h <host> 接続先ホスト, 既定値", /* 4 */
+ "-p <num> 接続先ポート, 0は無効, 既定値", /* 5 */
+
+#ifndef WOLFSSL_TLS13
+ "-v <num> SSL バージョン [0-3], SSLv3(0) - TLS1.2(3)),"
+ " 既定値", /* 6 */
+ "-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
+ " TLS1.2(3)\n", /* 7 */
+#else
+ "-v <num> SSL バージョン [0-4], SSLv3(0) - TLS1.3(4)),"
+ " 既定値", /* 6 */
+ "-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
+ " TLS1.3(4)\n", /* 7 */
+#endif
+ "-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */
+#ifndef NO_CERTS
+ "-c <file> 証明書ファイル, 既定値", /* 9 */
+ "-k <file> 鍵ファイル, 既定値", /* 10 */
+ "-A <file> 認証局ファイル, 既定値", /* 11 */
+#endif
+#ifndef NO_DH
+ "-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */
+#endif
+ "-b <num> ベンチマーク <num> 接続及び結果出力する\n", /* 13 */
+#ifdef HAVE_ALPN
+ "-L <str> アプリケーション層プロトコルネゴシエーションを行う"
+ " ({C,F}:<list>)\n", /* 14 */
+#endif
+ "-B <num> <num> バイトを用いてのベンチマーク・スループット測定"
+ "と結果を出力する\n", /* 15 */
+#ifndef NO_PSK
+ "-s 事前共有鍵を使用する\n", /* 16 */
+#endif
+ "-d ピア確認を無効とする\n", /* 17 */
+ "-D 日付エラー用コールバック例の上書きを行う\n", /* 18 */
+ "-e 利用可能な全ての暗号スイートをリスト, \n", /* 19 */
+ "-g サーバーへ HTTP GET を送信\n", /* 20 */
+ "-u UDP DTLSを使用する。-v 2 を追加指定すると"
+ " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 21 */
+#ifdef WOLFSSL_SCTP
+ "-G SCTP DTLSを使用する。-v 2 を追加指定すると"
+ " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */
+#endif
+#ifndef NO_CERTS
+ "-m 証明書内のドメイン名一致を確認する\n", /* 23 */
+#endif
+ "-N ノンブロッキング・ソケットを使用する\n", /* 24 */
+#ifndef NO_SESSION_CACHE
+ "-r セッションを継続する\n", /* 25 */
+#endif
+ "-w 双方向シャットダウンを待つ\n", /* 26 */
+ "-M <prot> STARTTLSを使用する, <prot>プロトコル(smtp)を"
+ "使用する\n", /* 27 */
+#ifdef HAVE_SECURE_RENEGOTIATION
+ "-R セキュアな再ネゴシエーションを許可する\n", /* 28 */
+ "-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */
+#endif
+ "-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
+#ifndef NO_CERTS
+ "-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
+#endif
+ "-X 外部テスト・ケースにより動作する\n", /* 32 */
+ "-j コールバック・オーバーライドの検証を使用する\n", /* 33 */
+#ifdef SHOW_SIZES
+ "-z 構造体のサイズを表示する\n", /* 34 */
+#endif
+#ifdef HAVE_SNI
+ "-S <str> ホスト名表示を使用する\n", /* 35 */
+#endif
+#ifdef HAVE_MAX_FRAGMENT
+ "-F <num> 最大フラグメント長[1-6]を設定する\n", /* 36 */
+#endif
+#ifdef HAVE_TRUNCATED_HMAC
+ "-T Truncated HMACを使用する\n", /* 37 */
+#endif
+#ifdef HAVE_EXTENDED_MASTER
+ "-n マスターシークレット拡張を無効にする\n", /* 38 */
+#endif
+#ifdef HAVE_OCSP
+ "-o OCSPルックアップをピア証明書で実施する\n", /* 39 */
+ "-O <url> OCSPルックアップを、<url>を使用し"
+ "応答者として実施する\n", /* 40 */
+#endif
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ "-W <num> OCSP Staplingを使用する"
+ " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
+ " With 'm' at end indicates MUST staple\n", /* 42 */
+#endif
+#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
+ "-U アトミック・ユーザー記録の"
+ "コールバックを利用する\n", /* 43 */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ "-P 公開鍵コールバック\n", /* 44 */
+#endif
+#ifdef HAVE_ANON
+ "-a 匿名クライアント\n", /* 45 */
+#endif
+#ifdef HAVE_CRL
+ "-C CRLを無効\n", /* 46 */
+#endif
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ "-E <file> 信頼出来るピアの証明書ロードの為のパス\n", /* 47 */
+#endif
+#ifdef HAVE_WNR
+ "-q <file> Whitewood コンフィグファイル, 既定値\n", /* 48 */
+#endif
+ "-H <arg> 内部テスト"
+ " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
+ " loadSSL, disallowETM]\n", /* 50 */
+#ifdef WOLFSSL_TLS13
+ "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */
+ "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */
+ "-I データ送信前に、鍵とIVを更新する\n", /* 53 */
+#ifndef NO_DH
+ "-y FFDHE名前付きグループとの鍵共有のみ\n", /* 54 */
+#endif
+#ifdef HAVE_ECC
+ "-Y ECC名前付きグループとの鍵共有のみ\n", /* 55 */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef HAVE_CURVE25519
+ "-t X25519を鍵交換に使用する\n", /* 56 */
+#endif
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ "-Q ポストハンドシェークの証明要求をサポートする\n", /* 57 */
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+ "-0 Early data をサーバーへ送信する"
+ "(0-RTTハンドシェイク)\n", /* 58 */
+#endif
+#ifdef WOLFSSL_MULTICAST
+ "-3 <grpid> マルチキャスト, grpid < 256\n", /* 59 */
+#endif
+ "-1 <num> 指定された言語で結果を表示します。\n"
+ " 0: 英語、 1: 日本語\n", /* 60 */
+#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ "-2 DHプライム番号チェックを無効にする\n", /* 61 */
+#endif
+#ifdef HAVE_SECURE_RENEGOTIATION
+ "-4 再交渉に再開を使用\n", /* 62 */
+#endif
+#ifdef HAVE_TRUSTED_CA
+ "-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */
+#endif
+ "-6 WANT_WRITE エラーを全てのIO 送信でシュミレートします\n",
+#ifdef HAVE_CURVE448
+ "-8 Use X448 for key exchange\n", /* 66 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 証明書の読み込みに hash dir 機能を使用する\n"
+ " <wolfSSL home>/certs フォルダーからロードします\n"
+ " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
+ " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
+ " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
+ /* 67 */
+#endif
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
+ !defined(WOLFSENTRY_NO_JSON)
+ "--wolfsentry-config <file> wolfSentry コンフィグファイル\n",
+ /* 68 */
+#endif
+#ifndef WOLFSSL_TLS13
+ "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] "
+ " SSLv3(0) - TLS1.2(3)\n",
+#else
+ "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
+ " SSLv3(0) - TLS1.3(4)\n", /* 69 */
+#endif
+ NULL,
+ },
+#endif
+
+};
+
+static void Usage(void)
+{
+ int msgid = 0;
+ const char** msg = client_usage_msg[lng_index];
+
+ printf("%s%s%s", "wolfSSL client ", LIBWOLFSSL_VERSION_STRING,
+ msg[msgid]);
+
+ /* print out so that scripts can know what the max supported key size is */
+ printf("%s", msg[++msgid]);
+#ifdef NO_RSA
+ printf("%s", msg[++msgid]);
+#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
+ #ifndef WOLFSSL_SP_NO_3072
+ printf("%s", msg[++msgid]);
+ #elif !defined(WOLFSSL_SP_NO_2048)
+ printf("%s", msg[++msgid]);
+ #else
+ printf("%s", msg[++msgid]);
+ #endif
+#elif defined(USE_FAST_MATH)
+ #if !defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_SP_MATH)
+ printf("%d\n", FP_MAX_BITS/2);
+ #else
+ printf("%d\n", SP_INT_MAX_BITS/2);
+ #endif
+#else
+ /* normal math has unlimited max size */
+ printf("%s", msg[++msgid]);
+#endif
+
+ printf("%s", msg[++msgid]); /* ? */
+ printf("%s %s\n", msg[++msgid], wolfSSLIP); /* -h */
+ printf("%s %d\n", msg[++msgid], wolfSSLPort); /* -p */
+#ifndef WOLFSSL_TLS13
+ printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
+ printf("%s", msg[++msgid]); /* -V */
+#else
+ printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
+ printf("%s", msg[++msgid]); /* -V */
+#endif
+ printf("%s", msg[++msgid]); /* -l */
+#ifndef NO_CERTS
+ printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
+ printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
+ printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
+#endif
+#ifndef NO_DH
+ printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
+#endif
+ printf("%s", msg[++msgid]); /* -b */
+#ifdef HAVE_ALPN
+ printf("%s", msg[++msgid]); /* -L <str> */
+#endif
+ printf("%s", msg[++msgid]); /* -B <num> */
+#ifndef NO_PSK
+ printf("%s", msg[++msgid]); /* -s */
+#endif
+ printf("%s", msg[++msgid]); /* -d */
+ printf("%s", msg[++msgid]); /* -D */
+ printf("%s", msg[++msgid]); /* -e */
+ printf("%s", msg[++msgid]); /* -g */
+ printf("%s", msg[++msgid]); /* -u */
+#ifdef WOLFSSL_SCTP
+ printf("%s", msg[++msgid]); /* -G */
+#endif
+#ifndef NO_CERTS
+ printf("%s", msg[++msgid]); /* -m */
+#endif
+ printf("%s", msg[++msgid]); /* -N */
+#ifndef NO_SESSION_CACHE
+ printf("%s", msg[++msgid]); /* -r */
+#endif
+ printf("%s", msg[++msgid]); /* -w */
+ printf("%s", msg[++msgid]); /* -M */
+#ifdef HAVE_SECURE_RENEGOTIATION
+ printf("%s", msg[++msgid]); /* -R */
+ printf("%s", msg[++msgid]); /* -i */
+#endif
+ printf("%s", msg[++msgid]); /* -f */
+#ifndef NO_CERTS
+ printf("%s", msg[++msgid]); /* -x */
+#endif
+ printf("%s", msg[++msgid]); /* -X */
+ printf("%s", msg[++msgid]); /* -j */
+#ifdef SHOW_SIZES
+ printf("%s", msg[++msgid]); /* -z */
+#endif
+#ifdef HAVE_SNI
+ printf("%s", msg[++msgid]); /* -S */
+#endif
+#ifdef HAVE_MAX_FRAGMENT
+ printf("%s", msg[++msgid]); /* -F */
+#endif
+#ifdef HAVE_TRUNCATED_HMAC
+ printf("%s", msg[++msgid]); /* -T */
+#endif
+#ifdef HAVE_EXTENDED_MASTER
+ printf("%s", msg[++msgid]); /* -n */
+#endif
+#ifdef HAVE_OCSP
+ printf("%s", msg[++msgid]); /* -o */
+ printf("%s", msg[++msgid]); /* -O */
+#endif
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ printf("%s", msg[++msgid]); /* -W */
+ printf("%s", msg[++msgid]); /* note for -W */
+#endif
+#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
+ printf("%s", msg[++msgid]); /* -U */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ printf("%s", msg[++msgid]); /* -P */
+#endif
+#ifdef HAVE_ANON
+ printf("%s", msg[++msgid]); /* -a */
+#endif
+#ifdef HAVE_CRL
+ printf("%s", msg[++msgid]); /* -C */
+#endif
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ printf("%s", msg[++msgid]); /* -E */
+#endif
+#ifdef HAVE_WNR
+ printf("%s %s\n", msg[++msgid], wnrConfig); /* -q */
+#endif
+ printf("%s", msg[++msgid]); /* -H */
+ printf("%s", msg[++msgid]); /* more -H options */
+#ifdef WOLFSSL_TLS13
+ printf("%s", msg[++msgid]); /* -J */
+ printf("%s", msg[++msgid]); /* -K */
+ printf("%s", msg[++msgid]); /* -I */
+#ifndef NO_DH
+ printf("%s", msg[++msgid]); /* -y */
+#endif
+#ifdef HAVE_ECC
+ printf("%s", msg[++msgid]); /* -Y */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef HAVE_CURVE25519
+ printf("%s", msg[++msgid]); /* -t */
+#endif
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ printf("%s", msg[++msgid]); /* -Q */
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+ printf("%s", msg[++msgid]); /* -0 */
+#endif
+#ifdef WOLFSSL_MULTICAST
+ printf("%s", msg[++msgid]); /* -3 */
+#endif
+ printf("%s", msg[++msgid]); /* -1 */
+#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ printf("%s", msg[++msgid]); /* -2 */
+#endif
+#ifdef HAVE_SECURE_RENEGOTIATION
+ printf("%s", msg[++msgid]); /* -4 */
+#endif
+#ifdef HAVE_TRUSTED_CA
+ printf("%s", msg[++msgid]); /* -5 */
+#endif
+ printf("%s", msg[++msgid]); /* -6 */
+#ifdef HAVE_CURVE448
+ printf("%s", msg[++msgid]); /* -8 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ printf("%s", msg[++msgid]); /* -9 */
+#endif
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
+ !defined(WOLFSENTRY_NO_JSON)
+ printf("%s", msg[++msgid]); /* --wolfsentry-config */
+#endif
+ printf("%s", msg[++msgid]); /* -7 */
+}
+
+THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
+{
+ SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
+
+ wolfSSL_method_func method = NULL;
+ WOLFSSL_CTX* ctx = 0;
+ WOLFSSL* ssl = 0;
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ wolfsentry_errcode_t wolfsentry_ret;
+#endif
+
+ WOLFSSL* sslResume = 0;
+ WOLFSSL_SESSION* session = 0;
+ byte* flatSession = NULL;
+ int flatSessionSz = 0;
+
+ char msg[CLI_MSG_SZ];
+ int msgSz = 0;
+ char reply[CLI_REPLY_SZ];
+
+ word16 port = wolfSSLPort;
+ char* host = (char*)wolfSSLIP;
+ const char* domain = "localhost"; /* can't default to www.wolfssl.com
+ because can't tell if we're really
+ going there to detect old chacha-poly
+ */
+#ifndef WOLFSSL_VXWORKS
+ int ch;
+ static const struct mygetopt_long_config long_options[] = {
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
+ !defined(WOLFSENTRY_NO_JSON)
+ { "wolfsentry-config", 1, 256 },
+#endif
+ { "help", 0, 257 },
+ { "ヘルプ", 0, 258 },
+ { 0, 0, 0 }
+ };
+#endif
+ int version = CLIENT_INVALID_VERSION;
+ int minVersion = CLIENT_INVALID_VERSION;
+ int usePsk = 0;
+ int useAnon = 0;
+ int sendGET = 0;
+ int benchmark = 0;
+ int block = TEST_BUFFER_SIZE;
+ size_t throughput = 0;
+ int doDTLS = 0;
+ int dtlsUDP = 0;
+#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+ defined(WOLFSSL_DTLS)
+ int dtlsMTU = 0;
+#endif
+ int dtlsSCTP = 0;
+ int doMcast = 0;
+ int matchName = 0;
+ int doPeerCheck = 1;
+ int nonBlocking = 0;
+ int simulateWantWrite = 0;
+ int resumeSession = 0;
+ int wc_shutdown = 0;
+ int disableCRL = 0;
+ int externalTest = 0;
+ int ret;
+ int err = 0;
+ int scr = 0; /* allow secure renegotiation */
+ int forceScr = 0; /* force client initiated scr */
+ int scrAppData = 0;
+ int resumeScr = 0; /* use resumption for renegotiation */
+#ifndef WOLFSSL_NO_CLIENT_AUTH
+ int useClientCert = 1;
+#else
+ int useClientCert = 0;
+#endif
+ int fewerPackets = 0;
+ int atomicUser = 0;
+#ifdef HAVE_PK_CALLBACKS
+ int pkCallbacks = 0;
+ PkCbInfo pkCbInfo;
+#endif
+ int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
+ char* alpnList = NULL;
+ unsigned char alpn_opt = 0;
+ char* cipherList = NULL;
+ int useDefCipherList = 0;
+ const char* verifyCert;
+ const char* ourCert;
+ const char* ourKey;
+
+ int doSTARTTLS = 0;
+ char* starttlsProt = NULL;
+ int useVerifyCb = 0;
+ int useSupCurve = 0;
+
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ const char* trustCert = NULL;
+#endif
+
+#ifdef HAVE_SNI
+ char* sniHostName = NULL;
+#endif
+#ifdef HAVE_TRUSTED_CA
+ int trustedCaKeyId = 0;
+#endif
+#ifdef HAVE_MAX_FRAGMENT
+ byte maxFragment = 0;
+#endif
+#ifdef HAVE_TRUNCATED_HMAC
+ byte truncatedHMAC = 0;
+#endif
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ byte statusRequest = 0;
+ byte mustStaple = 0;
+#endif
+#ifdef HAVE_EXTENDED_MASTER
+ byte disableExtMasterSecret = 0;
+#endif
+ int helloRetry = 0;
+ int onlyKeyShare = 0;
+#ifdef WOLFSSL_TLS13
+ int noPskDheKe = 0;
+ int postHandAuth = 0;
+#endif
+ int updateKeysIVs = 0;
+ int earlyData = 0;
+#ifdef WOLFSSL_MULTICAST
+ byte mcastID = 0;
+#endif
+#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ int doDhKeyCheck = 1;
+#endif
+
+#ifdef HAVE_OCSP
+ int useOcsp = 0;
+ char* ocspUrl = NULL;
+#endif
+ int useX25519 = 0;
+ int useX448 = 0;
+ int exitWithRet = 0;
+ int loadCertKeyIntoSSLObj = 0;
+
+#ifdef HAVE_ENCRYPT_THEN_MAC
+ int disallowETM = 0;
+#endif
+
+#ifdef HAVE_WNR
+ const char* wnrConfigFile = wnrConfig;
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ int useCertFolder = 0;
+#endif
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+
+ int argc = ((func_args*)args)->argc;
+ char** argv = ((func_args*)args)->argv;
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+ #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
+ || defined(SESSION_CERTS)
+ /* big enough to handle most cases including session certs */
+ byte memory[320000];
+ #else
+ byte memory[80000];
+ #endif
+ byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
+ WOLFSSL_MEM_CONN_STATS ssl_stats;
+ #ifdef DEBUG_WOLFSSL
+ WOLFSSL_MEM_STATS mem_stats;
+ #endif
+ WOLFSSL_HEAP_HINT *heap = NULL;
+#endif
+
+ ((func_args*)args)->return_code = -1; /* error state */
+
+#ifndef NO_RSA
+ verifyCert = caCertFile;
+ ourCert = cliCertFile;
+ ourKey = cliKeyFile;
+#else
+ #ifdef HAVE_ECC
+ verifyCert = caEccCertFile;
+ ourCert = cliEccCertFile;
+ ourKey = cliEccKeyFile;
+ #elif defined(HAVE_ED25519)
+ verifyCert = caEdCertFile;
+ ourCert = cliEdCertFile;
+ ourKey = cliEdKeyFile;
+ #elif defined(HAVE_ED448)
+ verifyCert = caEd448CertFile;
+ ourCert = cliEd448CertFile;
+ ourKey = cliEd448KeyFile;
+ #else
+ verifyCert = NULL;
+ ourCert = NULL;
+ ourKey = NULL;
+ #endif
+#endif
+
+ (void)session;
+ (void)flatSession;
+ (void)flatSessionSz;
+ (void)sslResume;
+ (void)atomicUser;
+ (void)scr;
+ (void)forceScr;
+ (void)scrAppData;
+ (void)resumeScr;
+ (void)ourKey;
+ (void)ourCert;
+ (void)verifyCert;
+ (void)useClientCert;
+ (void)disableCRL;
+ (void)minDhKeyBits;
+ (void)alpnList;
+ (void)alpn_opt;
+ (void)updateKeysIVs;
+ (void)earlyData;
+ (void)useX25519;
+ (void)useX448;
+ (void)helloRetry;
+ (void)onlyKeyShare;
+ (void)useSupCurve;
+ (void)loadCertKeyIntoSSLObj;
+
+ StackTrap();
+
+ /* Reinitialize the global myVerifyAction. */
+ myVerifyAction = VERIFY_OVERRIDE_ERROR;
+
+#ifndef WOLFSSL_VXWORKS
+ /* Not used: All used */
+ while ((ch = mygetopt_long(argc, argv, "?:"
+ "ab:c:defgh:i;jk:l:mnop:q:rstu;v:wxyz"
+ "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
+ "01:23:4567:89"
+ "@#", long_options, 0)) != -1) {
+ switch (ch) {
+ case '?' :
+ if(myoptarg!=NULL) {
+ lng_index = atoi(myoptarg);
+ if(lng_index<0||lng_index>1){
+ lng_index = 0;
+ }
+ }
+ Usage();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 257 :
+ lng_index = 0;
+ Usage();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 258 :
+ lng_index = 1;
+ Usage();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 'g' :
+ sendGET = 1;
+ break;
+
+ case 'd' :
+ doPeerCheck = 0;
+ break;
+
+ case 'e' :
+ ShowCiphers();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 'D' :
+ myVerifyAction = VERIFY_OVERRIDE_DATE_ERR;
+ break;
+
+ case 'C' :
+ #ifdef HAVE_CRL
+ disableCRL = 1;
+ #endif
+ break;
+
+ case 'u' :
+ doDTLS = 1;
+ dtlsUDP = 1;
+ #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+ defined(WOLFSSL_DTLS)
+ dtlsMTU = atoi(myoptarg);
+ #endif
+ break;
+
+ case 'G' :
+ #ifdef WOLFSSL_SCTP
+ doDTLS = 1;
+ dtlsSCTP = 1;
+ #endif
+ break;
+
+ case 's' :
+ usePsk = 1;
+ break;
+
+ #ifdef WOLFSSL_TRUST_PEER_CERT
+ case 'E' :
+ trustCert = myoptarg;
+ break;
+ #endif
+
+ case 'm' :
+ matchName = 1;
+ break;
+
+ case 'x' :
+ useClientCert = 0;
+ break;
+
+ case 'X' :
+ externalTest = 1;
+ break;
+
+ case 'f' :
+ fewerPackets = 1;
+ break;
+
+ case 'U' :
+ #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
+ atomicUser = 1;
+ #endif
+ break;
+
+ case 'P' :
+ #ifdef HAVE_PK_CALLBACKS
+ pkCallbacks = 1;
+ #endif
+ break;
+
+ case 'h' :
+ host = myoptarg;
+ domain = myoptarg;
+ break;
+
+ case 'p' :
+ port = (word16)atoi(myoptarg);
+ #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
+ if (port == 0)
+ err_sys("port number cannot be 0");
+ #endif
+ break;
+
+ case 'v' :
+ if (myoptarg[0] == 'd') {
+ version = CLIENT_DOWNGRADE_VERSION;
+ break;
+ }
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ else if (myoptarg[0] == 'e') {
+ version = EITHER_DOWNGRADE_VERSION;
+ #ifndef NO_CERTS
+ loadCertKeyIntoSSLObj = 1;
+ #endif
+ break;
+ }
+ #endif
+ version = atoi(myoptarg);
+ if (version < 0 || version > 4) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ case 'V' :
+ ShowVersions();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 'l' :
+ cipherList = myoptarg;
+ break;
+
+ case 'H' :
+ if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
+ printf("Using default cipher list for testing\n");
+ useDefCipherList = 1;
+ }
+ else if (XSTRNCMP(myoptarg, "exitWithRet", 11) == 0) {
+ printf("Skip exit() for testing\n");
+ exitWithRet = 1;
+ }
+ else if (XSTRNCMP(myoptarg, "verifyFail", 10) == 0) {
+ printf("Verify should fail\n");
+ myVerifyAction = VERIFY_FORCE_FAIL;
+ }
+ else if (XSTRNCMP(myoptarg, "verifyInfo", 10) == 0) {
+ printf("Verify should not override error\n");
+ myVerifyAction = VERIFY_USE_PREVERFIY;
+ }
+ else if (XSTRNCMP(myoptarg, "useSupCurve", 11) == 0) {
+ printf("Attempting to test use supported curve\n");
+ #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
+ useSupCurve = 1;
+ #else
+ printf("Supported curves not compiled in!\n");
+ #endif
+ }
+ else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
+ printf("Load cert/key into wolfSSL object\n");
+ #ifndef NO_CERTS
+ loadCertKeyIntoSSLObj = 1;
+ #else
+ printf("Certs turned off with NO_CERTS!\n");
+ #endif
+ }
+ else if (XSTRNCMP(myoptarg, "disallowETM", 7) == 0) {
+ printf("Disallow Encrypt-Then-MAC\n");
+ #ifdef HAVE_ENCRYPT_THEN_MAC
+ disallowETM = 1;
+ #endif
+ }
+ else {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ case 'A' :
+ verifyCert = myoptarg;
+ break;
+
+ case 'c' :
+ ourCert = myoptarg;
+ break;
+
+ case 'k' :
+ ourKey = myoptarg;
+ break;
+
+ case 'Z' :
+ #ifndef NO_DH
+ minDhKeyBits = atoi(myoptarg);
+ if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ #endif
+ break;
+
+ case 'b' :
+ benchmark = atoi(myoptarg);
+ if (benchmark < 0 || benchmark > 1000000) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ case 'B' :
+ throughput = atol(myoptarg);
+ for (; *myoptarg != '\0'; myoptarg++) {
+ if (*myoptarg == ',') {
+ block = atoi(myoptarg + 1);
+ break;
+ }
+ }
+ if (throughput == 0 || block <= 0) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ case 'N' :
+ nonBlocking = 1;
+ break;
+
+ case 'r' :
+ resumeSession = 1;
+ break;
+
+ case 'w' :
+ wc_shutdown = 1;
+ break;
+
+ case 'R' :
+ #ifdef HAVE_SECURE_RENEGOTIATION
+ scr = 1;
+ #endif
+ break;
+
+ case 'i' :
+ #ifdef HAVE_SECURE_RENEGOTIATION
+ scr = 1;
+ forceScr = 1;
+ if (XSTRNCMP(myoptarg, "scr-app-data", 12) == 0) {
+ scrAppData = 1;
+ }
+ #endif
+ break;
+
+ case 'z' :
+ #ifndef WOLFSSL_LEANPSK
+ wolfSSL_GetObjectSize();
+ #endif
+ break;
+
+ case 'S' :
+ if (XSTRNCMP(myoptarg, "check", 5) == 0) {
+ #ifdef HAVE_SNI
+ printf("SNI is: ON\n");
+ #else
+ printf("SNI is: OFF\n");
+ #endif
+ XEXIT_T(EXIT_SUCCESS);
+ }
+ #ifdef HAVE_SNI
+ sniHostName = myoptarg;
+ #endif
+ break;
+
+ case 'F' :
+ #ifdef HAVE_MAX_FRAGMENT
+ maxFragment = atoi(myoptarg);
+ if (maxFragment < WOLFSSL_MFL_MIN ||
+ maxFragment > WOLFSSL_MFL_MAX) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ #endif
+ break;
+
+ case 'T' :
+ #ifdef HAVE_TRUNCATED_HMAC
+ truncatedHMAC = 1;
+ #endif
+ break;
+
+ case 'n' :
+ #ifdef HAVE_EXTENDED_MASTER
+ disableExtMasterSecret = 1;
+ #endif
+ break;
+
+ case 'W' :
+ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ {
+ word32 myoptargSz;
+
+ statusRequest = atoi(myoptarg);
+ if (statusRequest > OCSP_STAPLING_OPT_MAX) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+
+ myoptargSz = (word32)XSTRLEN(myoptarg);
+ if (myoptargSz > 0 &&
+ XTOUPPER(myoptarg[myoptargSz-1]) == 'M') {
+ mustStaple = 1;
+ }
+ }
+ #endif
+ break;
+
+ case 'o' :
+ #ifdef HAVE_OCSP
+ useOcsp = 1;
+ #endif
+ break;
+
+ case 'O' :
+ #ifdef HAVE_OCSP
+ useOcsp = 1;
+ ocspUrl = myoptarg;
+ #endif
+ break;
+
+ case 'a' :
+ #ifdef HAVE_ANON
+ useAnon = 1;
+ #endif
+ break;
+
+ case 'L' :
+ #ifdef HAVE_ALPN
+ alpnList = myoptarg;
+
+ if (alpnList[0] == 'C' && alpnList[1] == ':')
+ alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
+ else if (alpnList[0] == 'F' && alpnList[1] == ':')
+ alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
+ else {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+
+ alpnList += 2;
+
+ #endif
+ break;
+
+ case 'M' :
+ doSTARTTLS = 1;
+ starttlsProt = myoptarg;
+
+ if (XSTRNCMP(starttlsProt, "smtp", 4) != 0) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+
+ break;
+
+ case 'q' :
+ #ifdef HAVE_WNR
+ wnrConfigFile = myoptarg;
+ #endif
+ break;
+
+ case 'J' :
+ #ifdef WOLFSSL_TLS13
+ helloRetry = 1;
+ #endif
+ break;
+
+ case 'K' :
+ #ifdef WOLFSSL_TLS13
+ noPskDheKe = 1;
+ #endif
+ break;
+
+ case 'I' :
+ #ifdef WOLFSSL_TLS13
+ updateKeysIVs = 1;
+ #endif
+ break;
+
+ case 'y' :
+ #if defined(WOLFSSL_TLS13) && \
+ defined(HAVE_SUPPORTED_CURVES) && !defined(NO_DH)
+ onlyKeyShare = 1;
+ #endif
+ break;
+
+ case 'Y' :
+ #if defined(WOLFSSL_TLS13) && \
+ defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC)
+ onlyKeyShare = 2;
+ #endif
+ break;
+
+ case 'j' :
+ useVerifyCb = 1;
+ break;
+
+ case 't' :
+ #ifdef HAVE_CURVE25519
+ useX25519 = 1;
+ #ifdef HAVE_ECC
+ useSupCurve = 1;
+ #if defined(WOLFSSL_TLS13) && \
+ defined(HAVE_SUPPORTED_CURVES)
+ onlyKeyShare = 2;
+ #endif
+ #endif
+ #endif
+ break;
+
+ case 'Q' :
+ #if defined(WOLFSSL_TLS13) && \
+ defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ postHandAuth = 1;
+ #endif
+ break;
+
+ case '0' :
+ #ifdef WOLFSSL_EARLY_DATA
+ earlyData = 1;
+ #endif
+ break;
+
+ case '1' :
+ lng_index = atoi(myoptarg);
+ if(lng_index<0||lng_index>1){
+ lng_index = 0;
+ }
+ break;
+
+ case '2' :
+ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ doDhKeyCheck = 0;
+ #endif
+ break;
+
+ case '3' :
+ #ifdef WOLFSSL_MULTICAST
+ doMcast = 1;
+ mcastID = (byte)(atoi(myoptarg) & 0xFF);
+ #endif
+ break;
+
+ case '4' :
+ #ifdef HAVE_SECURE_RENEGOTIATION
+ scr = 1;
+ forceScr = 1;
+ resumeScr = 1;
+ #endif
+ break;
+
+ case '5' :
+ #ifdef HAVE_TRUSTED_CA
+ trustedCaKeyId = 1;
+ #endif /* HAVE_TRUSTED_CA */
+ break;
+
+ case '6' :
+ nonBlocking = 1;
+ simulateWantWrite = 1;
+ break;
+ case '7' :
+ minVersion = atoi(myoptarg);
+ if (minVersion < 0 || minVersion > 4) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+ case '8' :
+ #ifdef HAVE_CURVE448
+ useX448 = 1;
+ #ifdef HAVE_ECC
+ useSupCurve = 1;
+ #if defined(WOLFSSL_TLS13) && \
+ defined(HAVE_SUPPORTED_CURVES)
+ onlyKeyShare = 2;
+ #endif
+ #endif
+ #endif
+ break;
+ case '9' :
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ useCertFolder = 1;
+#endif
+ break;
+ case '@' :
+ {
+#ifdef HAVE_WC_INTROSPECTION
+ const char *conf_args = wolfSSL_configure_args();
+ if (conf_args) {
+ puts(conf_args);
+ XEXIT_T(EXIT_SUCCESS);
+ } else {
+ fputs("configure args not compiled in.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+ }
+#else
+ fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+#endif
+ }
+
+ case '#' :
+ {
+#ifdef HAVE_WC_INTROSPECTION
+ const char *cflags = wolfSSL_global_cflags();
+ if (cflags) {
+ puts(cflags);
+ XEXIT_T(EXIT_SUCCESS);
+ } else {
+ fputs("CFLAGS not compiled in.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+ }
+#else
+ fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+#endif
+ }
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ case 256:
+#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+ wolfsentry_config_path = myoptarg;
+#endif
+ break;
+#endif
+
+ default:
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ }
+
+ myoptind = 0; /* reset for test cases */
+#endif /* !WOLFSSL_VXWORKS */
+
+ if (externalTest) {
+ /* detect build cases that wouldn't allow test against wolfssl.com */
+ int done = 0;
+
+ #ifdef NO_RSA
+ done += 1; /* require RSA for external tests */
+ #endif
+
+ if (!XSTRNCMP(domain, "www.globalsign.com", 14)) {
+ /* www.globalsign.com does not respond to ipv6 ocsp requests */
+ #if defined(TEST_IPV6) && defined(HAVE_OCSP)
+ done += 1;
+ #endif
+
+ /* www.globalsign.com has limited supported cipher suites */
+ #if defined(NO_AES) && defined(HAVE_OCSP)
+ done += 1;
+ #endif
+
+ /* www.globalsign.com only supports static RSA or ECDHE with AES */
+ /* We cannot expect users to have on static RSA so test for ECC only
+ * as some users will most likely be on 32-bit systems where ECC
+ * is not enabled by default */
+ #if defined(HAVE_OCSP) && !defined(HAVE_ECC)
+ done += 1;
+ #endif
+ }
+
+ #ifndef NO_PSK
+ if (usePsk) {
+ done += 1; /* don't perform external tests if PSK is enabled */
+ }
+ #endif
+
+ #ifdef NO_SHA
+ done += 1; /* external cert chain most likely has SHA */
+ #endif
+
+ #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
+ || ( defined(HAVE_ECC) && !defined(HAVE_SUPPORTED_CURVES) \
+ && !defined(WOLFSSL_STATIC_RSA) )
+ /* google needs ECDHE+Supported Curves or static RSA */
+ if (!XSTRNCMP(domain, "www.google.com", 14))
+ done += 1;
+ #endif
+
+ #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
+ /* wolfssl needs ECDHE or static RSA */
+ if (!XSTRNCMP(domain, "www.wolfssl.com", 15))
+ done += 1;
+ #endif
+
+ #if !defined(WOLFSSL_SHA384)
+ if (!XSTRNCMP(domain, "www.wolfssl.com", 15)) {
+ /* wolfssl need sha384 for cert chain verify */
+ done += 1;
+ }
+ #endif
+
+ #if !defined(HAVE_AESGCM) && defined(NO_AES) && \
+ !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
+ /* need at least one of these for external tests */
+ done += 1;
+ #endif
+
+ #if defined(HAVE_QSH)
+ /*currently google server rejects client hello with QSH extension.*/
+ done += 1;
+ #endif
+
+ /* For the external test, if we disable AES, GoDaddy will reject the
+ * connection. They only currently support AES suites, RC4 and 3DES
+ * suites. With AES disabled we only offer PolyChacha suites. */
+ #if defined(NO_AES) && !defined(HAVE_AESGCM)
+ if (!XSTRNCMP(domain, "www.wolfssl.com", 15)) {
+ done += 1;
+ }
+ #endif
+
+ if (done) {
+ printf("external test can't be run in this mode\n");
+
+ ((func_args*)args)->return_code = 0;
+ XEXIT_T(EXIT_SUCCESS);
+ }
+ }
+
+ /* sort out DTLS versus TLS versions */
+ if (version == CLIENT_INVALID_VERSION) {
+ if (doDTLS)
+ version = CLIENT_DTLS_DEFAULT_VERSION;
+ else
+ version = CLIENT_DEFAULT_VERSION;
+ }
+ else {
+ if (doDTLS) {
+ if (version == 3)
+ version = -2;
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ else if (version == EITHER_DOWNGRADE_VERSION)
+ version = -3;
+ #endif
+ else
+ version = -1;
+ }
+ }
+
+#ifdef HAVE_WNR
+ if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
+ err_sys("can't load whitewood net random config file");
+#endif
+
+ switch (version) {
+#ifndef NO_OLD_TLS
+ #ifdef WOLFSSL_ALLOW_SSLV3
+ case 0:
+ method = wolfSSLv3_client_method_ex;
+ break;
+ #endif
+
+ #ifndef NO_TLS
+ #ifdef WOLFSSL_ALLOW_TLSV10
+ case 1:
+ method = wolfTLSv1_client_method_ex;
+ break;
+ #endif
+
+ case 2:
+ method = wolfTLSv1_1_client_method_ex;
+ break;
+ #endif /* !NO_TLS */
+#endif /* !NO_OLD_TLS */
+
+#ifndef NO_TLS
+ #ifndef WOLFSSL_NO_TLS12
+ case 3:
+ method = wolfTLSv1_2_client_method_ex;
+ break;
+ #endif
+
+ #ifdef WOLFSSL_TLS13
+ case 4:
+ method = wolfTLSv1_3_client_method_ex;
+ break;
+ #endif
+
+ case CLIENT_DOWNGRADE_VERSION:
+ method = wolfSSLv23_client_method_ex;
+ break;
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ case EITHER_DOWNGRADE_VERSION:
+ method = wolfSSLv23_method_ex;
+ break;
+ #endif
+#endif /* NO_TLS */
+
+#ifdef WOLFSSL_DTLS
+ #ifndef NO_OLD_TLS
+ case -1:
+ method = wolfDTLSv1_client_method_ex;
+ break;
+ #endif
+
+ #ifndef WOLFSSL_NO_TLS12
+ case -2:
+ method = wolfDTLSv1_2_client_method_ex;
+ break;
+ #endif
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ case -3:
+ method = wolfDTLSv1_2_method_ex;
+ break;
+ #endif
+#endif
+
+ default:
+ err_sys("Bad SSL version");
+ break;
+ }
+
+ if (method == NULL)
+ err_sys("unable to get method");
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+ #ifdef DEBUG_WOLFSSL
+ /* print off helper buffer sizes for use with static memory
+ * printing to stderr in case of debug mode turned on */
+ fprintf(stderr, "static memory management size = %d\n",
+ wolfSSL_MemoryPaddingSz());
+ fprintf(stderr, "calculated optimum general buffer size = %d\n",
+ wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
+ fprintf(stderr, "calculated optimum IO buffer size = %d\n",
+ wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
+ WOLFMEM_IO_POOL_FIXED));
+ #endif /* DEBUG_WOLFSSL */
+
+ if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1)
+ != 0) {
+ err_sys("unable to load static memory");
+ }
+
+ ctx = wolfSSL_CTX_new_ex(method(heap), heap);
+ if (ctx == NULL)
+ err_sys("unable to get ctx");
+
+ if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
+ WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
+ err_sys("unable to load static memory");
+ }
+#else
+ if (method != NULL) {
+ ctx = wolfSSL_CTX_new(method(NULL));
+ if (ctx == NULL)
+ err_sys("unable to get ctx");
+ }
+#endif
+ if (minVersion != CLIENT_INVALID_VERSION) {
+ wolfSSL_CTX_SetMinVersion(ctx, minVersion);
+ }
+ if (simulateWantWrite) {
+ #ifdef USE_WOLFSSL_IO
+ wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
+ #endif
+ }
+
+#ifdef SINGLE_THREADED
+ if (wolfSSL_CTX_new_rng(ctx) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("Single Threaded new rng at CTX failed");
+ }
+#endif
+
+
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path,
+ WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT) < 0) {
+ err_sys("unable to initialize wolfSentry");
+ }
+
+ if (wolfSSL_CTX_set_ConnectFilter(
+ ctx,
+ (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback,
+ wolfsentry) < 0) {
+ err_sys("unable to install wolfSentry_NetworkFilterCallback");
+ }
+#endif
+
+ if (cipherList && !useDefCipherList) {
+ if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("client can't set cipher list 1");
+ }
+ }
+
+#ifdef WOLFSSL_LEANPSK
+ if (!usePsk) {
+ usePsk = 1;
+ }
+#endif
+
+#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
+ !defined(HAVE_ED448)
+ if (!usePsk) {
+ usePsk = 1;
+ }
+#endif
+
+ if (fewerPackets)
+ wolfSSL_CTX_set_group_messages(ctx);
+#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+ defined(WOLFSSL_DTLS)
+ if (dtlsMTU)
+ wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+#endif
+
+#ifndef NO_DH
+ if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
+ != WOLFSSL_SUCCESS) {
+ err_sys("Error setting minimum DH key size");
+ }
+#endif
+
+ if (usePsk) {
+#ifndef NO_PSK
+ const char *defaultCipherList = cipherList;
+
+ wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
+#ifdef WOLFSSL_TLS13
+ #if !defined(WOLFSSL_PSK_TLS13_CB) && !defined(WOLFSSL_PSK_ONE_ID)
+ wolfSSL_CTX_set_psk_client_cs_callback(ctx, my_psk_client_cs_cb);
+ #else
+ wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
+ #endif
+#endif
+ if (defaultCipherList == NULL) {
+ #if defined(HAVE_AESGCM) && !defined(NO_DH)
+ #ifdef WOLFSSL_TLS13
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":DHE-PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #else
+ defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+ #endif
+ #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #elif defined(HAVE_NULL_CIPHER)
+ defaultCipherList = "PSK-NULL-SHA256";
+ #else
+ defaultCipherList = "PSK-AES128-CBC-SHA256";
+ #endif
+ if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList)
+ !=WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("client can't set cipher list 2");
+ }
+ }
+ wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
+#endif
+ if (useClientCert) {
+ useClientCert = 0;
+ }
+ }
+
+ if (useAnon) {
+#ifdef HAVE_ANON
+ if (cipherList == NULL || (cipherList && useDefCipherList)) {
+ const char* defaultCipherList;
+ wolfSSL_CTX_allow_anon_cipher(ctx);
+ defaultCipherList = "ADH-AES256-GCM-SHA384:"
+ "ADH-AES128-SHA";
+ if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("client can't set cipher list 4");
+ }
+ }
+#endif
+ if (useClientCert) {
+ useClientCert = 0;
+ }
+ }
+
+#ifdef WOLFSSL_SCTP
+ if (dtlsSCTP)
+ wolfSSL_CTX_dtls_set_sctp(ctx);
+#endif
+
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
+#endif
+
+#ifdef WOLFSSL_SNIFFER
+ if (cipherList == NULL && version < 4) {
+ /* static RSA or ECC cipher suites */
+ const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA";
+ if (wolfSSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("client can't set cipher list 3");
+ }
+ }
+#endif
+
+#ifdef HAVE_OCSP
+ if (useOcsp) {
+ #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
+ wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
+ #endif
+
+ if (ocspUrl != NULL) {
+ wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
+ wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
+ | WOLFSSL_OCSP_URL_OVERRIDE);
+ }
+ else {
+ wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
+ }
+
+ #ifdef WOLFSSL_NONBLOCK_OCSP
+ wolfSSL_CTX_SetOCSP_Cb(ctx, OCSPIOCb, OCSPRespFreeCb, NULL);
+ #endif
+ }
+#endif
+
+#ifdef USER_CA_CB
+ wolfSSL_CTX_SetCACb(ctx, CaCb);
+#endif
+
+#if defined(HAVE_EXT_CACHE) && !defined(NO_SESSION_CACHE)
+ wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
+ wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
+ wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
+#endif
+
+#ifndef NO_CERTS
+ if (useClientCert && !loadCertKeyIntoSSLObj){
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, client_cert_der_2048,
+ sizeof_client_cert_der_2048) != WOLFSSL_SUCCESS)
+ err_sys("can't load client cert buffer");
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load client cert file, check file and run from"
+ " wolfSSL home dir");
+ }
+ #else
+ load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
+ #endif
+ }
+
+ #ifdef HAVE_PK_CALLBACKS
+ pkCbInfo.ourKey = ourKey;
+ #endif
+ if (useClientCert && !loadCertKeyIntoSSLObj
+ #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
+ && !pkCallbacks
+ #endif
+ ) {
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
+ sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+ err_sys("can't load client private key buffer");
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load client private key file, check file and run "
+ "from wolfSSL home dir");
+ }
+ #else
+ load_buffer(ctx, ourKey, WOLFSSL_KEY);
+ #endif
+ }
+
+ if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (useCertFolder) {
+ WOLFSSL_X509_STORE *store;
+ WOLFSSL_X509_LOOKUP *lookup;
+
+ store = wolfSSL_CTX_get_cert_store(ctx);
+ if (store == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't get WOLFSSL_X509_STORE");
+ }
+ lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't add lookup");
+ }
+ if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
+ X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
+ err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
+ }
+ } else {
+ #endif
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
+ sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load ca buffer, Please run from wolfSSL home dir");
+ }
+ #elif !defined(TEST_LOAD_BUFFER)
+ unsigned int verify_flags = 0;
+ #ifdef TEST_BEFORE_DATE
+ verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
+ #endif
+ if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load ca file, Please run from wolfSSL home dir");
+ }
+ #else
+ load_buffer(ctx, verifyCert, WOLFSSL_CA);
+ #endif /* !NO_FILESYSTEM */
+
+ #ifdef HAVE_ECC
+ /* load ecc verify too, echoserver uses it by default w/ ecc */
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256,
+ sizeof_ca_ecc_cert_der_256, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load ecc ca buffer");
+ }
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
+ }
+ #else
+ load_buffer(ctx, eccCertFile, WOLFSSL_CA);
+ #endif /* !TEST_LOAD_BUFFER */
+ #endif /* HAVE_ECC */
+ #if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
+ if (trustCert) {
+ if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
+ WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load trusted peer cert file");
+ }
+ }
+ #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ }
+ #endif
+ }
+ if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
+ myVerifyAction == VERIFY_USE_PREVERFIY) {
+ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
+ }
+ else if (!usePsk && !useAnon && doPeerCheck == 0) {
+ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
+ }
+ else if (!usePsk && !useAnon && myVerifyAction == VERIFY_OVERRIDE_DATE_ERR) {
+ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
+ }
+#endif /* !NO_CERTS */
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ ret = wolfAsync_DevOpen(&devId);
+ if (ret < 0) {
+ printf("Async device open failed\nRunning without async\n");
+ }
+ wolfSSL_CTX_SetDevId(ctx, devId);
+#endif /* WOLFSSL_ASYNC_CRYPT */
+
+#ifdef HAVE_SNI
+ if (sniHostName) {
+ if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
+ (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("UseSNI failed");
+ }
+ }
+#endif
+#ifdef HAVE_MAX_FRAGMENT
+ if (maxFragment)
+ if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("UseMaxFragment failed");
+ }
+#endif
+#ifdef HAVE_TRUNCATED_HMAC
+ if (truncatedHMAC)
+ if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("UseTruncatedHMAC failed");
+ }
+#endif
+#ifdef HAVE_SESSION_TICKET
+ if (wolfSSL_CTX_UseSessionTicket(ctx) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("UseSessionTicket failed");
+ }
+#endif
+#ifdef HAVE_EXTENDED_MASTER
+ if (disableExtMasterSecret)
+ if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("DisableExtendedMasterSecret failed");
+ }
+#endif
+#if defined(HAVE_SUPPORTED_CURVES)
+ #if defined(HAVE_CURVE25519)
+ if (useX25519) {
+ if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519)
+ != WOLFSSL_SUCCESS) {
+ err_sys("unable to support X25519");
+ }
+ }
+ #endif /* HAVE_CURVE25519 */
+ #if defined(HAVE_CURVE448)
+ if (useX448) {
+ if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448)
+ != WOLFSSL_SUCCESS) {
+ err_sys("unable to support X448");
+ }
+ }
+ #endif /* HAVE_CURVE448 */
+ #ifdef HAVE_ECC
+ if (useSupCurve) {
+ #if !defined(NO_ECC_SECP) && \
+ (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
+ if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1)
+ != WOLFSSL_SUCCESS) {
+ err_sys("unable to support secp384r1");
+ }
+ #endif
+ #if !defined(NO_ECC_SECP) && \
+ (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
+ if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)
+ != WOLFSSL_SUCCESS) {
+ err_sys("unable to support secp256r1");
+ }
+ #endif
+ }
+ #endif /* HAVE_ECC */
+ #ifdef HAVE_FFDHE_2048
+ if (useSupCurve) {
+ if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_FFDHE_2048)
+ != WOLFSSL_SUCCESS) {
+ err_sys("unable to support FFDHE 2048");
+ }
+ }
+ #endif
+#endif /* HAVE_SUPPORTED_CURVES */
+
+#ifdef WOLFSSL_TLS13
+ if (noPskDheKe)
+ wolfSSL_CTX_no_dhe_psk(ctx);
+#endif
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ if (postHandAuth)
+ wolfSSL_CTX_allow_post_handshake_auth(ctx);
+#endif
+
+ if (benchmark) {
+ ((func_args*)args)->return_code =
+ ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
+ benchmark, resumeSession, useX25519,
+ useX448, helloRetry, onlyKeyShare,
+ version, earlyData);
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ XEXIT_T(EXIT_SUCCESS);
+ }
+
+ if (throughput) {
+ ((func_args*)args)->return_code =
+ ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
+ block, throughput, useX25519, useX448,
+ exitWithRet, version, onlyKeyShare);
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ if (!exitWithRet)
+ XEXIT_T(EXIT_SUCCESS);
+ else
+ goto exit;
+ }
+
+ #if defined(WOLFSSL_MDK_ARM)
+ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
+ #endif
+
+ #if defined(OPENSSL_EXTRA)
+ if (wolfSSL_CTX_get_read_ahead(ctx) != 0) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("bad read ahead default value");
+ }
+ if (wolfSSL_CTX_set_read_ahead(ctx, 1) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error setting read ahead value");
+ }
+ #endif
+
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+ fprintf(stderr, "Before creating SSL\n");
+ if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
+ err_sys("ctx not using static memory");
+ if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
+ err_sys("error printing out memory stats");
+#endif
+
+ if (doMcast) {
+#ifdef WOLFSSL_MULTICAST
+ wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
+ if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("Couldn't set multicast cipher list.");
+ }
+#endif
+ }
+
+#ifdef HAVE_PK_CALLBACKS
+ if (pkCallbacks)
+ SetupPkCallbacks(ctx);
+#endif
+
+ ssl = wolfSSL_new(ctx);
+ if (ssl == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("unable to get SSL object");
+ }
+
+#ifndef NO_PSK
+ if (usePsk) {
+ #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(TEST_PSK_USE_SESSION)
+ SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
+ #endif
+ }
+#endif
+
+#ifndef NO_CERTS
+ if (useClientCert && loadCertKeyIntoSSLObj){
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048,
+ sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load client cert buffer");
+ }
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (wolfSSL_use_certificate_chain_file(ssl, ourCert)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load client cert file, check file and run from"
+ " wolfSSL home dir");
+ }
+ #else
+ load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
+ #endif
+ }
+
+ if (loadCertKeyIntoSSLObj
+ #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
+ && !pkCallbacks
+ #endif
+ ) {
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
+ sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+ err_sys("can't load client private key buffer");
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load client private key file, check file and run "
+ "from wolfSSL home dir");
+ }
+ #else
+ load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
+ #endif
+ }
+#endif /* !NO_CERTS */
+
+#ifdef OPENSSL_EXTRA
+ wolfSSL_KeepArrays(ssl);
+#endif
+
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+ fprintf(stderr, "After creating SSL\n");
+ if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
+ err_sys("ctx not using static memory");
+ if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
+ err_sys("error printing out memory stats");
+#endif
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+ if (!helloRetry && version >= 4) {
+ SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, 0);
+ }
+ else {
+ wolfSSL_NoKeyShares(ssl);
+ }
+#endif
+
+ if (doMcast) {
+#ifdef WOLFSSL_MULTICAST
+ /* DTLS multicast secret for testing only */
+ #define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */
+ #define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */
+ byte pms[PMS_SZ]; /* pre master secret */
+ byte cr[CLI_SRV_RANDOM_SZ]; /* client random */
+ byte sr[CLI_SRV_RANDOM_SZ]; /* server random */
+ const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
+
+ XMEMSET(pms, 0x23, sizeof(pms));
+ XMEMSET(cr, 0xA5, sizeof(cr));
+ XMEMSET(sr, 0x5A, sizeof(sr));
+
+ if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("unable to set mcast secret");
+ }
+#endif
+ }
+
+ #ifdef HAVE_SESSION_TICKET
+ wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
+ #endif
+
+#ifdef HAVE_TRUSTED_CA
+ if (trustedCaKeyId) {
+ if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
+ NULL, 0) != WOLFSSL_SUCCESS) {
+ err_sys("UseTrustedCA failed");
+ }
+ }
+#endif
+#ifdef HAVE_ALPN
+ if (alpnList != NULL) {
+ printf("ALPN accepted protocols list : %s\n", alpnList);
+ wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
+ }
+#endif
+
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ if (statusRequest) {
+ if (version == 4 &&
+ (statusRequest == OCSP_STAPLINGV2 || \
+ statusRequest == OCSP_STAPLINGV2_MULTI)) {
+ err_sys("Cannot use OCSP Stapling V2 with TLSv1.3");
+ }
+
+ if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
+ err_sys("can't enable OCSP Stapling Certificate Manager");
+ if (mustStaple) {
+ if (wolfSSL_CTX_EnableOCSPMustStaple(ctx) != WOLFSSL_SUCCESS)
+ err_sys("can't enable OCSP Must Staple");
+ }
+
+ switch (statusRequest) {
+ #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+ case OCSP_STAPLING:
+ if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
+ WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("UseCertificateStatusRequest failed");
+ }
+ break;
+ #endif
+ #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+ case OCSP_STAPLINGV2:
+ if (wolfSSL_UseOCSPStaplingV2(ssl,
+ WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("UseCertificateStatusRequest failed");
+ }
+ break;
+ case OCSP_STAPLINGV2_MULTI:
+ if (wolfSSL_UseOCSPStaplingV2(ssl,
+ WOLFSSL_CSR2_OCSP_MULTI, 0)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("UseCertificateStatusRequest failed");
+ }
+ break;
+ #endif
+ default:
+ err_sys("Invalid OCSP Stapling option");
+ }
+
+ wolfSSL_CTX_EnableOCSP(ctx, 0);
+ }
+#endif
+
+#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
+ !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ if (!doDhKeyCheck)
+ wolfSSL_SetEnableDhKeyTest(ssl, 0);
+#endif
+
+#ifdef HAVE_ENCRYPT_THEN_MAC
+ if (disallowETM)
+ wolfSSL_AllowEncryptThenMac(ssl, 0);
+#endif
+
+
+ tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
+ if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error in setting fd");
+ }
+
+ /* STARTTLS */
+ if (doSTARTTLS) {
+ if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error during STARTTLS protocol");
+ }
+ }
+
+#ifdef HAVE_CRL
+ if (disableCRL == 0 && !useVerifyCb) {
+ #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
+ wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
+ #endif
+
+ if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't enable crl check");
+ }
+ if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't load crl, check crlfile and date validity");
+ }
+ if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't set crl callback");
+ }
+ }
+#endif
+#ifdef HAVE_SECURE_RENEGOTIATION
+ if (scr) {
+ if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't enable secure renegotiation");
+ }
+ }
+#endif
+#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
+ if (atomicUser)
+ SetupAtomicUser(ctx, ssl);
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ if (pkCallbacks)
+ SetupPkCallbackContexts(ssl, &pkCbInfo);
+#endif
+ if (matchName && doPeerCheck)
+ wolfSSL_check_domain_name(ssl, domain);
+#ifndef WOLFSSL_CALLBACKS
+ if (nonBlocking) {
+#ifdef WOLFSSL_DTLS
+ if (doDTLS) {
+ wolfSSL_dtls_set_using_nonblock(ssl, 1);
+ }
+#endif
+ tcp_set_nonblocking(&sockfd);
+ ret = NonBlockingSSL_Connect(ssl);
+ }
+ else {
+#ifdef WOLFSSL_EARLY_DATA
+ if (usePsk && earlyData)
+ EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
+#endif
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_connect(ssl);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ }
+#else
+ timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
+ timeoutConnect.tv_usec = 0;
+ ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
+#endif
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ printf("wolfSSL_connect error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+
+ /* cleanup */
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ CloseSocket(sockfd);
+
+ if (!exitWithRet)
+ err_sys("wolfSSL_connect failed");
+ /* see note at top of README */
+ /* if you're getting an error here */
+
+ ((func_args*)args)->return_code = err;
+ goto exit;
+ }
+
+ showPeerEx(ssl, lng_index);
+
+ /* if the caller requested a particular cipher, check here that either
+ * a canonical name of the established cipher matches the requested
+ * cipher name, or the requested cipher name is marked as an alias
+ * that matches the established cipher.
+ */
+ if (cipherList && !useDefCipherList && (! XSTRSTR(cipherList, ":"))) {
+ WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
+ byte requested_cipherSuite0, requested_cipherSuite;
+ int requested_cipherFlags;
+ if (established_cipher &&
+ /* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
+ (wolfSSL_get_cipher_suite_from_name(cipherList,
+ &requested_cipherSuite0,
+ &requested_cipherSuite,
+ &requested_cipherFlags) == 0)) {
+ word32 established_cipher_id =
+ wolfSSL_CIPHER_get_id(established_cipher);
+ byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
+ byte established_cipherSuite = established_cipher_id & 0xff;
+ const char *established_cipher_name =
+ wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
+ established_cipherSuite);
+ const char *established_cipher_name_iana =
+ wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
+ established_cipherSuite);
+
+ if (established_cipher_name == NULL)
+ err_sys("error looking up name of established cipher");
+
+ if (strcmp(cipherList, established_cipher_name) &&
+ ((established_cipher_name_iana == NULL) ||
+ strcmp(cipherList, established_cipher_name_iana))) {
+ if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
+ err_sys("Unexpected mismatch between names of requested and established ciphers.");
+ else if ((requested_cipherSuite0 != established_cipherSuite0) ||
+ (requested_cipherSuite != established_cipherSuite))
+ err_sys("Mismatch between IDs of requested and established ciphers.");
+ }
+ }
+ }
+
+#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)
+#ifdef HAVE_STRFTIME
+ {
+ struct tm tm;
+ char date[32];
+ ret = wolfSSL_get_ocsp_producedDate_tm(ssl, &tm);
+ if ((ret == 0) && (strftime(date, sizeof date, "%Y-%m-%d %H:%M:%S %z", &tm) > 0))
+ printf("OCSP response timestamp: %s\n", date);
+ }
+#else
+ {
+ byte date[MAX_DATE_SIZE];
+ int asn_date_format;
+ ret = wolfSSL_get_ocsp_producedDate(ssl, date, sizeof date, &asn_date_format);
+ if (ret == 0)
+ printf("OCSP response timestamp: %s (ASN.1 type %d)\n", (char *)date, asn_date_format);
+ }
+#endif
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
+ printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl));
+ {
+ byte* rnd;
+ byte* pt;
+ size_t size;
+
+ /* get size of buffer then print */
+ size = wolfSSL_get_client_random(NULL, NULL, 0);
+ if (size == 0) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error getting client random buffer size");
+ }
+
+ rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (rnd == NULL) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error creating client random buffer");
+ }
+
+ size = wolfSSL_get_client_random(ssl, rnd, size);
+ if (size == 0) {
+ XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error getting client random buffer");
+ }
+
+ printf("Client Random : ");
+ for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
+ printf("\n");
+ XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ }
+#endif
+
+#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
+ defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
+ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
+#if !defined(NO_SESSION_CACHE) && \
+ (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
+ !defined(NO_FILESYSTEM)
+ #ifndef NO_BIO
+ /* print out session to stdout */
+ {
+ WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, BIO_NOCLOSE);
+ if (bio != NULL) {
+ if (wolfSSL_SESSION_print(bio, wolfSSL_get_session(ssl)) !=
+ WOLFSSL_SUCCESS) {
+ wolfSSL_BIO_printf(bio, "BIO error printing session\n");
+ }
+ }
+ wolfSSL_BIO_free(bio);
+ }
+ #endif /* !NO_BIO */
+#endif
+#endif
+
+ if (doSTARTTLS && starttlsProt != NULL) {
+ if (XSTRNCMP(starttlsProt, "smtp", 4) == 0) {
+ if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error closing STARTTLS connection");
+ }
+ }
+
+ wolfSSL_free(ssl); ssl = NULL;
+ CloseSocket(sockfd);
+
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+
+ ((func_args*)args)->return_code = 0;
+ return 0;
+ }
+
+#ifdef HAVE_ALPN
+ if (alpnList != NULL) {
+ char *protocol_name = NULL;
+ word16 protocol_nameSz = 0;
+
+ err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
+ if (err == WOLFSSL_SUCCESS)
+ printf("Received ALPN protocol : %s (%d)\n",
+ protocol_name, protocol_nameSz);
+ else if (err == WOLFSSL_ALPN_NOT_FOUND)
+ printf("No ALPN response received (no match with server)\n");
+ else
+ printf("Getting ALPN protocol name failed\n");
+ }
+#endif
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+ if (scr && forceScr) {
+ if (nonBlocking) {
+ if (!resumeScr) {
+ if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ if (err == WOLFSSL_ERROR_WANT_READ ||
+ err == WOLFSSL_ERROR_WANT_WRITE) {
+ if (scrAppData) {
+ ret = ClientWrite(ssl,
+ "msg sent during renegotiation",
+ sizeof("msg sent during renegotiation") - 1,
+ "", 1);
+ }
+ else {
+ ret = 0;
+ }
+ if (ret != 0) {
+ ret = WOLFSSL_FAILURE;
+ }
+ else {
+ do {
+ if (err == APP_DATA_READY) {
+ if ((ret = wolfSSL_read(ssl, reply,
+ sizeof(reply)-1)) < 0) {
+ err_sys("APP DATA should be present "
+ "but error returned");
+ }
+ printf("Received message during "
+ "renegotiation: %s\n", reply);
+ }
+ err = 0;
+ if ((ret = wolfSSL_connect(ssl))
+ != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, ret);
+ }
+ } while (ret != WOLFSSL_SUCCESS &&
+ (err == WOLFSSL_ERROR_WANT_READ ||
+ err == WOLFSSL_ERROR_WANT_WRITE ||
+ err == APP_DATA_READY));
+ }
+
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ printf("wolfSSL_Rehandshake error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("non-blocking wolfSSL_Rehandshake failed");
+ }
+ printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
+ }
+ else {
+ printf("wolfSSL_Rehandshake error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("non-blocking wolfSSL_Rehandshake failed");
+ }
+ }
+ }
+ else {
+ printf("not doing secure resumption with non-blocking");
+ }
+ } else {
+ if (!resumeScr) {
+ printf("Beginning secure renegotiation.\n");
+ if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+#ifdef WOLFSSL_ASYNC_CRYPT
+ while (err == WC_PENDING_E) {
+ err = 0;
+ ret = wolfSSL_negotiate(ssl);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ }
+ }
+#endif
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("err = %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("wolfSSL_Rehandshake failed");
+ }
+ }
+ else {
+ printf("RENEGOTIATION SUCCESSFUL\n");
+ }
+ }
+ else {
+ printf("Beginning secure resumption.\n");
+ if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+#ifdef WOLFSSL_ASYNC_CRYPT
+ while (err == WC_PENDING_E) {
+ err = 0;
+ ret = wolfSSL_negotiate(ssl);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ }
+ }
+#endif
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("err = %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("wolfSSL_SecureResume failed");
+ }
+ }
+ else {
+ printf("SECURE RESUMPTION SUCCESSFUL\n");
+ }
+ }
+ }
+ }
+#endif /* HAVE_SECURE_RENEGOTIATION */
+
+ XMEMSET(msg, 0, sizeof(msg));
+ if (sendGET) {
+ printf("SSL connect ok, sending GET...\n");
+
+ msgSz = (int)XSTRLEN(kHttpGetMsg);
+ XMEMCPY(msg, kHttpGetMsg, msgSz);
+ }
+ else {
+ msgSz = (int)XSTRLEN(kHelloMsg);
+ XMEMCPY(msg, kHelloMsg, msgSz);
+ }
+
+/* allow some time for exporting the session */
+#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
+ TEST_DELAY();
+#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
+
+#ifdef WOLFSSL_TLS13
+ if (updateKeysIVs)
+ wolfSSL_update_keys(ssl);
+#endif
+
+ err = ClientWrite(ssl, msg, msgSz, "", exitWithRet);
+ if (exitWithRet && (err != 0)) {
+ ((func_args*)args)->return_code = err;
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ goto exit;
+ }
+
+ err = ClientRead(ssl, reply, sizeof(reply)-1, 1, "", exitWithRet);
+ if (exitWithRet && (err != 0)) {
+ ((func_args*)args)->return_code = err;
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ goto exit;
+ }
+
+#if defined(WOLFSSL_TLS13)
+ if (updateKeysIVs || postHandAuth)
+ (void)ClientWrite(ssl, msg, msgSz, "", 0);
+#endif
+
+#ifndef NO_SESSION_CACHE
+ if (resumeSession) {
+ session = wolfSSL_get_session(ssl);
+ }
+#endif
+
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+ defined(HAVE_EXT_CACHE))
+ if (session != NULL && resumeSession) {
+ flatSessionSz = wolfSSL_i2d_SSL_SESSION(session, NULL);
+ if (flatSessionSz != 0) {
+ int checkSz = wolfSSL_i2d_SSL_SESSION(session, &flatSession);
+ if (flatSession == NULL)
+ err_sys("error creating flattened session buffer");
+ if (checkSz != flatSessionSz) {
+ XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ err_sys("flat session size check failure");
+ }
+ }
+ }
+#endif
+
+ if (dtlsUDP == 0) { /* don't send alert after "break" command */
+ ret = wolfSSL_shutdown(ssl);
+ if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+ if (tcp_select(sockfd, DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) {
+ ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+ if (ret == WOLFSSL_SUCCESS)
+ printf("Bidirectional shutdown complete\n");
+ }
+ if (ret != WOLFSSL_SUCCESS)
+ printf("Bidirectional shutdown failed\n");
+ }
+ }
+#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
+ if (atomicUser)
+ FreeAtomicUser(ssl);
+#endif
+
+ /* display collected statistics */
+#ifdef WOLFSSL_STATIC_MEMORY
+ if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+ err_sys("static memory was not used with ssl");
+
+ fprintf(stderr, "\nprint off SSL memory stats\n");
+ fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
+ fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
+ fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
+ fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
+ fprintf(stderr, "current connection allocs = %d\n", ssl_stats.curAlloc);
+ fprintf(stderr, "total connection allocs = %d\n", ssl_stats.totalAlloc);
+ fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
+#endif
+
+ wolfSSL_free(ssl); ssl = NULL;
+ CloseSocket(sockfd);
+
+#ifndef NO_SESSION_CACHE
+ if (resumeSession) {
+ sslResume = wolfSSL_new(ctx);
+ if (sslResume == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("unable to get SSL object");
+ }
+
+#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
+ !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ if (!doDhKeyCheck)
+ wolfSSL_SetEnableDhKeyTest(sslResume, 0);
+#endif
+
+ if (dtlsUDP) {
+ TEST_DELAY();
+ }
+ tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
+ if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(sslResume); sslResume = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("error in setting fd");
+ }
+#ifdef HAVE_ALPN
+ if (alpnList != NULL) {
+ printf("ALPN accepted protocols list : %s\n", alpnList);
+ wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList),
+ alpn_opt);
+ }
+#endif
+#ifdef HAVE_SECURE_RENEGOTIATION
+ if (scr) {
+ if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) {
+ wolfSSL_free(sslResume); sslResume = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't enable secure renegotiation");
+ }
+ }
+#endif
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
+ if (flatSession) {
+ const byte* constFlatSession = flatSession;
+ session = wolfSSL_d2i_SSL_SESSION(NULL,
+ &constFlatSession, flatSessionSz);
+ }
+#endif
+
+ wolfSSL_set_session(sslResume, session);
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
+ if (flatSession) {
+ XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ wolfSSL_SESSION_free(session);
+ }
+#endif
+#ifdef HAVE_SESSION_TICKET
+ wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
+ (void*)"resumed session");
+#endif
+
+#ifndef WOLFSSL_CALLBACKS
+ if (nonBlocking) {
+#ifdef WOLFSSL_DTLS
+ if (doDTLS) {
+ wolfSSL_dtls_set_using_nonblock(sslResume, 1);
+ }
+#endif
+ tcp_set_nonblocking(&sockfd);
+ ret = NonBlockingSSL_Connect(sslResume);
+ }
+ else {
+ #ifdef WOLFSSL_EARLY_DATA
+ #ifndef HAVE_SESSION_TICKET
+ if (!usePsk) {
+ }
+ else
+ #endif
+ if (earlyData) {
+ EarlyData(ctx, sslResume, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
+ }
+ #endif
+ do {
+ err = 0; /* reset error */
+ ret = wolfSSL_connect(sslResume);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(sslResume, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(sslResume,
+ WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ }
+#else
+ timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
+ timeoutConnect.tv_usec = 0;
+ ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
+#endif
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("wolfSSL_connect resume error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(sslResume); sslResume = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("wolfSSL_connect resume failed");
+ }
+
+ showPeerEx(sslResume, lng_index);
+
+ if (wolfSSL_session_reused(sslResume))
+ printf("reused session id\n");
+ else
+ printf("didn't reuse session id!!!\n");
+
+#ifdef HAVE_ALPN
+ if (alpnList != NULL) {
+ char *protocol_name = NULL;
+ word16 protocol_nameSz = 0;
+
+ printf("Sending ALPN accepted list : %s\n", alpnList);
+ err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name,
+ &protocol_nameSz);
+ if (err == WOLFSSL_SUCCESS)
+ printf("Received ALPN protocol : %s (%d)\n",
+ protocol_name, protocol_nameSz);
+ else if (err == WOLFSSL_ALPN_NOT_FOUND)
+ printf("Not received ALPN response (no match with server)\n");
+ else
+ printf("Getting ALPN protocol name failed\n");
+ }
+#endif
+
+ /* allow some time for exporting the session */
+ #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
+ TEST_DELAY();
+ #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+ if (scr && forceScr) {
+ if (nonBlocking) {
+ printf("not doing secure renegotiation on example with"
+ " nonblocking yet\n");
+ } else {
+ if (!resumeScr) {
+ printf("Beginning secure renegotiation.\n");
+ if (wolfSSL_Rehandshake(sslResume) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(sslResume, 0);
+ printf("err = %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(sslResume); sslResume = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("wolfSSL_Rehandshake failed");
+ }
+ else {
+ printf("RENEGOTIATION SUCCESSFUL\n");
+ }
+ }
+ else {
+ printf("Beginning secure resumption.\n");
+ if (wolfSSL_SecureResume(sslResume) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(sslResume, 0);
+ printf("err = %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(sslResume); sslResume = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("wolfSSL_SecureResume failed");
+ }
+ else {
+ printf("SECURE RESUMPTION SUCCESSFUL\n");
+ }
+ }
+ }
+ }
+#endif /* HAVE_SECURE_RENEGOTIATION */
+
+ XMEMSET(msg, 0, sizeof(msg));
+ if (sendGET) {
+ msgSz = (int)XSTRLEN(kHttpGetMsg);
+ XMEMCPY(msg, kHttpGetMsg, msgSz);
+ }
+ else {
+ msgSz = (int)XSTRLEN(kResumeMsg);
+ XMEMCPY(msg, kResumeMsg, msgSz);
+ }
+ (void)ClientWrite(sslResume, msg, msgSz, " resume", 0);
+
+ (void)ClientRead(sslResume, reply, sizeof(reply)-1, sendGET,
+ "Server resume: ", 0);
+
+ ret = wolfSSL_shutdown(sslResume);
+ if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
+ wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
+
+ /* display collected statistics */
+ #ifdef WOLFSSL_STATIC_MEMORY
+ if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
+ err_sys("static memory was not used with ssl");
+
+ fprintf(stderr, "\nprint off SSLresume memory stats\n");
+ fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
+ fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
+ fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
+ fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
+ fprintf(stderr, "current connection allocs = %d\n", ssl_stats.curAlloc);
+ fprintf(stderr, "total connection allocs = %d\n", ssl_stats.totalAlloc);
+ fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
+ #endif
+
+ wolfSSL_free(sslResume); sslResume = NULL;
+ CloseSocket(sockfd);
+ }
+#endif /* !NO_SESSION_CACHE */
+
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+
+ ((func_args*)args)->return_code = 0;
+
+exit:
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ wolfsentry_ret = wolfsentry_shutdown(&wolfsentry);
+ if (wolfsentry_ret < 0) {
+ fprintf(stderr,
+ "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
+ }
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ wolfAsync_DevClose(&devId);
+#endif
+
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
+ && defined(HAVE_STACK_SIZE)
+ wc_ecc_fp_free(); /* free per thread cache */
+#endif
+
+ /* There are use cases when these assignments are not read. To avoid
+ * potential confusion those warnings have been handled here.
+ */
+ (void) useClientCert;
+ (void) verifyCert;
+ (void) ourCert;
+ (void) ourKey;
+ (void) useVerifyCb;
+
+#if !defined(WOLFSSL_TIRTOS)
+ return 0;
+#endif
+}
+
+#endif /* !NO_WOLFSSL_CLIENT */
+
+
+/* so overall tests can pull in test function */
+#ifndef NO_MAIN_DRIVER
+
+ int main(int argc, char** argv)
+ {
+ func_args args;
+
+
+ StartTCP();
+
+ args.argc = argc;
+ args.argv = argv;
+ args.return_code = 0;
+
+#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
+ wolfSSL_Debugging_ON();
+#endif
+ wolfSSL_Init();
+ ChangeToWolfRoot();
+
+#ifndef NO_WOLFSSL_CLIENT
+#ifdef HAVE_STACK_SIZE
+ StackSizeCheck(&args, client_test);
+#else
+ client_test(&args);
+#endif
+#else
+ printf("Client not compiled in!\n");
+#endif
+ wolfSSL_Cleanup();
+
+#ifdef HAVE_WNR
+ if (wc_FreeNetRandom() < 0)
+ err_sys("Failed to free netRandom context");
+#endif /* HAVE_WNR */
+
+ return args.return_code;
+ }
+
+ int myoptind = 0;
+ char* myoptarg = NULL;
+
+#endif /* NO_MAIN_DRIVER */
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/echoclient.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/echoclient.c
new file mode 100644
index 0000000..105b024
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/echoclient.c
@@ -0,0 +1,409 @@
+/* echoclient.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+/* let's use cyassl layer AND cyassl openssl layer */
+#include <cyassl/ssl.h>
+#include <cyassl/openssl/ssl.h>
+#ifdef CYASSL_DTLS
+ #include <cyassl/error-ssl.h>
+#endif
+
+#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ #include <stdio.h>
+ #include <string.h>
+ #include "cmsis_os.h"
+ #include "rl_fs.h"
+ #include "rl_net.h"
+ #include "wolfssl_MDK_ARM.h"
+#endif
+
+#include <cyassl/test.h>
+
+#include <examples/echoclient/echoclient.h>
+
+#ifndef NO_WOLFSSL_CLIENT
+
+
+#ifdef NO_FILESYSTEM
+#ifdef NO_RSA
+#error currently the example only tries to load in a RSA buffer
+#endif
+#undef USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ static int devId = INVALID_DEVID;
+#endif
+
+
+void echoclient_test(void* args)
+{
+ SOCKET_T sockfd = 0;
+
+ FILE* fin = stdin ;
+ FILE* fout = stdout;
+
+#ifndef WOLFSSL_MDK_SHELL
+ int inCreated = 0;
+ int outCreated = 0;
+#endif
+
+ char msg[1024];
+ char reply[1024+1];
+
+ SSL_METHOD* method = 0;
+ SSL_CTX* ctx = 0;
+ SSL* ssl = 0;
+
+ int ret = 0, err = 0;
+ int doDTLS = 0;
+ int doPSK = 0;
+ int sendSz;
+#ifndef WOLFSSL_MDK_SHELL
+ int argc = 0;
+ char** argv = 0;
+#endif
+ word16 port;
+ char buffer[CYASSL_MAX_ERROR_SZ];
+
+ ((func_args*)args)->return_code = -1; /* error state */
+
+#ifndef WOLFSSL_MDK_SHELL
+ argc = ((func_args*)args)->argc;
+ argv = ((func_args*)args)->argv;
+
+ if (argc >= 2) {
+ fin = fopen(argv[1], "r");
+ inCreated = 1;
+ }
+ if (argc >= 3) {
+ fout = fopen(argv[2], "w");
+ outCreated = 1;
+ }
+#endif
+
+ if (!fin) err_sys("can't open input file");
+ if (!fout) err_sys("can't open output file");
+
+#ifdef CYASSL_DTLS
+ doDTLS = 1;
+#endif
+
+#ifdef CYASSL_LEANPSK
+ doPSK = 1;
+#endif
+#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
+ !defined(HAVE_ED448)
+ doPSK = 1;
+#endif
+ (void)doPSK;
+
+#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_SHELL)
+ port = ((func_args*)args)->signal->port;
+#else
+ port = yasslPort;
+#endif
+
+#if defined(CYASSL_DTLS)
+ method = DTLSv1_2_client_method();
+#elif !defined(NO_TLS)
+ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)
+ method = CyaTLSv1_2_client_method();
+ #else
+ method = CyaSSLv23_client_method();
+ #endif
+#elif defined(WOLFSSL_ALLOW_SSLV3)
+ method = SSLv3_client_method();
+#else
+ #error "no valid client method type"
+#endif
+ ctx = SSL_CTX_new(method);
+
+#ifndef NO_FILESYSTEM
+ #ifndef NO_RSA
+ if (SSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
+ err_sys("can't load ca file, Please run from wolfSSL home dir");
+ #endif
+ #ifdef HAVE_ECC
+ if (SSL_CTX_load_verify_locations(ctx, caEccCertFile, 0) != WOLFSSL_SUCCESS)
+ err_sys("can't load ca file, Please run from wolfSSL home dir");
+ #elif defined(HAVE_ED25519)
+ if (SSL_CTX_load_verify_locations(ctx, caEdCertFile, 0) != WOLFSSL_SUCCESS)
+ err_sys("can't load ca file, Please run from wolfSSL home dir");
+ #elif defined(HAVE_ED448)
+ if (SSL_CTX_load_verify_locations(ctx, caEd448CertFile, 0) != WOLFSSL_SUCCESS)
+ err_sys("can't load ca file, Please run from wolfSSL home dir");
+ #endif
+#elif !defined(NO_CERTS)
+ if (!doPSK)
+ if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
+ sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+ err_sys("can't load ca buffer");
+#endif
+
+#if defined(CYASSL_SNIFFER)
+ /* Only set if not running testsuite */
+ if (XSTRSTR(argv[0], "testsuite") != 0) {
+ /* don't use EDH, can't sniff tmp keys */
+ SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
+ }
+#endif
+#ifndef NO_PSK
+ if (doPSK) {
+ const char *defaultCipherList;
+
+ CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
+ #ifdef HAVE_NULL_CIPHER
+ defaultCipherList = "PSK-NULL-SHA256";
+ #elif defined(HAVE_AESGCM) && !defined(NO_DH)
+ #ifdef WOLFSSL_TLS13
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":DHE-PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #else
+ defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+ #endif
+ #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":DHE-PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #else
+ defaultCipherList = "PSK-AES128-CBC-SHA256";
+ #endif
+ if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=WOLFSSL_SUCCESS)
+ err_sys("client can't set cipher list 2");
+ wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
+ }
+#endif
+
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
+#endif
+
+#if defined(WOLFSSL_MDK_ARM)
+ CyaSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ ret = wolfAsync_DevOpen(&devId);
+ if (ret < 0) {
+ printf("Async device open failed\nRunning without async\n");
+ }
+ wolfSSL_CTX_SetDevId(ctx, devId);
+#endif /* WOLFSSL_ASYNC_CRYPT */
+
+ ssl = SSL_new(ctx);
+ tcp_connect(&sockfd, yasslIP, port, doDTLS, 0, ssl);
+
+ SSL_set_fd(ssl, sockfd);
+#if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
+ /* let echoserver bind first, TODO: add Windows signal like pthreads does */
+ Sleep(100);
+#endif
+
+ do {
+ err = 0; /* Reset error */
+ ret = SSL_connect(ssl);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("SSL_connect error %d, %s\n", err,
+ ERR_error_string(err, buffer));
+ err_sys("SSL_connect failed");
+ }
+
+ while (fgets(msg, sizeof(msg), fin) != 0) {
+
+ sendSz = (int)XSTRLEN(msg);
+
+ do {
+ err = 0; /* reset error */
+ ret = SSL_write(ssl, msg, sendSz);
+ if (ret <= 0) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != sendSz) {
+ printf("SSL_write msg error %d, %s\n", err,
+ ERR_error_string(err, buffer));
+ err_sys("SSL_write failed");
+ }
+
+ if (strncmp(msg, "quit", 4) == 0) {
+ fputs("sending server shutdown command: quit!\n", fout);
+ break;
+ }
+
+ if (strncmp(msg, "break", 5) == 0) {
+ fputs("sending server session close: break!\n", fout);
+ break;
+ }
+
+ #ifndef WOLFSSL_MDK_SHELL
+ while (sendSz)
+ #endif
+ {
+ do {
+ err = 0; /* reset error */
+ ret = SSL_read(ssl, reply, sizeof(reply)-1);
+ if (ret <= 0) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret > 0) {
+ reply[ret] = 0;
+ fputs(reply, fout);
+ fflush(fout) ;
+ sendSz -= ret;
+ }
+#ifdef CYASSL_DTLS
+ else if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+ /* This condition is OK. The packet should be dropped
+ * silently when there is a decrypt or MAC error on
+ * a DTLS record. */
+ sendSz = 0;
+ }
+#endif
+ else {
+ printf("SSL_read msg error %d, %s\n", err,
+ ERR_error_string(err, buffer));
+ err_sys("SSL_read failed");
+
+ #ifndef WOLFSSL_MDK_SHELL
+ break;
+ #endif
+ }
+ }
+ }
+
+
+#ifdef CYASSL_DTLS
+ strncpy(msg, "break", 6);
+ sendSz = (int)strlen(msg);
+ /* try to tell server done */
+ do {
+ err = 0; /* reset error */
+ ret = SSL_write(ssl, msg, sendSz);
+ if (ret <= 0) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+#else
+ SSL_shutdown(ssl);
+#endif
+
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ wolfAsync_DevClose(&devId);
+#endif
+
+ fflush(fout);
+#ifndef WOLFSSL_MDK_SHELL
+ if (inCreated) fclose(fin);
+ if (outCreated) fclose(fout);
+#endif
+
+ CloseSocket(sockfd);
+ ((func_args*)args)->return_code = 0;
+}
+
+#endif /* !NO_WOLFSSL_CLIENT */
+
+/* so overall tests can pull in test function */
+#ifndef NO_MAIN_DRIVER
+
+ int main(int argc, char** argv)
+ {
+ func_args args;
+
+#ifdef HAVE_WNR
+ if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
+ err_sys("Whitewood netRandom global config failed");
+#endif
+
+ StartTCP();
+
+ args.argc = argc;
+ args.argv = argv;
+ args.return_code = 0;
+
+ CyaSSL_Init();
+#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
+ CyaSSL_Debugging_ON();
+#endif
+#ifndef CYASSL_TIRTOS
+ ChangeToWolfRoot();
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+ echoclient_test(&args);
+#endif
+
+ CyaSSL_Cleanup();
+
+#ifdef HAVE_WNR
+ if (wc_FreeNetRandom() < 0)
+ err_sys("Failed to free netRandom context");
+#endif /* HAVE_WNR */
+
+ return args.return_code;
+ }
+
+#endif /* NO_MAIN_DRIVER */
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/echoserver.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/echoserver.c
new file mode 100644
index 0000000..fc36a26
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/echoserver.c
@@ -0,0 +1,576 @@
+/* echoserver.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <cyassl/ssl.h> /* name change portability layer */
+#include <cyassl/ctaocrypt/settings.h>
+#ifdef HAVE_ECC
+ #include <cyassl/ctaocrypt/ecc.h> /* ecc_fp_free */
+#endif
+
+#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ #include <stdio.h>
+ #include <string.h>
+ #include "cmsis_os.h"
+ #include "rl_fs.h"
+ #include "rl_net.h"
+ #include "wolfssl_MDK_ARM.h"
+#endif
+
+#include <cyassl/ssl.h>
+#include <cyassl/test.h>
+
+#ifndef NO_MAIN_DRIVER
+ #define ECHO_OUT
+#endif
+
+#include "examples/echoserver/echoserver.h"
+
+#ifndef NO_WOLFSSL_SERVER
+
+#ifdef NO_FILESYSTEM
+#ifdef NO_RSA
+#error currently the example only tries to load in a RSA buffer
+#endif
+#undef USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ static int devId = INVALID_DEVID;
+#endif
+
+#define SVR_COMMAND_SIZE 256
+
+static void SignalReady(void* args, word16 port)
+{
+#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
+ /* signal ready to tcp_accept */
+ func_args* server_args = (func_args*)args;
+ tcp_ready* ready = server_args->signal;
+ pthread_mutex_lock(&ready->mutex);
+ ready->ready = 1;
+ ready->port = port;
+ pthread_cond_signal(&ready->cond);
+ pthread_mutex_unlock(&ready->mutex);
+#endif
+ (void)args;
+ (void)port;
+}
+
+
+THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
+{
+ SOCKET_T sockfd = 0;
+ CYASSL_METHOD* method = 0;
+ CYASSL_CTX* ctx = 0;
+
+ int ret = 0;
+ int doDTLS = 0;
+ int doPSK;
+ int outCreated = 0;
+ int shutDown = 0;
+ int useAnyAddr = 0;
+ word16 port;
+ int argc = ((func_args*)args)->argc;
+ char** argv = ((func_args*)args)->argv;
+ char buffer[CYASSL_MAX_ERROR_SZ];
+
+#ifdef ECHO_OUT
+ FILE* fout = stdout;
+ if (argc >= 2) {
+ fout = fopen(argv[1], "w");
+ outCreated = 1;
+ }
+ if (!fout) err_sys("can't open output file");
+#endif
+ (void)outCreated;
+ (void)argc;
+ (void)argv;
+
+ ((func_args*)args)->return_code = -1; /* error state */
+
+#ifdef CYASSL_DTLS
+ doDTLS = 1;
+#endif
+
+#if (defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
+ !defined(HAVE_ED448)) || defined(CYASSL_LEANPSK)
+ doPSK = 1;
+#else
+ doPSK = 0;
+#endif
+
+#if defined(NO_MAIN_DRIVER) && !defined(CYASSL_SNIFFER) && \
+ !defined(WOLFSSL_MDK_SHELL) && !defined(CYASSL_TIRTOS) && \
+ !defined(USE_WINDOWS_API)
+ /* Let tcp_listen assign port */
+ port = 0;
+#else
+ /* Use default port */
+ port = wolfSSLPort;
+#endif
+
+#if defined(USE_ANY_ADDR)
+ useAnyAddr = 1;
+#endif
+
+#ifdef CYASSL_TIRTOS
+ fdOpenSession(Task_self());
+#endif
+
+ tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
+
+#if defined(CYASSL_DTLS)
+ method = CyaDTLSv1_2_server_method();
+#elif !defined(NO_TLS)
+ #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)) || \
+ defined(HAVE_NTRU)
+ method = CyaTLSv1_2_server_method();
+ #else
+ method = CyaSSLv23_server_method();
+ #endif
+#elif defined(WOLFSSL_ALLOW_SSLV3)
+ method = CyaSSLv3_server_method();
+#else
+ #error "no valid server method built in"
+#endif
+ ctx = CyaSSL_CTX_new(method);
+ /* CyaSSL_CTX_set_session_cache_mode(ctx, WOLFSSL_SESS_CACHE_OFF); */
+
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
+#endif
+
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
+ if (TicketInit() != 0)
+ err_sys("unable to setup Session Ticket Key context");
+ wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
+#endif
+
+#ifndef NO_FILESYSTEM
+ if (doPSK == 0) {
+ #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
+ /* ntru */
+ if (CyaSSL_CTX_use_certificate_file(ctx, ntruCertFile, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load ntru cert file, "
+ "Please run from wolfSSL home dir");
+
+ if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKeyFile)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load ntru key file, "
+ "Please run from wolfSSL home dir");
+ #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
+ /* ecc */
+ if (CyaSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server cert file, "
+ "Please run from wolfSSL home dir");
+
+ if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server key file, "
+ "Please run from wolfSSL home dir");
+ #elif defined(HAVE_ED25519) && !defined(CYASSL_SNIFFER)
+ /* ed25519 */
+ if (CyaSSL_CTX_use_certificate_chain_file(ctx, edCertFile)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server cert file, "
+ "Please run from wolfSSL home dir");
+
+ if (CyaSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server key file, "
+ "Please run from wolfSSL home dir");
+ #elif defined(HAVE_ED448) && !defined(CYASSL_SNIFFER)
+ /* ed448 */
+ if (CyaSSL_CTX_use_certificate_chain_file(ctx, ed448CertFile)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server cert file, "
+ "Please run from wolfSSL home dir");
+
+ if (CyaSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
+ WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
+ err_sys("can't load server key file, "
+ "Please run from wolfSSL home dir");
+ #elif defined(NO_CERTS)
+ /* do nothing, just don't load cert files */
+ #else
+ /* normal */
+ if (CyaSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server cert file, "
+ "Please run from wolfSSL home dir");
+
+ if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server key file, "
+ "Please run from wolfSSL home dir");
+ #endif
+ } /* doPSK */
+#elif !defined(NO_CERTS)
+ if (!doPSK) {
+ if (CyaSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
+ sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server cert buffer");
+
+ if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
+ sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)
+ != WOLFSSL_SUCCESS)
+ err_sys("can't load server key buffer");
+ }
+#endif
+
+#if defined(CYASSL_SNIFFER)
+ /* Only set if not running testsuite */
+ if (XSTRSTR(argv[0], "testsuite") != 0) {
+ /* don't use EDH, can't sniff tmp keys */
+ CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
+ }
+#endif
+
+ if (doPSK) {
+#ifndef NO_PSK
+ const char *defaultCipherList;
+
+ CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
+ CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+ #ifdef HAVE_NULL_CIPHER
+ defaultCipherList = "PSK-NULL-SHA256";
+ #elif defined(HAVE_AESGCM) && !defined(NO_DH)
+ #ifdef WOLFSSL_TLS13
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":DHE-PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #else
+ defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+ #endif
+ #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #else
+ defaultCipherList = "PSK-AES128-CBC-SHA256";
+ #endif
+ if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS)
+ err_sys("server can't set cipher list 2");
+ wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
+#endif
+ }
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ ret = wolfAsync_DevOpen(&devId);
+ if (ret < 0) {
+ printf("Async device open failed\nRunning without async\n");
+ }
+ wolfSSL_CTX_SetDevId(ctx, devId);
+#endif /* WOLFSSL_ASYNC_CRYPT */
+
+ SignalReady(args, port);
+
+ while (!shutDown) {
+ CYASSL* ssl = NULL;
+ CYASSL* write_ssl = NULL; /* may have separate w/ HAVE_WRITE_DUP */
+ char command[SVR_COMMAND_SIZE+1];
+ int echoSz = 0;
+ int clientfd;
+ int firstRead = 1;
+ int gotFirstG = 0;
+ int err = 0;
+ SOCKADDR_IN_T client;
+ socklen_t client_len = sizeof(client);
+#ifndef CYASSL_DTLS
+ clientfd = accept(sockfd, (struct sockaddr*)&client,
+ (ACCEPT_THIRD_T)&client_len);
+#else
+ clientfd = sockfd;
+ {
+ /* For DTLS, peek at the next datagram so we can get the client's
+ * address and set it into the ssl object later to generate the
+ * cookie. */
+ int n;
+ byte b[1500];
+ n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
+ (struct sockaddr*)&client, &client_len);
+ if (n <= 0)
+ err_sys("recvfrom failed");
+ }
+#endif
+ if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) err_sys("tcp accept failed");
+
+ ssl = CyaSSL_new(ctx);
+ if (ssl == NULL) err_sys("SSL_new failed");
+ CyaSSL_set_fd(ssl, clientfd);
+ #ifdef CYASSL_DTLS
+ wolfSSL_dtls_set_peer(ssl, &client, client_len);
+ #endif
+ #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
+ CyaSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+ #elif !defined(NO_DH)
+ SetDH(ssl); /* will repick suites with DHE, higher than PSK */
+ #endif
+
+ do {
+ err = 0; /* Reset error */
+ ret = CyaSSL_accept(ssl);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = CyaSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("SSL_accept error = %d, %s\n", err,
+ CyaSSL_ERR_error_string(err, buffer));
+ printf("SSL_accept failed\n");
+ CyaSSL_free(ssl);
+ CloseSocket(clientfd);
+ continue;
+ }
+#if defined(PEER_INFO)
+ showPeer(ssl);
+#endif
+
+#ifdef HAVE_WRITE_DUP
+ write_ssl = wolfSSL_write_dup(ssl);
+ if (write_ssl == NULL) {
+ printf("wolfSSL_write_dup failed\n");
+ CyaSSL_free(ssl);
+ CloseSocket(clientfd);
+ continue;
+ }
+#else
+ write_ssl = ssl;
+#endif
+
+ while (1) {
+ do {
+ err = 0; /* reset error */
+ ret = CyaSSL_read(ssl, command, sizeof(command)-1);
+ if (ret <= 0) {
+ err = CyaSSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret <= 0) {
+ if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){
+ printf("SSL_read echo error %d, %s!\n", err,
+ CyaSSL_ERR_error_string(err, buffer));
+ }
+ break;
+ }
+
+ echoSz = ret;
+
+ if (firstRead == 1) {
+ firstRead = 0; /* browser may send 1 byte 'G' to start */
+ if (echoSz == 1 && command[0] == 'G') {
+ gotFirstG = 1;
+ continue;
+ }
+ }
+ else if (gotFirstG == 1 && strncmp(command, "ET /", 4) == 0) {
+ strncpy(command, "GET", 4);
+ /* fall through to normal GET */
+ }
+
+ if ( strncmp(command, "quit", 4) == 0) {
+ printf("client sent quit command: shutting down!\n");
+ shutDown = 1;
+ break;
+ }
+ if ( strncmp(command, "break", 5) == 0) {
+ printf("client sent break command: closing session!\n");
+ break;
+ }
+#ifdef PRINT_SESSION_STATS
+ if ( strncmp(command, "printstats", 10) == 0) {
+ CyaSSL_PrintSessionStats();
+ break;
+ }
+#endif
+ if (strncmp(command, "GET", 3) == 0) {
+ const char resp[] =
+ "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"
+ "<html><body BGCOLOR=\"#ffffff\"><pre>\r\n"
+ "greetings from wolfSSL\r\n</pre></body></html>\r\n\r\n";
+
+ echoSz = (int)strlen(resp) + 1;
+ if (echoSz > (int)sizeof(command)) {
+ /* Internal error. */
+ err_sys("HTTP response greater than buffer.");
+ }
+ strncpy(command, resp, sizeof(command));
+
+ do {
+ err = 0; /* reset error */
+ ret = CyaSSL_write(write_ssl, command, echoSz);
+ if (ret <= 0) {
+ err = CyaSSL_get_error(write_ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != echoSz) {
+ printf("SSL_write get error = %d, %s\n", err,
+ CyaSSL_ERR_error_string(err, buffer));
+ err_sys("SSL_write get failed");
+ }
+ break;
+ }
+ command[echoSz] = 0;
+
+ #ifdef ECHO_OUT
+ fputs(command, fout);
+ #endif
+
+ do {
+ err = 0; /* reset error */
+ ret = CyaSSL_write(write_ssl, command, echoSz);
+ if (ret <= 0) {
+ err = CyaSSL_get_error(write_ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+
+ if (ret != echoSz) {
+ printf("SSL_write echo error = %d, %s\n", err,
+ CyaSSL_ERR_error_string(err, buffer));
+ err_sys("SSL_write echo failed");
+ }
+ }
+#ifndef CYASSL_DTLS
+ CyaSSL_shutdown(ssl);
+#endif
+#ifdef HAVE_WRITE_DUP
+ CyaSSL_free(write_ssl);
+#endif
+ CyaSSL_free(ssl);
+ CloseSocket(clientfd);
+#ifdef CYASSL_DTLS
+ tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
+ SignalReady(args, port);
+#endif
+ }
+
+ CloseSocket(sockfd);
+ CyaSSL_CTX_free(ctx);
+
+#ifdef ECHO_OUT
+ if (outCreated)
+ fclose(fout);
+#endif
+
+ ((func_args*)args)->return_code = 0;
+
+#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
+ && defined(HAVE_THREAD_LS)
+ ecc_fp_free(); /* free per thread cache */
+#endif
+
+#ifdef CYASSL_TIRTOS
+ fdCloseSession(Task_self());
+#endif
+
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
+ TicketCleanup();
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ wolfAsync_DevClose(&devId);
+#endif
+
+#ifndef CYASSL_TIRTOS
+ return 0;
+#endif
+}
+
+#endif /* !NO_WOLFSSL_SERVER */
+
+
+/* so overall tests can pull in test function */
+#ifndef NO_MAIN_DRIVER
+
+ int main(int argc, char** argv)
+ {
+ func_args args;
+
+#ifdef HAVE_WNR
+ if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
+ err_sys("Whitewood netRandom global config failed");
+#endif
+
+ StartTCP();
+
+ args.argc = argc;
+ args.argv = argv;
+ args.return_code = 0;
+
+ CyaSSL_Init();
+#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
+ CyaSSL_Debugging_ON();
+#endif
+ ChangeToWolfRoot();
+#ifndef NO_WOLFSSL_SERVER
+ echoserver_test(&args);
+#endif
+ CyaSSL_Cleanup();
+
+#ifdef HAVE_WNR
+ if (wc_FreeNetRandom() < 0)
+ err_sys("Failed to free netRandom context");
+#endif /* HAVE_WNR */
+
+ return args.return_code;
+ }
+
+#endif /* NO_MAIN_DRIVER */
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-client-dtls.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-client-dtls.c
new file mode 100644
index 0000000..8022e50
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-client-dtls.c
@@ -0,0 +1,130 @@
+/* sctp-client-dtls.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* wolfssl */
+#ifndef WOLFSSL_USER_SETTINGS
+ #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+/* sctp */
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+/* std */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define cacert "./certs/ca-cert.pem"
+
+static int err_sys(const char* msg)
+{
+ perror(msg);
+ exit(EXIT_FAILURE);
+}
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+
+int main()
+{
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+ int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
+
+ if (sd < 0)
+ err_sys("sctp socket error");
+
+ struct sockaddr_in sa;
+ memset(&sa, 0, sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_addr.s_addr = inet_addr("127.0.0.1");
+ sa.sin_port = htons(12345);
+
+ int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
+ if (ret < 0)
+ err_sys("sctp connect error");
+
+ const char* response = "hello there";
+ char buffer[80];
+
+ WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
+ if (ctx == NULL)
+ err_sys("ctx new dtls client failed");
+
+ ret = wolfSSL_CTX_dtls_set_sctp(ctx);
+ if (ret != WOLFSSL_SUCCESS)
+ err_sys("set sctp mode failed");
+
+ ret = wolfSSL_CTX_load_verify_locations(ctx, cacert, NULL);
+ if (ret != WOLFSSL_SUCCESS)
+ err_sys("ca cert error");
+
+ WOLFSSL* ssl = wolfSSL_new(ctx);
+ if (ssl == NULL)
+ err_sys("ssl new dtls client failed");
+
+ wolfSSL_set_fd(ssl, sd);
+
+ ret = wolfSSL_connect(ssl);
+ if (ret != WOLFSSL_SUCCESS)
+ err_sys("ssl connect failed");
+
+ printf("TLS version is %s\n", wolfSSL_get_version(ssl));
+ printf("Cipher Suite is %s\n",
+ wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
+
+ wolfSSL_write(ssl, response, (int)strlen(response));
+ int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
+ if (got > 0) {
+ buffer[got] = 0;
+ printf("server said: %s\n", buffer);
+ }
+
+ unsigned char bigBuf[4096];
+ unsigned int i;
+
+ for (i = 0; i < (int)sizeof(bigBuf); i++)
+ bigBuf[i] = (unsigned char)(i & 0xFF);
+ wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
+ memset(bigBuf, 0, sizeof(bigBuf));
+
+ wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
+ for (i = 0; i < sizeof(bigBuf); i++) {
+ if (bigBuf[i] != (unsigned char)(i & 0xFF)) {
+ printf("big message check fail\n");
+ break;
+ }
+ }
+
+ wolfSSL_shutdown(ssl);
+ wolfSSL_free(ssl);
+ wolfSSL_CTX_free(ctx);
+
+ close(sd);
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+
+ return 0;
+}
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-client.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-client.c
new file mode 100644
index 0000000..9a55cd2
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-client.c
@@ -0,0 +1,72 @@
+/* sctp-client.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_USER_SETTINGS
+ #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_SCTP
+
+/* sctp */
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+/* std */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#endif /* WOLFSSL_SCTP */
+
+int main()
+{
+#ifdef WOLFSSL_SCTP
+ int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
+
+ if (sd < 0)
+ perror("sctp socket error");
+
+ struct sockaddr_in sa;
+ memset(&sa, 0, sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_addr.s_addr = inet_addr("127.0.0.1");
+ sa.sin_port = htons(12345);
+
+ int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
+ if (ret < 0)
+ perror("sctp connect error");
+
+ const char* msg = "hello sctp";
+ char buffer[80];
+
+ send(sd, msg, strlen(msg), 0);
+ int got = (int)recv(sd, buffer, sizeof(buffer), 0);
+ if (got > 0) {
+ buffer[got] = 0;
+ printf("server said: %s\n", buffer);
+ }
+
+ close(sd);
+#endif /* WOLFSSL_SCTP */
+ return 0;
+}
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-server-dtls.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-server-dtls.c
new file mode 100644
index 0000000..5d14ca8
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-server-dtls.c
@@ -0,0 +1,128 @@
+/* sctp-server-dtls.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* wolfssl */
+#ifndef WOLFSSL_USER_SETTINGS
+ #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+/* sctp */
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+
+/* std */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+
+#define key "./certs/server-key.pem"
+#define cert "./certs/server-cert.pem"
+
+static int err_sys(const char* msg)
+{
+ perror(msg);
+ exit(EXIT_FAILURE);
+}
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+
+int main()
+{
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+ int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
+
+ if (sd < 0)
+ err_sys("sctp socket error");
+
+ struct sockaddr_in sa;
+ memset(&sa, 0, sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_addr.s_addr = htonl(INADDR_ANY);
+ sa.sin_port = htons(12345);
+
+ int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
+ if (ret < 0)
+ err_sys("sctp bind error");
+
+ listen(sd, 3);
+
+ int client_sd = accept(sd, NULL, NULL);
+ if (client_sd < 0)
+ err_sys("sctp accept error");
+
+ const char* response = "well hello to you";
+ char buffer[80];
+
+ WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
+ if (ctx == NULL)
+ err_sys("ctx new dtls server failed");
+
+ ret = wolfSSL_CTX_dtls_set_sctp(ctx);
+ if (ret != WOLFSSL_SUCCESS)
+ err_sys("set sctp mode failed");
+
+ ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, WOLFSSL_FILETYPE_PEM);
+ if (ret != WOLFSSL_SUCCESS)
+ err_sys("use private key error");
+
+ ret = wolfSSL_CTX_use_certificate_file(ctx, cert, WOLFSSL_FILETYPE_PEM);
+ if (ret != WOLFSSL_SUCCESS)
+ err_sys("use cert error");
+
+ WOLFSSL* ssl = wolfSSL_new(ctx);
+ if (ssl == NULL)
+ err_sys("ssl new dtls server failed");
+
+ wolfSSL_set_fd(ssl, client_sd);
+
+ ret = wolfSSL_accept(ssl);
+ if (ret != WOLFSSL_SUCCESS)
+ err_sys("ssl accept failed");
+
+ printf("TLS version is %s\n", wolfSSL_get_version(ssl));
+ printf("Cipher Suite is %s\n",
+ wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
+
+ int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
+ if (got > 0) {
+ buffer[got] = 0;
+ printf("client said: %s\n", buffer);
+ }
+ wolfSSL_write(ssl, response, (int)strlen(response));
+
+ unsigned char bigBuf[4096];
+
+ wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
+ wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
+
+ wolfSSL_shutdown(ssl);
+ wolfSSL_free(ssl);
+ wolfSSL_CTX_free(ctx);
+
+ close(sd);
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+ return 0;
+}
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-server.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-server.c
new file mode 100644
index 0000000..75034ca
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/sctp-server.c
@@ -0,0 +1,77 @@
+/* sctp-server.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_USER_SETTINGS
+ #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_SCTP
+/* sctp */
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+
+/* std */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#endif /* WOLFSSL_SCTP */
+
+int main()
+{
+#ifdef WOLFSSL_SCTP
+ int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
+
+ if (sd < 0)
+ perror("sctp socket error");
+
+ struct sockaddr_in sa;
+ memset(&sa, 0, sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_addr.s_addr = htonl(INADDR_ANY);
+ sa.sin_port = htons(12345);
+
+ int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
+ if (ret < 0)
+ perror("sctp bind error");
+
+ listen(sd, 3);
+
+ int client_sd = accept(sd, NULL, NULL);
+ if (client_sd < 0)
+ perror("sctp accept error");
+
+ const char* response = "hi there";
+ char buffer[80];
+
+ int got = (int)recv(client_sd, buffer, sizeof(buffer), 0);
+ if (got > 0) {
+ buffer[got] = 0;
+ printf("client said: %s\n", buffer);
+ }
+ send(client_sd, response, strlen(response), 0);
+
+
+ close(sd);
+#endif /* WOLFSSL_SCTP */
+ return 0;
+}
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/server.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/server.c
new file mode 100644
index 0000000..c787c2c
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/server.c
@@ -0,0 +1,3164 @@
+/* server.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#ifndef WOLFSSL_USER_SETTINGS
+ #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#include <wolfssl/ssl.h> /* name change portability layer */
+
+#ifdef HAVE_ECC
+ #include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
+#endif
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+#include <wolfsentry/wolfsentry.h>
+#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+static const char *wolfsentry_config_path = NULL;
+#endif
+#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
+
+#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
+ #include <stdio.h>
+ #include <string.h>
+ #include "rl_fs.h"
+ #include "rl_net.h"
+#endif
+
+#ifdef NO_FILESYSTEM
+ #ifdef NO_RSA
+ #error currently the example only tries to load in a RSA buffer
+ #endif
+ #undef USE_CERT_BUFFERS_2048
+ #define USE_CERT_BUFFERS_2048
+ #include <wolfssl/certs_test.h>
+#endif
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/test.h>
+#include <wolfssl/error-ssl.h>
+
+#include "examples/server/server.h"
+
+#ifndef NO_WOLFSSL_SERVER
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ static int devId = INVALID_DEVID;
+#endif
+
+#define DEFAULT_TIMEOUT_SEC 2
+
+/* Note on using port 0: if the server uses port 0 to bind an ephemeral port
+ * number and is using the ready file for scripted testing, the code in
+ * test.h will write the actual port number into the ready file for use
+ * by the client. */
+
+#ifndef WOLFSSL_ALT_TEST_STRINGS
+static const char kReplyMsg[] = "I hear you fa shizzle!";
+#else
+static const char kReplyMsg[] = "I hear you fa shizzle!\n";
+#endif
+
+static const char kHttpServerMsg[] =
+ "HTTP/1.1 200 OK\r\n"
+ "Content-Type: text/html\r\n"
+ "Connection: close\r\n"
+ "Content-Length: 141\r\n"
+ "\r\n"
+ "<html>\r\n"
+ "<head>\r\n"
+ "<title>Welcome to wolfSSL!</title>\r\n"
+ "</head>\r\n"
+ "<body>\r\n"
+ "<p>wolfSSL has successfully performed handshake!</p>\r\n"
+ "</body>\r\n"
+ "</html>\r\n";
+
+/* Read needs to be largest of the client.c message strings (29) */
+#define SRV_READ_SZ 32
+
+
+int runWithErrors = 0; /* Used with -x flag to run err_sys vs. print errors */
+int catastrophic = 0; /* Use with -x flag to still exit when an error is
+ * considered catastrophic EG the servers own cert failing
+ * to load would be catastrophic since there would be no
+ * cert to send to clients attempting to connect. The
+ * server should error out completely in that case
+ */
+static int lng_index = 0;
+
+#ifdef WOLFSSL_CALLBACKS
+ #if !defined(NO_OLD_TIMEVAL_NAME)
+ Timeval srvTo;
+ #else
+ WOLFSSL_TIMEVAL srvTo;
+ #endif
+ static int srvHandShakeCB(HandShakeInfo* info)
+ {
+ (void)info;
+ return 0;
+ }
+
+ static int srvTimeoutCB(TimeoutInfo* info)
+ {
+ (void)info;
+ return 0;
+ }
+
+#endif
+
+#ifndef NO_HANDSHAKE_DONE_CB
+ static int myHsDoneCb(WOLFSSL* ssl, void* user_ctx)
+ {
+ (void)user_ctx;
+ (void)ssl;
+
+ /* printf("Notified HandShake done\n"); */
+
+ /* return negative number to end TLS connection now */
+ return 0;
+ }
+#endif
+
+static void err_sys_ex(int out, const char* msg)
+{
+ if (out == 1) { /* if server is running w/ -x flag, print error w/o exit */
+ printf("wolfSSL error: %s\n", msg);
+ printf("Continuing server execution...\n\n");
+ } else {
+ err_sys(msg);
+ }
+}
+
+
+#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO)
+
+/* Translates return codes returned from
+ * send() and recv() if need be.
+ */
+static WC_INLINE int TranslateReturnCode(int old, int sd)
+{
+ (void)sd;
+
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ if (old == 0) {
+ errno = SOCKET_EWOULDBLOCK;
+ return -1; /* convert to BSD style wouldblock as error */
+ }
+
+ if (old < 0) {
+ errno = RTCS_geterror(sd);
+ if (errno == RTCSERR_TCP_CONN_CLOSING)
+ return 0; /* convert to BSD style closing */
+ if (errno == RTCSERR_TCP_CONN_RLSD)
+ errno = SOCKET_ECONNRESET;
+ if (errno == RTCSERR_TCP_TIMED_OUT)
+ errno = SOCKET_EAGAIN;
+ }
+#endif
+
+ return old;
+}
+
+static WC_INLINE int wolfSSL_LastError(void)
+{
+#ifdef USE_WINDOWS_API
+ return WSAGetLastError();
+#elif defined(EBSNET)
+ return xn_getlasterror();
+#else
+ return errno;
+#endif
+}
+
+/* wolfSSL Sock Addr */
+struct WOLFSSL_TEST_SOCKADDR {
+ unsigned int sz; /* sockaddr size */
+ SOCKADDR_IN_T sa; /* pointer to the sockaddr_in or sockaddr_in6 */
+};
+
+typedef struct WOLFSSL_TEST_DTLS_CTX {
+ struct WOLFSSL_TEST_SOCKADDR peer;
+ int rfd;
+ int wfd;
+ int failOnce;
+ word32 blockSeq;
+} WOLFSSL_TEST_DTLS_CTX;
+
+
+static WC_INLINE int PeekSeq(const char* buf, word32* seq)
+{
+ const char* c = buf + 3;
+
+ if ((c[0] | c[1] | c[2] | c[3]) == 0) {
+ *seq = (c[4] << 24) | (c[5] << 16) | (c[6] << 8) | c[7];
+ return 1;
+ }
+
+ return 0;
+}
+
+
+/* The send embedded callback
+ * return : nb bytes sent, or error
+ */
+static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+ WOLFSSL_TEST_DTLS_CTX* dtlsCtx = (WOLFSSL_TEST_DTLS_CTX*)ctx;
+ int sd = dtlsCtx->wfd;
+ int sent;
+ int err;
+
+ (void)ssl;
+
+ WOLFSSL_ENTER("TestEmbedSendTo()");
+
+ if (dtlsCtx->failOnce) {
+ word32 seq = 0;
+
+ if (PeekSeq(buf, &seq) && seq == dtlsCtx->blockSeq) {
+ dtlsCtx->failOnce = 0;
+ WOLFSSL_MSG("Forcing WANT_WRITE");
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ }
+ }
+
+ sent = (int)sendto(sd, buf, sz, 0, (const SOCKADDR*)&dtlsCtx->peer.sa,
+ dtlsCtx->peer.sz);
+
+ sent = TranslateReturnCode(sent, sd);
+
+ if (sent < 0) {
+ err = wolfSSL_LastError();
+ WOLFSSL_MSG("Embed Send To error");
+
+ if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
+ WOLFSSL_MSG("\tWould Block");
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ }
+ else if (err == SOCKET_ECONNRESET) {
+ WOLFSSL_MSG("\tConnection reset");
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (err == SOCKET_EINTR) {
+ WOLFSSL_MSG("\tSocket interrupted");
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (err == SOCKET_EPIPE) {
+ WOLFSSL_MSG("\tSocket EPIPE");
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else {
+ WOLFSSL_MSG("\tGeneral error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+
+ return sent;
+}
+#endif /* WOLFSSL_DTLS && USE_WOLFSSL_IO */
+
+static int NonBlockingSSL_Accept(SSL* ssl)
+{
+#ifndef WOLFSSL_CALLBACKS
+ int ret = SSL_accept(ssl);
+#else
+ int ret = wolfSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
+#endif
+ int error = SSL_get_error(ssl, 0);
+ SOCKET_T sockfd = (SOCKET_T)SSL_get_fd(ssl);
+ int select_ret = 0;
+
+ while (ret != WOLFSSL_SUCCESS &&
+ (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ || error == WC_PENDING_E
+ #endif
+ )) {
+ int currTimeout = 1;
+
+ if (error == WOLFSSL_ERROR_WANT_READ) {
+ /* printf("... server would read block\n"); */
+ }
+ else if (error == WOLFSSL_ERROR_WANT_WRITE) {
+ /* printf("... server would write block\n"); */
+ }
+
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (error == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ else
+ #endif
+ {
+ if (error == WOLFSSL_ERROR_WANT_WRITE)
+ {
+ select_ret = tcp_select_tx(sockfd, currTimeout);
+ }
+ else {
+ #ifdef WOLFSSL_DTLS
+ currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
+ #endif
+ select_ret = tcp_select(sockfd, currTimeout);
+ }
+ }
+
+ if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
+ || (select_ret == TEST_ERROR_READY)
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ || error == WC_PENDING_E
+ #endif
+ ) {
+ #ifndef WOLFSSL_CALLBACKS
+ ret = SSL_accept(ssl);
+ #else
+ ret = wolfSSL_accept_ex(ssl,
+ srvHandShakeCB, srvTimeoutCB, srvTo);
+ #endif
+ error = SSL_get_error(ssl, 0);
+ }
+ else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
+ error = WOLFSSL_ERROR_WANT_READ;
+ }
+ #ifdef WOLFSSL_DTLS
+ else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
+ wolfSSL_dtls_got_timeout(ssl) >= 0) {
+ error = WOLFSSL_ERROR_WANT_READ;
+ }
+ #endif
+ else {
+ error = WOLFSSL_FATAL_ERROR;
+ }
+ }
+
+ return ret;
+}
+
+/* Echo number of bytes specified by -B arg */
+int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
+ size_t throughput)
+{
+ int ret = 0, err;
+ double start = 0, rx_time = 0, tx_time = 0;
+ int select_ret, len, rx_pos;
+ size_t xfer_bytes = 0;
+ char* buffer;
+
+ buffer = (char*)malloc(block);
+ if (!buffer) {
+ err_sys_ex(runWithErrors, "Server buffer malloc failed");
+ }
+
+ while ((echoData && throughput == 0) ||
+ (!echoData && xfer_bytes < throughput))
+ {
+ select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
+ if (select_ret == TEST_RECV_READY) {
+
+ if (throughput)
+ len = min(block, (int)(throughput - xfer_bytes));
+ else
+ len = block;
+ rx_pos = 0;
+
+ if (throughput) {
+ start = current_time(1);
+ }
+
+ /* Read data */
+ while (rx_pos < len) {
+ ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
+ if (ret < 0) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ else
+ #endif
+ if (err != WOLFSSL_ERROR_WANT_READ &&
+ err != WOLFSSL_ERROR_ZERO_RETURN &&
+ err != APP_DATA_READY) {
+ printf("SSL_read echo error %d\n", err);
+ err_sys_ex(runWithErrors, "SSL_read failed");
+ break;
+ }
+ if (err == WOLFSSL_ERROR_ZERO_RETURN) {
+ free(buffer);
+ return WOLFSSL_ERROR_ZERO_RETURN;
+ }
+ }
+ else {
+ rx_pos += ret;
+ if (!throughput)
+ break;
+ }
+ }
+ if (throughput) {
+ rx_time += current_time(0) - start;
+ start = current_time(1);
+ }
+
+ /* Write data */
+ do {
+ err = 0; /* reset error */
+ ret = SSL_write(ssl, buffer, min(len, rx_pos));
+ if (ret <= 0) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ if (ret != (int)min(len, rx_pos)) {
+ printf("SSL_write echo error %d\n", err);
+ err_sys_ex(runWithErrors, "SSL_write failed");
+ }
+
+ if (throughput) {
+ tx_time += current_time(0) - start;
+ }
+
+ xfer_bytes += len;
+ }
+ }
+
+ free(buffer);
+
+ if (throughput) {
+ printf(
+ #if !defined(__MINGW32__)
+ "wolfSSL Server Benchmark %zu bytes\n"
+ #else
+ "wolfSSL Server Benchmark %d bytes\n"
+ #endif
+ "\tRX %8.3f ms (%8.3f MBps)\n"
+ "\tTX %8.3f ms (%8.3f MBps)\n",
+ #if !defined(__MINGW32__)
+ throughput,
+ #else
+ (int)throughput,
+ #endif
+ rx_time * 1000, throughput / rx_time / 1024 / 1024,
+ tx_time * 1000, throughput / tx_time / 1024 / 1024
+ );
+ }
+
+ return 0;
+}
+
+static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
+{
+ int ret, err;
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+
+ /* Read data */
+ do {
+ err = 0; /* reset error */
+ ret = SSL_read(ssl, input, inputLen);
+ if (ret < 0) {
+ err = SSL_get_error(ssl, ret);
+
+ #ifdef HAVE_SECURE_RENEGOTIATION
+ if (err == APP_DATA_READY) {
+ /* If we receive a message during renegotiation
+ * then just print it. We return the message sent
+ * after the renegotiation. */
+ ret = SSL_read(ssl, input, inputLen);
+ if (ret >= 0) {
+ /* null terminate message */
+ input[ret] = '\0';
+ printf("Client message received during "
+ "secure renegotiation: %s\n", input);
+ err = WOLFSSL_ERROR_WANT_READ;
+ }
+ else {
+ err = SSL_get_error(ssl, ret);
+ }
+ }
+ #endif
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ else
+ #endif
+ #ifdef WOLFSSL_DTLS
+ if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+ printf("Dropped client's message due to a bad MAC\n");
+ }
+ else
+ #endif
+ if (err != WOLFSSL_ERROR_WANT_READ
+ #ifdef HAVE_SECURE_RENEGOTIATION
+ && err != APP_DATA_READY
+ #endif
+ ) {
+ printf("SSL_read input error %d, %s\n", err,
+ ERR_error_string(err, buffer));
+ err_sys_ex(runWithErrors, "SSL_read failed");
+ }
+ }
+ else if (SSL_get_error(ssl, 0) == 0 &&
+ tcp_select(SSL_get_fd(ssl), 0) == TEST_RECV_READY) {
+ err = WOLFSSL_ERROR_WANT_READ;
+ }
+ } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
+ if (ret > 0) {
+ /* null terminate message */
+ input[ret] = '\0';
+ printf("Client message: %s\n", input);
+ }
+}
+
+static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
+{
+ int ret, err;
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+ int len;
+
+#ifdef OPENSSL_ALL
+ /* Fuzz testing expects reply split over two msgs when TLSv1.0 or below */
+ if (wolfSSL_GetVersion(ssl) <= WOLFSSL_TLSV1)
+ len = outputLen / 2;
+ else
+#endif
+ len = outputLen;
+
+ do {
+ err = 0; /* reset error */
+ ret = SSL_write(ssl, output, len);
+ if (ret <= 0) {
+ err = SSL_get_error(ssl, 0);
+
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ else if (ret != outputLen) {
+ output += ret;
+ len = (outputLen -= ret);
+ err = WOLFSSL_ERROR_WANT_WRITE;
+ }
+ } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE);
+ if (ret != outputLen) {
+ printf("SSL_write msg error %d, %s\n", err,
+ ERR_error_string(err, buffer));
+ err_sys_ex(runWithErrors, "SSL_write failed");
+ }
+}
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+#define MAX_GROUP_NUMBER 4
+static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
+ int useX448)
+{
+ int ret;
+ int groups[MAX_GROUP_NUMBER] = {0};
+ int count = 0;
+
+ (void)useX25519;
+ (void)useX448;
+
+ WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
+ if (onlyKeyShare == 2) {
+ if (useX25519) {
+ #ifdef HAVE_CURVE25519
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_ECC_X25519;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use curve x25519");
+ } while (ret == WC_PENDING_E);
+ #endif
+ }
+ else if (useX448) {
+ #ifdef HAVE_CURVE448
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_ECC_X448;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use curve x448");
+ } while (ret == WC_PENDING_E);
+ #endif
+ }
+ else {
+ #ifdef HAVE_ECC
+ #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_ECC_SECP256R1;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use curve secp256r1");
+ } while (ret == WC_PENDING_E);
+ #endif
+ #endif
+ }
+ }
+ if (onlyKeyShare == 1) {
+ #ifdef HAVE_FFDHE_2048
+ do {
+ ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048);
+ if (ret == WOLFSSL_SUCCESS)
+ groups[count++] = WOLFSSL_FFDHE_2048;
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ else if (ret == WC_PENDING_E)
+ wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ #endif
+ else
+ err_sys("unable to use DH 2048-bit parameters");
+ } while (ret == WC_PENDING_E);
+ #endif
+ }
+ if (count >= MAX_GROUP_NUMBER)
+ err_sys("example group array size error");
+ if (count > 0) {
+ if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
+ err_sys("unable to set groups");
+ }
+ WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
+}
+#endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */
+
+
+/* when adding new option, please follow the steps below: */
+/* 1. add new option message in English section */
+/* 2. increase the number of the second column */
+/* 3. increase the array dimension */
+/* 4. add the same message into Japanese section */
+/* (will be translated later) */
+/* 5. add printf() into suitable position of Usage() */
+static const char* server_usage_msg[][59] = {
+ /* English */
+ {
+ " NOTE: All files relative to wolfSSL home dir\n", /* 0 */
+ "-? <num> Help, print this usage\n"
+ " 0: English, 1: Japanese\n"
+ "--help Help, in English\n", /* 1 */
+ "-p <num> Port to listen on, not 0, default", /* 2 */
+#ifndef WOLFSSL_TLS13
+ "-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 3 */
+#else
+ "-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 3 */
+#endif
+ "-l <str> Cipher suite list (: delimited)\n", /* 4 */
+ "-c <file> Certificate file, default", /* 5 */
+ "-k <file> Key file, default", /* 6 */
+ "-A <file> Certificate Authority file, default", /* 7 */
+ "-R <file> Create Ready file for external monitor"
+ " default none\n", /* 8 */
+#ifndef NO_DH
+ "-D <file> Diffie-Hellman Params file, default", /* 9 */
+ "-Z <num> Minimum DH key bits, default", /* 10 */
+#endif
+#ifdef HAVE_ALPN
+ "-L <str> Application-Layer Protocol Negotiation"
+ " ({C,F}:<list>)\n", /* 11 */
+#endif
+ "-d Disable client cert check\n", /* 12 */
+ "-b Bind to any interface instead of localhost only\n",/* 13 */
+ "-s Use pre Shared keys\n", /* 14 */
+ "-u Use UDP DTLS,"
+ " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 15 */
+#ifdef WOLFSSL_SCTP
+ "-G Use SCTP DTLS,"
+ " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 16 */
+#endif
+ "-f Fewer packets/group messages\n", /* 17 */
+ "-r Allow one client Resumption\n", /* 18 */
+ "-N Use Non-blocking sockets\n", /* 19 */
+ "-S <str> Use Host Name Indication\n", /* 20 */
+ "-w Wait for bidirectional shutdown\n", /* 21 */
+#ifdef HAVE_OCSP
+ "-o Perform OCSP lookup on peer certificate\n", /* 22 */
+ "-O <url> Perform OCSP lookup using <url> as responder\n", /* 23 */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ "-P Public Key Callbacks\n", /* 24 */
+#endif
+#ifdef HAVE_ANON
+ "-a Anonymous server\n", /* 25 */
+#endif
+#ifndef NO_PSK
+ "-I Do not send PSK identity hint\n", /* 26 */
+#endif
+ "-x Print server errors but do not close connection\n",/* 27 */
+ "-i Loop indefinitely (allow repeated connections)\n", /* 28 */
+ "-e Echo data mode (return raw bytes received)\n", /* 29 */
+#ifdef HAVE_NTRU
+ "-n Use NTRU key (needed for NTRU suites)\n", /* 30 */
+#endif
+ "-B <num> Benchmark throughput"
+ " using <num> bytes and print stats\n", /* 31 */
+#ifdef HAVE_CRL
+ "-V Disable CRL\n", /* 32 */
+#endif
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ "-E <file> Path to load trusted peer cert\n", /* 33 */
+#endif
+#ifdef HAVE_WNR
+ "-q <file> Whitewood config file, default", /* 34 */
+#endif
+ "-g Return basic HTML web page\n", /* 35 */
+ "-C <num> The number of connections to accept, default: 1\n",/* 36 */
+ "-H <arg> Internal tests"
+ " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 37 */
+ " loadSSL, disallowETM]\n", /* 38 */
+#ifdef WOLFSSL_TLS13
+ "-U Update keys and IVs before sending\n", /* 39 */
+ "-K Key Exchange for PSK not using (EC)DHE\n", /* 40 */
+#ifndef NO_DH
+ "-y Pre-generate Key Share using FFDHE_2048 only\n", /* 41 */
+#endif
+#ifdef HAVE_ECC
+ "-Y Pre-generate Key Share using P-256 only \n", /* 42 */
+#endif
+#ifdef HAVE_CURVE25519
+ "-t Pre-generate Key share using Curve25519 only\n", /* 43 */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef HAVE_SESSION_TICKET
+#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS)
+ "-T Do not generate session ticket\n", /* 44 */
+#else
+ "-T [aon] Do not generate session ticket\n", /* 44 */
+ " No option affects TLS 1.3 only, 'a' affects all"
+ " protocol versions,\n", /* 45 */
+ " 'o' affects TLS 1.2 and below only\n", /* 46 */
+ " 'n' affects TLS 1.3 only\n", /* 47 */
+#endif
+#endif
+#ifdef WOLFSSL_TLS13
+ "-F Send alert if no mutual authentication\n", /* 48 */
+#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+ "-Q Request certificate from client post-handshake\n", /* 49 */
+#endif
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+ "-J Server sends Cookie Extension containing state\n", /* 50 */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef WOLFSSL_EARLY_DATA
+ "-0 Early data read from client (0-RTT handshake)\n", /* 51 */
+#endif
+#ifdef WOLFSSL_MULTICAST
+ "-3 <grpid> Multicast, grpid < 256\n", /* 52 */
+#endif
+ "-1 <num> Display a result by specified language."
+ "\n 0: English, 1: Japanese\n", /* 53 */
+#ifdef HAVE_TRUSTED_CA
+ "-5 Use Trusted CA Key Indication\n", /* 54 */
+#endif
+ "-6 Simulate WANT_WRITE errors on every other IO send\n",
+ /* 55 */
+#ifdef HAVE_CURVE448
+ "-8 Pre-generate Key share using Curve448 only\n", /* 56 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 Use hash dir look up for certificate loading\n"
+ " loading from <wolfSSL home>/certs folder\n"
+ " files in the folder would have the form \"hash.N\" file name\n"
+ " e.g symbolic link to the file at certs folder\n"
+ " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
+ /* 57 */
+#endif
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+ "--wolfsentry-config <file> Path for JSON wolfSentry config\n",
+ /* 58 */
+#endif
+
+#ifndef WOLFSSL_TLS13
+ "-7 Set minimum downgrade protocol version [0-3] "
+ " SSLv3(0) - TLS1.2(3)\n",
+#else
+ "-7 Set minimum downgrade protocol version [0-4] "
+ " SSLv3(0) - TLS1.3(4)\n", /* 59 */
+#endif
+ NULL,
+ },
+#ifndef NO_MULTIBYTE_PRINT
+ /* Japanese */
+ {
+ " 注意 : 全てのファイルは"
+ " wolfSSL ホーム・ディレクトリからの相対です。\n", /* 0 */
+ "-? <num> ヘルプ, 使い方を表示\n"
+ " 0: 英語、 1: 日本語\n"
+ "--ヘルプ 使い方を表示, 日本語で\n", /* 1 */
+ "-p <num> 接続先ポート, 0は無効, 既定値", /* 2 */
+#ifndef WOLFSSL_TLS13
+ "-v <num> SSL バージョン [0-3], SSLv3(0) - TLS1.2(3)),"
+ " 既定値", /* 3 */
+#else
+ "-v <num> SSL バージョン [0-4], SSLv3(0) - TLS1.3(4)),"
+ " 既定値", /* 3 */
+#endif
+ "-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 4 */
+ "-c <file> 証明書ファイル, 既定値", /* 5 */
+ "-k <file> 鍵ファイル, 既定値", /* 6 */
+ "-A <file> 認証局ファイル, 既定値", /* 7 */
+ "-R <file> 外部モニタ用の準備完了ファイルを作成する。"
+ "既定値 なし\n", /* 8 */
+#ifndef NO_DH
+ "-D <file> ディフィー・ヘルマンのパラメータファイル,"
+ " 既定値", /* 9 */
+ "-Z <num> 最小 DH 鍵 ビット, 既定値", /* 10 */
+#endif
+#ifdef HAVE_ALPN
+ "-L <str> アプリケーション層プロトコルネゴシエーションを行う"
+ " ({C,F}:<list>)\n", /* 11 */
+#endif
+ "-d クライアント認証を無効とする\n", /* 12 */
+ "-b ローカルホスト以外のインターフェースへも"
+ "バインドする\n", /* 13 */
+ "-s 事前共有鍵を使用する\n", /* 14 */
+ "-u UDP DTLSを使用する。-v 2 を追加指定すると"
+ " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 15 */
+#ifdef WOLFSSL_SCTP
+ "-G SCTP DTLSを使用する。-v 2 を追加指定すると"
+ " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 16 */
+#endif
+ "-f より少ないパケット/グループメッセージを使用する\n",/* 17 */
+ "-r クライアントの再開を許可する\n", /* 18 */
+ "-N ノンブロッキング・ソケットを使用する\n", /* 19 */
+ "-S <str> ホスト名表示を使用する\n", /* 20 */
+ "-w 双方向シャットダウンを待つ\n", /* 21 */
+#ifdef HAVE_OCSP
+ "-o OCSPルックアップをピア証明書で実施する\n", /* 22 */
+ "-O <url> OCSPルックアップを、"
+ "<url>を使用し応答者として実施する\n", /* 23 */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ "-P 公開鍵コールバック\n", /* 24 */
+#endif
+#ifdef HAVE_ANON
+ "-a 匿名サーバー\n", /* 25 */
+#endif
+#ifndef NO_PSK
+ "-I PSKアイデンティティのヒントを送信しない\n", /* 26 */
+#endif
+ "-x サーバーエラーを出力するが接続を切断しない\n", /* 27 */
+ "-i 無期限にループする(繰り返し接続を許可)\n", /* 28 */
+ "-e エコー・データモード"
+ "(受け取ったバイトデータを返す)\n", /* 29 */
+#ifdef HAVE_NTRU
+ "-n NTRU鍵を使用する(NTRUスイートに必要)\n", /* 30 */
+#endif
+ "-B <num> <num> バイトを用いてのベンチマーク・スループット"
+ "測定と結果を出力する\n", /* 31 */
+#ifdef HAVE_CRL
+ "-V CRLを無効とする\n", /* 32 */
+#endif
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ "-E <file> 信頼出来るピアの証明書ロードの為のパス\n\n", /* 33 */
+#endif
+#ifdef HAVE_WNR
+ "-q <file> Whitewood コンフィグファイル, 既定値", /* 34 */
+#endif
+ "-g 基本的な Web ページを返す\n", /* 35 */
+ "-C <num> アクセプト可能な接続数を指定する。既定値: 1\n", /* 36 */
+ "-H <arg> 内部テスト"
+ " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 37 */
+ " loadSSL, disallowETM]\n", /* 38 */
+#ifdef WOLFSSL_TLS13
+ "-U データ送信前に、鍵とIVを更新する\n", /* 39 */
+ "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 40 */
+#ifndef NO_DH
+ "-y FFDHE_2048のみを使用して鍵共有を事前生成する\n", /* 41 */
+#endif
+#ifdef HAVE_ECC
+ "-Y P-256のみを使用したキー共有の事前生成\n", /* 42 */
+#endif
+#ifdef HAVE_CURVE25519
+ "-t Curve25519のみを使用して鍵共有を事前生成する\n", /* 43 */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS)
+ "-T セッションチケットを生成しない\n", /* 44 */
+#else
+ "-T [aon] セッションチケットを生成しない\n", /* 44 */
+ " No option affects TLS 1.3 only, 'a' affects all"
+ " protocol versions,\n", /* 45 */
+ " 'o' affects TLS 1.2 and below only\n", /* 46 */
+ " 'n' affects TLS 1.3 only\n", /* 47 */
+#endif
+#ifdef WOLFSSL_TLS13
+ "-F Send alert if no mutual authentication\n", /* 48 */
+#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+ "-Q クライアントのポストハンドシェイクから"
+ "証明書を要求する\n", /* 49 */
+#endif
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+ "-J サーバーの状態を含むTLS Cookie 拡張を送信する\n", /* 50 */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef WOLFSSL_EARLY_DATA
+ "-0 クライアントからの Early Data 読み取り"
+ "(0-RTTハンドシェイク)\n", /* 51 */
+#endif
+#ifdef WOLFSSL_MULTICAST
+ "-3 <grpid> マルチキャスト, grpid < 256\n", /* 52 */
+#endif
+ "-1 <num> 指定された言語で結果を表示します。"
+ "\n 0: 英語、 1: 日本語\n", /* 53 */
+#ifdef HAVE_TRUSTED_CA
+ "-5 信頼できる認証局の鍵表示を使用する\n", /* 54 */
+#endif
+ "-6 Simulate WANT_WRITE errors on every other IO send\n",
+ /* 55 */
+#ifdef HAVE_CURVE448
+ "-8 Pre-generate Key share using Curve448 only\n", /* 56 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 証明書の読み込みに hash dir 機能を使用する\n"
+ " <wolfSSL home>/certs フォルダーからロードします\n"
+ " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
+ " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
+ " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
+ /* 57 */
+#endif
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+ "--wolfsentry-config <file> wolfSentry コンフィグファイル\n",
+ /* 58 */
+#endif
+#ifndef WOLFSSL_TLS13
+ "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] "
+ " SSLv3(0) - TLS1.2(3)\n",
+#else
+ "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
+ " SSLv3(0) - TLS1.3(4)\n", /* 59 */
+#endif
+ NULL,
+ },
+#endif
+};
+
+static void Usage(void)
+{
+ int msgId = 0;
+ const char** msg = server_usage_msg[lng_index];
+
+ printf("%s%s%s", "server ", LIBWOLFSSL_VERSION_STRING,
+ msg[msgId]);
+ printf("%s", msg[++msgId]); /* ? */
+ printf("%s %d\n", msg[++msgId], wolfSSLPort); /* -p */
+#ifndef WOLFSSL_TLS13
+ printf("%s %d\n", msg[++msgId], SERVER_DEFAULT_VERSION); /* -v */
+#else
+ printf("%s %d\n", msg[++msgId], SERVER_DEFAULT_VERSION); /* -v */
+#endif
+ printf("%s", msg[++msgId]); /* -l */
+ printf("%s %s\n", msg[++msgId], svrCertFile); /* -c */
+ printf("%s %s\n", msg[++msgId], svrKeyFile); /* -k */
+ printf("%s %s\n", msg[++msgId], cliCertFile); /* -A */
+ printf("%s", msg[++msgId]); /* -R */
+#ifndef NO_DH
+ printf("%s %s\n", msg[++msgId], dhParamFile); /* -D */
+ printf("%s %d\n", msg[++msgId], DEFAULT_MIN_DHKEY_BITS);/* -Z */
+#endif
+#ifdef HAVE_ALPN
+ printf("%s", msg[++msgId]); /* -L */
+#endif
+ printf("%s", msg[++msgId]); /* -d */
+ printf("%s", msg[++msgId]); /* -b */
+ printf("%s", msg[++msgId]); /* -s */
+ printf("%s", msg[++msgId]); /* -u */
+#ifdef WOLFSSL_SCTP
+ printf("%s", msg[++msgId]); /* -G */
+#endif
+ printf("%s", msg[++msgId]); /* -f */
+ printf("%s", msg[++msgId]); /* -r */
+ printf("%s", msg[++msgId]); /* -N */
+ printf("%s", msg[++msgId]); /* -S */
+ printf("%s", msg[++msgId]); /* -w */
+#ifdef HAVE_SECURE_RENEGOTIATION
+ printf("-M Allow Secure Renegotiation\n");
+ printf("-m Force Server Initiated Secure Renegotiation\n");
+#endif /* HAVE_SECURE_RENEGOTIATION */
+#ifdef HAVE_OCSP
+ printf("%s", msg[++msgId]); /* -o */
+ printf("%s", msg[++msgId]); /* -O */
+#endif
+#ifdef HAVE_PK_CALLBACKS
+ printf("%s", msg[++msgId]); /* -P */
+#endif
+#ifdef HAVE_ANON
+ printf("%s", msg[++msgId]); /* -a */
+#endif
+#ifndef NO_PSK
+ printf("%s", msg[++msgId]); /* -I */
+#endif
+ printf("%s", msg[++msgId]); /* -x */
+ printf("%s", msg[++msgId]); /* -i */
+ printf("%s", msg[++msgId]); /* -e */
+#ifdef HAVE_NTRU
+ printf("%s", msg[++msgId]); /* -n */
+#endif
+ printf("%s", msg[++msgId]); /* -B */
+#ifdef HAVE_CRL
+ printf("%s", msg[++msgId]); /* -V */
+#endif
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ printf("%s", msg[++msgId]); /* -E */
+#endif
+#ifdef HAVE_WNR
+ printf("%s %s\n", msg[++msgId], wnrConfig); /* -q */
+#endif
+ printf("%s", msg[++msgId]); /* -g */
+ printf("%s", msg[++msgId]); /* -C */
+ printf("%s", msg[++msgId]); /* -H */
+ printf("%s", msg[++msgId]); /* more -H options */
+#ifdef WOLFSSL_TLS13
+ printf("%s", msg[++msgId]); /* -U */
+ printf("%s", msg[++msgId]); /* -K */
+#ifndef NO_DH
+ printf("%s", msg[++msgId]); /* -y */
+#endif
+#ifdef HAVE_ECC
+ printf("%s", msg[++msgId]); /* -Y */
+#endif
+#ifdef HAVE_CURVE25519
+ printf("%s", msg[++msgId]); /* -t */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef HAVE_SESSION_TICKET
+ printf("%s", msg[++msgId]); /* -T */
+ #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+ printf("%s", msg[++msgId]); /* -T */
+ printf("%s", msg[++msgId]); /* -T */
+ printf("%s", msg[++msgId]); /* -T */
+ #endif
+#endif
+#ifdef WOLFSSL_TLS13
+ printf("%s", msg[++msgId]); /* -F */
+#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+ printf("%s", msg[++msgId]); /* -Q */
+#endif
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+ printf("%s", msg[++msgId]); /* -J */
+#endif
+#endif /* WOLFSSL_TLS13 */
+#ifdef WOLFSSL_EARLY_DATA
+ printf("%s", msg[++msgId]); /* -0 */
+#endif
+#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ printf("-2 Disable DH Prime check\n");
+#endif
+#ifdef WOLFSSL_DTLS
+ printf("-4 <seq> DTLS fake would-block for message seq\n");
+#endif
+#ifdef WOLFSSL_MULTICAST
+ printf("%s", msg[++msgId]); /* -3 */
+#endif
+ printf("%s", msg[++msgId]); /* -1 */
+#ifdef HAVE_TRUSTED_CA
+ printf("%s", msg[++msgId]); /* -5 */
+#endif /* HAVE_TRUSTED_CA */
+ printf("%s", msg[++msgId]); /* -6 */
+#ifdef HAVE_CURVE448
+ printf("%s", msg[++msgId]); /* -8 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ printf("%s", msg[++msgId]); /* -9 */
+#endif
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
+ !defined(WOLFSENTRY_NO_JSON)
+ printf("%s", msg[++msgId]); /* --wolfsentry-config */
+#endif
+ printf("%s", msg[++msgId]); /* -7 */
+}
+
+THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
+{
+ SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
+ SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
+ SOCKADDR_IN_T client_addr;
+ socklen_t client_len;
+
+ wolfSSL_method_func method = NULL;
+ SSL_CTX* ctx = 0;
+ SSL* ssl = 0;
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ wolfsentry_errcode_t wolfsentry_ret;
+#endif
+ int minVersion = SERVER_INVALID_VERSION;
+ int useWebServerMsg = 0;
+ char input[SRV_READ_SZ];
+#ifndef WOLFSSL_VXWORKS
+ int ch;
+ static const struct mygetopt_long_config long_options[] = {
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
+ !defined(WOLFSENTRY_NO_JSON)
+ { "wolfsentry-config", 1, 256 },
+#endif
+ { "help", 0, 257 },
+ { "ヘルプ", 0, 258 },
+ { 0, 0, 0 }
+ };
+#endif
+ int version = SERVER_DEFAULT_VERSION;
+#ifndef WOLFSSL_NO_CLIENT_AUTH
+ int doCliCertCheck = 1;
+#else
+ int doCliCertCheck = 0;
+#endif
+#ifdef HAVE_CRL
+ int disableCRL = 0;
+#endif
+ int useAnyAddr = 0;
+ word16 port = wolfSSLPort;
+ int usePsk = 0;
+ int usePskPlus = 0;
+ int useAnon = 0;
+ int doDTLS = 0;
+ int dtlsUDP = 0;
+#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+ defined(WOLFSSL_DTLS)
+ int dtlsMTU = 0;
+#endif
+ int dtlsSCTP = 0;
+ int doMcast = 0;
+#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO)
+ int doBlockSeq = 0;
+ WOLFSSL_TEST_DTLS_CTX dtlsCtx;
+#endif
+ int needDH = 0;
+ int useNtruKey = 0;
+ int nonBlocking = 0;
+ int simulateWantWrite = 0;
+ int fewerPackets = 0;
+#ifdef HAVE_PK_CALLBACKS
+ int pkCallbacks = 0;
+ PkCbInfo pkCbInfo;
+#endif
+ int wc_shutdown = 0;
+ int resume = 0;
+ int resumeCount = 0;
+ int loops = 1;
+ int cnt = 0;
+ int echoData = 0;
+ int block = TEST_BUFFER_SIZE;
+ size_t throughput = 0;
+ int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
+ short minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS;
+ short minEccKeyBits = DEFAULT_MIN_ECCKEY_BITS;
+ int doListen = 1;
+ int crlFlags = 0;
+ int ret;
+ int err = 0;
+ char* serverReadyFile = NULL;
+ char* alpnList = NULL;
+ unsigned char alpn_opt = 0;
+ char* cipherList = NULL;
+ int useDefCipherList = 0;
+ const char* verifyCert;
+ const char* ourCert;
+ const char* ourKey;
+ const char* ourDhParam = dhParamFile;
+ tcp_ready* readySignal = NULL;
+ int argc = ((func_args*)args)->argc;
+ char** argv = ((func_args*)args)->argv;
+
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ const char* trustCert = NULL;
+#endif
+
+#ifndef NO_PSK
+ int sendPskIdentityHint = 1;
+#endif
+
+#ifdef HAVE_SNI
+ char* sniHostName = NULL;
+#endif
+
+#ifdef HAVE_TRUSTED_CA
+ int trustedCaKeyId = 0;
+#endif /* HAVE_TRUSTED_CA */
+
+#ifdef HAVE_OCSP
+ int useOcsp = 0;
+ char* ocspUrl = NULL;
+#endif
+
+#ifdef HAVE_WNR
+ const char* wnrConfigFile = wnrConfig;
+#endif
+ char buffer[WOLFSSL_MAX_ERROR_SZ];
+#ifdef WOLFSSL_TLS13
+ int noPskDheKe = 0;
+#endif
+ int updateKeysIVs = 0;
+#ifndef NO_CERTS
+ int mutualAuth = 0;
+#endif
+ int postHandAuth = 0;
+#ifdef WOLFSSL_EARLY_DATA
+ int earlyData = 0;
+#endif
+#ifdef HAVE_SECURE_RENEGOTIATION
+ int scr = 0;
+ int forceScr = 0;
+#endif /* HAVE_SECURE_RENEGOTIATION */
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+ int hrrCookie = 0;
+#endif
+ byte mcastID = 0;
+#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ int doDhKeyCheck = 1;
+#endif
+
+#ifdef WOLFSSL_STATIC_MEMORY
+ #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
+ || defined(SESSION_CERTS)
+ /* big enough to handle most cases including session certs */
+ byte memory[239936];
+ #else
+ byte memory[80000];
+ #endif
+ byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
+ WOLFSSL_MEM_CONN_STATS ssl_stats;
+ #ifdef DEBUG_WOLFSSL
+ WOLFSSL_MEM_STATS mem_stats;
+ #endif
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+ int onlyKeyShare = 0;
+#endif
+#if defined(HAVE_SESSION_TICKET)
+#ifdef WOLFSSL_TLS13
+ int noTicketTls13 = 0;
+#endif
+#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+ int noTicketTls12 = 0;
+#endif
+#endif
+ int useX25519 = 0;
+ int useX448 = 0;
+ int exitWithRet = 0;
+ int loadCertKeyIntoSSLObj = 0;
+
+#ifdef HAVE_ENCRYPT_THEN_MAC
+ int disallowETM = 0;
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ int useCertFolder = 0;
+#endif
+
+ ((func_args*)args)->return_code = -1; /* error state */
+
+#ifndef NO_RSA
+ verifyCert = cliCertFile;
+ ourCert = svrCertFile;
+ ourKey = svrKeyFile;
+#else
+ #ifdef HAVE_ECC
+ verifyCert = cliEccCertFile;
+ ourCert = eccCertFile;
+ ourKey = eccKeyFile;
+ #elif defined(HAVE_ED25519)
+ verifyCert = cliEdCertFile;
+ ourCert = edCertFile;
+ ourKey = edKeyFile;
+ #elif defined(HAVE_ED448)
+ verifyCert = cliEd448CertFile;
+ ourCert = ed448CertFile;
+ ourKey = ed448KeyFile;
+ #else
+ verifyCert = NULL;
+ ourCert = NULL;
+ ourKey = NULL;
+ #endif
+#endif
+
+ (void)needDH;
+ (void)ourKey;
+ (void)ourCert;
+ (void)ourDhParam;
+ (void)verifyCert;
+ (void)useNtruKey;
+ (void)doCliCertCheck;
+ (void)minDhKeyBits;
+ (void)minRsaKeyBits;
+ (void)minEccKeyBits;
+ (void)alpnList;
+ (void)alpn_opt;
+ (void)crlFlags;
+ (void)readySignal;
+ (void)updateKeysIVs;
+#ifndef NO_CERTS
+ (void)mutualAuth;
+#endif
+ (void)postHandAuth;
+ (void)mcastID;
+ (void)loadCertKeyIntoSSLObj;
+ (void)nonBlocking;
+
+#ifdef WOLFSSL_TIRTOS
+ fdOpenSession(Task_self());
+#endif
+
+#ifdef WOLFSSL_VXWORKS
+ useAnyAddr = 1;
+#else
+
+ /* Reinitialize the global myVerifyAction. */
+ myVerifyAction = VERIFY_OVERRIDE_ERROR;
+
+ /* Not Used: h, z, W, X, 7 */
+ while ((ch = mygetopt_long(argc, argv, "?:"
+ "abc:defgijk:l:mnop:q:rstu;v:wxy"
+ "A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:"
+ "01:23:4:5689"
+ "@#", long_options, 0)) != -1) {
+ switch (ch) {
+ case '?' :
+ if(myoptarg!=NULL) {
+ lng_index = atoi(myoptarg);
+ if(lng_index<0||lng_index>1){
+ lng_index = 0;
+ }
+ }
+ Usage();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 257 :
+ lng_index = 0;
+ Usage();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 258 :
+ lng_index = 1;
+ Usage();
+ XEXIT_T(EXIT_SUCCESS);
+
+ case 'x' :
+ runWithErrors = 1;
+ break;
+
+ case 'd' :
+ doCliCertCheck = 0;
+ break;
+
+ case 'V' :
+ #ifdef HAVE_CRL
+ disableCRL = 1;
+ #endif
+ break;
+
+ case 'b' :
+ useAnyAddr = 1;
+ break;
+
+ case 's' :
+ usePsk = 1;
+ break;
+
+ case 'j' :
+ usePskPlus = 1;
+ break;
+
+ case 'n' :
+ useNtruKey = 1;
+ break;
+
+ case 'u' :
+ doDTLS = 1;
+ dtlsUDP = 1;
+ #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+ defined(WOLFSSL_DTLS)
+ dtlsMTU = atoi(myoptarg);
+ #endif
+ break;
+
+ case 'G' :
+ #ifdef WOLFSSL_SCTP
+ doDTLS = 1;
+ dtlsSCTP = 1;
+ #endif
+ break;
+
+ case 'f' :
+ fewerPackets = 1;
+ break;
+
+ case 'R' :
+ serverReadyFile = myoptarg;
+ break;
+
+ case 'r' :
+ #ifndef NO_SESSION_CACHE
+ resume = 1;
+ #endif
+ break;
+
+ case 'P' :
+ #ifdef HAVE_PK_CALLBACKS
+ pkCallbacks = 1;
+ #endif
+ break;
+
+ case 'p' :
+ port = (word16)atoi(myoptarg);
+ break;
+
+ case 'w' :
+ wc_shutdown = 1;
+ break;
+
+ case 'v' :
+ if (myoptarg[0] == 'd') {
+ version = SERVER_DOWNGRADE_VERSION;
+ break;
+ }
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ else if (myoptarg[0] == 'e') {
+ version = EITHER_DOWNGRADE_VERSION;
+ #ifndef NO_CERTS
+ loadCertKeyIntoSSLObj = 1;
+ #endif
+ break;
+ }
+ #endif
+ version = atoi(myoptarg);
+ if (version < 0 || version > 4) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ case 'l' :
+ cipherList = myoptarg;
+ break;
+
+ case 'H' :
+ if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
+ printf("Using default cipher list for testing\n");
+ useDefCipherList = 1;
+ }
+ else if (XSTRNCMP(myoptarg, "exitWithRet", 11) == 0) {
+ printf("Skip exit() for testing\n");
+ exitWithRet = 1;
+ }
+ else if (XSTRNCMP(myoptarg, "verifyFail", 10) == 0) {
+ printf("Verify should fail\n");
+ myVerifyAction = VERIFY_FORCE_FAIL;
+ }
+ else if (XSTRNCMP(myoptarg, "verifyInfo", 10) == 0) {
+ printf("Verify should use preverify (just show info)\n");
+ myVerifyAction = VERIFY_USE_PREVERFIY;
+ }
+ else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
+ printf("Also load cert/key into wolfSSL object\n");
+ #ifndef NO_CERTS
+ loadCertKeyIntoSSLObj = 2;
+ #endif
+ }
+ else if (XSTRNCMP(myoptarg, "loadSSLOnly", 11) == 0) {
+ printf("Only load cert/key into wolfSSL object\n");
+ #ifndef NO_CERTS
+ loadCertKeyIntoSSLObj = 1;
+ #endif
+ }
+ else if (XSTRNCMP(myoptarg, "disallowETM", 11) == 0) {
+ printf("Disallow Encrypt-Then-MAC\n");
+ #ifdef HAVE_ENCRYPT_THEN_MAC
+ disallowETM = 1;
+ #endif
+ }
+ else if (XSTRNCMP(myoptarg, "overrideDateErr", 15) == 0) {
+ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+ myVerifyAction = VERIFY_OVERRIDE_DATE_ERR;
+ #endif
+ }
+ else {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ case 'A' :
+ verifyCert = myoptarg;
+ break;
+
+ case 'c' :
+ ourCert = myoptarg;
+ break;
+
+ case 'k' :
+ ourKey = myoptarg;
+ break;
+
+ case 'D' :
+ #ifndef NO_DH
+ ourDhParam = myoptarg;
+ #endif
+ break;
+
+ case 'Z' :
+ #ifndef NO_DH
+ minDhKeyBits = atoi(myoptarg);
+ if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ #endif
+ break;
+
+ case 'N':
+ nonBlocking = 1;
+ break;
+
+ case 'S' :
+ #ifdef HAVE_SNI
+ sniHostName = myoptarg;
+ #endif
+ break;
+
+ case 'o' :
+ #ifdef HAVE_OCSP
+ useOcsp = 1;
+ #endif
+ break;
+
+ case 'O' :
+ #ifdef HAVE_OCSP
+ useOcsp = 1;
+ ocspUrl = myoptarg;
+ #endif
+ break;
+
+ case 'a' :
+ #ifdef HAVE_ANON
+ useAnon = 1;
+ #endif
+ break;
+ case 'I':
+ #ifndef NO_PSK
+ sendPskIdentityHint = 0;
+ #endif
+ break;
+
+ case 'L' :
+ #ifdef HAVE_ALPN
+ alpnList = myoptarg;
+
+ if (alpnList[0] == 'C' && alpnList[1] == ':')
+ alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
+ else if (alpnList[0] == 'F' && alpnList[1] == ':')
+ alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
+ else {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+
+ alpnList += 2;
+
+ #endif
+ break;
+
+ case 'i' :
+ loops = -1;
+ break;
+
+ case 'C' :
+ loops = atoi(myoptarg);
+ if (loops <= 0) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ case 'e' :
+ echoData = 1;
+ break;
+
+ case 'B':
+ throughput = atol(myoptarg);
+ for (; *myoptarg != '\0'; myoptarg++) {
+ if (*myoptarg == ',') {
+ block = atoi(myoptarg + 1);
+ break;
+ }
+ }
+ if (throughput == 0 || block <= 0) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+
+ #ifdef WOLFSSL_TRUST_PEER_CERT
+ case 'E' :
+ trustCert = myoptarg;
+ break;
+ #endif
+
+ case 'q' :
+ #ifdef HAVE_WNR
+ wnrConfigFile = myoptarg;
+ #endif
+ break;
+
+ case 'g' :
+ useWebServerMsg = 1;
+ break;
+
+ case 'y' :
+ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \
+ && !defined(NO_DH)
+ onlyKeyShare = 1;
+ #endif
+ break;
+
+ case 'Y' :
+ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \
+ && defined(HAVE_ECC)
+ onlyKeyShare = 2;
+ #endif
+ break;
+
+ case 't' :
+ #ifdef HAVE_CURVE25519
+ useX25519 = 1;
+ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+ onlyKeyShare = 2;
+ #endif
+ #endif
+ break;
+
+ case 'K' :
+ #ifdef WOLFSSL_TLS13
+ noPskDheKe = 1;
+ #endif
+ break;
+
+ case 'T' :
+ #if defined(HAVE_SESSION_TICKET)
+ if (XSTRLEN(myoptarg) == 0) {
+ #if defined(WOLFSSL_TLS13)
+ noTicketTls13 = 1;
+ #endif
+ }
+ #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+ else if (XSTRNCMP(myoptarg, "a", 2) == 0) {
+ noTicketTls12 = 1;
+ #if defined(WOLFSSL_TLS13)
+ noTicketTls13 = 1;
+ #endif
+ }
+ else if (XSTRNCMP(myoptarg, "o", 2) == 0) {
+ noTicketTls12 = 1;
+ }
+ else if (XSTRNCMP(myoptarg, "n", 2) == 0) {
+ #if defined(WOLFSSL_TLS13)
+ noTicketTls13 = 1;
+ #endif
+ }
+ #endif
+ else {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ #endif
+ break;
+
+ case 'U' :
+ #ifdef WOLFSSL_TLS13
+ updateKeysIVs = 1;
+ #endif
+ break;
+
+ #ifndef NO_CERTS
+ case 'F' :
+ mutualAuth = 1;
+ break;
+ #endif
+
+ case 'Q' :
+ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ postHandAuth = 1;
+ doCliCertCheck = 0;
+ #endif
+ break;
+
+ case 'J' :
+ #ifdef WOLFSSL_SEND_HRR_COOKIE
+ hrrCookie = 1;
+ #endif
+ break;
+
+ case 'M' :
+ #ifdef HAVE_SECURE_RENEGOTIATION
+ scr = 1;
+ #endif /* HAVE_SECURE_RENEGOTIATION */
+ break;
+
+ case 'm' :
+ #ifdef HAVE_SECURE_RENEGOTIATION
+ scr = 1;
+ forceScr = 1;
+ #endif /* HAVE_SECURE_RENEGOTIATION */
+ break;
+
+ case '0' :
+ #ifdef WOLFSSL_EARLY_DATA
+ earlyData = 1;
+ #endif
+ break;
+
+ case '1' :
+ lng_index = atoi(myoptarg);
+ if(lng_index<0||lng_index>1){
+ lng_index = 0;
+ }
+ break;
+
+ case '2' :
+ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
+ doDhKeyCheck = 0;
+ #endif
+ break;
+
+ case '3' :
+ #ifdef WOLFSSL_MULTICAST
+ doMcast = 1;
+ mcastID = (byte)(atoi(myoptarg) & 0xFF);
+ #endif
+ break;
+
+ case '4' :
+ #if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO)
+ XMEMSET(&dtlsCtx, 0, sizeof(dtlsCtx));
+ doBlockSeq = 1;
+ dtlsCtx.blockSeq = atoi(myoptarg);
+ #endif
+ break;
+
+ case '5' :
+ #ifdef HAVE_TRUSTED_CA
+ trustedCaKeyId = 1;
+ #endif /* HAVE_TRUSTED_CA */
+ break;
+
+ case '6' :
+ nonBlocking = 1;
+ simulateWantWrite = 1;
+ break;
+ case '7' :
+ minVersion = atoi(myoptarg);
+ if (minVersion < 0 || minVersion > 4) {
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ break;
+ case '8' :
+ #ifdef HAVE_CURVE448
+ useX448 = 1;
+ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+ onlyKeyShare = 2;
+ #endif
+ #endif
+ break;
+ case '9' :
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ useCertFolder = 1;
+ break;
+#endif
+ case '@' :
+ {
+#ifdef HAVE_WC_INTROSPECTION
+ const char *conf_args = wolfSSL_configure_args();
+ if (conf_args) {
+ puts(conf_args);
+ XEXIT_T(EXIT_SUCCESS);
+ } else {
+ fputs("configure args not compiled in.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+ }
+#else
+ fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+#endif
+ }
+
+ case '#' :
+ {
+#ifdef HAVE_WC_INTROSPECTION
+ const char *cflags = wolfSSL_global_cflags();
+ if (cflags) {
+ puts(cflags);
+ XEXIT_T(EXIT_SUCCESS);
+ } else {
+ fputs("CFLAGS not compiled in.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+ }
+#else
+ fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
+ XEXIT_T(MY_EX_USAGE);
+#endif
+ }
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ case 256:
+#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
+ wolfsentry_config_path = myoptarg;
+#endif
+ break;
+#endif
+
+ default:
+ Usage();
+ XEXIT_T(MY_EX_USAGE);
+ }
+ }
+
+ myoptind = 0; /* reset for test cases */
+#endif /* !WOLFSSL_VXWORKS */
+
+ /* Can only use DTLS over UDP or SCTP, can't do both. */
+ if (dtlsUDP && dtlsSCTP) {
+ err_sys_ex(runWithErrors, "Cannot use DTLS with both UDP and SCTP.");
+ }
+
+ /* sort out DTLS versus TLS versions */
+ if (version == CLIENT_INVALID_VERSION) {
+ if (doDTLS)
+ version = CLIENT_DTLS_DEFAULT_VERSION;
+ else
+ version = CLIENT_DEFAULT_VERSION;
+ }
+ else {
+ if (doDTLS) {
+ if (version == 3)
+ version = -2;
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ else if (version == EITHER_DOWNGRADE_VERSION)
+ version = -3;
+ #endif
+ else
+ version = -1;
+ }
+ }
+
+#ifdef HAVE_WNR
+ if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
+ err_sys_ex(runWithErrors, "can't load whitewood net random config "
+ "file");
+#endif
+
+ switch (version) {
+#ifndef NO_OLD_TLS
+ #ifdef WOLFSSL_ALLOW_SSLV3
+ case 0:
+ method = wolfSSLv3_server_method_ex;
+ break;
+ #endif
+
+ #ifndef NO_TLS
+ #ifdef WOLFSSL_ALLOW_TLSV10
+ case 1:
+ method = wolfTLSv1_server_method_ex;
+ break;
+ #endif
+
+ case 2:
+ method = wolfTLSv1_1_server_method_ex;
+ break;
+ #endif /* !NO_TLS */
+#endif /* !NO_OLD_TLS */
+
+#ifndef NO_TLS
+ #ifndef WOLFSSL_NO_TLS12
+ case 3:
+ method = wolfTLSv1_2_server_method_ex;
+ break;
+ #endif
+
+ #ifdef WOLFSSL_TLS13
+ case 4:
+ method = wolfTLSv1_3_server_method_ex;
+ break;
+ #endif
+
+ case SERVER_DOWNGRADE_VERSION:
+ method = wolfSSLv23_server_method_ex;
+ break;
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ case EITHER_DOWNGRADE_VERSION:
+ method = wolfSSLv23_method_ex;
+ break;
+ #endif
+#endif /* NO_TLS */
+
+#ifdef WOLFSSL_DTLS
+ #ifndef NO_OLD_TLS
+ case -1:
+ method = wolfDTLSv1_server_method_ex;
+ break;
+ #endif
+
+ #ifndef WOLFSSL_NO_TLS12
+ case -2:
+ method = wolfDTLSv1_2_server_method_ex;
+ break;
+ #endif
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+ case -3:
+ method = wolfDTLSv1_2_method_ex;
+ break;
+ #endif
+#endif
+
+ default:
+ err_sys_ex(runWithErrors, "Bad SSL version");
+ }
+
+ if (method == NULL)
+ err_sys_ex(runWithErrors, "unable to get method");
+
+#ifdef WOLFSSL_STATIC_MEMORY
+ #ifdef DEBUG_WOLFSSL
+ /* print off helper buffer sizes for use with static memory
+ * printing to stderr in case of debug mode turned on */
+ fprintf(stderr, "static memory management size = %d\n",
+ wolfSSL_MemoryPaddingSz());
+ fprintf(stderr, "calculated optimum general buffer size = %d\n",
+ wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
+ fprintf(stderr, "calculated optimum IO buffer size = %d\n",
+ wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
+ WOLFMEM_IO_POOL_FIXED));
+ #endif /* DEBUG_WOLFSSL */
+
+ if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "unable to load static memory and create ctx");
+
+ /* load in a buffer for IO */
+ if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
+ WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "unable to load static memory and create ctx");
+#else
+ if (method != NULL) {
+ ctx = SSL_CTX_new(method(NULL));
+ }
+#endif /* WOLFSSL_STATIC_MEMORY */
+ if (ctx == NULL)
+ err_sys_ex(catastrophic, "unable to get ctx");
+
+ if (minVersion != SERVER_INVALID_VERSION) {
+ wolfSSL_CTX_SetMinVersion(ctx, minVersion);
+ }
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path,
+ WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN) < 0) {
+ err_sys("unable to initialize wolfSentry");
+ }
+
+ if (wolfSSL_CTX_set_AcceptFilter(
+ ctx,
+ (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback,
+ wolfsentry) < 0) {
+ err_sys_ex(catastrophic,
+ "unable to install wolfSentry_NetworkFilterCallback");
+ }
+#endif
+
+ if (simulateWantWrite)
+ {
+ #ifdef USE_WOLFSSL_IO
+ wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
+ #endif
+ }
+
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
+ if (TicketInit() != 0)
+ err_sys_ex(catastrophic, "unable to setup Session Ticket Key context");
+ wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
+#endif
+
+#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL)
+ /* used for testing only to set a static/fixed ephemeral key
+ for use with the sniffer */
+#if defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
+ (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
+ ret = wolfSSL_CTX_set_ephemeral_key(ctx, WC_PK_TYPE_ECDH,
+ "./certs/statickeys/ecc-secp256r1.pem", 0, WOLFSSL_FILETYPE_PEM);
+ if (ret != 0) {
+ err_sys_ex(runWithErrors, "error loading static ECDH key");
+ }
+ {
+ const byte* key = NULL;
+ word32 keySz = 0;
+ /* example for getting pointer to loaded static ephemeral key */
+ wolfSSL_CTX_get_ephemeral_key(ctx, WC_PK_TYPE_ECDH, &key, &keySz);
+ (void)key;
+ (void)keySz;
+ }
+#endif
+#ifndef NO_DH
+ ret = wolfSSL_CTX_set_ephemeral_key(ctx, WC_PK_TYPE_DH,
+ "./certs/statickeys/dh-ffdhe2048.pem", 0, WOLFSSL_FILETYPE_PEM);
+ if (ret != 0) {
+ err_sys_ex(runWithErrors, "error loading static DH key");
+ }
+#endif
+#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL */
+
+ if (cipherList && !useDefCipherList) {
+ if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS)
+ err_sys_ex(runWithErrors, "server can't set custom cipher list");
+ }
+
+#ifdef WOLFSSL_LEANPSK
+ if (!usePsk) {
+ usePsk = 1;
+ }
+#endif
+
+#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
+ !defined(HAVE_ED448)
+ if (!usePsk) {
+ usePsk = 1;
+ }
+#endif
+
+ if (fewerPackets)
+ wolfSSL_CTX_set_group_messages(ctx);
+#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+ defined(WOLFSSL_DTLS)
+ if (dtlsMTU)
+ wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+#endif
+
+#ifdef WOLFSSL_SCTP
+ if (dtlsSCTP)
+ wolfSSL_CTX_dtls_set_sctp(ctx);
+#endif
+
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
+#endif
+
+#if !defined(NO_CERTS)
+ if ((!usePsk || usePskPlus) && !useAnon && !(loadCertKeyIntoSSLObj == 1)) {
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, server_cert_der_2048,
+ sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server cert buffer");
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server cert file, check file "
+ "and run from wolfSSL home dir");
+ #else
+ /* loads cert chain file using buffer API */
+ load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
+ #endif
+ }
+#endif
+
+#ifndef NO_DH
+ if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
+ != WOLFSSL_SUCCESS) {
+ err_sys_ex(runWithErrors, "Error setting minimum DH key size");
+ }
+#endif
+#ifndef NO_RSA
+ if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != WOLFSSL_SUCCESS){
+ err_sys_ex(runWithErrors, "Error setting minimum RSA key size");
+ }
+#endif
+#ifdef HAVE_ECC
+ if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != WOLFSSL_SUCCESS){
+ err_sys_ex(runWithErrors, "Error setting minimum ECC key size");
+ }
+#endif
+
+#ifdef HAVE_NTRU
+ if (useNtruKey) {
+ if (wolfSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load ntru key file, "
+ "Please run from wolfSSL home dir");
+ }
+#endif
+#if !defined(NO_CERTS)
+ #ifdef HAVE_PK_CALLBACKS
+ pkCbInfo.ourKey = ourKey;
+ #endif
+ if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon
+ && !(loadCertKeyIntoSSLObj == 1)
+ #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
+ && !pkCallbacks
+ #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */
+ ) {
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
+ sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server private key buffer");
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server private key file, "
+ "check file and run from wolfSSL home dir");
+ #else
+ /* loads private key file using buffer API */
+ load_buffer(ctx, ourKey, WOLFSSL_KEY);
+ #endif
+ }
+#endif
+
+ if (usePsk || usePskPlus) {
+#ifndef NO_PSK
+ const char *defaultCipherList = cipherList;
+
+ SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
+ #ifdef WOLFSSL_TLS13
+ wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_server_tls13_cb);
+ #endif
+ if (sendPskIdentityHint == 1)
+ SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
+ if (defaultCipherList == NULL && !usePskPlus) {
+ #if defined(HAVE_AESGCM) && !defined(NO_DH)
+ #ifdef WOLFSSL_TLS13
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":DHE-PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #else
+ defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+ #endif
+ needDH = 1;
+ #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
+ defaultCipherList = "TLS13-AES128-GCM-SHA256"
+ #ifndef WOLFSSL_NO_TLS12
+ ":PSK-AES128-GCM-SHA256"
+ #endif
+ ;
+ #elif defined(HAVE_NULL_CIPHER)
+ defaultCipherList = "PSK-NULL-SHA256";
+ #else
+ defaultCipherList = "PSK-AES128-CBC-SHA256";
+ #endif
+ if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(runWithErrors, "server can't set cipher list 2");
+ }
+ wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
+#endif /* !NO_PSK */
+ }
+#ifndef NO_CERTS
+ if (mutualAuth)
+ wolfSSL_CTX_mutual_auth(ctx, 1);
+#endif
+
+
+#ifdef HAVE_ECC
+ /* Use ECDHE key size that matches long term key.
+ * Zero means use ctx->privateKeySz.
+ * Default ECDHE_SIZE is 32 bytes
+ */
+ if (wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 0) != WOLFSSL_SUCCESS){
+ err_sys_ex(runWithErrors, "Error setting ECDHE size");
+ }
+#endif
+
+ if (useAnon) {
+#ifdef HAVE_ANON
+ wolfSSL_CTX_allow_anon_cipher(ctx);
+ if (cipherList == NULL || (cipherList && useDefCipherList)) {
+ const char* defaultCipherList;
+ defaultCipherList = "ADH-AES256-GCM-SHA384:"
+ "ADH-AES128-SHA";
+ if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(runWithErrors, "server can't set cipher list 4");
+ }
+#endif
+ }
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+ /* if not using PSK, verify peer with certs
+ if using PSK Plus then verify peer certs except PSK suites */
+ if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) {
+ unsigned int verify_flags = 0;
+ SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
+ (usePskPlus ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
+ WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+ (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR ||
+ myVerifyAction == VERIFY_FORCE_FAIL) ? myVerify : NULL);
+
+ #ifdef TEST_BEFORE_DATE
+ verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
+ #endif
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (useCertFolder) {
+ WOLFSSL_X509_STORE *store;
+ WOLFSSL_X509_LOOKUP *lookup;
+
+ store = wolfSSL_CTX_get_cert_store(ctx);
+ if (store == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't get WOLFSSL_X509_STORE");
+ }
+ lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't add lookup");
+ }
+ if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
+ X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
+ err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
+ }
+ } else {
+ #endif
+ if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
+ verify_flags) != WOLFSSL_SUCCESS) {
+ err_sys_ex(catastrophic,
+ "can't load ca file, Please run from wolfSSL home dir");
+ }
+ #ifdef WOLFSSL_TRUST_PEER_CERT
+ if (trustCert) {
+ if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
+ WOLFSSL_FILETYPE_PEM))
+ != WOLFSSL_SUCCESS) {
+ err_sys_ex(runWithErrors, "can't load trusted peer cert file");
+ }
+ }
+ #endif /* WOLFSSL_TRUST_PEER_CERT */
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ }
+ #endif
+ }
+#endif
+
+#ifdef WOLFSSL_SNIFFER
+ if (cipherList == NULL && version < 4) {
+ /* static RSA or static ECC cipher suites */
+ const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA";
+ if (SSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) {
+ err_sys_ex(runWithErrors, "server can't set cipher list 3");
+ }
+ }
+#endif
+
+#ifdef HAVE_SNI
+ if (sniHostName)
+ if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
+ (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS)
+ err_sys_ex(runWithErrors, "UseSNI failed");
+#endif
+
+#ifdef USE_WINDOWS_API
+ if (port == 0) {
+ /* Generate random port for testing */
+ port = GetRandomPort();
+ }
+#endif /* USE_WINDOWS_API */
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ ret = wolfAsync_DevOpen(&devId);
+ if (ret < 0) {
+ printf("Async device open failed\nRunning without async\n");
+ }
+ wolfSSL_CTX_SetDevId(ctx, devId);
+#endif /* WOLFSSL_ASYNC_CRYPT */
+
+#ifdef WOLFSSL_TLS13
+ if (noPskDheKe)
+ wolfSSL_CTX_no_dhe_psk(ctx);
+#endif
+#ifdef HAVE_SESSION_TICKET
+#ifdef WOLFSSL_TLS13
+ if (noTicketTls13)
+ wolfSSL_CTX_no_ticket_TLSv13(ctx);
+#endif
+#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+ if (noTicketTls12)
+ wolfSSL_CTX_NoTicketTLSv12(ctx);
+#endif
+#endif
+
+ while (1) {
+ /* allow resume option */
+ if (resumeCount > 1) {
+ if (dtlsUDP == 0) {
+ client_len = sizeof client_addr;
+ clientfd = accept(sockfd, (struct sockaddr*)&client_addr,
+ (ACCEPT_THIRD_T)&client_len);
+ }
+ else {
+ tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP);
+ clientfd = sockfd;
+ }
+ if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
+ err_sys_ex(runWithErrors, "tcp accept failed");
+ }
+ }
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+ fprintf(stderr, "Before creating SSL\n");
+ if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
+ err_sys_ex(runWithErrors, "ctx not using static memory");
+ if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
+ err_sys_ex(runWithErrors, "error printing out memory stats");
+#endif
+
+ if (doMcast) {
+#ifdef WOLFSSL_MULTICAST
+ wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
+ if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
+ != WOLFSSL_SUCCESS)
+ err_sys("Couldn't set multicast cipher list.");
+#endif
+ }
+
+ if (doDTLS && dtlsUDP) {
+#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO)
+ if (doBlockSeq) {
+ wolfSSL_CTX_SetIOSend(ctx, TestEmbedSendTo);
+ }
+#endif
+ }
+
+#ifdef HAVE_PK_CALLBACKS
+ if (pkCallbacks)
+ SetupPkCallbacks(ctx);
+#endif
+
+ ssl = SSL_new(ctx);
+ if (ssl == NULL)
+ err_sys_ex(catastrophic, "unable to create an SSL object");
+ #ifdef OPENSSL_EXTRA
+ wolfSSL_KeepArrays(ssl);
+ #endif
+
+ /* Support for loading private key and cert using WOLFSSL object */
+#if !defined(NO_CERTS)
+ if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) {
+ #ifdef NO_FILESYSTEM
+ if (wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
+ sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server cert buffer");
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (SSL_use_certificate_chain_file(ssl, ourCert)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server cert file, check file "
+ "and run from wolfSSL home dir");
+ #else
+ /* loads cert chain file using buffer API */
+ load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
+ #endif
+ }
+
+ if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon &&
+ loadCertKeyIntoSSLObj
+ #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
+ && !pkCallbacks
+ #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */
+ ) {
+ #if defined(NO_FILESYSTEM)
+ if (wolfSSL_use_PrivateKey_buffer(ssl, server_key_der_2048,
+ sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server private key buffer");
+ #elif !defined(TEST_LOAD_BUFFER)
+ if (SSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic, "can't load server private key file, check"
+ "file and run from wolfSSL home dir");
+ #else
+ /* loads private key file using buffer API */
+ load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
+ #endif
+ }
+#endif /* !NO_CERTS */
+
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+ if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0)
+ != WOLFSSL_SUCCESS) {
+ err_sys("unable to set use of cookie with HRR msg");
+ }
+#endif
+
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+ fprintf(stderr, "After creating SSL\n");
+ if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
+ err_sys_ex(runWithErrors, "ctx not using static memory");
+ if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
+ err_sys_ex(runWithErrors, "error printing out memory stats");
+#endif
+
+ if (doMcast) {
+#ifdef WOLFSSL_MULTICAST
+ /* DTLS multicast secret for testing only */
+ #define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */
+ #define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */
+ byte pms[PMS_SZ]; /* pre master secret */
+ byte cr[CLI_SRV_RANDOM_SZ]; /* client random */
+ byte sr[CLI_SRV_RANDOM_SZ]; /* server random */
+ const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
+
+ XMEMSET(pms, 0x23, sizeof(pms));
+ XMEMSET(cr, 0xA5, sizeof(cr));
+ XMEMSET(sr, 0x5A, sizeof(sr));
+
+ if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
+ != WOLFSSL_SUCCESS) {
+ err_sys("unable to set mcast secret");
+ }
+#endif
+ }
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+ if (scr) {
+ if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
+ err_sys_ex(runWithErrors, "can't enable secure renegotiation");
+ }
+ }
+#endif /* HAVE_SECURE_RENEGOTIATION */
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ if (postHandAuth) {
+ unsigned int verify_flags = 0;
+
+ SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
+ ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
+ WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
+
+ #ifdef TEST_BEFORE_DATE
+ verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
+ #endif
+
+ if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
+ verify_flags)
+ != WOLFSSL_SUCCESS) {
+ err_sys_ex(runWithErrors, "can't load ca file, Please run from "
+ "wolfSSL home dir");
+ }
+ #ifdef WOLFSSL_TRUST_PEER_CERT
+ if (trustCert) {
+ if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert,
+ WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
+ err_sys_ex(runWithErrors, "can't load trusted peer cert "
+ "file");
+ }
+ }
+ #endif /* WOLFSSL_TRUST_PEER_CERT */
+ }
+ #endif
+#endif
+
+
+#ifndef NO_HANDSHAKE_DONE_CB
+ wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
+#endif
+#ifdef HAVE_CRL
+ if (!disableCRL) {
+#ifdef HAVE_CRL_MONITOR
+ crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON;
+#endif
+ if (wolfSSL_EnableCRL(ssl, 0) != WOLFSSL_SUCCESS)
+ err_sys_ex(runWithErrors, "unable to enable CRL");
+ if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, crlFlags)
+ != WOLFSSL_SUCCESS)
+ err_sys_ex(runWithErrors, "unable to load CRL");
+ if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS)
+ err_sys_ex(runWithErrors, "unable to set CRL callback url");
+ }
+#endif
+#ifdef HAVE_OCSP
+ if (useOcsp) {
+ if (ocspUrl != NULL) {
+ wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
+ wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
+ | WOLFSSL_OCSP_URL_OVERRIDE);
+ }
+ else
+ wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
+ }
+#ifndef NO_RSA
+ /* All the OSCP Stapling test certs are RSA. */
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ { /* scope start */
+ const char* ca1 = "certs/ocsp/intermediate1-ca-cert.pem";
+ const char* ca2 = "certs/ocsp/intermediate2-ca-cert.pem";
+ const char* ca3 = "certs/ocsp/intermediate3-ca-cert.pem";
+ int fails = 0;
+
+ if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) {
+ err_sys_ex(catastrophic, "can't enable OCSP Stapling "
+ "Certificate Manager");
+ }
+ if (SSL_CTX_load_verify_locations(ctx, ca1, 0) != WOLFSSL_SUCCESS) {
+ fails++;
+ err_sys_ex(runWithErrors, "can't load ca file, Please run from "
+ "wolfSSL home dir");
+ }
+ if (SSL_CTX_load_verify_locations(ctx, ca2, 0) != WOLFSSL_SUCCESS) {
+ fails++;
+ err_sys_ex(runWithErrors, "can't load ca file, Please run from "
+ "wolfSSL home dir");
+ }
+ if (SSL_CTX_load_verify_locations(ctx, ca3, 0) != WOLFSSL_SUCCESS) {
+ fails++;
+ err_sys_ex(runWithErrors, "can't load ca file, Please run from "
+ "wolfSSL home dir");
+ }
+ if (fails > 2) {
+ err_sys_ex(catastrophic, "Failed to load any intermediates for "
+ "OCSP stapling test");
+ }
+ } /* scope end */
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
+#endif /* NO_RSA */
+#endif /* HAVE_OCSP */
+
+#ifdef HAVE_PK_CALLBACKS
+ if (pkCallbacks)
+ SetupPkCallbackContexts(ssl, &pkCbInfo);
+#endif
+
+ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+ if (version >= 4) {
+ SetKeyShare(ssl, onlyKeyShare, useX25519, useX448);
+ }
+ #endif
+
+ #ifdef HAVE_ENCRYPT_THEN_MAC
+ if (disallowETM)
+ wolfSSL_AllowEncryptThenMac(ssl, 0);
+ #endif
+
+
+ /* do accept */
+ readySignal = ((func_args*)args)->signal;
+ if (readySignal) {
+ readySignal->srfName = serverReadyFile;
+ }
+
+ client_len = sizeof client_addr;
+ tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
+ dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen,
+ &client_addr, &client_len);
+
+ doListen = 0; /* Don't listen next time */
+
+ if (port == 0) {
+ port = readySignal->port;
+ }
+
+ if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
+ err_sys_ex(catastrophic, "error in setting fd");
+ }
+
+#ifdef HAVE_TRUSTED_CA
+ if (trustedCaKeyId) {
+ if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
+ NULL, 0) != WOLFSSL_SUCCESS) {
+ err_sys_ex(runWithErrors, "UseTrustedCA failed");
+ }
+ }
+#endif /* HAVE_TRUSTED_CA */
+
+#ifdef HAVE_ALPN
+ if (alpnList != NULL) {
+ printf("ALPN accepted protocols list : %s\n", alpnList);
+ wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
+ }
+#endif
+
+#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO)
+ if (doDTLS && dtlsUDP) {
+ byte b[1500];
+ int n;
+
+ client_len = sizeof client_addr;
+
+ /* For DTLS, peek at the next datagram so we can get the client's
+ * address and set it into the ssl object later to generate the
+ * cookie. */
+ n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
+ (struct sockaddr*)&client_addr, &client_len);
+ if (n <= 0)
+ err_sys_ex(runWithErrors, "recvfrom failed");
+
+ if (doBlockSeq) {
+ XMEMCPY(&dtlsCtx.peer.sa, &client_addr, client_len);
+ dtlsCtx.peer.sz = client_len;
+ dtlsCtx.wfd = clientfd;
+ dtlsCtx.failOnce = 1;
+
+ wolfSSL_SetIOWriteCtx(ssl, &dtlsCtx);
+ }
+ else {
+ wolfSSL_dtls_set_peer(ssl, &client_addr, client_len);
+ }
+ }
+#endif
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ {
+ SOCKADDR_IN_T local_addr;
+ socklen_t local_len = sizeof(local_addr);
+ getsockname(clientfd, (struct sockaddr *)&local_addr,
+ (socklen_t *)&local_len);
+
+ if (((struct sockaddr *)&client_addr)->sa_family !=
+ ((struct sockaddr *)&local_addr)->sa_family)
+ err_sys_ex(catastrophic,
+ "client_addr.sa_family != local_addr.sa_family");
+
+ if (wolfsentry_store_endpoints(
+ ssl, &client_addr, &local_addr,
+ dtlsUDP ? IPPROTO_UDP : IPPROTO_TCP,
+ WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN, NULL) != WOLFSSL_SUCCESS)
+ err_sys_ex(catastrophic,
+ "error in wolfsentry_store_endpoints()");
+ }
+#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
+
+ if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL
+ || needDH == 1) {
+ #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
+ wolfSSL_SetTmpDH_file(ssl, ourDhParam, WOLFSSL_FILETYPE_PEM);
+ #elif !defined(NO_DH)
+ SetDH(ssl); /* repick suites with DHE, higher priority than
+ * PSK */
+ #endif
+#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
+ !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ if (!doDhKeyCheck)
+ wolfSSL_SetEnableDhKeyTest(ssl, 0);
+#endif
+ }
+
+#ifndef WOLFSSL_CALLBACKS
+ if (nonBlocking) {
+ #ifdef WOLFSSL_DTLS
+ if (doDTLS) {
+ wolfSSL_dtls_set_using_nonblock(ssl, 1);
+ }
+ #endif
+ tcp_set_nonblocking(&clientfd);
+
+ ret = NonBlockingSSL_Accept(ssl);
+ }
+ else {
+ #ifdef WOLFSSL_EARLY_DATA
+ if (earlyData) {
+ do {
+ int len;
+ err = 0; /* reset error */
+ ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1,
+ &len);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl,
+ WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ if (ret > 0) {
+ input[ret] = 0; /* null terminate message */
+ printf("Early Data Client message: %s\n", input);
+ }
+ } while (err == WC_PENDING_E || ret > 0);
+ }
+ #endif
+ do {
+ err = 0; /* reset error */
+ ret = SSL_accept(ssl);
+#ifdef WOLFSSL_EARLY_DATA
+ EarlyDataStatus(ssl);
+#endif
+ if (ret != WOLFSSL_SUCCESS) {
+ err = SSL_get_error(ssl, 0);
+ #ifdef WOLFSSL_ASYNC_CRYPT
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ #endif
+ }
+ } while (err == WC_PENDING_E);
+ }
+#else
+ ret = NonBlockingSSL_Accept(ssl);
+#endif
+ if (ret != WOLFSSL_SUCCESS) {
+ err = SSL_get_error(ssl, 0);
+ printf("SSL_accept error %d, %s\n", err,
+ ERR_error_string(err, buffer));
+ if (!exitWithRet) {
+ err_sys_ex(runWithErrors, "SSL_accept failed");
+ } else {
+ /* cleanup */
+ SSL_free(ssl); ssl = NULL;
+ SSL_CTX_free(ctx); ctx = NULL;
+ CloseSocket(clientfd);
+ CloseSocket(sockfd);
+ ((func_args*)args)->return_code = err;
+ goto exit;
+ }
+ }
+
+ showPeerEx(ssl, lng_index);
+ if (SSL_state(ssl) != 0) {
+ err_sys_ex(runWithErrors, "SSL in error state");
+ }
+
+ /* if the caller requested a particular cipher, check here that either
+ * a canonical name of the established cipher matches the requested
+ * cipher name, or the requested cipher name is marked as an alias
+ * that matches the established cipher.
+ */
+ if (cipherList && !useDefCipherList && (! XSTRSTR(cipherList, ":"))) {
+ WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
+ byte requested_cipherSuite0, requested_cipherSuite;
+ int requested_cipherFlags;
+ if (established_cipher &&
+ /* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
+ (wolfSSL_get_cipher_suite_from_name(cipherList,
+ &requested_cipherSuite0,
+ &requested_cipherSuite,
+ &requested_cipherFlags) == 0)) {
+ word32 established_cipher_id = wolfSSL_CIPHER_get_id(established_cipher);
+ byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
+ byte established_cipherSuite = established_cipher_id & 0xff;
+ const char *established_cipher_name =
+ wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
+ established_cipherSuite);
+ const char *established_cipher_name_iana =
+ wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
+ established_cipherSuite);
+
+ if (established_cipher_name == NULL)
+ err_sys_ex(catastrophic, "error looking up name of established cipher");
+
+ if (strcmp(cipherList, established_cipher_name) &&
+ ((established_cipher_name_iana == NULL) ||
+ strcmp(cipherList, established_cipher_name_iana))) {
+ if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
+ err_sys_ex(
+ catastrophic,
+ "Unexpected mismatch between names of requested and established ciphers.");
+ else if ((requested_cipherSuite0 != established_cipherSuite0) ||
+ (requested_cipherSuite != established_cipherSuite))
+ err_sys_ex(
+ catastrophic,
+ "Mismatch between IDs of requested and established ciphers.");
+ }
+ }
+ }
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
+ {
+ byte* rnd = NULL;
+ byte* pt;
+ size_t size;
+
+ /* get size of buffer then print */
+ size = wolfSSL_get_server_random(NULL, NULL, 0);
+ if (size == 0) {
+ err_sys_ex(runWithErrors, "error getting server random buffer "
+ "size");
+ }
+ else {
+ rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ }
+
+ if (rnd == NULL) {
+ err_sys_ex(runWithErrors, "error creating server random buffer");
+ }
+
+ size = wolfSSL_get_server_random(ssl, rnd, size);
+ if (size == 0) {
+ if (rnd) {
+ XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ rnd = NULL;
+ }
+ err_sys_ex(runWithErrors, "error getting server random buffer");
+ }
+
+ if (rnd) {
+ printf("Server Random : ");
+ for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
+ printf("\n");
+
+ XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ rnd = NULL;
+ }
+ }
+#endif
+
+#ifdef HAVE_ALPN
+ if (alpnList != NULL) {
+ char *protocol_name = NULL, *list = NULL;
+ word16 protocol_nameSz = 0, listSz = 0;
+
+ err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name,
+ &protocol_nameSz);
+ if (err == WOLFSSL_SUCCESS)
+ printf("Sent ALPN protocol : %s (%d)\n",
+ protocol_name, protocol_nameSz);
+ else if (err == WOLFSSL_ALPN_NOT_FOUND)
+ printf("No ALPN response sent (no match)\n");
+ else
+ printf("Getting ALPN protocol name failed\n");
+
+ err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
+ if (err == WOLFSSL_SUCCESS)
+ printf("List of protocol names sent by Client: %s (%d)\n",
+ list, listSz);
+ else
+ printf("Get list of client's protocol name failed\n");
+
+ free(list);
+ }
+#endif
+
+ if (echoData == 0 && throughput == 0) {
+ ServerRead(ssl, input, sizeof(input)-1);
+ err = SSL_get_error(ssl, 0);
+ }
+
+#if defined(HAVE_SECURE_RENEGOTIATION) && \
+ defined(HAVE_SERVER_RENEGOTIATION_INFO)
+ if (scr && forceScr) {
+ if (nonBlocking) {
+ if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ if (err == WOLFSSL_ERROR_WANT_READ ||
+ err == WOLFSSL_ERROR_WANT_WRITE) {
+ do {
+ if (err == APP_DATA_READY) {
+ if ((ret = wolfSSL_read(ssl, input, sizeof(input)-1)) < 0) {
+ err_sys("APP DATA should be present but error returned");
+ }
+ printf("Received message: %s\n", input);
+ }
+ err = 0;
+ if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, ret);
+ }
+ } while (ret != WOLFSSL_SUCCESS &&
+ (err == WOLFSSL_ERROR_WANT_READ ||
+ err == WOLFSSL_ERROR_WANT_WRITE ||
+ err == APP_DATA_READY));
+
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ printf("wolfSSL_Rehandshake error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("non-blocking wolfSSL_Rehandshake failed");
+ }
+ printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
+ }
+ else {
+ printf("wolfSSL_Rehandshake error %d, %s\n", err,
+ wolfSSL_ERR_error_string(err, buffer));
+ wolfSSL_free(ssl); ssl = NULL;
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("non-blocking wolfSSL_Rehandshake failed");
+ }
+ }
+ } else {
+ if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
+#ifdef WOLFSSL_ASYNC_CRYPT
+ err = wolfSSL_get_error(ssl, 0);
+ while (err == WC_PENDING_E) {
+ err = 0;
+ ret = wolfSSL_negotiate(ssl);
+ if (ret != WOLFSSL_SUCCESS) {
+ err = wolfSSL_get_error(ssl, 0);
+ if (err == WC_PENDING_E) {
+ ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+ if (ret < 0) break;
+ }
+ }
+ }
+ if (ret != WOLFSSL_SUCCESS)
+#endif
+ printf("not doing secure renegotiation\n");
+ }
+ else {
+ printf("RENEGOTIATION SUCCESSFUL\n");
+ }
+ }
+ }
+#endif /* HAVE_SECURE_RENEGOTIATION */
+
+ if (err == 0 && echoData == 0 && throughput == 0) {
+ const char* write_msg;
+ int write_msg_sz;
+
+#ifdef WOLFSSL_TLS13
+ if (updateKeysIVs)
+ wolfSSL_update_keys(ssl);
+#endif
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+ if (postHandAuth)
+ wolfSSL_request_certificate(ssl);
+#endif
+
+ /* Write data */
+ if (!useWebServerMsg) {
+ write_msg = kReplyMsg;
+ write_msg_sz = (int)XSTRLEN(kReplyMsg);
+ }
+ else {
+ write_msg = kHttpServerMsg;
+ write_msg_sz = (int)XSTRLEN(kHttpServerMsg);
+ }
+ ServerWrite(ssl, write_msg, write_msg_sz);
+
+#ifdef WOLFSSL_TLS13
+ if (updateKeysIVs || postHandAuth)
+ ServerRead(ssl, input, sizeof(input)-1);
+#endif
+ }
+ else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
+ err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
+ if (err != 0) {
+ SSL_free(ssl); ssl = NULL;
+ SSL_CTX_free(ctx); ctx = NULL;
+ CloseSocket(clientfd);
+ CloseSocket(sockfd);
+ ((func_args*)args)->return_code = err;
+ goto exit;
+ }
+ }
+
+#if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
+ os_dly_wait(500) ;
+#elif defined (WOLFSSL_TIRTOS)
+ Task_yield();
+#endif
+
+ if (dtlsUDP == 0) {
+ ret = SSL_shutdown(ssl);
+ if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+ ret = SSL_shutdown(ssl); /* bidirectional shutdown */
+ if (ret == WOLFSSL_SUCCESS)
+ printf("Bidirectional shutdown complete\n");
+ }
+ }
+
+ /* display collected statistics */
+#ifdef WOLFSSL_STATIC_MEMORY
+ if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+ err_sys_ex(runWithErrors, "static memory was not used with ssl");
+
+ fprintf(stderr, "\nprint off SSL memory stats\n");
+ fprintf(stderr, "*** This is memory state before wolfSSL_free is "
+ "called\n");
+ fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
+ fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
+ fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
+ fprintf(stderr, "current connection allocs = %d\n",ssl_stats.curAlloc);
+ fprintf(stderr, "total connection allocs = %d\n",
+ ssl_stats.totalAlloc);
+ fprintf(stderr, "total connection frees = %d\n\n",
+ ssl_stats.totalFr);
+
+#endif
+ SSL_free(ssl); ssl = NULL;
+
+ CloseSocket(clientfd);
+
+ if (resume == 1 && resumeCount == 0) {
+ resumeCount++; /* only do one resume for testing */
+ continue;
+ }
+ resumeCount = 0;
+
+ cnt++;
+ if (loops > 0 && --loops == 0) {
+ break; /* out of while loop, done with normal and resume option */
+ }
+ } /* while(1) */
+
+ WOLFSSL_TIME(cnt);
+ (void)cnt;
+
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+ wolfSSL_CTX_DisableOCSPStapling(ctx);
+#endif
+
+ CloseSocket(sockfd);
+ SSL_CTX_free(ctx); ctx = NULL;
+
+ ((func_args*)args)->return_code = 0;
+
+exit:
+
+#ifdef WOLFSSL_WOLFSENTRY_HOOKS
+ wolfsentry_ret = wolfsentry_shutdown(&wolfsentry);
+ if (wolfsentry_ret < 0) {
+ fprintf(stderr,
+ "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
+ WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
+ }
+#endif
+
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
+ && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
+ wc_ecc_fp_free(); /* free per thread cache */
+#endif
+
+#ifdef WOLFSSL_TIRTOS
+ fdCloseSession(Task_self());
+#endif
+
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
+ TicketCleanup();
+#endif
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+ wolfAsync_DevClose(&devId);
+#endif
+
+ /* There are use cases when these assignments are not read. To avoid
+ * potential confusion those warnings have been handled here.
+ */
+ (void) ourKey;
+ (void) verifyCert;
+ (void) doCliCertCheck;
+ (void) useNtruKey;
+ (void) ourDhParam;
+ (void) ourCert;
+ (void) useX25519;
+ (void) useX448;
+#ifdef HAVE_SECURE_RENEGOTIATION
+ (void) forceScr;
+#endif
+#ifndef WOLFSSL_TIRTOS
+ return 0;
+#endif
+}
+
+#endif /* !NO_WOLFSSL_SERVER */
+
+
+/* so overall tests can pull in test function */
+#ifndef NO_MAIN_DRIVER
+
+ int main(int argc, char** argv)
+ {
+ func_args args;
+ tcp_ready ready;
+
+ StartTCP();
+
+ args.argc = argc;
+ args.argv = argv;
+ args.signal = &ready;
+ args.return_code = 0;
+ InitTcpReady(&ready);
+
+#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL)
+ wolfSSL_Debugging_ON();
+#endif
+ wolfSSL_Init();
+ ChangeToWolfRoot();
+
+#ifndef NO_WOLFSSL_SERVER
+#ifdef HAVE_STACK_SIZE
+ StackSizeCheck(&args, server_test);
+#else
+ server_test(&args);
+#endif
+#else
+ printf("Server not compiled in!\n");
+#endif
+
+ wolfSSL_Cleanup();
+ FreeTcpReady(&ready);
+
+#ifdef HAVE_WNR
+ if (wc_FreeNetRandom() < 0)
+ err_sys_ex(runWithErrors, "Failed to free netRandom context");
+#endif /* HAVE_WNR */
+
+ return args.return_code;
+ }
+
+ int myoptind = 0;
+ char* myoptarg = NULL;
+
+#endif /* NO_MAIN_DRIVER */
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/example/tls_bench.c b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/tls_bench.c
new file mode 100644
index 0000000..fcbdd66
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/example/tls_bench.c
@@ -0,0 +1,1953 @@
+/* tls_bench.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/*
+Example gcc build statement
+gcc -lwolfssl -lpthread -o tls_bench tls_bench.c
+./tls_bench
+
+Or
+
+#include <examples/benchmark/tls_bench.h>
+bench_tls(args);
+*/
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+#ifndef WOLFSSL_USER_SETTINGS
+ #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/hash.h> /* WC_MAX_DIGEST_SIZE */
+#include <wolfssl/test.h>
+#include <wolfssl/wolfio.h>
+#include <examples/benchmark/tls_bench.h>
+
+/* force certificate test buffers to be included via headers */
+#undef USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+#undef USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <errno.h>
+
+/* For testing no pthread support */
+#if 0
+ #undef HAVE_PTHREAD
+#endif
+
+/* PTHREAD requires server and client enabled */
+#if defined(HAVE_PTHREAD) && (defined(NO_WOLFSSL_CLIENT) || defined(NO_WOLFSSL_SERVER))
+ #undef HAVE_PTHREAD
+#endif
+
+#ifdef HAVE_PTHREAD
+ #include <pthread.h>
+#endif
+
+#if 0
+#define BENCH_USE_NONBLOCK
+#endif
+
+/* Defaults for configuration parameters */
+#define BENCH_DEFAULT_HOST "localhost"
+#define BENCH_DEFAULT_PORT 11112
+#define NUM_THREAD_PAIRS 1 /* Thread pairs of server/client */
+#ifndef BENCH_RUNTIME_SEC
+ #ifdef BENCH_EMBEDDED
+ #define BENCH_RUNTIME_SEC 15
+ #else
+ #define BENCH_RUNTIME_SEC 1
+ #endif
+#endif
+/* TLS packet size */
+#ifndef TEST_PACKET_SIZE
+ #ifdef BENCH_EMBEDDED
+ #define TEST_PACKET_SIZE (2 * 1024)
+ #else
+ #define TEST_PACKET_SIZE (16 * 1024)
+ #endif
+#endif
+/* Total bytes to benchmark per connection */
+#ifndef TEST_MAX_SIZE
+ #ifdef BENCH_EMBEDDED
+ #define TEST_MAX_SIZE (16 * 1024)
+ #else
+ #define TEST_MAX_SIZE (128 * 1024)
+ #endif
+#endif
+
+#ifdef WOLFSSL_DTLS
+ #ifdef BENCH_EMBEDDED
+ /* WOLFSSL_MAX_MTU in internal.h */
+ #define TEST_DTLS_PACKET_SIZE (1500)
+ #else
+ /* MAX_UDP_SIZE in interna.h */
+ #define TEST_DTLS_PACKET_SIZE (8092)
+ #endif
+#endif
+
+/* In memory transfer buffer maximum size */
+/* Must be large enough to handle max TLS packet size plus max TLS header MAX_MSG_EXTRA */
+#define MEM_BUFFER_SZ (TEST_PACKET_SIZE + 38 + WC_MAX_DIGEST_SIZE)
+#define SHOW_VERBOSE 0 /* Default output is tab delimited format */
+
+#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+ !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+
+/* shutdown message - nice signal to server, we are done */
+static const char* kShutdown = "shutdown";
+
+#ifndef NO_WOLFSSL_CLIENT
+PEDANTIC_EXTENSION static const char* kTestStr =
+"Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
+"polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
+"marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
+"plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
+"selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
+"small batch meggings kogi dolore food truck bespoke gastropub.\n"
+"\n"
+"Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
+"four loko you probably haven't heard of them high life. Messenger bag\n"
+"whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
+"et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
+"Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
+"food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
+"readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
+"richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
+"mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
+"four loko whatever street art yr farm-to-table.\n"
+"\n"
+"Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
+"pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
+"et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
+"nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
+"seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
+"eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
+"readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
+"ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
+"locavore.\n"
+"\n"
+"Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
+"banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
+"cillum pickled velit, YOLO officia you probably haven't heard of them\n"
+"trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
+"small batch american apparel. Put a bird on it cosby sweater before they\n"
+"sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
+"DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
+"Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
+"excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
+"neutra PBR selvage.\n"
+"\n"
+"Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
+"next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
+"authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
+"wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
+"tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
+"trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
+"incididunt flannel sustainable helvetica pork belly pug banksy you\n"
+"probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
+"mollit magna, sriracha sartorial helvetica.\n"
+"\n"
+"Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
+"ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
+"of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
+"reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
+"skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
+"organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
+"Veniam sunt food truck leggings, sint vinyl fap.\n"
+"\n"
+"Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
+"them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
+"apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
+"flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
+"letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
+"Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
+"delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
+"magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
+"pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
+"\n"
+"Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
+"meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
+"dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
+"locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
+"tousled beard mollit mustache leggings portland next level. Nihil esse\n"
+"est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
+"swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
+"bag dolor terry richardson sapiente.\n";
+#endif
+
+#if !defined(NO_DH)
+
+#define MIN_DHKEY_BITS 1024
+
+#if !defined(NO_WOLFSSL_SERVER)
+/* dh2048 p */
+static const unsigned char dhp[] =
+{
+ 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30,
+ 0xd5, 0xf5, 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, 0x25, 0x27,
+ 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
+ 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, 0xc5, 0xbe, 0x72, 0x5c,
+ 0xa7, 0xe7, 0x91, 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, 0xc7,
+ 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46,
+ 0x3e, 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, 0x2b, 0x96, 0x17,
+ 0x39, 0x6d, 0x30, 0x8d, 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6,
+ 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda,
+ 0x76, 0x93, 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, 0xb7, 0xc8,
+ 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
+ 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, 0x16, 0x30, 0xdb, 0x0c,
+ 0xfc, 0xc5, 0x62, 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, 0xf6,
+ 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3,
+ 0x1a, 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, 0x4e, 0x22, 0x73,
+ 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab,
+ 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf,
+ 0x68, 0x1f, 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, 0x06, 0x65,
+ 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
+ 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93
+};
+
+/* dh2048 g */
+static const unsigned char dhg[] =
+{
+ 0x02,
+};
+#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_DH */
+
+#ifdef HAVE_PTHREAD
+typedef struct {
+ unsigned char buf[MEM_BUFFER_SZ];
+ int write_bytes;
+ int write_idx;
+ int read_bytes;
+ int read_idx;
+
+ pthread_t tid;
+ pthread_mutex_t mutex;
+ pthread_cond_t cond;
+
+ int done;
+} memBuf_t;
+#endif
+
+typedef struct {
+ double connTime;
+ double rxTime;
+ double txTime;
+ int connCount;
+ int rxTotal;
+ int txTotal;
+} stats_t;
+
+typedef struct {
+ int shutdown;
+ int sockFd;
+ int ret;
+} side_t;
+
+typedef struct {
+ const char* cipher;
+ const char* host;
+ word32 port;
+ int packetSize; /* The data payload size in the packet */
+ int maxSize;
+ int runTimeSec;
+ int showPeerInfo;
+ int showVerbose;
+#ifndef NO_WOLFSSL_SERVER
+ int listenFd;
+#endif
+#ifdef WOLFSSL_DTLS
+ int doDTLS;
+ struct sockaddr_in serverAddr;
+ struct sockaddr_in clientAddr;
+#ifdef HAVE_PTHREAD
+ int serverReady;
+ int clientOrserverOnly;
+ pthread_mutex_t dtls_mutex;
+ pthread_cond_t dtls_cond;
+#endif
+#endif
+ side_t client;
+ side_t server;
+
+#ifdef HAVE_PTHREAD
+ int useLocalMem;
+
+ /* client messages to server in memory */
+ memBuf_t to_server;
+
+ /* server messages to client in memory */
+ memBuf_t to_client;
+#endif
+
+ /* server */
+ stats_t server_stats;
+
+ /* client */
+ stats_t client_stats;
+} info_t;
+
+/* Global vars for argument parsing */
+int myoptind = 0;
+char* myoptarg = NULL;
+
+#ifdef WOLFSSL_DTLS
+int DoneHandShake = 0;
+#endif
+
+static double gettime_secs(int reset)
+{
+ struct timeval tv;
+ gettimeofday(&tv, 0);
+ (void)reset;
+
+ return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
+}
+
+
+#ifdef HAVE_PTHREAD
+/* server send callback */
+static int ServerMemSend(info_t* info, char* buf, int sz)
+{
+ pthread_mutex_lock(&info->to_client.mutex);
+
+#ifndef BENCH_USE_NONBLOCK
+ /* check for overflow */
+ if (info->to_client.write_idx + sz > MEM_BUFFER_SZ) {
+ pthread_mutex_unlock(&info->to_client.mutex);
+ printf("ServerMemSend overflow\n");
+ return -1;
+ }
+#else
+ if (info->to_client.write_idx + sz > MEM_BUFFER_SZ)
+ sz = MEM_BUFFER_SZ - info->to_client.write_idx;
+#endif
+
+ XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz);
+ info->to_client.write_idx += sz;
+ info->to_client.write_bytes += sz;
+
+ pthread_cond_signal(&info->to_client.cond);
+ pthread_mutex_unlock(&info->to_client.mutex);
+
+#ifdef BENCH_USE_NONBLOCK
+ if (sz == 0)
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+#endif
+ return sz;
+}
+
+/* server recv callback */
+static int ServerMemRecv(info_t* info, char* buf, int sz)
+{
+ pthread_mutex_lock(&info->to_server.mutex);
+
+#ifndef BENCH_USE_NONBLOCK
+ while (info->to_server.write_idx - info->to_server.read_idx < sz && !info->to_client.done)
+ pthread_cond_wait(&info->to_server.cond, &info->to_server.mutex);
+#else
+ if (info->to_server.write_idx - info->to_server.read_idx < sz)
+ sz = info->to_server.write_idx - info->to_server.read_idx;
+#endif
+
+ XMEMCPY(buf, &info->to_server.buf[info->to_server.read_idx], sz);
+ info->to_server.read_idx += sz;
+ info->to_server.read_bytes += sz;
+
+ /* if the rx has caught up with pending then reset buffer positions */
+ if (info->to_server.read_bytes == info->to_server.write_bytes) {
+ info->to_server.read_bytes = info->to_server.read_idx = 0;
+ info->to_server.write_bytes = info->to_server.write_idx = 0;
+ }
+
+ pthread_mutex_unlock(&info->to_server.mutex);
+
+ if (info->to_client.done != 0)
+ return -1;
+
+#ifdef BENCH_USE_NONBLOCK
+ if (sz == 0)
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+#endif
+ return sz;
+}
+
+/* client send callback */
+static int ClientMemSend(info_t* info, char* buf, int sz)
+{
+ pthread_mutex_lock(&info->to_server.mutex);
+
+#ifndef BENCH_USE_NONBLOCK
+ /* check for overflow */
+ if (info->to_client.write_idx + sz > MEM_BUFFER_SZ) {
+ printf("ClientMemSend overflow %d %d %d\n", info->to_client.write_idx, sz, MEM_BUFFER_SZ);
+ pthread_mutex_unlock(&info->to_server.mutex);
+ return -1;
+ }
+#else
+ if (info->to_server.write_idx + sz > MEM_BUFFER_SZ)
+ sz = MEM_BUFFER_SZ - info->to_server.write_idx;
+#endif
+
+ XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz);
+ info->to_server.write_idx += sz;
+ info->to_server.write_bytes += sz;
+
+ pthread_cond_signal(&info->to_server.cond);
+ pthread_mutex_unlock(&info->to_server.mutex);
+
+#ifdef BENCH_USE_NONBLOCK
+ if (sz == 0)
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+#endif
+ return sz;
+}
+
+/* client recv callback */
+static int ClientMemRecv(info_t* info, char* buf, int sz)
+{
+ pthread_mutex_lock(&info->to_client.mutex);
+
+#ifndef BENCH_USE_NONBLOCK
+ while (info->to_client.write_idx - info->to_client.read_idx < sz)
+ pthread_cond_wait(&info->to_client.cond, &info->to_client.mutex);
+#else
+ if (info->to_client.write_idx - info->to_client.read_idx < sz)
+ sz = info->to_client.write_idx - info->to_client.read_idx;
+#endif
+
+ XMEMCPY(buf, &info->to_client.buf[info->to_client.read_idx], sz);
+ info->to_client.read_idx += sz;
+ info->to_client.read_bytes += sz;
+
+ /* if the rx has caught up with pending then reset buffer positions */
+ if (info->to_client.read_bytes == info->to_client.write_bytes) {
+ info->to_client.read_bytes = info->to_client.read_idx = 0;
+ info->to_client.write_bytes = info->to_client.write_idx = 0;
+ }
+
+ pthread_mutex_unlock(&info->to_client.mutex);
+
+#ifdef BENCH_USE_NONBLOCK
+ if (sz == 0)
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+#endif
+ return sz;
+}
+#endif /* HAVE_PTHREAD */
+
+static int SocketRecv(int sockFd, char* buf, int sz)
+{
+ int recvd = (int)recv(sockFd, buf, sz, 0);
+ if (recvd == -1) {
+ switch (errno) {
+ #if EAGAIN != SOCKET_EWOULDBLOCK
+ case EAGAIN: /* EAGAIN == EWOULDBLOCK on some systems, but not others */
+ #endif
+ case SOCKET_EWOULDBLOCK:
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ case SOCKET_ECONNRESET:
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ case SOCKET_EINTR:
+ return WOLFSSL_CBIO_ERR_ISR;
+ case SOCKET_ECONNREFUSED: /* DTLS case */
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ case SOCKET_ECONNABORTED:
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ default:
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+ else if (recvd == 0) {
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ return recvd;
+}
+
+static int SocketSend(int sockFd, char* buf, int sz)
+{
+ int sent = (int)send(sockFd, buf, sz, 0);
+ if (sent == -1) {
+ switch (errno) {
+ #if EAGAIN != SOCKET_EWOULDBLOCK
+ case EAGAIN: /* EAGAIN == EWOULDBLOCK on some systems, but not others */
+ #endif
+ case SOCKET_EWOULDBLOCK:
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ case SOCKET_ECONNRESET:
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ case SOCKET_EINTR:
+ return WOLFSSL_CBIO_ERR_ISR;
+ case SOCKET_EPIPE:
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ default:
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+ else if (sent == 0) {
+ return 0;
+ }
+ return sent;
+}
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
+{
+ int recvd;
+ int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
+ struct sockaddr peer;
+ socklen_t peerSz = 0;
+
+ if (DoneHandShake) dtls_timeout = 0;
+
+ if (!wolfSSL_get_using_nonblock(ssl)) {
+ struct timeval timeout;
+ XMEMSET(&timeout, 0, sizeof(timeout));
+ timeout.tv_sec = dtls_timeout;
+
+ if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
+ sizeof(timeout)) != 0) {
+ printf("setsockopt rcvtimeo failed\n");
+ }
+ }
+
+ recvd = (int)recvfrom(sd, buf, sz, 0, (SOCKADDR*)&peer, &peerSz);
+
+ if (recvd < 0) {
+
+ if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
+ if (wolfSSL_dtls_get_using_nonblock(ssl)) {
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ else {
+ return WOLFSSL_CBIO_ERR_TIMEOUT;
+ }
+ }
+ else if (errno == SOCKET_ECONNRESET) {
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (errno == SOCKET_EINTR) {
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (errno == SOCKET_ECONNREFUSED) {
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ else {
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+ else {
+ if (recvd == 0) {
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ }
+
+ return recvd;
+}
+#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
+
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_CLIENT)
+static int SendTo(int sd, char *buf, int sz, const struct sockaddr *peer,
+ socklen_t peerSz)
+{
+ int sent;
+
+ sent = (int)sendto(sd, buf, sz, 0, peer, peerSz);
+
+ if (sent < 0) {
+ if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ }
+ else if (errno == SOCKET_ECONNRESET) {
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (errno == SOCKET_EINTR) {
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (errno == SOCKET_EPIPE) {
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else {
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+
+ return sent;
+}
+
+static int myDoneHsCb(WOLFSSL* ssl, void* user_ctx)
+{
+ (void) ssl;
+ (void) user_ctx;
+
+ DoneHandShake = 1;
+ return 1;
+}
+#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_CLIENT */
+
+#ifndef NO_WOLFSSL_SERVER
+static int ServerSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+ info_t* info = (info_t*)ctx;
+ (void)ssl;
+#ifdef HAVE_PTHREAD
+ if (info->useLocalMem)
+ return ServerMemSend(info, buf, sz);
+#endif
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_CLIENT)
+ if (info->doDTLS) {
+ return SendTo(info->server.sockFd, buf, sz,
+ (const struct sockaddr*)&info->clientAddr, sizeof(info->clientAddr));
+ } else
+#endif
+ return SocketSend(info->server.sockFd, buf, sz);
+}
+static int ServerRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+ info_t* info = (info_t*)ctx;
+ (void)ssl;
+#ifdef HAVE_PTHREAD
+ if (info->useLocalMem)
+ return ServerMemRecv(info, buf, sz);
+#endif
+#ifdef WOLFSSL_DTLS
+ if (info->doDTLS) {
+ return ReceiveFrom(ssl, info->server.sockFd, buf, sz);
+ } else
+#endif
+ return SocketRecv(info->server.sockFd, buf, sz);
+}
+#endif /* !NO_WOLFSSL_SERVER */
+
+#ifndef NO_WOLFSSL_CLIENT
+static int ClientSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+ info_t* info = (info_t*)ctx;
+ (void)ssl;
+#ifdef HAVE_PTHREAD
+ if (info->useLocalMem)
+ return ClientMemSend(info, buf, sz);
+#endif
+#ifdef WOLFSSL_DTLS
+ if (info->doDTLS) {
+ return SendTo(info->client.sockFd, buf, sz,
+ (const struct sockaddr*)&info->serverAddr, sizeof(info->serverAddr));
+ } else
+#endif
+ return SocketSend(info->client.sockFd, buf, sz);
+}
+static int ClientRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+ info_t* info = (info_t*)ctx;
+ (void)ssl;
+#ifdef HAVE_PTHREAD
+ if (info->useLocalMem)
+ return ClientMemRecv(info, buf, sz);
+#endif
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+ if (info->doDTLS) {
+ return ReceiveFrom(ssl, info->client.sockFd, buf, sz);
+ } else
+#endif
+ return SocketRecv(info->client.sockFd, buf, sz);
+}
+#endif /* !NO_WOLFSSL_CLIENT */
+
+static void CloseAndCleanupSocket(int* sockFd)
+{
+ if (*sockFd != -1) {
+ close(*sockFd);
+ *sockFd = -1;
+ }
+#ifdef WOLFSSL_DTLS
+ DoneHandShake = 0;
+#endif
+}
+
+#ifdef BENCH_USE_NONBLOCK
+static int SetSocketNonBlocking(int sockFd)
+{
+ int flags = fcntl(sockFd, F_GETFL, 0);
+ if (flags < 0) {
+ printf("fcntl get failed\n");
+ return -1;
+ }
+ flags = fcntl(sockFd, F_SETFL, flags | O_NONBLOCK);
+ if (flags < 0) {
+ printf("fcntl set failed\n");
+ return -1;
+ }
+ return 0;
+}
+#endif
+
+#ifndef NO_WOLFSSL_CLIENT
+static int SetupSocketAndConnect(info_t* info, const char* host,
+ word32 port)
+{
+ struct sockaddr_in servAddr;
+ struct hostent* entry;
+
+ /* Setup server address */
+ XMEMSET(&servAddr, 0, sizeof(servAddr));
+ servAddr.sin_family = AF_INET;
+ servAddr.sin_port = htons(port);
+
+ /* Resolve host */
+ entry = gethostbyname(host);
+ if (entry) {
+ XMEMCPY(&servAddr.sin_addr.s_addr, entry->h_addr_list[0],
+ entry->h_length);
+ }
+ else {
+ servAddr.sin_addr.s_addr = inet_addr(host);
+ }
+
+#ifdef WOLFSSL_DTLS
+ if (info->doDTLS) {
+ /* Create the SOCK_DGRAM socket type is implemented on the User
+ * Datagram Protocol/Internet Protocol(UDP/IP protocol).*/
+ if ((info->client.sockFd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ printf("ERROR: failed to create the SOCK_DGRAM socket\n");
+ return -1;
+ }
+ XMEMCPY(&info->serverAddr, &servAddr, sizeof(servAddr));
+ } else {
+#endif
+ /* Create a socket that uses an Internet IPv4 address,
+ * Sets the socket to be stream based (TCP),
+ * 0 means choose the default protocol. */
+ if ((info->client.sockFd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
+ printf("ERROR: failed to create the socket\n");
+ return -1;
+ }
+
+ /* Connect to the server */
+ if (connect(info->client.sockFd, (struct sockaddr*)&servAddr,
+ sizeof(servAddr)) == -1) {
+ printf("ERROR: failed to connect\n");
+ return -1;
+ }
+#ifdef WOLFSSL_DTLS
+ }
+#endif
+
+#ifdef BENCH_USE_NONBLOCK
+ if (SetSocketNonBlocking(info->client.sockFd) != 0) {
+ return -1;
+ }
+#endif
+
+ if (info->showVerbose) {
+ printf("Connected to %s on port %d\n", host, port);
+ }
+
+ return 0;
+}
+
+static int bench_tls_client(info_t* info)
+{
+ byte *writeBuf = NULL, *readBuf = NULL;
+ double start, total = 0;
+ int ret, readBufSz;
+ WOLFSSL_CTX* cli_ctx = NULL;
+ WOLFSSL* cli_ssl = NULL;
+ int haveShownPeerInfo = 0;
+ int tls13 = XSTRNCMP(info->cipher, "TLS13", 5) == 0;
+ int total_sz;
+
+ total = gettime_secs(0);
+
+ /* set up client */
+#ifdef WOLFSSL_DTLS
+ if(info->doDTLS) {
+ if (tls13) return WOLFSSL_SUCCESS;
+ cli_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
+ } else
+#endif
+#ifdef WOLFSSL_TLS13
+ if (tls13)
+ cli_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+#endif
+ if (!tls13)
+#ifdef WOLFSSL_DTLS
+ if(!info->doDTLS)
+#endif
+#if !defined(WOLFSSL_TLS13)
+ cli_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+#elif !defined(WOLFSSL_NO_TLS12)
+ cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
+#endif
+
+ if (cli_ctx == NULL) {
+ printf("error creating ctx\n");
+ ret = MEMORY_E; goto exit;
+ }
+
+#ifndef NO_CERTS
+#ifdef HAVE_ECC
+ if (XSTRSTR(info->cipher, "ECDSA")) {
+ ret = wolfSSL_CTX_load_verify_buffer(cli_ctx, ca_ecc_cert_der_256,
+ sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1);
+ }
+ else
+#endif
+ {
+ ret = wolfSSL_CTX_load_verify_buffer(cli_ctx, ca_cert_der_2048,
+ sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1);
+ }
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error loading CA\n");
+ goto exit;
+ }
+#endif
+
+ wolfSSL_CTX_SetIOSend(cli_ctx, ClientSend);
+ wolfSSL_CTX_SetIORecv(cli_ctx, ClientRecv);
+
+ /* set cipher suite */
+ ret = wolfSSL_CTX_set_cipher_list(cli_ctx, info->cipher);
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error setting cipher suite\n");
+ goto exit;
+ }
+
+#ifndef NO_DH
+ ret = wolfSSL_CTX_SetMinDhKey_Sz(cli_ctx, MIN_DHKEY_BITS);
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("Error setting minimum DH key size\n");
+ goto exit;
+ }
+#endif
+
+ /* Allocate and initialize a packet sized buffer */
+ writeBuf = (unsigned char*)XMALLOC(info->packetSize, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (writeBuf == NULL) {
+ printf("failed to allocate write memory\n");
+ ret = MEMORY_E; goto exit;
+ }
+
+ /* Allocate read buffer */
+ readBufSz = info->packetSize;
+ readBuf = (unsigned char*)XMALLOC(readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (readBuf == NULL) {
+ printf("failed to allocate read memory\n");
+ ret = MEMORY_E; goto exit;
+ }
+
+ /* BENCHMARK CONNECTIONS LOOP */
+ while (!info->client.shutdown) {
+ int writeSz = info->packetSize;
+ #ifdef BENCH_USE_NONBLOCK
+ int err;
+ #endif
+
+ #ifdef HAVE_PTHREAD
+ if (!info->useLocalMem)
+ #endif
+ {
+ /* Setup socket and connection */
+ ret = SetupSocketAndConnect(info, info->host, info->port);
+ if (ret != 0) goto exit;
+ }
+
+ cli_ssl = wolfSSL_new(cli_ctx);
+ if (cli_ssl == NULL) {
+ printf("error creating client object\n");
+ goto exit;
+ }
+
+#ifdef WOLFSSL_DTLS
+ if (info->doDTLS) {
+ ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr,
+ sizeof(info->serverAddr));
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error setting dtls peer\n");
+ goto exit;
+ }
+ ret = wolfSSL_SetHsDoneCb(cli_ssl, myDoneHsCb, NULL);
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error handshake done callback\n");
+ goto exit;
+ }
+ }
+#endif
+ wolfSSL_SetIOReadCtx(cli_ssl, info);
+ wolfSSL_SetIOWriteCtx(cli_ssl, info);
+
+#if defined(HAVE_PTHREAD) && defined(WOLFSSL_DTLS)
+ /* synchronize with server */
+ if (info->doDTLS && !info->clientOrserverOnly) {
+ pthread_mutex_lock(&info->dtls_mutex);
+ if (info->serverReady != 1) {
+ pthread_cond_wait(&info->dtls_cond, &info->dtls_mutex);
+ }
+ /* for next loop */
+ info->serverReady = 0;
+ pthread_mutex_unlock(&info->dtls_mutex);
+ }
+#endif
+ /* perform connect */
+ start = gettime_secs(1);
+ #ifndef BENCH_USE_NONBLOCK
+ ret = wolfSSL_connect(cli_ssl);
+ #else
+ do
+ {
+ ret = wolfSSL_connect(cli_ssl);
+ err = wolfSSL_get_error(cli_ssl, ret);
+ }
+ while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
+ #endif
+ start = gettime_secs(0) - start;
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error connecting client\n");
+ ret = wolfSSL_get_error(cli_ssl, ret);
+ goto exit;
+ }
+ info->client_stats.connTime += start;
+ info->client_stats.connCount++;
+
+ if ((info->showPeerInfo) && (!haveShownPeerInfo)) {
+ haveShownPeerInfo = 1;
+ showPeer(cli_ssl);
+ }
+
+ /* check for run time completion and issue shutdown */
+ if (gettime_secs(0) - total >= info->runTimeSec) {
+ info->client.shutdown = 1;
+
+ writeSz = (int)XSTRLEN(kShutdown) + 1;
+ XMEMCPY(writeBuf, kShutdown, writeSz); /* include null term */
+ if (info->showVerbose) {
+ printf("Sending shutdown\n");
+ }
+
+ ret = wolfSSL_write(cli_ssl, writeBuf, writeSz);
+ if (ret < 0) {
+ printf("error on client write\n");
+ ret = wolfSSL_get_error(cli_ssl, ret);
+ goto exit;
+ }
+ }
+ else {
+ XMEMSET(writeBuf, 0, info->packetSize);
+ XSTRNCPY((char*)writeBuf, kTestStr, info->packetSize);
+ }
+
+ /* write / read echo loop */
+ ret = 0;
+ total_sz = 0;
+ while (ret == 0 && total_sz < info->maxSize && !info->client.shutdown) {
+ /* write test message to server */
+ start = gettime_secs(1);
+ #ifndef BENCH_USE_NONBLOCK
+ ret = wolfSSL_write(cli_ssl, writeBuf, writeSz);
+ #else
+ do {
+ ret = wolfSSL_write(cli_ssl, writeBuf, writeSz);
+ err = wolfSSL_get_error(cli_ssl, ret);
+ }
+ while (err == WOLFSSL_ERROR_WANT_WRITE);
+ #endif
+ info->client_stats.txTime += gettime_secs(0) - start;
+ if (ret < 0) {
+ printf("error on client write\n");
+ ret = wolfSSL_get_error(cli_ssl, ret);
+ goto exit;
+ }
+ info->client_stats.txTotal += ret;
+ total_sz += ret;
+
+ /* read echo of message from server */
+ XMEMSET(readBuf, 0, readBufSz);
+ start = gettime_secs(1);
+ #ifndef BENCH_USE_NONBLOCK
+ ret = wolfSSL_read(cli_ssl, readBuf, readBufSz);
+ #else
+ do {
+ ret = wolfSSL_read(cli_ssl, readBuf, readBufSz);
+ err = wolfSSL_get_error(cli_ssl, ret);
+ }
+ while (err == WOLFSSL_ERROR_WANT_READ);
+ #endif
+ info->client_stats.rxTime += gettime_secs(0) - start;
+ if (ret < 0) {
+ printf("error on client read\n");
+ ret = wolfSSL_get_error(cli_ssl, ret);
+ goto exit;
+ }
+ info->client_stats.rxTotal += ret;
+ ret = 0; /* reset return code */
+
+ /* validate echo */
+ if (XMEMCMP((char*)writeBuf, (char*)readBuf, writeSz) != 0) {
+ printf("echo check failed!\n");
+ ret = wolfSSL_get_error(cli_ssl, ret);
+ goto exit;
+ }
+ }
+
+ CloseAndCleanupSocket(&info->client.sockFd);
+
+ wolfSSL_free(cli_ssl);
+ cli_ssl = NULL;
+ }
+
+exit:
+
+ if (ret != 0 && ret != WOLFSSL_SUCCESS) {
+ printf("Client Error: %d (%s)\n", ret,
+ wolfSSL_ERR_reason_error_string(ret));
+ }
+
+ /* clean up */
+ CloseAndCleanupSocket(&info->client.sockFd);
+ if (cli_ssl != NULL)
+ wolfSSL_free(cli_ssl);
+ if (cli_ctx != NULL)
+ wolfSSL_CTX_free(cli_ctx);
+ XFREE(readBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(writeBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ info->client.ret = ret;
+
+ return ret;
+}
+
+#ifdef HAVE_PTHREAD
+static void* client_thread(void* args)
+{
+ int ret;
+ info_t* info = (info_t*)args;
+
+ ret = bench_tls_client(info);
+
+ pthread_cond_signal(&info->to_server.cond);
+ info->to_client.done = 1;
+ info->client.ret = ret;
+
+ return NULL;
+}
+#endif /* HAVE_PTHREAD */
+#endif /* !NO_WOLFSSL_CLIENT */
+
+
+#ifndef NO_WOLFSSL_SERVER
+static int SetupSocketAndListen(int* listenFd, word32 port, int doDTLS)
+{
+ struct sockaddr_in servAddr;
+#if defined(_MSC_VER) || defined(__MINGW32__)
+ char optval = 1;
+#else
+ int optval = 1;
+#endif
+#ifndef WOLFSSL_DTLS
+ (void) doDTLS;
+#endif
+ /* Setup server address */
+ XMEMSET(&servAddr, 0, sizeof(servAddr));
+ servAddr.sin_family = AF_INET;
+ servAddr.sin_port = htons(port);
+ servAddr.sin_addr.s_addr = INADDR_ANY;
+
+#ifdef WOLFSSL_DTLS
+ if (doDTLS) {
+ /* Create a socket that is implemented on the User Datagram Protocol/
+ * Interet Protocol(UDP/IP protocol). */
+ if((*listenFd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+ printf("ERROR: failed to create the socket\n");
+ return -1;
+ }
+ } else
+#endif
+ /* Create a socket that uses an Internet IPv4 address,
+ * Sets the socket to be stream based (TCP),
+ * 0 means choose the default protocol. */
+ if ((*listenFd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
+ printf("ERROR: failed to create the socket\n");
+ return -1;
+ }
+
+ /* allow reuse */
+ if (setsockopt(*listenFd, SOL_SOCKET, SO_REUSEADDR,
+ &optval, sizeof(optval)) == -1) {
+ printf("setsockopt SO_REUSEADDR failed\n");
+ return -1;
+ }
+
+ /* Connect to the server */
+ if (bind(*listenFd, (struct sockaddr*)&servAddr,
+ sizeof(servAddr)) == -1) {
+ printf("ERROR: failed to bind\n");
+ return -1;
+ }
+#ifdef WOLFSSL_DTLS
+ if (!doDTLS)
+#endif
+ if (listen(*listenFd, 5) != 0) {
+ printf("ERROR: failed to listen\n");
+ return -1;
+ }
+
+#ifdef BENCH_USE_NONBLOCK
+ if (SetSocketNonBlocking(*listenFd) != 0) {
+ return -1;
+ }
+#endif
+
+ return 0;
+}
+
+static int SocketWaitClient(info_t* info)
+{
+ int connd;
+ struct sockaddr_in clientAddr;
+ socklen_t size = sizeof(clientAddr);
+#ifdef WOLFSSL_DTLS
+ char msg[64];
+
+ if (info->doDTLS) {
+#ifdef HAVE_PTHREAD
+ if (!info->clientOrserverOnly) {
+ pthread_mutex_lock(&info->dtls_mutex);
+ info->serverReady = 1;
+ pthread_cond_signal(&info->dtls_cond);
+ pthread_mutex_unlock(&info->dtls_mutex);
+ }
+#endif
+ connd = (int)recvfrom(info->listenFd, (char *)msg, sizeof(msg),
+ MSG_PEEK, (struct sockaddr*)&clientAddr, &size);
+ if (connd < -1) {
+ printf("ERROR: failed to accept the connection\n");
+ return -1;
+ }
+ XMEMCPY(&info->clientAddr, &clientAddr, sizeof(clientAddr));
+ info->server.sockFd = info->listenFd;
+ } else {
+#endif
+ if ((connd = accept(info->listenFd, (struct sockaddr*)&clientAddr, &size)) == -1) {
+ if (errno == SOCKET_EWOULDBLOCK)
+ return -2;
+ printf("ERROR: failed to accept the connection\n");
+ return -1;
+ }
+ info->server.sockFd = connd;
+#ifdef WOLFSSL_DTLS
+ }
+#endif
+
+ if (info->showVerbose) {
+ printf("Got client %d\n", connd);
+ }
+
+ return 0;
+}
+static void CloseAndCleanupListenSocket(int* listenFd)
+{
+ if (*listenFd != -1) {
+ close(*listenFd);
+ *listenFd = -1;
+ }
+}
+
+static int bench_tls_server(info_t* info)
+{
+ byte *readBuf = NULL;
+ double start;
+ int ret, len = 0, readBufSz;
+ WOLFSSL_CTX* srv_ctx = NULL;
+ WOLFSSL* srv_ssl = NULL;
+ int tls13 = XSTRNCMP(info->cipher, "TLS13", 5) == 0;
+ int total_sz;
+
+ /* set up server */
+#ifdef WOLFSSL_DTLS
+ if(info->doDTLS) {
+ if(tls13) return WOLFSSL_SUCCESS;
+ srv_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
+ } else {
+#endif
+#ifdef WOLFSSL_TLS13
+ if (tls13)
+ srv_ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
+#endif
+ if (!tls13)
+ srv_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
+#ifdef WOLFSSL_DTLS
+ }
+#endif
+ if (srv_ctx == NULL) {
+ printf("error creating server ctx\n");
+ ret = MEMORY_E; goto exit;
+ }
+
+#ifndef NO_CERTS
+#ifdef HAVE_ECC
+ if (XSTRSTR(info->cipher, "ECDSA")) {
+ ret = wolfSSL_CTX_use_PrivateKey_buffer(srv_ctx, ecc_key_der_256,
+ sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+ }
+ else
+#endif
+ {
+ ret = wolfSSL_CTX_use_PrivateKey_buffer(srv_ctx, server_key_der_2048,
+ sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+ }
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error loading server key\n");
+ goto exit;
+ }
+
+#ifdef HAVE_ECC
+ if (XSTRSTR(info->cipher, "ECDSA")) {
+ ret = wolfSSL_CTX_use_certificate_buffer(srv_ctx, serv_ecc_der_256,
+ sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+ }
+ else
+#endif
+ {
+ ret = wolfSSL_CTX_use_certificate_buffer(srv_ctx, server_cert_der_2048,
+ sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1);
+ }
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error loading server cert\n");
+ goto exit;
+ }
+#endif /* !NO_CERTS */
+
+ wolfSSL_CTX_SetIOSend(srv_ctx, ServerSend);
+ wolfSSL_CTX_SetIORecv(srv_ctx, ServerRecv);
+
+ /* set cipher suite */
+ ret = wolfSSL_CTX_set_cipher_list(srv_ctx, info->cipher);
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error setting cipher suite\n");
+ goto exit;
+ }
+
+#ifndef NO_DH
+ ret = wolfSSL_CTX_SetMinDhKey_Sz(srv_ctx, MIN_DHKEY_BITS);
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("Error setting minimum DH key size\n");
+ goto exit;
+ }
+#endif
+
+ /* Allocate read buffer */
+ readBufSz = info->packetSize;
+ readBuf = (unsigned char*)XMALLOC(readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (readBuf == NULL) {
+ printf("failed to allocate read memory\n");
+ ret = MEMORY_E; goto exit;
+ }
+
+ /* BENCHMARK CONNECTIONS LOOP */
+ while (!info->server.shutdown) {
+ #ifdef BENCH_USE_NONBLOCK
+ int err;
+ #endif
+
+ #ifdef HAVE_PTHREAD
+ if (!info->useLocalMem)
+ #endif
+ {
+ /* Accept client connections */
+ ret = SocketWaitClient(info);
+ #ifdef BENCH_USE_NONBLOCK
+ if (ret == -2) {
+ XSLEEP_MS(0);
+ continue;
+ }
+ #endif
+ if (ret != 0) {
+ goto exit;
+ }
+ }
+
+ srv_ssl = wolfSSL_new(srv_ctx);
+ if (srv_ssl == NULL) {
+ printf("error creating server object\n");
+ ret = MEMORY_E; goto exit;
+ }
+#ifdef WOLFSSL_DTLS
+ if (info->doDTLS) {
+ ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr,
+ sizeof(info->clientAddr));
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error setting dtls peer\n");
+ goto exit;
+ }
+ }
+#endif
+
+ wolfSSL_SetIOReadCtx(srv_ssl, info);
+ wolfSSL_SetIOWriteCtx(srv_ssl, info);
+ #ifndef NO_DH
+ wolfSSL_SetTmpDH(srv_ssl, dhp, sizeof(dhp), dhg, sizeof(dhg));
+ #endif
+
+ /* accept TLS connection */
+ start = gettime_secs(1);
+ #ifndef BENCH_USE_NONBLOCK
+ ret = wolfSSL_accept(srv_ssl);
+ #else
+ do {
+ ret = wolfSSL_accept(srv_ssl);
+ err = wolfSSL_get_error(srv_ssl, ret);
+ }
+ while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
+ #endif
+ start = gettime_secs(0) - start;
+ if (ret != WOLFSSL_SUCCESS) {
+ printf("error on server accept\n");
+ ret = wolfSSL_get_error(srv_ssl, ret);
+ goto exit;
+ }
+
+ info->server_stats.connTime += start;
+ info->server_stats.connCount++;
+
+ /* echo loop */
+ ret = 0;
+ total_sz = 0;
+ while (ret == 0 && total_sz < info->maxSize) {
+ double rxTime;
+
+ /* read message from client */
+ XMEMSET(readBuf, 0, readBufSz);
+ start = gettime_secs(1);
+ #ifndef BENCH_USE_NONBLOCK
+ ret = wolfSSL_read(srv_ssl, readBuf, readBufSz);
+ #else
+ do {
+ ret = wolfSSL_read(srv_ssl, readBuf, readBufSz);
+ err = wolfSSL_get_error(srv_ssl, ret);
+ }
+ while (err == WOLFSSL_ERROR_WANT_READ);
+ #endif
+ rxTime = gettime_secs(0) - start;
+
+ /* shutdown signals, no more connections for this cipher */
+ if (XSTRSTR((const char*)readBuf, kShutdown) != NULL) {
+ info->server.shutdown = 1;
+ if (info->showVerbose) {
+ printf("Server shutdown done\n");
+ }
+ ret = 0; /* success */
+ break;
+ }
+
+ info->server_stats.rxTime += rxTime;
+ if (ret < 0) {
+ printf("error on server read\n");
+ ret = wolfSSL_get_error(srv_ssl, ret);
+ goto exit;
+ }
+ info->server_stats.rxTotal += ret;
+ len = ret;
+ total_sz += ret;
+
+ /* write message back to client */
+ start = gettime_secs(1);
+ #ifndef BENCH_USE_NONBLOCK
+ ret = wolfSSL_write(srv_ssl, readBuf, len);
+ #else
+ do {
+ ret = wolfSSL_write(srv_ssl, readBuf, len);
+ err = wolfSSL_get_error(srv_ssl, ret);
+ }
+ while (err == WOLFSSL_ERROR_WANT_WRITE);
+ #endif
+ info->server_stats.txTime += gettime_secs(0) - start;
+ if (ret < 0) {
+ printf("error on server write\n");
+ ret = wolfSSL_get_error(srv_ssl, ret);
+ goto exit;
+ }
+ info->server_stats.txTotal += ret;
+ ret = 0; /* reset return code */
+ }
+
+ CloseAndCleanupSocket(&info->server.sockFd);
+
+ wolfSSL_free(srv_ssl);
+ srv_ssl = NULL;
+#ifdef WOLFSSL_DTLS
+ if (info->doDTLS) {
+ SetupSocketAndListen(&info->listenFd, info->port, info->doDTLS);
+ }
+#endif
+
+ }
+
+exit:
+
+ if (ret != 0 && ret != WOLFSSL_SUCCESS) {
+ printf("Server Error: %d (%s)\n", ret,
+ wolfSSL_ERR_reason_error_string(ret));
+ }
+
+ /* clean up */
+ CloseAndCleanupSocket(&info->server.sockFd);
+ if (srv_ssl != NULL)
+ wolfSSL_free(srv_ssl);
+ if (srv_ctx != NULL)
+ wolfSSL_CTX_free(srv_ctx);
+ XFREE(readBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ info->server.ret = ret;
+
+ return ret;
+}
+
+#ifdef HAVE_PTHREAD
+static void* server_thread(void* args)
+{
+ int ret = 0;
+ info_t* info = (info_t*)args;
+
+ if (!info->useLocalMem) {
+ /* Setup TLS server listener */
+#ifdef WOLFSSL_DTLS
+ ret = SetupSocketAndListen(&info->listenFd, info->port, info->doDTLS);
+#else
+ ret = SetupSocketAndListen(&info->listenFd, info->port, 0);
+#endif
+ }
+ if (ret == 0) {
+ ret = bench_tls_server(info);
+
+ if (!info->useLocalMem) {
+ CloseAndCleanupListenSocket(&info->listenFd);
+ }
+ }
+
+ pthread_cond_signal(&info->to_client.cond);
+ info->to_server.done = 1;
+ info->server.ret = ret;
+
+ return NULL;
+}
+#endif /* HAVE_PTHREAD */
+#endif /* !NO_WOLFSSL_SERVER */
+
+
+#ifdef __GNUC__
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
+#endif
+static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, int verbose)
+{
+ const char* formatStr;
+
+ if (verbose) {
+ formatStr = "wolfSSL %s Benchmark on %s:\n"
+ "\tTotal : %9d bytes\n"
+ "\tNum Conns : %9d\n"
+ "\tRx Total : %9.3f ms\n"
+ "\tTx Total : %9.3f ms\n"
+ "\tRx : %9.3f MB/s\n"
+ "\tTx : %9.3f MB/s\n"
+ "\tConnect : %9.3f ms\n"
+ "\tConnect Avg : %9.3f ms\n";
+ }
+ else {
+ formatStr = "%-6s %-33s %11d %9d %9.3f %9.3f %9.3f %9.3f %17.3f %15.3f\n";
+ }
+
+ printf(formatStr,
+ desc,
+ cipher,
+ wcStat->txTotal + wcStat->rxTotal,
+ wcStat->connCount,
+ wcStat->rxTime * 1000,
+ wcStat->txTime * 1000,
+ wcStat->rxTotal / wcStat->rxTime / 1024 / 1024,
+ wcStat->txTotal / wcStat->txTime / 1024 / 1024,
+ wcStat->connTime * 1000,
+ wcStat->connTime * 1000 / wcStat->connCount);
+}
+
+static void Usage(void)
+{
+ printf("tls_bench " LIBWOLFSSL_VERSION_STRING
+ " NOTE: All files relative to wolfSSL home dir\n");
+ printf("-? Help, print this usage\n");
+ printf("-c Run as client only, no threading and uses sockets\n");
+ printf("-s Run as server only, no threading and uses sockets\n");
+ printf("-h Host (default %s)\n", BENCH_DEFAULT_HOST);
+ printf("-P Port (default %d)\n", BENCH_DEFAULT_PORT);
+ printf("-e List Every cipher suite available\n");
+ printf("-i Show peer info\n");
+ printf("-l <str> Cipher suite list (: delimited)\n");
+ printf("-t <num> Time <num> (seconds) to run each test (default %d)\n", BENCH_RUNTIME_SEC);
+ printf("-p <num> The packet size <num> in bytes [1-16kB] (default %d)\n", TEST_PACKET_SIZE);
+#ifdef WOLFSSL_DTLS
+ printf(" In the case of DTLS, [1-8kB] (default %d)\n", TEST_DTLS_PACKET_SIZE);
+#endif
+ printf("-S <num> The total size <num> in bytes (default %d)\n", TEST_MAX_SIZE);
+ printf("-v Show verbose output\n");
+#ifdef DEBUG_WOLFSSL
+ printf("-d Enable debug messages\n");
+#endif
+#ifdef HAVE_PTHREAD
+ printf("-T <num> Number of threaded server/client pairs (default %d)\n", NUM_THREAD_PAIRS);
+ printf("-m Use local memory, not socket\n");
+#endif
+#ifdef WOLFSSL_DTLS
+ printf("-u Use DTLS\n");
+#endif
+}
+
+static void ShowCiphers(void)
+{
+ char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
+
+ int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+ if (ret == WOLFSSL_SUCCESS)
+ printf("%s\n", ciphers);
+}
+
+#ifdef __GNUC__
+#pragma GCC diagnostic pop
+#endif
+
+int bench_tls(void* args)
+{
+ int ret = 0;
+ info_t *theadInfo = NULL, *info;
+ stats_t cli_comb, srv_comb;
+ int i;
+ char *cipher, *next_cipher, *ciphers = NULL;
+ int argc = 0;
+ char** argv = NULL;
+ int ch;
+
+ /* Vars configured by command line arguments */
+ int argRuntimeSec = BENCH_RUNTIME_SEC;
+ char *argCipherList = NULL;
+ int argTestPacketSize = TEST_PACKET_SIZE;
+ int argTestMaxSize = TEST_MAX_SIZE;
+ int argThreadPairs = NUM_THREAD_PAIRS;
+ int argShowVerbose = SHOW_VERBOSE;
+ int argClientOnly = 0;
+ int argServerOnly = 0;
+ const char* argHost = BENCH_DEFAULT_HOST;
+ int argPort = BENCH_DEFAULT_PORT;
+ int argShowPeerInfo = 0;
+#ifdef HAVE_PTHREAD
+ int doShutdown;
+#endif
+#if !defined(NO_WOLFSSL_SERVER) || defined(HAVE_PTHREAD)
+ int argLocalMem = 0;
+ int listenFd = -1;
+#endif
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+ int option_p = 0;
+#endif
+#ifdef WOLFSSL_DTLS
+ int doDTLS = 0;
+#endif
+ if (args != NULL) {
+ argc = ((func_args*)args)->argc;
+ argv = ((func_args*)args)->argv;
+ ((func_args*)args)->return_code = -1; /* error state */
+ }
+
+ /* Initialize wolfSSL */
+ wolfSSL_Init();
+
+ /* Parse command line arguments */
+ while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:")) != -1) {
+ switch (ch) {
+ case '?' :
+ Usage();
+ goto exit;
+
+ case 's':
+ argServerOnly = 1;
+ break;
+
+ case 'c':
+ argClientOnly = 1;
+ break;
+
+ case 'h':
+ argHost = myoptarg;
+ break;
+
+ case 'P':
+ argPort = atoi(myoptarg);
+ break;
+
+ case 'd' :
+ #ifdef DEBUG_WOLFSSL
+ wolfSSL_Debugging_ON();
+ #endif
+ break;
+
+ case 'e' :
+ ShowCiphers();
+ goto exit;
+
+ case 'i' :
+ argShowPeerInfo = 1;
+ break;
+
+ case 'l' :
+ argCipherList = myoptarg;
+ break;
+
+ case 'p' :
+ argTestPacketSize = atoi(myoptarg);
+ if (argTestPacketSize > (16 * 1024)) {
+ printf("Invalid packet size %d\n", argTestPacketSize);
+ Usage();
+ ret = MY_EX_USAGE; goto exit;
+ }
+ #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+ option_p = 1;
+ #endif
+ break;
+
+ case 'S' :
+ argTestMaxSize = atoi(myoptarg);
+ break;
+
+ case 't' :
+ argRuntimeSec = atoi(myoptarg);
+ break;
+
+ case 'v' :
+ argShowVerbose = 1;
+ break;
+
+ case 'T' :
+ #ifdef HAVE_PTHREAD
+ argThreadPairs = atoi(myoptarg);
+ #endif
+ break;
+
+ case 'm':
+ #ifdef HAVE_PTHREAD
+ argLocalMem = 1;
+ #endif
+ break;
+ case 'u':
+ #ifdef WOLFSSL_DTLS
+ doDTLS = 1;
+ #ifdef BENCH_USE_NONBLOCK
+ printf("tls_bench hasn't yet supported DTLS "
+ "non-blocking mode.\n");
+ Usage();
+ ret = MY_EX_USAGE; goto exit;
+ #endif
+ #endif
+ break;
+ default:
+ Usage();
+ ret = MY_EX_USAGE; goto exit;
+ }
+ }
+
+ /* reset for test cases */
+ myoptind = 0;
+
+ if (argCipherList != NULL) {
+ /* Use the list from CL argument */
+ cipher = argCipherList;
+ }
+ else {
+ /* Run for each cipher */
+ ciphers = (char*)XMALLOC(WOLFSSL_CIPHER_LIST_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (ciphers == NULL) {
+ goto exit;
+ }
+ wolfSSL_get_ciphers(ciphers, WOLFSSL_CIPHER_LIST_MAX_SIZE);
+ cipher = ciphers;
+ }
+
+ /* for server or client side only, only 1 thread is allowed */
+ if (argServerOnly || argClientOnly) {
+ argThreadPairs = 1;
+ }
+#ifndef HAVE_PTHREAD
+ else {
+ printf("Threading is not enabled, so please use -s or -c to indicate side\n");
+ Usage();
+ ret = MY_EX_USAGE; goto exit;
+ }
+#endif
+
+ /* Allocate test info array */
+ theadInfo = (info_t*)XMALLOC(sizeof(info_t) * argThreadPairs, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (theadInfo == NULL) {
+ ret = MEMORY_E; goto exit;
+ }
+ XMEMSET(theadInfo, 0, sizeof(info_t) * argThreadPairs);
+
+#ifndef NO_WOLFSSL_SERVER
+ /* Use same listen socket to avoid timing issues between client and server */
+ if (argServerOnly && !argLocalMem) {
+ /* Setup TLS server listener */
+#ifdef WOLFSSL_DTLS
+ ret = SetupSocketAndListen(&listenFd, argPort, doDTLS);
+#else
+ ret = SetupSocketAndListen(&listenFd, argPort, 0);
+#endif
+ if (ret != 0) goto exit;
+ }
+#endif
+
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+ if (doDTLS) {
+ if (argLocalMem) {
+ printf("tls_bench hasn't yet supported DTLS with local memory.\n");
+ ret = MY_EX_USAGE; goto exit;
+ }
+ if (option_p && argTestPacketSize > TEST_DTLS_PACKET_SIZE){
+ printf("Invalid packet size %d\n", argTestPacketSize);
+ Usage();
+ ret = MY_EX_USAGE; goto exit;
+ } else {
+ /* argTestPacketSize would be default for tcp packet */
+ if (argTestPacketSize >= TEST_PACKET_SIZE)
+ argTestPacketSize = TEST_DTLS_PACKET_SIZE;
+ }
+ }
+#endif
+ printf("Running TLS Benchmarks...\n");
+
+ /* parse by : */
+ while ((cipher != NULL) && (cipher[0] != '\0')) {
+ next_cipher = strchr(cipher, ':');
+ if (next_cipher != NULL) {
+ cipher[next_cipher - cipher] = '\0';
+ }
+
+ if (argShowVerbose) {
+ printf("Cipher: %s\n", cipher);
+ }
+
+ for (i=0; i<argThreadPairs; i++) {
+ info = &theadInfo[i];
+ XMEMSET(info, 0, sizeof(info_t));
+
+ info->host = argHost;
+ info->port = argPort + i; /* threads must have separate ports */
+ info->cipher = cipher;
+ info->packetSize = argTestPacketSize;
+
+ info->runTimeSec = argRuntimeSec;
+ info->maxSize = argTestMaxSize;
+ info->showPeerInfo = argShowPeerInfo;
+ info->showVerbose = argShowVerbose;
+ #ifndef NO_WOLFSSL_SERVER
+ info->listenFd = listenFd;
+ #endif
+ info->client.sockFd = -1;
+ info->server.sockFd = -1;
+
+ #ifdef WOLFSSL_DTLS
+ info->doDTLS = doDTLS;
+ #ifdef HAVE_PTHREAD
+ info->serverReady = 0;
+ if (argServerOnly || argClientOnly) {
+ info->clientOrserverOnly = 1;
+ }
+ #endif
+ #endif
+ if (argClientOnly) {
+ #ifndef NO_WOLFSSL_CLIENT
+ ret = bench_tls_client(info);
+ #endif
+ }
+ else if (argServerOnly) {
+ #ifndef NO_WOLFSSL_SERVER
+ ret = bench_tls_server(info);
+ #endif
+ }
+ else {
+ #ifdef HAVE_PTHREAD
+ info->useLocalMem = argLocalMem;
+ pthread_mutex_init(&info->to_server.mutex, NULL);
+ pthread_mutex_init(&info->to_client.mutex, NULL);
+ #ifdef WOLFSSL_DTLS
+ pthread_mutex_init(&info->dtls_mutex, NULL);
+ pthread_cond_init(&info->dtls_cond, NULL);
+ #endif
+ pthread_cond_init(&info->to_server.cond, NULL);
+ pthread_cond_init(&info->to_client.cond, NULL);
+
+ pthread_create(&info->to_server.tid, NULL, server_thread, info);
+ pthread_create(&info->to_client.tid, NULL, client_thread, info);
+
+ /* State that we won't be joining this thread */
+ pthread_detach(info->to_server.tid);
+ pthread_detach(info->to_client.tid);
+ #endif
+ }
+ }
+
+ #ifdef HAVE_PTHREAD
+ /* For threading, wait for completion */
+ if (!argClientOnly && !argServerOnly) {
+ /* Wait until threads are marked done */
+ do {
+ doShutdown = 1;
+
+ for (i = 0; i < argThreadPairs; ++i) {
+ info = &theadInfo[i];
+ if (!info->to_client.done || !info->to_server.done) {
+ doShutdown = 0;
+ XSLEEP_MS(1000); /* Allow other threads to run */
+ }
+
+ }
+ } while (!doShutdown);
+ if (argShowVerbose) {
+ printf("Shutdown complete\n");
+ }
+ }
+ #endif /* HAVE_PTHREAD */
+
+ if (argShowVerbose) {
+ /* print results */
+ for (i = 0; i < argThreadPairs; ++i) {
+ info = &theadInfo[i];
+
+ printf("\nThread %d\n", i);
+ #ifndef NO_WOLFSSL_SERVER
+ if (!argClientOnly)
+ print_stats(&info->server_stats, "Server", info->cipher, 1);
+ #endif
+ #ifndef NO_WOLFSSL_CLIENT
+ if (!argServerOnly)
+ print_stats(&info->client_stats, "Client", info->cipher, 1);
+ #endif
+ }
+ }
+
+ /* print combined results for more than one thread */
+ XMEMSET(&cli_comb, 0, sizeof(cli_comb));
+ XMEMSET(&srv_comb, 0, sizeof(srv_comb));
+
+ for (i = 0; i < argThreadPairs; ++i) {
+ info = &theadInfo[i];
+
+ cli_comb.connCount += info->client_stats.connCount;
+ srv_comb.connCount += info->server_stats.connCount;
+
+ cli_comb.connTime += info->client_stats.connTime;
+ srv_comb.connTime += info->server_stats.connTime;
+
+ cli_comb.rxTotal += info->client_stats.rxTotal;
+ srv_comb.rxTotal += info->server_stats.rxTotal;
+
+ cli_comb.rxTime += info->client_stats.rxTime;
+ srv_comb.rxTime += info->server_stats.rxTime;
+
+ cli_comb.txTotal += info->client_stats.txTotal;
+ srv_comb.txTotal += info->server_stats.txTotal;
+
+ cli_comb.txTime += info->client_stats.txTime;
+ srv_comb.txTime += info->server_stats.txTime;
+ }
+
+ if (argShowVerbose) {
+ printf("Totals for %d Threads\n", argThreadPairs);
+ }
+ else {
+ printf("%-6s %-33s %11s %9s %9s %9s %9s %9s %17s %15s\n",
+ "Side", "Cipher", "Total Bytes", "Num Conns", "Rx ms", "Tx ms",
+ "Rx MB/s", "Tx MB/s", "Connect Total ms", "Connect Avg ms");
+ #ifndef NO_WOLFSSL_SERVER
+ if (!argClientOnly)
+ print_stats(&srv_comb, "Server", theadInfo[0].cipher, 0);
+ #endif
+ #ifndef NO_WOLFSSL_CLIENT
+ if (!argServerOnly)
+ print_stats(&cli_comb, "Client", theadInfo[0].cipher, 0);
+ #endif
+ }
+
+ /* target next cipher */
+ cipher = (next_cipher != NULL) ? (next_cipher + 1) : NULL;
+ } /* while */
+
+exit:
+
+#ifndef NO_WOLFSSL_SERVER
+ if (argServerOnly && !argLocalMem) {
+ /* Close server listener */
+ CloseAndCleanupListenSocket(&listenFd);
+ }
+#endif
+
+ /* Cleanup the wolfSSL environment */
+ wolfSSL_Cleanup();
+
+ /* Free theadInfo array */
+ XFREE(theadInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ /* Free cipher list */
+ XFREE(ciphers, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ /* Return reporting a success */
+ if (args)
+ ((func_args*)args)->return_code = ret;
+
+ return ret;
+}
+#endif /* (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && !WOLFCRYPT_ONLY && USE_WOLFSSL_IO */
+
+#ifndef NO_MAIN_DRIVER
+
+int main(int argc, char** argv)
+{
+ func_args args;
+
+ args.argc = argc;
+ args.argv = argv;
+ args.return_code = 0;
+
+#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+ !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+ bench_tls(&args);
+#endif
+
+ return args.return_code;
+}
+
+#endif /* !NO_MAIN_DRIVER */
diff --git a/ap/lib/libwolfssl/install/share/doc/wolfssl/taoCert.txt b/ap/lib/libwolfssl/install/share/doc/wolfssl/taoCert.txt
new file mode 100644
index 0000000..0973def
--- /dev/null
+++ b/ap/lib/libwolfssl/install/share/doc/wolfssl/taoCert.txt
@@ -0,0 +1,176 @@
+
+***** Create a self signed cert ************
+
+1) openssl genrsa 1024 > client-key.pem
+
+2) openssl req -new -x509 -nodes -sha1 -days 1000 -key client-key.pem > client-cert.pem
+
+3) note md5 would be -md5
+
+-- adding metadata to beginning
+
+3) openssl x509 -in client-cert.pem -text > tmp.pem
+
+4) mv tmp.pem client-cert.pem
+
+
+***** Create a CA, signing authority **********
+
+same as self signed, use ca prefix instead of client
+
+
+***** Create a cert signed by CA **************
+
+1) openssl req -newkey rsa:1024 -sha1 -days 1000 -nodes -keyout server-key.pem > server-req.pem
+
+* note if using existing key do: -new -key keyName
+
+2) copy ca-key.pem ca-cert.srl (why ????)
+
+3) openssl x509 -req -in server-req.pem -days 1000 -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
+
+
+***** Adding Subject Key ID and Authentication Key ID extensions to a cert *****
+
+Create a config file for OpenSSL with the example contents:
+
+ [skidakid]
+ subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid
+
+Add to the openssl command for creating a cert signed by a CA step 3 the
+following options:
+
+ -extfile <file.cnf> -extensions skidakid
+
+anywhere before the redirect. This will add the cert's public key hash as the
+Subject Key Identifier, and the signer's SKID as the Authentication Key ID.
+
+
+***** To create a dsa cert ********************
+
+1) openssl dsaparam 512 > dsa512.param # creates group params
+
+2) openssl gendsa dsa512.param > dsa512.pem # creates private key
+
+3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem
+
+
+
+
+***** To convert from PEM to DER **************
+
+a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+
+to convert rsa private PEM to DER :
+
+b) openssl rsa -in key.pem -outform DER -out key.der
+
+
+**** To encrypt rsa key already in pem **********
+
+a) openssl rsa <server-key.pem.bak -des >server-keyEnc.pem
+
+note location of des, pass = yassl123
+
+
+*** To make a public key from a private key ******
+
+
+openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub
+
+
+**** To convert to pkcs8 *******
+
+openssl pkcs8 -nocrypt -topk8 -in server-key.pem -out server-keyPkcs8.pem
+
+
+**** To convert to pkcs8 encrypted *******
+
+openssl pkcs8 -topk8 -in server-key.pem -out server-keyPkcs8Enc.pem
+
+passwd: yassl123
+
+to use PKCS#5 v2 instead of v1.5 which is default add
+
+-v2 des3 # file Pkcs8Enc2
+
+to use PKCS#12 instead use -v1 witch a 12 algo like
+
+-v1 PBE-SHA1-3DES # file Pkcs8Enc12 , see man pkcs8 for more info
+-v1 PBE-SHA1-RC4-128 # no longer file Pkcs8Enc12, arc4 now off by default
+
+
+**** To convert from pkcs8 to traditional ****
+
+openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem
+
+
+*** DH parameters ***
+
+openssl dhparam 2048 > dh2048.param
+
+to add metadata
+
+openssl dhparam -in dh2048.param -text > dh2048.pem
+
+**** ECC ******
+
+1) make a key
+
+ to see types available do
+ openssl ecparam -list_curves
+
+ make a new key
+ openssl ecparam -genkey -text -name secp256r1 -out ecc-key.pem
+
+ convert to compressed
+ openssl ec -in ecc-key.pem -conv_form compressed -out ecc-key-comp.pem
+
+*** CRL ***
+
+1) create a crl
+
+a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Error No ./CA root/index.txt so:
+
+b) touch ./CA root/index.txt
+
+a) again
+
+Error No ./CA root/crlnumber so:
+
+c) touch ./CA root/crlnumber
+
+a) again
+
+Error unable to load CRL number
+
+d) add '01' to crlnumber file
+
+a) again
+
+2) view crl file
+
+openssl crl -in crl.pem -text
+
+3) revoke
+
+openssl ca -revoke server-cert.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Then regenerate crl with a)
+
+4) verify
+
+openssl verify -CAfile ./ca-cert.pem ./server-cert.pem
+
+OK
+
+Make file with both ca and crl
+
+cat ca-cert.pem crl.pem > ca-crl.pem
+
+openssl verify -CAfile ./ca-crl.pem -crl_check ./ca-cert.pem
+
+revoked
diff --git a/ap/lib/libwolfssl/makefile b/ap/lib/libwolfssl/makefile
new file mode 100755
index 0000000..541e696
--- /dev/null
+++ b/ap/lib/libwolfssl/makefile
@@ -0,0 +1,66 @@
+
+include $(COMMON_BASE_MK)
+
+NAME := libwolfssl
+SRC_DIR := wolfssl-4.8.1-stable
+INSTALL_DIR := $(LIB_DIR)/$(NAME)/install
+
+CONFIG_OPTS := --host=arm-linux --build=x86_64-unknown-linux-gnu --target=arm-linux
+CONFIG_OPTS += --prefix=$(INSTALL_DIR)
+CONFIG_OPTS += --disable-shared --enable-static
+CONFIG_OPTS += --disable-nls
+CONFIG_OPTS += --enable-reproducible-build
+CONFIG_OPTS += --enable-lighty
+CONFIG_OPTS += --enable-opensslall
+CONFIG_OPTS += --enable-opensslextra
+CONFIG_OPTS += --enable-sni
+CONFIG_OPTS += --enable-stunnel
+CONFIG_OPTS += --disable-crypttests
+CONFIG_OPTS += --disable-examples
+CONFIG_OPTS += --disable-jobserver
+CONFIG_OPTS += --enable-ipv6
+CONFIG_OPTS += --enable-aesccm
+CONFIG_OPTS += --enable-certgen
+CONFIG_OPTS += --enable-chacha
+CONFIG_OPTS += --enable-poly1305
+CONFIG_OPTS += --enable-dh
+CONFIG_OPTS += --enable-arc4
+CONFIG_OPTS += --enable-tlsv10
+CONFIG_OPTS += --enable-tls13
+CONFIG_OPTS += --enable-session-ticket
+CONFIG_OPTS += --disable-dtls
+CONFIG_OPTS += --disable-curve25519
+CONFIG_OPTS += --disable-afalg
+CONFIG_OPTS += --enable-devcrypto=no
+CONFIG_OPTS += --enable-ocsp
+CONFIG_OPTS += --enable-ocspstapling
+CONFIG_OPTS += --enable-ocspstapling2
+CONFIG_OPTS += --enable-wpas
+CONFIG_OPTS += --enable-fortress
+CONFIG_OPTS += --enable-fastmath
+CONFIG_OPTS += --disable-sslv3
+CONFIG_OPTS += --disable-armasm
+
+
+all: $(SRC_DIR)/Makefile
+ make -C $(SRC_DIR)
+ make -C $(SRC_DIR) install
+
+$(SRC_DIR)/Makefile:
+ cd $(SRC_DIR) && ./autogen.sh
+ cd $(SRC_DIR) && ./configure C_EXTRA_FLAGS="-g1" $(CONFIG_OPTS)
+
+clean:
+ -make -C $(SRC_DIR) distclean
+ -rm -rf $(INSTALL_DIR)
+
+romfs:
+ cd $(INSTALL_DIR)/lib; \
+ for i in *.so*; do \
+ if [ -L $$i ]; then \
+ $(ROMFSINST) -s `find $$i -printf %l` /lib/$$i; \
+ elif [ -f $$i ]; then \
+ $(ROMFSINST) /lib/$$i; \
+ fi; \
+ done
+
diff --git a/ap/lib/libwolfssl/readme.txt b/ap/lib/libwolfssl/readme.txt
new file mode 100755
index 0000000..a95a92d
--- /dev/null
+++ b/ap/lib/libwolfssl/readme.txt
@@ -0,0 +1,16 @@
+Ô´´úÂëÏÂÔØ£ºhttp://sources.buildroot.net/wolfssl/wolfssl-4.8.1-stable.tar.gz
+ÔÚap/lib/libwolfsslĿ¼½âѹ
+
+ÆôÓã¨ÒÔprj_mdlΪÀý£©£¬ÔÚproject/zx297520v3/prj_mdl/config/normal/config_lib.mkÀï×·¼Ólibwolfssl
+
+installĿ¼ ±àÒëÉú³ÉÎļþ£¬¿ÉÖ´ÐгÌÐò»òÕß¾²Ì¬¡¢¶¯Ì¬¿âÎļþ
+
+ÆäËûÓ¦ÓÃʹÓÃ˵Ã÷£º
+
+Í·ÎļþĿ¼£º$(LIB_DIR)/libwolfbssl/install/include
+ ÈçÅäÖÃCFLAGS£º-I$(LIB_DIR)/libwolfbssl/install/include
+¿âĿ¼£º$(LIB_DIR)/libwolfssl/install/lib
+ ÈçÅäÖÃLDFLAGS£º-L$(LIB_DIR)/libwolfbssl/install/lib -lwolfssl
+
+´ò¿ª¶¯Ì¬¿â£º
+ÐÞ¸Ämakefile£¬¸Ä³ÉCONFIG_OPTS += --enable-shared --enable-static