Update wolfSSL

2024-09-29 02:18:37 +02:00 · 2020-12-31 19:00:44 +00:00 · 2020-12-31 19:00:44 +00:00 · 5ee143c499
commit 5ee143c499
parent 69de883610
65 changed files with 2212 additions and 437 deletions
--- a/source/libs/libwolfssl/error-ssl.h
+++ b/source/libs/libwolfssl/error-ssl.h
@ -169,6 +169,7 @@ enum wolfSSL_ErrorCodes {
    TLS13_SECRET_CB_E            = -438,   /* TLS1.3 secret Cb fcn failure */
    DTLS_SIZE_ERROR              = -439,   /* Trying to send too much data */
    NO_CERT_ERROR                = -440,   /* TLS1.3 - no cert set error */
    APP_DATA_READY               = -441,   /* DTLS1.2 application data ready for read */
    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
--- a/source/libs/libwolfssl/internal.h
+++ b/source/libs/libwolfssl/internal.h
@ -146,6 +146,8 @@
    /* do nothing, just don't pick Unix */
 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
    /* do nothing */
 #elif defined(RTTHREAD)
    /* do nothing */
 #elif defined(EBSNET)
    /* do nothing */
 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
@ -1692,6 +1694,11 @@ WOLFSSL_LOCAL int  CompleteServerHello(WOLFSSL *ssl);
 WOLFSSL_LOCAL int  CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
 WOLFSSL_LOCAL int  PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
                                   word32 hashSigAlgoSz);
 #ifdef WOLF_CRYPTO_CB
 WOLFSSL_LOCAL int  CreateDevPrivateKey(void** pkey, byte* buffer, word32 length,
                                       int hsType, int label, int id,
                                       void* heap, int devId);
 #endif
 WOLFSSL_LOCAL int  DecodePrivateKey(WOLFSSL *ssl, word16* length);
 #ifdef HAVE_PK_CALLBACKS
 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
@ -1713,9 +1720,11 @@ WOLFSSL_LOCAL int  HashOutput(WOLFSSL* ssl, const byte* output, int sz,
                              int ivSz);
 WOLFSSL_LOCAL int  HashInput(WOLFSSL* ssl, const byte* input, int sz);
-#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef HAVE_SNI
 #ifndef NO_WOLFSSL_SERVER
 WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
 #endif
 #endif
 #ifdef WOLFSSL_TLS13
 WOLFSSL_LOCAL int  DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
                                word16 sz, const byte* aad, word16 aadSz);
@ -1727,6 +1736,7 @@ WOLFSSL_LOCAL int  DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
 WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
                                     word32* inOutIdx, word32 helloSz,
                                     byte* extMsgType);
 WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl);
 #endif
 int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
                    int pLen, int content);
@ -1999,17 +2009,21 @@ struct WOLFSSL_CERT_MANAGER {
    VerifyCallback  verifyCallback;      /* Verify callback */
 #endif
    CallbackCACache caCacheCallback;       /* CA cache addition callback */
-    CbMissingCRL    cbMissingCRL;        /* notify through cb of missing crl */
+    CbMissingCRL    cbMissingCRL;          /* notify thru cb of missing crl */
    CbOCSPIO        ocspIOCb;              /* I/O callback for OCSP lookup */
    CbOCSPRespFree  ocspRespFreeCb;        /* Frees OCSP Response from IO Cb */
    wolfSSL_Mutex   caLock;                /* CA list lock */
-    byte            crlEnabled;          /* is CRL on ? */
+    byte            crlEnabled:1;          /* is CRL on ? */
-    byte            crlCheckAll;         /* always leaf, but all ? */
+    byte            crlCheckAll:1;         /* always leaf, but all ? */
-    byte            ocspEnabled;         /* is OCSP on ? */
+    byte            ocspEnabled:1;         /* is OCSP on ? */
-    byte            ocspCheckAll;        /* always leaf, but all ? */
+    byte            ocspCheckAll:1;        /* always leaf, but all ? */
-    byte            ocspSendNonce;       /* send the OCSP nonce ? */
+    byte            ocspSendNonce:1;       /* send the OCSP nonce ? */
-    byte            ocspUseOverrideURL;  /* ignore cert's responder, override */
+    byte            ocspUseOverrideURL:1;  /* ignore cert responder, override */
-    byte            ocspStaplingEnabled; /* is OCSP Stapling on ? */
+    byte            ocspStaplingEnabled:1; /* is OCSP Stapling on ? */
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
 ||  defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
    byte            ocspMustStaple:1;      /* server must respond with staple */
 #endif
 #ifndef NO_RSA
    short           minRsaKeySz;         /* minimum allowed RSA key size */
@ -2017,6 +2031,8 @@ struct WOLFSSL_CERT_MANAGER {
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
    short           minEccKeySz;         /* minimum allowed ECC key size */
 #endif
    wolfSSL_Mutex   refMutex;   /* reference count mutex */
    int             refCount;         /* reference count */
 };
 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
@ -2158,14 +2174,16 @@ typedef struct Keys {
 #ifdef HAVE_TLS_EXTENSIONS
 typedef enum {
 #ifdef HAVE_SNI
    TLSX_SERVER_NAME                = 0x0000, /* a.k.a. SNI  */
 #endif
    TLSX_MAX_FRAGMENT_LENGTH        = 0x0001,
    TLSX_TRUSTED_CA_KEYS            = 0x0003,
    TLSX_TRUNCATED_HMAC             = 0x0004,
    TLSX_STATUS_REQUEST             = 0x0005, /* a.k.a. OCSP stapling   */
    TLSX_SUPPORTED_GROUPS           = 0x000a, /* a.k.a. Supported Curves */
    TLSX_EC_POINT_FORMATS           = 0x000b,
-#if !defined(WOLFSSL_NO_SIGALG)
+#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
    TLSX_SIGNATURE_ALGORITHMS       = 0x000d, /* HELLO_EXT_SIG_ALGO */
 #endif
    TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
@ -2184,14 +2202,18 @@ typedef enum {
    TLSX_EARLY_DATA                 = 0x002a,
    #endif
    TLSX_SUPPORTED_VERSIONS         = 0x002b,
    #ifdef WOLFSSL_SEND_HRR_COOKIE
    TLSX_COOKIE                     = 0x002c,
    #endif
    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
    TLSX_PSK_KEY_EXCHANGE_MODES     = 0x002d,
    #endif
    #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
    TLSX_POST_HANDSHAKE_AUTH        = 0x0031,
    #endif
    #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
    TLSX_SIGNATURE_ALGORITHMS_CERT  = 0x0032,
    #endif
    TLSX_KEY_SHARE                  = 0x0033,
 #endif
    TLSX_RENEGOTIATION_INFO         = 0xff01
@ -2334,7 +2356,7 @@ typedef struct {
    union {
        OcspRequest ocsp;
    } request;
-#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
+#if defined(WOLFSSL_TLS13)
    buffer response;
 #endif
 } CertificateStatusRequest;
@ -2620,9 +2642,14 @@ enum SetCBIO {
 #endif
 #ifdef WOLFSSL_STATIC_EPHEMERAL
 /* contains static ephemeral keys */
 typedef struct {
-    int keyAlgo;
+#ifndef NO_DH
-    DerBuffer* key;
+    DerBuffer* dhKey;
 #endif
 #ifdef HAVE_ECC
    DerBuffer* ecKey;
 #endif
 } StaticKeyExchangeInfo_t;
 #endif
@ -2644,7 +2671,7 @@ struct WOLFSSL_CTX {
    DerBuffer*  certificate;
    DerBuffer*  certChain;
                 /* chain after self, in DER, with leading size for each cert */
-    #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
+    #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
    WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
    #endif
    #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
@ -2656,8 +2683,9 @@ struct WOLFSSL_CTX {
    int         certChainCnt;
 #endif
    DerBuffer*  privateKey;
-    byte        privateKeyType:7;
+    byte        privateKeyType:6;
    byte        privateKeyId:1;
    byte        privateKeyLabel:1;
    int         privateKeySz;
    int         privateKeyDevId;
    WOLFSSL_CERT_MANAGER* cm;      /* our cert manager, ctx owns SSL will use */
@ -2804,13 +2832,11 @@ struct WOLFSSL_CTX {
 #ifdef HAVE_EX_DATA
    WOLFSSL_CRYPTO_EX_DATA ex_data;
 #endif
-#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
+#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY))
    CallbackALPNSelect alpnSelect;
    void*              alpnSelectArg;
 #endif
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
+#ifdef HAVE_SNI
                             defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
                             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
    CallbackSniRecv sniRecvCb;
    void*           sniRecvCbArg;
 #endif
@ -3214,17 +3240,19 @@ struct WOLFSSL_SESSION {
 #ifdef HAVE_EX_DATA
    WOLFSSL_CRYPTO_EX_DATA ex_data;
 #endif
    byte               side;                      /* Either WOLFSSL_CLIENT_END or
                                                     WOLFSSL_SERVER_END */
 };
-WOLFSSL_LOCAL
+WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
-WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
+WOLFSSL_LOCAL int              SetSession(WOLFSSL*, WOLFSSL_SESSION*);
-WOLFSSL_LOCAL
+WOLFSSL_LOCAL void             FreeSession(WOLFSSL_SESSION*, int);
 int          SetSession(WOLFSSL*, WOLFSSL_SESSION*);
 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
 #ifndef NO_CLIENT_CACHE
    WOLFSSL_LOCAL
    WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
 #endif
@ -3312,8 +3340,9 @@ typedef struct Buffers {
 #ifndef NO_CERTS
    DerBuffer*      certificate;           /* WOLFSSL_CTX owns, unless we own */
    DerBuffer*      key;                   /* WOLFSSL_CTX owns, unless we own */
-    byte            keyType:7;             /* Type of key: RSA, ECC, Ed25519 */
+    byte            keyType:6;             /* Type of key: RSA, ECC, Ed25519 */
    byte            keyId:1;               /* Key data is an id not data */
    byte            keyLabel:1;            /* Key data is a label not data */
    int             keySz;                 /* Size of RSA key */
    int             keyDevId;              /* Device Id for key */
    DerBuffer*      certChain;             /* WOLFSSL_CTX owns, unless we own */
@ -3597,6 +3626,8 @@ struct WOLFSSL_STACK {
                        * (safety measure for freeing and shortcut for count) */
    #if defined(OPENSSL_ALL)
    wolf_sk_compare_cb comp;
    wolf_sk_hash_cb hash_fn;
    unsigned long hash;
    #endif
    union {
@ -3608,7 +3639,9 @@ struct WOLFSSL_STACK {
        WOLFSSL_CIPHER         cipher;
        WOLFSSL_ACCESS_DESCRIPTION* access;
        WOLFSSL_X509_EXTENSION* ext;
 #ifdef OPENSSL_EXTRA
        WOLFSSL_CONF_VALUE*    conf;
 #endif
        void*                  generic;
        char*                  string;
        WOLFSSL_GENERAL_NAME*  gn;
@ -3629,7 +3662,7 @@ struct WOLFSSL_X509_NAME {
    WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
    WOLFSSL_X509*           x509;   /* x509 that struct belongs to */
 #endif /* OPENSSL_EXTRA */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
    byte  raw[ASN_NAME_MAX];
    int   rawLen;
 #endif
@ -3662,6 +3695,7 @@ struct WOLFSSL_X509 {
 #endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
    WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
    WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
    WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
 #endif /* WOLFSSL_QT || OPENSSL_ALL */
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3731,10 +3765,17 @@ struct WOLFSSL_X509 {
    byte             subjAltNameCrit:1;
    byte             authKeyIdSet:1;
    byte             authKeyIdCrit:1;
    byte             issuerSet:1;
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 #ifdef WOLFSSL_CERT_REQ
    byte             isCSR:1;
 #endif
    byte             serial[EXTERNAL_SERIAL_SIZE];
    char             subjectCN[ASN_NAME_MAX];        /* common name short cut */
 #ifdef WOLFSSL_CERT_REQ
 #ifdef OPENSSL_ALL
    WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
 #endif
    char             challengePw[CTC_NAME_SIZE]; /* for REQ certs */
 #endif
    WOLFSSL_X509_NAME issuer;
@ -3743,7 +3784,11 @@ struct WOLFSSL_X509 {
    WOLFSSL_X509_ALGOR algor;
    WOLFSSL_X509_PUBKEY key;
 #endif
-    byte issuerSet:1;
+#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \
    defined(SESSION_CERTS)
    byte            notBeforeData[CTC_DATE_SIZE];
    byte            notAfterData[CTC_DATE_SIZE];
 #endif
 };
@ -4077,6 +4122,9 @@ struct WOLFSSL {
    int             dtls_timeout_init;  /* starting timeout value */
    int             dtls_timeout_max;   /* maximum timeout value */
    int             dtls_timeout;       /* current timeout value, changes */
 #ifndef NO_ASN_TIME
    word32          dtls_start_timeout;
 #endif /* !NO_ASN_TIME */
    word32          dtls_tx_msg_list_sz;
    word32          dtls_rx_msg_list_sz;
    DtlsMsg*        dtls_tx_msg_list;
@ -4259,6 +4307,15 @@ struct WOLFSSL {
 #ifdef WOLFSSL_STATIC_EPHEMERAL
    StaticKeyExchangeInfo_t staticKE;
 #endif
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
    /* Added in libest port: allow applications to get the 'tls-unique' Channel
     * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is
     * used in the EST protocol to bind an enrollment to a TLS session through
     * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4
     * and https://tools.ietf.org/html/rfc7030#section-3.5). */
    byte clientFinished[TLS_FINISHED_SZ];
    byte serverFinished[TLS_FINISHED_SZ];
 #endif
 };
@ -4418,6 +4475,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
 WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl);
 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
 WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
@ -4559,6 +4617,7 @@ WOLFSSL_LOCAL  int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
    WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
    WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
 #endif
    WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl);
    WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);
@ -4596,6 +4655,7 @@ typedef struct CipherSuiteInfo {
    byte minor;
    byte major;
 #endif
    byte flags;
 } CipherSuiteInfo;
 WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
@ -4617,7 +4677,8 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
-                                         byte* cipherSuite);
+                                         byte* cipherSuite, int* flags);
 enum encrypt_side {
    ENCRYPT_SIDE_ONLY = 1,
--- a/source/libs/libwolfssl/libwolfssl.a
+++ b/source/libs/libwolfssl/libwolfssl.a
--- a/source/libs/libwolfssl/ocsp.h
+++ b/source/libs/libwolfssl/ocsp.h
@ -38,10 +38,12 @@
 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\
-    defined(WOLFSSL_HAPROXY)
+    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
 typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
-typedef struct OcspRequest WOLFSSL_OCSP_CERTID;
+typedef struct OcspEntry WOLFSSL_OCSP_CERTID;
 typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP;
 typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
@ -62,7 +64,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
                                    OcspEntry *entry, OcspRequest *ocspRequest);
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_APACHE_HTTPD)
+    defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
    WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
                                                  WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
@ -82,8 +84,10 @@ WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
    WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags);
 WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response);
 #ifndef NO_BIO
 WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
    OcspResponse** response);
 #endif
 WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
    const unsigned char** data, int len);
 WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
@ -100,8 +104,20 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request,
 WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
    WOLFSSL_OCSP_CERTID *cid);
 WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*);
 #ifndef NO_BIO
 WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
    WOLFSSL_OCSP_REQUEST *req);
 #endif
 WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **);
 WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single);
 WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
                                                int *reason,
                                                WOLFSSL_ASN1_TIME **revtime,
                                                WOLFSSL_ASN1_TIME **thisupd,
                                                WOLFSSL_ASN1_TIME **nextupd);
 WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
 WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx);
 #endif
 #ifdef OPENSSL_EXTRA
--- a/source/libs/libwolfssl/openssl/aes.h
+++ b/source/libs/libwolfssl/openssl/aes.h
@ -42,26 +42,7 @@
 * OpenSSL compatibility layer. This makes code working with an AES structure
 * to need the size of the structure. */
 typedef struct WOLFSSL_AES_KEY {
-    /* aligned and big enough for Aes from wolfssl/wolfcrypt/aes.h */
+    ALIGN16 void *buf[(sizeof(Aes) / sizeof(void *)) + 1];
    ALIGN16 void* holder[(376 + WC_ASYNC_DEV_SIZE)/ sizeof(void*)];
    #ifdef GCM_TABLE
    /* key-based fast multiplication table. */
    ALIGN16 void* M0[4096 / sizeof(void*)];
    #endif /* GCM_TABLE */
    #if defined(WOLFSSL_DEVCRYPTO) && \
        (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
    /* large enough for additional devcrypto information */
    void* devKey[288 / sizeof(void*)];
    #endif
    #ifdef WOLFSSL_AFALG
    void* afalg_holder[288 / sizeof(void*)];
    #endif
    #ifdef HAVE_PKCS11
    void* pkcs11_holder[(AES_MAX_ID_LEN + sizeof(int)) / sizeof(void*)];
    #endif
    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
    void* async_holder[128 / sizeof(void*)];
    #endif
 } WOLFSSL_AES_KEY;
 typedef WOLFSSL_AES_KEY AES_KEY;
--- a/source/libs/libwolfssl/openssl/asn1.h
+++ b/source/libs/libwolfssl/openssl/asn1.h
@ -32,6 +32,10 @@
 #define ASN1_STRING_set      wolfSSL_ASN1_STRING_set
 #define ASN1_STRING_free     wolfSSL_ASN1_STRING_free
 #define ASN1_get_object      wolfSSL_ASN1_get_object
 #define d2i_ASN1_OBJECT      wolfSSL_d2i_ASN1_OBJECT
 #define c2i_ASN1_OBJECT      wolfSSL_c2i_ASN1_OBJECT
 #define V_ASN1_INTEGER                   0x02
 #define V_ASN1_OCTET_STRING              0x04 /* tag for ASN1_OCTET_STRING */
 #define V_ASN1_NEG                       0x100
@ -66,10 +70,21 @@
 #define ASN1_TIME_diff                  wolfSSL_ASN1_TIME_diff
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 #define V_ASN1_EOC                      0
 #define V_ASN1_OBJECT                   6
 #define V_ASN1_UTF8STRING               12
 #define V_ASN1_SEQUENCE                 16
 #define V_ASN1_SET                      17
 #define V_ASN1_PRINTABLESTRING          19
 #define V_ASN1_T61STRING                20
 #define V_ASN1_IA5STRING                22
 #define V_ASN1_UTCTIME                  23
 #define V_ASN1_GENERALIZEDTIME          24
-#define V_ASN1_PRINTABLESTRING          19
+#define V_ASN1_UNIVERSALSTRING          28
 #define V_ASN1_BMPSTRING                30
 #define V_ASN1_CONSTRUCTED              0x20
 #define ASN1_STRING_FLAG_BITS_LEFT       0x008
 #define ASN1_STRING_FLAG_NDEF            0x010
@ -83,6 +98,12 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
 WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
 WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
                                        int *cls, long inLen);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
        const unsigned char **pp, long len);
 #ifdef OPENSSL_ALL
 /* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally
 * we don't use this. Some projects use OpenSSL to implement ASN1 types and
--- a/source/libs/libwolfssl/openssl/bio.h
+++ b/source/libs/libwolfssl/openssl/bio.h
@ -40,7 +40,14 @@
 #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
 #define BIO_new_fp                      wolfSSL_BIO_new_fp
 #if defined(OPENSSL_ALL) \
    || defined(HAVE_STUNNEL) \
    || defined(HAVE_LIGHTY) \
    || defined(WOLFSSL_MYSQL_COMPATIBLE) \
    || defined(WOLFSSL_HAPROXY) \
    || defined(OPENSSL_EXTRA)
 #define BIO_new_file                    wolfSSL_BIO_new_file
 #endif
 #define BIO_new_fp                      wolfSSL_BIO_new_fp
 #define BIO_ctrl                        wolfSSL_BIO_ctrl
 #define BIO_ctrl_pending                wolfSSL_BIO_ctrl_pending
@ -57,6 +64,7 @@
 #define BIO_set_write_buf_size          wolfSSL_BIO_set_write_buf_size
 #define BIO_make_bio_pair               wolfSSL_BIO_make_bio_pair
 #define BIO_new_fd                      wolfSSL_BIO_new_fd
 #define BIO_set_fp                      wolfSSL_BIO_set_fp
 #define BIO_get_fp                      wolfSSL_BIO_get_fp
 #define BIO_seek                        wolfSSL_BIO_seek
@ -123,6 +131,7 @@
 #define BIO_meth_set_create        wolfSSL_BIO_meth_set_create
 #define BIO_meth_set_destroy       wolfSSL_BIO_meth_set_destroy
 #define BIO_snprintf               XSNPRINTF
 /* BIO CTRL */
 #define BIO_CTRL_RESET             1
@ -149,6 +158,7 @@
 #define BIO_CTRL_DGRAM_QUERY_MTU   40
 #define BIO_FP_TEXT                0x00
 #define BIO_NOCLOSE                0x00
 #define BIO_CLOSE                  0x01
--- a/source/libs/libwolfssl/openssl/bn.h
+++ b/source/libs/libwolfssl/openssl/bn.h
@ -40,7 +40,7 @@
 typedef struct WOLFSSL_BIGNUM {
    int neg;        /* openssh deference */
    void *internal; /* our big num */
-#ifdef WOLFSSL_SP_MATH
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
    sp_int fp;
 #elif defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
    fp_int fp;
@ -49,7 +49,7 @@ typedef struct WOLFSSL_BIGNUM {
 #define BN_ULONG WOLFSSL_BN_ULONG
-#define WOLFSSL_BN_ULONG mp_digit
+#define WOLFSSL_BN_ULONG unsigned long
 typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
 typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
@ -113,7 +113,7 @@ WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
 WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
 WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int);
 WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
-WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
 WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
                               WOLFSSL_BIGNUM*);
--- a/source/libs/libwolfssl/openssl/buffer.h
+++ b/source/libs/libwolfssl/openssl/buffer.h
@ -34,12 +34,18 @@
 WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void);
 WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len);
 WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 WOLFSSL_API size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize);
 WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize);
 #define BUF_MEM_new  wolfSSL_BUF_MEM_new
 #define BUF_MEM_grow wolfSSL_BUF_MEM_grow
 #define BUF_MEM_free wolfSSL_BUF_MEM_free
 #define BUF_strdup strdup
 #define BUF_strlcpy wolfSSL_strlcpy
 #define BUF_strlcat wolfSSL_strlcat
 #ifdef __cplusplus
    }  /* extern "C" */
 #endif
--- a/source/libs/libwolfssl/openssl/conf.h
+++ b/source/libs/libwolfssl/openssl/conf.h
@ -28,18 +28,76 @@
    extern "C" {
 #endif
-struct WOLFSSL_CONF_VALUE {
+#include <libs/libwolfssl/wolfcrypt/settings.h>
 #include <libs/libwolfssl/version.h>
 typedef struct WOLFSSL_CONF_VALUE {
    char *section;
    char *name;
    char *value;
-};
+} WOLFSSL_CONF_VALUE;
-struct WOLFSSL_INIT_SETTINGS {
+/* ssl.h requires WOLFSSL_CONF_VALUE */
-    char* appname;
+#include <libs/libwolfssl/ssl.h>
 };
-typedef struct WOLFSSL_CONF_VALUE CONF_VALUE;
+typedef struct WOLFSSL_CONF {
-typedef struct WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
+    void *meth_data;
    WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data;
 } WOLFSSL_CONF;
 typedef WOLFSSL_CONF CONF;
 typedef WOLFSSL_CONF_VALUE CONF_VALUE;
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void);
 WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
        WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value);
 WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
 WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
 WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
        const char *group, const char *name);
 WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
        const char *name, long *result);
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section(
        const WOLFSSL_CONF *conf, const char *section);
 WOLFSSL_API int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline);
 WOLFSSL_API void wolfSSL_NCONF_free(WOLFSSL_CONF *conf);
 WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(
        WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *sk, WOLFSSL_CONF_VALUE *data);
 WOLFSSL_API int wolfSSL_CONF_modules_load(const WOLFSSL_CONF *cnf, const char *appname,
                      unsigned long flags);
 WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
        const char *section);
 WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
        const char *section);
 #define sk_CONF_VALUE_new               wolfSSL_sk_CONF_VALUE_new
 #define sk_CONF_VALUE_free              wolfSSL_sk_CONF_VALUE_free
 #define sk_CONF_VALUE_pop_free(a,b)     wolfSSL_sk_CONF_VALUE_free(a)
 #define sk_CONF_VALUE_num               wolfSSL_sk_CONF_VALUE_num
 #define sk_CONF_VALUE_value             wolfSSL_sk_CONF_VALUE_value
 #define lh_CONF_VALUE_retrieve          wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
 #define lh_CONF_VALUE_insert            wolfSSL_sk_CONF_VALUE_push
 #define NCONF_new                       wolfSSL_NCONF_new
 #define NCONF_free                      wolfSSL_NCONF_free
 #define NCONF_get_string                wolfSSL_NCONF_get_string
 #define NCONF_get_section               wolfSSL_NCONF_get_section
 #define NCONF_get_number                wolfSSL_NCONF_get_number
 #define NCONF_load                      wolfSSL_NCONF_load
 #define CONF_modules_load               wolfSSL_CONF_modules_load
 #define _CONF_new_section               wolfSSL_CONF_new_section
 #define _CONF_get_section               wolfSSL_CONF_get_section
 #define X509V3_conf_free                wolfSSL_X509V3_conf_free
 #endif /* OPENSSL_EXTRA */
 #ifdef  __cplusplus
 } /* extern "C" */
--- a/source/libs/libwolfssl/openssl/crypto.h
+++ b/source/libs/libwolfssl/openssl/crypto.h
@ -24,22 +24,32 @@
 #ifndef WOLFSSL_CRYPTO_H_
 #define WOLFSSL_CRYPTO_H_
 #include <libs/libwolfssl/openssl/opensslv.h>
 #include <libs/libwolfssl/wolfcrypt/settings.h>
 #include <libs/libwolfssl/openssl/opensslv.h>
 #include <libs/libwolfssl/openssl/conf.h>
 #ifdef WOLFSSL_PREFIX
 #include "prefix_crypto.h"
 #endif
 typedef struct WOLFSSL_INIT_SETTINGS {
    char* appname;
 } WOLFSSL_INIT_SETTINGS;
 typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
 WOLFSSL_API const char*   wolfSSLeay_version(int type);
 WOLFSSL_API unsigned long wolfSSLeay(void);
 WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void);
 #ifdef OPENSSL_EXTRA
 #include <stdint.h>
 WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
 WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
 #endif
 #define CRYPTO_THREADID void
@ -62,14 +72,16 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 #define OPENSSL_free wolfSSL_OPENSSL_free
 #define OPENSSL_malloc wolfSSL_OPENSSL_malloc
-#ifdef WOLFSSL_QT
+#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0x00000001L
-    #define OPENSSL_INIT_ADD_ALL_CIPHERS    0x00000004L
+#define OPENSSL_INIT_ADD_ALL_CIPHERS    0x00000004L
-    #define OPENSSL_INIT_ADD_ALL_DIGESTS    0x00000008L
+#define OPENSSL_INIT_ADD_ALL_DIGESTS    0x00000008L
-    #define OPENSSL_INIT_LOAD_CONFIG        0x00000040L
+#define OPENSSL_INIT_LOAD_CONFIG        0x00000040L
-#endif
+
 #define OPENSSL_init_crypto wolfSSL_OPENSSL_init_crypto
 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
+    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_EX_DATA)
 #define CRYPTO_set_mem_ex_functions      wolfSSL_CRYPTO_set_mem_ex_functions
 #define FIPS_mode                        wolfSSL_FIPS_mode
 #define FIPS_mode_set                    wolfSSL_FIPS_mode_set
@ -86,6 +98,6 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
 #define CRYPTO_THREAD_r_lock wc_LockMutex
 #define CRYPTO_THREAD_unlock wc_UnLockMutex
-#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
 #endif /* header */
--- a/source/libs/libwolfssl/openssl/dh.h
+++ b/source/libs/libwolfssl/openssl/dh.h
@ -26,6 +26,7 @@
 #define WOLFSSL_DH_H_
 #include <libs/libwolfssl/openssl/bn.h>
 #include <libs/libwolfssl/openssl/opensslv.h>
 #ifdef __cplusplus
    extern "C" {
@ -58,6 +59,7 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
 WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
 WOLFSSL_API void        wolfSSL_DH_free(WOLFSSL_DH*);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
 WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);
--- a/source/libs/libwolfssl/openssl/ec.h
+++ b/source/libs/libwolfssl/openssl/ec.h
@ -301,6 +301,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 #define EC_GROUP_get_order              wolfSSL_EC_GROUP_get_order
 #define EC_GROUP_order_bits             wolfSSL_EC_GROUP_order_bits
 #define EC_GROUP_method_of              wolfSSL_EC_GROUP_method_of
 #ifndef NO_WOLFSSL_STUB
 #define EC_GROUP_set_point_conversion_form(...)
 #endif
 #define EC_METHOD_get_field_type        wolfSSL_EC_METHOD_get_field_type
--- a/source/libs/libwolfssl/openssl/evp.h
+++ b/source/libs/libwolfssl/openssl/evp.h
@ -557,6 +557,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx);
 WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer);
 WOLFSSL_API int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
                          const char *name, const char *value);
 WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
                     unsigned char *out, size_t *outlen,
                     const unsigned char *in, size_t inlen);
@ -569,11 +572,13 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap);
 WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
 WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from);
 WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b);
 WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
-WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid);
 WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
                  unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
@ -825,11 +830,14 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
 #define EVP_PKEY_free                  wolfSSL_EVP_PKEY_free
 #define EVP_PKEY_up_ref                wolfSSL_EVP_PKEY_up_ref
 #define EVP_PKEY_size                  wolfSSL_EVP_PKEY_size
 #define EVP_PKEY_copy_parameters       wolfSSL_EVP_PKEY_copy_parameters
 #define EVP_PKEY_missing_parameters    wolfSSL_EVP_PKEY_missing_parameters
 #define EVP_PKEY_cmp                   wolfSSL_EVP_PKEY_cmp
 #define EVP_PKEY_type                  wolfSSL_EVP_PKEY_type
 #define EVP_PKEY_base_id               wolfSSL_EVP_PKEY_base_id
 #define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid
 #define EVP_PKEY_id                    wolfSSL_EVP_PKEY_id
 #define EVP_PKEY_CTX_ctrl_str          wolfSSL_EVP_PKEY_CTX_ctrl_str
 #define EVP_SignFinal                  wolfSSL_EVP_SignFinal
 #define EVP_SignInit                   wolfSSL_EVP_SignInit
 #define EVP_SignInit_ex                wolfSSL_EVP_SignInit_ex
@ -917,7 +925,6 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR  (-MIN_CODE_E + 100 + 4)
 #define EVP_PKEY_NONE                   NID_undef
 #define EVP_PKEY_RSA                    6
 #define EVP_PKEY_RSA2                   19
 #define EVP_PKEY_DH                     28
 #define EVP_CIPHER_mode                 WOLFSSL_CIPHER_mode
--- a/source/libs/libwolfssl/openssl/lhash.h
+++ b/source/libs/libwolfssl/openssl/lhash.h
@ -1,2 +1,64 @@
 /* lhash.h
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 /* lhash.h for openSSL */
 #ifndef WOLFSSL_lhash_H_
 #define WOLFSSL_lhash_H_
 #ifdef __cplusplus
    extern "C" {
 #endif
 #include <libs/libwolfssl/openssl/ssl.h>
 #ifdef OPENSSL_ALL
 #define IMPLEMENT_LHASH_HASH_FN(name, type) \
    unsigned long wolfSSL_##name##_LHASH_HASH(const void *arg) \
    {                                                          \
        const type *a = arg;                                 \
        return name##_hash(a);                                 \
    }
 #define IMPLEMENT_LHASH_COMP_FN(name, type) \
    int wolfSSL_##name##_LHASH_COMP(const void *p1, const void *p2) \
    {                                                               \
        const type *_p1 = p1;                                       \
        const type *_p2 = p2;                                       \
        return name##_cmp(_p1, _p2);                                \
    }
 #define LHASH_HASH_FN(name) wolfSSL_##name##_LHASH_HASH
 #define LHASH_COMP_FN(name) wolfSSL_##name##_LHASH_COMP
 WOLFSSL_API unsigned long wolfSSL_LH_strhash(const char *str);
 WOLFSSL_API void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data);
 #define lh_strhash          wolfSSL_LH_strhash
 #endif
 #ifdef  __cplusplus
 } /* extern "C" */
 #endif
 #endif /* WOLFSSL_lhash_H_ */
--- a/source/libs/libwolfssl/openssl/ocsp.h
+++ b/source/libs/libwolfssl/openssl/ocsp.h
@ -30,6 +30,7 @@
 #define OCSP_REQUEST              OcspRequest
 #define OCSP_RESPONSE             OcspResponse
 #define OCSP_BASICRESP            WOLFSSL_OCSP_BASICRESP
 #define OCSP_SINGLERESP           WOLFSSL_OCSP_SINGLERESP
 #define OCSP_CERTID               WOLFSSL_OCSP_CERTID
 #define OCSP_ONEREQ               WOLFSSL_OCSP_ONEREQ
@ -76,6 +77,12 @@
 #define i2d_OCSP_REQUEST_bio      wolfSSL_i2d_OCSP_REQUEST_bio
 #define i2d_OCSP_CERTID           wolfSSL_i2d_OCSP_CERTID
 #define OCSP_SINGLERESP_get0_id   wolfSSL_OCSP_SINGLERESP_get0_id
 #define OCSP_single_get0_status   wolfSSL_OCSP_single_get0_status
 #define OCSP_resp_count           wolfSSL_OCSP_resp_count
 #define OCSP_resp_get0            wolfSSL_OCSP_resp_get0
 #endif /* HAVE_OCSP */
 #endif /* WOLFSSL_OCSP_H_ */
--- a/source/libs/libwolfssl/openssl/opensslv.h
+++ b/source/libs/libwolfssl/openssl/opensslv.h
@ -26,7 +26,11 @@
 /* api version compatibility */
-#if defined(WOLFSSL_APACHE_HTTPD)
+#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
    defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
    defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)  
     /* valid version */
 #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST)
    /* For Apache httpd, Use 1.1.0 compatibility */
     #define OPENSSL_VERSION_NUMBER 0x10100000L
 #elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \
--- a/source/libs/libwolfssl/openssl/pem.h
+++ b/source/libs/libwolfssl/openssl/pem.h
@ -242,6 +242,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_ECPrivateKey          wolfSSL_PEM_write_ECPrivateKey
 #define PEM_read_bio_ECPrivateKey       wolfSSL_PEM_read_bio_ECPrivateKey
 #define PEM_read_bio_EC_PUBKEY          wolfSSL_PEM_read_bio_EC_PUBKEY
 #ifndef NO_WOLFSSL_STUB
 #define PEM_write_bio_ECPKParameters(...) 0
 #endif
 /* EVP_KEY */
 #define PEM_read_bio_PrivateKey         wolfSSL_PEM_read_bio_PrivateKey
 #define PEM_read_PUBKEY                 wolfSSL_PEM_read_PUBKEY
--- a/source/libs/libwolfssl/openssl/pkcs12.h
+++ b/source/libs/libwolfssl/openssl/pkcs12.h
@ -42,6 +42,7 @@
 /* wolfSSL level using structs from ssl.h and calls down to wolfCrypt */
 #define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio
 #define PKCS12_parse   wolfSSL_PKCS12_parse
 #define PKCS12_verify_mac wolfSSL_PKCS12_verify_mac
 #define PKCS12_create  wolfSSL_PKCS12_create
 #define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add
--- a/source/libs/libwolfssl/openssl/pkcs7.h
+++ b/source/libs/libwolfssl/openssl/pkcs7.h
@ -43,6 +43,7 @@ typedef struct WOLFSSL_PKCS7
    PKCS7 pkcs7;
    unsigned char* data;
    int len;
    WOLFSSL_STACK* certs;
 } WOLFSSL_PKCS7;
@ -53,8 +54,12 @@ WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7);
 WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
    int len);
 WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
 WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
 WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
    WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
 WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
                                           WOLFSSL_BIO* out);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
    WOLFSSL_STACK* certs, int flags);
 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
@ -65,6 +70,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
 #define PKCS7_SIGNED_free              wolfSSL_PKCS7_SIGNED_free
 #define d2i_PKCS7                      wolfSSL_d2i_PKCS7
 #define d2i_PKCS7_bio                  wolfSSL_d2i_PKCS7_bio
 #define i2d_PKCS7_bio                  wolfSSL_i2d_PKCS7_bio
 #define PKCS7_verify                   wolfSSL_PKCS7_verify
 #define PKCS7_get0_signers             wolfSSL_PKCS7_get0_signers
 #define PEM_write_bio_PKCS7            wolfSSL_PEM_write_bio_PKCS7
--- a/source/libs/libwolfssl/openssl/rsa.h
+++ b/source/libs/libwolfssl/openssl/rsa.h
@ -117,9 +117,16 @@ WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
 WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
                               unsigned int mLen, unsigned char* sigRet,
                               unsigned int* sigLen, WOLFSSL_RSA*, int);
 WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
                               unsigned int mLen, unsigned char* sigRet,
                               unsigned int* sigLen, WOLFSSL_RSA*, int, int);
 WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
                               unsigned int mLen, const unsigned char* sig,
                               unsigned int sigLen, WOLFSSL_RSA*);
 WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
                               unsigned int mLen, const unsigned char* sig,
                               unsigned int sigLen, WOLFSSL_RSA* rsa,
                               int padding);
 WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
                                  unsigned char* to, WOLFSSL_RSA*, int padding);
 WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
--- a/source/libs/libwolfssl/openssl/srp.h
+++ b/source/libs/libwolfssl/openssl/srp.h
@ -0,0 +1,29 @@
 /* srp.h
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #ifndef WOLFSSL_SRP_H_
 #define WOLFSSL_SRP_H_
 #include <libs/libwolfssl/wolfcrypt/srp.h>
 #define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS
 #endif /* WOLFSSL_SRP_H_ */
--- a/source/libs/libwolfssl/openssl/ssl.h
+++ b/source/libs/libwolfssl/openssl/ssl.h
@ -53,6 +53,8 @@
 /* all NID_* values are in asn.h */
 #include <libs/libwolfssl/wolfcrypt/asn.h>
 #include <libs/libwolfssl/openssl/x509.h>
 #ifdef __cplusplus
    extern "C" {
 #endif
@ -67,6 +69,10 @@
    #undef ASN1_INTEGER
 #endif
 #ifdef OPENSSL_EXTRA
 #include <stdint.h>
 WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
 #endif
 typedef WOLFSSL          SSL;
 typedef WOLFSSL_SESSION  SSL_SESSION;
@ -100,6 +106,7 @@ typedef WOLFSSL_ASN1_INTEGER   ASN1_INTEGER;
 typedef WOLFSSL_ASN1_OBJECT    ASN1_OBJECT;
 typedef WOLFSSL_ASN1_STRING    ASN1_STRING;
 typedef WOLFSSL_ASN1_TYPE      ASN1_TYPE;
 typedef WOLFSSL_X509_ATTRIBUTE X509_ATTRIBUTE;
 typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
 typedef WOLFSSL_dynlock_value  CRYPTO_dynlock_value;
 typedef WOLFSSL_BUF_MEM        BUF_MEM;
@ -279,9 +286,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback
 #define SSL_set_verify                  wolfSSL_set_verify
 #define SSL_set_verify_result           wolfSSL_set_verify_result
 #define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake
 #define SSL_set_post_handshake_auth     wolfSSL_set_post_handshake_auth
 #define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth
 #define SSL_pending                     wolfSSL_pending
 #define SSL_load_error_strings          wolfSSL_load_error_strings
 #define SSL_library_init                wolfSSL_library_init
 #define OPENSSL_init_ssl                wolfSSL_OPENSSL_init_ssl
 #define OpenSSL_add_ssl_algorithms      wolfSSL_library_init
 #define SSL_CTX_set_session_cache_mode  wolfSSL_CTX_set_session_cache_mode
 #define SSL_CTX_set_cipher_list         wolfSSL_CTX_set_cipher_list
@ -297,6 +308,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_set_ex_data                 wolfSSL_set_ex_data
 #define SSL_get_shutdown                wolfSSL_get_shutdown
 #define SSL_get_finished                wolfSSL_get_finished
 #define SSL_get_peer_finished           wolfSSL_get_peer_finished
 #define SSL_set_rfd                     wolfSSL_set_rfd
 #define SSL_set_wfd                     wolfSSL_set_wfd
 #define SSL_set_shutdown                wolfSSL_set_shutdown
@ -333,6 +346,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
    #define SSL_MODE_RELEASE_BUFFERS    0x00000010U
    #define ASN1_BOOLEAN                WOLFSSL_ASN1_BOOLEAN
    #define X509_get_ext                wolfSSL_X509_get_ext
    #define X509_get_ext_by_OBJ         wolfSSL_X509_get_ext_by_OBJ
    #define X509_cmp                    wolfSSL_X509_cmp
    #define X509_EXTENSION_get_object   wolfSSL_X509_EXTENSION_get_object
    #define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical
@ -348,11 +362,14 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define DSA_bits                        wolfSSL_DSA_bits
 #define i2d_X509_bio                    wolfSSL_i2d_X509_bio
 #define i2d_X509_REQ_bio                wolfSSL_i2d_X509_REQ_bio
 #define d2i_X509_bio                    wolfSSL_d2i_X509_bio
 #define d2i_X509_REQ_bio                wolfSSL_d2i_X509_REQ_bio
 #define d2i_X509_fp                     wolfSSL_d2i_X509_fp
 #define i2d_X509                        wolfSSL_i2d_X509
 #define d2i_X509                        wolfSSL_d2i_X509
 #define PEM_read_bio_X509               wolfSSL_PEM_read_bio_X509
 #define PEM_read_bio_X509_REQ           wolfSSL_PEM_read_bio_X509_REQ
 #define PEM_read_bio_X509_CRL           wolfSSL_PEM_read_bio_X509_CRL
 #define PEM_read_bio_X509_AUX           wolfSSL_PEM_read_bio_X509_AUX
 #define PEM_read_X509                   wolfSSL_PEM_read_X509
@ -363,10 +380,18 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define i2d_PrivateKey                  wolfSSL_i2d_PrivateKey
 #define i2d_X509_REQ                    wolfSSL_i2d_X509_REQ
 #define d2i_X509_REQ                    wolfSSL_d2i_X509_REQ
 #define X509_REQ_new                    wolfSSL_X509_REQ_new
 #define X509_REQ_free                   wolfSSL_X509_REQ_free
 #define X509_REQ_sign                   wolfSSL_X509_REQ_sign
 #define X509_REQ_sign_ctx               wolfSSL_X509_REQ_sign_ctx
 #define X509_REQ_add_extensions         wolfSSL_X509_REQ_add_extensions
 #define X509_REQ_add1_attr_by_NID       wolfSSL_X509_REQ_add1_attr_by_NID
 #define X509_REQ_add1_attr_by_txt       wolfSSL_X509_REQ_add1_attr_by_txt
 #define X509_REQ_get_attr_by_NID        wolfSSL_X509_REQ_get_attr_by_NID
 #define X509_REQ_get_attr               wolfSSL_X509_REQ_get_attr
 #define X509_ATTRIBUTE_get0_type        wolfSSL_X509_ATTRIBUTE_get0_type
 #define X509_to_X509_REQ                wolfSSL_X509_to_X509_REQ
 #define X509_REQ_set_subject_name       wolfSSL_X509_REQ_set_subject_name
 #define X509_REQ_set_pubkey             wolfSSL_X509_REQ_set_pubkey
 #define PEM_write_bio_X509_REQ          wolfSSL_PEM_write_bio_X509_REQ
@ -379,14 +404,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_get_ext_count              wolfSSL_X509_get_ext_count
 #define X509_get_ext_d2i                wolfSSL_X509_get_ext_d2i
 #define X509V3_EXT_i2d                  wolfSSL_X509V3_EXT_i2d
 #define X509_get0_extensions            wolfSSL_X509_get0_extensions
 #define X509_get_extensions             wolfSSL_X509_get0_extensions
 #define X509_REQ_get_extensions         wolfSSL_X509_REQ_get_extensions
 #define X509_get_ext                    wolfSSL_X509_get_ext
 #define X509_get_ext_by_NID             wolfSSL_X509_get_ext_by_NID
 #define X509_get_issuer_name            wolfSSL_X509_get_issuer_name
 #define X509_issuer_name_hash           wolfSSL_X509_issuer_name_hash
 #define X509_get_subject_name           wolfSSL_X509_get_subject_name
 #define X509_subject_name_hash          wolfSSL_X509_subject_name_hash
 #define X509_get_subject_name           wolfSSL_X509_get_subject_name
 #define X509_REQ_get_subject_name       wolfSSL_X509_get_subject_name
 #define X509_get_pubkey                 wolfSSL_X509_get_pubkey
 #define X509_get0_pubkey                wolfSSL_X509_get_pubkey
 #define X509_REQ_get_pubkey             wolfSSL_X509_get_pubkey
 #define X509_get_notBefore              wolfSSL_X509_get_notBefore
 #define X509_get0_notBefore             wolfSSL_X509_get_notBefore
 #define X509_get_notAfter               wolfSSL_X509_get_notAfter
@ -408,12 +438,22 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_set_notBefore              wolfSSL_X509_set_notBefore
 #define X509_set_serialNumber           wolfSSL_X509_set_serialNumber
 #define X509_set_version                wolfSSL_X509_set_version
 #define X509_REQ_set_version            wolfSSL_X509_set_version
 #define X509_sign                       wolfSSL_X509_sign
 #define X509_sign_ctx                   wolfSSL_X509_sign_ctx
 #define X509_print                      wolfSSL_X509_print
 #define X509_REQ_print                  wolfSSL_X509_print
 #define X509_print_ex                   wolfSSL_X509_print_ex
 #define X509_print_fp                   wolfSSL_X509_print_fp
 #define X509_REQ_print_fp               wolfSSL_X509_print_fp
 #define X509_signature_print            wolfSSL_X509_signature_print
 #define X509_get0_signature             wolfSSL_X509_get0_signature
 #define X509_verify_cert_error_string   wolfSSL_X509_verify_cert_error_string
 #define X509_verify_cert                wolfSSL_X509_verify_cert
 #define X509_verify                     wolfSSL_X509_verify
 #define X509_REQ_verify                 wolfSSL_X509_REQ_verify
 #define X509_check_private_key          wolfSSL_X509_check_private_key
 #define X509_REQ_check_private_key      wolfSSL_X509_check_private_key
 #define X509_check_ca                   wolfSSL_X509_check_ca
 #define X509_check_host                 wolfSSL_X509_check_host
 #define X509_check_ip_asc               wolfSSL_X509_check_ip_asc
@ -421,6 +461,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_check_issued               wolfSSL_X509_check_issued
 #define X509_dup                        wolfSSL_X509_dup
 #define X509_add_ext                    wolfSSL_X509_add_ext
 #define X509_delete_ext                 wolfSSL_X509_delete_ext
 #define X509_EXTENSION_get_object       wolfSSL_X509_EXTENSION_get_object
 #define X509_EXTENSION_get_data         wolfSSL_X509_EXTENSION_get_data
@ -452,6 +493,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define sk_X509_INFO_pop                wolfSSL_sk_X509_INFO_pop
 #define sk_X509_INFO_pop_free           wolfSSL_sk_X509_INFO_pop_free
 #define sk_X509_INFO_free               wolfSSL_sk_X509_INFO_free
 #define sk_X509_INFO_shift              wolfSSL_sk_X509_INFO_pop
 #define i2d_X509_NAME                   wolfSSL_i2d_X509_NAME
 #define d2i_X509_NAME                   wolfSSL_d2i_X509_NAME
@ -468,9 +510,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_NAME_add_entry             wolfSSL_X509_NAME_add_entry
 #define X509_NAME_add_entry_by_txt      wolfSSL_X509_NAME_add_entry_by_txt
 #define X509_NAME_add_entry_by_NID      wolfSSL_X509_NAME_add_entry_by_NID
 #define X509_NAME_delete_entry          wolfSSL_X509_NAME_delete_entry
 #define X509_NAME_oneline               wolfSSL_X509_NAME_oneline
 #define X509_NAME_get_index_by_NID      wolfSSL_X509_NAME_get_index_by_NID
 #define X509_NAME_print_ex              wolfSSL_X509_NAME_print_ex
 #define X509_NAME_print_ex_fp           wolfSSL_X509_NAME_print_ex_fp
 #define X509_NAME_digest                wolfSSL_X509_NAME_digest
 #define X509_cmp_current_time           wolfSSL_X509_cmp_current_time
 #define X509_cmp_time                   wolfSSL_X509_cmp_time
@ -511,6 +555,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_STORE_CTX_free             wolfSSL_X509_STORE_CTX_free
 #define X509_STORE_CTX_get_chain        wolfSSL_X509_STORE_CTX_get_chain
 #define X509_STORE_CTX_get1_chain       wolfSSL_X509_STORE_CTX_get1_chain
 #define X509_STORE_CTX_get0_parent_ctx  wolfSSL_X509_STORE_CTX_get0_parent_ctx
 #define X509_STORE_CTX_get_error        wolfSSL_X509_STORE_CTX_get_error
 #define X509_STORE_CTX_get_error_depth  wolfSSL_X509_STORE_CTX_get_error_depth
 #define X509_STORE_CTX_init             wolfSSL_X509_STORE_CTX_init
@ -563,6 +608,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_CRL_get_REVOKED            wolfSSL_X509_CRL_get_REVOKED
 #define X509_get_X509_PUBKEY            wolfSSL_X509_get_X509_PUBKEY
 #define X509_REQ_get_X509_PUBKEY        wolfSSL_X509_get_X509_PUBKEY
 #define X509_get0_tbs_sigalg            wolfSSL_X509_get0_tbs_sigalg
 #define X509_PUBKEY_get0_param          wolfSSL_X509_PUBKEY_get0_param
 #define X509_PUBKEY_get                 wolfSSL_X509_PUBKEY_get
@ -610,6 +656,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_set_write_buffer_size       wolfSSL_BIO_set_write_buffer_size
 #define BIO_f_ssl                       wolfSSL_BIO_f_ssl
 #define BIO_new_socket                  wolfSSL_BIO_new_socket
 #ifndef NO_WOLFSSL_STUB
 #define BIO_new_connect                 wolfSSL_BIO_new_connect
 #define BIO_set_conn_port               wolfSSL_BIO_set_conn_port
 #define BIO_do_connect                  wolfSSL_BIO_do_connect
 #endif
 #define SSL_set_bio                     wolfSSL_set_bio
 #define BIO_set_ssl                     wolfSSL_BIO_set_ssl
 #define BIO_eof                         wolfSSL_BIO_eof
@ -652,15 +703,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define sk_ASN1_OBJECT_free             wolfSSL_sk_ASN1_OBJECT_free
 #define ASN1_TIME_new                   wolfSSL_ASN1_TIME_new
 #define ASN1_UTCTIME_new                wolfSSL_ASN1_TIME_new
 #define ASN1_TIME_free                  wolfSSL_ASN1_TIME_free
 #define ASN1_UTCTIME_free               wolfSSL_ASN1_TIME_free
 #define ASN1_TIME_adj                   wolfSSL_ASN1_TIME_adj
 #define ASN1_TIME_print                 wolfSSL_ASN1_TIME_print
 #define ASN1_TIME_to_generalizedtime    wolfSSL_ASN1_TIME_to_generalizedtime
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 #define ASN1_TIME_set_string            wolfSSL_ASN1_TIME_set_string
 #define ASN1_TIME_to_string             wolfSSL_ASN1_TIME_to_string
 #define ASN1_GENERALIZEDTIME_print      wolfSSL_ASN1_GENERALIZEDTIME_print
 #define ASN1_GENERALIZEDTIME_free       wolfSSL_ASN1_GENERALIZEDTIME_free
 #define ASN1_tag2str                    wolfSSL_ASN1_tag2str
 #define a2i_ASN1_INTEGER                wolfSSL_a2i_ASN1_INTEGER
 #define i2a_ASN1_INTEGER                wolfSSL_i2a_ASN1_INTEGER
 #define i2c_ASN1_INTEGER                wolfSSL_i2c_ASN1_INTEGER
 #define ASN1_INTEGER_new                wolfSSL_ASN1_INTEGER_new
@ -673,13 +731,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define i2a_ASN1_OBJECT                 wolfSSL_i2a_ASN1_OBJECT
 #define i2d_ASN1_OBJECT                 wolfSSL_i2d_ASN1_OBJECT
 #define ASN1_STRING_new                 wolfSSL_ASN1_STRING_new
 #define ASN1_STRING_free                wolfSSL_ASN1_STRING_free
 #define ASN1_STRING_cmp                 wolfSSL_ASN1_STRING_cmp
 #define ASN1_STRING_data                wolfSSL_ASN1_STRING_data
 #define ASN1_STRING_get0_data           wolfSSL_ASN1_STRING_data
 #define ASN1_STRING_length              wolfSSL_ASN1_STRING_length
 #define ASN1_STRING_to_UTF8             wolfSSL_ASN1_STRING_to_UTF8
 #define ASN1_UNIVERSALSTRING_to_string  wolfSSL_ASN1_UNIVERSALSTRING_to_string
 #define ASN1_STRING_print_ex            wolfSSL_ASN1_STRING_print_ex
 #define ASN1_STRING_print(x, y)         wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
 #define d2i_DISPLAYTEXT                 wolfSSL_d2i_DISPLAYTEXT
 #ifndef NO_WOLFSSL_STUB
 #define ASN1_STRING_set_default_mask_asc(...) 1
 #endif
 #define ASN1_PRINTABLE_type(...)        V_ASN1_PRINTABLESTRING
 #define ASN1_UTCTIME_pr                 wolfSSL_ASN1_UTCTIME_pr
@ -800,6 +867,13 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define PEMerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
                                        NULL, __LINE__, __FILE__, NULL)
 #endif
 #ifndef WOLFCRYPT_ONLY
 #define EVPerr(func, reason)            wolfSSL_ERR_put_error(ERR_LIB_EVP, \
                                        (func), (reason), __FILE__, __LINE__)
 #else
 #define EVPerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
                                        NULL, __LINE__, __FILE__, NULL)
 #endif
 #define SSLv23_server_method            wolfSSLv23_server_method
 #define SSL_CTX_set_options             wolfSSL_CTX_set_options
@ -897,6 +971,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define sk_X509_NAME_find               wolfSSL_sk_X509_NAME_find
 #define DHparams_dup                    wolfSSL_DH_dup
 #define PEM_read_bio_DHparams           wolfSSL_PEM_read_bio_DHparams
 #define PEM_read_bio_DSAparams          wolfSSL_PEM_read_bio_DSAparams
@ -924,8 +999,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ERR_LIB_SSL          20
 #define SSL_R_SHORT_READ     10
 #define ERR_R_PEM_LIB        9
 #define V_ASN1_IA5STRING     22
 #define V_ASN1_UTF8STRING    12
 #define SSL_CTRL_MODE        33
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
@ -1091,6 +1164,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
 #ifndef NO_WOLFSSL_STUB
 #define b2i_PrivateKey_bio(...)         NULL
 #define b2i_PVK_bio(...)                NULL
 #endif
 #define SSL_CTX_get_default_passwd_cb   wolfSSL_CTX_get_default_passwd_cb
 #define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata
@ -1128,6 +1207,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #include <libs/libwolfssl/error-ssl.h>
 #define OPENSSL_STRING    WOLFSSL_STRING
 #define OPENSSL_CSTRING   WOLFSSL_STRING
 #define TLSEXT_TYPE_application_layer_protocol_negotiation    16
@ -1164,6 +1244,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define OPENSSL_config	                wolfSSL_OPENSSL_config
 #define OPENSSL_memdup                  wolfSSL_OPENSSL_memdup
 #define OPENSSL_cleanse                 wolfSSL_OPENSSL_cleanse
 #define SSL_CTX_get_timeout             wolfSSL_SSL_CTX_get_timeout
 #define SSL_CTX_set_tmp_ecdh            wolfSSL_SSL_CTX_set_tmp_ecdh
 #define SSL_CTX_remove_session          wolfSSL_SSL_CTX_remove_session
@ -1176,7 +1257,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
 #define SSL_CTX_set_tlsext_status_cb    wolfSSL_CTX_set_tlsext_status_cb
 #define SSL_CTX_get_extra_chain_certs   wolfSSL_CTX_get_extra_chain_certs
 #define sk_OPENSSL_STRING_num           wolfSSL_sk_WOLFSSL_STRING_num
 #define sk_OPENSSL_STRING_value         wolfSSL_sk_WOLFSSL_STRING_value
 #define sk_OPENSSL_PSTRING_num          wolfSSL_sk_WOLFSSL_STRING_num
 #define sk_OPENSSL_PSTRING_value        (WOLFSSL_STRING*)wolfSSL_sk_WOLFSSL_STRING_value
 #define sk_OPENSSL_STRING_free          wolfSSL_sk_free
 #define SSL_get0_alpn_selected          wolfSSL_get0_alpn_selected
 #define SSL_select_next_proto           wolfSSL_select_next_proto
 #define SSL_CTX_set_alpn_select_cb      wolfSSL_CTX_set_alpn_select_cb
@ -1198,8 +1283,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_add_client_CA           wolfSSL_CTX_add_client_CA
 #define SSL_CTX_set_srp_password        wolfSSL_CTX_set_srp_password
 #define SSL_CTX_set_srp_username        wolfSSL_CTX_set_srp_username
 #define SSL_CTX_set_srp_strength        wolfSSL_CTX_set_srp_strength
 #define SSL_get_SSL_CTX                 wolfSSL_get_SSL_CTX
 #define SSL_get0_param                  wolfSSL_get0_param
 #define SSL_get_srp_username            wolfSSL_get_srp_username
 #define ERR_NUM_ERRORS                  16
 #define SN_pkcs9_emailAddress           "Email"
@ -1231,6 +1318,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define OpenSSL_version(x)              wolfSSL_OpenSSL_version()
 #ifndef NO_WOLFSSL_STUB
 #define OBJ_create_objects(...)
 #endif
 #ifdef __cplusplus
    } /* extern "C" */
 #endif
--- a/source/libs/libwolfssl/openssl/stack.h
+++ b/source/libs/libwolfssl/openssl/stack.h
@ -28,15 +28,12 @@
    extern "C" {
 #endif
 #include <libs/libwolfssl/openssl/conf.h>
 typedef void (*wolfSSL_sk_freefunc)(void *);
 WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
 WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *);
 WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data);
 WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *));
 WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk);
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void);
 WOLFSSL_API int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher);
--- a/source/libs/libwolfssl/openssl/x509.h
+++ b/source/libs/libwolfssl/openssl/x509.h
@ -5,6 +5,7 @@
 #include <libs/libwolfssl/openssl/dh.h>
 #include <libs/libwolfssl/openssl/ec.h>
 #include <libs/libwolfssl/openssl/ecdsa.h>
 #include <libs/libwolfssl/openssl/pkcs7.h>
 /* wolfSSL_X509_print_ex flags */
 #define X509_FLAG_COMPAT        (0UL)
@ -23,4 +24,21 @@
 #define X509_FLAG_NO_IDS        (1UL << 12)
 #define XN_FLAG_FN_SN           0
-#define XN_FLAG_SEP_CPLUS_SPC   2
+#define XN_FLAG_ONELINE         0
 #define XN_FLAG_COMPAT          0
 #define XN_FLAG_RFC2253         1
 #define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)
 #define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)
 #define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)
 #define XN_FLAG_SEP_MULTILINE   (4 << 16)
 #define XN_FLAG_SEP_MASK        (0xF << 16)
 #define XN_FLAG_DN_REV          (1 << 20)
 #define XN_FLAG_FN_LN           (1 << 21)
 #define XN_FLAG_FN_OID          (2 << 21)
 #define XN_FLAG_FN_NONE         (3 << 21)
 #define XN_FLAG_FN_MASK         (3 << 21)
 #define XN_FLAG_SPC_EQ          (1 << 23)
 #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
 #define XN_FLAG_FN_ALIGN        (1 << 25)
 #define XN_FLAG_MULTILINE       0xFFFF
--- a/source/libs/libwolfssl/openssl/x509v3.h
+++ b/source/libs/libwolfssl/openssl/x509v3.h
@ -83,6 +83,8 @@ struct WOLFSSL_X509_EXTENSION {
 #define X509V3_CTX         WOLFSSL_X509V3_CTX
 #define CTX_TEST           0x1
 typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
 typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
 typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
@ -99,6 +101,8 @@ WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
                                          const WOLFSSL_ASN1_STRING *s);
 WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
        WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
 WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
        const char *section, WOLFSSL_X509 *cert);
 #define BASIC_CONSTRAINTS_free    wolfSSL_BASIC_CONSTRAINTS_free
 #define AUTHORITY_KEYID_free      wolfSSL_AUTHORITY_KEYID_free
@ -107,11 +111,20 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
 #define ASN1_OCTET_STRING         WOLFSSL_ASN1_STRING
 #define X509V3_EXT_get            wolfSSL_X509V3_EXT_get
 #define X509V3_EXT_d2i            wolfSSL_X509V3_EXT_d2i
 #define X509V3_EXT_add_nconf      wolfSSL_X509V3_EXT_add_nconf
 #ifndef NO_WOLFSSL_STUB
 #define X509V3_parse_list(...)    NULL
 #endif
 #define i2s_ASN1_OCTET_STRING     wolfSSL_i2s_ASN1_STRING
 #define X509V3_EXT_print          wolfSSL_X509V3_EXT_print
 #define X509V3_EXT_conf_nid       wolfSSL_X509V3_EXT_conf_nid
 #define X509V3_set_ctx            wolfSSL_X509V3_set_ctx
 #ifndef NO_WOLFSSL_STUB
 #define X509V3_set_nconf(...)
 #endif
 #define X509V3_set_ctx_test(ctx)  wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
 #define X509V3_set_ctx_nodb       wolfSSL_X509V3_set_ctx_nodb
 #define X509v3_get_ext_count      wolfSSL_sk_num
 #ifdef  __cplusplus
 }
--- a/source/libs/libwolfssl/sniffer_error.h
+++ b/source/libs/libwolfssl/sniffer_error.h
@ -109,7 +109,6 @@
 #define GOT_CERT_STATUS_STR 73
 #define RSA_KEY_MISSING_STR 74
 #define NO_SECURE_RENEGOTIATION 75
 #define BAD_SESSION_STATS 76
 #define REASSEMBLY_MAX_STR 77
 #define DROPPING_LOST_FRAG_STR 78
@ -131,6 +130,7 @@
 #define STORE_DATA_FAIL_STR 92
 #define CHAIN_INPUT_STR 93
 #define GOT_ENC_EXT_STR 94
 #define GOT_HELLO_RETRY_REQ_STR 95
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
--- a/source/libs/libwolfssl/ssl.h
+++ b/source/libs/libwolfssl/ssl.h
@ -40,6 +40,10 @@
    #include <libs/libwolfssl/wolfcrypt/wolfevent.h>
 #endif
 #ifdef WOLF_CRYPTO_CB
    #include <libs/libwolfssl/wolfcrypt/cryptocb.h>
 #endif
 /* used internally by wolfSSL while OpenSSL types aren't */
 #include <libs/libwolfssl/callbacks.h>
@ -98,6 +102,19 @@
    extern "C" {
 #endif
 /* LHASH is implemented as a stack */
 typedef struct WOLFSSL_STACK WOLFSSL_LHASH;
 #ifndef WOLF_LHASH_OF
    #define WOLF_LHASH_OF(x) WOLFSSL_LHASH
 #endif
 #ifndef WOLF_STACK_OF
    #define WOLF_STACK_OF(x) WOLFSSL_STACK
 #endif
 #ifndef DECLARE_STACK_OF
    #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
 #endif
 #ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
 #define WOLFSSL_WOLFSSL_TYPE_DEFINED
 typedef struct WOLFSSL          WOLFSSL;
@ -171,7 +188,6 @@ typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
 typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
 typedef struct WOLFSSL_BIO_METHOD     WOLFSSL_BIO_METHOD;
 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
 typedef struct WOLFSSL_CONF_VALUE     WOLFSSL_CONF_VALUE;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
 typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
 typedef struct WOLFSSL_X509V3_CTX     WOLFSSL_X509V3_CTX;
@ -185,6 +201,7 @@ typedef struct WOLFSSL_DH               WOLFSSL_DH;
 #endif
 typedef struct WOLFSSL_ASN1_BIT_STRING  WOLFSSL_ASN1_BIT_STRING;
 typedef struct WOLFSSL_ASN1_TYPE        WOLFSSL_ASN1_TYPE;
 typedef struct WOLFSSL_X509_ATTRIBUTE   WOLFSSL_X509_ATTRIBUTE;
 typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME;
 typedef struct WOLFSSL_AUTHORITY_KEYID  WOLFSSL_AUTHORITY_KEYID;
@ -314,6 +331,12 @@ struct WOLFSSL_ASN1_TYPE {
    } value;
 };
 struct WOLFSSL_X509_ATTRIBUTE {
    WOLFSSL_ASN1_OBJECT *object;
    WOLFSSL_ASN1_TYPE *value;
    WOLF_STACK_OF(WOLFSSL_ASN1_TYPE) *set;
 };
 struct WOLFSSL_EVP_PKEY {
    void* heap;
    int type;         /* openssh dereference */
@ -468,6 +491,8 @@ struct WOLFSSL_BIO {
    void*        heap;          /* user heap hint */
    void*        ptr;           /* WOLFSSL, file descriptor, MD, or mem buf */
    void*        usrCtx;        /* user set pointer */
    const char*  ip;            /* IP address for wolfIO_TcpConnect */
    word16       port;          /* Port for wolfIO_TcpConnect */
    char*        infoArg;       /* BIO callback argument */
    wolf_bio_info_cb infoCb;    /* BIO callback */
    int          wrSz;          /* write buffer size (mem) */
@ -523,11 +548,16 @@ struct WOLFSSL_X509_STORE {
 };
 #define WOLFSSL_NO_WILDCARDS   0x4
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
    defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME)
    #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
 #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 #define WOLFSSL_USE_CHECK_TIME 0x2
 #define WOLFSSL_NO_CHECK_TIME  0x200000
 #define WOLFSSL_HOST_NAME_MAX  256
 #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
 struct WOLFSSL_X509_VERIFY_PARAM {
    time_t         check_time;
    unsigned long  flags;
@ -789,8 +819,15 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*,
 #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
 #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
 #endif
 WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
 WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
 #endif /* !NO_CERTS */
 #define WOLFSSL_CIPHER_SUITE_FLAG_NONE          0x0
 #define WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS     0x1
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
 WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
@ -806,9 +843,6 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *,
                                                  const char *file, int format);
 WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
 WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
 WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*,
                                                                           int);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*,
@ -853,6 +887,8 @@ WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char,
    const unsigned char);
 WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite(
    const unsigned char, const unsigned char);
 WOLFSSL_API int wolfSSL_get_cipher_suite_from_name(const char* name,
    byte* cipherSuite0, byte* cipherSuite, int* flags);
 WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
    int len);
 WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
@ -974,6 +1010,14 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
 WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
 WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long);
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
 WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL*);
 WOLFSSL_API int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX*, int);
 WOLFSSL_API int wolfSSL_set_post_handshake_auth(WOLFSSL*, int);
 #endif
 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_pending(WOLFSSL*);
@ -1070,20 +1114,6 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
 /* extras */
 /* for now LHASH is not implemented */
 typedef int WOLFSSL_LHASH;
 #ifndef WOLF_LHASH_OF
    #define WOLF_LHASH_OF(x) WOLFSSL_LHASH
 #endif
 #ifndef WOLF_STACK_OF
    #define WOLF_STACK_OF(x) WOLFSSL_STACK
 #endif
 #ifndef DECLARE_STACK_OF
    #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
 #endif
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
 WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
@ -1148,6 +1178,7 @@ WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free(
                WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
                void (*f)(WOLFSSL_ASN1_OBJECT*));
 WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
 WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
                            WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
@ -1263,11 +1294,16 @@ WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
 #ifndef NO_FILESYSTEM
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag);
 #endif
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
 WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port);
 WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b);
 WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
 WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
@ -1329,6 +1365,13 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset
 #endif
 WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
    unsigned long nmflags, unsigned long cflag);
 #ifndef NO_FILESYSTEM
 WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509);
 #endif
 WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
        const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig);
 WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig,
        const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509);
 WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
 WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*,
                                                                    char*, int);
@ -1353,6 +1396,9 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
                                            WOLFSSL_X509*, unsigned char*, int*);
 WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
 #endif
 WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*,
                                              WOLFSSL_X509_NAME*);
 WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*,
@ -1369,6 +1415,7 @@ WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509,
 WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v);
 WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
        const WOLFSSL_EVP_MD* md);
 WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx);
 WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
@ -1383,6 +1430,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* as
 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
 WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
 WOLFSSL_API int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b);
 WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1);
 WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
                                                  const void* data, int dataSz);
@ -1412,6 +1460,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
                                                   WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
                                                   WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
                                                   WOLFSSL_X509_STORE_CTX *ctx);
 WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
                                                            unsigned long flag);
 WOLFSSL_API int          wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
@ -1425,7 +1475,7 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
-WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
 WOLFSSL_API int       wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
@ -1580,6 +1630,9 @@ WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
 WOLFSSL_API int  wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
 WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
 WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
 WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
@ -1730,7 +1783,6 @@ enum {
                              * and auto retry */
    SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
    BIO_FLAGS_BASE64_NO_NL = 1,
    BIO_CLOSE   = 1,
    BIO_NOCLOSE = 0,
@ -1788,12 +1840,6 @@ enum {
    X509_R_CERT_ALREADY_IN_HASH_TABLE,
    XN_FLAG_SPC_EQ  = (1 << 23),
    XN_FLAG_SEP_CPLUS_SPC = (2 << 16),
    XN_FLAG_ONELINE = 0,
    XN_FLAG_RFC2253 = 1,
    XN_FLAG_DN_REV = (1 << 20),
    CRYPTO_LOCK = 1,
    CRYPTO_NUM_LOCKS = 10,
@ -2014,7 +2060,7 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
 WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
 WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
-#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY)
+#if !defined(NO_CHECK_PRIVATE_KEY)
  WOLFSSL_API int  wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
 #endif
 WOLFSSL_API void wolfSSL_ERR_free_strings(void);
@ -2061,13 +2107,14 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
                   const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to);
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
 WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
 #endif
-WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
+WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
-WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
+WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
 #if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
-    (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
+    (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL))
 WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
                                            int idx);
 WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
@ -2164,6 +2211,10 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
        const unsigned char** in, int len);
 WOLFSSL_API WOLFSSL_X509*
    wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509*
    wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
 #endif
 WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
                                                   const unsigned char *in, int len);
@ -2182,6 +2233,10 @@ WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
 #endif
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
    const unsigned char* buf, int sz, int format);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
    const unsigned char* buf, int sz, int format);
 #endif
 #ifdef WOLFSSL_SEP
    WOLFSSL_API unsigned char*
@ -2209,6 +2264,8 @@ WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
 WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
     WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
     WOLF_STACK_OF(WOLFSSL_X509)** ca);
 WOLFSSL_API int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
        int pswLen);
 WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
        WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
        WOLF_STACK_OF(WOLFSSL_X509)* ca,
@ -2310,7 +2367,13 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
    WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
                                               const unsigned char*, long, int);
    WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*,
-                                         const unsigned char*, long, int, long);
+                                                  const unsigned char*, long,
                                                  int, long);
    WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX*,
                                                  const unsigned char*, long,
                                                  int);
    WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX*, const char*,
                                                     int);
    WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*,
                                               const unsigned char*, long, int);
    WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
@ -2325,6 +2388,9 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
                                               long, int);
    WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*,
                                              long, int, long);
    WOLFSSL_API int wolfSSL_use_PrivateKey_Id(WOLFSSL*, const unsigned char*,
                                              long, int);
    WOLFSSL_API int wolfSSL_use_PrivateKey_Label(WOLFSSL*, const char*, int);
    WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
                                               const unsigned char*, long, int);
    WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
@ -2392,7 +2458,7 @@ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void);
 WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
 WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
 WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_GetVersion(const WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
 /* moved to asn.c, old names kept for backwards compatibility */
@ -2722,6 +2788,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
    WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
    WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER*);
    WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
                                                                 const char* d);
@ -2772,6 +2839,10 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
                                                      WOLFSSL_CERT_MANAGER* cm);
    WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
                                                      WOLFSSL_CERT_MANAGER* cm);
    WOLFSSL_API int wolfSSL_CertManagerEnableOCSPMustStaple(
                                                      WOLFSSL_CERT_MANAGER* cm);
    WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple(
                                                      WOLFSSL_CERT_MANAGER* cm);
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
 #endif
@ -2808,6 +2879,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
                                               CbOCSPIO, CbOCSPRespFree, void*);
    WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
    WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*);
    WOLFSSL_API int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX*);
    WOLFSSL_API int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX*);
 #endif /* !NO_CERTS */
@ -2923,7 +2996,7 @@ enum {
    WOLFSSL_MAX_ALPN_NUMBER = 257
 };
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
 typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
    unsigned char* outLen, const unsigned char* in, unsigned int inLen,
    void *arg);
@ -3233,7 +3306,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
 #include <libs/libwolfssl/openssl/asn1.h>
 struct WOLFSSL_X509_NAME_ENTRY {
-    WOLFSSL_ASN1_OBJECT  object;  /* static object just for keeping grp, type */
+    WOLFSSL_ASN1_OBJECT* object;  /* static object just for keeping grp, type */
    WOLFSSL_ASN1_STRING* value;  /* points to data, for lighttpd port */
    int nid; /* i.e. ASN_COMMON_NAME */
    int set;
@ -3290,7 +3363,6 @@ WOLFSSL_LOCAL int NIDToEccEnum(int n);
 /* end of object functions */
 WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line);
 WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
 WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
 WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void));
 WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx);
@ -3310,6 +3382,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
                                           int type, const unsigned char *bytes,
                                           int len, int loc, int set);
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry(
        WOLFSSL_X509_NAME *name, int loc);
 WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
            const WOLFSSL_X509_NAME* y);
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
@ -3320,6 +3394,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
 #endif /* !NO_CERTS */
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
    || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
 WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
 #endif
 #ifdef WOLFSSL_WPAS_SMALL
    /* WPA Supplicant requires GEN_ values */
    #include <libs/libwolfssl/openssl/x509v3.h>
@ -3337,6 +3416,7 @@ WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int
 WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
 WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
                                                           void *data);
 WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
        WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
        char* value);
@ -3360,7 +3440,11 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
 WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b);
 WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x);
 WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X509 *x);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
 WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
        const WOLFSSL_ASN1_OBJECT *obj, int lastpos);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
 WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
@ -3382,6 +3466,9 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
 WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
 WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
 #endif
 #if !defined(NO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
                                               WOLFSSL_X509** x509);
@ -3389,6 +3476,10 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s
 #endif
 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
                                               WOLFSSL_X509** x509);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio,
                                               WOLFSSL_X509** x509);
 #endif
 #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3412,6 +3503,9 @@ WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
 WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
 #endif
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
        WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
@ -3491,6 +3585,7 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c);
    || defined(WOLFSSL_MYSQL_COMPATIBLE) \
    || defined(WOLFSSL_HAPROXY) \
    || defined(OPENSSL_EXTRA)
 #define X509_BUFFER_SZ 8192
 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
 WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
@ -3510,12 +3605,31 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
 WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
 WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
                                      const WOLFSSL_EVP_MD *md);
 WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
                                          WOLFSSL_EVP_MD_CTX* md_ctx);
 WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
-        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext);
+        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext_sk);
 WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
                                                  WOLFSSL_X509_NAME *name);
 WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
                                            WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
                                                  int nid, int type,
                                                  const unsigned char *bytes,
                                                  int len);
 WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
        int nid, int lastpos);
 WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
                              const char *attrname, int type,
                              const unsigned char *bytes, int len);
 WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
        const WOLFSSL_X509 *req, int loc);
 WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void);
 WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr);
 WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
        WOLFSSL_X509_ATTRIBUTE *attr, int idx);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
        WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
 #endif
@ -3524,9 +3638,6 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
 #include <libs/libwolfssl/openssl/crypto.h>
 /* SNI received callback type */
 typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
    void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
@ -3578,8 +3689,9 @@ WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*
    void (*f) (WOLFSSL_X509_INFO*));
 WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
-typedef int (*wolf_sk_compare_cb)(const void* const *a,
+typedef int (*wolf_sk_compare_cb)(const void* a,
-                                  const void* const *b);
+                                  const void* b);
 typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
    wolf_sk_compare_cb);
 WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
@ -3599,6 +3711,18 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
 WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
        unsigned long);
 #ifndef NO_FILESYSTEM
 WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int,
        unsigned long);
 #endif
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc);
 WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk);
 WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk);
 WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(
        const struct WOLFSSL_STACK *sk, int i);
 WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
        WOLFSSL_CONF_VALUE* val);
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3657,12 +3781,22 @@ WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
 WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
 #ifdef HAVE_SNI
 /* SNI received callback type */
 typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
 WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
        CallbackSniRecv);
 WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
        CallbackSniRecv);
 WOLFSSL_API int  wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
 #endif
 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
    || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
 WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);
@ -3732,6 +3866,7 @@ WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
        const unsigned char* protos, unsigned int protos_len);
 WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
    size_t siz, const char* file, int line);
 WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len);
 WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
 #endif
@ -3761,11 +3896,12 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
 #endif
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \
    || defined(WOLFSSL_WPAS_SMALL)
 WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
 WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
    void *data);
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
@ -3817,8 +3953,12 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *
 WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
    WOLFSSL_X509 *subject);
-WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void);
 WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk);
 WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(
    WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
 WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num(
    WOLF_STACK_OF(WOLFSSL_STRING)* strings);
 #endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
 WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
@ -3867,8 +4007,8 @@ WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
 WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
        const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
-WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
+WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count);
-WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
+WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count);
 #endif
 WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
@ -3887,6 +4027,9 @@ WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, con
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
 WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
 WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
                                                         const unsigned char **der,
                                                         long length);
 WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
 WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
@ -3911,6 +4054,8 @@ WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
                                                                WOLFSSL_ASN1_TIME **out);
 WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
 WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
        char *buf, int size);
 WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store);
 WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x);
 WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
--- a/source/libs/libwolfssl/version.h
+++ b/source/libs/libwolfssl/version.h
@ -28,8 +28,8 @@
 extern "C" {
 #endif
-#define LIBWOLFSSL_VERSION_STRING "4.5.0"
+#define LIBWOLFSSL_VERSION_STRING "4.6.0"
-#define LIBWOLFSSL_VERSION_HEX 0x04005000
+#define LIBWOLFSSL_VERSION_HEX 0x04006000
 #ifdef __cplusplus
 }
--- a/source/libs/libwolfssl/wolfcrypt/aes.h
+++ b/source/libs/libwolfssl/wolfcrypt/aes.h
@ -79,6 +79,11 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #include <libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 #endif
 #ifdef WOLFSSL_SILABS_SE_ACCEL
    #include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h>
 #endif
 #if defined(HAVE_AESGCM) && !defined(WC_NO_RNG)
    #include <libs/libwolfssl/wolfcrypt/random.h>
 #endif
@ -144,6 +149,7 @@ enum {
 #ifdef HAVE_PKCS11
    AES_MAX_ID_LEN      = 32,
    AES_MAX_LABEL_LEN   = 32,
 #endif
 };
@ -171,6 +177,12 @@ struct Aes {
 #ifdef GCM_TABLE
    /* key-based fast multiplication table. */
    ALIGN16 byte M0[256][AES_BLOCK_SIZE];
 #elif defined(GCM_TABLE_4BIT)
    #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU)
        ALIGN16 byte M0[16][AES_BLOCK_SIZE];
    #else
        ALIGN16 byte M0[32][AES_BLOCK_SIZE];
    #endif
 #endif /* GCM_TABLE */
 #ifdef HAVE_CAVIUM_OCTEON_SYNC
    word32 y0;
@ -186,6 +198,8 @@ struct Aes {
 #ifdef HAVE_PKCS11
    byte id[AES_MAX_ID_LEN];
    int  idLen;
    char label[AES_MAX_LABEL_LEN];
    int  labelLen;
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
    WC_ASYNC_DEV asyncDev;
@ -231,6 +245,9 @@ struct Aes {
 #endif
 #if defined(WOLFSSL_IMXRT_DCP)
    dcp_handle_t handle;
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
    silabs_aes_t ctx;
 #endif
    void*  heap; /* memory hint to use */
 };
@ -431,6 +448,8 @@ WOLFSSL_API int  wc_AesInit(Aes* aes, void* heap, int devId);
 #ifdef HAVE_PKCS11
 WOLFSSL_API int  wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap,
        int devId);
 WOLFSSL_API int  wc_AesInit_Label(Aes* aes, const char* label, void* heap,
        int devId);
 #endif
 WOLFSSL_API void wc_AesFree(Aes* aes);
--- a/source/libs/libwolfssl/wolfcrypt/asn.h
+++ b/source/libs/libwolfssl/wolfcrypt/asn.h
@ -100,6 +100,7 @@ enum ASN_Tags {
    ASN_SEQUENCE          = 0x10,
    ASN_SET               = 0x11,
    ASN_PRINTABLE_STRING  = 0x13,
    ASN_IA5_STRING        = 0x16,
    ASN_UTC_TIME          = 0x17,
    ASN_OTHER_TYPE        = 0x00,
    ASN_RFC822_TYPE       = 0x01,
@ -142,6 +143,9 @@ enum DN_Tags {
    ASN_DOMAIN_COMPONENT = 0x19  /* DC */
 };
 /* This is the size of the smallest possible PEM header and footer */
 extern const int pem_struct_min_sz;
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 typedef struct WOLFSSL_ObjectInfo {
    int nid;
@ -202,6 +206,7 @@ enum
    NID_sha256 = 672,
    NID_sha384 = 673,
    NID_sha512 = 674,
    NID_pkcs9_challengePassword = 54,
    NID_hw_name_oid = 73,
    NID_id_pkix_OCSP_basic = 74,
    NID_any_policy = 75,
@ -228,6 +233,7 @@ enum
    NID_inhibit_any_policy = 168,      /* 2.5.29.54 */
    NID_tlsfeature = 1020,             /* id-pe 24 */
    NID_commonName = 0x03,             /* matches ASN_COMMON_NAME in asn.h */
    NID_buildingName = 1494,
    NID_surname = 0x04,                /* SN */
@ -300,7 +306,7 @@ enum Misc_ASN {
 #endif
    RSA_INTS            =   8,     /* RSA ints in private key */
    DSA_INTS            =   5,     /* DSA ints in private key */
-    MIN_DATE_SIZE       =  13,
+    MIN_DATE_SIZE       =  12,
    MAX_DATE_SIZE       =  32,
    ASN_GEN_TIME_SZ     =  15,     /* 7 numbers * 2 + Zulu tag */
 #ifndef NO_RSA
@ -382,6 +388,9 @@ enum Misc_ASN {
    MIN_VERSION_SZ      = 3,       /* Min bytes needed for GetMyVersion */
    MAX_X509_VERSION    = 3,       /* Max X509 version allowed */
    MIN_X509_VERSION    = 0,       /* Min X509 version allowed */
    WOLFSSL_X509_V1     = 0,
    WOLFSSL_X509_V2     = 1,
    WOLFSSL_X509_V3     = 2,
 #if defined(OPENSSL_ALL)  || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
    defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
@ -422,6 +431,7 @@ enum Oid_Types {
    oidCertNameType     = 17,
    oidTlsExtType       = 18,
    oidCrlExtType       = 19,
    oidCsrAttrType      = 20,
    oidIgnoreType
 };
@ -588,6 +598,14 @@ enum KeyIdType {
 };
 #endif
 #ifdef WOLFSSL_CERT_REQ
 enum CsrAttrType {
    CHALLENGE_PASSWORD_OID = 659,
    SERIAL_NUMBER_OID = 94,
    EXTENSION_REQUEST_OID = 666,
 };
 #endif
 /* Key usage extension bits (based on RFC 5280) */
 #define KEYUSE_DIGITAL_SIG    0x0080
 #define KEYUSE_CONTENT_COMMIT 0x0040
@ -660,7 +678,9 @@ struct SignatureCtx {
    byte* digest;
 #ifndef NO_RSA
    byte* out;
-    byte* plain;
+#endif
 #if !(defined(NO_RSA) && defined(NO_DSA))
    byte* sigCpy;
 #endif
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
    int verify;
@ -669,6 +689,9 @@ struct SignatureCtx {
    #ifndef NO_RSA
        struct RsaKey*      rsa;
    #endif
    #ifndef NO_DSA
        struct DsaKey*      dsa;
    #endif
    #ifdef HAVE_ECC
        struct ecc_key*     ecc;
    #endif
@ -766,6 +789,7 @@ struct DecodedCert {
    DNS_entry* altNames;             /* alt names list of dns entries    */
 #ifndef IGNORE_NAME_CONSTRAINTS
    DNS_entry* altEmailNames;        /* alt names list of RFC822 entries */
    DNS_entry* altDirNames;          /* alt names list of DIR entries    */
    Base_entry* permittedNames;      /* Permitted name bases             */
    Base_entry* excludedNames;       /* Excluded name bases              */
 #endif /* IGNORE_NAME_CONSTRAINTS */
@ -888,6 +912,14 @@ struct DecodedCert {
    int     extCertPoliciesNb;
 #endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
 #ifdef WOLFSSL_CERT_REQ
    /* CSR attributes */
    char*   cPwd; /* challengePassword */
    int     cPwdLen;
    char*   sNum; /* Serial Number */
    int     sNumLen;
 #endif /* WOLFSSL_CERT_REQ */
    Signer* ca;
 #ifndef NO_CERTS
    SignatureCtx sigCtx;
@ -939,7 +971,9 @@ struct DecodedCert {
 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
    byte extCertPolicyCrit : 1;
 #endif
-
+#ifdef WOLFSSL_CERT_REQ
    byte isCSR : 1;                /* Do we intend on parsing a CSR? */
 #endif
 };
@ -1036,6 +1070,12 @@ WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
 WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
 WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
        void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
        const byte* pubKey, word32 pubKeySz, int pubKeyOID);
 #endif /* WOLFSSL_CERT_REQ */
 WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
                        int sigAlgoType);
 WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
 WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
 WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
@ -1108,6 +1148,8 @@ WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
                           word32 maxIdx, int check);
 WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
                         word32 maxIdx);
 WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len,
                          word32 maxIdx, int zeroBits, byte* unusedBits);
 WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
                        word32 maxIdx);
 WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
@ -1142,6 +1184,7 @@ WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
 WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
 WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
 #endif
 WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
 WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
 WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
 WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
@ -1154,7 +1197,9 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
    byte* serial, int* serialSz, word32 maxIdx);
 WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
                             int maxIdx);
-WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der);
+WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
 WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
                                     const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
 WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
 WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
@ -1162,8 +1207,12 @@ WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
    /* ASN sig helpers */
    WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
                                      mp_int* s);
    WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, 
        const byte* r, word32 rLen, const byte* s, word32 sLen);
    WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
                                       mp_int* r, mp_int* s);
    WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, 
        byte* r, word32* rLen, byte* s, word32* sLen);
 #endif
 #if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 WOLFSSL_API int EccEnumToNID(int n);
@ -1200,7 +1249,8 @@ enum cert_enums {
    NTRU_KEY        = 11,
    ECC_KEY         = 12,
    ED25519_KEY     = 13,
-    ED448_KEY       = 14
+    ED448_KEY       = 14,
    DSA_KEY         = 15
 };
 #endif /* WOLFSSL_CERT_GEN */
@ -1251,6 +1301,9 @@ struct CertStatus {
    byte serial[EXTERNAL_SERIAL_SIZE];
    int serialSz;
 #ifdef OPENSSL_EXTRA
    WOLFSSL_ASN1_INTEGER* serialInt;
 #endif
    int status;
@ -1258,7 +1311,7 @@ struct CertStatus {
    byte nextDate[MAX_DATE_SIZE];
    byte thisDateFormat;
    byte nextDateFormat;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
    WOLFSSL_ASN1_TIME thisDateParsed;
    WOLFSSL_ASN1_TIME nextDateParsed;
    byte* thisDateAsn;
@ -1269,7 +1322,34 @@ struct CertStatus {
    word32 rawOcspResponseSz;
 };
 typedef struct OcspEntry OcspEntry;
 #ifdef NO_SHA
 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
 #else
 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
 #endif
 struct OcspEntry
 {
    OcspEntry *next;                      /* next entry                */
    word32 hashAlgoOID;                   /* hash algo ID              */
    byte issuerHash[OCSP_DIGEST_SIZE];    /* issuer hash               */
    byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash    */
    CertStatus *status;                   /* OCSP response list        */
    int totalStatus;                      /* number on list            */
    byte* rawCertId;                      /* raw bytes of the CertID   */
    int rawCertIdSize;                    /* num bytes in raw CertID   */
    /* option bits - using 32-bit for alignment */
    word32 isDynamic:1;                   /* was dynamically allocated */
 };
 /* TODO: Long-term, it would be helpful if we made this struct and other OCSP
         structs conform to the ASN spec as described in RFC 6960. It will help
         with readability and with implementing OpenSSL compatibility API
         functions, because OpenSSL's OCSP data structures conform to the
         RFC. */
 struct OcspResponse {
    int     responseStatus;  /* return code from Responder */
@ -1279,8 +1359,6 @@ struct OcspResponse {
    byte    producedDate[MAX_DATE_SIZE];
                             /* Date at which this response was signed */
    byte    producedDateFormat; /* format of the producedDate */
    byte*   issuerHash;
    byte*   issuerKeyHash;
    byte*   cert;
    word32  certSz;
@ -1289,7 +1367,7 @@ struct OcspResponse {
    word32  sigSz;           /* Length in octets for the sig */
    word32  sigOID;          /* OID for hash used for sig */
-    CertStatus* status;      /* certificate status to fill out */
+    OcspEntry* single;       /* chain of OCSP single responses */
    byte*   nonce;           /* pointer to nonce inside ASN.1 response */
    int     nonceSz;         /* length of the nonce string */
@ -1300,6 +1378,7 @@ struct OcspResponse {
 #ifdef OPENSSL_EXTRA
    int     verifyError;
 #endif
    void*  heap;
 };
@ -1320,24 +1399,8 @@ struct OcspRequest {
    void*  ssl;
 };
-typedef struct OcspEntry OcspEntry;
+WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*);
-
+WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*);
 #ifdef NO_SHA
 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
 #else
 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
 #endif
 struct OcspEntry
 {
    OcspEntry *next;                      /* next entry             */
    byte issuerHash[OCSP_DIGEST_SIZE];    /* issuer hash            */
    byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
    CertStatus *status;                   /* OCSP response list     */
    int totalStatus;                      /* number on list         */
 };
 WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
 WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
 WOLFSSL_LOCAL int    InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
@ -1422,6 +1485,7 @@ enum PBESTypes {
    PBE_SHA1_DES3      = 3,
    PBE_AES256_CBC     = 4,
    PBE_AES128_CBC     = 5,
    PBE_SHA1_40RC2_CBC = 6,
    PBE_SHA1_RC4_128_SUM = 657,
    PBE_SHA1_DES3_SUM    = 659,
--- a/source/libs/libwolfssl/wolfcrypt/asn_public.h
+++ b/source/libs/libwolfssl/wolfcrypt/asn_public.h
@ -126,6 +126,7 @@ enum CertType {
 /* Signature type, by OID sum */
 enum Ctc_SigType {
    CTC_SHAwDSA      = 517,
    CTC_SHA256wDSA   = 416,
    CTC_MD2wRSA      = 646,
    CTC_MD5wRSA      = 648,
    CTC_SHAwRSA      = 649,
--- a/source/libs/libwolfssl/wolfcrypt/chacha.h
+++ b/source/libs/libwolfssl/wolfcrypt/chacha.h
@ -55,6 +55,9 @@ Block counter is located at index 12.
 /* Size of IV in bytes*/
 #define CHACHA_IV_BYTES 12
 #ifdef HAVE_XCHACHA
 #define XCHACHA_NONCE_BYTES 24
 #endif
 /* Size of ChaCha chunks */
 #define CHACHA_CHUNK_WORDS 16
@ -92,8 +95,17 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
 WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
                              word32 msglen);
 WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
 WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
 #ifdef HAVE_XCHACHA
 WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
 				  const byte *nonce, word32 nonceSz,
 				  word32 counter);
 #endif
 #ifdef __cplusplus
    } /* extern "C" */
 #endif
--- a/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h
+++ b/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h
@ -48,6 +48,7 @@ or Authenticated Encryption with Additional Data (AEAD) algorithm.
 #define CHACHA20_POLY1305_AEAD_IV_SIZE      12
 #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
 #define CHACHA20_POLY1305_MAX               4294967295U
 #define XCHACHA20_POLY1305_AEAD_NONCE_SIZE  24
 enum {
    CHACHA20_POLY_1305_ENC_TYPE = 8,    /* cipher unique type */
@ -123,6 +124,30 @@ WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
 WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
    byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
 #ifdef HAVE_XCHACHA
 WOLFSSL_API int wc_XChaCha20Poly1305_Init(
    ChaChaPoly_Aead* aead,
    const byte *ad, word32 ad_len,
    const byte *inKey, word32 inKeySz,
    const byte *inIV, word32 inIVSz,
    int isEncrypt);
 WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt(
    byte *dst, const size_t dst_space,
    const byte *src, const size_t src_len,
    const byte *ad, const size_t ad_len,
    const byte *nonce, const size_t nonce_len,
    const byte *key, const size_t key_len);
 WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt(
    byte *dst, const size_t dst_space,
    const byte *src, const size_t src_len,
    const byte *ad, const size_t ad_len,
    const byte *nonce, const size_t nonce_len,
    const byte *key, const size_t key_len);
 #endif /* HAVE_XCHACHA */
 #ifdef __cplusplus
    } /* extern "C" */
--- a/source/libs/libwolfssl/wolfcrypt/compress.h
+++ b/source/libs/libwolfssl/wolfcrypt/compress.h
@ -47,6 +47,8 @@ WOLFSSL_API int wc_Compress_ex(byte* out, word32 outSz, const byte* in,
 WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32);
 WOLFSSL_API int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in,
    word32 inSz, int windowBits);
 WOLFSSL_API int wc_DeCompressDynamic(byte** out, int max, int memoryType,
        const byte* in, word32 inSz, int windowBits, void* heap);
 #ifdef __cplusplus
    } /* extern "C" */
--- a/source/libs/libwolfssl/wolfcrypt/cpuid.h
+++ b/source/libs/libwolfssl/wolfcrypt/cpuid.h
@ -34,6 +34,7 @@
 #if defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \
    defined(WOLFSSL_AESNI)
    #define CPUID_AVX1   0x0001
    #define CPUID_AVX2   0x0002
    #define CPUID_RDRAND 0x0004
@ -59,6 +60,7 @@
    WOLFSSL_API void cpuid_select_flags(word32 flags);
    WOLFSSL_API void cpuid_set_flag(word32 flag);
    WOLFSSL_API void cpuid_clear_flag(word32 flag);
 #endif
 #ifdef __cplusplus
--- a/source/libs/libwolfssl/wolfcrypt/cryptocb.h
+++ b/source/libs/libwolfssl/wolfcrypt/cryptocb.h
@ -85,6 +85,11 @@ typedef struct wc_CryptoInfo {
                WC_RNG* rng;
            } rsakg;
        #endif
            struct {
                RsaKey*     key;
                const byte* pubKey;
                word32      pubKeySz;
            } rsa_check;
        #endif
        #ifdef HAVE_ECC
            struct {
@ -115,6 +120,11 @@ typedef struct wc_CryptoInfo {
                int*        res;
                ecc_key*    key;
            } eccverify;
            struct {
                ecc_key*    key;
                const byte* pubKey;
                word32      pubKeySz;
            } ecc_check;
        #endif
        };
    } pk;
@ -212,7 +222,7 @@ typedef struct wc_CryptoInfo {
 typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx);
 WOLFSSL_LOCAL void wc_CryptoCb_Init(void);
-
+WOLFSSL_LOCAL int wc_CryptoCb_GetDevIdAtIndex(int startIdx);
 WOLFSSL_API int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId);
@ -229,6 +239,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
 WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e,
    WC_RNG* rng);
 #endif /* WOLFSSL_KEY_GEN */
 WOLFSSL_LOCAL int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey,
    word32 pubKeySz);
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
@ -243,6 +256,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
 WOLFSSL_LOCAL int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
    const byte* hash, word32 hashlen, int* res, ecc_key* key);
 WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
    word32 pubKeySz);
 #endif /* HAVE_ECC */
 #ifndef NO_AES
--- a/source/libs/libwolfssl/wolfcrypt/dh.h
+++ b/source/libs/libwolfssl/wolfcrypt/dh.h
@ -121,8 +121,8 @@ WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
                                   const byte* pub, word32 pubSz);
 WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, 
                                   byte* pub, word32* pPubSz);
-#endif /* WOLFSSL_DH_EXTRA */
+WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst);
-
+#endif
 WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
                        const byte* g, word32 gSz, const byte* q, word32 qSz,
                        int trusted, WC_RNG* rng);
--- a/source/libs/libwolfssl/wolfcrypt/ecc.h
+++ b/source/libs/libwolfssl/wolfcrypt/ecc.h
@ -58,6 +58,10 @@
    #include <libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
 #endif
 #ifdef WOLFSSL_SILABS_SE_ACCEL
    #include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h>
 #endif
 #ifdef WOLFSSL_HAVE_SP_ECC
    #include <libs/libwolfssl/wolfcrypt/sp_int.h>
 #endif
@ -125,7 +129,7 @@ enum {
    ECC_MAXNAME     = 16,   /* MAX CURVE NAME LENGTH */
    SIG_HEADER_SZ   =  7,   /* ECC signature header size (30 81 87 02 42 [R] 02 42 [S]) */
    ECC_BUFSIZE     = 256,  /* for exported keys temp buffer */
-    ECC_MINSIZE     = 20,   /* MIN Private Key size */
+    ECC_MINSIZE     = ECC_MIN_KEY_SZ/8,   /* MIN Private Key size */
    ECC_MAXSIZE     = 66,   /* MAX Private Key size */
    ECC_MAXSIZE_GEN = 74,   /* MAX Buffer size required when generating ECC keys*/
    ECC_MAX_OID_LEN = 16,
@ -137,6 +141,8 @@ enum {
    ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
 #elif defined(PLUTON_CRYPTO_ECC)
    ECC_MAX_CRYPTO_HW_SIZE = 32,
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
    ECC_MAX_CRYPTO_HW_SIZE = 32,
 #elif defined(WOLFSSL_CRYPTOCELL)
    #ifndef CRYPTOCELL_KEY_SIZE
        CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE,
@ -152,8 +158,9 @@ enum {
    /* Shamir's dual add constants */
    SHAMIR_PRECOMP_SZ = 16,
-#ifdef HAVE_PKCS11
+#ifdef WOLF_CRYPTO_CB
    ECC_MAX_ID_LEN    = 32,
    ECC_MAX_LABEL_LEN = 32,
 #endif
 };
@ -315,7 +322,8 @@ typedef struct ecc_set_type {
 #endif
 /* determine buffer size */
-#define FP_SIZE_ECC    (FP_MAX_BITS_ECC/DIGIT_BIT)
+/* Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod(). */
 #define FP_SIZE_ECC    ((FP_MAX_BITS_ECC/DIGIT_BIT) + 1)
 /* This needs to match the size of the fp_int struct, except the
@ -395,6 +403,16 @@ struct ecc_key {
 #if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB)
    int devId;
 #endif
 #ifdef WOLFSSL_SILABS_SE_ACCEL
    sl_se_command_context_t  cmd_ctx;
    sl_se_key_descriptor_t   key;
    /* Used for SiLabs "plaintext" with public X, public Y, and
     * private D concatenated. These are respectively at offset `0`,
     * offset `keysize`, and offset `2 * keysize`.
     */
    byte key_raw[3 * ECC_MAX_CRYPTO_HW_SIZE];
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
    mp_int* r;          /* sign/verify temps */
    mp_int* s;
@ -407,9 +425,11 @@ struct ecc_key {
        CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
    #endif
 #endif /* WOLFSSL_ASYNC_CRYPT */
-#ifdef HAVE_PKCS11
+#ifdef WOLF_CRYPTO_CB
    byte id[ECC_MAX_ID_LEN];
    int  idLen;
    char label[ECC_MAX_LABEL_LEN];
    int  labelLen;
 #endif
 #if defined(WOLFSSL_CRYPTOCELL)
    ecc_context_t ctx;
@ -474,6 +494,9 @@ ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
 WOLFSSL_LOCAL
 int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R,
    mp_int* a, mp_int* modulus, mp_digit mp, int* infinity);
 WOLFSSL_LOCAL
 int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a,
                                  mp_int* modulus, mp_digit mp);
 #endif
@ -541,10 +564,12 @@ WOLFSSL_API
 int wc_ecc_init(ecc_key* key);
 WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
-#ifdef HAVE_PKCS11
+#ifdef WOLF_CRYPTO_CB
 WOLFSSL_API
 int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
                   int devId);
 WOLFSSL_API
 int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId);
 #endif
 #ifdef WOLFSSL_CUSTOM_CURVES
 WOLFSSL_LOCAL
--- a/source/libs/libwolfssl/wolfcrypt/fe_448.h
+++ b/source/libs/libwolfssl/wolfcrypt/fe_448.h
@ -46,6 +46,7 @@
 #if defined(CURVED448_128BIT)
    typedef int64_t fe448;
    #ifndef WOLFSSL_UINT128_T_DEFINED
        #ifdef __SIZEOF_INT128__
            typedef __uint128_t uint128_t;
            typedef __int128_t int128_t;
@ -53,6 +54,8 @@
            typedef unsigned long uint128_t __attribute__ ((mode(TI)));
            typedef long int128_t __attribute__ ((mode(TI)));
        #endif
        #define WOLFSSL_UINT128_T_DEFINED
    #endif
 #else
    typedef int32_t fe448;
 #endif
--- a/source/libs/libwolfssl/wolfcrypt/hmac.h
+++ b/source/libs/libwolfssl/wolfcrypt/hmac.h
@ -95,6 +95,7 @@ enum {
 #endif
 #ifdef HAVE_PKCS11
    HMAC_MAX_ID_LEN    = 32,
    HMAC_MAX_LABEL_LEN = 32,
 #endif
 };
@ -153,6 +154,8 @@ struct Hmac {
 #ifdef HAVE_PKCS11
    byte    id[HMAC_MAX_ID_LEN];
    int     idLen;
    char    label[HMAC_MAX_LABEL_LEN];
    int     labelLen;
 #endif
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
    word16  keyLen;          /* hmac key length (key in ipad) */
@ -174,8 +177,12 @@ WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
 WOLFSSL_API int wc_HmacSizeByType(int type);
 WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId);
 #ifdef HAVE_PKCS11
 WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
                               int devId);
 WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
                                  int devId);
 #endif
 WOLFSSL_API void wc_HmacFree(Hmac*);
 WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
--- a/source/libs/libwolfssl/wolfcrypt/integer.h
+++ b/source/libs/libwolfssl/wolfcrypt/integer.h
@ -33,7 +33,7 @@
   may not be faster on all
 */
 #include <libs/libwolfssl/wolfcrypt/types.h>       /* will set MP_xxBIT if not default */
-#ifdef WOLFSSL_SP_MATH
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
    #include <libs/libwolfssl/wolfcrypt/sp_int.h>
 #elif defined(USE_FAST_MATH)
    #include <libs/libwolfssl/wolfcrypt/tfm.h>
--- a/source/libs/libwolfssl/wolfcrypt/logging.h
+++ b/source/libs/libwolfssl/wolfcrypt/logging.h
@ -100,6 +100,10 @@ WOLFSSL_API int  wolfSSL_Debugging_ON(void);
 /* turn logging off */
 WOLFSSL_API void wolfSSL_Debugging_OFF(void);
 #ifdef HAVE_WC_INTROSPECTION
    WOLFSSL_API const char *wolfSSL_configure_args(void);
    WOLFSSL_API const char *wolfSSL_global_cflags(void);
 #endif
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
    WOLFSSL_LOCAL int wc_LoggingInit(void);
@ -187,6 +191,14 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
    #define WOLFSSL_ERROR_MSG(m)
 #endif
 #ifdef HAVE_STACK_SIZE_VERBOSE
    extern WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack;
    extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSize;
    extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSizeHWM;
    extern WOLFSSL_API THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr;
    extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer;
 #endif
 #ifdef __cplusplus
 }
 #endif
--- a/source/libs/libwolfssl/wolfcrypt/mem_track.h
+++ b/source/libs/libwolfssl/wolfcrypt/mem_track.h
@ -76,6 +76,15 @@
        long totalBytes;      /* total number of bytes allocated */
        long peakBytes;       /* concurrent max bytes */
        long currentBytes;    /* total current bytes in use */
 #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
        long peakAllocsTripOdometer; /* peak number of concurrent allocations,
                                      * subject to reset by
                                      * wolfCrypt_heap_peak_checkpoint()
                                      */
        long peakBytesTripOdometer; /* peak concurrent bytes, subject to reset
                                     * by wolfCrypt_heap_peak_checkpoint()
                                     */
 #endif
    } memoryStats;
    typedef struct memHint {
@ -170,8 +179,17 @@
        ourMemStats.totalAllocs++;
        ourMemStats.totalBytes   += sz;
        ourMemStats.currentBytes += sz;
        #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
        if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - ourMemStats.totalDeallocs)
            ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - ourMemStats.totalDeallocs;
        if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) {
            ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes;
        #endif
            if (ourMemStats.currentBytes > ourMemStats.peakBytes)
                ourMemStats.peakBytes = ourMemStats.currentBytes;
        #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
        }
        #endif
    #endif
    #ifdef DO_MEM_LIST
        if (pthread_mutex_lock(&memLock) == 0) {
@ -338,6 +356,10 @@
        ourMemStats.totalBytes   = 0;
        ourMemStats.peakBytes    = 0;
        ourMemStats.currentBytes = 0;
 #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
        ourMemStats.peakAllocsTripOdometer = 0;
        ourMemStats.peakBytesTripOdometer    = 0;
 #endif
    #endif
    #ifdef DO_MEM_LIST
--- a/source/libs/libwolfssl/wolfcrypt/misc.h
+++ b/source/libs/libwolfssl/wolfcrypt/misc.h
@ -43,11 +43,23 @@ word32 rotlFixed(word32, word32);
 WOLFSSL_LOCAL
 word32 rotrFixed(word32, word32);
 #ifdef WC_RC2
 WOLFSSL_LOCAL
 word16 rotlFixed16(word16, word16);
 WOLFSSL_LOCAL
 word16 rotrFixed16(word16, word16);
 #endif
 WOLFSSL_LOCAL
 word32 ByteReverseWord32(word32);
 WOLFSSL_LOCAL
 void   ByteReverseWords(word32*, const word32*, word32);
 WOLFSSL_LOCAL
 void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b,
                 word32 n);
 WOLFSSL_LOCAL
 void xorbufout(void*, const void*, const void*, word32);
 WOLFSSL_LOCAL
 void XorWords(wolfssl_word*, const wolfssl_word*, word32);
 WOLFSSL_LOCAL
@ -103,7 +115,9 @@ WOLFSSL_LOCAL byte ctMaskLT(int a, int b);
 WOLFSSL_LOCAL byte ctMaskLTE(int a, int b);
 WOLFSSL_LOCAL byte ctMaskEq(int a, int b);
 WOLFSSL_LOCAL word16 ctMask16GT(int a, int b);
 WOLFSSL_LOCAL word16 ctMask16GTE(int a, int b);
 WOLFSSL_LOCAL word16 ctMask16LT(int a, int b);
 WOLFSSL_LOCAL word16 ctMask16LTE(int a, int b);
 WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b);
 WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b);
 WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b);
--- a/source/libs/libwolfssl/wolfcrypt/pkcs12.h
+++ b/source/libs/libwolfssl/wolfcrypt/pkcs12.h
@ -53,6 +53,8 @@ WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz);
 WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
        byte** pkey, word32* pkeySz, byte** cert, word32* certSz,
        WC_DerCertList** ca);
 WOLFSSL_LOCAL int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12,
        const byte* psw, word32 pswSz);
 WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz,
        char* name, byte* key, word32 keySz, byte* cert, word32 certSz,
        WC_DerCertList* ca, int nidKey, int nidCert, int iter, int macIter,
--- a/source/libs/libwolfssl/wolfcrypt/pkcs7.h
+++ b/source/libs/libwolfssl/wolfcrypt/pkcs7.h
@ -48,8 +48,12 @@
 /* Max number of certificates that PKCS7 structure can parse */
 #ifndef MAX_PKCS7_CERTS
 #ifdef OPENSSL_ALL
    #define MAX_PKCS7_CERTS 15
 #else
    #define MAX_PKCS7_CERTS 4
 #endif
 #endif
 #ifndef MAX_ORI_TYPE_SZ
    #define MAX_ORI_TYPE_SZ  MAX_OID_SZ
@ -154,8 +158,8 @@ enum Pkcs7_Misc {
                            MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
                            MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
 #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-     (HAVE_FIPS_VERSION >= 2)) || (defined(HAVE_SELFTEST) && \
+     (HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
-     (!defined(HAVE_SELFTEST_VERSION) || HAVE_SELFTEST_VERSION < 2))
+     (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
    /* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are
     * not in aes.h for use with pkcs7 so enumerate it here outside the fips
     * boundary */
--- a/source/libs/libwolfssl/wolfcrypt/poly1305.h
+++ b/source/libs/libwolfssl/wolfcrypt/poly1305.h
@ -116,6 +116,9 @@ WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
 /* AEAD Functions */
 WOLFSSL_API int wc_Poly1305_Pad(Poly1305* ctx, word32 lenToPad);
 WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 dataSz);
 #ifdef WORD64_AVAILABLE
 WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz, word64 dataSz);
 #endif
 WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
                               byte* input, word32 sz, byte* tag, word32 tagSz);
--- a/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h
+++ b/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h
@ -30,9 +30,7 @@
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
    defined(WOLFSSL_ATECC_PKCB)
    #undef SHA_BLOCK_SIZE
    #define SHA_BLOCK_SIZE  SHA_BLOCK_SIZE_REMAP
    #include <cryptoauthlib.h>
    #undef SHA_BLOCK_SIZE
 #endif
 /* ATECC508A/608A only supports ECC P-256 */
--- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h
+++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h
@ -0,0 +1,67 @@
 /* silabs_aes.h
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #ifndef _SILABS_AES_H_
 #define _SILABS_AES_H_
 #include <em_device.h>
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
 #include <libs/libwolfssl/wolfcrypt/types.h>
 #include <sl_se_manager.h>
 #include <sl_se_manager_cipher.h>
 typedef struct {
  sl_se_command_context_t cmd_ctx;
  sl_se_key_descriptor_t  key;
 } silabs_aes_t;
 typedef struct Aes Aes;
 #ifdef HAVE_AESGCM
 int wc_AesGcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
                             const byte* iv, word32 ivSz,
                             byte* authTag, word32 authTagSz,
                             const byte* authIn, word32 authInSz);
 int wc_AesGcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
                             const byte* iv, word32 ivSz,
                             const byte* authTag, word32 authTagSz,
                             const byte* authIn, word32 authInSz);
 #endif /* HAVE_AESGCM */
 #ifdef HAVE_AESCCM
 int wc_AesCcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
                             const byte* iv, word32 ivSz,
                             byte* authTag, word32 authTagSz,
                             const byte* authIn, word32 authInSz);
 int wc_AesCcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
                             const byte* iv, word32 ivSz,
                             const byte* authTag, word32 authTagSz,
                             const byte* authIn, word32 authInSz);
 #endif /* HAVE_AESCCM */
 #endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */
 #endif /* _SILABS_AES_H_ */
--- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h
+++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h
@ -0,0 +1,63 @@
 /* silabs_ecc.h
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #ifndef _SILABS_ECC_H_
 #define _SILABS_ECC_H_
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
 #include <libs/libwolfssl/wolfcrypt/types.h>
 #include <sl_se_manager.h>
 #include <sl_se_manager_defines.h>
 #include <sl_se_manager_key_derivation.h>
 #include <sl_se_manager_signature.h>
 typedef enum ecc_curve_id ecc_curve_id;
 typedef struct ecc_key ecc_key;
 int silabs_ecc_sign_hash (const byte* in, word32 inlen,
                          byte* out, word32 *outlen,
                          ecc_key* key);
 int silabs_ecc_verify_hash (const byte* sig, word32 siglen,
                            const byte* hash, word32 hashlen,
                            int* stat, ecc_key* key);
 int silabs_ecc_make_key(ecc_key* key, int keysize);
 int silabs_ecc_import(ecc_key* key, word32 keysize);
 int silabs_ecc_import_private(ecc_key* key, word32 keysize);
 int silabs_ecc_sig_to_rs(ecc_key* key, word32 keySz);
 int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, int encType);
 int silabs_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
                             byte* out, word32* outlen);
 #endif /* WOLFSSL_SILABS_SE_ACCEL */
 #endif /* _SILABS_ECC_H_ */
--- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h
+++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h
@ -0,0 +1,66 @@
 /* silabs_hash.h
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #ifndef _SILABS_HASH_H_
 #define _SILABS_HASH_H_
 #include <em_device.h>
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
 #include <libs/libwolfssl/wolfcrypt/types.h>
 #include <sl_se_manager.h>
 #include <sl_se_manager_hash.h>
 #if defined(SL_SE_HASH_SHA384) && !defined(NO_SHA384)
 #define WOLFSSL_SILABS_SHA384
 #endif
 #if defined(SL_SE_HASH_SHA512) && !defined(NO_SHA384)
 #define WOLFSSL_SILABS_SHA512
 #endif
 typedef struct {
  sl_se_hash_streaming_context_t hash_ctx;
  sl_se_command_context_t cmd_ctx;
  union hash_type_ctx_u {
    sl_se_sha1_streaming_context_t   sha1_ctx;
    sl_se_sha224_streaming_context_t sha224_ctx;
    sl_se_sha256_streaming_context_t sha256_ctx;
 #ifdef WOLFSSL_SILABS_SHA384
    sl_se_sha384_streaming_context_t sha384_ctx;
 #endif
 #ifdef WOLFSSL_SILABS_SHA512
    sl_se_sha512_streaming_context_t sha512_ctx;
 #endif
  } hash_type_ctx;
 } wc_silabs_sha_t;
 int wc_silabs_se_hash_init (wc_silabs_sha_t* sha, enum wc_HashType type);
 int wc_silabs_se_hash_update (wc_silabs_sha_t* sha, const byte* data, word32 len);
 int wc_silabs_se_hash_final (wc_silabs_sha_t* sha, byte* hash);
 #endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */
 #endif /* _SILABS_HASH_H_ */
--- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h
+++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h
@ -0,0 +1,35 @@
 /* silabs_random.h
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #ifndef _SILABS_RANDOM_H_
 #define _SILABS_RANDOM_H_
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
 #include <libs/libwolfssl/wolfcrypt/types.h>
 int silabs_GenerateRand(byte* output, word32 sz);
 #endif /* WOLFSSL_SILABS_SE_ACCEL */
 #endif /* _SILABS_RANDOM_H_ */
--- a/source/libs/libwolfssl/wolfcrypt/random.h
+++ b/source/libs/libwolfssl/wolfcrypt/random.h
@ -225,7 +225,12 @@ WOLFSSL_API int  wc_FreeRng(WC_RNG*);
 #define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
 #define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
 #define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
 #if defined(__ghs__) || defined(WC_NO_RNG_SIMPLE)
 /* some older compilers do not like macro function in expression */
 #define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
 #else
 #define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
 #endif
 #define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
 #define wc_FreeRng(rng) (void)NOT_COMPILED_IN
 #endif
--- a/source/libs/libwolfssl/wolfcrypt/rsa.h
+++ b/source/libs/libwolfssl/wolfcrypt/rsa.h
@ -141,8 +141,9 @@ enum {
    RSA_PSS_SALT_LEN_DISCOVER = -2,
 #endif
-#ifdef HAVE_PKCS11
+#ifdef WOLF_CRYPTO_CB
    RSA_MAX_ID_LEN      = 32,
    RSA_MAX_LABEL_LEN   = 32,
 #endif
 };
@ -184,9 +185,11 @@ struct RsaKey {
    byte*  mod;
    XSecure_Rsa xRsa;
 #endif
-#ifdef HAVE_PKCS11
+#ifdef WOLF_CRYPTO_CB
    byte id[RSA_MAX_ID_LEN];
    int  idLen;
    char label[RSA_MAX_LABEL_LEN];
    int  labelLen;
 #endif
 #if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE)
    byte   dataIsAlloc;
@ -213,9 +216,11 @@ struct RsaKey {
 WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void* heap);
 WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
 WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
-#ifdef HAVE_PKCS11
+#ifdef WOLF_CRYPTO_CB
 WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
                                 void* heap, int devId);
 WOLFSSL_API int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap,
                                    int devId);
 #endif
 WOLFSSL_API int  wc_CheckRsaKey(RsaKey* key);
 #ifdef WOLFSSL_XILINX_CRYPT
@ -246,6 +251,9 @@ WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
                              word32 outLen, RsaKey* key);
 WOLFSSL_API int  wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,
                              word32 outLen, RsaKey* key, int pad_type);
 WOLFSSL_API int  wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out,
                              word32 outLen, RsaKey* key, int pad_type,
                              enum wc_HashType hash);
 WOLFSSL_API int  wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
                                        enum wc_HashType hash, int mgf,
                                        RsaKey* key);
@ -367,6 +375,8 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou
                                   int mgf, byte* optLabel, word32 labelLen, int saltLen,
                                   int bits, void* heap);
 WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType);
 #endif /* HAVE_USER_RSA */
 #ifdef __cplusplus
--- a/source/libs/libwolfssl/wolfcrypt/settings.h
+++ b/source/libs/libwolfssl/wolfcrypt/settings.h
@ -225,10 +225,9 @@
    #include "user_settings.h"
 #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
    /* STM Configuration File (generated by CubeMX) */
-    #include "wolfSSL.wolfSSL_conf.h"
+    #include "wolfSSL.I-CUBE-wolfSSL_conf.h"
 #endif
 /* make sure old RNG name is used with CTaoCrypt FIPS */
 #ifdef HAVE_FIPS
    #if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
@ -358,12 +357,13 @@
    #define NO_FILESYSTEM
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
    #define WOLFSSL_HAVE_MIN
    #define WOLFSSL_HAVE_MAX
    #define NO_BIG_INT
 #endif
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ
    #define WOLFSSL_HAVE_MIN
    #define WOLFSSL_HAVE_MAX
    #ifndef NO_PIC32MZ_CRYPT
        #define WOLFSSL_PIC32MZ_CRYPT
    #endif
@ -678,17 +678,17 @@ extern void uITRON4_free(void *p) ;
    /* static char* gets(char *buff); */
    static char* fgets(char *buff, int sz, XFILE fp) {
-        char * p = buff;
+        char * s = buff;
-        *p = '\0';
+        *s = '\0';
        while (1) {
-            *p = tm_getchar(-1);
+            *s = tm_getchar(-1);
-            tm_putchar(*p);
+            tm_putchar(*s);
-            if (*p == '\r') {
+            if (*s == '\r') {
                tm_putchar('\n');
-                *p = '\0';
+                *s = '\0';
                break;
            }
-            p++;
+            s++;
        }
        return buff;
    }
@ -1070,7 +1070,9 @@ extern void uITRON4_free(void *p) ;
    #define ECC_TIMING_RESISTANT
    #undef  HAVE_ECC
    #ifndef WOLFCRYPT_FIPS_RAND
    #define HAVE_ECC
    #endif
    #ifndef NO_AES
        #undef  HAVE_AESCCM
        #define HAVE_AESCCM
@ -1165,7 +1167,9 @@ extern void uITRON4_free(void *p) ;
        #endif
        #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA
            #ifndef WOLFCRYPT_FIPS_RAND
            #define FREESCALE_LTC_ECC
            #endif
            #define FREESCALE_LTC_TFM
            /* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic.
@ -1215,6 +1219,8 @@ extern void uITRON4_free(void *p) ;
    #define USE_CERT_BUFFERS_4096
    #undef  FP_MAX_BITS
    #define FP_MAX_BITS (8192)
    #undef  SP_INT_BITS
    #define SP_INT_BITS (4096)
    #undef  NO_DH
    #define NO_DH
@ -1387,11 +1393,18 @@ extern void uITRON4_free(void *p) ;
 #ifdef MICRIUM
    #include <stdlib.h>
    #include <os.h>
    #if defined(RTOS_MODULE_NET_AVAIL) || (APP_CFG_TCPIP_EN == DEF_ENABLED)
        #include <net_cfg.h>
        #include <net_sock.h>
        #if (OS_VERSION < 50000)
            #include <net_err.h>
        #endif
    #endif
    #include <lib_mem.h>
    #include <lib_math.h>
    #include <lib_str.h>
    #include  <stdio.h>
    #include <string.h>
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
@ -1415,7 +1428,7 @@ extern void uITRON4_free(void *p) ;
    #define NO_WOLFSSL_DIR
    #define NO_WRITEV
-    #ifndef CUSTOM_RAND_GENERATE
+    #if ! defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(CUSTOM_RAND_GENERATE)
        #define CUSTOM_RAND_TYPE     RAND_NBR
        #define CUSTOM_RAND_GENERATE Math_Rand
    #endif
@ -1445,10 +1458,25 @@ extern void uITRON4_free(void *p) ;
                    (CPU_SIZE_T)(size)))
    #define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \
                     (void *)(psrc), (CPU_SIZE_T)(size)))
    #if (OS_VERSION < 50000)
        #define XMEMCMP(pmem_1, pmem_2, size)                   \
                   (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1),     \
                                          (void *)(pmem_2),     \
                     (CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES)
    #else
      /* Work around for Micrium OS version 5.8 change in behavior
       * that returns DEF_NO for 0 size compare
       */
        #define XMEMCMP(pmem_1, pmem_2, size)                           \
            (( (size < 1 ) ||                                           \
               ((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1),                  \
                                     (void *)(pmem_2),                  \
                                     (CPU_SIZE_T)(size)) == DEF_YES))   \
             ? 0 : 1)
        #define XSNPRINTF snprintf
    #endif
    #define XMEMMOVE XMEMCPY
    #if (OS_CFG_MUTEX_EN == DEF_DISABLED)
@ -1746,6 +1774,21 @@ extern void uITRON4_free(void *p) ;
    #endif
 #endif
 /* The minimum allowed ECC key size */
 /* Note: 224-bits is equivelant to 2048-bit RSA */
 #ifndef ECC_MIN_KEY_SZ
    #ifdef WOLFSSL_MIN_ECC_BITS
        #define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS
    #else
        #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2
            /* FIPSv2 and ready (for now) includes 192-bit support */
            #define ECC_MIN_KEY_SZ 192
        #else
            #define ECC_MIN_KEY_SZ 224
        #endif
    #endif
 #endif
 /* ECC Configs */
 #ifdef HAVE_ECC
    /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
@ -1929,6 +1972,11 @@ extern void uITRON4_free(void *p) ;
        #error "FFDHE parameters are too large for FP_MAX_BIT as set"
    #endif
 #endif
 #if defined(HAVE_FFDHE) && defined(SP_INT_BITS)
    #if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2
        #error "FFDHE parameters are too large for SP_INT_BIT as set"
    #endif
 #endif
 /* if desktop type system and fastmath increase default max bits */
 #ifdef WOLFSSL_X86_64_BUILD
@ -1939,6 +1987,13 @@ extern void uITRON4_free(void *p) ;
            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
        #endif
    #endif
    #if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS)
        #if MIN_FFDHE_FP_MAX_BITS <= 8192
            #define SP_INT_BITS 4096
        #else
            #define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2
        #endif
    #endif
 #endif
 /* If using the max strength build, ensure OLD TLS is disabled. */
@ -2118,8 +2173,8 @@ extern void uITRON4_free(void *p) ;
    #ifndef USE_WOLF_STRTOK
        #define USE_WOLF_STRTOK
    #endif
-    #ifndef WOLFSSL_SP_MOD_WORD_RP
+    #ifndef WOLFSSL_SP_DIV_WORD_HALF
-        #define WOLFSSL_SP_MOD_WORD_RP
+        #define WOLFSSL_SP_DIV_WORD_HALF
    #endif
    #ifndef WOLFSSL_OLD_PRIME_CHECK
        #define WOLFSSL_OLD_PRIME_CHECK
@ -2138,12 +2193,6 @@ extern void uITRON4_free(void *p) ;
    #ifndef WOLFSSL_SP_DIV_WORD_HALF
        #define WOLFSSL_SP_DIV_WORD_HALF
    #endif
    #ifndef SP_HALF_SIZE
        #define SP_HALF_SIZE        32
    #endif
    #ifndef SP_HALF_MAX
        #define SP_HALF_MAX         4294967295U
    #endif
 #endif
@ -2154,7 +2203,8 @@ extern void uITRON4_free(void *p) ;
    #undef HAVE_GMTIME_R /* don't trust macro with windows */
 #endif /* WOLFSSL_MYSQL_COMPATIBLE */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
 || defined(HAVE_LIGHTY)
    #define SSL_OP_NO_COMPRESSION    SSL_OP_NO_COMPRESSION
    #define OPENSSL_NO_ENGINE
    #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
@ -2175,7 +2225,7 @@ extern void uITRON4_free(void *p) ;
    #endif
 #endif
-#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+#ifdef HAVE_SNI
    #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
 #endif
@ -2248,17 +2298,23 @@ extern void uITRON4_free(void *p) ;
 #endif
 /* Parts of the openssl compatibility layer require peer certs */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
 || defined(HAVE_LIGHTY)
    #undef  KEEP_PEER_CERT
    #define KEEP_PEER_CERT
 #endif
-/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/
+/* RAW hash function APIs are not implemented */
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH)
    #undef  WOLFSSL_NO_HASH_RAW
    #define WOLFSSL_NO_HASH_RAW
 #endif
 /* XChacha not implemented with ARM assembly ChaCha */
 #if defined(WOLFSSL_ARMASM)
    #undef HAVE_XCHACHA
 #endif
 #if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \
                                                          !defined(WOLFSSL_SHA3)
    #undef  WOLFSSL_NO_WORD64_OPS
@ -2297,7 +2353,8 @@ extern void uITRON4_free(void *p) ;
 #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
    !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
-                    defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_RSA_PUBLIC_ONLY)
+    (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
    defined(WOLFSSL_RSA_PUBLIC_ONLY)
    #undef  WOLFSSL_NO_FORCE_ZERO
    #define WOLFSSL_NO_FORCE_ZERO
 #endif
@ -2323,6 +2380,13 @@ extern void uITRON4_free(void *p) ;
    #undef WOLFSSL_SMALL_STACK
 #endif
 #ifdef WOLFSSL_SMALL_STACK_STATIC
    #undef WOLFSSL_SMALL_STACK_STATIC
    #define WOLFSSL_SMALL_STACK_STATIC static
 #else
    #define WOLFSSL_SMALL_STACK_STATIC
 #endif
 /* The client session cache requires time for timeout */
 #if defined(NO_ASN_TIME) && !defined(NO_SESSION_CACHE)
    #define NO_SESSION_CACHE
--- a/source/libs/libwolfssl/wolfcrypt/sha.h
+++ b/source/libs/libwolfssl/wolfcrypt/sha.h
@ -75,6 +75,9 @@
 #ifdef WOLFSSL_IMXRT_DCP
    #include <libs/libwolfssl/wolfcrypt/port/nxp/dcp_port.h>
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
    #include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h>
 #endif
 #if !defined(NO_OLD_SHA_NAMES)
    #define SHA             WC_SHA
@ -114,6 +117,8 @@ struct wc_Sha {
        ltc_hash_ctx_t ctx;
 #elif defined(STM32_HASH)
        STM32_HASH_Context stmCtx;
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
        wc_silabs_sha_t silabsCtx;
 #else
        word32  buffLen;   /* in bytes          */
        word32  loLen;     /* length in bytes   */
--- a/source/libs/libwolfssl/wolfcrypt/sha256.h
+++ b/source/libs/libwolfssl/wolfcrypt/sha256.h
@ -88,6 +88,9 @@
 #if defined(WOLFSSL_CRYPTOCELL)
    #include <libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
    #include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h>
 #endif
 #if defined(_MSC_VER)
    #define SHA256_NOINLINE __declspec(noinline)
@ -138,6 +141,8 @@ struct wc_Sha256 {
    ltc_hash_ctx_t ctx;
 #elif defined(STM32_HASH_SHA2)
    STM32_HASH_Context stmCtx;
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
  wc_silabs_sha_t silabsCtx;
 #else
    /* alignment on digest and buffer speeds up ARMv8 crypto operations */
    ALIGN16 word32  digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
--- a/source/libs/libwolfssl/wolfcrypt/sha3.h
+++ b/source/libs/libwolfssl/wolfcrypt/sha3.h
@ -90,7 +90,7 @@ enum {
 #else
 /* Sha3 digest */
-struct Sha3 {
+struct wc_Sha3 {
    /* State data that is processed for each block. */
    word64 s[25];
    /* Unprocessed message data. */
@ -109,7 +109,7 @@ struct Sha3 {
 };
 #ifndef WC_SHA3_TYPE_DEFINED
-    typedef struct Sha3 wc_Sha3;
+    typedef struct wc_Sha3 wc_Sha3;
    #define WC_SHA3_TYPE_DEFINED
 #endif
--- a/source/libs/libwolfssl/wolfcrypt/sha512.h
+++ b/source/libs/libwolfssl/wolfcrypt/sha512.h
@ -76,6 +76,10 @@
 #ifdef WOLFSSL_ESP32WROOM32_CRYPT
    #include <libs/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
    #include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h>
 #endif
 #if defined(_MSC_VER)
    #define SHA512_NOINLINE __declspec(noinline)
 #elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
@ -136,6 +140,10 @@ struct wc_Sha512 {
   !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
    WC_ESP32SHA ctx;
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
  wc_silabs_sha_t silabsCtx;
 #endif
 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
    word32 flags; /* enum wc_HashFlags in hash.h */
 #endif
--- a/source/libs/libwolfssl/wolfcrypt/sp_int.h
+++ b/source/libs/libwolfssl/wolfcrypt/sp_int.h
--- a/source/libs/libwolfssl/wolfcrypt/types.h
+++ b/source/libs/libwolfssl/wolfcrypt/types.h
@ -154,6 +154,7 @@ decouple library dependencies with standard string, memory and so on.
        #ifdef WORD64_AVAILABLE
            #define WOLFCRYPT_SLOW_WORD64
        #endif
        #define WC_32BIT_CPU
    #endif
 #elif defined(WC_16BIT_CPU)
@ -167,6 +168,7 @@ decouple library dependencies with standard string, memory and so on.
        typedef word32 wolfssl_word;
        #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as
                             mp_digit, no 64 bit type so make mp_digit 16 bit */
        #define WC_32BIT_CPU
 #endif
    enum {
@ -493,11 +495,12 @@ decouple library dependencies with standard string, memory and so on.
        #define XSTRLEN(s1)       strlen((s1))
        #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
-        /* strstr, strncmp, and strncat only used by wolfSSL proper,
+        /* strstr, strncmp, strcmp, and strncat only used by wolfSSL proper,
         * not required for wolfCrypt only */
        #define XSTRSTR(s1,s2)    strstr((s1),(s2))
        #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
        #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
        #define XSTRCMP(s1,s2)    strcmp((s1),(s2))
        #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
        #ifdef USE_WOLF_STRSEP
@ -647,9 +650,12 @@ decouple library dependencies with standard string, memory and so on.
                #include <ctype.h>
            #endif
 	    #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
-            defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
+            defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \
            defined(OPENSSL_EXTRA)
            #define XTOUPPER(c)     toupper((c))
-            #define XISALPHA(c)     isalpha((c))
+        #endif
        #ifdef OPENSSL_ALL
        #define XISALNUM(c)     isalnum((c))
        #endif
        /* needed by wolfSSL_check_domain_name() */
        #define XTOLOWER(c)      tolower((c))
@ -784,7 +790,8 @@ decouple library dependencies with standard string, memory and so on.
    /* hash types */
    enum wc_HashType {
-    #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS)
+    #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) && \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))
        /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types.
         * Values here are based on old selftest hmac.h enum, with additions.
         * These values are fixed for backwards FIPS compatibility */
@ -858,8 +865,10 @@ decouple library dependencies with standard string, memory and so on.
        WC_PK_TYPE_CURVE25519 = 7,
        WC_PK_TYPE_RSA_KEYGEN = 8,
        WC_PK_TYPE_EC_KEYGEN = 9,
        WC_PK_TYPE_RSA_CHECK_PRIV_KEY = 10,
        WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11,
-        WC_PK_TYPE_MAX = WC_PK_TYPE_EC_KEYGEN
+        WC_PK_TYPE_MAX = WC_PK_TYPE_EC_CHECK_PRIV_KEY
    };
--- a/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h
+++ b/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h
@ -67,7 +67,6 @@ enum Pkcs11KeyType {
    PKCS11_KEY_TYPE_EC,
 };
 WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
                                     void* heap);
 WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
--- a/source/libs/libwolfssl/wolfcrypt/wc_port.h
+++ b/source/libs/libwolfssl/wolfcrypt/wc_port.h
@ -81,6 +81,7 @@
    _Pragma("GCC diagnostic ignored \"-Wsign-compare\"");
    _Pragma("GCC diagnostic ignored \"-Wpointer-sign\"");
    _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\"");
    _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\"");
    #include <linux/kconfig.h>
    #include <linux/kernel.h>
@ -88,6 +89,7 @@
    #include <linux/ctype.h>
    #include <linux/init.h>
    #include <linux/module.h>
    #include <linux/mm.h>
    #ifndef SINGLE_THREADED
        #include <linux/kthread.h>
    #endif
@ -99,19 +101,52 @@
        #else
            #include <asm/simd.h>
        #endif
        #ifndef SAVE_VECTOR_REGISTERS
            #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin()
        #endif
        #ifndef RESTORE_VECTOR_REGISTERS
            #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end()
        #endif
    #elif defined(WOLFSSL_ARMASM)
        #include <asm/fpsimd.h>
        #ifndef SAVE_VECTOR_REGISTERS
            #define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); })
        #endif
        #ifndef RESTORE_VECTOR_REGISTERS
            #define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); })
        #endif
    #else
        #ifndef SAVE_VECTOR_REGISTERS
            #define SAVE_VECTOR_REGISTERS() ({})
        #endif
        #ifndef RESTORE_VECTOR_REGISTERS
            #define RESTORE_VECTOR_REGISTERS() ({})
        #endif
    #endif
    _Pragma("GCC diagnostic pop");
    /* Linux headers define these using C expressions, but we need
     * them to be evaluable by the preprocessor, for use in sp_int.h.
     */
    _Static_assert(sizeof(ULONG_MAX) == 8, "WOLFSSL_LINUXKM supported only on targets with 64 bit long words.");
    #undef UCHAR_MAX
    #define UCHAR_MAX 255
    #undef USHRT_MAX
    #define USHRT_MAX 65535
    #undef UINT_MAX
    #define UINT_MAX 4294967295U
    #undef ULONG_MAX
    #define ULONG_MAX 18446744073709551615UL
    #undef ULLONG_MAX
    #define ULLONG_MAX ULONG_MAX
    #undef INT_MAX
    #define INT_MAX 2147483647
    #undef LONG_MAX
    #define LONG_MAX 9223372036854775807L
    #undef LLONG_MAX
    #define LLONG_MAX LONG_MAX
    /* remove this multifariously conflicting macro, picked up from
     * Linux arch/<arch>/include/asm/current.h.
     */
@ -122,9 +157,17 @@
     */
    #define _MM_MALLOC_H_INCLUDED
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
    /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */
    #define malloc(x) kvmalloc(x, GFP_KERNEL)
    #define free(x) kvfree(x)
    void *lkm_realloc(void *ptr, size_t newsize);
    #define realloc(x, y) lkm_realloc(x, y)
 #else
    #define malloc(x) kmalloc(x, GFP_KERNEL)
    #define free(x) kfree(x)
    #define realloc(x,y) krealloc(x, y, GFP_KERNEL)
 #endif
    /* min() and max() in linux/kernel.h over-aggressively type-check, producing
     * myriad spurious -Werrors throughout the codebase.
@ -157,8 +200,10 @@
 #else /* ! WOLFSSL_LINUXKM */
-    #ifdef BUILDING_WOLFSSL
+    #ifndef SAVE_VECTOR_REGISTERS
        #define SAVE_VECTOR_REGISTERS() do{}while(0)
    #endif
    #ifndef RESTORE_VECTOR_REGISTERS
        #define RESTORE_VECTOR_REGISTERS() do{}while(0)
    #endif
@ -193,6 +238,8 @@
    /* do nothing, just don't pick Unix */
 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
    /* do nothing */
 #elif defined(RTTHREAD)
    /* do nothing */
 #elif defined(EBSNET)
    /* do nothing */
 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
@ -298,6 +345,9 @@
        #include "FreeRTOS.h"
        #include "semphr.h"
 		typedef SemaphoreHandle_t  wolfSSL_Mutex;
    #elif defined (RTTHREAD)
        #include "rtthread.h"
        typedef rt_mutex_t wolfSSL_Mutex;
    #elif defined(WOLFSSL_SAFERTOS)
        typedef struct wolfSSL_Mutex {
            signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
@ -409,6 +459,11 @@ WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb);
 WOLFSSL_API int wolfCrypt_Init(void);
 WOLFSSL_API int wolfCrypt_Cleanup(void);
 #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
    WOLFSSL_API long wolfCrypt_heap_peakAllocs_checkpoint(void);
    WOLFSSL_API long wolfCrypt_heap_peakBytes_checkpoint(void);
 #endif
 /* FILESYSTEM SECTION */
 /* filesystem abstraction layer, used by ssl.c */
@ -564,6 +619,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
    #else
        #define XFOPEN     fopen
    #endif
    #define XFDOPEN    fdopen
    #define XFSEEK     fseek
    #define XFTELL     ftell
    #define XREWIND    rewind
@ -579,6 +635,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
        #include <dirent.h>
        #include <unistd.h>
        #include <sys/stat.h>
        #define XWRITE      write
        #define XREAD       read
        #define XCLOSE      close
    #endif
 #endif
@ -786,7 +845,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
    #ifdef BUILDING_WOLFSSL
    /* includes are all above, with incompatible warnings masked out. */
-    #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)
+    #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)
    typedef __kernel_time_t time_t;
    #else
    typedef __kernel_time64_t time_t;
--- a/source/network/picohttpparser.c
+++ b/source/network/picohttpparser.c
@ -449,7 +449,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
    }
    PARSE_INT_3(status);
-    /* get message includig preceding space */
+    /* get message including preceding space */
    if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
        return NULL;
    }