Update wolfSSL

source/libs/libwolfssl/callbacks.h

@@ -1,6 +1,6 @@
 /* callbacks.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/crl.h

@@ -1,6 +1,6 @@
 /* crl.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,12 +34,14 @@
     extern "C" {
 #endif
 
-WOLFSSL_LOCAL int  InitCRL(WOLFSSL_CRL*, WOLFSSL_CERT_MANAGER*);
+WOLFSSL_LOCAL int  InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm);
-WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL*, int dynamic);
+WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL* crl, int dynamic);
 
-WOLFSSL_LOCAL int  LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int mon);
+WOLFSSL_LOCAL int  LoadCRL(WOLFSSL_CRL* crl, const char* path, int type,
-WOLFSSL_LOCAL int  BufferLoadCRL(WOLFSSL_CRL*, const byte*, long, int, int);
+                           int monitor);
-WOLFSSL_LOCAL int  CheckCertCRL(WOLFSSL_CRL*, DecodedCert*);
+WOLFSSL_LOCAL int  BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz,
+                                 int type, int verify);
+WOLFSSL_LOCAL int  CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert);
 
 
 #ifdef __cplusplus

source/libs/libwolfssl/error-ssl.h

@@ -1,6 +1,6 @@
 /* error-ssl.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,7 +52,6 @@ enum wolfSSL_ErrorCodes {
     RSA_PRIVATE_ERROR            = -318,   /* error during rsa priv op */
     NO_DH_PARAMS                 = -319,   /* server missing DH params */
     BUILD_MSG_ERROR              = -320,   /* build message failure    */
-
     BAD_HELLO                    = -321,   /* client hello malformed   */
     DOMAIN_NAME_MISMATCH         = -322,   /* peer subject name mismatch */
     WANT_READ                    = -323,   /* want read, call again    */
@@ -76,10 +75,6 @@ enum wolfSSL_ErrorCodes {
     ZERO_RETURN                  = -343,   /* peer sent close notify */
     SIDE_ERROR                   = -344,   /* wrong client/server type */
     NO_PEER_CERT                 = -345,   /* peer didn't send key */
-    NTRU_KEY_ERROR               = -346,   /* NTRU key error  */
-    NTRU_DRBG_ERROR              = -347,   /* NTRU drbg error  */
-    NTRU_ENCRYPT_ERROR           = -348,   /* NTRU encrypt error  */
-    NTRU_DECRYPT_ERROR           = -349,   /* NTRU decrypt error  */
     ECC_CURVETYPE_ERROR          = -350,   /* Bad ECC Curve Type */
     ECC_CURVE_ERROR              = -351,   /* Bad ECC Curve */
     ECC_PEERKEY_ERROR            = -352,   /* Bad Peer ECC Key */
@@ -113,6 +108,7 @@ enum wolfSSL_ErrorCodes {
     UNKNOWN_SNI_HOST_NAME_E      = -381,   /* Unrecognized host name Error */
     UNKNOWN_MAX_FRAG_LEN_E       = -382,   /* Unrecognized max frag len Error */
     KEYUSE_SIGNATURE_E           = -383,   /* KeyUse digSignature error */
+
     KEYUSE_ENCIPHER_E            = -385,   /* KeyUse keyEncipher error */
     EXTKEYUSE_AUTH_E             = -386,   /* ExtKeyUse server|client_auth */
     SEND_OOB_READ_E              = -387,   /* Send Cb out of bounds read */
@@ -171,9 +167,22 @@ enum wolfSSL_ErrorCodes {
     NO_CERT_ERROR                = -440,   /* TLS1.3 - no cert set error */
     APP_DATA_READY               = -441,   /* DTLS1.2 application data ready for read */
     TOO_MUCH_EARLY_DATA          = -442,   /* Too much Early data */
-
     SOCKET_FILTERED_E            = -443,   /* Session stopped by network filter */
+    HTTP_RECV_ERR                = -444,   /* HTTP Receive error */
+    HTTP_HEADER_ERR              = -445,   /* HTTP Header error */
+    HTTP_PROTO_ERR               = -446,   /* HTTP Protocol error */
+    HTTP_STATUS_ERR              = -447,   /* HTTP Status error */
+    HTTP_VERSION_ERR             = -448,   /* HTTP Version error */
+    HTTP_APPSTR_ERR              = -449,   /* HTTP Application string error */
+    UNSUPPORTED_PROTO_VERSION    = -450,   /* bad/unsupported protocol version*/
+    FALCON_KEY_SIZE_E            = -451,   /* Wrong key size for Falcon. */
+    QUIC_TP_MISSING_E            = -452,   /* QUIC transport parameter missing */
+    DILITHIUM_KEY_SIZE_E         = -453,   /* Wrong key size for Dilithium. */
+    DTLS_CID_ERROR               = -454,   /* Wrong or missing CID */
+    DTLS_TOO_MANY_FRAGMENTS_E    = -455,   /* Received too many fragments */
+    QUIC_WRONG_ENC_LEVEL         = -456,   /* QUIC data received on wrong encryption level */
 
+    DUPLICATE_TLS_EXT_E          = -457,   /* Duplicate TLS extension in msg. */
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
     /* begin negotiation parameter errors */

source/libs/libwolfssl/ocsp.h

@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,12 +50,12 @@ typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
 typedef struct OcspRequest WOLFSSL_OCSP_REQUEST;
 #endif
 
-WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
+WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm);
-WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
+WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic);
 
-WOLFSSL_LOCAL int  CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
+WOLFSSL_LOCAL int  CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert,
                                  WOLFSSL_BUFFER_INFO* responseBuffer);
-WOLFSSL_LOCAL int  CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*,
+WOLFSSL_LOCAL int  CheckCertOCSP_ex(WOLFSSL_OCSP* ocsp, DecodedCert* cert,
                                     WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl);
 WOLFSSL_LOCAL int  CheckOcspRequest(WOLFSSL_OCSP* ocsp,
                  OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
@@ -103,14 +103,21 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request,
     unsigned char** data);
 WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
     WOLFSSL_OCSP_CERTID *cid);
-WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*);
+WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(
+    WOLFSSL_OCSP_CERTID* id);
 #ifndef NO_BIO
 WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
     WOLFSSL_OCSP_REQUEST *req);
 #endif
 
-WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **);
+WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id,
-WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single);
+                                        unsigned char** data);
+WOLFSSL_API
+WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
+                                             const unsigned char** derIn,
+                                             int length);
+WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
+    const WOLFSSL_OCSP_SINGLERESP *single);
 WOLFSSL_API int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b);
 WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
                                                 int *reason,
@@ -118,7 +125,8 @@ WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
                                                 WOLFSSL_ASN1_TIME **thisupd,
                                                 WOLFSSL_ASN1_TIME **nextupd);
 WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
-WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx);
+WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(
+    WOLFSSL_OCSP_BASICRESP *bs, int idx);
 
 #endif
 #ifdef OPENSSL_EXTRA
@@ -128,9 +136,9 @@ WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status,
     WOLFSSL_OCSP_BASICRESP* bs);
 WOLFSSL_API const char* wolfSSL_OCSP_crl_reason_str(long s);
 
-WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING**,
+WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
-  WOLFSSL_ASN1_OBJECT**, WOLFSSL_ASN1_STRING**,
+  WOLFSSL_ASN1_OBJECT **pmd, WOLFSSL_ASN1_STRING **keyHash,
-  WOLFSSL_ASN1_INTEGER**, WOLFSSL_OCSP_CERTID*);
+  WOLFSSL_ASN1_INTEGER **serial, WOLFSSL_OCSP_CERTID *cid);
 
 WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req,
         unsigned char* val, int sz);

source/libs/libwolfssl/openssl/aes.h

@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,24 +46,23 @@ typedef struct WOLFSSL_AES_KEY {
 } WOLFSSL_AES_KEY;
 typedef WOLFSSL_AES_KEY AES_KEY;
 
-WOLFSSL_API int wolfSSL_AES_set_encrypt_key
+WOLFSSL_API int wolfSSL_AES_set_encrypt_key(
-    (const unsigned char *, const int bits, AES_KEY *);
+    const unsigned char *key, const int bits, AES_KEY *aes);
-WOLFSSL_API int wolfSSL_AES_set_decrypt_key
+WOLFSSL_API int wolfSSL_AES_set_decrypt_key(
-    (const unsigned char *, const int bits, AES_KEY *);
+    const unsigned char *key, const int bits, AES_KEY *aes);
-WOLFSSL_API void wolfSSL_AES_cbc_encrypt
+WOLFSSL_API void wolfSSL_AES_cbc_encrypt(
-    (const unsigned char *in, unsigned char* out, size_t len,
+    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
-     AES_KEY *key, unsigned char* iv, const int enc);
+    unsigned char* iv, const int enc);
-WOLFSSL_API void wolfSSL_AES_ecb_encrypt
+WOLFSSL_API void wolfSSL_AES_ecb_encrypt(
-    (const unsigned char *in, unsigned char* out,
+    const unsigned char *in, unsigned char* out, AES_KEY *key, const int enc);
-     AES_KEY *key, const int enc);
+WOLFSSL_API void wolfSSL_AES_cfb128_encrypt(
-WOLFSSL_API void wolfSSL_AES_cfb128_encrypt
+    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
-    (const unsigned char *in, unsigned char* out, size_t len,
+    unsigned char* iv, int* num, const int enc);
-     AES_KEY *key, unsigned char* iv, int* num, const int enc);
+WOLFSSL_API int wolfSSL_AES_wrap_key(
-WOLFSSL_API int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+    AES_KEY *key, const unsigned char *iv, unsigned char *out,
-                 unsigned char *out,
     const unsigned char *in, unsigned int inlen);
-WOLFSSL_API int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+WOLFSSL_API int wolfSSL_AES_unwrap_key(
-                   unsigned char *out,
+    AES_KEY *key, const unsigned char *iv, unsigned char *out,
     const unsigned char *in, unsigned int inlen);
 
 #define AES_cbc_encrypt     wolfSSL_AES_cbc_encrypt
@@ -75,14 +74,14 @@ WOLFSSL_API int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
 #define AES_unwrap_key      wolfSSL_AES_unwrap_key
 
 #ifdef WOLFSSL_AES_DIRECT
-WOLFSSL_API void wolfSSL_AES_encrypt
+WOLFSSL_API void wolfSSL_AES_encrypt(
-    (const unsigned char* input, unsigned char* output, AES_KEY *);
+    const unsigned char* input, unsigned char* output, AES_KEY *key);
-WOLFSSL_API void wolfSSL_AES_decrypt
+WOLFSSL_API void wolfSSL_AES_decrypt(
-    (const unsigned char* input, unsigned char* output, AES_KEY *);
+    const unsigned char* input, unsigned char* output, AES_KEY *key);
 
 #define AES_encrypt         wolfSSL_AES_encrypt
 #define AES_decrypt         wolfSSL_AES_decrypt
-#endif /* HAVE_AES_DIRECT */
+#endif /* WOLFSSL_AES_DIRECT */
 
 #ifndef AES_ENCRYPT
 #define AES_ENCRYPT AES_ENCRYPTION

source/libs/libwolfssl/openssl/asn1.h

@@ -1,6 +1,6 @@
 /* asn1.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,6 +30,7 @@
 #define ASN1_STRING_type_new  wolfSSL_ASN1_STRING_type_new
 #define ASN1_STRING_type      wolfSSL_ASN1_STRING_type
 #define ASN1_STRING_set       wolfSSL_ASN1_STRING_set
+#define ASN1_OCTET_STRING_set wolfSSL_ASN1_STRING_set
 #define ASN1_STRING_free      wolfSSL_ASN1_STRING_free
 
 #define ASN1_get_object       wolfSSL_ASN1_get_object
@@ -68,9 +69,11 @@
 #define ASN1_UTCTIME_print              wolfSSL_ASN1_UTCTIME_print
 #define ASN1_TIME_check                 wolfSSL_ASN1_TIME_check
 #define ASN1_TIME_diff                  wolfSSL_ASN1_TIME_diff
+#define ASN1_TIME_compare               wolfSSL_ASN1_TIME_compare
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 
 #define V_ASN1_EOC                      0
+#define V_ASN1_NULL                     5
 #define V_ASN1_OBJECT                   6
 #define V_ASN1_UTF8STRING               12
 #define V_ASN1_SEQUENCE                 16
@@ -92,9 +95,20 @@
 #define ASN1_STRING_FLAG_MSTRING         0x040
 #define ASN1_STRING_FLAG_EMBED           0x080
 
+/* X.509 PKI size limits from RFC2459 (appendix A) */
+/* internally our limit is CTC_NAME_SIZE (64) - overriden with WC_CTC_NAME_SIZE */
+#define ub_name                    CTC_NAME_SIZE /* 32768 */
+#define ub_common_name             CTC_NAME_SIZE /* 64 */
+#define ub_locality_name           CTC_NAME_SIZE /* 128 */
+#define ub_state_name              CTC_NAME_SIZE /* 128 */
+#define ub_organization_name       CTC_NAME_SIZE /* 64 */
+#define ub_organization_unit_name  CTC_NAME_SIZE /* 64 */
+#define ub_title                   CTC_NAME_SIZE /* 64 */
+#define ub_email_address           CTC_NAME_SIZE /* 128 */
+
 
 WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
-    const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*);
+    const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai);
 
 WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
 
@@ -129,11 +143,10 @@ typedef enum {
 } WOLFSSL_ASN1_TYPES;
 
 #define ASN1_SEQUENCE(type) \
-    static type __##type##_dummy_struct;\
     static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
 
 #define ASN1_SIMPLE(type, member, member_type) \
-    { (char*)&__##type##_dummy_struct.member - (char*)&__##type##_dummy_struct, \
+    { OFFSETOF(type, member), \
         WOLFSSL_##member_type##_ASN1 }
 
 #define ASN1_SEQUENCE_END(type) \
@@ -151,6 +164,7 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
                                       const WOLFSSL_ASN1_ITEM *tpl);
 
 /* Need function declaration otherwise compiler complains */
+/* // NOLINTBEGIN(readability-named-parameter) */
 #define IMPLEMENT_ASN1_FUNCTIONS(type) \
     type *type##_new(void); \
     type *type##_new(void){ \
@@ -165,6 +179,7 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
     { \
         return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\
     }
+/* // NOLINTEND(readability-named-parameter) */
 
 #endif /* OPENSSL_ALL */
 

source/libs/libwolfssl/openssl/asn1t.h

@@ -1,6 +1,6 @@
 /* asn1t.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/bio.h

@@ -1,6 +1,6 @@
 /* bio.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,13 +25,12 @@
 #ifndef WOLFSSL_BIO_H_
 #define WOLFSSL_BIO_H_
 
-#include <libs/libwolfssl/openssl/ssl.h>
-
 
 #ifdef __cplusplus
     extern "C" {
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
 #define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
 #define BIO_FLAGS_READ         WOLFSSL_BIO_FLAG_READ
@@ -58,11 +57,13 @@
 #define BIO_s_file                      wolfSSL_BIO_s_file
 #define BIO_s_bio                       wolfSSL_BIO_s_bio
 #define BIO_s_socket                    wolfSSL_BIO_s_socket
+#define BIO_s_accept                    wolfSSL_BIO_s_socket
 #define BIO_set_fd                      wolfSSL_BIO_set_fd
 #define BIO_set_close                   wolfSSL_BIO_set_close
 #define BIO_ctrl_reset_read_request     wolfSSL_BIO_ctrl_reset_read_request
 #define BIO_set_write_buf_size          wolfSSL_BIO_set_write_buf_size
 #define BIO_make_bio_pair               wolfSSL_BIO_make_bio_pair
+#define BIO_up_ref                      wolfSSL_BIO_up_ref
 
 #define BIO_new_fd                      wolfSSL_BIO_new_fd
 #define BIO_set_fp                      wolfSSL_BIO_set_fp
@@ -109,6 +110,8 @@
 #define BIO_get_shutdown           wolfSSL_BIO_get_shutdown
 #define BIO_set_shutdown           wolfSSL_BIO_set_shutdown
 
+#define BIO_get_fd                 wolfSSL_BIO_get_fd
+
 #define BIO_clear_flags            wolfSSL_BIO_clear_flags
 #define BIO_set_ex_data            wolfSSL_BIO_set_ex_data
 #define BIO_get_ex_data            wolfSSL_BIO_get_ex_data
@@ -138,6 +141,8 @@
 #define BIO_CTRL_RESET             1
 #define BIO_CTRL_EOF               2
 #define BIO_CTRL_INFO              3
+#define BIO_CTRL_SET               4
+#define BIO_CTRL_GET               5
 #define BIO_CTRL_PUSH              6
 #define BIO_CTRL_POP               7
 #define BIO_CTRL_GET_CLOSE         8
@@ -165,11 +170,11 @@
 
 #define BIO_FP_WRITE               0x04
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
 
-
 #endif /* WOLFSSL_BIO_H_ */
-

source/libs/libwolfssl/openssl/bn.h

@@ -1,6 +1,6 @@
 /* bn.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -47,92 +47,137 @@ typedef struct WOLFSSL_BIGNUM {
 #endif
 } WOLFSSL_BIGNUM;
 
-
-#define BN_ULONG WOLFSSL_BN_ULONG
 #define WOLFSSL_BN_ULONG unsigned long
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#define BN_ULONG         WOLFSSL_BN_ULONG
+#endif
+
+#ifndef WOLFSSL_MAX_BN_BITS
+    #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+        /* SP implementation supports numbers of SP_INT_BITS bits. */
+        #define WOLFSSL_MAX_BN_BITS     SP_INT_BITS
+    #elif defined(USE_FAST_MATH)
+        /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
+        #define WOLFSSL_MAX_BN_BITS     (FP_MAX_BITS / 2)
+    #else
+        #ifdef WOLFSSL_MYSQL_COMPATIBLE
+            /* Integer maths is dynamic but we only go up to 8192 bits. */
+            #define WOLFSSL_MAX_BN_BITS 8192
+        #else
+            /* Integer maths is dynamic but we only go up to 4096 bits. */
+            #define WOLFSSL_MAX_BN_BITS 4096
+        #endif
+    #endif
+#endif
 
 typedef struct WOLFSSL_BN_CTX   WOLFSSL_BN_CTX;
 typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
 
 WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
-WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*);
+WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx);
-WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*);
+WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
 #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
-WOLFSSL_API void           wolfSSL_BN_init(WOLFSSL_BIGNUM *);
+WOLFSSL_API void           wolfSSL_BN_init(WOLFSSL_BIGNUM* bn);
 #endif
-WOLFSSL_API void           wolfSSL_BN_free(WOLFSSL_BIGNUM*);
+WOLFSSL_API void           wolfSSL_BN_free(WOLFSSL_BIGNUM* bn);
-WOLFSSL_API void           wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
+WOLFSSL_API void           wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn);
-WOLFSSL_API void           wolfSSL_BN_clear(WOLFSSL_BIGNUM*);
+WOLFSSL_API void           wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn);
 
 
-WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
+WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
-                             const WOLFSSL_BIGNUM*);
+                             const WOLFSSL_BIGNUM* b);
-WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
+WOLFSSL_API int wolfSSL_BN_mul(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a,
-                             const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
+                               WOLFSSL_BIGNUM *b, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_BN_div(WOLFSSL_BIGNUM* dv, WOLFSSL_BIGNUM* rem,
+                   const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* d,
+                   WOLFSSL_BN_CTX* ctx);
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
+WOLFSSL_API int wolfSSL_BN_gcd(WOLFSSL_BIGNUM* r, WOLFSSL_BIGNUM* a,
+                               WOLFSSL_BIGNUM* b, WOLFSSL_BN_CTX* ctx);
+#endif
+WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
+                  const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c);
 WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
       const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
-        const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
+        const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
 
 
-WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn);
-WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn);
 
-WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*);
+WOLFSSL_API void wolfSSL_BN_zero(WOLFSSL_BIGNUM* bn);
-WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_one(WOLFSSL_BIGNUM* bn);
-WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn);
-WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn);
-WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn);
+WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
 
-WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b);
 
-WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*);
+WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r);
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len,
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
                                               WOLFSSL_BIGNUM* ret);
 
-WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
+WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n);
 
-WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top,
+WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top,
                                        int bottom);
-WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
+WOLFSSL_API int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range);
-WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
+WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom);
-WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
+WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n);
+WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str);
 
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn);
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*,
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r,
-                                            const WOLFSSL_BIGNUM*);
+                                            const WOLFSSL_BIGNUM* bn);
 
-WOLFSSL_API int   wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
+WOLFSSL_API int   wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str);
-WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
+WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn);
 
-WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn,
-WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+                                  int n);
-WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
-WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
-WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n);
-WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n);
+WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM* bn);
 
-WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM* r, WOLFSSL_BIGNUM* a,
-                               WOLFSSL_BIGNUM*);
+                               WOLFSSL_BIGNUM* b);
 WOLFSSL_API int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
                                    const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m,
                                    WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
+WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM* bn);
-WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
+#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA))
-                                       WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
+WOLFSSL_API int wolfSSL_BN_generate_prime_ex(
-WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
+    WOLFSSL_BIGNUM* prime, int bits, int safe, const WOLFSSL_BIGNUM* add,
-                                                 WOLFSSL_BN_ULONG);
+    const WOLFSSL_BIGNUM* rem, WOLFSSL_BN_GENCB* cb);
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
-    WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*);
+                           WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
+                                                 WOLFSSL_BN_ULONG w);
 #endif
-WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    WOLFSSL_API int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn);
+#endif
+WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn,
+                                  int n);
 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(
-                                        const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx);
+    WOLFSSL_BIGNUM *r,
+    WOLFSSL_BIGNUM *a,
+    const WOLFSSL_BIGNUM *n,
+    WOLFSSL_BN_CTX *ctx);
+
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
 typedef WOLFSSL_BIGNUM   BIGNUM;
 typedef WOLFSSL_BN_CTX   BN_CTX;
@@ -151,6 +196,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 #define BN_num_bytes wolfSSL_BN_num_bytes
 #define BN_num_bits  wolfSSL_BN_num_bits
 
+#define BN_zero        wolfSSL_BN_zero
+#define BN_one         wolfSSL_BN_one
 #define BN_is_zero     wolfSSL_BN_is_zero
 #define BN_is_one      wolfSSL_BN_is_one
 #define BN_is_odd      wolfSSL_BN_is_odd
@@ -166,12 +213,16 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 #define BN_mod_exp   wolfSSL_BN_mod_exp
 #define BN_mod_mul   wolfSSL_BN_mod_mul
 #define BN_sub       wolfSSL_BN_sub
+#define BN_mul       wolfSSL_BN_mul
+#define BN_div       wolfSSL_BN_div
+#define BN_gcd       wolfSSL_BN_gcd
 #define BN_value_one wolfSSL_BN_value_one
 
 #define BN_mask_bits wolfSSL_mask_bits
 
 #define BN_pseudo_rand wolfSSL_BN_pseudo_rand
 #define BN_rand        wolfSSL_BN_rand
+#define BN_rand_range  wolfSSL_BN_rand_range
 #define BN_is_bit_set  wolfSSL_BN_is_bit_set
 #define BN_hex2bn      wolfSSL_BN_hex2bn
 
@@ -187,16 +238,18 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_lshift wolfSSL_BN_lshift
 #define BN_add_word wolfSSL_BN_add_word
+#define BN_sub_word wolfSSL_BN_sub_word
 #define BN_add wolfSSL_BN_add
 #define BN_mod_add wolfSSL_BN_mod_add
 #define BN_set_word wolfSSL_BN_set_word
 #define BN_set_bit wolfSSL_BN_set_bit
 #define BN_clear_bit wolfSSL_BN_clear_bit
 
-
+#define BN_generate_prime_ex wolfSSL_BN_generate_prime_ex
 #define BN_is_prime_ex wolfSSL_BN_is_prime_ex
 #define BN_print_fp wolfSSL_BN_print_fp
 #define BN_rshift wolfSSL_BN_rshift
+#define BN_rshift1(r, a) wolfSSL_BN_rshift((r), (a), 1)
 #define BN_mod_word wolfSSL_BN_mod_word
 
 #define BN_CTX_get wolfSSL_BN_CTX_get
@@ -217,6 +270,10 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 #define BN_get_rfc3526_prime_8192  wolfSSL_DH_8192_prime
 #endif
 
+#define BN_prime_checks 0
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 
 #ifdef __cplusplus
     }  /* extern "C" */

source/libs/libwolfssl/openssl/buffer.h

@@ -1,6 +1,6 @@
 /* buffer.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,9 +33,10 @@
 
 WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void);
 WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len);
+WOLFSSL_API int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
+        char zeroFill);
+WOLFSSL_API int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len);
 WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
-WOLFSSL_API size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize);
-WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize);
 
 
 #define BUF_MEM_new  wolfSSL_BUF_MEM_new
@@ -43,8 +44,8 @@ WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize);
 #define BUF_MEM_free wolfSSL_BUF_MEM_free
 
 #define BUF_strdup strdup
-#define BUF_strlcpy wolfSSL_strlcpy
+#define BUF_strlcpy wc_strlcpy
-#define BUF_strlcat wolfSSL_strlcat
+#define BUF_strlcat wc_strlcat
 
 #ifdef __cplusplus
     }  /* extern "C" */

source/libs/libwolfssl/openssl/camellia.h

@@ -0,0 +1,27 @@
+/* camellia.h
+ *
+ * Copyright (C) 2006-2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CAMELLIA_H_
+#define WOLFSSL_CAMELLIA_H_
+
+#include <libs/libwolfssl/wolfcrypt/camellia.h>
+
+#endif /* WOLFSSL_CAMELLIA_H_ */

source/libs/libwolfssl/openssl/cmac.h

@@ -0,0 +1,61 @@
+/* cmac.h
+ *
+ * Copyright (C) 2006-2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CMAC_H_
+#define WOLFSSL_CMAC_H_
+
+#include <libs/libwolfssl/wolfcrypt/cmac.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct WOLFSSL_CMAC_CTX {
+    void* internal; /* internal Cmac object */
+    WOLFSSL_EVP_CIPHER_CTX* cctx;
+} WOLFSSL_CMAC_CTX;
+
+typedef WOLFSSL_CMAC_CTX CMAC_CTX;
+
+WOLFSSL_API WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void);
+WOLFSSL_API void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx);
+WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* wolfSSL_CMAC_CTX_get0_cipher_ctx(
+    WOLFSSL_CMAC_CTX* ctx);
+WOLFSSL_API int wolfSSL_CMAC_Init(
+    WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
+    const WOLFSSL_EVP_CIPHER* cipher, WOLFSSL_ENGINE* engine);
+WOLFSSL_API int wolfSSL_CMAC_Update(
+    WOLFSSL_CMAC_CTX* ctx, const void* data, size_t len);
+WOLFSSL_API int wolfSSL_CMAC_Final(
+    WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len);
+
+#define CMAC_CTX_new              wolfSSL_CMAC_CTX_new
+#define CMAC_CTX_free             wolfSSL_CMAC_CTX_free
+#define CMAC_CTX_get0_cipher_ctx  wolfSSL_CMAC_CTX_get0_cipher_ctx
+#define CMAC_Init                 wolfSSL_CMAC_Init
+#define CMAC_Update               wolfSSL_CMAC_Update
+#define CMAC_Final                wolfSSL_CMAC_Final
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_CMAC_H_ */

source/libs/libwolfssl/openssl/compat_types.h

@@ -0,0 +1,66 @@
+/* compat_types.h
+ *
+ * Copyright (C) 2006-2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+ * Move types that cause cyclical dependency errors here.
+ */
+
+#ifndef WOLFSSL_OPENSSL_COMPAT_TYPES_H_
+#define WOLFSSL_OPENSSL_COMPAT_TYPES_H_
+
+#include <libs/libwolfssl/wolfcrypt/settings.h>
+#include <libs/libwolfssl/wolfcrypt/types.h>
+#include <libs/libwolfssl/wolfcrypt/hmac.h>
+
+#ifndef NO_HMAC
+typedef struct WOLFSSL_HMAC_CTX {
+    Hmac hmac;
+    int  type;
+    word32  save_ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
+    word32  save_opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
+} WOLFSSL_HMAC_CTX;
+#endif
+
+typedef char   WOLFSSL_EVP_MD;
+typedef char   WOLFSSL_EVP_CIPHER;
+typedef int    WOLFSSL_ENGINE;
+
+typedef struct WOLFSSL_EVP_PKEY       WOLFSSL_EVP_PKEY;
+typedef struct WOLFSSL_EVP_MD_CTX     WOLFSSL_EVP_MD_CTX;
+typedef struct WOLFSSL_EVP_PKEY       WOLFSSL_PKCS8_PRIV_KEY_INFO;
+typedef struct WOLFSSL_EVP_PKEY_CTX   WOLFSSL_EVP_PKEY_CTX;
+typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX;
+typedef struct WOLFSSL_ASN1_PCTX      WOLFSSL_ASN1_PCTX;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+typedef WOLFSSL_EVP_MD         EVP_MD;
+typedef WOLFSSL_EVP_MD_CTX     EVP_MD_CTX;
+typedef WOLFSSL_EVP_CIPHER     EVP_CIPHER;
+typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
+typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
+typedef WOLFSSL_EVP_PKEY       EVP_PKEY;
+typedef WOLFSSL_EVP_PKEY       PKCS8_PRIV_KEY_INFO;
+
+typedef WOLFSSL_ENGINE         ENGINE;
+typedef WOLFSSL_EVP_PKEY_CTX   EVP_PKEY_CTX;
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#endif /* !WOLFSSL_OPENSSL_COMPAT_TYPES_H_ */

source/libs/libwolfssl/openssl/conf.h

@@ -1,6 +1,6 @@
 /* conf.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/crypto.h

@@ -1,6 +1,6 @@
 /* crypto.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -47,12 +47,19 @@ typedef void (CRYPTO_free_func)(void* parent, void* ptr, CRYPTO_EX_DATA* ad, int
 #include "prefix_crypto.h"
 #endif
 
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
 WOLFSSL_API const char*   wolfSSLeay_version(int type);
 WOLFSSL_API unsigned long wolfSSLeay(void);
 WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void);
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API void wolfSSL_OPENSSL_free(void* p);
+#endif
+
 #ifdef OPENSSL_EXTRA
-WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
 WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c);
 WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len);
@@ -60,6 +67,25 @@ WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len
 WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
 #endif
 
+/* class index for wolfSSL_CRYPTO_get_ex_new_index */
+#define CRYPTO_EX_INDEX_SSL             WOLF_CRYPTO_EX_INDEX_SSL
+#define CRYPTO_EX_INDEX_SSL_CTX         WOLF_CRYPTO_EX_INDEX_SSL_CTX
+#define CRYPTO_EX_INDEX_SSL_SESSION     WOLF_CRYPTO_EX_INDEX_SSL_SESSION
+#define CRYPTO_EX_INDEX_X509            WOLF_CRYPTO_EX_INDEX_X509
+#define CRYPTO_EX_INDEX_X509_STORE      WOLF_CRYPTO_EX_INDEX_X509_STORE
+#define CRYPTO_EX_INDEX_X509_STORE_CTX  WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX
+#define CRYPTO_EX_INDEX_DH              WOLF_CRYPTO_EX_INDEX_DH
+#define CRYPTO_EX_INDEX_DSA             WOLF_CRYPTO_EX_INDEX_DSA
+#define CRYPTO_EX_INDEX_EC_KEY          WOLF_CRYPTO_EX_INDEX_EC_KEY
+#define CRYPTO_EX_INDEX_RSA             WOLF_CRYPTO_EX_INDEX_RSA
+#define CRYPTO_EX_INDEX_ENGINE          WOLF_CRYPTO_EX_INDEX_ENGINE
+#define CRYPTO_EX_INDEX_UI              WOLF_CRYPTO_EX_INDEX_UI
+#define CRYPTO_EX_INDEX_BIO             WOLF_CRYPTO_EX_INDEX_BIO
+#define CRYPTO_EX_INDEX_APP             WOLF_CRYPTO_EX_INDEX_APP
+#define CRYPTO_EX_INDEX_UI_METHOD       WOLF_CRYPTO_EX_INDEX_UI_METHOD
+#define CRYPTO_EX_INDEX_DRBG            WOLF_CRYPTO_EX_INDEX_DRBG
+#define CRYPTO_EX_INDEX__COUNT          WOLF_CRYPTO_EX_INDEX__COUNT
+
 #define crypto_threadid_st          WOLFSSL_CRYPTO_THREADID
 #define CRYPTO_THREADID             WOLFSSL_CRYPTO_THREADID
 
@@ -126,4 +152,8 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT
 
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
 
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
 #endif /* header */

source/libs/libwolfssl/openssl/des.h

@@ -1,6 +1,6 @@
 /* des.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,8 +62,8 @@ WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes,
                                                WOLFSSL_DES_key_schedule* key);
 WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
                                                WOLFSSL_DES_key_schedule* key);
-WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock*,
+WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
-                                             WOLFSSL_DES_key_schedule*);
+                                               WOLFSSL_DES_key_schedule* key);
 WOLFSSL_API int  wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
                                      WOLFSSL_DES_key_schedule* schedule);
 WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
@@ -81,10 +81,10 @@ WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
                       WOLFSSL_DES_key_schedule* schedule,
                       WOLFSSL_DES_cblock* ivec, int enc);
 
-WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*);
+WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes);
-WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*,
+WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
-                                       WOLFSSL_DES_key_schedule*, int);
+             WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc);
-WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock*);
+WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock *myDes);
 
 
 typedef WOLFSSL_DES_cblock DES_cblock;

source/libs/libwolfssl/openssl/dh.h

@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,8 +37,6 @@ typedef struct WOLFSSL_DH            WOLFSSL_DH;
     #define WOLFSSL_DH_TYPE_DEFINED
 #endif
 
-typedef WOLFSSL_DH                   DH;
-
 struct WOLFSSL_DH {
     WOLFSSL_BIGNUM* p;
     WOLFSSL_BIGNUM* g;
@@ -52,26 +50,39 @@ struct WOLFSSL_DH {
      * lighttpd src code.
      */
     int length;
+    wolfSSL_Ref ref;             /* Reference count information. */
 };
 
 WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
                                          const unsigned char **pp, long length);
 WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
-WOLFSSL_API void        wolfSSL_DH_free(WOLFSSL_DH*);
+WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new_by_nid(int nid);
+WOLFSSL_API void        wolfSSL_DH_free(WOLFSSL_DH* dh);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
+WOLFSSL_API int         wolfSSL_DH_up_ref(WOLFSSL_DH* dh);
 
 WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
-WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH* dh);
-WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*);
+WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub,
-                                     WOLFSSL_DH*);
+                                     WOLFSSL_DH* dh);
-WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz);
+WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf,
-WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*,
+                                   int derSz);
-    WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len);
+WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
+    WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g);
+
+WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_get_2048_256(void);
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+typedef WOLFSSL_DH                   DH;
 
 #define DH_new        wolfSSL_DH_new
 #define DH_free       wolfSSL_DH_free
+#define DH_up_ref     wolfSSL_DH_up_ref
+#define DH_new_by_nid wolfSSL_DH_new_by_nid
 
 #define d2i_DHparams    wolfSSL_d2i_DHparams
 #define i2d_DHparams    wolfSSL_i2d_DHparams
@@ -80,11 +91,12 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*,
 #define DH_size         wolfSSL_DH_size
 #define DH_generate_key wolfSSL_DH_generate_key
 #define DH_compute_key  wolfSSL_DH_compute_key
+#define DH_set_length   wolfSSL_DH_set_length
 #define DH_set0_pqg     wolfSSL_DH_set0_pqg
 #define DH_get0_pqg     wolfSSL_DH_get0_pqg
 #define DH_get0_key     wolfSSL_DH_get0_key
 #define DH_set0_key     wolfSSL_DH_set0_key
-#define DH_bits(x)      (BN_num_bits(x->p))
+#define DH_bits(x)      (BN_num_bits((x)->p))
 
 #define DH_GENERATOR_2                  2
 #define DH_CHECK_P_NOT_PRIME            0x01
@@ -106,13 +118,20 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*,
 #define get_rfc3526_prime_6144     wolfSSL_DH_6144_prime
 #define get_rfc3526_prime_8192     wolfSSL_DH_8192_prime
 
-#ifdef __cplusplus
+#define DH_get_2048_256 wolfSSL_DH_get_2048_256
-    }  /* extern "C" */
-#endif
 
 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
 #define DH_generate_parameters    wolfSSL_DH_generate_parameters
 #define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex
 #endif /* OPENSSL_ALL || HAVE_STUNNEL */
 
+#define DH_GENERATOR_2 2
+#define DH_GENERATOR_5 5
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
 #endif /* WOLFSSL_DH_H_ */

source/libs/libwolfssl/openssl/dsa.h

@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,8 +41,6 @@ typedef struct WOLFSSL_DSA            WOLFSSL_DSA;
 #define WOLFSSL_DSA_TYPE_DEFINED
 #endif
 
-typedef WOLFSSL_DSA                   DSA;
-
 struct WOLFSSL_DSA {
     WOLFSSL_BIGNUM* p;
     WOLFSSL_BIGNUM* q;
@@ -56,15 +54,18 @@ struct WOLFSSL_DSA {
 
 
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
-WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
+WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA* dsa);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API int wolfSSL_DSA_print_fp(XFILE fp, WOLFSSL_DSA* dsa, int indent);
+#endif /* !NO_FILESYSTEM && NO_STDIO_FILESYSTEM */
 
-WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
+WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa);
 
 typedef void (*WOLFSSL_BN_CB)(int i, int j, void* exArg);
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits,
                    unsigned char* seed, int seedLen, int* counterRet,
                    unsigned long* hRet, WOLFSSL_BN_CB cb, void* CBArg);
-WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
+WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
                    unsigned char* seed, int seedLen, int* counterRet,
                    unsigned long* hRet, void* cb);
 
@@ -79,17 +80,17 @@ WOLFSSL_API int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
         WOLFSSL_BIGNUM *priv_key);
 
 
-WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
+WOLFSSL_API int wolfSSL_DSA_LoadDer(
+    WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz);
 
-WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*,
+WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(
-                                       int sz, int opt);
+    WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz, int opt);
 
-WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d,
+WOLFSSL_API int wolfSSL_DSA_do_sign(
-                                    unsigned char* sigRet, WOLFSSL_DSA* dsa);
+    const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa);
 
-WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
+WOLFSSL_API int wolfSSL_DSA_do_verify(
-                                      unsigned char* sig,
+    const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck);
-                                      WOLFSSL_DSA* dsa, int *dsacheck);
 
 WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
 
@@ -109,11 +110,21 @@ WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
 WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
                                          WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa);
 
+WOLFSSL_API int wolfSSL_i2d_DSAparams(
+    const WOLFSSL_DSA* dsa, unsigned char** out);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(
+    WOLFSSL_DSA** dsa, const unsigned char** der, long derLen);
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+typedef WOLFSSL_DSA                   DSA;
+
 #define WOLFSSL_DSA_LOAD_PRIVATE 1
 #define WOLFSSL_DSA_LOAD_PUBLIC  2
 
 #define DSA_new wolfSSL_DSA_new
 #define DSA_free wolfSSL_DSA_free
+#define DSA_print_fp wolfSSL_DSA_print_fp
 
 #define DSA_LoadDer                wolfSSL_DSA_LoadDer
 #define DSA_generate_key           wolfSSL_DSA_generate_key
@@ -132,10 +143,13 @@ WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest
 #define d2i_DSA_SIG                wolfSSL_d2i_DSA_SIG
 #define DSA_do_sign                wolfSSL_DSA_do_sign_ex
 #define DSA_do_verify              wolfSSL_DSA_do_verify_ex
-
+#define i2d_DSAparams              wolfSSL_i2d_DSAparams
+#define d2i_DSAparams              wolfSSL_d2i_DSAparams
 
 #define DSA_SIG                    WOLFSSL_DSA_SIG
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif

source/libs/libwolfssl/openssl/ec.h

@@ -1,6 +1,6 @@
 /* ec.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,6 +32,7 @@
 extern "C" {
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* Map OpenSSL NID value */
 enum {
     POINT_CONVERSION_COMPRESSED = 2,
@@ -45,7 +46,7 @@ enum {
     NID_X9_62_prime192v3 = 411,
     NID_X9_62_prime239v1 = 412,
     NID_X9_62_prime239v2 = 413,
-    NID_X9_62_prime239v3 = 414,
+    NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */
     NID_X9_62_prime256v1 = 415,
     NID_secp112r1 = 704,
     NID_secp112r2 = 705,
@@ -76,8 +77,10 @@ enum {
     NID_ED25519 = ED25519k,
 #endif
 
-    OPENSSL_EC_NAMED_CURVE  = 0x001
+    OPENSSL_EC_EXPLICIT_CURVE  = 0x000,
+    OPENSSL_EC_NAMED_CURVE  = 0x001,
 };
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
     typedef struct WOLFSSL_EC_KEY           WOLFSSL_EC_KEY;
@@ -86,15 +89,10 @@ typedef struct WOLFSSL_EC_GROUP       WOLFSSL_EC_GROUP;
     typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE;
     /* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */
     typedef struct WOLFSSL_EC_GROUP         WOLFSSL_EC_METHOD;
+
     #define WOLFSSL_EC_TYPE_DEFINED
 #endif
 
-typedef WOLFSSL_EC_KEY                EC_KEY;
-typedef WOLFSSL_EC_GROUP              EC_GROUP;
-typedef WOLFSSL_EC_GROUP              EC_METHOD;
-typedef WOLFSSL_EC_POINT              EC_POINT;
-typedef WOLFSSL_EC_BUILTIN_CURVE      EC_builtin_curve;
-
 struct WOLFSSL_EC_POINT {
     WOLFSSL_BIGNUM *X;
     WOLFSSL_BIGNUM *Y;
@@ -117,6 +115,7 @@ struct WOLFSSL_EC_KEY {
     WOLFSSL_BIGNUM *priv_key;
 
     void*          internal;     /* our ECC Key */
+    void*          heap;
     char           form;         /* Either POINT_CONVERSION_UNCOMPRESSED or
                                   * POINT_CONVERSION_COMPRESSED */
     word16 pkcs8HeaderSz;
@@ -124,6 +123,11 @@ struct WOLFSSL_EC_KEY {
     /* option bits */
     byte inSet:1;        /* internal set from external ? */
     byte exSet:1;        /* external set from internal ? */
+
+#ifndef SINGLE_THREADED
+    wolfSSL_Mutex    refMutex;                       /* ref count mutex */
+#endif
+    int              refCount;                       /* reference count */
 };
 
 struct WOLFSSL_EC_BUILTIN_CURVE {
@@ -134,11 +138,15 @@ struct WOLFSSL_EC_BUILTIN_CURVE {
 #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1
 #define WOLFSSL_EC_KEY_LOAD_PUBLIC  2
 
+typedef int point_conversion_form_t;
+
 WOLFSSL_API
 size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r,size_t nitems);
 
 WOLFSSL_API
 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src);
+WOLFSSL_API
+int wolfSSL_EC_KEY_up_ref(WOLFSSL_EC_KEY* key);
 
 WOLFSSL_API
 int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve,
@@ -169,6 +177,8 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
 WOLFSSL_API
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form);
 WOLFSSL_API
+point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key);
+WOLFSSL_API
 WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
                                           const WOLFSSL_EC_POINT *p,
                                           char form,
@@ -200,6 +210,8 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
 WOLFSSL_API const char* wolfSSL_EC_curve_nid2nist(int nid);
 WOLFSSL_API int wolfSSL_EC_curve_nist2nid(const char* name);
 WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId);
+WOLFSSL_API
 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
 WOLFSSL_API
 int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
@@ -211,10 +223,18 @@ WOLFSSL_API
 int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
                                   const WOLFSSL_EC_POINT *pub);
 WOLFSSL_API int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key,
+                                         int indent);
+#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key);
 WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
                                    int digestSz, unsigned char *sig,
                                    unsigned int *sigSz, WOLFSSL_EC_KEY *key);
+WOLFSSL_API int wolfSSL_ECDSA_verify(int type, const unsigned char *digest,
+                                   int digestSz, const unsigned char *sig,
+                                   int sigSz, WOLFSSL_EC_KEY *key);
+
 WOLFSSL_API
 void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
 WOLFSSL_API
@@ -287,12 +307,21 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
                                  WOLFSSL_BN_CTX* ctx);
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+typedef WOLFSSL_EC_KEY                EC_KEY;
+typedef WOLFSSL_EC_GROUP              EC_GROUP;
+typedef WOLFSSL_EC_GROUP              EC_METHOD;
+typedef WOLFSSL_EC_POINT              EC_POINT;
+typedef WOLFSSL_EC_BUILTIN_CURVE      EC_builtin_curve;
+
 #ifndef HAVE_ECC
 #define OPENSSL_NO_EC
 #endif
 
 #define EC_KEY_new                      wolfSSL_EC_KEY_new
 #define EC_KEY_free                     wolfSSL_EC_KEY_free
+#define EC_KEY_up_ref                   wolfSSL_EC_KEY_up_ref
 #define EC_KEY_dup                      wolfSSL_EC_KEY_dup
 #define EC_KEY_get0_public_key          wolfSSL_EC_KEY_get0_public_key
 #define EC_KEY_get0_group               wolfSSL_EC_KEY_get0_group
@@ -304,9 +333,11 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 #define EC_KEY_set_asn1_flag            wolfSSL_EC_KEY_set_asn1_flag
 #define EC_KEY_set_public_key           wolfSSL_EC_KEY_set_public_key
 #define EC_KEY_check_key                wolfSSL_EC_KEY_check_key
+#define EC_KEY_print_fp                 wolfSSL_EC_KEY_print_fp
 
 #define ECDSA_size                      wolfSSL_ECDSA_size
 #define ECDSA_sign                      wolfSSL_ECDSA_sign
+#define ECDSA_verify                    wolfSSL_ECDSA_verify
 
 #define EC_GROUP_free                   wolfSSL_EC_GROUP_free
 #define EC_GROUP_set_asn1_flag          wolfSSL_EC_GROUP_set_asn1_flag
@@ -328,8 +359,12 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 #define EC_POINT_free                   wolfSSL_EC_POINT_free
 #define EC_POINT_get_affine_coordinates_GFp \
                                      wolfSSL_EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_get_affine_coordinates \
+                                     wolfSSL_EC_POINT_get_affine_coordinates_GFp
 #define EC_POINT_set_affine_coordinates_GFp \
                                      wolfSSL_EC_POINT_set_affine_coordinates_GFp
+#define EC_POINT_set_affine_coordinates \
+                                     wolfSSL_EC_POINT_set_affine_coordinates_GFp
 #define EC_POINT_add                    wolfSSL_EC_POINT_add
 #define EC_POINT_mul                    wolfSSL_EC_POINT_mul
 #define EC_POINT_invert                 wolfSSL_EC_POINT_invert
@@ -352,6 +387,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 #define d2i_ECPrivateKey                wolfSSL_d2i_ECPrivateKey
 #define i2d_ECPrivateKey                wolfSSL_i2d_ECPrivateKey
 #define EC_KEY_set_conv_form            wolfSSL_EC_KEY_set_conv_form
+#define EC_KEY_get_conv_form            wolfSSL_EC_KEY_get_conv_form
 
 #ifndef HAVE_SELFTEST
     #define EC_POINT_point2hex          wolfSSL_EC_POINT_point2hex
@@ -363,6 +399,8 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 #define EC_curve_nid2nist               wolfSSL_EC_curve_nid2nist
 #define EC_curve_nist2nid               wolfSSL_EC_curve_nist2nid
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif

source/libs/libwolfssl/openssl/ec25519.h

@@ -1,6 +1,6 @@
 /* ec25519.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/ec448.h

@@ -1,6 +1,6 @@
 /* ec448.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/ecdh.h

@@ -1,6 +1,6 @@
 /* ecdh.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/ecdsa.h

@@ -1,6 +1,6 @@
 /* ecdsa.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,6 +46,10 @@ struct WOLFSSL_ECDSA_SIG {
 
 WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig);
 WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void);
+WOLFSSL_API void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG* sig,
+    const WOLFSSL_BIGNUM** r, const WOLFSSL_BIGNUM** s);
+WOLFSSL_API int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG* sig, WOLFSSL_BIGNUM* r,
+    WOLFSSL_BIGNUM* s);
 WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst,
                                                      int dgst_len,
                                                      WOLFSSL_EC_KEY *eckey);
@@ -62,6 +66,8 @@ WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
 
 #define ECDSA_SIG_free         wolfSSL_ECDSA_SIG_free
 #define ECDSA_SIG_new          wolfSSL_ECDSA_SIG_new
+#define ECDSA_SIG_get0         wolfSSL_ECDSA_SIG_get0
+#define ECDSA_SIG_set0         wolfSSL_ECDSA_SIG_set0
 #define ECDSA_do_sign          wolfSSL_ECDSA_do_sign
 #define ECDSA_do_verify        wolfSSL_ECDSA_do_verify
 #define d2i_ECDSA_SIG          wolfSSL_d2i_ECDSA_SIG

source/libs/libwolfssl/openssl/ed25519.h

@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/ed448.h

@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/err.h

@@ -1,6 +1,6 @@
 /* err.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,7 +24,9 @@
 
 #include <libs/libwolfssl/wolfcrypt/logging.h>
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* err.h for openssl */
+#define ERR_load_ERR_strings             wolfSSL_ERR_load_ERR_strings
 #define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
 #define ERR_load_CRYPTO_strings          wolfSSL_ERR_load_crypto_strings
 #define ERR_peek_last_error              wolfSSL_ERR_peek_last_error
@@ -35,9 +37,13 @@
 #define ERR_R_DISABLED                          NOT_COMPILED_IN
 #define ERR_R_PASSED_INVALID_ARGUMENT           BAD_FUNC_ARG
 #define RSA_R_UNKNOWN_PADDING_TYPE              RSA_PAD_E
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       WC_KEY_SIZE_E
 #define EC_R_BUFFER_TOO_SMALL                   BUFFER_E
 
+#define ERR_TXT_MALLOCED                        1
+
 /* SSL function codes */
+#define RSA_F_RSA_PADDING_ADD_SSLV23            0
 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
 #define SSL_F_SSL_USE_PRIVATEKEY                3
@@ -51,5 +57,7 @@
 #define SSLerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
 #define ECerr(f,r)   ERR_put_error(0,(f),(r),__FILE__,__LINE__)
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #endif /* WOLFSSL_OPENSSL_ERR_ */
 

source/libs/libwolfssl/openssl/evp.h

@@ -1,6 +1,6 @@
 /* evp.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,14 +49,13 @@
 #include <libs/libwolfssl/openssl/dsa.h>
 #include <libs/libwolfssl/openssl/ec.h>
 #include <libs/libwolfssl/openssl/dh.h>
+#include <libs/libwolfssl/openssl/compat_types.h>
 
 #include <libs/libwolfssl/wolfcrypt/aes.h>
 #include <libs/libwolfssl/wolfcrypt/des3.h>
 #include <libs/libwolfssl/wolfcrypt/arc4.h>
+#include <libs/libwolfssl/wolfcrypt/chacha20_poly1305.h>
 #include <libs/libwolfssl/wolfcrypt/hmac.h>
-#ifdef HAVE_IDEA
-    #include <libs/libwolfssl/wolfcrypt/idea.h>
-#endif
 #include <libs/libwolfssl/wolfcrypt/pwdbased.h>
 
 #if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)
@@ -68,30 +67,23 @@
 #endif
 
 
-typedef char WOLFSSL_EVP_CIPHER;
-#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
-typedef char   WOLFSSL_EVP_MD;
-typedef struct WOLFSSL_EVP_PKEY     WOLFSSL_EVP_PKEY;
-typedef struct WOLFSSL_EVP_MD_CTX   WOLFSSL_EVP_MD_CTX;
-#define WOLFSSL_EVP_TYPE_DEFINED
-#endif
-
-typedef WOLFSSL_EVP_PKEY       EVP_PKEY;
-typedef WOLFSSL_EVP_PKEY       PKCS8_PRIV_KEY_INFO;
-
 #ifndef NO_MD4
     WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void);
 #endif
 #ifndef NO_MD5
     WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
 #endif
-WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *);
+WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *prompt);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void);
+WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_sha512_224(void);
+WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_sha512_256(void);
 WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_ripemd160(void);
 
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void);
@@ -103,7 +95,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT))
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
 #endif
@@ -142,9 +134,16 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void);
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20_poly1305(void);
+#endif
+#ifdef HAVE_CHACHA
+/* ChaCha IV + counter is set as one IV in EVP */
+#define WOLFSSL_EVP_CHACHA_IV_BYTES     (CHACHA_IV_BYTES + sizeof(word32))
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20(void);
+#endif
 
 
 typedef union {
@@ -154,11 +153,15 @@ typedef union {
     #ifndef NO_MD5
         WOLFSSL_MD5_CTX    md5;
     #endif
+    #ifndef NO_SHA
         WOLFSSL_SHA_CTX    sha;
+    #endif
     #ifdef WOLFSSL_SHA224
         WOLFSSL_SHA224_CTX sha224;
     #endif
+    #ifndef NO_SHA256
         WOLFSSL_SHA256_CTX sha256;
+    #endif
     #ifdef WOLFSSL_SHA384
         WOLFSSL_SHA384_CTX sha384;
     #endif
@@ -180,8 +183,6 @@ typedef union {
     #endif
 } WOLFSSL_Hasher;
 
-typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX;
-typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX;
 
 struct WOLFSSL_EVP_MD_CTX {
     union {
@@ -210,14 +211,146 @@ typedef union {
     Des3 des3;
 #endif
     Arc4 arc4;
-#ifdef HAVE_IDEA
-    Idea idea;
-#endif
 #ifdef WOLFSSL_QT
     int (*ctrl) (WOLFSSL_EVP_CIPHER_CTX *, int type, int arg, void *ptr);
 #endif
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    ChaChaPoly_Aead chachaPoly;
+#endif
+#ifdef HAVE_CHACHA
+    ChaCha chacha;
+#endif
 } WOLFSSL_Cipher;
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+#define NID_aes_128_cbc                 419
+#define NID_aes_192_cbc                 423
+#define NID_aes_256_cbc                 427
+#define NID_aes_128_ccm                 896
+#define NID_aes_256_ccm                 902
+#define NID_aes_128_gcm                 895
+#define NID_aes_192_gcm                 898
+#define NID_aes_256_gcm                 901
+#define NID_aes_128_ctr                 904
+#define NID_aes_192_ctr                 905
+#define NID_aes_256_ctr                 906
+#define NID_aes_128_ecb                 418
+#define NID_aes_192_ecb                 422
+#define NID_aes_256_ecb                 426
+#define NID_des_cbc                     31
+#define NID_des_ecb                     29
+#define NID_des_ede3_cbc                44
+#define NID_des_ede3_ecb                33
+#define NID_aes_128_cfb1                650
+#define NID_aes_192_cfb1                651
+#define NID_aes_256_cfb1                652
+#define NID_aes_128_cfb8                653
+#define NID_aes_192_cfb8                654
+#define NID_aes_256_cfb8                655
+#define NID_aes_128_cfb128              421
+#define NID_aes_192_cfb128              425
+#define NID_aes_256_cfb128              429
+#define NID_aes_128_ofb                 420
+#define NID_aes_192_ofb                 424
+#define NID_aes_256_ofb                 428
+#define NID_aes_128_xts                 913
+#define NID_aes_256_xts                 914
+#define NID_camellia_128_cbc            751
+#define NID_camellia_256_cbc            753
+#define NID_chacha20_poly1305           1018
+#define NID_chacha20                    1019
+#define NID_md5WithRSA                  104
+#define NID_md2WithRSAEncryption        9
+#define NID_md5WithRSAEncryption        99
+#define NID_dsaWithSHA1                 113
+#define NID_dsaWithSHA1_2               70
+#define NID_sha1WithRSA                 115
+#define NID_sha1WithRSAEncryption       65
+#define NID_sha224WithRSAEncryption     671
+#define NID_sha256WithRSAEncryption     668
+#define NID_sha384WithRSAEncryption     669
+#define NID_sha512WithRSAEncryption     670
+#define NID_RSA_SHA3_224                1116
+#define NID_RSA_SHA3_256                1117
+#define NID_RSA_SHA3_384                1118
+#define NID_RSA_SHA3_512                1119
+#define NID_ecdsa_with_SHA1             416
+#define NID_ecdsa_with_SHA224           793
+#define NID_ecdsa_with_SHA256           794
+#define NID_ecdsa_with_SHA384           795
+#define NID_ecdsa_with_SHA512           796
+#define NID_ecdsa_with_SHA3_224         1112
+#define NID_ecdsa_with_SHA3_256         1113
+#define NID_ecdsa_with_SHA3_384         1114
+#define NID_ecdsa_with_SHA3_512         1115
+#define NID_dsa_with_SHA224             802
+#define NID_dsa_with_SHA256             803
+#define NID_sha3_224                    1096
+#define NID_sha3_256                    1097
+#define NID_sha3_384                    1098
+#define NID_sha3_512                    1099
+#define NID_blake2b512                  1056
+#define NID_blake2s256                  1057
+#define NID_shake128                    1100
+#define NID_shake256                    1101
+#define NID_sha1                        64
+#define NID_sha224                      675
+#define NID_md2                         77
+#define NID_md4                         257
+#define NID_md5                         40
+#define NID_hmac                        855
+#define NID_hmacWithSHA1                163
+#define NID_hmacWithSHA224              798
+#define NID_hmacWithSHA256              799
+#define NID_hmacWithSHA384              800
+#define NID_hmacWithSHA512              801
+#define NID_hkdf                        1036
+#define NID_cmac                        894
+#define NID_dhKeyAgreement              28
+#define NID_ffdhe2048                   1126
+#define NID_ffdhe3072                   1127
+#define NID_ffdhe4096                   1128
+#define NID_rc4                         5
+#define NID_bf_cbc                      91
+#define NID_bf_ecb                      92
+#define NID_bf_cfb64                    93
+#define NID_bf_ofb64                    94
+#define NID_cast5_cbc                   108
+#define NID_cast5_ecb                   109
+#define NID_cast5_cfb64                 110
+#define NID_cast5_ofb64                 111
+/* key exchange */
+#define NID_kx_rsa                      1037
+#define NID_kx_ecdhe                    1038
+#define NID_kx_dhe                      1039
+#define NID_kx_ecdhe_psk                1040
+#define NID_kx_dhe_psk                  1041
+#define NID_kx_rsa_psk                  1042
+#define NID_kx_psk                      1043
+#define NID_kx_srp                      1044
+#define NID_kx_gost                     1045
+#define NID_kx_any                      1063
+/* server authentication */
+#define NID_auth_rsa                    1046
+#define NID_auth_ecdsa                  1047
+#define NID_auth_psk                    1048
+#define NID_auth_dss                    1049
+#define NID_auth_srp                    1052
+#define NID_auth_null                   1054
+#define NID_auth_any                    1055
+
+#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC
+#define NID_rsaEncryption        EVP_PKEY_RSA
+#define NID_dsa                  EVP_PKEY_DSA
+
+#define EVP_PKEY_OP_SIGN    (1 << 3)
+#define EVP_PKEY_OP_VERIFY  (1 << 5)
+#define EVP_PKEY_OP_ENCRYPT (1 << 6)
+#define EVP_PKEY_OP_DECRYPT (1 << 7)
+#define EVP_PKEY_OP_DERIVE  (1 << 8)
+
+#define EVP_PKEY_PRINT_INDENT_MAX    128
 
 enum {
     AES_128_CBC_TYPE  = 1,
@@ -238,21 +371,15 @@ enum {
     EVP_PKEY_RSA      = 16,
     EVP_PKEY_DSA      = 17,
     EVP_PKEY_EC       = 18,
-#ifdef HAVE_IDEA
-    IDEA_CBC_TYPE     = 19,
-#endif
     AES_128_GCM_TYPE  = 21,
     AES_192_GCM_TYPE  = 22,
     AES_256_GCM_TYPE  = 23,
-    NID_sha1          = 64,
-    NID_sha224        = 65,
-    NID_md2           = 77,
-    NID_md4           = 257,
-    NID_md5           =  4,
-    NID_hmac          = 855,
-    NID_dhKeyAgreement= 28,
     EVP_PKEY_DH       = NID_dhKeyAgreement,
     EVP_PKEY_HMAC     = NID_hmac,
+    EVP_PKEY_CMAC     = NID_cmac,
+    EVP_PKEY_HKDF     = NID_hkdf,
+    EVP_PKEY_FALCON   = 300, /* Randomly picked value. */
+    EVP_PKEY_DILITHIUM= 301, /* Randomly picked value. */
     AES_128_CFB1_TYPE = 24,
     AES_192_CFB1_TYPE = 25,
     AES_256_CFB1_TYPE = 26,
@@ -266,73 +393,13 @@ enum {
     AES_192_OFB_TYPE = 34,
     AES_256_OFB_TYPE = 35,
     AES_128_XTS_TYPE = 36,
-    AES_256_XTS_TYPE = 37
+    AES_256_XTS_TYPE = 37,
+    CHACHA20_POLY1305_TYPE = 38,
+    CHACHA20_TYPE    = 39
 };
 
-enum {
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
-    NID_md5WithRSA    = 104,
-    NID_md5WithRSAEncryption = 8,
-    NID_dsaWithSHA1   = 113,
-    NID_dsaWithSHA1_2 = 70,
-    NID_sha1WithRSA   = 115,
-    NID_sha1WithRSAEncryption = 65,
-    NID_sha224WithRSAEncryption = 671,
-    NID_sha256WithRSAEncryption = 668,
-    NID_sha384WithRSAEncryption = 669,
-    NID_sha512WithRSAEncryption = 670,
-    NID_ecdsa_with_SHA1 = 416,
-    NID_ecdsa_with_SHA224 = 793,
-    NID_ecdsa_with_SHA256 = 794,
-    NID_ecdsa_with_SHA384 = 795,
-    NID_ecdsa_with_SHA512 = 796,
-    NID_dsa_with_SHA224 = 802,
-    NID_dsa_with_SHA256 = 803,
-    NID_sha3_224        = 1096,
-    NID_sha3_256        = 1097,
-    NID_sha3_384        = 1098,
-    NID_sha3_512        = 1099,
-    NID_blake2b512      = 1056,
-    NID_blake2s256      = 1057,
-};
 
-enum {
-    NID_aes_128_cbc = 419,
-    NID_aes_192_cbc = 423,
-    NID_aes_256_cbc = 427,
-    NID_aes_128_gcm = 895,
-    NID_aes_192_gcm = 898,
-    NID_aes_256_gcm = 901,
-    NID_aes_128_ctr = 904,
-    NID_aes_192_ctr = 905,
-    NID_aes_256_ctr = 906,
-    NID_aes_128_ecb = 418,
-    NID_aes_192_ecb = 422,
-    NID_aes_256_ecb = 426,
-    NID_des_cbc     =  31,
-    NID_des_ecb     =  29,
-    NID_des_ede3_cbc=  44,
-    NID_des_ede3_ecb=  33,
-    NID_idea_cbc    =  34,
-    NID_aes_128_cfb1= 650,
-    NID_aes_192_cfb1= 651,
-    NID_aes_256_cfb1= 652,
-    NID_aes_128_cfb8= 653,
-    NID_aes_192_cfb8= 654,
-    NID_aes_256_cfb8= 655,
-    NID_aes_128_cfb128 = 421,
-    NID_aes_192_cfb128 = 425,
-    NID_aes_256_cfb128 = 429,
-    NID_aes_128_ofb = 420,
-    NID_aes_192_ofb = 424,
-    NID_aes_256_ofb = 428,
-    NID_aes_128_xts = 913,
-    NID_aes_256_xts = 914
-};
-
-#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC
-#define NID_dhKeyAgreement       EVP_PKEY_DH
-#define NID_rsaEncryption        EVP_PKEY_RSA
-#define NID_dsa                  EVP_PKEY_DSA
 
 #define WOLFSSL_EVP_BUF_SIZE 16
 struct WOLFSSL_EVP_CIPHER_CTX {
@@ -341,33 +408,45 @@ struct WOLFSSL_EVP_CIPHER_CTX {
     unsigned long  flags;
     unsigned char  enc;            /* if encrypt side, then true */
     unsigned char  cipherType;
-#ifndef NO_AES
+#if !defined(NO_AES)
     /* working iv pointer into cipher */
     ALIGN16 unsigned char  iv[AES_BLOCK_SIZE];
+#elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    ALIGN16 unsigned char  iv[CHACHA20_POLY1305_AEAD_IV_SIZE];
 #elif !defined(NO_DES3)
-    /* working iv pointer into cipher */
     ALIGN16 unsigned char  iv[DES_BLOCK_SIZE];
-#elif defined(HAVE_IDEA)
-    /* working iv pointer into cipher */
-    ALIGN16 unsigned char  iv[IDEA_BLOCK_SIZE];
 #endif
     WOLFSSL_Cipher  cipher;
     ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE];
     int  bufUsed;
     ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE];
     int  lastUsed;
-#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA) || \
+#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_AESGCM) || \
-    defined(HAVE_AESGCM) || defined (WOLFSSL_AES_XTS)
+    defined (WOLFSSL_AES_XTS) || (defined(HAVE_CHACHA) || \
+    defined(HAVE_POLY1305))
 #define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
     int    ivSz;
 #ifdef HAVE_AESGCM
     byte*   gcmBuffer;
     int     gcmBufferLen;
-    ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
-    int     authTagSz;
     byte*   gcmAuthIn;
     int     gcmAuthInSz;
 #endif
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    byte*   key;                 /* used in partial Init()s */
+#endif
+#if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
+#ifdef HAVE_AESGCM
+    ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
+#else
+    ALIGN16 unsigned char authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
+#endif
+    int     authTagSz;
+#endif
+#ifdef HAVE_AESGCM
+    byte    gcmIvGenEnable:1;
+    byte    gcmIncIv:1;
+#endif
 #endif
 };
 
@@ -377,12 +456,17 @@ struct WOLFSSL_EVP_PKEY_CTX {
     int op; /* operation */
     int padding;
     int nbits;
+#ifdef HAVE_ECC
+    int curveNID;
+#endif
+#ifndef NO_RSA
+    const WOLFSSL_EVP_MD* md;
+#endif
 };
 
-typedef
 struct WOLFSSL_ASN1_PCTX {
     int dummy;
-} WOLFSSL_ASN1_PCTX;
+};
 #if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)
 
 #define   BASE64_ENCODE_BLOCK_SIZE  48
@@ -406,6 +490,10 @@ WOLFSSL_API int  wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
                  unsigned char*out, int *outl, const unsigned char*in, int inl);
 WOLFSSL_API void wolfSSL_EVP_EncodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
                  unsigned char*out, int *outl);
+WOLFSSL_API int wolfSSL_EVP_EncodeBlock(unsigned char *out,
+                const unsigned char *in, int inLen);
+WOLFSSL_API int wolfSSL_EVP_DecodeBlock(unsigned char *out,
+                const unsigned char *in, int inLen);
 #endif /* WOLFSSL_BASE64_ENCODE */
 
 #if defined(WOLFSSL_BASE64_DECODE)
@@ -419,21 +507,11 @@ WOLFSSL_API int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void);
 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void);
 
-typedef int WOLFSSL_ENGINE  ;
-typedef WOLFSSL_ENGINE ENGINE;
-typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX;
-
-#define EVP_PKEY_OP_SIGN    (1 << 3)
-#define EVP_PKEY_OP_ENCRYPT (1 << 6)
-#define EVP_PKEY_OP_DECRYPT (1 << 7)
-#define EVP_PKEY_OP_DERIVE  (1 << 8)
-
-#define EVP_PKEY_PRINT_INDENT_MAX    128
-
 WOLFSSL_API void wolfSSL_EVP_init(void);
-WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md);
+WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type);
-WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md);
+WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type);
-WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD *md);
+WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type);
+WOLFSSL_API int  wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type);
 
 WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void);
 WOLFSSL_API void                wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx);
@@ -451,52 +529,33 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher);
 
 WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
                                      const WOLFSSL_EVP_MD* type);
-WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
-                                     const WOLFSSL_EVP_MD* type,
-                                     WOLFSSL_ENGINE *impl);
 WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
                                        size_t sz);
 WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
                                       unsigned int* s);
 WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                             unsigned char* md, unsigned int* s);
-
-WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
-                                           WOLFSSL_EVP_PKEY_CTX **pctx,
-                                           const WOLFSSL_EVP_MD *type,
-                                           WOLFSSL_ENGINE *e,
-                                           WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx,
                                              const void *d, unsigned int cnt);
 WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
                                             unsigned char *sig, size_t *siglen);
-
-WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
-                                             WOLFSSL_EVP_PKEY_CTX **pctx,
-                                             const WOLFSSL_EVP_MD *type,
-                                             WOLFSSL_ENGINE *e,
-                                             WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx,
                                                const void *d, size_t cnt);
 WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
                                               const unsigned char *sig,
                                               size_t siglen);
-WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out,
-                              unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
-                              WOLFSSL_ENGINE* eng);
 
-
+WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
-WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*,
+                       const WOLFSSL_EVP_MD* md, const byte* salt,
-                              const WOLFSSL_EVP_MD*, const unsigned char*,
+                       const byte* data, int sz, int count, byte* key, byte* iv);
-                              const unsigned char*, int, int, unsigned char*,
-                              unsigned char*);
 
 WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, \
                                              int type, int arg, void *ptr);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*);
+WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_iv_length(
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*);
+                                    const WOLFSSL_EVP_CIPHER_CTX* ctx);
+WOLFSSL_API int  wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher);
 WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c);
 
 
@@ -505,30 +564,6 @@ WOLFSSL_API int  wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const unsigned char* key,
                                     const unsigned char* iv,
                                     int enc);
-WOLFSSL_API int  wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    WOLFSSL_ENGINE *impl,
-                                    const unsigned char* key,
-                                    const unsigned char* iv,
-                                    int enc);
-WOLFSSL_API int  wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
-WOLFSSL_API int  wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    WOLFSSL_ENGINE *impl,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
-WOLFSSL_API int  wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
-WOLFSSL_API int  wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    WOLFSSL_ENGINE *impl,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
 WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    unsigned char *out, int *outl,
                                    const unsigned char *in, int inl);
@@ -550,6 +585,7 @@ WOLFSSL_API int  wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
 WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void);
 WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx);
+WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_nid(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                                      int keylen);
@@ -557,24 +593,26 @@ WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ct
                                                      int ivLen);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
                                                      int ivLen);
+WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
+                                                     int ivLen);
 WOLFSSL_API int  wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
                           unsigned char* dst, unsigned char* src,
                           unsigned int len);
 
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int);
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int id);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id);
 WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 
 WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey,
                                             WOLFSSL_RSA* key);
 WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
                                                WOLFSSL_EC_KEY* key);
-WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key);
-WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
+WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key);
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key);
-WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key);
 WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
 WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key);
@@ -585,13 +623,21 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key
 WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key);
 WOLFSSL_API int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key);
 
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
-                                          const unsigned char* key, int keylen);
 WOLFSSL_API const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
         size_t* len);
 WOLFSSL_API int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx);
 WOLFSSL_API int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx,
   unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen);
+WOLFSSL_API int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
+  size_t siglen, const unsigned char *tbs, size_t tbslen);
+WOLFSSL_API int wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX *ctx);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
+        int nid);
+WOLFSSL_API int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
+                                          WOLFSSL_EVP_PKEY** pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX *ctx,
+        int flag);
 WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx);
 WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
   WOLFSSL_EVP_PKEY **ppkey);
@@ -601,9 +647,9 @@ WOLFSSL_API void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
 #else
 WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
 #endif
-WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e);
 WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding);
-WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx,
+    const WOLFSSL_EVP_MD* md);
 WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits);
 
 WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx);
@@ -623,7 +669,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
 WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap);
-WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key);
 WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from);
 WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey);
@@ -632,12 +678,12 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
 WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8);
+WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey);
+
 WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
                   unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
-WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
-                                     const WOLFSSL_EVP_MD* type,
-                                     WOLFSSL_ENGINE *impl);
 WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len);
 WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
         const unsigned char* sig, unsigned int sig_len, WOLFSSL_EVP_PKEY *pkey);
@@ -664,6 +710,7 @@ WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher);
 WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher);
 WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
+WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_flags(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad);
 WOLFSSL_API int  wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest);
@@ -685,20 +732,35 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                                            const WOLFSSL_EVP_MD *digest,
                                            int keylen, unsigned char *out);
 
+#if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \
+                                                    !defined(NO_SHA)
+WOLFSSL_API int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen,
+                            const unsigned char *salt, size_t saltlen,
+                            word64 N, word64 r, word64 p,
+                            word64 maxmem, unsigned char *key, size_t keylen);
+#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */
+
 WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
                                            int* pHash, int* pHashSz);
 
-#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER
+WOLFSSL_API void wolfSSL_EVP_MD_do_all(void (*fn) (const WOLFSSL_EVP_MD *md,
-#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE
+                                                   const char* from, const char* to,
-#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE
+                                                   void* xx), void* args);
-#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE
-#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE
-#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE
-#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE
-#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE
-#define EVP_CIPH_XTS_MODE WOLFSSL_EVP_CIPH_XTS_MODE
 
-#define EVP_CIPH_FLAG_AEAD_CIPHER WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER
+#ifdef HAVE_HKDF
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_hkdf_md(WOLFSSL_EVP_PKEY_CTX* ctx,
+                                                 const WOLFSSL_EVP_MD* md);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx,
+                                                    const byte* salt,
+                                                    int saltSz);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
+                                                   const byte* key, int keySz);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx,
+                                                    const byte* info,
+                                                    int infoSz);
+WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx,
+                                               int mode);
+#endif
 
 #define WOLFSSL_EVP_CIPH_MODE            0x0007
 #define WOLFSSL_EVP_CIPH_STREAM_CIPHER      0x0
@@ -712,16 +774,79 @@ WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
 #define WOLFSSL_EVP_CIPH_XTS_MODE          0x10
 #define WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER  0x20
 #define WOLFSSL_EVP_CIPH_NO_PADDING       0x100
-#define EVP_CIPH_VARIABLE_LENGTH          0x200
+#define WOLFSSL_EVP_CIPH_VARIABLE_LENGTH  0x200
 #define WOLFSSL_EVP_CIPH_TYPE_INIT         0xff
 
-/* end OpenSSH compat */
 
-typedef WOLFSSL_EVP_MD         EVP_MD;
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-typedef WOLFSSL_EVP_CIPHER     EVP_CIPHER;
+
-typedef WOLFSSL_EVP_MD_CTX     EVP_MD_CTX;
+/* EVP ENGINE API's */
-typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e,
-typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
+                                          const unsigned char* key, int keylen);
+
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
+                                          const unsigned char* priv, size_t len,
+                                          const WOLFSSL_EVP_CIPHER* cipher);
+
+WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
+                                     const WOLFSSL_EVP_MD* type,
+                                     WOLFSSL_ENGINE *impl);
+
+WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
+                                           WOLFSSL_EVP_PKEY_CTX **pctx,
+                                           const WOLFSSL_EVP_MD *type,
+                                           WOLFSSL_ENGINE *e,
+                                           WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
+                                             WOLFSSL_EVP_PKEY_CTX **pctx,
+                                             const WOLFSSL_EVP_MD *type,
+                                             WOLFSSL_ENGINE *e,
+                                             WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out,
+                              unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
+                              WOLFSSL_ENGINE* eng);
+WOLFSSL_API int  wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
+                                    const WOLFSSL_EVP_CIPHER* type,
+                                    WOLFSSL_ENGINE *impl,
+                                    const unsigned char* key,
+                                    const unsigned char* iv,
+                                    int enc);
+WOLFSSL_API int  wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
+                                    const WOLFSSL_EVP_CIPHER* type,
+                                    const unsigned char* key,
+                                    const unsigned char* iv);
+WOLFSSL_API int  wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
+                                    const WOLFSSL_EVP_CIPHER* type,
+                                    WOLFSSL_ENGINE *impl,
+                                    const unsigned char* key,
+                                    const unsigned char* iv);
+WOLFSSL_API int  wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
+                                    const WOLFSSL_EVP_CIPHER* type,
+                                    const unsigned char* key,
+                                    const unsigned char* iv);
+WOLFSSL_API int  wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
+                                    const WOLFSSL_EVP_CIPHER* type,
+                                    WOLFSSL_ENGINE *impl,
+                                    const unsigned char* key,
+                                    const unsigned char* iv);
+WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e);
+WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e);
+WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
+                                     const WOLFSSL_EVP_MD* type,
+                                     WOLFSSL_ENGINE *impl);
+
+#define EVP_CIPH_STREAM_CIPHER    WOLFSSL_EVP_CIPH_STREAM_CIPHER
+#define EVP_CIPH_VARIABLE_LENGTH  WOLFSSL_EVP_CIPH_VARIABLE_LENGTH
+#define EVP_CIPH_ECB_MODE         WOLFSSL_EVP_CIPH_ECB_MODE
+#define EVP_CIPH_CBC_MODE         WOLFSSL_EVP_CIPH_CBC_MODE
+#define EVP_CIPH_CFB_MODE         WOLFSSL_EVP_CIPH_CFB_MODE
+#define EVP_CIPH_OFB_MODE         WOLFSSL_EVP_CIPH_OFB_MODE
+#define EVP_CIPH_CTR_MODE         WOLFSSL_EVP_CIPH_CTR_MODE
+#define EVP_CIPH_GCM_MODE         WOLFSSL_EVP_CIPH_GCM_MODE
+#define EVP_CIPH_CCM_MODE         WOLFSSL_EVP_CIPH_CCM_MODE
+#define EVP_CIPH_XTS_MODE         WOLFSSL_EVP_CIPH_XTS_MODE
+
+#define EVP_CIPH_FLAG_AEAD_CIPHER WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER
 
 #ifndef NO_MD4
     #define EVP_md4       wolfSSL_EVP_md4
@@ -736,7 +861,11 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_sha256        wolfSSL_EVP_sha256
 #define EVP_sha384        wolfSSL_EVP_sha384
 #define EVP_sha512        wolfSSL_EVP_sha512
+#define EVP_sha512_224    wolfSSL_EVP_sha512_224
+#define EVP_sha512_256    wolfSSL_EVP_sha512_256
 #define EVP_ripemd160     wolfSSL_EVP_ripemd160
+#define EVP_shake128      wolfSSL_EVP_shake128
+#define EVP_shake256      wolfSSL_EVP_shake256
 #define EVP_set_pw_prompt wolfSSL_EVP_set_pw_prompt
 
 #define EVP_sha3_224    wolfSSL_EVP_sha3_224
@@ -756,6 +885,9 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_aes_128_cfb128    wolfSSL_EVP_aes_128_cfb128
 #define EVP_aes_192_cfb128    wolfSSL_EVP_aes_192_cfb128
 #define EVP_aes_256_cfb128    wolfSSL_EVP_aes_256_cfb128
+#define EVP_aes_128_cfb       wolfSSL_EVP_aes_128_cfb128
+#define EVP_aes_192_cfb       wolfSSL_EVP_aes_192_cfb128
+#define EVP_aes_256_cfb       wolfSSL_EVP_aes_256_cfb128
 #define EVP_aes_128_ofb       wolfSSL_EVP_aes_128_ofb
 #define EVP_aes_192_ofb       wolfSSL_EVP_aes_192_ofb
 #define EVP_aes_256_ofb       wolfSSL_EVP_aes_256_ofb
@@ -775,10 +907,12 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_des_ede3_cbc      wolfSSL_EVP_des_ede3_cbc
 #define EVP_des_ede3_ecb      wolfSSL_EVP_des_ede3_ecb
 #define EVP_rc4               wolfSSL_EVP_rc4
-#define EVP_idea_cbc       wolfSSL_EVP_idea_cbc
+#define EVP_chacha20          wolfSSL_EVP_chacha20
+#define EVP_chacha20_poly1305 wolfSSL_EVP_chacha20_poly1305
 #define EVP_enc_null          wolfSSL_EVP_enc_null
 
 #define EVP_MD_size             wolfSSL_EVP_MD_size
+#define EVP_MD_pkey_type        wolfSSL_EVP_MD_pkey_type
 #define EVP_MD_CTX_new          wolfSSL_EVP_MD_CTX_new
 #define EVP_MD_CTX_create       wolfSSL_EVP_MD_CTX_new
 #define EVP_MD_CTX_free         wolfSSL_EVP_MD_CTX_free
@@ -816,8 +950,10 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_CIPHER_CTX_init           wolfSSL_EVP_CIPHER_CTX_init
 #define EVP_CIPHER_CTX_cleanup        wolfSSL_EVP_CIPHER_CTX_cleanup
 #define EVP_CIPHER_CTX_iv_length      wolfSSL_EVP_CIPHER_CTX_iv_length
+#define EVP_CIPHER_CTX_nid            wolfSSL_EVP_CIPHER_CTX_nid
 #define EVP_CIPHER_CTX_key_length     wolfSSL_EVP_CIPHER_CTX_key_length
 #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length
+#define EVP_CIPHER_CTX_set_iv_length  wolfSSL_EVP_CIPHER_CTX_set_iv_length
 #define EVP_CIPHER_CTX_mode           wolfSSL_EVP_CIPHER_CTX_mode
 #define EVP_CIPHER_CTX_cipher         wolfSSL_EVP_CIPHER_CTX_cipher
 
@@ -848,8 +984,7 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 
 #define EVP_get_cipherbynid           wolfSSL_EVP_get_cipherbynid
 #define EVP_get_digestbynid           wolfSSL_EVP_get_digestbynid
-#define EVP_get_cipherbyname          wolfSSL_EVP_get_cipherbyname
+#define EVP_MD_nid                    wolfSSL_EVP_MD_type
-#define EVP_get_digestbyname          wolfSSL_EVP_get_digestbyname
 
 #define EVP_PKEY_assign                wolfSSL_EVP_PKEY_assign
 #define EVP_PKEY_assign_RSA            wolfSSL_EVP_PKEY_assign_RSA
@@ -869,16 +1004,24 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_PKEY_get0_EC_KEY           wolfSSL_EVP_PKEY_get0_EC_KEY
 #define EVP_PKEY_get0_hmac             wolfSSL_EVP_PKEY_get0_hmac
 #define EVP_PKEY_new_mac_key           wolfSSL_EVP_PKEY_new_mac_key
+#define EVP_PKEY_new_CMAC_key          wolfSSL_EVP_PKEY_new_CMAC_key
 #define EVP_MD_CTX_copy                wolfSSL_EVP_MD_CTX_copy
 #define EVP_MD_CTX_copy_ex             wolfSSL_EVP_MD_CTX_copy_ex
 #define EVP_PKEY_sign_init             wolfSSL_EVP_PKEY_sign_init
 #define EVP_PKEY_sign                  wolfSSL_EVP_PKEY_sign
+#define EVP_PKEY_verify_init           wolfSSL_EVP_PKEY_verify_init
+#define EVP_PKEY_verify                wolfSSL_EVP_PKEY_verify
+#define EVP_PKEY_paramgen_init         wolfSSL_EVP_PKEY_paramgen_init
+#define EVP_PKEY_CTX_set_ec_param_enc  wolfSSL_EVP_PKEY_CTX_set_ec_param_enc
+#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid
+#define EVP_PKEY_paramgen              wolfSSL_EVP_PKEY_paramgen
 #define EVP_PKEY_keygen                wolfSSL_EVP_PKEY_keygen
 #define EVP_PKEY_keygen_init           wolfSSL_EVP_PKEY_keygen_init
 #define EVP_PKEY_bits                  wolfSSL_EVP_PKEY_bits
 #define EVP_PKEY_CTX_free              wolfSSL_EVP_PKEY_CTX_free
 #define EVP_PKEY_CTX_new               wolfSSL_EVP_PKEY_CTX_new
 #define EVP_PKEY_CTX_set_rsa_padding   wolfSSL_EVP_PKEY_CTX_set_rsa_padding
+#define EVP_PKEY_CTX_set_signature_md  wolfSSL_EVP_PKEY_CTX_set_signature_md
 #define EVP_PKEY_CTX_new_id            wolfSSL_EVP_PKEY_CTX_new_id
 #define EVP_PKEY_CTX_set_rsa_keygen_bits wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits
 #define EVP_PKEY_derive_init           wolfSSL_EVP_PKEY_derive_init
@@ -900,6 +1043,8 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid
 #define EVP_PKEY_id                    wolfSSL_EVP_PKEY_id
 #define EVP_PKEY_CTX_ctrl_str          wolfSSL_EVP_PKEY_CTX_ctrl_str
+#define EVP_PKCS82PKEY                 wolfSSL_EVP_PKCS82PKEY
+#define EVP_PKEY2PKCS8                 wolfSSL_EVP_PKEY2PKCS8
 #define EVP_SignFinal                  wolfSSL_EVP_SignFinal
 #define EVP_SignInit                   wolfSSL_EVP_SignInit
 #define EVP_SignInit_ex                wolfSSL_EVP_SignInit_ex
@@ -917,6 +1062,7 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding
 #define EVP_CIPHER_CTX_flags       wolfSSL_EVP_CIPHER_CTX_flags
 #define EVP_CIPHER_CTX_set_iv      wolfSSL_EVP_CIPHER_CTX_set_iv
+#define EVP_CIPHER_CTX_get_iv      wolfSSL_EVP_CIPHER_CTX_get_iv
 #define EVP_add_digest             wolfSSL_EVP_add_digest
 #define EVP_add_cipher             wolfSSL_EVP_add_cipher
 #define EVP_cleanup                wolfSSL_EVP_cleanup
@@ -941,6 +1087,7 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 
 #define PKCS5_PBKDF2_HMAC_SHA1     wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
 #define PKCS5_PBKDF2_HMAC          wolfSSL_PKCS5_PBKDF2_HMAC
+#define EVP_PBE_scrypt             wolfSSL_EVP_PBE_scrypt
 
 /* OpenSSL compat. ctrl values */
 #define EVP_CTRL_INIT                  0x0
@@ -1007,6 +1154,8 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_EncodeInit       wolfSSL_EVP_EncodeInit
 #define EVP_EncodeUpdate     wolfSSL_EVP_EncodeUpdate
 #define EVP_EncodeFinal      wolfSSL_EVP_EncodeFinal
+#define EVP_EncodeBlock      wolfSSL_EVP_EncodeBlock
+#define EVP_DecodeBlock      wolfSSL_EVP_DecodeBlock
 #endif /* WOLFSSL_BASE64_ENCODE */
 #if defined(WOLFSSL_BASE64_DECODE)
 #define EVP_DecodeInit       wolfSSL_EVP_DecodeInit
@@ -1016,9 +1165,20 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 
 #define EVP_blake2b512       wolfSSL_EVP_blake2b512
 #define EVP_blake2s256       wolfSSL_EVP_blake2s256
+#define EVP_MD_do_all        wolfSSL_EVP_MD_do_all
+
+#ifdef HAVE_HKDF
+#define EVP_PKEY_CTX_set_hkdf_md    wolfSSL_EVP_PKEY_CTX_set_hkdf_md
+#define EVP_PKEY_CTX_set1_hkdf_salt wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt
+#define EVP_PKEY_CTX_set1_hkdf_key  wolfSSL_EVP_PKEY_CTX_set1_hkdf_key
+#define EVP_PKEY_CTX_add1_hkdf_info wolfSSL_EVP_PKEY_CTX_add1_hkdf_info
+#define EVP_PKEY_CTX_hkdf_mode      wolfSSL_EVP_PKEY_CTX_hkdf_mode
+#endif
 
 WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

source/libs/libwolfssl/openssl/hmac.h

@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,7 @@
 
 
 
-/*  hmac.h defines mini hamc openssl compatibility layer
+/*  hmac.h defines mini hmac openssl compatibility layer
  *
  */
 
@@ -35,16 +35,7 @@
 #include "prefix_hmac.h"
 #endif
 
-#include <libs/libwolfssl/wolfcrypt/hmac.h>
+#include <libs/libwolfssl/openssl/compat_types.h>
-
-typedef struct WOLFSSL_HMAC_CTX {
-    Hmac hmac;
-    int  type;
-    word32  save_ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
-    word32  save_opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
-} WOLFSSL_HMAC_CTX;
-
-#include <libs/libwolfssl/openssl/evp.h>
 #include <libs/libwolfssl/openssl/opensslv.h>
 
 #ifdef __cplusplus

source/libs/libwolfssl/openssl/kdf.h

@@ -1,6 +1,6 @@
-/* nrf51.h
+/* kdf.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,26 +19,19 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
+#ifndef WOLFSSL_KDF_H_
-#ifndef WOLFSSL_NRF51_PORT_H
+#define WOLFSSL_KDF_H_
-#define WOLFSSL_NRF51_PORT_H
 
 #ifdef __cplusplus
     extern "C" {
 #endif
 
-#include <libs/libwolfssl/wolfcrypt/types.h>
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
-
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
-/* Public Functions */
+#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
-int nrf51_random_generate(byte* output, word32 sz);
-
-int nrf51_aes_set_key(const byte* key);
-int nrf51_aes_encrypt(const byte* in, const byte* key, word32 rounds, byte* out);
-
-double current_time(int reset);
 
 #ifdef __cplusplus
-}
+    }  /* extern "C" */
 #endif
 
-#endif /* WOLFSSL_NRF51_PORT_H */
+#endif /* WOLFSSL_KDF_H_ */

source/libs/libwolfssl/openssl/lhash.h

@@ -1,6 +1,6 @@
 /* lhash.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/md4.h

@@ -1,6 +1,6 @@
 /* md4.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,9 +41,10 @@ typedef struct WOLFSSL_MD4_CTX {
 } WOLFSSL_MD4_CTX;
 
 
-WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*);
+WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4);
-WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long);
+WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
-WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*);
+                       unsigned long len);
+WOLFSSL_API void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4);
 
 
 typedef WOLFSSL_MD4_CTX MD4_CTX;

source/libs/libwolfssl/openssl/md5.h

@@ -1,6 +1,6 @@
 /* md5.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,10 +49,14 @@ typedef struct WOLFSSL_MD5_CTX {
 #endif
 } WOLFSSL_MD5_CTX;
 
-WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
+WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5);
-WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
+WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input,
-WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
+                           unsigned long sz);
-WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX*, const unsigned char*);
+WOLFSSL_API int wolfSSL_MD5_Final(unsigned char* output, WOLFSSL_MD5_CTX* md5);
+WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char* data);
+
+WOLFSSL_API unsigned char *wolfSSL_MD5(const unsigned char* data, size_t len,
+            unsigned char* hash);
 
 typedef WOLFSSL_MD5_CTX MD5_CTX;
 
@@ -67,11 +71,29 @@ typedef WOLFSSL_MD5_CTX MD5_CTX;
     #define MD5Final wolfSSL_MD5_Final
 #endif
 
-#ifndef MD5
+/* "MD5" has some conflicts
-#define MD5(d, n, md) wc_Md5Hash((d), (n), (md))
+ * If not FIPS and NO_OLD_SHA_NAMES defined
+ * If FIPS V2 or higher and NO_OLD_MD5_NAME defined
+ * If FIPS V2 and NO_OLD_WC_NAMES defined
+ * If FIPS v1 not allowed
+ */
+#if (defined(NO_OLD_MD5_NAME) && !defined(HAVE_FIPS)) || \
+    (defined(NO_OLD_MD5_NAME)    && defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2) || \
+    (defined(NO_OLD_WC_NAMES) && defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2)
+
+    #define MD5               wolfSSL_MD5
 #endif
 
+/* FIPS v1 uses old MD5_DIGEST_SIZE naming */
+#if (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) && \
+         defined(OPENSSL_EXTRA)
+    #define MD5_DIGEST_LENGTH WC_MD5_DIGEST_SIZE
+#else
     #define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
+#endif
 
 #ifdef __cplusplus
     }  /* extern "C" */

source/libs/libwolfssl/openssl/obj_mac.h

@@ -1,6 +1,6 @@
 /* obj_mac.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/objects.h

@@ -1,6 +1,6 @@
 /* objects.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,7 +24,6 @@
 #define WOLFSSL_OBJECTS_H_
 
 #include <libs/libwolfssl/wolfcrypt/settings.h>
-//#include <libs/libwolfssl/openssl/ssl.h>
 #ifndef OPENSSL_EXTRA_SSL_GUARD
 #define OPENSSL_EXTRA_SSL_GUARD
 #include <libs/libwolfssl/ssl.h>
@@ -34,9 +33,21 @@
     extern "C" {
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+#define OBJ_NAME_TYPE_UNDEF     WOLFSSL_OBJ_NAME_TYPE_UNDEF
+#define OBJ_NAME_TYPE_MD_METH   WOLFSSL_OBJ_NAME_TYPE_MD_METH
+#define OBJ_NAME_TYPE_CIPHER_METH   WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH
+#define OBJ_NAME_TYPE_PKEY_METH     WOLFSSL_OBJ_NAME_TYPE_PKEY_METH
+#define OBJ_NAME_TYPE_COMP_METH     WOLFSSL_OBJ_NAME_TYPE_COMP_METH
+#define OBJ_NAME_TYPE_NUM           WOLFSSL_OBJ_NAME_TYPE_NUM
+#define OBJ_NAME_ALIAS              WOLFSSL_OBJ_NAME_ALIAS
+
 #define OBJ_nid2sn       wolfSSL_OBJ_nid2sn
 #define OBJ_obj2nid      wolfSSL_OBJ_obj2nid
 #define OBJ_sn2nid       wolfSSL_OBJ_sn2nid
+#define OBJ_length       wolfSSL_OBJ_length
+#define OBJ_get0_data    wolfSSL_OBJ_get0_data
 #define OBJ_nid2ln       wolfSSL_OBJ_nid2ln
 #define OBJ_ln2nid       wolfSSL_OBJ_ln2nid
 #define OBJ_txt2nid      wolfSSL_OBJ_txt2nid
@@ -47,6 +58,8 @@
 #define OBJ_cmp          wolfSSL_OBJ_cmp
 #define OBJ_create       wolfSSL_OBJ_create
 #define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free
+#define OBJ_NAME_do_all  wolfSSL_OBJ_NAME_do_all
+#define i2t_ASN1_OBJECT  wolfSSL_i2t_ASN1_OBJECT
 
 /* not required for wolfSSL */
 #define OPENSSL_load_builtin_modules()
@@ -55,6 +68,8 @@
 #define NID_ad_OCSP                     178
 #define NID_ad_ca_issuers               179
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 
 #ifdef __cplusplus
     }  /* extern "C" */

source/libs/libwolfssl/openssl/ocsp.h

@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,7 +34,7 @@
 #define OCSP_CERTID               WOLFSSL_OCSP_CERTID
 #define OCSP_ONEREQ               WOLFSSL_OCSP_ONEREQ
 
-#define OCSP_REVOKED_STATUS_NOSTATUS     -1
+#define OCSP_REVOKED_STATUS_NOSTATUS     (-1)
 
 
 #define OCSP_RESPONSE_STATUS_SUCCESSFUL  0
@@ -78,6 +78,7 @@
 #define i2d_OCSP_REQUEST_bio      wolfSSL_i2d_OCSP_REQUEST_bio
 
 #define i2d_OCSP_CERTID           wolfSSL_i2d_OCSP_CERTID
+#define d2i_OCSP_CERTID           wolfSSL_d2i_OCSP_CERTID
 #define OCSP_SINGLERESP_get0_id   wolfSSL_OCSP_SINGLERESP_get0_id
 #define OCSP_id_cmp               wolfSSL_OCSP_id_cmp
 #define OCSP_single_get0_status   wolfSSL_OCSP_single_get0_status

source/libs/libwolfssl/openssl/opensslv.h

@@ -1,6 +1,6 @@
 /* opensslv.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,20 +24,25 @@
 #ifndef WOLFSSL_OPENSSLV_H_
 #define WOLFSSL_OPENSSLV_H_
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* api version compatibility */
-#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
+#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x009070dfL) ||\
+    defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
      /* valid version */
-#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || defined(WOLFSSL_BIND)
+#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
+      defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
+      defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL)
     /* For Apache httpd, Use 1.1.0 compatibility */
-     #define OPENSSL_VERSION_NUMBER 0x10100000L
+     #define OPENSSL_VERSION_NUMBER 0x10100003L
-#elif  defined(WOLFSSL_QT)
+#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)
+    /* For Qt and Python 3.8.5 compatibility */
      #define OPENSSL_VERSION_NUMBER 0x10101000L
-#elif defined(WOLFSSL_HAPROXY)
+#elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG)
      #define OPENSSL_VERSION_NUMBER 0x1010000fL
-#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \
+#elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \
     defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN)
      /* version number can be increased for Lighty after compatibility for ECDH
         is added */
@@ -46,7 +51,9 @@
      #define OPENSSL_VERSION_NUMBER 0x0090810fL
 #endif
 
-#define OPENSSL_VERSION_TEXT             LIBWOLFSSL_VERSION_STRING
+#define OPENSSL_VERSION_TEXT             "wolfSSL " LIBWOLFSSL_VERSION_STRING
 #define OPENSSL_VERSION                  0
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #endif /* header */

source/libs/libwolfssl/openssl/ossl_typ.h

@@ -1,6 +1,6 @@
 /* ossl_typ.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/pem.h

@@ -1,6 +1,6 @@
 /* pem.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,14 +42,12 @@
 /* RSA */
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
-                                        const EVP_CIPHER* cipher,
+                                        const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
-                                        pem_password_cb* cb, void* arg);
+                                        wc_pem_password_cb* cb, void* arg);
 WOLFSSL_API
 WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio,
-                                                  WOLFSSL_RSA**,
+        WOLFSSL_RSA** rsa, wc_pem_password_cb* cb, void* pass);
-                                                  pem_password_cb* cb,
-                                                  void* arg);
 
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa);
@@ -57,64 +55,77 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa);
 WOLFSSL_API
 WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
                                              WOLFSSL_RSA** rsa,
-                                             pem_password_cb* cb, void *u);
+                                             wc_pem_password_cb* cb, void *u);
 
 WOLFSSL_API
 WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
                                                       WOLFSSL_EC_GROUP** group,
-                                                      pem_password_cb* cb,
+                                                      wc_pem_password_cb* cb,
                                                       void* pass);
 WOLFSSL_API
-int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
+                                        const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
                                         unsigned char **pem, int *plen);
 #if !defined(NO_FILESYSTEM)
 WOLFSSL_API
 int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
-                                    const EVP_CIPHER *enc,
+                                    const WOLFSSL_EVP_CIPHER *enc,
                                     unsigned char *kstr, int klen,
-                                    pem_password_cb *cb, void *u);
+                                    wc_pem_password_cb *cb, void *u);
+
+WOLFSSL_API
+WOLFSSL_RSA* wolfSSL_PEM_read_RSAPrivateKey(XFILE fp, WOLFSSL_RSA** rsa,
+                                            wc_pem_password_cb* cb, void* pass);
+
 WOLFSSL_API
 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA **x,
-                                           pem_password_cb *cb, void *u);
+                                           wc_pem_password_cb *cb, void *u);
 WOLFSSL_API
-int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA *x);
+int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* key);
 
 WOLFSSL_API
 int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA *x);
+
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_PEM_read_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA** rsa,
+                                         wc_pem_password_cb* cb, void *pass);
 #endif /* NO_FILESYSTEM */
 
 /* DSA */
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
                                         WOLFSSL_DSA* dsa,
-                                        const EVP_CIPHER* cipher,
+                                        const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
-                                        pem_password_cb* cb, void* arg);
+                                        wc_pem_password_cb* cb, void* arg);
 
 WOLFSSL_API
 WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
                                                 WOLFSSL_DSA** dsa,
-                                                pem_password_cb* cb,void *pass);
+                                                wc_pem_password_cb* cb,
+                                                void *pass);
 
 WOLFSSL_API
-WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa,
+WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,
-                                               pem_password_cb* cb, void *pass);
+                                             WOLFSSL_DSA** dsa,
+                                             wc_pem_password_cb* cb,
+                                             void *pass);
 
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa);
 
 WOLFSSL_API
 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
-                                        const EVP_CIPHER* cipher,
+                                        const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
                                         unsigned char **pem, int *plen);
 #if !defined(NO_FILESYSTEM)
 WOLFSSL_API
 int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa,
-                                    const EVP_CIPHER *enc,
+                                    const WOLFSSL_EVP_CIPHER *enc,
                                     unsigned char *kstr, int klen,
-                                    pem_password_cb *cb, void *u);
+                                    wc_pem_password_cb *cb, void *u);
 WOLFSSL_API
 int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x);
 #endif /* NO_FILESYSTEM */
@@ -122,52 +133,54 @@ int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x);
 /* ECC */
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
-                                       const EVP_CIPHER* cipher,
+                                       const WOLFSSL_EVP_CIPHER* cipher,
                                        unsigned char* passwd, int len,
-                                       pem_password_cb* cb, void* arg);
+                                       wc_pem_password_cb* cb, void* arg);
 WOLFSSL_API
 WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio,
                                                   WOLFSSL_EC_KEY** ec,
-                                                  pem_password_cb* cb,
+                                                  wc_pem_password_cb* cb,
                                                   void *pass);
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec);
 
 WOLFSSL_API
 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key,
-                                       const EVP_CIPHER* cipher,
+                                       const WOLFSSL_EVP_CIPHER* cipher,
                                        unsigned char* passwd, int len,
                                        unsigned char **pem, int *plen);
 #if !defined(NO_FILESYSTEM)
 WOLFSSL_API
 int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *key,
-                                   const EVP_CIPHER *enc,
+                                   const WOLFSSL_EVP_CIPHER *enc,
                                    unsigned char *kstr, int klen,
-                                   pem_password_cb *cb, void *u);
+                                   wc_pem_password_cb *cb, void *u);
 WOLFSSL_API
 int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key);
 
 WOLFSSL_API
 WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio,
                                                WOLFSSL_EC_KEY** ec,
-                                               pem_password_cb* cb, void *pass);
+                                               wc_pem_password_cb* cb,
+                                               void *pass);
 #endif /* NO_FILESYSTEM */
 
 /* EVP_KEY */
 WOLFSSL_API
 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
-                                                  WOLFSSL_EVP_PKEY**,
+                                                  WOLFSSL_EVP_PKEY** key,
-                                                  pem_password_cb* cb,
+                                                  wc_pem_password_cb* cb,
-                                                  void* arg);
+                                                  void* pass);
 WOLFSSL_API
 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
                                               WOLFSSL_EVP_PKEY **key,
-                                              pem_password_cb *cb, void *pass);
+                                              wc_pem_password_cb *cb,
+                                              void *pass);
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
                                         const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
-                                        pem_password_cb* cb, void* arg);
+                                        wc_pem_password_cb* cb, void* arg);
 WOLFSSL_API
 int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key);
 
@@ -190,14 +203,14 @@ int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header,
 
 #if !defined(NO_FILESYSTEM)
 WOLFSSL_API
-WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x,
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **x,
-                                          pem_password_cb *cb, void *u);
+                                          wc_pem_password_cb *cb, void *u);
 WOLFSSL_API
 WOLFSSL_X509 *wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
-                                          pem_password_cb *cb, void *u);
+                                          wc_pem_password_cb *cb, void *u);
 WOLFSSL_API
 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **x,
-                                          pem_password_cb *cb, void *u);
+                                          wc_pem_password_cb *cb, void *u);
 
 WOLFSSL_API
 int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509 *x);
@@ -215,17 +228,21 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_X509                  wolfSSL_PEM_write_X509
 #define PEM_write_bio_PrivateKey        wolfSSL_PEM_write_bio_PrivateKey
 #define PEM_write_bio_PKCS8PrivateKey   wolfSSL_PEM_write_bio_PKCS8PrivateKey
+#define PEM_write_PKCS8PrivateKey       wolfSSL_PEM_write_PKCS8PrivateKey
 
 /* DH */
 #define PEM_write_DHparams              wolfSSL_PEM_write_DHparams
 /* RSA */
 #define PEM_write_bio_RSAPrivateKey     wolfSSL_PEM_write_bio_RSAPrivateKey
 #define PEM_read_bio_RSAPrivateKey      wolfSSL_PEM_read_bio_RSAPrivateKey
+#define PEM_read_RSAPrivateKey          wolfSSL_PEM_read_RSAPrivateKey
 #define PEM_write_bio_RSA_PUBKEY        wolfSSL_PEM_write_bio_RSA_PUBKEY
 #define PEM_read_bio_RSA_PUBKEY         wolfSSL_PEM_read_bio_RSA_PUBKEY
+#define PEM_read_bio_RSAPublicKey       wolfSSL_PEM_read_bio_RSA_PUBKEY
 #define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #define PEM_write_RSAPrivateKey         wolfSSL_PEM_write_RSAPrivateKey
 #define PEM_write_RSA_PUBKEY            wolfSSL_PEM_write_RSA_PUBKEY
+#define PEM_read_RSA_PUBKEY             wolfSSL_PEM_read_RSA_PUBKEY
 #define PEM_write_RSAPublicKey          wolfSSL_PEM_write_RSAPublicKey
 #define PEM_read_RSAPublicKey           wolfSSL_PEM_read_RSAPublicKey
 /* DSA */

source/libs/libwolfssl/openssl/pkcs12.h

@@ -1,6 +1,6 @@
 /* pkcs12.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/pkcs7.h

@@ -1,6 +1,6 @@
 /* pkcs7.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,14 +34,21 @@
 
 #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
 
+#define PKCS7_TEXT             0x1
+#define PKCS7_NOCERTS          0x2
+#define PKCS7_DETACHED         0x40
+#define PKCS7_BINARY           0x80
 #define PKCS7_NOINTERN         0x0010
 #define PKCS7_NOVERIFY         0x0020
+#define PKCS7_STREAM           0x1000
+#define PKCS7_PARTIAL          0x4000
 
 typedef struct WOLFSSL_PKCS7
 {
     PKCS7 pkcs7;
     unsigned char* data;
     int len;
+    int type;   /* from PKCS7_TYPES, for PKCS7_final() */
     WOLFSSL_STACK* certs;
 } WOLFSSL_PKCS7;
 
@@ -56,8 +63,12 @@ WOLFSSL_LOCAL PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in,
     int len, byte* content, word32 contentSz);
 WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
 WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
+WOLFSSL_API int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out);
+WOLFSSL_API PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer,
+    WOLFSSL_EVP_PKEY* pkey, WOLFSSL_STACK* certs, WOLFSSL_BIO* in, int flags);
 WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
     WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
+WOLFSSL_API int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags);
 WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
                                            WOLFSSL_BIO* out);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7);
@@ -66,6 +77,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
 #if defined(HAVE_SMIME)
 WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont);
+WOLFSSL_API int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7,
+                                          WOLFSSL_BIO* in, int flags);
 #endif /* HAVE_SMIME */
 
 
@@ -76,11 +89,15 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont
 #define d2i_PKCS7                      wolfSSL_d2i_PKCS7
 #define d2i_PKCS7_bio                  wolfSSL_d2i_PKCS7_bio
 #define i2d_PKCS7_bio                  wolfSSL_i2d_PKCS7_bio
+#define i2d_PKCS7                      wolfSSL_i2d_PKCS7
+#define PKCS7_sign                     wolfSSL_PKCS7_sign
 #define PKCS7_verify                   wolfSSL_PKCS7_verify
+#define PKCS7_final                    wolfSSL_PKCS7_final
 #define PKCS7_get0_signers             wolfSSL_PKCS7_get0_signers
 #define PEM_write_bio_PKCS7            wolfSSL_PEM_write_bio_PKCS7
 #if defined(HAVE_SMIME)
 #define SMIME_read_PKCS7               wolfSSL_SMIME_read_PKCS7
+#define SMIME_write_PKCS7              wolfSSL_SMIME_write_PKCS7
 #endif /* HAVE_SMIME */
 
 #endif /* OPENSSL_ALL && HAVE_PKCS7 */

source/libs/libwolfssl/openssl/rand.h

@@ -1,6 +1,6 @@
 /* rand.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/rc4.h

@@ -1,6 +1,6 @@
 /* rc4.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/ripemd.h

@@ -1,6 +1,6 @@
 /* ripemd.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/rsa.h

@@ -1,6 +1,6 @@
 /* rsa.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,6 +33,7 @@
     extern "C" {
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* Padding types */
 #define RSA_PKCS1_PADDING      0
 #define RSA_PKCS1_OAEP_PADDING 1
@@ -50,92 +51,103 @@
 #define RSA_FLAG_NO_CONSTTIME           (1 << 8)
 
 /* Salt length same as digest length */
-#define RSA_PSS_SALTLEN_DIGEST   -1
+#define RSA_PSS_SALTLEN_DIGEST   (-1)
 /* Old max salt length */
-#define RSA_PSS_SALTLEN_MAX_SIGN -2
+#define RSA_PSS_SALTLEN_MAX_SIGN (-2)
 /* Max salt length */
-#define RSA_PSS_SALTLEN_MAX      -3
+#define RSA_PSS_SALTLEN_MAX      (-3)
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 typedef struct WOLFSSL_RSA_METHOD {
+    /* Flags of RSA key implementation. */
     int flags;
+    /* Name of RSA key implementation. */
     char *name;
+    /* RSA method dynamically allocated. */
+    word16 dynamic:1;
 } WOLFSSL_RSA_METHOD;
 
 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
 #define WOLFSSL_RSA_TYPE_DEFINED
+/* RSA key compatable with OpenSSL. */
 typedef struct WOLFSSL_RSA {
-#ifdef WC_RSA_BLINDING
+    WOLFSSL_BIGNUM* n;              /* Modulus. */
-    WC_RNG* rng;              /* for PrivateDecrypt blinding */
+    WOLFSSL_BIGNUM* e;              /* Public exponent. */
-#endif
+    WOLFSSL_BIGNUM* d;              /* Private exponent. */
-    WOLFSSL_BIGNUM* n;
+    WOLFSSL_BIGNUM* p;              /* First prime. */
-    WOLFSSL_BIGNUM* e;
+    WOLFSSL_BIGNUM* q;              /* Second prime. */
-    WOLFSSL_BIGNUM* d;
+    WOLFSSL_BIGNUM* dmp1;           /* dP = d mod (p - 1) */
-    WOLFSSL_BIGNUM* p;
+    WOLFSSL_BIGNUM* dmq1;           /* dQ = d mod (q - 1) */
-    WOLFSSL_BIGNUM* q;
+    WOLFSSL_BIGNUM* iqmp;           /* u = (1 / q) mod p */
-    WOLFSSL_BIGNUM* dmp1;      /* dP */
+    void* heap;                     /* Heap used for memory allocations. */
-    WOLFSSL_BIGNUM* dmq1;      /* dQ */
+    void* internal;                 /* wolfCrypt RSA key. */
-    WOLFSSL_BIGNUM* iqmp;      /* u */
-    void*          heap;
-    void*          internal;  /* our RSA */
 #if defined(OPENSSL_EXTRA)
-    WOLFSSL_RSA_METHOD* meth;
+    const WOLFSSL_RSA_METHOD* meth; /* RSA method. */
 #endif
-#if defined(HAVE_EX_DATA)
+#ifdef HAVE_EX_DATA
     WOLFSSL_CRYPTO_EX_DATA ex_data;  /* external data */
 #endif
-#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
+    wolfSSL_Ref ref;                 /* Reference count information. */
-    wolfSSL_Mutex    refMutex;                       /* ref count mutex */
+    word16 pkcs8HeaderSz;            /* Size of PKCS#8 header from decode. */
-    int              refCount;                       /* reference count */
+    int flags;                       /* Flags of implementation. */
-#endif
-    word16 pkcs8HeaderSz;
 
     /* bits */
-    byte inSet:1;     /* internal set from external ? */
+    byte inSet:1;                    /* Internal set from external. */
-    byte exSet:1;     /* external set from internal ? */
+    byte exSet:1;                    /* External set from internal. */
-    byte ownRng:1;    /* flag for if the rng should be free'd */
+    byte ownRng:1;                   /* Rng needs to be free'd. */
 } WOLFSSL_RSA;
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 typedef WOLFSSL_RSA                   RSA;
 typedef WOLFSSL_RSA_METHOD            RSA_METHOD;
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
+WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
-WOLFSSL_API void        wolfSSL_RSA_free(WOLFSSL_RSA*);
+WOLFSSL_API void        wolfSSL_RSA_free(WOLFSSL_RSA* rsa);
 
-WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*,
+WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits,
-                                          void* cb);
+                                            WOLFSSL_BIGNUM* bn, void* cb);
 
-WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn);
+WOLFSSL_API int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
-	                               unsigned char* to, WOLFSSL_RSA*, int padding);
+                                       unsigned char* to, WOLFSSL_RSA* rsa,
+                                       int padding);
 WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
-	                               unsigned char* to, WOLFSSL_RSA*, int padding);
+                                       unsigned char* to, WOLFSSL_RSA* rsa,
+                                       int padding);
 WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, const unsigned char* in,
                             unsigned char* out, WOLFSSL_RSA* rsa, int padding);
 
-WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa);
-WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
                                unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*);
+                               unsigned int* sigLen, WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
                                unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*, int);
+                               unsigned int* sigLen, WOLFSSL_RSA* rsa,
+                               int flag);
 WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
                                unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*, int, int);
+                               unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag,
+                               int padding);
 WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
                                unsigned int mLen, const unsigned char* sig,
-                               unsigned int sigLen, WOLFSSL_RSA*);
+                               unsigned int sigLen, WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
                                unsigned int mLen, const unsigned char* sig,
                                unsigned int sigLen, WOLFSSL_RSA* rsa,
                                int padding);
 WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
-                                  unsigned char* to, WOLFSSL_RSA*, int padding);
+                               unsigned char* to, WOLFSSL_RSA* rsa, int padding);
-WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa);
-WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
+WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa,
-WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt);
+                               const unsigned char* derBuf, int derSz);
+WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa,
+                               const unsigned char* derBuf, int derSz, int opt);
 
 WOLFSSL_API WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags);
 WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth);
@@ -174,6 +186,7 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
     wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #define WOLFSSL_RSA_LOAD_PRIVATE 1
 #define WOLFSSL_RSA_LOAD_PUBLIC  2
 #define WOLFSSL_RSA_F4           0x10001L
@@ -184,6 +197,7 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 #define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex
 
 #define RSA_blinding_on     wolfSSL_RSA_blinding_on
+#define RSA_check_key       wolfSSL_RSA_check_key
 #define RSA_public_encrypt  wolfSSL_RSA_public_encrypt
 #define RSA_private_decrypt wolfSSL_RSA_private_decrypt
 #define RSA_private_encrypt wolfSSL_RSA_private_encrypt
@@ -224,6 +238,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 
 #define RSA_F4             WOLFSSL_RSA_F4
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif

source/libs/libwolfssl/openssl/sha.h

@@ -1,6 +1,6 @@
 /* sha.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,35 +36,40 @@
     extern "C" {
 #endif
 
-
+#ifndef NO_SHA
 typedef struct WOLFSSL_SHA_CTX {
     /* big enough to hold wolfcrypt Sha, but check on init */
 #if defined(STM32_HASH)
     void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(STM32_HASH_Context)) / sizeof(void*)];
 #else
     void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+#endif
+    #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
+    void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))];
     #endif
     #ifdef WOLF_CRYPTO_CB
     void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)];
     #endif
 } WOLFSSL_SHA_CTX;
 
-WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
+WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
+WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input,
-WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
+                           unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*, 
+WOLFSSL_API int wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha,
                                          const unsigned char* data);
 /* SHA1 points to above, shouldn't use SHA0 ever */
-WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
+WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
+WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
-WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
+                            unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*, 
+WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha,
                                           const unsigned char *data);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 enum {
     SHA_DIGEST_LENGTH = 20
 };
 
-
 typedef WOLFSSL_SHA_CTX SHA_CTX;
 
 #define SHA_Init wolfSSL_SHA_Init
@@ -85,6 +90,16 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
 #define SHA1_Final wolfSSL_SHA1_Final
 #define SHA1_Transform wolfSSL_SHA1_Transform
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !NO_SHA */
+
+/* adder for HW crypto */
+#ifdef STM32_HASH
+#define CTX_SHA2_HW_ADDER 34
+#else
+#define CTX_SHA2_HW_ADDER 0
+#endif
+
 #ifdef WOLFSSL_SHA224
 
 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
@@ -92,19 +107,19 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
  * to Sha224, is expected to also be 16 byte aligned addresses.  */
 typedef struct WOLFSSL_SHA224_CTX {
     /* big enough to hold wolfcrypt Sha224, but check on init */
-    ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+    ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE) /
+                                                                 sizeof(void*)];
 } WOLFSSL_SHA224_CTX;
 
-WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX*);
+WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
-	                                 unsigned long);
+                           unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA224_Final(unsigned char*, WOLFSSL_SHA224_CTX*);
+WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha);
-
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 enum {
     SHA224_DIGEST_LENGTH = 28
 };
 
-
 typedef WOLFSSL_SHA224_CTX SHA224_CTX;
 
 #define SHA224_Init   wolfSSL_SHA224_Init
@@ -117,29 +132,30 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
      * because of SHA224 enum in FIPS build. */
     #define SHA224 wolfSSL_SHA224
 #endif
-
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 #endif /* WOLFSSL_SHA224 */
 
-
+#ifndef NO_SHA256
 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
  * struct are 16 byte aligned. Any dereference to those elements after casting
  * to Sha256, is expected to also be 16 byte aligned addresses.  */
 typedef struct WOLFSSL_SHA256_CTX {
     /* big enough to hold wolfcrypt Sha256, but check on init */
-    ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+    ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE) /
+                                                                 sizeof(void*)];
 } WOLFSSL_SHA256_CTX;
 
-WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
+WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256);
-WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input,
-                                 unsigned long);
+                              unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
+WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX*, 
+WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
                                                 const unsigned char *data);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 enum {
     SHA256_DIGEST_LENGTH = 32
 };
 
-
 typedef WOLFSSL_SHA256_CTX SHA256_CTX;
 
 #define SHA256_Init   wolfSSL_SHA256_Init
@@ -147,30 +163,40 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
 #define SHA256_Final  wolfSSL_SHA256_Final
 #define SHA256_Transform wolfSSL_SHA256_Transform
 
-#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+/* "SHA256" has some conflicts
-    /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
+ * If not FIPS and NO_OLD_SHA_NAMES defined
-     * build. */
+ * If FIPS V3 or higher and NO_OLD_SHA_NAMES defined
+ * If FIPS V2 and NO_OLD_SHA256_NAMES defined
+ * If FIPS v1 not allowed
+ * If HAVE_SELFTEST not allowed
+ */
+#if !defined(HAVE_SELFTEST) && \
+    (defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)) || \
+    (defined(NO_OLD_SHA_NAMES)    && defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) || \
+    (defined(NO_OLD_SHA256_NAMES) && defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2)
+
     #define SHA256 wolfSSL_SHA256
 #endif
-
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !NO_SHA256 */
 
 #ifdef WOLFSSL_SHA384
-
 typedef struct WOLFSSL_SHA384_CTX {
     /* big enough to hold wolfCrypt Sha384, but check on init */
     void* holder[(268 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_SHA384_CTX;
 
-WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*);
+WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
-	                                 unsigned long);
+                           unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*);
+WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha);
-
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 enum {
     SHA384_DIGEST_LENGTH = 48
 };
 
-
 typedef WOLFSSL_SHA384_CTX SHA384_CTX;
 
 #define SHA384_Init   wolfSSL_SHA384_Init
@@ -181,26 +207,27 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX;
      * build. */
     #define SHA384 wolfSSL_SHA384
 #endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
-
 typedef struct WOLFSSL_SHA512_CTX {
     /* big enough to hold wolfCrypt Sha384, but check on init */
     void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_SHA512_CTX;
 
-WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
+WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha,
-                                     unsigned long);
+                                      const void* input, unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
+WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX*, 
+WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512,
-                                        const unsigned char*);
+                                         const unsigned char* data);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 enum {
     SHA512_DIGEST_LENGTH = 64
 };
 
-
 typedef WOLFSSL_SHA512_CTX SHA512_CTX;
 
 #define SHA512_Init   wolfSSL_SHA512_Init
@@ -212,6 +239,56 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
      * build. */
     #define SHA512 wolfSSL_SHA512
 #endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#if !defined(WOLFSSL_NOSHA512_224)
+typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX;
+typedef WOLFSSL_SHA512_224_CTX SHA512_224_CTX;
+
+WOLFSSL_API int wolfSSL_SHA512_224_Init(WOLFSSL_SHA512_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_224_Update(WOLFSSL_SHA512_224_CTX* sha,
+                                        const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output,
+                                         WOLFSSL_SHA512_224_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
+                                          const unsigned char* data);
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#define SHA512_224_Init   wolfSSL_SHA512_224_Init
+#define SHA512_224_Update wolfSSL_SHA512_224_Update
+#define SHA512_224_Final  wolfSSL_SHA512_224_Final
+#define SHA512_224_Transform wolfSSL_SHA512_224_Transform
+
+#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+    #define SHA512_224 wolfSSL_SHA512_224
+#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !WOLFSSL_NOSHA512_224 */
+
+#if !defined(WOLFSSL_NOSHA512_256)
+typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_256_CTX;
+typedef WOLFSSL_SHA512_256_CTX SHA512_256_CTX;
+
+WOLFSSL_API int wolfSSL_SHA512_256_Init(WOLFSSL_SHA512_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_256_Update(WOLFSSL_SHA512_256_CTX* sha,
+                                        const void* input, unsigned long sz);
+WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* sha);
+WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
+                                          const unsigned char* data);
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#define SHA512_256_Init   wolfSSL_SHA512_256_Init
+#define SHA512_256_Update wolfSSL_SHA512_256_Update
+#define SHA512_256_Final  wolfSSL_SHA512_256_Final
+#define SHA512_256_Transform wolfSSL_SHA512_256_Transform
+
+#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+    #define SHA512_256 wolfSSL_SHA512_256
+#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !WOLFSSL_NOSHA512_256 */
+
+
 #endif /* WOLFSSL_SHA512 */
 
 

source/libs/libwolfssl/openssl/sha3.h

@@ -1,6 +1,6 @@
 /* sha3.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,7 +36,6 @@
     extern "C" {
 #endif
 
-
 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha3
  * struct are 16 byte aligned. Any dereference to those elements after casting
  * to Sha3 is expected to also be 16 byte aligned addresses.  */
@@ -48,10 +47,11 @@ struct WOLFSSL_SHA3_CTX {
 #ifndef WOLFSSL_NOSHA3_224
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_224_CTX;
 
-WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX* sha, const void* input,
-                                     unsigned long);
+                           unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char*, WOLFSSL_SHA3_224_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char* output,
+                           WOLFSSL_SHA3_224_CTX* sha);
 
 enum {
     SHA3_224_DIGEST_LENGTH = 28
@@ -72,10 +72,11 @@ typedef WOLFSSL_SHA3_224_CTX SHA3_224_CTX;
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_256_CTX;
 
 
-WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX* sha,
-                                     unsigned long);
+                                        const void* input, unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char*, WOLFSSL_SHA3_256_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char* output,
+                                       WOLFSSL_SHA3_256_CTX* sha);
 
 enum {
     SHA3_256_DIGEST_LENGTH = 32
@@ -95,10 +96,11 @@ typedef WOLFSSL_SHA3_256_CTX SHA3_256_CTX;
 
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_384_CTX;
 
-WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX* sha,
-	                                 unsigned long);
+                                        const void* input, unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char*, WOLFSSL_SHA3_384_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char* output,
+                                       WOLFSSL_SHA3_384_CTX* sha);
 
 enum {
     SHA3_384_DIGEST_LENGTH = 48
@@ -118,10 +120,11 @@ typedef WOLFSSL_SHA3_384_CTX SHA3_384_CTX;
 
 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_512_CTX;
 
-WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha);
-WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX*, const void*,
+WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX* sha,
-	                                 unsigned long);
+                                        const void* input, unsigned long sz);
-WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char*, WOLFSSL_SHA3_512_CTX*);
+WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char* output,
+                                       WOLFSSL_SHA3_512_CTX* sha);
 
 enum {
     SHA3_512_DIGEST_LENGTH = 64

source/libs/libwolfssl/openssl/srp.h

@@ -1,6 +1,6 @@
 /* srp.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/openssl/ssl.h

@@ -1,6 +1,6 @@
 /* ssl.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,7 +36,9 @@
 #endif /* OPENSSL_EXTRA_SSL_GUARD */
 
 #include <libs/libwolfssl/openssl/tls1.h>
+#ifndef WOLFCRYPT_ONLY
 #include <libs/libwolfssl/openssl/evp.h>
+#endif
 #include <libs/libwolfssl/openssl/bio.h>
 #ifdef OPENSSL_EXTRA
 #include <libs/libwolfssl/openssl/crypto.h>
@@ -69,9 +71,7 @@
     #undef ASN1_INTEGER
 #endif
 
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
-#endif
 
 typedef WOLFSSL          SSL;
 typedef WOLFSSL_SESSION  SSL_SESSION;
@@ -111,6 +111,9 @@ typedef WOLFSSL_dynlock_value  CRYPTO_dynlock_value;
 typedef WOLFSSL_BUF_MEM        BUF_MEM;
 typedef WOLFSSL_GENERAL_NAMES  GENERAL_NAMES;
 typedef WOLFSSL_GENERAL_NAME GENERAL_NAME;
+typedef WOLFSSL_OBJ_NAME       OBJ_NAME;
+typedef WOLFSSL_DIST_POINT_NAME DIST_POINT_NAME;
+typedef WOLFSSL_DIST_POINT      DIST_POINT;
 
 #define X509_L_FILE_LOAD  WOLFSSL_X509_L_FILE_LOAD
 #define X509_L_ADD_DIR    WOLFSSL_X509_L_ADD_DIR
@@ -146,7 +149,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define CRYPTO_EX_new                   WOLFSSL_CRYPTO_EX_new
 #define CRYPTO_EX_dup                   WOLFSSL_CRYPTO_EX_dup
 #define CRYPTO_EX_free                  WOLFSSL_CRYPTO_EX_free
+#ifdef HAVE_EX_DATA
     #define CRYPTO_EX_DATA                  WOLFSSL_CRYPTO_EX_DATA
+#endif
 
 #define CRYPTO_set_mem_functions        wolfSSL_CRYPTO_set_mem_functions
 
@@ -196,6 +201,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_use_certificate             wolfSSL_use_certificate
 #define SSL_use_certificate_ASN1        wolfSSL_use_certificate_ASN1
 #define d2i_PKCS8_PRIV_KEY_INFO_bio     wolfSSL_d2i_PKCS8_PKEY_bio
+#define d2i_PKCS8_PRIV_KEY_INFO         wolfSSL_d2i_PKCS8_PKEY
+#define i2d_PKCS8_PRIV_KEY_INFO         wolfSSL_i2d_PrivateKey
 #define d2i_PKCS8PrivateKey_bio         wolfSSL_d2i_PKCS8PrivateKey_bio
 #define i2d_PKCS8PrivateKey_bio         wolfSSL_PEM_write_bio_PKCS8PrivateKey
 #define PKCS8_PRIV_KEY_INFO_free        wolfSSL_EVP_PKEY_free
@@ -205,6 +212,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define i2d_PUBKEY                      wolfSSL_i2d_PUBKEY
 #define d2i_PUBKEY                      wolfSSL_d2i_PUBKEY
 #define d2i_PUBKEY_bio                  wolfSSL_d2i_PUBKEY_bio
+#define d2i_PublicKey                   wolfSSL_d2i_PublicKey
 #define d2i_PrivateKey                  wolfSSL_d2i_PrivateKey
 #define d2i_AutoPrivateKey              wolfSSL_d2i_AutoPrivateKey
 #define SSL_use_PrivateKey              wolfSSL_use_PrivateKey
@@ -235,7 +243,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define TLSv1_3_client_method           wolfTLSv1_3_client_method
 #define TLS_method                      wolfSSLv23_method
 
-#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1
+#define X509_FILETYPE_PEM               WOLFSSL_FILETYPE_PEM
+#define X509_FILETYPE_ASN1              WOLFSSL_FILETYPE_ASN1
+#define X509_FILETYPE_DEFAULT           WOLFSSL_FILETYPE_DEFAULT
 
 #define X509_F_X509_CHECK_PRIVATE_KEY   128
 
@@ -258,6 +268,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #else
     #define SSL_CTX_load_verify_locations     wolfSSL_CTX_load_verify_locations
 #endif
+    #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
     #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
     #define SSL_CTX_use_RSAPrivateKey_file    wolfSSL_CTX_use_RSAPrivateKey_file
 
@@ -277,6 +288,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_connect                     wolfSSL_connect
 #define SSL_clear                       wolfSSL_clear
 #define SSL_state                       wolfSSL_state
+#define SSL_read_early_data(ssl, d, dLen, len)   wolfSSL_read_early_data(ssl, d, (int)(dLen), (int *)(len))
+#define SSL_write_early_data(ssl, d, dLen, len)  wolfSSL_write_early_data(ssl, d, (int)(dLen), (int *)(len))
 
 #define SSL_write                       wolfSSL_write
 #define SSL_read                        wolfSSL_read
@@ -285,7 +298,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_CTX_free                    wolfSSL_CTX_free
 #define SSL_free                        wolfSSL_free
 #define SSL_shutdown                    wolfSSL_shutdown
-#define SSL_set_timeout                 wolfSSL_set_timeout
+#define SSL_set_timeout                 wolfSSL_SSL_SESSION_set_timeout
 
 #define SSL_CTX_set_quiet_shutdown      wolfSSL_CTX_set_quiet_shutdown
 #define SSL_set_quiet_shutdown          wolfSSL_set_quiet_shutdown
@@ -294,17 +307,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_get_session(x)              wolfSSL_get_session((WOLFSSL*) (x))
 #define SSL_SESSION_get0_peer           wolfSSL_SESSION_get0_peer
 #define SSL_flush_sessions              wolfSSL_flush_sessions
-/* assume unlimited temporarily */
+#define SSL_CTX_get_session_cache_mode(ctx) \
-#define SSL_CTX_get_session_cache_mode(ctx) 0
+                                       wolfSSL_CTX_get_session_cache_mode((ctx))
 
 #define SSL_CTX_set_verify              wolfSSL_CTX_set_verify
 #define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback
+#define SSL_CTX_set_cert_cb             wolfSSL_CTX_set_cert_cb
 #define SSL_set_verify                  wolfSSL_set_verify
 #define SSL_set_verify_result           wolfSSL_set_verify_result
 #define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake
 #define SSL_set_post_handshake_auth     wolfSSL_set_post_handshake_auth
 #define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth
-#define SSL_pending                     wolfSSL_pending
+#define SSL_pending(x)                  wolfSSL_pending((WOLFSSL*)(x))
+#define SSL_has_pending                 wolfSSL_has_pending
 #define SSL_load_error_strings          wolfSSL_load_error_strings
 #define SSL_library_init                wolfSSL_library_init
 #define OPENSSL_cleanup                 (void)wolfSSL_Cleanup
@@ -317,7 +332,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 /* wolfSSL does not support security levels */
 #define SSL_CTX_set_security_level      wolfSSL_CTX_set_security_level
 #define SSL_CTX_get_security_level      wolfSSL_CTX_get_security_level
-/* wolfSSL does not support exporting keying material */
 #define SSL_export_keying_material      wolfSSL_export_keying_material
 
 #define SSL_CTX_set1_sigalgs_list       wolfSSL_CTX_set1_sigalgs_list
@@ -340,6 +354,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_set_session_id_context      wolfSSL_set_session_id_context
 #define SSL_set_connect_state           wolfSSL_set_connect_state
 #define SSL_set_accept_state            wolfSSL_set_accept_state
+#define SSL_SESSION_new                 wolfSSL_SESSION_new
 #define SSL_session_reused              wolfSSL_session_reused
 #define SSL_SESSION_up_ref              wolfSSL_SESSION_up_ref
 #define SSL_SESSION_dup                 wolfSSL_SESSION_dup
@@ -358,6 +373,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_CIPHER_get_id               wolfSSL_CIPHER_get_id
 #define SSL_CIPHER_get_rfc_name         wolfSSL_CIPHER_get_name
 #define SSL_CIPHER_standard_name        wolfSSL_CIPHER_get_name
+#define SSL_CIPHER_get_auth_nid         wolfSSL_CIPHER_get_auth_nid
+#define SSL_CIPHER_get_cipher_nid       wolfSSL_CIPHER_get_cipher_nid
+#define SSL_CIPHER_get_digest_nid       wolfSSL_CIPHER_get_digest_nid
+#define SSL_CIPHER_get_kx_nid           wolfSSL_CIPHER_get_kx_nid
+#define SSL_CIPHER_is_aead              wolfSSL_CIPHER_is_aead
 #define SSL_get_cipher_by_value         wolfSSL_get_cipher_by_value
 
 #define SSL_get1_session                wolfSSL_get1_session
@@ -366,6 +386,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_get_keys                    wolfSSL_get_keys
 #define SSL_SESSION_get_master_key      wolfSSL_SESSION_get_master_key
 #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
+#define SSL_SESSION_get_max_early_data  wolfSSL_SESSION_get_max_early_data
 
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
     #define SSL_MODE_RELEASE_BUFFERS    0x00000010U
@@ -378,7 +399,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
     #define X509_EXTENSION_get_data     wolfSSL_X509_EXTENSION_get_data
     #define X509_EXTENSION_new          wolfSSL_X509_EXTENSION_new
     #define X509_EXTENSION_free         wolfSSL_X509_EXTENSION_free
-    #define X509_gmtime_adj             wolfSSL_X509_gmtime_adj
 #endif
 
 #define DSA_dup_DH                      wolfSSL_DSA_dup_DH
@@ -397,14 +417,16 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define d2i_X509                        wolfSSL_d2i_X509
 #define PEM_read_bio_X509               wolfSSL_PEM_read_bio_X509
 #define PEM_read_bio_X509_REQ           wolfSSL_PEM_read_bio_X509_REQ
+#define PEM_read_X509_REQ               wolfSSL_PEM_read_X509_REQ
 #define PEM_read_bio_X509_CRL           wolfSSL_PEM_read_bio_X509_CRL
 #define PEM_read_bio_X509_AUX           wolfSSL_PEM_read_bio_X509_AUX
 #define PEM_read_X509                   wolfSSL_PEM_read_X509
-#define PEM_X509_INFO_read_bio          wolfSSL_PEM_X509_INFO_read_bio
 #define PEM_write_bio_X509              wolfSSL_PEM_write_bio_X509
 #define PEM_write_bio_X509_AUX          wolfSSL_PEM_write_bio_X509_AUX
 #define PEM_X509_INFO_read_bio          wolfSSL_PEM_X509_INFO_read_bio
+#define PEM_X509_INFO_read              wolfSSL_PEM_X509_INFO_read
 #define i2d_PrivateKey                  wolfSSL_i2d_PrivateKey
+#define i2d_PublicKey                   wolfSSL_i2d_PublicKey
 
 #define i2d_X509_REQ                    wolfSSL_i2d_X509_REQ
 #define d2i_X509_REQ                    wolfSSL_d2i_X509_REQ
@@ -429,6 +451,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_load_certificate_file      wolfSSL_X509_load_certificate_file
 #define X509_digest                     wolfSSL_X509_digest
 #define X509_pubkey_digest              wolfSSL_X509_pubkey_digest
+#define X509_get_extension_flags        wolfSSL_X509_get_extension_flags
+#define X509_get_key_usage              wolfSSL_X509_get_key_usage
+#define X509_get_extended_key_usage     wolfSSL_X509_get_extended_key_usage
 #define X509_get_ext_count              wolfSSL_X509_get_ext_count
 #define X509_get_ext_d2i                wolfSSL_X509_get_ext_d2i
 #define X509V3_EXT_i2d                  wolfSSL_X509V3_EXT_i2d
@@ -440,7 +465,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_get_issuer_name            wolfSSL_X509_get_issuer_name
 #define X509_issuer_name_hash           wolfSSL_X509_issuer_name_hash
 #define X509_subject_name_hash          wolfSSL_X509_subject_name_hash
-#define X509_get_subject_name           wolfSSL_X509_get_subject_name
+#define X509_get_subject_name(x)        wolfSSL_X509_get_subject_name((WOLFSSL_X509*)(x))
 #define X509_REQ_get_subject_name       wolfSSL_X509_get_subject_name
 #define X509_get_pubkey                 wolfSSL_X509_get_pubkey
 #define X509_get0_pubkey                wolfSSL_X509_get_pubkey
@@ -473,6 +498,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_REQ_print                  wolfSSL_X509_print
 #define X509_print_ex                   wolfSSL_X509_print_ex
 #define X509_print_fp                   wolfSSL_X509_print_fp
+#define X509_CRL_print                  wolfSSL_X509_CRL_print
 #define X509_REQ_print_fp               wolfSSL_X509_print_fp
 #define X509_signature_print            wolfSSL_X509_signature_print
 #define X509_get0_signature             wolfSSL_X509_get0_signature
@@ -494,9 +520,10 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 
 #define X509_EXTENSION_get_object       wolfSSL_X509_EXTENSION_get_object
 #define X509_EXTENSION_get_data         wolfSSL_X509_EXTENSION_get_data
+#define X509_EXTENSION_dup              wolfSSL_X509_EXTENSION_dup
 
 #define sk_X509_new                     wolfSSL_sk_X509_new
-#define sk_X509_new_null                wolfSSL_sk_X509_new
+#define sk_X509_new_null                wolfSSL_sk_X509_new_null
 #define sk_X509_num                     wolfSSL_sk_X509_num
 #define sk_X509_value                   wolfSSL_sk_X509_value
 #define sk_X509_shift                   wolfSSL_sk_X509_shift
@@ -507,8 +534,16 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define sk_X509_free                    wolfSSL_sk_X509_free
 #define X509_chain_up_ref               wolfSSL_X509_chain_up_ref
 
+#define sk_X509_CRL_new                 wolfSSL_sk_X509_CRL_new
+#define sk_X509_CRL_pop_free            wolfSSL_sk_X509_CRL_pop_free
+#define sk_X509_CRL_free                wolfSSL_sk_X509_CRL_free
+#define sk_X509_CRL_push                wolfSSL_sk_X509_CRL_push
+#define sk_X509_CRL_value               wolfSSL_sk_X509_CRL_value
+#define sk_X509_CRL_num                 wolfSSL_sk_X509_CRL_num
+
 #define sk_X509_OBJECT_new              wolfSSL_sk_X509_OBJECT_new
 #define sk_X509_OBJECT_free             wolfSSL_sk_X509_OBJECT_free
+#define sk_X509_OBJECT_pop_free         wolfSSL_sk_X509_OBJECT_pop_free
 
 #define sk_X509_EXTENSION_num           wolfSSL_sk_X509_EXTENSION_num
 #define sk_X509_EXTENSION_value         wolfSSL_sk_X509_EXTENSION_value
@@ -533,6 +568,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_NAME_new                   wolfSSL_X509_NAME_new
 #define X509_NAME_free                  wolfSSL_X509_NAME_free
 #define X509_NAME_dup                   wolfSSL_X509_NAME_dup
+#define X509_NAME_get_sz                wolfSSL_X509_NAME_get_sz
 #define X509_NAME_get_text_by_NID       wolfSSL_X509_NAME_get_text_by_NID
 #define X509_NAME_get_index_by_OBJ      wolfSSL_X509_NAME_get_index_by_OBJ
 #define X509_NAME_cmp                   wolfSSL_X509_NAME_cmp
@@ -554,6 +590,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_cmp_time                   wolfSSL_X509_cmp_time
 #define X509_time_adj                   wolfSSL_X509_time_adj
 #define X509_time_adj_ex                wolfSSL_X509_time_adj_ex
+#define X509_gmtime_adj                 wolfSSL_X509_gmtime_adj
 
 #define sk_ACCESS_DESCRIPTION_num       wolfSSL_sk_ACCESS_DESCRIPTION_num
 #define sk_ACCESS_DESCRIPTION_value     wolfSSL_sk_ACCESS_DESCRIPTION_value
@@ -572,17 +609,25 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define X509_NAME_entry_count           wolfSSL_X509_NAME_entry_count
-#define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
 #define X509_NAME_get_entry             wolfSSL_X509_NAME_get_entry
+#define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
 #define X509_NAME_ENTRY_get_data        wolfSSL_X509_NAME_ENTRY_get_data
 #define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
 
+#define sk_X509_NAME_ENTRY_new          wolfSSL_sk_X509_NAME_ENTRY_new
+#define sk_X509_NAME_ENTRY_push         wolfSSL_sk_X509_NAME_ENTRY_push
+#define sk_X509_NAME_ENTRY_num          wolfSSL_sk_X509_NAME_ENTRY_num
+#define sk_X509_NAME_ENTRY_value        wolfSSL_sk_X509_NAME_ENTRY_value
+#define sk_X509_NAME_ENTRY_free         wolfSSL_sk_X509_NAME_ENTRY_free
+
 #define X509_V_FLAG_CRL_CHECK     WOLFSSL_CRL_CHECK
 #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
 
 #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
 #define X509_V_FLAG_NO_CHECK_TIME  WOLFSSL_NO_CHECK_TIME
+#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT
 #define X509_CHECK_FLAG_NO_WILDCARDS         WOLFSSL_NO_WILDCARDS
+#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS
 
 #define X509_VP_FLAG_DEFAULT        WOLFSSL_VPARAM_DEFAULT
 #define X509_VP_FLAG_OVERWRITE      WOLFSSL_VPARAM_OVERWRITE
@@ -638,8 +683,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_VERIFY_PARAM_get_flags     wolfSSL_X509_VERIFY_PARAM_get_flags
 #define X509_VERIFY_PARAM_clear_flags   wolfSSL_X509_VERIFY_PARAM_clear_flags
 #define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags
+#define SSL_set1_host                   wolfSSL_set1_host
 #define X509_VERIFY_PARAM_set1_host     wolfSSL_X509_VERIFY_PARAM_set1_host
 #define X509_VERIFY_PARAM_set1_ip_asc   wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
+#define X509_VERIFY_PARAM_set1_ip       wolfSSL_X509_VERIFY_PARAM_set1_ip
 #define X509_VERIFY_PARAM_set1          wolfSSL_X509_VERIFY_PARAM_set1
 #define X509_STORE_load_locations       wolfSSL_X509_STORE_load_locations
 
@@ -655,9 +702,14 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define X509_CRL_free                   wolfSSL_X509_CRL_free
 #define X509_CRL_get_lastUpdate         wolfSSL_X509_CRL_get_lastUpdate
+#define X509_CRL_get0_lastUpdate        wolfSSL_X509_CRL_get_lastUpdate
 #define X509_CRL_get_nextUpdate         wolfSSL_X509_CRL_get_nextUpdate
+#define X509_CRL_get0_nextUpdate        wolfSSL_X509_CRL_get_nextUpdate
 #define X509_CRL_verify                 wolfSSL_X509_CRL_verify
 #define X509_CRL_get_REVOKED            wolfSSL_X509_CRL_get_REVOKED
+#define X509_CRL_get_issuer             wolfSSL_X509_CRL_get_issuer_name
+#define X509_CRL_get_signature_nid      wolfSSL_X509_CRL_get_signature_nid
+#define X509_CRL_get_version            wolfSSL_X509_CRL_version
 #define X509_load_crl_file              wolfSSL_X509_load_crl_file
 
 #define X509_get_X509_PUBKEY            wolfSSL_X509_get_X509_PUBKEY
@@ -682,6 +734,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_OBJECT_get0_X509           wolfSSL_X509_OBJECT_get0_X509
 #define X509_OBJECT_get0_X509_CRL       wolfSSL_X509_OBJECT_get0_X509_CRL
 
+#define X509_REVOKED_get0_serialNumber   wolfSSL_X509_REVOKED_get0_serial_number
+#define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date
+
 #define X509_check_purpose(...)         0
 
 #define OCSP_parse_url                  wolfSSL_OCSP_parse_url
@@ -713,11 +768,18 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_f_ssl                       wolfSSL_BIO_f_ssl
 #define BIO_new_socket                  wolfSSL_BIO_new_socket
 #define BIO_new_connect                 wolfSSL_BIO_new_connect
+#define BIO_new_accept                  wolfSSL_BIO_new_accept
 #define BIO_set_conn_port               wolfSSL_BIO_set_conn_port
 #define BIO_do_connect                  wolfSSL_BIO_do_connect
+#define BIO_do_accept                   wolfSSL_BIO_do_accept
 #define BIO_do_handshake                wolfSSL_BIO_do_handshake
+#define BIO_ssl_shutdown                wolfSSL_BIO_ssl_shutdown
 #define SSL_set_bio                     wolfSSL_set_bio
+#define BIO_method_type                 wolfSSL_BIO_method_type
 #define BIO_set_ssl                     wolfSSL_BIO_set_ssl
+#define BIO_get_ssl                     wolfSSL_BIO_get_ssl
+#define BIO_new_ssl_connect             wolfSSL_BIO_new_ssl_connect
+#define BIO_set_conn_hostname           wolfSSL_BIO_set_conn_hostname
 #define BIO_eof                         wolfSSL_BIO_eof
 #define BIO_set_ss                      wolfSSL_BIO_set_ss
 
@@ -768,6 +830,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 #define ASN1_TIME_set_string            wolfSSL_ASN1_TIME_set_string
 #define ASN1_TIME_to_string             wolfSSL_ASN1_TIME_to_string
+#define ASN1_TIME_to_tm                 wolfSSL_ASN1_TIME_to_tm
 #define ASN1_GENERALIZEDTIME_print      wolfSSL_ASN1_GENERALIZEDTIME_print
 #define ASN1_GENERALIZEDTIME_free       wolfSSL_ASN1_GENERALIZEDTIME_free
 
@@ -782,13 +845,17 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_INTEGER_get                wolfSSL_ASN1_INTEGER_get
 #define ASN1_INTEGER_set                wolfSSL_ASN1_INTEGER_set
 #define ASN1_INTEGER_to_BN              wolfSSL_ASN1_INTEGER_to_BN
+#define d2i_ASN1_INTEGER                wolfSSL_d2i_ASN1_INTEGER
+#define i2d_ASN1_INTEGER                wolfSSL_i2d_ASN1_INTEGER
 
 #define i2a_ASN1_OBJECT                 wolfSSL_i2a_ASN1_OBJECT
 #define i2d_ASN1_OBJECT                 wolfSSL_i2d_ASN1_OBJECT
 
 #define ASN1_STRING_new                 wolfSSL_ASN1_STRING_new
+#define ASN1_OCTET_STRING_new           wolfSSL_ASN1_STRING_new
 #define ASN1_STRING_free                wolfSSL_ASN1_STRING_free
 #define ASN1_STRING_cmp                 wolfSSL_ASN1_STRING_cmp
+#define ASN1_OCTET_STRING_cmp           wolfSSL_ASN1_STRING_cmp
 #define ASN1_STRING_data                wolfSSL_ASN1_STRING_data
 #define ASN1_STRING_get0_data           wolfSSL_ASN1_STRING_get0_data
 #define ASN1_STRING_length              wolfSSL_ASN1_STRING_length
@@ -801,7 +868,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_STRING_set_default_mask_asc(...) 1
 #endif
 
+#define ASN1_OCTET_STRING               WOLFSSL_ASN1_STRING
+#define ASN1_OCTET_STRING_new           wolfSSL_ASN1_STRING_new
 #define ASN1_OCTET_STRING_free          wolfSSL_ASN1_STRING_free
+#define ASN1_OCTET_STRING_set           wolfSSL_ASN1_STRING_set
 
 #define ASN1_PRINTABLE_type(...)        V_ASN1_PRINTABLESTRING
 
@@ -809,7 +879,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define ASN1_IA5STRING                  WOLFSSL_ASN1_STRING
 
-#define ASN1_OCTET_STRING               WOLFSSL_ASN1_STRING
 #define ASN1_BOOLEAN                    WOLFSSL_ASN1_BOOLEAN
 
 #define SSL_load_client_CA_file         wolfSSL_load_client_CA_file
@@ -818,8 +887,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_client_CA_list      wolfSSL_CTX_set_client_CA_list
 #define SSL_CTX_set_client_cert_cb      wolfSSL_CTX_set_client_cert_cb
 #define SSL_CTX_set_cert_store          wolfSSL_CTX_set_cert_store
+#define SSL_set0_verify_cert_store      wolfSSL_set0_verify_cert_store
+#define SSL_set1_verify_cert_store      wolfSSL_set1_verify_cert_store
 #define SSL_CTX_get_cert_store(x)       wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
 #define SSL_get_client_CA_list          wolfSSL_get_client_CA_list
+#define SSL_set_client_CA_list          wolfSSL_set_client_CA_list
 #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
 #define SSL_get_ex_data                 wolfSSL_get_ex_data
 
@@ -827,7 +899,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_default_passwd_cb   wolfSSL_CTX_set_default_passwd_cb
 
 #define SSL_CTX_set_timeout(ctx, to)    \
-                                 wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
+                                 wolfSSL_CTX_set_timeout(ctx, (unsigned int)(to))
 #define SSL_CTX_set_info_callback       wolfSSL_CTX_set_info_callback
 #define SSL_CTX_set_alpn_protos         wolfSSL_CTX_set_alpn_protos
 
@@ -843,6 +915,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define RSA_generate_key                wolfSSL_RSA_generate_key
 #define SSL_CTX_set_tmp_rsa_callback    wolfSSL_CTX_set_tmp_rsa_callback
 #define RSA_print                       wolfSSL_RSA_print
+#define RSA_print_fp                    wolfSSL_RSA_print_fp
 #define RSA_bits                        wolfSSL_RSA_bits
 #define RSA_up_ref                      wolfSSL_RSA_up_ref
 #define RSA_padding_add_PKCS1_PSS       wolfSSL_RSA_padding_add_PKCS1_PSS
@@ -948,11 +1021,16 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_check_private_key           wolfSSL_check_private_key
 
 #define SSL_CTX_set_mode                wolfSSL_CTX_set_mode
+#define SSL_CTX_clear_mode              wolfSSL_CTX_clear_mode
 #define SSL_CTX_get_mode                wolfSSL_CTX_get_mode
 #define SSL_CTX_set_default_read_ahead  wolfSSL_CTX_set_default_read_ahead
 
 #define SSL_CTX_sess_set_cache_size     wolfSSL_CTX_sess_set_cache_size
 #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
+#define X509_get_default_cert_file_env  wolfSSL_X509_get_default_cert_file_env
+#define X509_get_default_cert_file      wolfSSL_X509_get_default_cert_file
+#define X509_get_default_cert_dir_env   wolfSSL_X509_get_default_cert_dir_env
+#define X509_get_default_cert_dir       wolfSSL_X509_get_default_cert_dir
 
 #define SSL_CTX_set_session_id_context  wolfSSL_CTX_set_session_id_context
 #define SSL_get_peer_certificate        wolfSSL_get_peer_certificate
@@ -988,6 +1066,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define i2d_SSL_SESSION                 wolfSSL_i2d_SSL_SESSION
 #define d2i_SSL_SESSION                 wolfSSL_d2i_SSL_SESSION
+#define SSL_SESSION_has_ticket          wolfSSL_SESSION_has_ticket
+#define SSL_SESSION_get_ticket_lifetime_hint \
+                                        wolfSSL_SESSION_get_ticket_lifetime_hint
 #define SSL_SESSION_set_timeout         wolfSSL_SSL_SESSION_set_timeout
 #define SSL_SESSION_get_timeout         wolfSSL_SESSION_get_timeout
 #define SSL_SESSION_get_time            wolfSSL_SESSION_get_time
@@ -1019,12 +1100,24 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define DTLSv1_handle_timeout               wolfSSL_DTLSv1_handle_timeout
 #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration
 
+/* DTLS SRTP */
+#ifdef WOLFSSL_SRTP
+typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
+#endif
+#define SSL_CTX_set_tlsext_use_srtp          wolfSSL_CTX_set_tlsext_use_srtp
+#define SSL_set_tlsext_use_srtp              wolfSSL_set_tlsext_use_srtp
+#define SSL_get_selected_srtp_profile        wolfSSL_get_selected_srtp_profile
+#define SSL_get_srtp_profiles                wolfSSL_get_srtp_profiles
+
 #ifndef NO_WOLFSSL_STUB
-#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)ssl; (void)cb; })
+#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)(ssl); (void)(cb); })
 #endif
 
 #define SSL_CTX_use_certificate         wolfSSL_CTX_use_certificate
+#define SSL_CTX_add0_chain_cert         wolfSSL_CTX_add0_chain_cert
 #define SSL_CTX_add1_chain_cert         wolfSSL_CTX_add1_chain_cert
+#define SSL_add0_chain_cert             wolfSSL_add0_chain_cert
+#define SSL_add1_chain_cert             wolfSSL_add1_chain_cert
 #define SSL_CTX_use_PrivateKey          wolfSSL_CTX_use_PrivateKey
 #define BIO_read_filename               wolfSSL_BIO_read_filename
 #define SSL_CTX_set_verify_depth        wolfSSL_CTX_set_verify_depth
@@ -1039,6 +1132,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define DHparams_dup                    wolfSSL_DH_dup
 #define PEM_read_bio_DHparams           wolfSSL_PEM_read_bio_DHparams
+#define PEM_read_DHparams               wolfSSL_PEM_read_DHparams
 #define PEM_read_bio_DSAparams          wolfSSL_PEM_read_bio_DSAparams
 
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
@@ -1062,7 +1156,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #include <libs/libwolfssl/openssl/pem.h>
 
 #define SSL_CTRL_CHAIN       88
-#define ERR_LIB_SSL          20
 #define SSL_R_SHORT_READ     10
 #define ERR_R_PEM_LIB        9
 #define SSL_CTRL_MODE        33
@@ -1090,6 +1183,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define TLSEXT_STATUSTYPE_ocsp  1
 
+#define TLSEXT_max_fragment_length_512   WOLFSSL_MFL_2_9
+#define TLSEXT_max_fragment_length_1024  WOLFSSL_MFL_2_10
+#define TLSEXT_max_fragment_length_2048  WOLFSSL_MFL_2_11
+#define TLSEXT_max_fragment_length_4096  WOLFSSL_MFL_2_12
+
 #define SSL_set_options                 wolfSSL_set_options
 #define SSL_get_options                 wolfSSL_get_options
 #define SSL_clear_options               wolfSSL_clear_options
@@ -1102,6 +1200,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_renegotiate_pending         wolfSSL_SSL_renegotiate_pending
 #define SSL_set_tlsext_debug_arg        wolfSSL_set_tlsext_debug_arg
 #define SSL_set_tlsext_status_type      wolfSSL_set_tlsext_status_type
+#define SSL_get_tlsext_status_type      wolfSSL_get_tlsext_status_type
 #define SSL_set_tlsext_status_exts      wolfSSL_set_tlsext_status_exts
 #define SSL_get_tlsext_status_ids       wolfSSL_get_tlsext_status_ids
 #define SSL_set_tlsext_status_ids       wolfSSL_set_tlsext_status_ids
@@ -1109,13 +1208,18 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_set_tlsext_status_ocsp_res  wolfSSL_set_tlsext_status_ocsp_resp
 #define SSL_set_tlsext_status_ocsp_resp  wolfSSL_set_tlsext_status_ocsp_resp
 #define SSL_get_tlsext_status_ocsp_resp  wolfSSL_get_tlsext_status_ocsp_resp
+#define SSL_set_tlsext_max_fragment_length wolfSSL_set_tlsext_max_fragment_length
 
 #define SSL_CTX_add_extra_chain_cert    wolfSSL_CTX_add_extra_chain_cert
+#define SSL_get_read_ahead              wolfSSL_get_read_ahead
+#define SSL_set_read_ahead              wolfSSL_set_read_ahead
 #define SSL_CTX_get_read_ahead          wolfSSL_CTX_get_read_ahead
 #define SSL_CTX_set_read_ahead          wolfSSL_CTX_set_read_ahead
 #define SSL_CTX_set_tlsext_status_arg   wolfSSL_CTX_set_tlsext_status_arg
 #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \
                             wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg
+#define SSL_CTX_set_tlsext_max_fragment_length \
+                            wolfSSL_CTX_set_tlsext_max_fragment_length
 #define SSL_get_server_random           wolfSSL_get_server_random
 #define SSL_get_server_tmp_key          wolfSSL_get_server_tmp_key
 
@@ -1124,6 +1228,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_set_min_proto_version       wolfSSL_set_min_proto_version
 #define SSL_set_max_proto_version       wolfSSL_set_max_proto_version
 #define SSL_CTX_get_min_proto_version   wolfSSL_CTX_get_min_proto_version
+#define SSL_CTX_get_max_proto_version   wolfSSL_CTX_get_max_proto_version
 
 #define SSL_get_tlsext_status_exts      wolfSSL_get_tlsext_status_exts
 
@@ -1131,6 +1236,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_tlsext_ticket_keys  wolfSSL_CTX_set_tlsext_ticket_keys
 #define SSL_CTX_get_tlsext_status_cb    wolfSSL_CTX_get_tlsext_status_cb
 #define SSL_CTX_set_tlsext_status_cb    wolfSSL_CTX_set_tlsext_status_cb
+#define SSL_CTX_set_num_tickets         wolfSSL_CTX_set_num_tickets
+#define SSL_CTX_get_num_tickets         wolfSSL_CTX_get_num_tickets
 
 #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS         11
 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS         12
@@ -1139,6 +1246,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTRL_SET_SESS_CACHE_MODE              44
 #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG             57
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE       65
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE       651
 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS       66
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS       67
 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS        68
@@ -1150,6 +1258,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTRL_GET_SERVER_TMP_KEY               SSL_CTRL_GET_PEER_TMP_KEY
 #define SSL_CTRL_SET_MIN_PROTO_VERSION            123
 #define SSL_CTRL_SET_MAX_PROTO_VERSION            124
+#define SSL_CTRL_GET_MIN_PROTO_VERSION            125
+#define SSL_CTRL_GET_MAX_PROTO_VERSION            126
 #define SSL_CTRL_SET_CURVES                       SSL_CTRL_SET_GROUPS
 
 #define SSL_CTRL_EXTRA_CHAIN_CERT               14
@@ -1171,35 +1281,33 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define SSL3_RANDOM_SIZE                32 /* same as RAN_LEN in internal.h */
 
-#define SSL2_VERSION                     0x0002
+/* Used as message callback types */
-#define SSL3_VERSION                     0x0300
+#define SSL3_RT_CHANGE_CIPHER_SPEC       20
-#define TLS1_VERSION                     0x0301
+#define SSL3_RT_ALERT                    21
-#define TLS1_1_VERSION                   0x0302
+#define SSL3_RT_HANDSHAKE                22
-#define TLS1_2_VERSION                   0x0303
+#define SSL3_RT_APPLICATION_DATA         23
-#define TLS1_3_VERSION                   0x0304
-#define DTLS1_VERSION                    0xFEFF
-#define DTLS1_2_VERSION                  0xFEFD
 
 #define OPENSSL_INIT_LOAD_SSL_STRINGS    0x00200000L
 #define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L
 
-#define CRYPTO_EX_INDEX_SSL              0
 #define TLS_ANY_VERSION                  0x10000
 #define DTLS1_2_VERSION                  0xFEFD
 #define DTLS_MAX_VERSION                 DTLS1_2_VERSION
 
 /* apache and lighty use SSL_CONF_FLAG_FILE to enable conf support */
-#if !defined(WOLFSSL_APACHE_HTTPD) && !defined(HAVE_LIGHTY)
 #define SSL_CONF_FLAG_CMDLINE            WOLFSSL_CONF_FLAG_CMDLINE
 #define SSL_CONF_FLAG_FILE               WOLFSSL_CONF_FLAG_FILE
 #define SSL_CONF_FLAG_CERTIFICATE        WOLFSSL_CONF_FLAG_CERTIFICATE
+#define SSL_CONF_FLAG_SERVER             WOLFSSL_CONF_FLAG_SERVER
+#define SSL_CONF_FLAG_CLIENT             WOLFSSL_CONF_FLAG_CLIENT
+#define SSL_CONF_FLAG_SHOW_ERRORS        WOLFSSL_CONF_FLAG_SHOW_ERRORS
+#define SSL_CONF_TYPE_UNKNOWN            WOLFSSL_CONF_TYPE_UNKNOWN
 #define SSL_CONF_TYPE_STRING             WOLFSSL_CONF_TYPE_STRING
 #define SSL_CONF_TYPE_FILE               WOLFSSL_CONF_TYPE_FILE
-#endif
+#define SSL_CONF_TYPE_DIR                WOLFSSL_CONF_TYPE_DIR
 
-#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \
+#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-                                                         || defined(OPENSSL_ALL)
+    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
-#include <libs/libwolfssl/openssl/asn1.h>
 
 #define SSL23_ST_SR_CLNT_HELLO_A        (0x210|0x2000)
 #define SSL3_ST_SR_CLNT_HELLO_A         (0x110|0x2000)
@@ -1209,6 +1317,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_AD_UNRECOGNIZED_NAME         unrecognized_name
 #define SSL_AD_NO_RENEGOTIATION          no_renegotiation
 #define SSL_AD_INTERNAL_ERROR            80
+#define SSL_AD_NO_APPLICATION_PROTOCOL   no_application_protocol
+#define SSL_AD_MISSING_EXTENSION         missing_extension
 
 #define ASN1_STRFLGS_ESC_MSB             4
 
@@ -1228,8 +1338,21 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define GENERAL_NAME_new                wolfSSL_GENERAL_NAME_new
 #define GENERAL_NAME_free               wolfSSL_GENERAL_NAME_free
+#define GENERAL_NAME_dup                wolfSSL_GENERAL_NAME_dup
+#define GENERAL_NAME_print              wolfSSL_GENERAL_NAME_print
 #define sk_GENERAL_NAME_push            wolfSSL_sk_GENERAL_NAME_push
 #define sk_GENERAL_NAME_value           wolfSSL_sk_GENERAL_NAME_value
+
+#define DIST_POINT_new                  wolfSSL_DIST_POINT_new
+#define DIST_POINT_free                 wolfSSL_DIST_POINT_free
+#define DIST_POINTS_free                wolfSSL_DIST_POINTS_free
+#define CRL_DIST_POINTS_free(cdp)       wolfSSL_sk_DIST_POINT_pop_free((cdp), NULL)
+#define sk_DIST_POINT_push              wolfSSL_sk_DIST_POINT_push
+#define sk_DIST_POINT_value             wolfSSL_sk_DIST_POINT_value
+#define sk_DIST_POINT_num               wolfSSL_sk_DIST_POINT_num
+#define sk_DIST_POINT_pop_free          wolfSSL_sk_DIST_POINT_pop_free
+#define sk_DIST_POINT_free              wolfSSL_sk_DIST_POINT_free
+
 #define SSL_SESSION_get_ex_data         wolfSSL_SESSION_get_ex_data
 #define SSL_SESSION_set_ex_data         wolfSSL_SESSION_set_ex_data
 #define SSL_SESSION_get_ex_new_index    wolfSSL_SESSION_get_ex_new_index
@@ -1242,10 +1365,35 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define GENERAL_NAMES_free              wolfSSL_GENERAL_NAMES_free
 
 #define AUTHORITY_INFO_ACCESS_free      wolfSSL_AUTHORITY_INFO_ACCESS_free
+#define AUTHORITY_INFO_ACCESS_pop_free  wolfSSL_AUTHORITY_INFO_ACCESS_pop_free
 #define sk_ACCESS_DESCRIPTION_pop_free  wolfSSL_sk_ACCESS_DESCRIPTION_pop_free
 #define sk_ACCESS_DESCRIPTION_free      wolfSSL_sk_ACCESS_DESCRIPTION_free
 #define ACCESS_DESCRIPTION_free         wolfSSL_ACCESS_DESCRIPTION_free
 
+/* Alert types, matched to AlertDescription enum in wolfssl/ssl.h */
+#define SSL_AD_CLOSE_NOTIFY             close_notify
+#define SSL_AD_UNEXPECTED_MESSAGE       unexpected_message
+#define SSL_AD_BAD_RECORD_MAC           bad_record_mac
+#define SSL_AD_RECORD_OVERFLOW          record_overflow
+#define SSL_AD_DECOMPRESSION_FAILURE    decompression_failure
+#define SSL_AD_HANDSHAKE_FAILURE        handshake_failure
+#define SSL_AD_UNSUPPORTED_CERTIFICATE  unsupported_certificate
+#define SSL_AD_CERTIFICATE_REVOKED      certificate_revoked
+#define SSL_AD_CERTIFICATE_EXPIRED      certificate_expired
+#define SSL_AD_CERTIFICATE_UNKNOWN      certificate_unknown
+#define SSL_AD_ILLEGAL_PARAMETER        illegal_parameter
+#define SSL_AD_UNKNOWN_CA               unknown_ca
+#define SSL_AD_ACCESS_DENIED            access_denied
+#define SSL_AD_DECODE_ERROR             decode_error
+#define SSL_AD_DECRYPT_ERROR            decrypt_error
+#ifdef WOLFSSL_MYSQL_COMPATIBLE
+    #define SSL_AD_PROTOCOL_VERSION     wc_protocol_version
+#else
+    #define SSL_AD_PROTOCOL_VERSION     protocol_version
+#endif
+#define SSL_AD_INSUFFICIENT_SECURITY    insufficient_security
+#define SSL_AD_USER_CANCELLED           user_canceled
+
 #define SSL3_AL_FATAL                   2
 #define SSL_TLSEXT_ERR_OK               0
 #define SSL_TLSEXT_ERR_ALERT_WARNING    warning_return
@@ -1266,6 +1414,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define SSL_CTX_add_server_custom_ext(...) 0
 
+#define SSL_get0_verified_chain         wolfSSL_get0_verified_chain
+#define X509_chain_up_ref               wolfSSL_X509_chain_up_ref
+
 #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
 
 #ifndef NO_WOLFSSL_STUB
@@ -1283,12 +1434,13 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define SSL_CTX_clear_extra_chain_certs wolfSSL_CTX_clear_extra_chain_certs
 
+#define SSL_certs_clear                 wolfSSL_certs_clear
 
 /* Nginx uses this to determine if reached end of certs in file.
  * PEM_read_bio_X509 is called and the return error is lost.
  * The error that needs to be detected is: SSL_NO_PEM_HEADER.
  */
-#define ERR_GET_FUNC(l) (int)((((unsigned long)l) >> 12L) & 0xfffL)
+#define ERR_GET_FUNC(l) (int)((((unsigned long)(l)) >> 12L) & 0xfffL)
 
 #define PEM_F_PEM_DEF_CALLBACK  100
 
@@ -1297,15 +1449,24 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2)
 #define PEM_R_BAD_PASSWORD_READ         (-MIN_CODE_E + 3)
 #define PEM_R_BAD_DECRYPT               (-MIN_CODE_E + 4)
+#define ASN1_R_HEADER_TOO_LONG          (-MIN_CODE_E + 5)
 
+#define ERR_LIB_RSA             4
+#define ERR_LIB_EC              16
+#define ERR_LIB_SSL             20
+#define ERR_LIB_PKCS12          35
 #define ERR_LIB_PEM             9
 #define ERR_LIB_X509            10
 #define ERR_LIB_EVP             11
 #define ERR_LIB_ASN1            12
+#define ERR_LIB_DIGEST          13
+#define ERR_LIB_CIPHER          14
+#define ERR_LIB_USER            15
 
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
+    defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_WPAS_SMALL)
 
 #include <libs/libwolfssl/error-ssl.h>
 
@@ -1339,13 +1500,20 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_R_HTTP_REQUEST                         PARSE_ERROR
 #define SSL_R_UNSUPPORTED_PROTOCOL                 VERSION_ERROR
 #define SSL_R_CERTIFICATE_VERIFY_FAILED            VERIFY_CERT_ERROR
+#define SSL_R_CERT_CB_ERROR                        CLIENT_CERT_CB_ERROR
+#define SSL_R_NULL_SSL_METHOD_PASSED               BAD_FUNC_ARG
 
 
 #ifdef HAVE_SESSION_TICKET
-#define SSL_OP_NO_TICKET                  SSL_OP_NO_TICKET
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
 #endif
 
+/* Some openssl consumers try to detect these options with ifdef, defining
+ * here since we use an enum internally instead */
+#define SSL_OP_SINGLE_DH_USE            WOLFSSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_ECDH_USE          WOLFSSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_CIPHER_SERVER_PREFERENCE WOLFSSL_OP_CIPHER_SERVER_PREFERENCE
+
 #define OPENSSL_config                  wolfSSL_OPENSSL_config
 #define OPENSSL_memdup                  wolfSSL_OPENSSL_memdup
 #define OPENSSL_cleanse                 wolfSSL_OPENSSL_cleanse
@@ -1361,6 +1529,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
 #define SSL_CTX_set_tlsext_status_cb    wolfSSL_CTX_set_tlsext_status_cb
 #define SSL_CTX_get_extra_chain_certs   wolfSSL_CTX_get_extra_chain_certs
+#define SSL_CTX_get0_chain_certs        wolfSSL_CTX_get0_chain_certs
+#define SSL_get0_chain_certs            wolfSSL_get0_chain_certs
 #define sk_OPENSSL_STRING_num           wolfSSL_sk_WOLFSSL_STRING_num
 #define sk_OPENSSL_STRING_value         wolfSSL_sk_WOLFSSL_STRING_value
 #define sk_OPENSSL_PSTRING_num          wolfSSL_sk_WOLFSSL_STRING_num
@@ -1400,12 +1570,25 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define NID_pkcs9_emailAddress          48
 #define OBJ_pkcs9_emailAddress          1L,2L,840L,113539L,1L,9L,1L
 
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define LN_key_usage                    "X509v3 Key Usage"
+#define LN_subject_key_identifier       "X509v3 Subject Key Identifier"
+#define LN_ext_key_usage                "X509v3 Extended Key Usage"
+
 #define SSL_get_rbio                    wolfSSL_SSL_get_rbio
 #define SSL_get_wbio                    wolfSSL_SSL_get_wbio
 #define SSL_do_handshake                wolfSSL_SSL_do_handshake
 
 #if defined(WOLFSSL_EARLY_DATA)
+#define SSL_EARLY_DATA_NOT_SENT         WOLFSSL_EARLY_DATA_NOT_SENT
+#define SSL_EARLY_DATA_REJECTED         WOLFSSL_EARLY_DATA_REJECTED
+#define SSL_EARLY_DATA_ACCEPTED         WOLFSSL_EARLY_DATA_ACCEPTED
+
 #define SSL_get_early_data_status       wolfSSL_get_early_data_status
+#define SSL_set_max_early_data          wolfSSL_set_max_early_data
+#define SSL_get_max_early_data          wolfSSL_get_max_early_data
+#define SSL_CTX_set_max_early_data      wolfSSL_CTX_set_max_early_data
+#define SSL_CTX_get_max_early_data      wolfSSL_CTX_get_max_early_data
 #endif
 
 #endif  /* OPENSSL_EXTRA */
@@ -1420,6 +1603,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       (0xc02b)
 #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
 
+#define X509_LU_NONE                    WOLFSSL_X509_LU_NONE
+#define X509_LU_X509                    WOLFSSL_X509_LU_X509
+#define X509_LU_CRL                     WOLFSSL_X509_LU_CRL
+
 #define X509_STORE_get0_objects         wolfSSL_X509_STORE_get0_objects
 #define sk_X509_OBJECT_num              wolfSSL_sk_X509_OBJECT_num
 #define sk_X509_OBJECT_value            wolfSSL_sk_X509_OBJECT_value
@@ -1435,8 +1622,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #ifndef NO_WOLFSSL_STUB
 #define OBJ_create_objects(...)
+#define sk_SSL_COMP_free(...)
 #endif
 
+#define OBJ_dup                         wolfSSL_ASN1_OBJECT_dup
+
 #define SSL_set_psk_use_session_callback    wolfSSL_set_psk_use_session_callback
 #define SSL_SESSION_is_resumable    wolfSSL_SESSION_is_resumable
 typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
@@ -1447,9 +1637,74 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
 #define SSL_CONF_CTX_set_flags          wolfSSL_CONF_CTX_set_flags
 #define SSL_CONF_CTX_finish             wolfSSL_CONF_CTX_finish
 #define SSL_CONF_cmd                    wolfSSL_CONF_cmd
+#define SSL_CONF_cmd_value_type         wolfSSL_CONF_cmd_value_type
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+
+#ifdef WOLFSSL_QUIC
+
+#include <libs/libwolfssl/quic.h>
+
+/* Used by Chromium/QUIC - according to quictls/openssl fork */
+#define X25519_PRIVATE_KEY_LEN          32
+#define X25519_PUBLIC_VALUE_LEN         32
+
+/* TLSv1.3 cipher ids as defined in RFC 8446, returned by
+ * SSL_CIPHER_get_id(cipher)
+ * used by QUIC implementations, such as HAProxy
+ */
+#define TLS1_3_CK_AES_128_GCM_SHA256       0x1301
+#define TLS1_3_CK_AES_256_GCM_SHA384       0x1302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303
+#define TLS1_3_CK_AES_128_CCM_SHA256       0x1304
+#define TLS1_3_CK_AES_128_CCM_8_SHA256     0x1305
+
+#define SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION   QUIC_TP_MISSING_E
+#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED               QUIC_WRONG_ENC_LEVEL
+
+#define ssl_quic_method_st              wolfssl_quic_method_t
+typedef WOLFSSL_QUIC_METHOD             SSL_QUIC_METHOD;
+
+#define ssl_encryption_level_t          wolfssl_encryption_level_t
+typedef WOLFSSL_ENCRYPTION_LEVEL        OSSL_ENCRYPTION_LEVEL;
+#define ssl_encryption_initial          wolfssl_encryption_initial
+#define ssl_encryption_early_data       wolfssl_encryption_early_data
+#define ssl_encryption_handshake        wolfssl_encryption_handshake
+#define ssl_encryption_application      wolfssl_encryption_application
+
+#define SSL_CTX_set_quic_method         wolfSSL_CTX_set_quic_method
+#define SSL_set_quic_method             wolfSSL_set_quic_method
+
+#define SSL_set_quic_transport_params   wolfSSL_set_quic_transport_params
+#define SSL_get_peer_quic_transport_params  wolfSSL_get_peer_quic_transport_params
+
+#define SSL_quic_max_handshake_flight_len   wolfSSL_quic_max_handshake_flight_len
+#define SSL_quic_read_level             wolfSSL_quic_read_level
+#define SSL_quic_write_level            wolfSSL_quic_write_level
+#define SSL_provide_quic_data           wolfSSL_provide_quic_data
+#define SSL_process_quic_post_handshake     wolfSSL_process_quic_post_handshake
+
+#define SSL_is_quic                     wolfSSL_is_quic
+
+#define SSL_set_quic_transport_version      wolfSSL_set_quic_transport_version
+#define SSL_get_quic_transport_version      wolfSSL_get_quic_transport_version
+#define SSL_get_peer_quic_transport_version wolfSSL_get_peer_quic_transport_version
+
+#define SSL_set_quic_early_data_enabled     wolfSSL_set_quic_early_data_enabled
+
+/* BoringSSL API - according to quictls/openssl fork */
+#define SSL_set_quic_use_legacy_codepoint   wolfSSL_set_quic_use_legacy_codepoint
+
+/* TODO: we do not have this in our QUIC api and HAProxy does not use it
+int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c);
+*/
+
+#endif /* WOLFSSL_QUIC */
+
 
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
 
-#endif /* wolfSSL_openssl_h__ */
+#endif /* !WOLFSSL_OPENSSL_H_ */

source/libs/libwolfssl/openssl/stack.h

@@ -1,6 +1,6 @@
 /* stack.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,8 +30,8 @@
 
 typedef void (*wolfSSL_sk_freefunc)(void *);
 
-WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
+WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc f);
-WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *);
+WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *sk);
 WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data);
 WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *));
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void);

source/libs/libwolfssl/openssl/tls1.h

@@ -1,6 +1,6 @@
 /* tls1.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -43,4 +43,10 @@
 #define TLS_MAX_VERSION                 TLS1_3_VERSION
 #endif
 
+#ifdef WOLFSSL_QUIC
+/* from rfc9001 */
+#define TLSEXT_TYPE_quic_transport_parameters_draft   0xffa5
+#define TLSEXT_TYPE_quic_transport_parameters         0x0039
+#endif
+
 #endif /* WOLFSSL_OPENSSL_TLS1_H_ */

source/libs/libwolfssl/openssl/x509.h

@@ -1,5 +1,29 @@
+/* x509.h
+ *
+ * Copyright (C) 2006-2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
 /* x509.h for openssl */
 
+#ifndef WOLFSSL_OPENSSL_509_H_
+#define WOLFSSL_OPENSSL_509_H_
+
 #include <libs/libwolfssl/openssl/ssl.h>
 #include <libs/libwolfssl/openssl/crypto.h>
 #include <libs/libwolfssl/openssl/dh.h>
@@ -7,6 +31,8 @@
 #include <libs/libwolfssl/openssl/ecdsa.h>
 #include <libs/libwolfssl/openssl/pkcs7.h>
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 /* wolfSSL_X509_print_ex flags */
 #define X509_FLAG_COMPAT        (0UL)
 #define X509_FLAG_NO_HEADER     (1UL << 0)
@@ -42,3 +68,11 @@
 #define XN_FLAG_FN_ALIGN        (1 << 25)
 
 #define XN_FLAG_MULTILINE       0xFFFF
+
+#define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical
+#define X509_EXTENSION_set_object   wolfSSL_X509_EXTENSION_set_object
+#define X509_EXTENSION_set_data     wolfSSL_X509_EXTENSION_set_data
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#endif /* WOLFSSL_OPENSSL_509_H_ */

source/libs/libwolfssl/openssl/x509_vfy.h

@@ -1,6 +1,6 @@
 /* x509_vfy.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,11 +32,12 @@
 
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
     WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose);
+    WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
+        unsigned long flags);
 #endif
 
-#ifdef WOLFSSL_QT
 #define X509_STORE_CTX_set_purpose  wolfSSL_X509_STORE_CTX_set_purpose
-#endif
+#define X509_STORE_CTX_set_flags    wolfSSL_X509_STORE_CTX_set_flags
 
 #ifdef  __cplusplus
 } /* extern "C" */

source/libs/libwolfssl/openssl/x509v3.h

@@ -1,6 +1,6 @@
 /* x509v3.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,15 +31,42 @@
     extern "C" {
 #endif
 
+#define EXFLAG_KUSAGE  0x2
+#define EXFLAG_XKUSAGE 0x4
+
+#define KU_DIGITAL_SIGNATURE    KEYUSE_DIGITAL_SIG
+#define KU_NON_REPUDIATION      KEYUSE_CONTENT_COMMIT
+#define KU_KEY_ENCIPHERMENT     KEYUSE_KEY_ENCIPHER
+#define KU_DATA_ENCIPHERMENT    KEYUSE_DATA_ENCIPHER
+#define KU_KEY_AGREEMENT        KEYUSE_KEY_AGREE
+#define KU_KEY_CERT_SIGN        KEYUSE_KEY_CERT_SIGN
+#define KU_CRL_SIGN             KEYUSE_CRL_SIGN
+#define KU_ENCIPHER_ONLY        KEYUSE_ENCIPHER_ONLY
+#define KU_DECIPHER_ONLY        KEYUSE_DECIPHER_ONLY
+
+#define XKU_SSL_SERVER 0x1
+#define XKU_SSL_CLIENT 0x2
+#define XKU_SMIME      0x4
+#define XKU_CODE_SIGN  0x8
+#define XKU_SGC        0x10
+#define XKU_OCSP_SIGN  0x20
+#define XKU_TIMESTAMP  0x40
+#define XKU_DVCS       0x80
+#define XKU_ANYEKU     0x100
+
 #define X509_PURPOSE_SSL_CLIENT       0
 #define X509_PURPOSE_SSL_SERVER       1
 
-#define NS_SSL_CLIENT                 0
+#define NS_SSL_CLIENT                 WC_NS_SSL_CLIENT
-#define NS_SSL_SERVER                 1
+#define NS_SSL_SERVER                 WC_NS_SSL_SERVER
 
 /* Forward reference */
 
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x0090801fL
 typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+#else
+typedef void *(*X509V3_EXT_D2I)(void *, unsigned char **, long);
+#endif
 typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
 typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
                                 struct WOLFSSL_v3_ext_method *method,
@@ -94,8 +121,13 @@ WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
 WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
 WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void);
 WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
                                                     WOLFSSL_X509_EXTENSION* ex);
+#else
+WOLFSSL_API WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
+                                                    WOLFSSL_X509_EXTENSION* ex);
+#endif
 WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex);
 WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
                                           const WOLFSSL_ASN1_STRING *s);
@@ -103,6 +135,7 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
         WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
 WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
         const char *section, WOLFSSL_X509 *cert);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 
 #define BASIC_CONSTRAINTS_free    wolfSSL_BASIC_CONSTRAINTS_free
 #define AUTHORITY_KEYID_free      wolfSSL_AUTHORITY_KEYID_free
@@ -116,11 +149,13 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_
 #define X509V3_parse_list(...)    NULL
 #endif
 #define i2s_ASN1_OCTET_STRING     wolfSSL_i2s_ASN1_STRING
+#define a2i_IPADDRESS             wolfSSL_a2i_IPADDRESS
 #define X509V3_EXT_print          wolfSSL_X509V3_EXT_print
 #define X509V3_EXT_conf_nid       wolfSSL_X509V3_EXT_conf_nid
 #define X509V3_set_ctx            wolfSSL_X509V3_set_ctx
 #ifndef NO_WOLFSSL_STUB
 #define X509V3_set_nconf(...)
+#define X509V3_EXT_cleanup(...)
 #endif
 #define X509V3_set_ctx_test(ctx)  wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
 #define X509V3_set_ctx_nodb       wolfSSL_X509V3_set_ctx_nodb

source/libs/libwolfssl/quic.h

@@ -0,0 +1,297 @@
+/* quic.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+/* wolfSSL QUIC API */
+
+#ifndef WOLFSSL_QUIC_H
+#define WOLFSSL_QUIC_H
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifdef WOLFSSL_QUIC
+
+/* QUIC operates on three encryption levels which determine
+ * which keys/algos are used for de-/encryption. These are
+ * kept separately for incoming and outgoing data and.
+ * Due to the nature of UDP, more than one might be in use
+ * at the same time due to resends or out-of-order arrivals.
+ */
+typedef enum wolfssl_encryption_level_t {
+    wolfssl_encryption_initial = 0,
+    wolfssl_encryption_early_data,
+    wolfssl_encryption_handshake,
+    wolfssl_encryption_application
+} WOLFSSL_ENCRYPTION_LEVEL;
+
+
+/* All QUIC related callbacks to the application.
+ */
+typedef struct wolfssl_quic_method_t WOLFSSL_QUIC_METHOD;
+
+struct wolfssl_quic_method_t {
+    /**
+     * Provide secrets to the QUIC stack when they becaome available in the SSL
+     * instance during handshake processing. read/write secrets have the same
+     * length. A call may only provide one, passing NULL as the other.
+     */
+    int (*set_encryption_secrets)(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+                                  const uint8_t* read_secret,
+                                  const uint8_t* write_secret,
+                                  size_t secret_len);
+    /**
+     * Provide handshake packets to the QUIC stack to send to the peer. The
+     * QUIC stack will wrap these and take care of re-transmissions.
+     */
+    int (*add_handshake_data)(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+                              const uint8_t* data, size_t len);
+    /**
+     * Flush any buffered packets during handshake.
+     */
+    int (*flush_flight)(WOLFSSL* ssl);
+    /**
+     * Send a TLS alert that happend during handshake. In QUIC, such alerts
+     * lead to connection shutdown.
+     */
+    int (*send_alert)(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+                      uint8_t alert);
+};
+
+
+/**
+ * Mark the given SSL context for QUIC protocol handling. Meaning all
+ * SSL instances derived from it will inherit this. Provides all callbacks
+ * to the QUIC application the SSL stack needs.
+ */
+WOLFSSL_API
+int wolfSSL_CTX_set_quic_method(WOLFSSL_CTX* ctx,
+                                const WOLFSSL_QUIC_METHOD* quic_method);
+/**
+ * Mark extactly this SSL instance for QUIC protocol handling.
+ * Provides all callbacks to the QUIC application the SSL stack needs.
+ */
+WOLFSSL_API
+int wolfSSL_set_quic_method(WOLFSSL* ssl,
+                            const WOLFSSL_QUIC_METHOD* quic_method);
+
+/**
+ * Check if QUIC handling has been installed on the given SSL instance.
+ */
+WOLFSSL_API int wolfSSL_is_quic(WOLFSSL* ssl);
+
+/**
+ * Return the current encryption level of the SSL instance for READs.
+ */
+WOLFSSL_API
+WOLFSSL_ENCRYPTION_LEVEL  wolfSSL_quic_read_level(const WOLFSSL* ssl);
+
+/**
+ * Return the current encryption level of the SSL instance for WRITEs.
+ */
+WOLFSSL_API
+WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level(const WOLFSSL* ssl);
+
+
+/**
+ * Configure the QUIC transport version to use. On `use_legacy` != 0,
+ * selects TLSX_KEY_QUIC_TP_PARAMS_DRAFT, otherwise TLSX_KEY_QUIC_TP_PARAMS.
+ * This method is part of the BoringSSL API and replicated here for app
+ * portability (as in quictls/openssl).
+ */
+WOLFSSL_API
+void wolfSSL_set_quic_use_legacy_codepoint(WOLFSSL* ssl, int use_legacy);
+
+/**
+ * Set the TLS extension for the transport parameter version to announce
+ * to the peer. Known values are TLSX_KEY_QUIC_TP_PARAMS (V1) and
+ * TLSX_KEY_QUIC_TP_PARAMS_DRAFT.
+ * Setting it to 0 will announce both V1 and draft versions to a server.
+ * Servers will, on 0, select the latest version seen from the client.
+ * Default is 0.
+ */
+WOLFSSL_API
+void wolfSSL_set_quic_transport_version(WOLFSSL* ssl, int version);
+
+/**
+ * Get the configured transport version.
+ */
+WOLFSSL_API int wolfSSL_get_quic_transport_version(const WOLFSSL* ssl);
+
+/**
+ * Set the raw QUIC transport parameter that will be sent in the TLS extension
+ * to the peer, using the configured transport version(s).
+ */
+WOLFSSL_API int wolfSSL_set_quic_transport_params(WOLFSSL* ssl,
+                                                  const uint8_t* params,
+                                                  size_t params_len);
+/**
+ * Get the raw QUIC transport parameter as retrieved via TLS Extension
+ * from the peer. If the peer announced several versions,
+ * return the latest one.
+ * If the extension has not arrived yet, initializes out parameter to
+ * NULL, resp. 0.
+ */
+WOLFSSL_API
+void wolfSSL_get_peer_quic_transport_params(const WOLFSSL* ssl,
+                                            const uint8_t* *out_params,
+                                            size_t* out_params_len);
+
+/**
+ * Get the QUIC version negotiated with the peer during the handshake.
+ */
+WOLFSSL_API int wolfSSL_get_peer_quic_transport_version(const WOLFSSL* ssl);
+
+#ifdef WOLFSSL_EARLY_DATA
+WOLFSSL_API void wolfSSL_set_quic_early_data_enabled(WOLFSSL* ssl, int enabled);
+#endif
+
+/**
+ * Advisory amount of the maximum data a QUIC protocol handler should have
+ * in flight. This varies during handshake processing, for example certficate
+ * exchange will increase the limit.
+ */
+WOLFSSL_API
+size_t wolfSSL_quic_max_handshake_flight_len(const WOLFSSL* ssl,
+                                             WOLFSSL_ENCRYPTION_LEVEL level);
+
+
+/**
+ * The QUIC protocol handler provides peer TLS records to the SSL instance
+ * during handshake to progress it. The SSL instance will use the registered
+ * callbacks to send packets to the peer.
+ * Encryption level is provided to indicate how to decrypt the data. Data may
+ * be added for levels not yet reached by the SSL instance. However, data
+ * may only be added in ever increasing levels and levels may only increase
+ * at TLS record boundaries. Any violation will make this function fail.
+ */
+WOLFSSL_API
+int wolfSSL_provide_quic_data(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+                              const uint8_t* data, size_t len);
+
+WOLFSSL_API
+int wolfSSL_quic_do_handshake(WOLFSSL* ssl);
+
+/**
+ * Process any CRYPTO data added post-handshake.
+ */
+WOLFSSL_API int wolfSSL_process_quic_post_handshake(WOLFSSL* ssl);
+
+/**
+ * Process any pending input and flush all output. Can be invoked
+ * during and/or after handshake processing.
+ */
+WOLFSSL_API int wolfSSL_quic_read_write(WOLFSSL* ssl);
+
+/**
+ * Get the AEAD cipher that is currently selected in the SSL instance.
+ * Will return NULL if none has been selected so far. This is used by the
+ * QUIC stack to encrypt/decrypt packets after the handshake.
+ */
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl);
+
+/**
+ * Use to classify the AEAD cipher for key reuse limits.
+ */
+WOLFSSL_API int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER* aead_cipher);
+WOLFSSL_API int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER* aead_cipher);
+WOLFSSL_API
+int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER* aead_cipher);
+
+/**
+ * Get the 'tag' length used by the AEAD cipher. Encryption buffer lengths
+ * are plaintext length plus this tag length.
+ */
+WOLFSSL_API
+size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher);
+
+/**
+ * The message digest currently selected in the SSL instance.
+ */
+WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_quic_get_md(WOLFSSL* ssl);
+
+/**
+ * The QUIC header protection cipher matching the AEAD cipher currently
+ * selected in the SSL instance.
+ */
+WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_hp(WOLFSSL* ssl);
+
+/**
+ * Create and initialize a cipher context for use in en- or decryption.
+ */
+WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX*
+wolfSSL_quic_crypt_new(const WOLFSSL_EVP_CIPHER* cipher,
+                       const uint8_t* key, const uint8_t* iv, int encrypt);
+
+/**
+ * Use a previously created cipher context to encrypt the given plain text.
+ */
+WOLFSSL_API
+int wolfSSL_quic_aead_encrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* aead_ctx,
+                              const uint8_t* plain, size_t plainlen,
+                              const uint8_t* iv, const uint8_t* aad,
+                              size_t aadlen);
+/**
+ * Use a previously created cipher context to decrypt the given encoded text.
+ */
+WOLFSSL_API
+int wolfSSL_quic_aead_decrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx,
+                              const uint8_t* enc, size_t enclen,
+                              const uint8_t* iv, const uint8_t* aad,
+                              size_t aadlen);
+
+/**
+ * Extract a pseudo-random key, using the given message digest, a secret
+ * and a salt. The key size is the size of the digest.
+ */
+WOLFSSL_API
+int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md,
+                              const uint8_t* secret, size_t secretlen,
+                              const uint8_t* salt, size_t saltlen);
+/**
+ * Expand a pseudo-random key (secret) into a new key, using the mesasge
+ * digest and the info bytes.
+ */
+WOLFSSL_API
+int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
+                             const WOLFSSL_EVP_MD* md,
+                             const uint8_t* secret, size_t secretlen,
+                             const uint8_t* info, size_t infolen);
+
+/**
+ * Extract and extpand secret, salt and info into a new key.
+ */
+WOLFSSL_API
+int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
+                      const WOLFSSL_EVP_MD* md,
+                      const uint8_t* secret, size_t secretlen,
+                      const uint8_t* salt, size_t saltlen,
+                      const uint8_t* info, size_t infolen);
+
+#endif /* WOLFSSL_QUIC */
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_QUIC_H */

source/libs/libwolfssl/sniffer.h

@@ -1,6 +1,6 @@
 /* sniffer.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,6 +27,11 @@
 #include <libs/libwolfssl/wolfcrypt/settings.h>
 #include <libs/libwolfssl/wolfcrypt/asn_public.h>
 
+#ifdef HAVE_WOLF_EVENT
+    #include <libs/libwolfssl/wolfcrypt/wolfevent.h>
+#endif
+
+
 #ifdef _WIN32
     #ifdef SSL_SNIFFER_EXPORTS
         #define SSL_SNIFFER_API __declspec(dllexport)
@@ -42,6 +47,22 @@
     extern "C" {
 #endif
 
+
+typedef struct IpAddrInfo {
+    int version;
+    union {
+        word32 ip4;
+        byte   ip6[16];
+    };
+} IpAddrInfo;
+
+typedef struct SnifferStreamInfo {
+    IpAddrInfo src;          /* server address in network byte order */
+    IpAddrInfo dst;          /* client address in network byte order */
+    word16            dstPort;         /* server port */
+    word16            srcPort;         /* client port */
+} SnifferStreamInfo;
+
 /* @param typeK: (formerly keyType) was shadowing a global declaration in
  *                wolfssl/wolfcrypt/asn.h line 175
  */
@@ -119,9 +140,15 @@ SSL_SNIFFER_API int ssl_GetSessionStats(unsigned int* active,
                                         unsigned int* reassemblyMemory,
                                         char* error);
 
-WOLFSSL_API void ssl_InitSniffer(void);
+WOLFSSL_API
+SSL_SNIFFER_API void ssl_InitSniffer(void);
+WOLFSSL_API
+SSL_SNIFFER_API void ssl_InitSniffer_ex(int devId);
+WOLFSSL_API
+SSL_SNIFFER_API void ssl_InitSniffer_ex2(int threadNum);
 
-WOLFSSL_API void ssl_FreeSniffer(void);
+WOLFSSL_API
+SSL_SNIFFER_API void ssl_FreeSniffer(void);
 
 
 /* ssl_SetPrivateKey typeKs */
@@ -167,46 +194,45 @@ SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx);
 
 typedef struct SSLStats
 {
-    unsigned long int sslStandardConns;
+    unsigned long int sslStandardConns;      /* server_hello count not including resumed sessions */
-    unsigned long int sslClientAuthConns;
+    unsigned long int sslClientAuthConns;    /* client's who have presented certificates (mutual authentication) */
-    unsigned long int sslResumedConns;
+    unsigned long int sslResumedConns;       /* resumed connections */
-    unsigned long int sslEphemeralMisses;
+    unsigned long int sslEphemeralMisses;    /* TLS v1.2 and older PFS / ephemeral connections missed (not able to decrypt) */
-    unsigned long int sslResumeMisses;
+    unsigned long int sslResumeMisses;       /* Resumption sessions not found */
-    unsigned long int sslCiphersUnsupported;
+    unsigned long int sslCiphersUnsupported; /* No cipher suite match found when compared to supported */
-    unsigned long int sslKeysUnmatched;
+    unsigned long int sslKeysUnmatched;      /* Key callback failures (not found). Applies to WOLFSSL_SNIFFER_WATCH only */
-    unsigned long int sslKeyFails;
+    unsigned long int sslKeyFails;           /* Failures loading or using keys */
-    unsigned long int sslDecodeFails;
+    unsigned long int sslDecodeFails;        /* Dropped packets (not application_data or match protocol version) */
-    unsigned long int sslAlerts;
+    unsigned long int sslAlerts;             /* Number of decoded alert messages */
-    unsigned long int sslDecryptedBytes;
+    unsigned long int sslDecryptedBytes;     /* Number of decrypted bytes */
-    unsigned long int sslEncryptedBytes;
+    unsigned long int sslEncryptedBytes;     /* Number of encrypted bytes */
-    unsigned long int sslEncryptedPackets;
+    unsigned long int sslEncryptedPackets;   /* Number of encrypted packets */
-    unsigned long int sslDecryptedPackets;
+    unsigned long int sslDecryptedPackets;   /* Number of decrypted packets */
-    unsigned long int sslKeyMatches;
+    unsigned long int sslKeyMatches;         /* Key callback successes (failures tracked in sslKeysUnmatched). Applies to WOLFSSL_SNIFFER_WATCH only. */
-    unsigned long int sslEncryptedConns;
+    unsigned long int sslEncryptedConns;     /* Number of created sniffer sessions */
-    unsigned long int sslResumptionInserts;
+    unsigned long int sslResumptionInserts;  /* Number of sessions reused with resumption */
 } SSLStats;
 
-
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_ResetStatistics(void);
 
-
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_ReadStatistics(SSLStats* stats);
 
-
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats);
 
+
+#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_TLS13)
+/* macro indicating support for key callback */
+#undef  WOLFSSL_SNIFFER_KEY_CALLBACK
+#define WOLFSSL_SNIFFER_KEY_CALLBACK
+
 typedef int (*SSLKeyCb)(void* vSniffer, int namedGroup,
     const unsigned char* srvPub, unsigned int srvPubSz,
     const unsigned char* cliPub, unsigned int cliPubSz,
     DerBuffer* privKey, void* cbCtx, char* error);
 
-#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_TLS13)
-/* macro indicating support for key callback */
-#undef  WOLFSSL_SNIFFER_KEY_CALLBACK
-#define WOLFSSL_SNIFFER_KEY_CALLBACK
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_SetKeyCallback(SSLKeyCb cb, void* cbCtx);
 #endif
@@ -270,6 +296,24 @@ SSL_SNIFFER_API int ssl_DecodePacketWithChainSessionInfoStoreData(
         char* error);
 #endif
 
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_DecodePacket_GetStream(SnifferStreamInfo* info,
+        const byte* packet, int length, char* error);
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_DecodePacketAsync(void* packet, unsigned int packetSz,
+    int isChain, unsigned char** data, char* error, SSLInfo* sslInfo,
+    void* userCtx);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_PollSniffer(WOLF_EVENT** events, int maxEvents,
+    WOLF_EVENT_FLAG flags, int* eventCount);
+
+#endif /* WOLFSSL_ASYNC_CRYPT */
+
+
 
 #ifdef __cplusplus
     }  /* extern "C" */

source/libs/libwolfssl/sniffer_error.h

@@ -1,6 +1,6 @@
 /* sniffer_error.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -138,6 +138,10 @@
 #define CHAIN_INPUT_STR 93
 #define GOT_ENC_EXT_STR 94
 #define GOT_HELLO_RETRY_REQ_STR 95
+
+#define SNIFFER_KEY_SETUP_STR 96
+#define UNSUPPORTED_TLS_VER_STR 97
+#define KEY_MISMATCH_STR 98
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
 
 

source/libs/libwolfssl/version.h

@@ -1,6 +1,6 @@
 /* wolfssl_version.h.in
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "4.8.1"
+#define LIBWOLFSSL_VERSION_STRING "5.5.4"
-#define LIBWOLFSSL_VERSION_HEX 0x04008001
+#define LIBWOLFSSL_VERSION_HEX 0x05005004
 
 #ifdef __cplusplus
 }

source/libs/libwolfssl/wolfcrypt/aes.h

@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,24 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
 
 #ifdef WOLFSSL_XILINX_CRYPT
-#include "xsecure_aes.h"
+#ifdef WOLFSSL_XILINX_CRYPT_VERSAL
+#include <libs/libwolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h>
+#include <xsecure_aesclient.h>
+#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
+#else /* versal */
+#include <xsecure_aes.h>
+#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
+#endif /* !versal */
+#endif /* WOLFSSL_XILINX_CRYPT */
+
+#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX_AES)
+#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
+#define WOLFSSL_XILINX_AES_KEY_SRC 0
+#endif /* !defined(WOLFSSL_XILINX_AES_KEY_SRC) */
+#endif /* all Xilinx crypto */
+
+#ifdef WOLFSSL_SE050
+    #include <libs/libwolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 
 #if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES)
@@ -75,6 +92,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #include <libs/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
 #endif
 
+#if defined(WOLFSSL_KCAPI_AES)
+#include <libs/libwolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
+#endif
+
 #if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)
 #include <libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 #endif
@@ -88,13 +109,21 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <libs/libwolfssl/wolfcrypt/random.h>
 #endif
 
+#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
+#include <psa/crypto.h>
+#endif
+
 #if defined(WOLFSSL_CRYPTOCELL)
     #include <libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
 #endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
     defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
-    #include <libs/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #include <libs/libwolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h>
+#endif
+
+#ifdef WOLFSSL_MAXQ10XX_CRYPTO
+    #include <libs/libwolfssl/wolfcrypt/port/maxim/maxq10xx.h>
 #endif
 
 #ifdef __cplusplus
@@ -131,7 +160,7 @@ enum {
     KEYWRAP_BLOCK_SIZE  = 8,
 
     GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */
-    GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
+    GCM_NONCE_MID_SZ = 12, /* The default nonce size for AES-GCM. */
     GCM_NONCE_MIN_SZ = 8,  /* wolfCrypt's minimum nonce size allowed. */
     CCM_NONCE_MIN_SZ = 7,
     CCM_NONCE_MAX_SZ = 13,
@@ -147,7 +176,7 @@ enum {
     AES_XTS_MODE = 3,
 #endif
 
-#ifdef HAVE_PKCS11
+#ifdef WOLF_PRIVATE_KEY_ID
     AES_MAX_ID_LEN      = 32,
     AES_MAX_LABEL_LEN   = 32,
 #endif
@@ -174,6 +203,13 @@ struct Aes {
     word32 aadLen;  /* additional authenticated data len */
 #endif
 
+#ifdef WOLFSSL_SE050
+    sss_symmetric_t aes_ctx; /* used as the function context */
+    int ctxInitDone;
+    word32 keyId;
+    byte   keyIdSet;
+    byte   useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */
+#endif
 #ifdef GCM_TABLE
     /* key-based fast multiplication table. */
     ALIGN16 byte M0[256][AES_BLOCK_SIZE];
@@ -188,6 +224,9 @@ struct Aes {
     word32 y0;
 #endif
 #endif /* HAVE_AESGCM */
+#ifdef WOLFSSL_CAAM
+    int blackKey; /* black key / hsm key id */
+#endif
 #ifdef WOLFSSL_AESNI
     byte use_aesni;
 #endif /* WOLFSSL_AESNI */
@@ -195,7 +234,7 @@ struct Aes {
     int    devId;
     void*  devCtx;
 #endif
-#ifdef HAVE_PKCS11
+#ifdef WOLF_PRIVATE_KEY_ID
     byte id[AES_MAX_ID_LEN];
     int  idLen;
     char label[AES_MAX_LABEL_LEN];
@@ -209,9 +248,16 @@ struct Aes {
     word32  left;            /* unused bytes left from last call */
 #endif
 #ifdef WOLFSSL_XILINX_CRYPT
+#ifdef WOLFSSL_XILINX_CRYPT_VERSAL
+    wc_Xsecure          xSec;
+    XSecure_AesKeySize  xKeySize;
+    int                 aadStyle;
+    byte                keyInit[WOLFSSL_XSECURE_AES_KEY_SIZE] ALIGN64;
+#else
     XSecure_Aes xilAes;
     XCsuDma     dma;
-    word32      key_init[8];
+    word32      keyInit[8];
+#endif
     word32      kup;
 #endif
 #if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES)
@@ -224,9 +270,14 @@ struct Aes {
                   GCM_NONCE_MID_SZ)];
 #endif
 #endif
+#if defined(WOLFSSL_KCAPI_AES)
+    struct kcapi_handle* handle;
+    int                  init;
+#endif
 #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \
     (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \
-    (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES))
+    (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \
+    defined(WOLFSSL_KCAPI_AES)
     word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */
 #ifdef HAVE_CAVIUM_OCTEON_SYNC
     int    keySet;
@@ -243,11 +294,23 @@ struct Aes {
     defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
     TSIP_AES_CTX ctx;
 #endif
+#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+    SCE_AES_CTX ctx;
+#endif
 #if defined(WOLFSSL_IMXRT_DCP)
     dcp_handle_t handle;
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
     silabs_aes_t ctx;
+#endif
+#ifdef WOLFSSL_MAXQ10XX_CRYPTO
+    maxq_aes_t maxq_ctx;
+#endif
+#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
+    psa_key_id_t key_id;
+    psa_cipher_operation_t psa_ctx;
+    int ctx_initialized;
+    int key_need_importing;
 #endif
     void*  heap; /* memory hint to use */
 #ifdef WOLFSSL_AESGCM_STREAM
@@ -351,10 +414,27 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
 #endif
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)
+#if defined(HAVE_FIPS) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
  WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
  WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
  WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
                                 const byte* iv, int dir);
+#elif defined(BUILDING_WOLFSSL)
+ WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEncryptDirect(Aes* aes, byte* out,
+                                                        const byte* in);
+ WOLFSSL_API WARN_UNUSED_RESULT int wc_AesDecryptDirect(Aes* aes, byte* out,
+                                                        const byte* in);
+ WOLFSSL_API WARN_UNUSED_RESULT int wc_AesSetKeyDirect(Aes* aes,
+                                                       const byte* key,
+                                                       word32 len,
+                                const byte* iv, int dir);
+#else
+ WOLFSSL_API int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
+ WOLFSSL_API int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
+ WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
+                                const byte* iv, int dir);
+#endif
 #endif
 
 #ifdef HAVE_AESGCM
@@ -488,7 +568,7 @@ WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
 WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize);
 
 WOLFSSL_API int  wc_AesInit(Aes* aes, void* heap, int devId);
-#ifdef HAVE_PKCS11
+#ifdef WOLF_PRIVATE_KEY_ID
 WOLFSSL_API int  wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap,
         int devId);
 WOLFSSL_API int  wc_AesInit_Label(Aes* aes, const char* label, void* heap,
@@ -496,6 +576,17 @@ WOLFSSL_API int  wc_AesInit_Label(Aes* aes, const char* label, void* heap,
 #endif
 WOLFSSL_API void wc_AesFree(Aes* aes);
 
+#ifdef WOLFSSL_AES_SIV
+WOLFSSL_API
+int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
+                     word32 assocSz, const byte* nonce, word32 nonceSz,
+                     const byte* in, word32 inSz, byte* siv, byte* out);
+WOLFSSL_API
+int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
+                     word32 assocSz, const byte* nonce, word32 nonceSz,
+                     const byte* in, word32 inSz, byte* siv, byte* out);
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

source/libs/libwolfssl/wolfcrypt/arc4.h

@@ -1,6 +1,6 @@
 /* arc4.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,11 +53,12 @@ typedef struct Arc4 {
     void* heap;
 } Arc4;
 
-WOLFSSL_API int wc_Arc4Process(Arc4*, byte*, const byte*, word32);
+WOLFSSL_API int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in,
-WOLFSSL_API int wc_Arc4SetKey(Arc4*, const byte*, word32);
+                               word32 length);
+WOLFSSL_API int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length);
 
-WOLFSSL_API int  wc_Arc4Init(Arc4*, void*, int);
+WOLFSSL_API int  wc_Arc4Init(Arc4* arc4, void* heap, int devId);
-WOLFSSL_API void wc_Arc4Free(Arc4*);
+WOLFSSL_API void wc_Arc4Free(Arc4* arc4);
 
 #ifdef __cplusplus
     } /* extern "C" */

source/libs/libwolfssl/wolfcrypt/asn_public.h

@@ -1,6 +1,6 @@
 /* asn_public.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,6 +33,7 @@ This library defines the interface APIs for X509 certificates.
 
 #include <libs/libwolfssl/wolfcrypt/types.h>
 #include <libs/libwolfssl/wolfcrypt/dsa.h>
+#include <libs/libwolfssl/wolfcrypt/random.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -47,22 +48,38 @@ This library defines the interface APIs for X509 certificates.
     typedef struct ed25519_key ed25519_key;
     #define WC_ED25519KEY_TYPE_DEFINED
 #endif
+#ifndef WC_CURVE25519KEY_TYPE_DEFINED
+    typedef struct curve25519_key curve25519_key;
+    #define WC_CURVE25519KEY_TYPE_DEFINED
+#endif
 #ifndef WC_ED448KEY_TYPE_DEFINED
     typedef struct ed448_key ed448_key;
     #define WC_ED448KEY_TYPE_DEFINED
 #endif
+#ifndef WC_CURVE448KEY_TYPE_DEFINED
+    typedef struct curve448_key curve448_key;
+    #define WC_CURVE448KEY_TYPE_DEFINED
+#endif
 #ifndef WC_RSAKEY_TYPE_DEFINED
     typedef struct RsaKey RsaKey;
     #define WC_RSAKEY_TYPE_DEFINED
 #endif
-#ifndef WC_RNG_TYPE_DEFINED
-    typedef struct WC_RNG WC_RNG;
-    #define WC_RNG_TYPE_DEFINED
-#endif
 #ifndef WC_DH_TYPE_DEFINED
     typedef struct DhKey DhKey;
     #define WC_DH_TYPE_DEFINED
 #endif
+#ifndef WC_FALCONKEY_TYPE_DEFINED
+    typedef struct falcon_key falcon_key;
+    #define WC_FALCONKEY_TYPE_DEFINED
+#endif
+#ifndef WC_DILITHIUMKEY_TYPE_DEFINED
+    typedef struct dilithium_key dilithium_key;
+    #define WC_DILITHIUMKEY_TYPE_DEFINED
+#endif
+#ifndef WC_SPHINCSKEY_TYPE_DEFINED
+    typedef struct sphincs_key sphincs_key;
+    #define WC_SPHINCSKEY_TYPE_DEFINED
+#endif
 
 enum Ecc_Sum {
     ECC_SECP112R1_OID = 182,
@@ -125,6 +142,22 @@ enum CertType {
     PKCS8_ENC_PRIVATEKEY_TYPE,
     DETECT_CERT_TYPE,
     DH_PRIVATEKEY_TYPE,
+    X942_PARAM_TYPE,
+    FALCON_LEVEL1_TYPE,
+    FALCON_LEVEL5_TYPE,
+    DILITHIUM_LEVEL2_TYPE,
+    DILITHIUM_LEVEL3_TYPE,
+    DILITHIUM_LEVEL5_TYPE,
+    DILITHIUM_AES_LEVEL2_TYPE,
+    DILITHIUM_AES_LEVEL3_TYPE,
+    DILITHIUM_AES_LEVEL5_TYPE,
+    SPHINCS_FAST_LEVEL1_TYPE,
+    SPHINCS_FAST_LEVEL3_TYPE,
+    SPHINCS_FAST_LEVEL5_TYPE,
+    SPHINCS_SMALL_LEVEL1_TYPE,
+    SPHINCS_SMALL_LEVEL3_TYPE,
+    SPHINCS_SMALL_LEVEL5_TYPE,
+
 };
 
 
@@ -155,8 +188,27 @@ enum Ctc_SigType {
     CTC_SHA3_384wRSA = 429,
     CTC_SHA3_512wRSA = 430,
 
+    CTC_RSASSAPSS    = 654,
+
     CTC_ED25519      = 256,
-    CTC_ED448        = 257
+    CTC_ED448        = 257,
+
+    CTC_FALCON_LEVEL1 = 268,
+    CTC_FALCON_LEVEL5 = 271,
+
+    CTC_DILITHIUM_LEVEL2     = 213,
+    CTC_DILITHIUM_LEVEL3     = 216,
+    CTC_DILITHIUM_LEVEL5     = 220,
+    CTC_DILITHIUM_AES_LEVEL2 = 217,
+    CTC_DILITHIUM_AES_LEVEL3 = 221,
+    CTC_DILITHIUM_AES_LEVEL5 = 224,
+
+    CTC_SPHINCS_FAST_LEVEL1  = 281,
+    CTC_SPHINCS_FAST_LEVEL3  = 283,
+    CTC_SPHINCS_FAST_LEVEL5  = 282,
+    CTC_SPHINCS_SMALL_LEVEL1 = 287,
+    CTC_SPHINCS_SMALL_LEVEL3 = 285,
+    CTC_SPHINCS_SMALL_LEVEL5 = 286,
 };
 
 enum Ctc_Encoding {
@@ -170,6 +222,11 @@ enum Ctc_Encoding {
 #ifndef WC_CTC_MAX_ALT_SIZE
     #define WC_CTC_MAX_ALT_SIZE 16384
 #endif
+#ifdef WOLFSSL_CERT_EXT
+    #ifndef WC_CTC_MAX_CRLINFO_SZ
+        #define WC_CTC_MAX_CRLINFO_SZ 200
+    #endif
+#endif
 
 enum Ctc_Misc {
     CTC_COUNTRY_SIZE  =     2,
@@ -178,13 +235,19 @@ enum Ctc_Misc {
     CTC_MAX_ALT_SIZE  = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */
     CTC_SERIAL_SIZE   =    20,
     CTC_GEN_SERIAL_SZ =    16,
+    CTC_FILETYPE_ASN1 =     2,
+    CTC_FILETYPE_PEM  =     1,
+    CTC_FILETYPE_DEFAULT =  2,
 #ifdef WOLFSSL_CERT_EXT
     /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum
      * We support only hash */
     CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
     CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
-    CTC_MAX_CERTPOL_SZ = 64,
+    CTC_MAX_CERTPOL_SZ = 200, /* RFC 5280 Section 4.2.1.4 */
-    CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */
+    CTC_MAX_CERTPOL_NB = 2, /* Max number of Certificate Policy */
+    CTC_MAX_CRLINFO_SZ = WC_CTC_MAX_CRLINFO_SZ, /* Arbitrary size that should be
+                                                 * enough for at least two
+                                                 * distribution points. */
 #endif /* WOLFSSL_CERT_EXT */
 };
 
@@ -205,21 +268,35 @@ typedef struct WOLFSSL_ASN1_TIME {
 
 enum {
     IV_SZ   = 32,                   /* max iv sz */
+#ifdef OPENSSL_ALL
+    NAME_SZ = 160,                  /* larger max one line, allows for longer
+                                       encryption password support */
+#else
     NAME_SZ = 80,                   /* max one line */
+#endif
 
     PEM_PASS_READ  = 0,
     PEM_PASS_WRITE = 1,
 };
 
-
+typedef int (wc_pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
-typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
+#ifndef OPENSSL_COEXIST
+/* In the past, wc_pem_password_cb was called pem_password_cb, which is the same
+ * name as an identical typedef in OpenSSL. We don't want to break existing code
+ * that uses the name pem_password_cb, so we define it here as a macro alias for
+ * wc_pem_password_cb. In cases where a user needs to use both OpenSSL and
+ * wolfSSL headers in the same code, they should define OPENSSL_COEXIST to
+ * avoid errors stemming from the typedef being declared twice. */
+#define pem_password_cb wc_pem_password_cb
+#endif
 
 typedef struct EncryptedInfo {
-    pem_password_cb* passwd_cb;
-    void*            passwd_userdata;
-
     long     consumed;         /* tracks PEM bytes consumed */
 
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+    wc_pem_password_cb* passwd_cb;
+    void*               passwd_userdata;
+
     int      cipherType;
     word32   keySz;
     word32   ivSz;             /* salt or encrypted IV size */
@@ -228,6 +305,7 @@ typedef struct EncryptedInfo {
     byte     iv[IV_SZ];        /* salt or encrypted IV */
 
     word16   set:1;            /* if encryption set */
+#endif
 } EncryptedInfo;
 
 
@@ -262,8 +340,7 @@ typedef struct WOLFSSL_ASN1_INTEGER {
 #endif
 #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
 
-#ifdef WOLFSSL_CERT_GEN
+#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-
 #ifdef WOLFSSL_MULTI_ATTRIB
 #ifndef CTC_MAX_ATTRIB
     #define CTC_MAX_ATTRIB 4
@@ -277,17 +354,49 @@ typedef struct NameAttrib {
     char value[CTC_NAME_SIZE];   /* name */
 } NameAttrib;
 #endif /* WOLFSSL_MULTI_ATTRIB */
+#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
+#ifdef WOLFSSL_CERT_GEN
+#ifdef WOLFSSL_CUSTOM_OID
+typedef struct CertOidField {
+    byte*  oid;
+    byte*  val;
+    int    oidSz;
+    int    valSz;
+    char   enc;
+} CertOidField;
 
+typedef struct CertExtension {
+    const char* oid;
+    byte        crit;
+    const byte* val;
+    int         valSz;
+} CertExtension;
+#endif
+#endif /* WOLFSSL_CERT_GEN */
+
+#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 typedef struct CertName {
     char country[CTC_NAME_SIZE];
     char countryEnc;
     char state[CTC_NAME_SIZE];
     char stateEnc;
+    char street[CTC_NAME_SIZE];
+    char streetEnc;
     char locality[CTC_NAME_SIZE];
     char localityEnc;
     char sur[CTC_NAME_SIZE];
     char surEnc;
+#ifdef WOLFSSL_CERT_NAME_ALL
+    char givenName[CTC_NAME_SIZE];
+    char givenNameEnc;
+    char initials[CTC_NAME_SIZE];
+    char initialsEnc;
+    char dnQualifier[CTC_NAME_SIZE];
+    char dnQualifierEnc;
+    char dnName[CTC_NAME_SIZE];
+    char dnNameEnc;
+#endif /* WOLFSSL_CERT_NAME_ALL */
     char org[CTC_NAME_SIZE];
     char orgEnc;
     char unit[CTC_NAME_SIZE];
@@ -296,6 +405,10 @@ typedef struct CertName {
     char commonNameEnc;
     char serialDev[CTC_NAME_SIZE];
     char serialDevEnc;
+    char userId[CTC_NAME_SIZE];
+    char userIdEnc;
+    char postalCode[CTC_NAME_SIZE];
+    char postalCodeEnc;
 #ifdef WOLFSSL_CERT_EXT
     char busCat[CTC_NAME_SIZE];
     char busCatEnc;
@@ -308,8 +421,17 @@ typedef struct CertName {
 #ifdef WOLFSSL_MULTI_ATTRIB
     NameAttrib name[CTC_MAX_ATTRIB];
 #endif
+#ifdef WOLFSSL_CUSTOM_OID
+    CertOidField custom;
+#endif
 } CertName;
+#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL*/
 
+#ifdef WOLFSSL_CERT_GEN
+
+#ifndef NUM_CUSTOM_EXT
+#define NUM_CUSTOM_EXT 16
+#endif
 
 /* for user to fill for certificate generation */
 typedef struct Cert {
@@ -322,24 +444,40 @@ typedef struct Cert {
     int      selfSigned;                /* self signed flag */
     CertName subject;                   /* subject info */
     int      isCA;                      /* is this going to be a CA */
+    byte     pathLen;                   /* max depth of valid certification
+                                         * paths that include this cert */
     /* internal use only */
     int      bodySz;                    /* pre sign total size */
     int      keyType;                   /* public key type of subject */
 #ifdef WOLFSSL_ALT_NAMES
     byte     altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
     int      altNamesSz;                 /* altNames size in bytes */
+#endif
     byte     beforeDate[CTC_DATE_SIZE];  /* before date copy */
     int      beforeDateSz;               /* size of copy */
     byte     afterDate[CTC_DATE_SIZE];   /* after date copy */
     int      afterDateSz;                /* size of copy */
-#endif
 #ifdef WOLFSSL_CERT_EXT
     byte    skid[CTC_MAX_SKID_SIZE];     /* Subject Key Identifier */
     int     skidSz;                      /* SKID size in bytes */
-    byte    akid[CTC_MAX_AKID_SIZE];     /* Authority Key Identifier */
+    byte    akid[CTC_MAX_AKID_SIZE
+#ifdef WOLFSSL_AKID_NAME
+              + sizeof(CertName) + CTC_SERIAL_SIZE
+#endif
+              ]; /* Authority Key
+                                                         * Identifier */
     int     akidSz;                      /* AKID size in bytes */
+#ifdef WOLFSSL_AKID_NAME
+    byte    rawAkid;                     /* Set to true if akid is a
+                                          * AuthorityKeyIdentifier object.
+                                          * Set to false if akid is just a
+                                          * KeyIdentifier object. */
+#endif
     word16  keyUsage;                    /* Key Usage */
     byte    extKeyUsage;                 /* Extended Key Usage */
+#ifndef IGNORE_NETSCAPE_CERT_TYPE
+    byte    nsCertType;                  /* Netscape Certificate Type */
+#endif
 #ifdef WOLFSSL_EKU_OID
     /* Extended Key Usage OIDs */
     byte    extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ];
@@ -347,6 +485,8 @@ typedef struct Cert {
 #endif
     char    certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
     word16  certPoliciesNb;              /* Number of Cert Policy */
+    byte    crlInfo[CTC_MAX_CRLINFO_SZ]; /* CRL Distribution points */
+    int     crlInfoSz;
 #endif
 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
     defined(WOLFSSL_CERT_REQ)
@@ -355,11 +495,25 @@ typedef struct Cert {
 #endif
 #ifdef WOLFSSL_CERT_REQ
     char     challengePw[CTC_NAME_SIZE];
+    char     unstructuredName[CTC_NAME_SIZE];
     int      challengePwPrintableString; /* encode as PrintableString */
+#endif
+#ifdef WOLFSSL_CUSTOM_OID
+    /* user oid and value to go in req extensions */
+    CertOidField extCustom;
+
+    /* Extensions to go into X.509 certificates */
+    CertExtension customCertExt[NUM_CUSTOM_EXT];
+    int customCertExtCount;
 #endif
     void*   decodedCert;      /* internal DecodedCert allocated from heap */
     byte*   der;              /* Pointer to buffer of current DecodedCert cache */
     void*   heap;             /* heap hint */
+    byte    basicConstSet:1;  /* Indicator for when Basic Constaint is set */
+    byte    pathLenSet:1;     /* Indicator for when path length is set */
+#ifdef WOLFSSL_ALT_NAMES
+    byte    altNamesCrit:1;   /* Indicator of criticality of SAN extension */
+#endif
 } Cert;
 
 
@@ -374,38 +528,48 @@ typedef struct Cert {
    isCA       = 0 (false)
    keyType    = RSA_KEY (default)
 */
-WOLFSSL_API int wc_InitCert(Cert*);
+WOLFSSL_ABI WOLFSSL_API int   wc_InitCert(Cert* cert);
+WOLFSSL_ABI WOLFSSL_API Cert* wc_CertNew(void* heap);
+WOLFSSL_ABI WOLFSSL_API void  wc_CertFree(Cert* cert);
+WOLFSSL_API int wc_InitCert_ex(Cert* cert, void* heap, int devId);
 WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
                                int keyType, void* key, WC_RNG* rng);
-WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
+WOLFSSL_ABI
-                             ecc_key*, WC_RNG*);
+WOLFSSL_API int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz,
+                            RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng);
 #ifdef WOLFSSL_CERT_REQ
-    WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
+    WOLFSSL_API int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz,
-                                       int, void*);
+                                      int keyType, void* key);
-    WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
+    WOLFSSL_ABI
-                                    RsaKey*, ecc_key*);
+    WOLFSSL_API int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
+                   RsaKey* rsaKey, ecc_key* eccKey);
 #endif
-WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
+WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf,
                                word32 buffSz, int keyType, void* key,
                                WC_RNG* rng);
-WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
+WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
-                             word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
+                            RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng);
-WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
+WOLFSSL_ABI
-                             WC_RNG*);
+WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
-WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
+                                RsaKey* key, WC_RNG* rng);
-WOLFSSL_API int wc_SetSubject(Cert*, const char*);
+WOLFSSL_ABI WOLFSSL_API int wc_SetIssuer(Cert* cert, const char* issuerFile);
+WOLFSSL_ABI WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile);
 #ifdef WOLFSSL_ALT_NAMES
-    WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
+    WOLFSSL_ABI WOLFSSL_API int wc_SetAltNames(Cert* cert, const char* file);
 #endif
 
 #ifdef WOLFSSL_CERT_GEN_CACHE
-WOLFSSL_API void wc_SetCert_Free(Cert* cert);
+WOLFSSL_ABI WOLFSSL_API void wc_SetCert_Free(Cert* cert);
 #endif
 
-WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
+WOLFSSL_ABI
-WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
+WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz);
-WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
+WOLFSSL_ABI
-WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
+WOLFSSL_API int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz);
+WOLFSSL_ABI
+WOLFSSL_API int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz);
+WOLFSSL_ABI
+WOLFSSL_API int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz);
 
 #ifndef NO_ASN_TIME
 WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before,
@@ -424,15 +588,12 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType,
 WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
                                                 ecc_key *eckey);
 WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
-WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
+WOLFSSL_ABI WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
+WOLFSSL_ABI
 WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz);
+WOLFSSL_ABI
 WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
 
-#ifdef HAVE_NTRU
-WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
-                                                    word16 ntruKeySz);
-#endif
-
 /* Set the KeyUsage.
  * Value is a string separated tokens with ','. Accepted tokens are :
  * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign,
@@ -456,21 +617,21 @@ WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value);
 WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
                                      byte idx, void* heap);
 #endif /* WOLFSSL_EKU_OID */
-#endif /* WOLFSSL_CERT_EXT */
 
-    #ifdef HAVE_NTRU
+#if defined(WOLFSSL_ASN_TEMPLATE) && defined(WOLFSSL_CUSTOM_OID) && \
-        WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
+    defined(HAVE_OID_ENCODING)
-                                     const byte* ntruKey, word16 keySz,
+WOLFSSL_API int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
-                                     WC_RNG*);
+                                      const byte *der, word32 derSz);
 #endif
 
+#endif /* WOLFSSL_CERT_EXT */
 #endif /* WOLFSSL_CERT_GEN */
 
 WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz,
     const byte** date, byte* format, int* length);
 #ifndef NO_ASN_TIME
 WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length,
-    byte format, struct tm* time);
+    byte format, struct tm* timearg);
 #endif
 
 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
@@ -487,30 +648,33 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
     WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
               DerBuffer** pDer, void* heap, EncryptedInfo* info, int* keyFormat);
 
-    WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
+    WOLFSSL_API int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
-                                   unsigned char*, int, const char*);
+                        unsigned char* buff, int buffSz, const char* pass);
-    WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
+    WOLFSSL_API int wc_CertPemToDer(const unsigned char* pem, int pemSz,
-                                    unsigned char*, int, int);
+                        unsigned char* buff, int buffSz, int type);
 #endif /* WOLFSSL_PEM_TO_DER */
 
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
-    #ifndef NO_FILESYSTEM
+    #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER)
         WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
                                           unsigned char* derBuf, int derSz);
+        WOLFSSL_API int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der);
     #endif
 
-    WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
+    WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
-                                      unsigned char*, int);
+                           unsigned char* buff, int buffSz);
 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
 
 #ifdef WOLFSSL_CERT_GEN
-    #ifndef NO_FILESYSTEM
+    #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER)
         WOLFSSL_API int wc_PemCertToDer(const char* fileName,
                                         unsigned char* derBuf, int derSz);
+        WOLFSSL_API int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der);
     #endif
 #endif /* WOLFSSL_CERT_GEN */
 
 #ifdef WOLFSSL_DER_TO_PEM
+    WOLFSSL_ABI
     WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
                                 word32 outputSz, int type);
     WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
@@ -521,15 +685,30 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
     #if !defined(HAVE_USER_RSA)
     WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
         word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
+    /* For FIPS v1/v2 and selftest this is in rsa.h */
+    #if (!defined(HAVE_SELFTEST) || \
+            (defined(HAVE_SELFTEST) && defined(WOLFSSL_CERT_GEN) && \
+                !defined(WOLFSSL_KEY_GEN))) && \
+        (!defined(HAVE_FIPS) || \
+         !defined(HAVE_FIPS_VERSION) || \
+         ((HAVE_FIPS_VERSION > 2) && \
+         (! ((HAVE_FIPS_VERSION == 5) && (HAVE_FIPS_VERSION_MINOR == 0)))))
+    WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
+    #endif
     #endif
     WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header);
+    WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
+        int with_header);
 #endif
 
 #ifndef NO_DSA
     /* DSA parameter DER helper functions */
-    WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx,
+    WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, DsaKey* key,
-                                       DsaKey*, word32);
+                        word32 inSz);
-    WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen);
+    WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output,
+        word32 inLen);
+    WOLFSSL_API int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output,
+        word32* inLen);
 #endif
 
 #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
@@ -541,73 +720,114 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
 
 #ifdef HAVE_ECC
     /* private key helpers */
-    WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
+    WOLFSSL_ABI
-                                           ecc_key*, word32);
+    WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx,
-    WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
+                                           ecc_key* key, word32 inSz);
+    WOLFSSL_ABI
+    WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen);
     WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output,
                                           word32 inLen);
-    WOLFSSL_API int wc_EccKeyDerSize(ecc_key*, int pub);
+    WOLFSSL_API int wc_EccKeyDerSize(ecc_key* key, int pub);
     WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output,
                                             word32* outLen);
     WOLFSSL_API int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
                                      word32* outLen);
 
     /* public key helper */
-    WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
+    WOLFSSL_ABI
-                                              ecc_key*, word32);
+    WOLFSSL_API int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
-    WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
+                          ecc_key* key, word32 inSz);
+    WOLFSSL_ABI WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key* key, byte* output,
                                          word32 inLen, int with_AlgCurve);
-    WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key*, int with_AlgCurve);
+    WOLFSSL_API int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output,
+                                         word32 inLen, int with_AlgCurve,
+                                         int comp);
+    WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve);
+#endif
+
+/* RFC 5958 (Asymmetric Key Packages) */
+#if !defined(WC_ENABLE_ASYM_KEY_EXPORT) && \
+    ((defined(HAVE_ED25519)    && defined(HAVE_ED25519_KEY_EXPORT)) || \
+     (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \
+     (defined(HAVE_ED448)      && defined(HAVE_ED448_KEY_EXPORT)) || \
+     (defined(HAVE_CURVE448)   && defined(HAVE_CURVE448_KEY_EXPORT)) || \
+     (defined(HAVE_PQC) && (defined(HAVE_FALCON) || \
+                            defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))))
+    #define WC_ENABLE_ASYM_KEY_EXPORT
+#endif
+
+#if !defined(WC_ENABLE_ASYM_KEY_IMPORT) && \
+    ((defined(HAVE_ED25519)    && defined(HAVE_ED25519_KEY_IMPORT)) || \
+     (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \
+     (defined(HAVE_ED448)      && defined(HAVE_ED448_KEY_IMPORT)) || \
+     (defined(HAVE_CURVE448)   && defined(HAVE_CURVE448_KEY_IMPORT)) || \
+     (defined(HAVE_PQC)))
+    #define WC_ENABLE_ASYM_KEY_IMPORT
 #endif
 
 #ifdef HAVE_ED25519
-    /* private key helpers */
 #ifdef HAVE_ED25519_KEY_IMPORT
-    WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*,
+WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                               ed25519_key*, word32);
+                               ed25519_key* key, word32 inSz);
+WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx,
+                              ed25519_key* key, word32 inSz);
 #endif
-
 #ifdef HAVE_ED25519_KEY_EXPORT
 WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output,
                                    word32 inLen);
 WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output,
                                           word32 inLen);
+WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key* key, byte* output,
+                                         word32 inLen, int withAlg);
 #endif
+#endif /* HAVE_ED25519 */
 
-    /* public key helper */
+#ifdef HAVE_CURVE25519
-    WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*,
+#ifdef HAVE_CURVE25519_KEY_IMPORT
-                                              ed25519_key*, word32);
+WOLFSSL_API int wc_Curve25519PrivateKeyDecode(
-    #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) && \
+    const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
-        defined(HAVE_ED25519_KEY_EXPORT)
+WOLFSSL_API int wc_Curve25519PublicKeyDecode(
-
+    const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
-        WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output,
-                                               word32 inLen, int with_AlgCurve);
 #endif
+#ifdef HAVE_CURVE25519_KEY_EXPORT
+WOLFSSL_API int wc_Curve25519PrivateKeyToDer(
+    curve25519_key* key, byte* output, word32 inLen);
+WOLFSSL_API int wc_Curve25519PublicKeyToDer(
+    curve25519_key* key, byte* output, word32 inLen, int withAlg);
 #endif
+#endif /* HAVE_CURVE25519 */
 
 #ifdef HAVE_ED448
-    /* private key helpers */
 #ifdef HAVE_ED448_KEY_IMPORT
-    WOLFSSL_API int wc_Ed448PrivateKeyDecode(const byte*, word32*,
+WOLFSSL_API int wc_Ed448PrivateKeyDecode(
-                                             ed448_key*, word32);
+    const byte* input, word32* inOutIdx, ed448_key* key, word32 inSz);
+WOLFSSL_API int wc_Ed448PublicKeyDecode(
+    const byte* input, word32* inOutIdx, ed448_key* key, word32 inSz);
 #endif
-
 #ifdef HAVE_ED448_KEY_EXPORT
-    WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output,
+WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output, word32 inLen);
-                                     word32 inLen);
+WOLFSSL_API int wc_Ed448PrivateKeyToDer(
-    WOLFSSL_API int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output,
+    ed448_key* key, byte* output, word32 inLen);
-                                            word32 inLen);
+WOLFSSL_API int wc_Ed448PublicKeyToDer(
+    ed448_key* key, byte* output, word32 inLen, int withAlg);
 #endif
+#endif /* HAVE_ED448 */
 
-    /* public key helper */
+#ifdef HAVE_CURVE448
-    WOLFSSL_API int wc_Ed448PublicKeyDecode(const byte*, word32*,
+#ifdef HAVE_CURVE448_KEY_IMPORT
-                                            ed448_key*, word32);
+WOLFSSL_API int wc_Curve448PrivateKeyDecode(const byte* input, word32* inOutIdx,
-    #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) && \
+                               curve448_key* key, word32 inSz);
-        defined(HAVE_ED448_KEY_EXPORT)
+WOLFSSL_API int wc_Curve448PublicKeyDecode(const byte* input, word32* inOutIdx,
-        WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte* output,
+                              curve448_key* key, word32 inSz);
-                                               word32 inLen, int with_AlgCurve);
 #endif
+#ifdef HAVE_CURVE448_KEY_EXPORT
+WOLFSSL_API int wc_Curve448PrivateKeyToDer(curve448_key* key, byte* output,
+                                           word32 inLen);
+WOLFSSL_API int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output,
+                                          word32 inLen, int withAlg);
 #endif
+#endif /* HAVE_CURVE448 */
+
 
 /* DER encode signature */
 WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
@@ -619,11 +839,16 @@ WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input,
 WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
         byte* key, word32 keySz, int algoID, const byte* curveOID,
         word32 oidSz);
-WOLFSSL_API int wc_EncryptPKCS8Key(byte*, word32, byte*, word32*, const char*,
+WOLFSSL_API int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
-        int, int, int, int, byte*, word32, int, WC_RNG*, void*);
+        const char* password, int passwordSz, int vPKCS, int pbeOid,
-WOLFSSL_API int wc_DecryptPKCS8Key(byte*, word32, const char*, int);
+        int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng,
-WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte*, word32, byte*, word32*,
+        void* heap);
-        const char*, int, int, int, int, byte*, word32, int, WC_RNG*, void*);
+WOLFSSL_API int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password,
+        int passwordSz);
+WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte* key, word32 keySz, byte* out,
+        word32* outSz, const char* password, int passwordSz, int vPKCS,
+        int pbeOid, int encAlgId, byte* salt, word32 saltSz, int itt,
+        WC_RNG* rng, void* heap);
 
 #ifndef NO_ASN_TIME
 /* Time */
@@ -634,6 +859,10 @@ WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte*, word32, byte*, word32*,
     rc = wc_GetTime(&lTime, (word32)sizeof(lTime));
 */
 WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize);
+
+typedef time_t (*wc_time_cb)(time_t* t);
+WOLFSSL_API int wc_SetTimeCb(wc_time_cb f);
+WOLFSSL_API time_t wc_Time(time_t* t);
 #endif
 
 #ifdef WOLFSSL_ENCRYPTED_KEYS
@@ -663,7 +892,24 @@ typedef struct _wc_CertPIV {
 WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
 #endif /* WOLFSSL_CERT_PIV */
 
+/* Forward declaration needed, as DecodedCert is defined in asn.h.*/
+struct DecodedCert;
 
+WOLFSSL_API void wc_InitDecodedCert(
+    struct DecodedCert* cert, const byte* source, word32 inSz, void* heap);
+WOLFSSL_API void wc_FreeDecodedCert(struct DecodedCert* cert);
+WOLFSSL_API int  wc_ParseCert(
+    struct DecodedCert* cert, int type, int verify, void* cm);
+
+WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
+                                        byte* derKey, word32* derKeySz);
+
+#ifdef WOLFSSL_FPKI
+WOLFSSL_API int wc_GetUUIDFromCert(struct DecodedCert* cert,
+                                    byte* uuid, word32* uuidSz);
+WOLFSSL_API int wc_GetFASCNFromCert(struct DecodedCert* cert,
+                                    byte* fascn, word32* fascnSz);
+#endif /* WOLFSSL_FPKI */
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

source/libs/libwolfssl/wolfcrypt/blake2-impl.h

@@ -12,7 +12,7 @@
 */
 /* blake2-impl.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/wolfcrypt/blake2-int.h

@@ -12,7 +12,7 @@
 */
 /* blake2-int.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -73,11 +73,11 @@
     byte  node_depth;    /* 15 */
     byte  inner_length;  /* 16 */
     /* byte  reserved[0]; */
-    byte  salt[BLAKE2B_SALTBYTES]; /* 24 */
+    byte  salt[BLAKE2S_SALTBYTES]; /* 24 */
     byte  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
   } blake2s_param;
 
-  typedef struct ALIGN32 __blake2s_state
+  typedef struct __blake2s_state
   {
     word32 h[8];
     word32 t[2];
@@ -102,7 +102,7 @@
     byte  personal[BLAKE2B_PERSONALBYTES];  /* 64 */
   } blake2b_param;
 
-  typedef struct ALIGN64 __blake2b_state
+  typedef struct __blake2b_state
   {
     word64 h[8];
     word64 t[2];
@@ -130,36 +130,36 @@
 #pragma pack(pop)
 
   /* Streaming API */
-  int blake2s_init( blake2s_state *S, const byte outlen );
+  int blake2s_init( blake2s_state *S, byte outlen );
-  int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2s_init_key( blake2s_state *S, byte outlen, const void *key, byte keylen );
   int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
   int blake2s_update( blake2s_state *S, const byte *in, word32 inlen );
   int blake2s_final( blake2s_state *S, byte *out, byte outlen );
 
-  int blake2b_init( blake2b_state *S, const byte outlen );
+  int blake2b_init( blake2b_state *S, byte outlen );
-  int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2b_init_key( blake2b_state *S, byte outlen, const void *key, byte keylen );
   int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
   int blake2b_update( blake2b_state *S, const byte *in, word64 inlen );
   int blake2b_final( blake2b_state *S, byte *out, byte outlen );
 
-  int blake2sp_init( blake2sp_state *S, const byte outlen );
+  int blake2sp_init( blake2sp_state *S, byte outlen );
-  int blake2sp_init_key( blake2sp_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2sp_init_key( blake2sp_state *S, byte outlen, const void *key, byte keylen );
   int blake2sp_update( blake2sp_state *S, const byte *in, word32 inlen );
   int blake2sp_final( blake2sp_state *S, byte *out, byte outlen );
 
-  int blake2bp_init( blake2bp_state *S, const byte outlen );
+  int blake2bp_init( blake2bp_state *S, byte outlen );
-  int blake2bp_init_key( blake2bp_state *S, const byte outlen, const void *key, const byte keylen );
+  int blake2bp_init_key( blake2bp_state *S, byte outlen, const void *key, byte keylen );
   int blake2bp_update( blake2bp_state *S, const byte *in, word64 inlen );
   int blake2bp_final( blake2bp_state *S, byte *out, byte outlen );
 
   /* Simple API */
-  int blake2s( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen );
+  int blake2s( byte *out, const void *in, const void *key, byte outlen, word32 inlen, byte keylen );
-  int blake2b( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
+  int blake2b( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen );
 
-  int blake2sp( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen );
+  int blake2sp( byte *out, const void *in, const void *key, byte outlen, word32 inlen, byte keylen );
-  int blake2bp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen );
+  int blake2bp( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen );
 
-  static WC_INLINE int blake2( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen )
+  static WC_INLINE int blake2( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen )
   {
     return blake2b( out, in, key, outlen, inlen, keylen );
   }

source/libs/libwolfssl/wolfcrypt/blake2.h

@@ -1,6 +1,6 @@
 /* blake2.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -75,17 +75,19 @@ typedef struct Blake2s {
 
 
 #ifdef HAVE_BLAKE2B
-WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32);
+WOLFSSL_API int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
-WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b*, word32, const byte *, word32);
+WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz,
-WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32);
+                                       const byte *key, word32 keylen);
-WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32);
+WOLFSSL_API int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz);
+WOLFSSL_API int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz);
 #endif
 
 #ifdef HAVE_BLAKE2S
-WOLFSSL_API int wc_InitBlake2s(Blake2s*, word32);
+WOLFSSL_API int wc_InitBlake2s(Blake2s* b2s, word32 digestSz);
-WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s*, word32, const byte *, word32);
+WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz,
-WOLFSSL_API int wc_Blake2sUpdate(Blake2s*, const byte*, word32);
+                                       const byte *key, word32 keylen);
-WOLFSSL_API int wc_Blake2sFinal(Blake2s*, byte*, word32);
+WOLFSSL_API int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz);
+WOLFSSL_API int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz);
 #endif
 
 

source/libs/libwolfssl/wolfcrypt/camellia.h

@@ -27,7 +27,7 @@
 
 /* camellia.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/wolfcrypt/chacha.h

@@ -1,6 +1,6 @@
 /* chacha.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h

@@ -1,6 +1,6 @@
 /* chacha20_poly1305.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -86,21 +86,21 @@ typedef struct ChaChaPoly_Aead {
  * concatenating a constant value.
  */
 
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ChaCha20Poly1305_Encrypt(
                 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
                 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
-                const byte* inAAD, const word32 inAADLen,
+                const byte* inAAD, word32 inAADLen,
-                const byte* inPlaintext, const word32 inPlaintextLen,
+                const byte* inPlaintext, word32 inPlaintextLen,
                 byte* outCiphertext,
                 byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
 
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ChaCha20Poly1305_Decrypt(
                 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
                 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
-                const byte* inAAD, const word32 inAADLen,
+                const byte* inAAD, word32 inAADLen,
-                const byte* inCiphertext, const word32 inCiphertextLen,
+                const byte* inCiphertext, word32 inCiphertextLen,
                 const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
                 byte* outPlaintext);
 
@@ -134,18 +134,18 @@ WOLFSSL_API int wc_XChaCha20Poly1305_Init(
     int isEncrypt);
 
 WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt(
-    byte *dst, const size_t dst_space,
+    byte *dst, size_t dst_space,
-    const byte *src, const size_t src_len,
+    const byte *src, size_t src_len,
-    const byte *ad, const size_t ad_len,
+    const byte *ad, size_t ad_len,
-    const byte *nonce, const size_t nonce_len,
+    const byte *nonce, size_t nonce_len,
-    const byte *key, const size_t key_len);
+    const byte *key, size_t key_len);
 
 WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt(
-    byte *dst, const size_t dst_space,
+    byte *dst, size_t dst_space,
-    const byte *src, const size_t src_len,
+    const byte *src, size_t src_len,
-    const byte *ad, const size_t ad_len,
+    const byte *ad, size_t ad_len,
-    const byte *nonce, const size_t nonce_len,
+    const byte *nonce, size_t nonce_len,
-    const byte *key, const size_t key_len);
+    const byte *key, size_t key_len);
 
 #endif /* HAVE_XCHACHA */
 

source/libs/libwolfssl/wolfcrypt/cmac.h

@@ -1,6 +1,6 @@
 /* cmac.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,13 +56,21 @@ struct Cmac {
 #ifdef WOLF_CRYPTO_CB
     int devId;
     void* devCtx;
-    #ifdef WOLFSSL_QNX_CAAM
+    #ifdef WOLFSSL_CAAM
     byte ctx[32]; /* hold state for save and return */
     word32 blackKey;
     word32 keylen;
     byte   initialized;
     #endif
 #endif
+#if defined(WOLFSSL_HASH_KEEP)
+    byte*  msg;
+    word32 used;
+    word32 len;
+#endif
+#ifdef WOLFSSL_SE050
+    byte   useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */
+#endif
 };
 
 
@@ -103,6 +111,14 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
                      const byte* in, word32 inSz,
                      const byte* key, word32 keySz);
 
+WOLFSSL_LOCAL
+void ShiftAndXorRb(byte* out, byte* in);
+
+#ifdef WOLFSSL_HASH_KEEP
+WOLFSSL_API
+int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

source/libs/libwolfssl/wolfcrypt/coding.h

@@ -1,6 +1,6 @@
 /* coding.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/wolfcrypt/compress.h

@@ -1,6 +1,6 @@
 /* compress.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

source/libs/libwolfssl/wolfcrypt/cpuid.h

@@ -1,6 +1,6 @@
 /* cpuid.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,6 +35,11 @@
 #if (defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \
     defined(WOLFSSL_AESNI) || defined(WOLFSSL_SP_X86_64_ASM)) && \
     !defined(WOLFSSL_NO_ASM)
+    #define HAVE_CPUID
+    #define HAVE_CPUID_INTEL
+#endif
+
+#ifdef HAVE_CPUID_INTEL
 
     #define CPUID_AVX1   0x0001
     #define CPUID_AVX2   0x0002
@@ -44,6 +49,7 @@
     #define CPUID_AESNI  0x0020
     #define CPUID_ADX    0x0040   /* ADCX, ADOX */
     #define CPUID_MOVBE  0x0080   /* Move and byte swap */
+    #define CPUID_BMI1   0x0100   /* ANDN */
 
     #define IS_INTEL_AVX1(f)    ((f) & CPUID_AVX1)
     #define IS_INTEL_AVX2(f)    ((f) & CPUID_AVX2)
@@ -53,7 +59,11 @@
     #define IS_INTEL_AESNI(f)   ((f) & CPUID_AESNI)
     #define IS_INTEL_ADX(f)     ((f) & CPUID_ADX)
     #define IS_INTEL_MOVBE(f)   ((f) & CPUID_MOVBE)
+    #define IS_INTEL_BMI1(f)    ((f) & CPUID_BMI1)
 
+#endif
+
+#ifdef HAVE_CPUID
     void cpuid_set_flags(void);
     word32 cpuid_get_flags(void);
 

source/libs/libwolfssl/wolfcrypt/cryptocb.h

@@ -1,6 +1,6 @@
 /* cryptocb.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -75,10 +75,15 @@
 /* Crypto Information Structure for callbacks */
 typedef struct wc_CryptoInfo {
     int algo_type; /* enum wc_AlgoType */
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+    union {
+#endif
 #if !defined(NO_RSA) || defined(HAVE_ECC)
     struct {
         int type; /* enum wc_PkType */
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
+#endif
         #ifndef NO_RSA
             struct {
                 const byte* in;
@@ -182,14 +187,18 @@ typedef struct wc_CryptoInfo {
                 byte         contextLen;
             } ed25519verify;
         #endif
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
+#endif
     } pk;
 #endif /* !NO_RSA || HAVE_ECC */
 #if !defined(NO_AES) || !defined(NO_DES3)
     struct {
         int type; /* enum wc_CipherType */
         int enc;
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
+#endif
         #ifdef HAVE_AESGCM
             struct {
                 Aes*        aes;
@@ -216,7 +225,33 @@ typedef struct wc_CryptoInfo {
                 word32      authInSz;
             } aesgcm_dec;
         #endif /* HAVE_AESGCM */
-        #ifdef HAVE_AES_CBC
+        #ifdef HAVE_AESCCM
+            struct {
+                Aes*        aes;
+                byte*       out;
+                const byte* in;
+                word32      sz;
+                const byte* nonce;
+                word32      nonceSz;
+                byte*       authTag;
+                word32      authTagSz;
+                const byte* authIn;
+                word32      authInSz;
+            } aesccm_enc;
+            struct {
+                Aes*        aes;
+                byte*       out;
+                const byte* in;
+                word32      sz;
+                const byte* nonce;
+                word32      nonceSz;
+                const byte* authTag;
+                word32      authTagSz;
+                const byte* authIn;
+                word32      authInSz;
+            } aesccm_dec;
+        #endif /* HAVE_AESCCM */
+        #if defined(HAVE_AES_CBC)
             struct {
                 Aes*        aes;
                 byte*       out;
@@ -224,6 +259,22 @@ typedef struct wc_CryptoInfo {
                 word32      sz;
             } aescbc;
         #endif /* HAVE_AES_CBC */
+        #if defined(WOLFSSL_AES_COUNTER)
+            struct {
+                Aes*        aes;
+                byte*       out;
+                const byte* in;
+                word32      sz;
+            } aesctr;
+        #endif /* WOLFSSL_AES_COUNTER */
+        #if defined(HAVE_AES_ECB)
+            struct {
+                Aes*        aes;
+                byte*       out;
+                const byte* in;
+                word32      sz;
+            } aesecb;
+        #endif /* HAVE_AES_ECB */
         #ifndef NO_DES3
             struct {
                 Des3*       des;
@@ -232,7 +283,9 @@ typedef struct wc_CryptoInfo {
                 word32      sz;
             } des3;
         #endif
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
+#endif
     } cipher;
 #endif /* !NO_AES || !NO_DES3 */
 #if !defined(NO_SHA) || !defined(NO_SHA256) || \
@@ -242,10 +295,15 @@ typedef struct wc_CryptoInfo {
         const byte* in;
         word32 inSz;
         byte* digest;
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
+#endif
         #ifndef NO_SHA
             wc_Sha* sha1;
         #endif
+        #ifdef WOLFSSL_SHA224
+            wc_Sha224* sha224;
+        #endif
         #ifndef NO_SHA256
             wc_Sha256* sha256;
         #endif
@@ -255,7 +313,9 @@ typedef struct wc_CryptoInfo {
         #ifdef WOLFSSL_SHA512
             wc_Sha512* sha512;
         #endif
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
+#endif
     } hash;
 #endif /* !NO_SHA || !NO_SHA256 */
 #ifndef NO_HMAC
@@ -292,6 +352,9 @@ typedef struct wc_CryptoInfo {
         int type;
     } cmac;
 #endif
+#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+    };
+#endif
 } wc_CryptoInfo;
 
 
@@ -301,6 +364,11 @@ WOLFSSL_LOCAL void wc_CryptoCb_Init(void);
 WOLFSSL_LOCAL int wc_CryptoCb_GetDevIdAtIndex(int startIdx);
 WOLFSSL_API int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId);
+WOLFSSL_API int wc_CryptoCb_DefaultDevID(void);
+
+#ifdef DEBUG_CRYPTOCB
+WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
+#endif
 
 /* old function names */
 #define wc_CryptoDev_RegisterDevice   wc_CryptoCb_RegisterDevice
@@ -367,12 +435,35 @@ WOLFSSL_LOCAL int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out,
      const byte* authTag, word32 authTagSz,
      const byte* authIn, word32 authInSz);
 #endif /* HAVE_AESGCM */
+#ifdef HAVE_AESCCM
+WOLFSSL_LOCAL int wc_CryptoCb_AesCcmEncrypt(Aes* aes, byte* out,
+    const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz,
+    byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz);
+
+WOLFSSL_LOCAL int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out,
+    const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz,
+    const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz);
+#endif /* HAVE_AESCCM */
 #ifdef HAVE_AES_CBC
 WOLFSSL_LOCAL int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz);
 WOLFSSL_LOCAL int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz);
 #endif /* HAVE_AES_CBC */
+#ifdef WOLFSSL_AES_COUNTER
+WOLFSSL_LOCAL int wc_CryptoCb_AesCtrEncrypt(Aes* aes, byte* out,
+                               const byte* in, word32 sz);
+#endif /* WOLFSSL_AES_COUNTER */
+#ifdef HAVE_AES_ECB
+WOLFSSL_LOCAL int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out,
+                               const byte* in, word32 sz);
+WOLFSSL_LOCAL int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
+                               const byte* in, word32 sz);
+#endif /* HAVE_AES_ECB */
 #endif /* !NO_AES */
 
 #ifndef NO_DES3

source/libs/libwolfssl/wolfcrypt/curve25519.h

@@ -1,6 +1,6 @@
 /* curve25519.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -43,6 +43,7 @@
 #endif
 
 #define CURVE25519_KEYSIZE 32
+#define CURVE25519_PUB_KEY_SIZE 32
 
 #ifdef WOLFSSL_NAMES_STATIC
 typedef char curve25519_str[12];
@@ -59,22 +60,28 @@ typedef struct {
 
 /* ECC point, the internal structure is Little endian
  * the mathematical functions used the endianness */
-typedef struct {
+typedef struct ECPoint {
     byte point[CURVE25519_KEYSIZE];
 #ifdef FREESCALE_LTC_ECC
     byte pointY[CURVE25519_KEYSIZE];
 #endif
+    byte pointSz;
 } ECPoint;
 
+#ifndef WC_CURVE25519KEY_TYPE_DEFINED
+    typedef struct curve25519_key curve25519_key;
+    #define WC_CURVE25519KEY_TYPE_DEFINED
+#endif
+
 /* A CURVE25519 Key */
-typedef struct curve25519_key {
+struct curve25519_key {
     int idx;            /* Index into the ecc_sets[] for the parameters of
                            this curve if -1, this key is using user supplied
                            curve in dp */
     const curve25519_set_type* dp;   /* domain parameters, either points to
                                    curves (idx >= 0) or user supplied */
-    ECPoint   p;        /* public key  */
+    ECPoint   p;                     /* public point for key  */
-    ECPoint   k;        /* private key */
+    byte      k[CURVE25519_KEYSIZE]; /* private scaler for key */
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
@@ -82,7 +89,16 @@ typedef struct curve25519_key {
 #if defined(WOLF_CRYPTO_CB)
     int devId;
 #endif
-} curve25519_key;
+
+#ifdef WOLFSSL_SE050
+    word32 keyId;
+    byte   keyIdSet;
+#endif
+
+    /* bit fields */
+    byte pubSet:1;
+    byte privSet:1;
+};
 
 enum {
     EC25519_LITTLE_ENDIAN=0,
@@ -179,4 +195,3 @@ int wc_curve25519_size(curve25519_key* key);
 
 #endif /* HAVE_CURVE25519 */
 #endif /* WOLF_CRYPT_CURVE25519_H */
-

source/libs/libwolfssl/wolfcrypt/curve448.h

@@ -1,6 +1,6 @@
 /* curve448.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -43,16 +43,24 @@
 #define CURVE448_KEY_SIZE        56
 #define CURVE448_PUB_KEY_SIZE    56
 
+#ifndef WC_CURVE448KEY_TYPE_DEFINED
+    typedef struct curve448_key curve448_key;
+    #define WC_CURVE448KEY_TYPE_DEFINED
+#endif
 
 /* A CURVE448 Key */
-typedef struct curve448_key {
+struct curve448_key {
     byte p[CURVE448_PUB_KEY_SIZE];  /* public key  */
     byte k[CURVE448_KEY_SIZE];      /* private key */
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
-} curve448_key;
+
+    /* bit fields */
+    byte pubSet:1;
+    byte privSet:1;
+};
 
 enum {
     EC448_LITTLE_ENDIAN = 0,
@@ -62,6 +70,10 @@ enum {
 WOLFSSL_API
 int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key);
 
+WOLFSSL_API
+int wc_curve448_make_pub(int public_size, byte* pub, int private_size,
+                           const byte* priv);
+
 WOLFSSL_API
 int wc_curve448_shared_secret(curve448_key* private_key,
                               curve448_key* public_key,

source/libs/libwolfssl/wolfcrypt/des3.h

@@ -1,6 +1,6 @@
 /* des3.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,8 +30,8 @@
 
 #ifndef NO_DES3
 
-#if defined(HAVE_FIPS) && \
+#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+        (HAVE_FIPS_VERSION == 2 || HAVE_FIPS_VERSION == 3)
     #include <libs/libwolfssl/wolfcrypt/fips.h>
 #endif /* HAVE_FIPS_VERSION >= 2 */
 
@@ -54,13 +54,18 @@ enum {
 
 
 /* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+    HAVE_FIPS_VERSION >= 2)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <libs/libwolfssl/wolfcrypt/async.h>
 #endif
 
+#ifdef WOLFSSL_SE050
+    /* SE050 SDK also defines DES_BLOCK_SIZE */
+    #undef DES_BLOCK_SIZE
+#endif
+
 enum {
     DES_ENC_TYPE    = WC_CIPHER_DES,     /* cipher unique type */
     DES3_ENC_TYPE   = WC_CIPHER_DES3,    /* cipher unique type */
@@ -79,6 +84,9 @@ enum {
 
 
 #if defined(STM32_CRYPTO)
+
+#include <libs/libwolfssl/wolfcrypt/port/st/stm32.h>
+
 enum {
     DES_CBC = 0,
     DES_ECB = 1
@@ -117,7 +125,7 @@ struct Des3 {
     typedef struct Des3 Des3;
     #define WC_DES3_TYPE_DEFINED
 #endif
-#endif /* HAVE_FIPS */
+#endif /* HAVE_FIPS && HAVE_FIPS_VERSION >= 2 */
 
 
 WOLFSSL_API int  wc_Des_SetKey(Des* des, const byte* key,
@@ -146,8 +154,8 @@ WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out,
 
 /* These are only required when using either:
   static memory (WOLFSSL_STATIC_MEMORY) or asynchronous (WOLFSSL_ASYNC_CRYPT) */
-WOLFSSL_API int  wc_Des3Init(Des3*, void*, int);
+WOLFSSL_API int  wc_Des3Init(Des3* des3, void* heap, int devId);
-WOLFSSL_API void wc_Des3Free(Des3*);
+WOLFSSL_API void wc_Des3Free(Des3* des3);
 
 #ifdef __cplusplus
     } /* extern "C" */

source/libs/libwolfssl/wolfcrypt/dh.h

@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,6 +38,10 @@
 #include <libs/libwolfssl/wolfcrypt/integer.h>
 #include <libs/libwolfssl/wolfcrypt/random.h>
 
+#ifdef WOLFSSL_KCAPI_DH
+    #include <libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_dh.h>
+#endif
+
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -67,6 +71,10 @@ struct DhKey {
     void* heap;
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
+#endif
+    int trustedGroup;
+#ifdef WOLFSSL_KCAPI_DH
+    struct kcapi_handle* handle;
 #endif
 };
 
@@ -75,6 +83,44 @@ struct DhKey {
     #define WC_DH_TYPE_DEFINED
 #endif
 
+enum {
+    WC_FFDHE_2048 = 256,
+    WC_FFDHE_3072 = 257,
+    WC_FFDHE_4096 = 258,
+    WC_FFDHE_6144 = 259,
+    WC_FFDHE_8192 = 260,
+};
+
+/* DH Private Key size up to 8192 bit */
+#ifndef WC_DH_PRIV_MAX_SZ
+#define WC_DH_PRIV_MAX_SZ 52
+#endif
+
+#ifndef DH_MAX_SIZE
+    #ifdef USE_FAST_MATH
+        /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
+        #define DH_MAX_SIZE    (FP_MAX_BITS / 2)
+        #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192
+            #error "MySQL needs FP_MAX_BITS at least at 16384"
+        #endif
+    #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+        /* SP implementation supports numbers of SP_INT_BITS bits. */
+        #define DH_MAX_SIZE    (((SP_INT_BITS + 7) / 8) * 8)
+        #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192
+            #error "MySQL needs SP_INT_BITS at least at 8192"
+        #endif
+    #else
+        #ifdef WOLFSSL_MYSQL_COMPATIBLE
+            /* Integer maths is dynamic but we only go up to 8192 bits. */
+            #define DH_MAX_SIZE 8192
+        #else
+            /* Integer maths is dynamic but we only go up to 4096 bits. */
+            #define DH_MAX_SIZE 4096
+        #endif
+    #endif
+#endif
+
+#ifdef HAVE_PUBLIC_FFDHE
 #ifdef HAVE_FFDHE_2048
 WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void);
 #endif
@@ -90,6 +136,7 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe6144_Get(void);
 #ifdef HAVE_FFDHE_8192
 WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
 #endif
+#endif
 
 WOLFSSL_API int wc_InitDhKey(DhKey* key);
 WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
@@ -102,16 +149,24 @@ WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        word32 pubSz);
 
 WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
-                           word32); /* wc_DhKeyDecode is in asn.c */
+                           word32 inSz); /* wc_DhKeyDecode is in asn.c */
 
 WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
                         word32 gSz);
 WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz,
                         const byte* g, word32 gSz, const byte* q, word32 qSz);
+WOLFSSL_API int wc_DhSetNamedKey(DhKey* key, int name);
+WOLFSSL_API int wc_DhGetNamedKeyParamSize(int name,
+        word32* p, word32* g, word32* q);
+WOLFSSL_API word32 wc_DhGetNamedKeyMinSize(int name);
+WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ,
+        const byte* p, word32 pSz,
+        const byte* g, word32 gSz,
+        const byte* q, word32 qSz);
+WOLFSSL_API int wc_DhCopyNamedKey(int name,
+        byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz);
 
 #ifdef WOLFSSL_DH_EXTRA
-WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
-                        DhKey* key, word32 inSz);
 WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
                                    const byte* pub, word32 pubSz);
 WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,

source/libs/libwolfssl/wolfcrypt/dilithium.h

@@ -0,0 +1,155 @@
+/* dilithium.h
+ *
+ * Copyright (C) 2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/dilithium.h
+*/
+
+/* Interfaces for Dilithium NIST Level 1 (Dilithium512) and Dilithium NIST Level 5
+ * (Dilithium1024). */
+
+#ifndef WOLF_CRYPT_DILITHIUM_H
+#define WOLF_CRYPT_DILITHIUM_H
+
+#include <libs/libwolfssl/wolfcrypt/types.h>
+
+#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+
+#ifdef HAVE_LIBOQS
+#include <oqs/oqs.h>
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* Macros Definitions */
+
+#ifdef HAVE_LIBOQS
+#define DILITHIUM_LEVEL2_KEY_SIZE     OQS_SIG_dilithium_2_length_secret_key
+#define DILITHIUM_LEVEL2_SIG_SIZE     OQS_SIG_dilithium_2_length_signature
+#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_dilithium_2_length_public_key
+#define DILITHIUM_LEVEL2_PRV_KEY_SIZE (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE)
+
+#define DILITHIUM_LEVEL3_KEY_SIZE     OQS_SIG_dilithium_3_length_secret_key
+#define DILITHIUM_LEVEL3_SIG_SIZE     OQS_SIG_dilithium_3_length_signature
+#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_dilithium_3_length_public_key
+#define DILITHIUM_LEVEL3_PRV_KEY_SIZE (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE)
+
+#define DILITHIUM_LEVEL5_KEY_SIZE     OQS_SIG_dilithium_5_length_secret_key
+#define DILITHIUM_LEVEL5_SIG_SIZE     OQS_SIG_dilithium_5_length_signature
+#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_dilithium_5_length_public_key
+#define DILITHIUM_LEVEL5_PRV_KEY_SIZE (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
+#endif
+
+#define DILITHIUM_MAX_KEY_SIZE     DILITHIUM_LEVEL5_PRV_KEY_SIZE
+#define DILITHIUM_MAX_SIG_SIZE     DILITHIUM_LEVEL5_SIG_SIZE
+#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
+#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
+
+#define SHAKE_VARIANT 1
+#define AES_VARIANT   2
+
+/* Structs */
+
+struct dilithium_key {
+    bool pubKeySet;
+    bool prvKeySet;
+    byte level; /* 2,3 or 5 */
+    byte sym; /* SHAKE_VARIANT or AES_VARIANT */
+    byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
+    byte k[DILITHIUM_MAX_PRV_KEY_SIZE];
+};
+
+#ifndef WC_DILITHIUMKEY_TYPE_DEFINED
+    typedef struct dilithium_key dilithium_key;
+    #define WC_DILITHIUMKEY_TYPE_DEFINED
+#endif
+
+/* Functions */
+
+WOLFSSL_API
+int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
+                       dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
+                         word32 msgLen, int* res, dilithium_key* key);
+
+WOLFSSL_API
+int wc_dilithium_init(dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym);
+WOLFSSL_API
+int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte *sym);
+WOLFSSL_API
+void wc_dilithium_free(dilithium_key* key);
+
+WOLFSSL_API
+int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_import_private_only(const byte* priv, word32 privSz,
+                                  dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
+                                 const byte* pub, word32 pubSz,
+                                 dilithium_key* key);
+
+WOLFSSL_API
+int wc_dilithium_export_public(dilithium_key*, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
+                         byte* pub, word32 *pubSz);
+
+WOLFSSL_API
+int wc_dilithium_check_key(dilithium_key* key);
+
+WOLFSSL_API
+int wc_dilithium_size(dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_priv_size(dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_pub_size(dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_sig_size(dilithium_key* key);
+
+WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input,
+                                              word32* inOutIdx,
+                                              dilithium_key* key, word32 inSz);
+WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input,
+                                             word32* inOutIdx,
+                                             dilithium_key* key, word32 inSz);
+WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output,
+                                      word32 inLen);
+WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
+                                             word32 inLen);
+WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output,
+                                            word32 inLen, int withAlg);
+
+#ifdef __cplusplus
+    }    /* extern "C" */
+#endif
+
+#endif /* HAVE_PQC && HAVE_DILITHIUM */
+#endif /* WOLF_CRYPT_DILITHIUM_H */

source/libs/libwolfssl/wolfcrypt/dsa.h

@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -84,9 +84,9 @@ WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out,
 WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig,
                              DsaKey* key, int* answer);
 WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
-                                      DsaKey*, word32);
+                                      DsaKey* key, word32 inSz);
 WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                       DsaKey*, word32);
+                                       DsaKey* key, word32 inSz);
 WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 WOLFSSL_API int wc_SetDsaPublicKey(byte* output, DsaKey* key,
                                    int outLen, int with_header);

source/libs/libwolfssl/wolfcrypt/ecc.h

@@ -1,6 +1,6 @@
 /* ecc.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,6 +62,18 @@
     #include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h>
 #endif
 
+#if defined(WOLFSSL_KCAPI_ECC)
+    #include <libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h>
+#endif
+
+#ifdef WOLFSSL_SE050
+    #include <libs/libwolfssl/wolfcrypt/port/nxp/se050_port.h>
+#endif
+
+#if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+    #include <libs/libwolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h>
+#endif
+
 #ifdef WOLFSSL_HAVE_SP_ECC
     #include <libs/libwolfssl/wolfcrypt/sp_int.h>
 #endif
@@ -164,8 +176,13 @@ enum {
         CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE,
     #endif
     ECC_MAX_CRYPTO_HW_SIZE = CRYPTOCELL_KEY_SIZE,
+#elif defined(WOLFSSL_SE050)
+    ECC_MAX_CRYPTO_HW_SIZE = 66,
+#elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+    ECC_MAX_CRYPTO_HW_SIZE = MAX_ECC_BYTES,
 #endif
 
+
     /* point compression type */
     ECC_POINT_COMP_EVEN = 0x02,
     ECC_POINT_COMP_ODD = 0x03,
@@ -174,12 +191,16 @@ enum {
     /* Shamir's dual add constants */
     SHAMIR_PRECOMP_SZ = 16,
 
-#ifdef WOLF_CRYPTO_CB
+#ifdef WOLF_PRIVATE_KEY_ID
     ECC_MAX_ID_LEN    = 32,
     ECC_MAX_LABEL_LEN = 32,
 #endif
 };
 
+#endif /* HAVE_ECC */
+
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
+    defined(HAVE_CURVE448) || defined(WOLFCRYPT_HAVE_SAKKE)
 /* Curve Types */
 typedef enum ecc_curve_id {
     ECC_CURVE_INVALID = -1,
@@ -227,7 +248,6 @@ typedef enum ecc_curve_id {
 #ifdef HAVE_CURVE448
     ECC_X448,
 #endif
-
 #ifdef WOLFCRYPT_HAVE_SAKKE
     ECC_SAKKE_1,
 #endif
@@ -237,6 +257,9 @@ typedef enum ecc_curve_id {
 #endif
     ECC_CURVE_MAX
 } ecc_curve_id;
+#endif
+
+#ifdef HAVE_ECC
 
 #ifdef HAVE_OID_ENCODING
 typedef word16 ecc_oid_t;
@@ -275,7 +298,7 @@ typedef struct ecc_set_type {
 } ecc_set_type;
 #else
 #define MAX_ECC_NAME 16
-#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1)
+#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 2)
     /* The values are stored as text strings. */
 
 typedef struct ecc_set_type {
@@ -322,7 +345,8 @@ typedef struct ecc_set_type {
  * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH.
  */
 
-#ifndef USE_FAST_MATH
+#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH_ALL) && \
+    !defined(WOLFSSL_SP_MATH)
     #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE
 #endif
 #ifdef WOLFSSL_NO_MALLOC
@@ -341,6 +365,9 @@ typedef struct ecc_set_type {
 #endif
 
 /* verify alignment */
+#if CHAR_BIT == 0
+   #error CHAR_BIT must be nonzero
+#endif
 #if FP_MAX_BITS_ECC % CHAR_BIT
     #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
 #endif
@@ -377,7 +404,7 @@ typedef struct {
     mp_int* z;        /* The z coordinate */
     alt_fp_int xyz[3];
 #endif
-#ifdef WOLFSSL_SMALL_STACK_CACHE
+#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
     ecc_key* key;
 #endif
 } ecc_point;
@@ -385,9 +412,7 @@ typedef struct {
 /* ECC Flags */
 enum {
     WC_ECC_FLAG_NONE     = 0x00,
-#ifdef HAVE_ECC_CDH
     WC_ECC_FLAG_COFACTOR = 0x01,
-#endif
     WC_ECC_FLAG_DEC_SIGN = 0x02,
 };
 
@@ -421,11 +446,15 @@ struct ecc_key {
     ecc_point pubkey;   /* public key */
     mp_int    k;        /* private key */
 
-#ifdef WOLFSSL_QNX_CAAM
+#ifdef WOLFSSL_CAAM
     word32 blackKey;     /* address of key encrypted and in secure memory */
     word32 securePubKey; /* address of public key in secure memory */
     int    partNum; /* partition number*/
 #endif
+#ifdef WOLFSSL_SE050
+    word32 keyId;
+    byte   keyIdSet;
+#endif
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
     int  slot;        /* Key Slot Number (-1 unknown) */
     byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
@@ -442,7 +471,18 @@ struct ecc_key {
      */
     byte key_raw[3 * ECC_MAX_CRYPTO_HW_SIZE];
 #endif
-
+#ifdef WOLFSSL_MAXQ10XX_CRYPTO
+    maxq_ecc_t maxq_ctx;
+#endif
+#ifdef WOLFSSL_KCAPI_ECC
+    struct kcapi_handle* handle;
+    byte pubkey_raw[MAX_ECC_BYTES * 2];
+#endif
+#if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+    wc_Xsecure xSec;
+    byte keyRaw[3 * ECC_MAX_CRYPTO_HW_SIZE] ALIGN32;
+    byte* privKey;
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     mp_int* r;          /* sign/verify temps */
     mp_int* s;
@@ -455,7 +495,7 @@ struct ecc_key {
         CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
     #endif
 #endif /* WOLFSSL_ASYNC_CRYPT */
-#ifdef WOLF_CRYPTO_CB
+#ifdef WOLF_PRIVATE_KEY_ID
     byte id[ECC_MAX_ID_LEN];
     int  idLen;
     char label[ECC_MAX_LABEL_LEN];
@@ -466,14 +506,21 @@ struct ecc_key {
 #endif
 
 #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
-    defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
+#ifndef WOLFSSL_NO_MALLOC
     mp_int* sign_k;
+#else
+    mp_int sign_k[1];
+    byte sign_k_set:1;
 #endif
-#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
+#endif
+#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
     byte deterministic:1;
 #endif
 
-#ifdef WOLFSSL_SMALL_STACK_CACHE
+#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
     mp_int* t1;
     mp_int* t2;
 #ifdef ALT_ECC_SIZE
@@ -495,8 +542,8 @@ struct ecc_key {
 };
 
 
-WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void*);
+WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void* heap);
-WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key*);
+WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key);
 
 
 /* ECC predefined curve sets  */
@@ -516,21 +563,19 @@ ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA,
                 ecc_point* B, mp_int* kB,
                 ecc_point* C, mp_int* a, mp_int* modulus, void* heap);
 
-ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit);
+ECC_API int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp);
-ECC_API int ecc_map_ex(ecc_point*, mp_int*, mp_digit, int ct);
+ECC_API int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct);
 ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
                                      mp_int* a, mp_int* modulus, mp_digit mp);
 ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
                                      mp_int* modulus, mp_digit mp);
 
-WOLFSSL_LOCAL
+ECC_API int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B,
-int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R,
+    ecc_point* R, mp_int* a, mp_int* modulus, mp_digit mp, int* infinity);
-    mp_int* a, mp_int* modulus, mp_digit mp, int* infinity);
+ECC_API int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a,
-WOLFSSL_LOCAL
-int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a,
     mp_int* modulus, mp_digit mp);
 
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
 WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
@@ -541,7 +586,7 @@ WOLFSSL_API
 int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
 WOLFSSL_API
 int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_check_key(ecc_key* key);
 WOLFSSL_API
 int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
@@ -549,12 +594,10 @@ WOLFSSL_API
 int wc_ecc_get_generator(ecc_point* ecp, int curve_idx);
 
 #ifdef HAVE_ECC_DHE
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
                       word32* outlen);
-WOLFSSL_LOCAL
+
-int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point,
-                             byte* out, word32 *outlen);
 WOLFSSL_API
 int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
                              byte* out, word32 *outlen);
@@ -575,7 +618,8 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
 WOLFSSL_API
 int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
                         ecc_key* key, mp_int *r, mp_int *s);
-#ifdef WOLFSSL_ECDSA_DETERMINISTIC_K
+#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
 WOLFSSL_API
 int wc_ecc_set_deterministic(ecc_key* key, byte flag);
 WOLFSSL_API
@@ -590,19 +634,19 @@ int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key);
 #endif /* HAVE_ECC_SIGN */
 
 #ifdef HAVE_ECC_VERIFY
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
-                    word32 hashlen, int* stat, ecc_key* key);
+                    word32 hashlen, int* res, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
-                          word32 hashlen, int* stat, ecc_key* key);
+                          word32 hashlen, int* res, ecc_key* key);
 #endif /* HAVE_ECC_VERIFY */
 
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_init(ecc_key* key);
 WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
-#ifdef WOLF_CRYPTO_CB
+#ifdef WOLF_PRIVATE_KEY_ID
 WOLFSSL_API
 int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
                    int devId);
@@ -617,14 +661,12 @@ WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_free(ecc_key* key);
 WOLFSSL_API
 int wc_ecc_set_flags(ecc_key* key, word32 flags);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 void wc_ecc_fp_free(void);
 WOLFSSL_LOCAL
 void wc_ecc_fp_init(void);
-#ifdef ECC_TIMING_RESISTANT
 WOLFSSL_API
 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
-#endif
 
 WOLFSSL_API
 int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
@@ -681,10 +723,10 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
 WOLFSSL_API
 int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R,
                   mp_int* a, mp_int* modulus, int map);
-WOLFSSL_LOCAL
+ECC_API
 int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R,
                   mp_int* a, mp_int* modulus, int map, void* heap);
-WOLFSSL_LOCAL
+ECC_API
 int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
                       mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
                       void* heap);
@@ -693,10 +735,11 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
 
 #ifdef HAVE_ECC_KEY_EXPORT
 /* ASN key helpers */
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
-int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
+int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
-int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
+int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
+                          int compressed);
     /* extended functionality with compressed option */
 #endif /* HAVE_ECC_KEY_EXPORT */
 
@@ -706,13 +749,13 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
                           int curve_id);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
                            word32 pubSz, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
                 const byte* pub, word32 pubSz, ecc_key* key, int curve_id);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
 WOLFSSL_API
 int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz,
@@ -720,7 +763,7 @@ int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz,
 WOLFSSL_API
 int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen,
                    byte* s, word32* sLen);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
                    const char* d, const char* curveName);
 WOLFSSL_API
@@ -736,7 +779,7 @@ WOLFSSL_API
 int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
                      byte* qy, word32* qyLen, byte* d, word32* dLen,
                      int encType);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen,
@@ -770,11 +813,11 @@ int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx,
 #endif /* HAVE_ECC_KEY_IMPORT */
 
 /* size helper */
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_size(ecc_key* key);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_sig_size_calc(int sz);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_sig_size(const ecc_key* key);
 
 WOLFSSL_API
@@ -790,7 +833,9 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz);
 
 enum ecEncAlgo {
     ecAES_128_CBC = 1,  /* default */
-    ecAES_256_CBC = 2
+    ecAES_256_CBC = 2,
+    ecAES_128_CTR = 3,
+    ecAES_256_CTR = 4
 };
 
 enum ecKdfAlgo {
@@ -818,29 +863,41 @@ enum ecFlags {
     REQ_RESP_SERVER = 2
 };
 
+#ifndef WOLFSSL_ECIES_GEN_IV_SIZE
+#define WOLFSSL_ECIES_GEN_IV_SIZE   12
+#endif
+
 
 typedef struct ecEncCtx ecEncCtx;
 
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
 WOLFSSL_API
 ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
-void wc_ecc_ctx_free(ecEncCtx*);
+void wc_ecc_ctx_free(ecEncCtx* ctx);
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
-int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*);  /* reset for use again w/o alloc/free */
+int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng);  /* reset for use again w/o alloc/free */
 
 WOLFSSL_API
-const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
+int wc_ecc_ctx_set_algo(ecEncCtx* ctx, byte encAlgo, byte kdfAlgo,
+    byte macAlgo);
 WOLFSSL_API
-int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
+const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx);
 WOLFSSL_API
-int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
+int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt);
+WOLFSSL_API
+int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz);
+WOLFSSL_API
+int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz);
 
-WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
     word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
 WOLFSSL_API
+int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
+    word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx, int compressed);
+WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
     word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
 
@@ -868,6 +925,13 @@ int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashL
     mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
 #endif
 
+#ifdef WOLFSSL_SE050
+WOLFSSL_API
+int wc_ecc_use_key_id(ecc_key* key, word32 keyId, word32 flags);
+WOLFSSL_API
+int wc_ecc_get_key_id(ecc_key* key, word32* keyId);
+#endif
+
 #ifdef WC_ECC_NONBLOCK
     WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
 #endif

source/libs/libwolfssl/wolfcrypt/ed25519.h

@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -77,6 +77,12 @@ enum {
     #define WC_ED25519KEY_TYPE_DEFINED
 #endif
 
+/* ED25519 Flags */
+enum {
+    WC_ED25519_FLAG_NONE     = 0x00,
+    WC_ED25519_FLAG_DEC_SIGN = 0x01,
+};
+
 /* An ED25519 Key */
 struct ed25519_key {
     byte    p[ED25519_PUB_KEY_SIZE]; /* compressed public key */
@@ -86,6 +92,12 @@ struct ed25519_key {
     byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */
     byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
 #endif
+#ifdef WOLFSSL_SE050
+    word32 keyId;
+    word32 flags;
+    byte   keyIdSet;
+#endif
+    word16 privKeySet:1;
     word16 pubKeySet:1;
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
@@ -130,18 +142,18 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
 #ifdef HAVE_ED25519_VERIFY
 WOLFSSL_API
 int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                          word32 msgLen, int* stat, ed25519_key* key);
+                          word32 msgLen, int* res, ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                             word32 msgLen, int* stat, ed25519_key* key,
+                             word32 msgLen, int* res, ed25519_key* key,
                              const byte* context, byte contextLen);
 WOLFSSL_API
 int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash,
-                             word32 hashLen, int* stat, ed25519_key* key,
+                             word32 hashLen, int* res, ed25519_key* key,
                              const byte* context, byte contextLen);
 WOLFSSL_API
 int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                            word32 msgLen, int* stat, ed25519_key* key,
+                            word32 msgLen, int* res, ed25519_key* key,
                             const byte* context, byte contextLen);
 WOLFSSL_API
 int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
@@ -171,16 +183,22 @@ void wc_ed25519_free(ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
 WOLFSSL_API
+int wc_ed25519_import_public_ex(const byte* in, word32 inLen, ed25519_key* key,
+                                int trusted);
+WOLFSSL_API
 int wc_ed25519_import_private_only(const byte* priv, word32 privSz,
                                                               ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
                                const byte* pub, word32 pubSz, ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_import_private_key_ex(const byte* priv, word32 privSz,
+    const byte* pub, word32 pubSz, ed25519_key* key, int trusted);
 #endif /* HAVE_ED25519_KEY_IMPORT */
 
 #ifdef HAVE_ED25519_KEY_EXPORT
 WOLFSSL_API
-int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen);
+int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
 WOLFSSL_API

source/libs/libwolfssl/wolfcrypt/ed448.h

@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -86,6 +86,7 @@ struct ed448_key {
     byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */
     byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
 #endif
+    word16 privKeySet:1;
     word16 pubKeySet:1;
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
@@ -137,19 +138,19 @@ int wc_ed448_verify_msg_update(const byte* msgSegment, word32 msgSegmentLen,
                              ed448_key* key);
 WOLFSSL_API
 int wc_ed448_verify_msg_final(const byte* sig, word32 sigLen,
-                              int* stat, ed448_key* key);
+                              int* res, ed448_key* key);
 #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
 WOLFSSL_API
 int wc_ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                        word32 msgLen, int* stat, ed448_key* key,
+                        word32 msgLen, int* res, ed448_key* key,
                         const byte* context, byte contextLen);
 WOLFSSL_API
 int wc_ed448ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash,
-                           word32 hashLen, int* stat, ed448_key* key,
+                           word32 hashLen, int* res, ed448_key* key,
                            const byte* context, byte contextLen);
 WOLFSSL_API
 int wc_ed448ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                          word32 msgLen, int* stat, ed448_key* key,
+                          word32 msgLen, int* res, ed448_key* key,
                           const byte* context, byte contextLen);
 #endif /* HAVE_ED448_VERIFY */
 WOLFSSL_API
@@ -163,16 +164,22 @@ void wc_ed448_free(ed448_key* key);
 WOLFSSL_API
 int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key);
 WOLFSSL_API
+int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key,
+                              int trusted);
+WOLFSSL_API
 int wc_ed448_import_private_only(const byte* priv, word32 privSz,
                                  ed448_key* key);
 WOLFSSL_API
 int wc_ed448_import_private_key(const byte* priv, word32 privSz,
                                 const byte* pub, word32 pubSz, ed448_key* key);
+WOLFSSL_API
+int wc_ed448_import_private_key_ex(const byte* priv, word32 privSz,
+    const byte* pub, word32 pubSz, ed448_key* key, int trusted);
 #endif /* HAVE_ED448_KEY_IMPORT */
 
 #ifdef HAVE_ED448_KEY_EXPORT
 WOLFSSL_API
-int wc_ed448_export_public(ed448_key*, byte* out, word32* outLen);
+int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 WOLFSSL_API

source/libs/libwolfssl/wolfcrypt/error-crypt.h

@@ -1,6 +1,6 @@
 /* error-crypt.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,7 +24,7 @@
 */
 /*
 DESCRIPTION
-This library defines error codes and contians routines for setting and examining
+This library defines error codes and contains routines for setting and examining
 the error status.
 */
 
@@ -103,7 +103,6 @@ enum {
     ASN_SIG_HASH_E     = -156,  /* ASN sig error, unsupported hash type */
     ASN_SIG_KEY_E      = -157,  /* ASN sig error, unsupported key type */
     ASN_DH_KEY_E       = -158,  /* ASN key init error, invalid input */
-    ASN_NTRU_KEY_E     = -159,  /* ASN ntru key decode error, invalid input */
     ASN_CRIT_EXT_E     = -160,  /* ASN unsupported critical extension */
     ASN_ALT_NAME_E     = -161,  /* ASN alternate name error */
     ASN_NO_PEM_HEADER  = -162,  /* ASN no PEM header found */
@@ -117,6 +116,7 @@ enum {
     NO_PASSWORD        = -176,  /* no password provided by user */
     ALT_NAME_E         = -177,  /* alt name size problem, too big */
     BAD_OCSP_RESPONDER = -178,  /* missing key usage extensions */
+    CRL_CERT_DATE_ERR  = -179,   /* CRL date error */
 
     AES_GCM_AUTH_E     = -180,  /* AES-GCM Authentication check failure */
     AES_CCM_AUTH_E     = -181,  /* AES-CCM Authentication check failure */
@@ -238,8 +238,26 @@ enum {
     MISSING_IV          = -277,  /* IV was not set */
     MISSING_KEY         = -278,  /* Key was not set */
     BAD_LENGTH_E        = -279,  /* Value of length parameter is invalid. */
+    ECDSA_KAT_FIPS_E    = -280,  /* ECDSA KAT failure */
+    RSA_PAT_FIPS_E      = -281,  /* RSA Pairwise failure */
+    KDF_TLS12_KAT_FIPS_E = -282,  /* TLS12 KDF KAT failure */
+    KDF_TLS13_KAT_FIPS_E = -283,  /* TLS13 KDF KAT failure */
+    KDF_SSH_KAT_FIPS_E  = -284,  /* SSH KDF KAT failure */
+    DHE_PCT_E           = -285,  /* DHE Pairwise Consistency Test failure */
+    ECC_PCT_E           = -286,  /* ECDHE Pairwise Consistency Test failure */
+    FIPS_PRIVATE_KEY_LOCKED_E = -287, /* Cannot export private key. */
+    PROTOCOLCB_UNAVAILABLE  = -288, /* Protocol callback unavailable */
+    AES_SIV_AUTH_E = -289, /* AES-SIV authentication failed */
+    NO_VALID_DEVID = -290, /* no valid device ID */
 
-    WC_LAST_E           = -279,  /* Update this to indicate last error */
+    IO_FAILED_E = -291,          /* Input/output failure */
+    SYSLIB_FAILED_E = -292,      /* System/library call failed */
+    USE_HW_PSK = -293,           /* Callback return to indicate HW has PSK */
+
+    ENTROPY_RT_E        = -294,  /* Entropy Repetition Test failed */
+    ENTROPY_APT_E       = -295,  /* Entropy Adaptive Proportion Test failed */
+
+    WC_LAST_E           = -295,  /* Update this to indicate last error */
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 
     /* add new companion error id strings for any new error codes
@@ -255,7 +273,7 @@ enum {
 
 #else
 WOLFSSL_API void wc_ErrorString(int err, char* buff);
-WOLFSSL_API const char* wc_GetErrorString(int error);
+WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
 #endif
 
 #ifdef __cplusplus

source/libs/libwolfssl/wolfcrypt/falcon.h

@@ -0,0 +1,144 @@
+/* falcon.h
+ *
+ * Copyright (C) 2006-2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/falcon.h
+*/
+
+/* Interfaces for Falcon NIST Level 1 (Falcon512) and Falcon NIST Level 5
+ * (Falcon1024). */
+
+#ifndef WOLF_CRYPT_FALCON_H
+#define WOLF_CRYPT_FALCON_H
+
+#include <libs/libwolfssl/wolfcrypt/types.h>
+
+#if defined(HAVE_PQC) && defined(HAVE_FALCON)
+
+#ifdef HAVE_LIBOQS
+#include <oqs/oqs.h>
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* Macros Definitions */
+
+#ifdef HAVE_LIBOQS
+#define FALCON_LEVEL1_KEY_SIZE     OQS_SIG_falcon_512_length_secret_key
+#define FALCON_LEVEL1_SIG_SIZE     OQS_SIG_falcon_512_length_signature
+#define FALCON_LEVEL1_PUB_KEY_SIZE OQS_SIG_falcon_512_length_public_key
+#define FALCON_LEVEL1_PRV_KEY_SIZE (FALCON_LEVEL1_PUB_KEY_SIZE+FALCON_LEVEL1_KEY_SIZE)
+
+#define FALCON_LEVEL5_KEY_SIZE     OQS_SIG_falcon_1024_length_secret_key
+#define FALCON_LEVEL5_SIG_SIZE     OQS_SIG_falcon_1024_length_signature
+#define FALCON_LEVEL5_PUB_KEY_SIZE OQS_SIG_falcon_1024_length_public_key
+#define FALCON_LEVEL5_PRV_KEY_SIZE (FALCON_LEVEL5_PUB_KEY_SIZE+FALCON_LEVEL5_KEY_SIZE)
+#endif
+
+#define FALCON_MAX_KEY_SIZE     FALCON_LEVEL5_PRV_KEY_SIZE
+#define FALCON_MAX_SIG_SIZE     FALCON_LEVEL5_SIG_SIZE
+#define FALCON_MAX_PUB_KEY_SIZE FALCON_LEVEL5_PUB_KEY_SIZE
+#define FALCON_MAX_PRV_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE
+
+/* Structs */
+
+struct falcon_key {
+    bool pubKeySet;
+    bool prvKeySet;
+    byte level;
+    byte p[FALCON_MAX_PUB_KEY_SIZE];
+    byte k[FALCON_MAX_PRV_KEY_SIZE];
+};
+
+#ifndef WC_FALCONKEY_TYPE_DEFINED
+    typedef struct falcon_key falcon_key;
+    #define WC_FALCONKEY_TYPE_DEFINED
+#endif
+
+/* Functions */
+
+WOLFSSL_API
+int wc_falcon_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
+                       falcon_key* key);
+WOLFSSL_API
+int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
+                         word32 msgLen, int* res, falcon_key* key);
+
+WOLFSSL_API
+int wc_falcon_init(falcon_key* key);
+WOLFSSL_API
+int wc_falcon_set_level(falcon_key* key, byte level);
+WOLFSSL_API
+int wc_falcon_get_level(falcon_key* key, byte* level);
+WOLFSSL_API
+void wc_falcon_free(falcon_key* key);
+
+WOLFSSL_API
+int wc_falcon_import_public(const byte* in, word32 inLen, falcon_key* key);
+WOLFSSL_API
+int wc_falcon_import_private_only(const byte* priv, word32 privSz,
+                                  falcon_key* key);
+WOLFSSL_API
+int wc_falcon_import_private_key(const byte* priv, word32 privSz,
+                                 const byte* pub, word32 pubSz,
+                                 falcon_key* key);
+
+WOLFSSL_API
+int wc_falcon_export_public(falcon_key*, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_falcon_export_private_only(falcon_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_falcon_export_private(falcon_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_falcon_export_key(falcon_key* key, byte* priv, word32 *privSz,
+                         byte* pub, word32 *pubSz);
+
+WOLFSSL_API
+int wc_falcon_check_key(falcon_key* key);
+
+WOLFSSL_API
+int wc_falcon_size(falcon_key* key);
+WOLFSSL_API
+int wc_falcon_priv_size(falcon_key* key);
+WOLFSSL_API
+int wc_falcon_pub_size(falcon_key* key);
+WOLFSSL_API
+int wc_falcon_sig_size(falcon_key* key);
+
+WOLFSSL_API int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
+                                           falcon_key* key, word32 inSz);
+WOLFSSL_API int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx,
+                                          falcon_key* key, word32 inSz);
+WOLFSSL_API int wc_Falcon_KeyToDer(falcon_key* key, byte* output,
+                                   word32 inLen);
+WOLFSSL_API int wc_Falcon_PrivateKeyToDer(falcon_key* key, byte* output,
+                                          word32 inLen);
+WOLFSSL_API int wc_Falcon_PublicKeyToDer(falcon_key* key, byte* output,
+                                         word32 inLen, int withAlg);
+
+#ifdef __cplusplus
+    }    /* extern "C" */
+#endif
+
+#endif /* HAVE_PQC && HAVE_FALCON */
+#endif /* WOLF_CRYPT_FALCON_H */

source/libs/libwolfssl/wolfcrypt/fe_448.h

@@ -1,6 +1,6 @@
 /* fe448_448.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -68,25 +68,25 @@ WOLFSSL_LOCAL void fe448_reduce(fe448*);
 #else
 #define fe448_reduce(a)
 #endif
-WOLFSSL_LOCAL void fe448_neg(fe448*,const fe448*);
+WOLFSSL_LOCAL void fe448_neg(fe448* r, const fe448* a);
-WOLFSSL_LOCAL void fe448_add(fe448*, const fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_add(fe448* r, const fe448* a, const fe448* b);
-WOLFSSL_LOCAL void fe448_sub(fe448*, const fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_sub(fe448* r, const fe448* a, const fe448* b);
-WOLFSSL_LOCAL void fe448_mul(fe448*,const fe448*,const fe448*);
+WOLFSSL_LOCAL void fe448_mul(fe448* r, const fe448* a, const fe448* b);
-WOLFSSL_LOCAL void fe448_sqr(fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_sqr(fe448* r, const fe448* a);
-WOLFSSL_LOCAL void fe448_mul39081(fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_mul39081(fe448* r, const fe448* a);
-WOLFSSL_LOCAL void fe448_invert(fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_invert(fe448* r, const fe448* a);
 
-WOLFSSL_LOCAL void fe448_0(fe448*);
+WOLFSSL_LOCAL void fe448_0(fe448* a);
-WOLFSSL_LOCAL void fe448_1(fe448*);
+WOLFSSL_LOCAL void fe448_1(fe448* a);
-WOLFSSL_LOCAL void fe448_copy(fe448*, const fe448*);
+WOLFSSL_LOCAL void fe448_copy(fe448* d, const fe448* a);
-WOLFSSL_LOCAL int  fe448_isnonzero(const fe448*);
+WOLFSSL_LOCAL int  fe448_isnonzero(const fe448* a);
-WOLFSSL_LOCAL int  fe448_isnegative(const fe448*);
+WOLFSSL_LOCAL int  fe448_isnegative(const fe448* a);
 
-WOLFSSL_LOCAL void fe448_from_bytes(fe448*,const unsigned char *);
+WOLFSSL_LOCAL void fe448_from_bytes(fe448* r, const unsigned char* b);
-WOLFSSL_LOCAL void fe448_to_bytes(unsigned char *, const fe448*);
+WOLFSSL_LOCAL void fe448_to_bytes(unsigned char* b, const fe448* a);
 
-WOLFSSL_LOCAL void fe448_cmov(fe448*,const fe448*, int);
+WOLFSSL_LOCAL void fe448_cmov(fe448* a, const fe448* b, int c);
-WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448*,const fe448*);
+WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448* r, const fe448* a);
 
 #else
 
@@ -94,21 +94,21 @@ WOLFSSL_LOCAL void fe448_init(void);
 WOLFSSL_LOCAL int  curve448(byte* r, const byte* n, const byte* a);
 
 #define fe448_reduce(a)
-WOLFSSL_LOCAL void fe448_neg(word8*,const word8*);
-WOLFSSL_LOCAL void fe448_add(word8*, const word8*, const word8*);
-WOLFSSL_LOCAL void fe448_sub(word8*, const word8*, const word8*);
-WOLFSSL_LOCAL void fe448_mul(word8*,const word8*,const word8*);
-WOLFSSL_LOCAL void fe448_sqr(word8*, const word8*);
-WOLFSSL_LOCAL void fe448_mul39081(word8*, const word8*);
-WOLFSSL_LOCAL void fe448_invert(word8*, const word8*);
 
-WOLFSSL_LOCAL void fe448_copy(word8*, const word8*);
+WOLFSSL_LOCAL void fe448_neg(word8* r, const word8* a);
-WOLFSSL_LOCAL int  fe448_isnonzero(const word8*);
+WOLFSSL_LOCAL void fe448_add(word8* r, const word8* a, const word8* b);
+WOLFSSL_LOCAL void fe448_sub(word8* r, const word8* a, const word8* b);
+WOLFSSL_LOCAL void fe448_mul(word8* r, const word8* a, const word8* b);
+WOLFSSL_LOCAL void fe448_sqr(word8* r, const word8* a);
+WOLFSSL_LOCAL void fe448_mul39081(word8* r, const word8* a);
+WOLFSSL_LOCAL void fe448_invert(word8* r, const word8* a);
 
 WOLFSSL_LOCAL void fe448_norm(byte *a);
+WOLFSSL_LOCAL void fe448_copy(word8* d, const word8* a);
+WOLFSSL_LOCAL int  fe448_isnonzero(const word8* a);
 
-WOLFSSL_LOCAL void fe448_cmov(word8*,const word8*, int);
+WOLFSSL_LOCAL void fe448_cmov(word8* a, const word8* b, int c);
-WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8*,const word8*);
+WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8* r, const word8* a);
 
 #endif /* !CURVE448_SMALL || !ED448_SMALL */
 

source/libs/libwolfssl/wolfcrypt/fe_operations.h

@@ -1,6 +1,6 @@
 /* fe_operations.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -91,29 +91,29 @@ WOLFSSL_LOCAL int  curve25519(byte * q, const byte * n, const byte * p);
     typedef sword32  fe[10];
 #endif
 
-WOLFSSL_LOCAL void fe_copy(fe, const fe);
+WOLFSSL_LOCAL void fe_copy(fe h,const fe f);
-WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
+WOLFSSL_LOCAL void fe_add(fe h,const fe f,const fe g);
-WOLFSSL_LOCAL void fe_neg(fe,const fe);
+WOLFSSL_LOCAL void fe_neg(fe h,const fe f);
-WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
+WOLFSSL_LOCAL void fe_sub(fe h,const fe f,const fe g);
-WOLFSSL_LOCAL void fe_invert(fe, const fe);
+WOLFSSL_LOCAL void fe_invert(fe out,const fe z);
-WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
+WOLFSSL_LOCAL void fe_mul(fe h,const fe f,const fe g);
 
 
 /* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
    work. */
 
-WOLFSSL_LOCAL void fe_0(fe);
+WOLFSSL_LOCAL void fe_0(fe h);
-WOLFSSL_LOCAL void fe_1(fe);
+WOLFSSL_LOCAL void fe_1(fe h);
-WOLFSSL_LOCAL int  fe_isnonzero(const fe);
+WOLFSSL_LOCAL int  fe_isnonzero(const fe f);
-WOLFSSL_LOCAL int  fe_isnegative(const fe);
+WOLFSSL_LOCAL int  fe_isnegative(const fe f);
-WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe);
+WOLFSSL_LOCAL void fe_tobytes(unsigned char *s,const fe h);
-WOLFSSL_LOCAL void fe_sq(fe, const fe);
+WOLFSSL_LOCAL void fe_sq(fe h,const fe f);
-WOLFSSL_LOCAL void fe_sq2(fe,const fe);
+WOLFSSL_LOCAL void fe_sq2(fe h,const fe f);
-WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *);
+WOLFSSL_LOCAL void fe_frombytes(fe h,const unsigned char *s);
-WOLFSSL_LOCAL void fe_cswap(fe, fe, int);
+WOLFSSL_LOCAL void fe_cswap(fe f, fe g, int b);
-WOLFSSL_LOCAL void fe_mul121666(fe,fe);
+WOLFSSL_LOCAL void fe_mul121666(fe h,fe f);
-WOLFSSL_LOCAL void fe_cmov(fe,const fe, int);
+WOLFSSL_LOCAL void fe_cmov(fe f, const fe g, int b);
-WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
+WOLFSSL_LOCAL void fe_pow22523(fe out,const fe z);
 
 /* 64 type needed for SHA512 */
 WOLFSSL_LOCAL word64 load_3(const unsigned char *in);

source/libs/libwolfssl/wolfcrypt/fips_test.h

@@ -1,6 +1,6 @@
 /* fips_test.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,8 +31,57 @@
     extern "C" {
 #endif
 
-/* Known Answer Test string inputs are hex, internal */
+/* Added for FIPS v5.3 or later */
-WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int);
+#if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)
+    /* Determine FIPS in core hash type and size */
+    #ifndef NO_SHA256
+        #define FIPS_IN_CORE_DIGEST_SIZE 32
+        #define FIPS_IN_CORE_HASH_TYPE   WC_SHA256
+        #define FIPS_IN_CORE_KEY_SZ      32
+        #define FIPS_IN_CORE_VERIFY_SZ   FIPS_IN_CORE_KEY_SZ
+    #elif defined(WOLFSSL_SHA384)
+        #define FIPS_IN_CORE_DIGEST_SIZE 48
+        #define FIPS_IN_CORE_HASH_TYPE   WC_SHA384
+        #define FIPS_IN_CORE_KEY_SZ      48
+        #define FIPS_IN_CORE_VERIFY_SZ   FIPS_IN_CORE_KEY_SZ
+    #else
+        #error No FIPS hash (SHA2-256 or SHA2-384)
+    #endif
+#endif /* FIPS v5.3 or later */
+
+
+enum FipsCastId {
+    FIPS_CAST_AES_CBC,
+    FIPS_CAST_AES_GCM,
+    FIPS_CAST_HMAC_SHA1,
+    FIPS_CAST_HMAC_SHA2_256,
+    FIPS_CAST_HMAC_SHA2_512,
+    FIPS_CAST_HMAC_SHA3_256,
+    FIPS_CAST_DRBG,
+    FIPS_CAST_RSA_SIGN_PKCS1v15,
+    FIPS_CAST_ECC_CDH,
+    FIPS_CAST_ECC_PRIMITIVE_Z,
+    FIPS_CAST_DH_PRIMITIVE_Z,
+    FIPS_CAST_ECDSA,
+    FIPS_CAST_KDF_TLS12,
+    FIPS_CAST_KDF_TLS13,
+    FIPS_CAST_KDF_SSH,
+    FIPS_CAST_COUNT
+};
+
+enum FipsCastStateId {
+    FIPS_CAST_STATE_INIT,
+    FIPS_CAST_STATE_PROCESSING,
+    FIPS_CAST_STATE_SUCCESS,
+    FIPS_CAST_STATE_FAILURE
+};
+
+enum FipsModeId {
+    FIPS_MODE_INIT,
+    FIPS_MODE_NORMAL,
+    FIPS_MODE_DEGRADED,
+    FIPS_MODE_FAILED
+};
 
 
 /* FIPS failure callback */
@@ -47,9 +96,15 @@ WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
 
 #ifdef HAVE_FORCE_FIPS_FAILURE
     /* Public function to force failure mode for operational testing */
-    WOLFSSL_API int wolfCrypt_SetStatus_fips(int);
+    WOLFSSL_API int wolfCrypt_SetStatus_fips(int status);
 #endif
 
+WOLFSSL_LOCAL int DoPOST(char* base16_hash, int base16_hashSz);
+WOLFSSL_LOCAL int DoCAST(int type);
+WOLFSSL_LOCAL int DoKnownAnswerTests(char* base16_hash, int base16_hashSz); /* FIPSv1 and FIPSv2 */
+
+WOLFSSL_API int wc_RunCast_fips(int type);
+WOLFSSL_API int wc_GetCastStatus_fips(int type);
 
 #ifdef __cplusplus
     } /* extern "C" */

source/libs/libwolfssl/wolfcrypt/ge_448.h

@@ -1,6 +1,6 @@
 /* ge_448.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -59,18 +59,15 @@ typedef struct {
 } ge448_p2;
 
 
-WOLFSSL_LOCAL int  ge448_compress_key(byte*, const byte*, const byte*);
+WOLFSSL_LOCAL int  ge448_compress_key(byte* out, const byte* xIn, const byte* yIn);
-WOLFSSL_LOCAL int  ge448_from_bytes_negate_vartime(ge448_p2 *,
+WOLFSSL_LOCAL int  ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b);
-                                                   const unsigned char *);
 
-WOLFSSL_LOCAL int  ge448_double_scalarmult_vartime(ge448_p2 *,
+WOLFSSL_LOCAL int  ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a,
-                                                   const unsigned char *,
+                                    const ge448_p2 *A, const byte *b);
-                                                   const ge448_p2 *,
+WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2* h, const byte* a);
-                                                   const unsigned char *);
+WOLFSSL_LOCAL void sc448_reduce(byte* b);
-WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2 *, const unsigned char *);
+WOLFSSL_LOCAL void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d);
-WOLFSSL_LOCAL void sc448_reduce(byte*);
+WOLFSSL_LOCAL void ge448_to_bytes(byte *s, const ge448_p2 *h);
-WOLFSSL_LOCAL void sc448_muladd(byte*, const byte*, const byte*, const byte*);
-WOLFSSL_LOCAL void ge448_to_bytes(unsigned char *, const ge448_p2 *);
 
 
 #ifndef ED448_SMALL

source/libs/libwolfssl/wolfcrypt/ge_operations.h

@@ -1,6 +1,6 @@
 /* ge_operations.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -73,16 +73,16 @@ typedef struct {
 
 WOLFSSL_LOCAL int  ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
                                                                 word32 keySz);
-WOLFSSL_LOCAL int  ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL int  ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s);
 
-WOLFSSL_LOCAL int  ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,
+WOLFSSL_LOCAL int  ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
-                                         const ge_p3 *,const unsigned char *);
+                                 const ge_p3 *A, const unsigned char *b);
-WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *h,const unsigned char *a);
 WOLFSSL_LOCAL void sc_reduce(byte* s);
 WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b,
                              const byte* c);
-WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *);
+WOLFSSL_LOCAL void ge_tobytes(unsigned char *s,const ge_p2 *h);
-WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *);
+WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *s,const ge_p3 *h);
 
 
 #ifndef ED25519_SMALL

source/libs/libwolfssl/wolfcrypt/hash.h

@@ -1,6 +1,6 @@
 /* hash.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -170,7 +170,7 @@ WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
     byte* out);
 WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
 
-#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+#ifdef WOLFSSL_HASH_FLAGS
     WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type,
         word32 flags);
     WOLFSSL_API int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type,
@@ -184,66 +184,53 @@ WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 
 #ifndef NO_SHA
 #include <libs/libwolfssl/wolfcrypt/sha.h>
-WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
+WOLFSSL_API int wc_ShaHash(const byte* data, word32 len, byte* hash);
 #endif
 
 #ifdef WOLFSSL_SHA224
 #include <libs/libwolfssl/wolfcrypt/sha256.h>
-WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 #endif /* defined(WOLFSSL_SHA224) */
 
 #ifndef NO_SHA256
 #include <libs/libwolfssl/wolfcrypt/sha256.h>
-WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 #endif
 
 #ifdef WOLFSSL_SHA384
 #include <libs/libwolfssl/wolfcrypt/sha512.h>
-WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha384Hash(const byte* data, word32 len, byte* hash);
 #endif /* defined(WOLFSSL_SHA384) */
 
 #ifdef WOLFSSL_SHA512
 #include <libs/libwolfssl/wolfcrypt/sha512.h>
-WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha512Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha512_224Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha512_256Hash(const byte* data, word32 len, byte* hash);
 #endif /* WOLFSSL_SHA512 */
 
 #ifdef WOLFSSL_SHA3
 #include <libs/libwolfssl/wolfcrypt/sha3.h>
-WOLFSSL_API int wc_Sha3_224Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash);
-WOLFSSL_API int wc_Sha3_256Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash);
-WOLFSSL_API int wc_Sha3_384Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash);
-WOLFSSL_API int wc_Sha3_512Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash);
+#ifdef WOLFSSL_SHAKE128
+WOLFSSL_API int wc_Shake128Hash(const byte* data, word32 len, byte* hash,
+    word32 hashLen);
+#endif
 #ifdef WOLFSSL_SHAKE256
-WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32);
+WOLFSSL_API int wc_Shake256Hash(const byte* data, word32 len, byte* hash,
+    word32 hashLen);
 #endif
 #endif /* WOLFSSL_SHA3 */
 
 #endif /* !NO_HASH_WRAPPER */
 
-enum max_prf {
+#if defined(WOLFSSL_HASH_KEEP)
-#ifdef HAVE_FFDHE_8192
+WOLFSSL_LOCAL int _wc_Hash_Grow(byte** msg, word32* used, word32* len,
-    MAX_PRF_HALF        = 516, /* Maximum half secret len */
+        const byte* in, int inSz, void* heap);
-#elif defined(HAVE_FFDHE_6144)
-    MAX_PRF_HALF        = 388, /* Maximum half secret len */
-#else
-    MAX_PRF_HALF        = 260, /* Maximum half secret len */
 #endif
-    MAX_PRF_LABSEED     = 128, /* Maximum label + seed len */
-    MAX_PRF_DIG         = 224  /* Maximum digest len      */
-};
-
-#ifdef WOLFSSL_HAVE_PRF
-WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret,
-                    word32 secLen, const byte* seed, word32 seedLen, int hash,
-                    void* heap, int devId);
-WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
-                    word32 secLen, const byte* label, word32 labLen,
-                    const byte* seed, word32 seedLen, void* heap, int devId);
-WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret,
-                    word32 secLen, const byte* label, word32 labLen,
-                    const byte* seed, word32 seedLen, int useAtLeastSha256,
-                    int hash_type, void* heap, int devId);
-#endif /* WOLFSSL_HAVE_PRF */
 
 #ifdef __cplusplus
     } /* extern "C" */

source/libs/libwolfssl/wolfcrypt/hc128.h

@@ -1,67 +0,0 @@
-/* hc128.h
- *
- * Copyright (C) 2006-2021 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/*!
-    \file wolfssl/wolfcrypt/hc128.h
-*/
-
-
-#ifndef WOLF_CRYPT_HC128_H
-#define WOLF_CRYPT_HC128_H
-
-#include <libs/libwolfssl/wolfcrypt/types.h>
-
-#ifndef NO_HC128
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-enum {
-	HC128_ENC_TYPE =  WC_CIPHER_HC128,     /* cipher unique type */
-};
-
-/* HC-128 stream cipher */
-typedef struct HC128 {
-    word32 T[1024];             /* P[i] = T[i];  Q[i] = T[1024 + i ]; */
-    word32 X[16];
-    word32 Y[16];
-    word32 counter1024;         /* counter1024 = i mod 1024 at the ith step */
-    word32 key[8];
-    word32 iv[8];
-#ifdef XSTREAM_ALIGN
-    void*  heap;  /* heap hint, currently XMALLOC only used with aligning */
-#endif
-} HC128;
-
-
-WOLFSSL_API int wc_Hc128_Process(HC128*, byte*, const byte*, word32);
-WOLFSSL_API int wc_Hc128_SetKey(HC128*, const byte* key, const byte* iv);
-
-WOLFSSL_LOCAL int wc_Hc128_SetHeap(HC128* ctx, void* heap);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* HAVE_HC128 */
-#endif /* WOLF_CRYPT_HC128_H */
-

source/libs/libwolfssl/wolfcrypt/hmac.h

@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,13 +23,13 @@
     \file wolfssl/wolfcrypt/hmac.h
 */
 
-#ifndef NO_HMAC
-
 #ifndef WOLF_CRYPT_HMAC_H
 #define WOLF_CRYPT_HMAC_H
 
 #include <libs/libwolfssl/wolfcrypt/hash.h>
 
+#ifndef NO_HMAC
+
 #if defined(HAVE_FIPS) && \
         (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
 /* for fips @wc_fips */
@@ -55,6 +55,10 @@
     #include <libs/libwolfssl/wolfcrypt/async.h>
 #endif
 
+#if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_HMAC)
+    #include <libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
+#endif
+
 #ifndef NO_OLD_WC_NAMES
     #define HMAC_BLOCK_SIZE WC_HMAC_BLOCK_SIZE
 #endif
@@ -80,6 +84,12 @@ enum {
 #endif
 #ifndef WOLFSSL_SHA512
     WC_SHA512  = WC_HASH_TYPE_SHA512,
+    #ifndef WOLFSSL_NOSHA512_224
+    WC_SHA512_224  = WC_HASH_TYPE_SHA512_224,
+    #endif
+    #ifndef WOLFSSL_NOSHA512_256
+    WC_SHA512_256  = WC_HASH_TYPE_SHA512_256,
+    #endif
 #endif
 #ifndef WOLFSSL_SHA384
     WC_SHA384  = WC_HASH_TYPE_SHA384,
@@ -93,7 +103,7 @@ enum {
     WC_SHA3_384 = WC_HASH_TYPE_SHA3_384,
     WC_SHA3_512 = WC_HASH_TYPE_SHA3_512,
 #endif
-#ifdef HAVE_PKCS11
+#ifdef WOLF_PRIVATE_KEY_ID
     HMAC_MAX_ID_LEN    = 32,
     HMAC_MAX_LABEL_LEN = 32,
 #endif
@@ -109,7 +119,7 @@ enum {
 #endif
 
 
-/* hash union */
+/* hmac hash union */
 typedef union {
 #ifndef NO_MD5
     wc_Md5 md5;
@@ -132,26 +142,32 @@ typedef union {
 #ifdef WOLFSSL_SHA3
     wc_Sha3 sha3;
 #endif
-} wc_Hmac_Hash;
+} wc_HmacHash;
 
 /* Hmac digest */
 struct Hmac {
-    wc_Hmac_Hash    hash;
+    wc_HmacHash hash;
     word32  ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
     word32  opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
     word32  innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];
     void*   heap;                 /* heap hint */
     byte    macType;              /* md5 sha or sha256 */
     byte    innerHashKeyed;       /* keyed flag */
+#ifdef WOLFSSL_KCAPI_HMAC
+    struct kcapi_handle* handle;
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif /* WOLFSSL_ASYNC_CRYPT */
+#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_DEVCRYPTO_HMAC)
+    WC_CRYPTODEV ctx;
+#endif
 #ifdef WOLF_CRYPTO_CB
     int     devId;
     void*   devCtx;
     const byte* keyRaw;
 #endif
-#ifdef HAVE_PKCS11
+#ifdef WOLF_PRIVATE_KEY_ID
     byte    id[HMAC_MAX_ID_LEN];
     int     idLen;
     char    label[HMAC_MAX_LABEL_LEN];
@@ -171,19 +187,25 @@ struct Hmac {
 #endif /* HAVE_FIPS */
 
 /* does init */
-WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
+WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz);
-WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
+WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz);
-WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
+WOLFSSL_API int wc_HmacFinal(Hmac* hmac, byte* out);
+#ifdef WOLFSSL_KCAPI_HMAC
+WOLFSSL_API int wc_HmacSetKey_Software(Hmac* hmac, int type, const byte* key,
+                                       word32 keySz);
+WOLFSSL_API int wc_HmacUpdate_Software(Hmac* hmac, const byte* in, word32 sz);
+WOLFSSL_API int wc_HmacFinal_Software(Hmac* hmac, byte* out);
+#endif
 WOLFSSL_API int wc_HmacSizeByType(int type);
 
 WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId);
-#ifdef HAVE_PKCS11
+#ifdef WOLF_PRIVATE_KEY_ID
 WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
                                int devId);
 WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
                                   int devId);
 #endif
-WOLFSSL_API void wc_HmacFree(Hmac*);
+WOLFSSL_API void wc_HmacFree(Hmac* hmac);
 
 WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
 
@@ -208,7 +230,5 @@ WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
     } /* extern "C" */
 #endif
 
-#endif /* WOLF_CRYPT_HMAC_H */
-
 #endif /* NO_HMAC */
-
+#endif /* WOLF_CRYPT_HMAC_H */

source/libs/libwolfssl/wolfcrypt/idea.h

@@ -1,70 +0,0 @@
-/* idea.h
- *
- * Copyright (C) 2006-2021 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/*!
-    \file wolfssl/wolfcrypt/idea.h
-*/
-
-#ifndef WOLF_CRYPT_IDEA_H
-#define WOLF_CRYPT_IDEA_H
-
-#include <libs/libwolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_IDEA
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-enum {
-    IDEA_MODULO     = 0x10001,             /* 2^16+1 */
-    IDEA_2EXP16     = 0x10000,             /* 2^16 */
-    IDEA_MASK       = 0xFFFF,              /* 16 bits set to one */
-    IDEA_ROUNDS     = 8,                   /* number of rounds for IDEA */
-    IDEA_SK_NUM     = (6*IDEA_ROUNDS + 4), /* number of subkeys */
-    IDEA_KEY_SIZE   = 16,                  /* size of key in bytes */
-    IDEA_BLOCK_SIZE = 8,                   /* size of IDEA blocks in bytes */
-    IDEA_IV_SIZE    = 8,                   /* size of IDEA IV in bytes */
-    IDEA_ENCRYPTION = 0,
-    IDEA_DECRYPTION = 1
-};
-
-/* IDEA encryption and decryption */
-typedef struct Idea {
-    word32  reg[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
-    word32  tmp[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
-    word16  skey[IDEA_SK_NUM]; /* 832 bits expanded key */
-} Idea;
-
-WOLFSSL_API int wc_IdeaSetKey(Idea *idea, const byte* key, word16 keySz,
-                              const byte *iv, int dir);
-WOLFSSL_API int wc_IdeaSetIV(Idea *idea, const byte* iv);
-WOLFSSL_API int wc_IdeaCipher(Idea *idea, byte* out, const byte* in);
-WOLFSSL_API int wc_IdeaCbcEncrypt(Idea *idea, byte* out,
-                                  const byte* in, word32 len);
-WOLFSSL_API int wc_IdeaCbcDecrypt(Idea *idea, byte* out,
-                                  const byte* in, word32 len);
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* HAVE_IDEA */
-#endif /* WOLF_CRYPT_IDEA_H */

source/libs/libwolfssl/wolfcrypt/integer.h

@@ -1,6 +1,6 @@
 /* integer.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -151,7 +151,7 @@ extern "C" {
 #define MP_DIGIT_MAX     MP_MASK
 
 /* equalities */
-#define MP_LT        -1   /* less than */
+#define MP_LT       (-1)  /* less than */
 #define MP_EQ         0   /* equal to */
 #define MP_GT         1   /* greater than */
 
@@ -159,9 +159,9 @@ extern "C" {
 #define MP_NEG        1   /* negative */
 
 #define MP_OKAY       0   /* ok result */
-#define MP_MEM        -2  /* out of mem */
+#define MP_MEM       (-2) /* out of mem */
-#define MP_VAL        -3  /* invalid input */
+#define MP_VAL       (-3) /* invalid input */
-#define MP_NOT_INF    -4  /* point not at infinity */
+#define MP_NOT_INF   (-4) /* point not at infinity */
 #define MP_RANGE      MP_NOT_INF
 
 #define MP_YES        1   /* yes response */
@@ -235,7 +235,7 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
     (((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO)
 #define mp_isneg(a)  (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO)
 #define mp_isword(a, w) \
-    ((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \
+    ((((a)->used == 1) && ((a)->dp[0] == (w))) || (((w) == 0) && ((a)->used == 0)) \
                                                                ? MP_YES : MP_NO)
 
 /* number of primes */
@@ -254,7 +254,7 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
 #endif
 
 #define mp_prime_random(a, t, size, bbs, cb, dat) \
-   mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat)
+   mp_prime_random_ex(a, t, ((size) * 8) + 1, ((bbs)==1)?LTM_PRIME_BBS:0, cb, dat)
 
 #define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
 #define mp_mag_size(mp)           mp_unsigned_bin_size(mp)
@@ -302,7 +302,7 @@ MP_API int  mp_grow (mp_int * a, int size);
 MP_API int  mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
 MP_API void mp_zero (mp_int * a);
 MP_API void mp_clamp (mp_int * a);
-MP_API void mp_exch (mp_int * a, mp_int * b);
+MP_API int  mp_exch (mp_int * a, mp_int * b);
 MP_API int  mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m);
 MP_API void mp_rshd (mp_int * a, int b);
 MP_API void mp_rshb (mp_int * a, int b);
@@ -330,7 +330,7 @@ MP_API int  mp_reduce_is_2k_l(mp_int *a);
 MP_API int  mp_reduce_is_2k(mp_int *a);
 MP_API int  mp_dr_is_modulus(mp_int *a);
 MP_API int  mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
-                             int);
+                             int redmode);
 MP_API int  mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y);
 #define mp_exptmod_nct(G,X,P,Y)    mp_exptmod_fast(G,X,P,Y,0)
 MP_API int  mp_montgomery_setup (mp_int * n, mp_digit * rho);
@@ -393,12 +393,12 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size);
 
 #if defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH)
     MP_API int mp_prime_is_prime (mp_int * a, int t, int *result);
-    MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG*);
+    MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG* rng);
 #endif /* WOLFSSL_KEY_GEN NO_RSA NO_DSA NO_DH */
 #ifdef WOLFSSL_KEY_GEN
     MP_API int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
     MP_API int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
-    MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
+    MP_API int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap);
 #endif
 
 MP_API int mp_cnt_lsb(mp_int *a);

source/libs/libwolfssl/wolfcrypt/kdf.h

@@ -0,0 +1,115 @@
+/* kdf.h
+ *
+ * Copyright (C) 2006-2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/kdf.h
+*/
+
+#ifndef NO_KDF
+
+#ifndef WOLF_CRYPT_KDF_H
+#define WOLF_CRYPT_KDF_H
+
+#if defined(HAVE_FIPS) && \
+    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
+    #include <libs/libwolfssl/wolfcrypt/fips.h>
+#endif
+
+#include <libs/libwolfssl/wolfcrypt/hmac.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+enum max_prf {
+#ifdef HAVE_FFDHE_8192
+    MAX_PRF_HALF        = 516, /* Maximum half secret len */
+#elif defined(HAVE_FFDHE_6144)
+    MAX_PRF_HALF        = 388, /* Maximum half secret len */
+#else
+    MAX_PRF_HALF        = 260, /* Maximum half secret len */
+#endif
+    MAX_PRF_LABSEED     = 128, /* Maximum label + seed len */
+    MAX_PRF_DIG         = 224  /* Maximum digest len      */
+};
+
+
+#ifdef WOLFSSL_HAVE_PRF
+WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret,
+                    word32 secLen, const byte* seed, word32 seedLen, int hash,
+                    void* heap, int devId);
+WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
+                    word32 secLen, const byte* label, word32 labLen,
+                    const byte* seed, word32 seedLen, void* heap, int devId);
+WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret,
+                    word32 secLen, const byte* label, word32 labLen,
+                    const byte* seed, word32 seedLen, int useAtLeastSha256,
+                    int hash_type, void* heap, int devId);
+#endif /* WOLFSSL_HAVE_PRF */
+
+#ifdef HAVE_HKDF
+
+enum {
+/*
+    MAX_HKDF_LABEL_SZ   = OPAQUE16_LEN +
+                          OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
+                          OPAQUE8_LEN + WC_MAX_DIGEST_SIZE
+*/
+    MAX_TLS13_HKDF_LABEL_SZ = 47 + WC_MAX_DIGEST_SIZE
+};
+
+WOLFSSL_API int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen,
+                             byte* ikm, int ikmLen, int digest);
+
+WOLFSSL_API int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen,
+                             const byte* prk, word32 prkLen,
+                             const byte* protocol, word32 protocolLen,
+                             const byte* label, word32 labelLen,
+                             const byte* info, word32 infoLen,
+                             int digest);
+#if defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+WOLFSSL_API int wc_Tls13_HKDF_Expand_Label_Alloc(byte* okm, word32 okmLen,
+    const byte* prk, word32 prkLen, const byte* protocol, word32 protocolLen,
+    const byte* label, word32 labelLen, const byte* info, word32 infoLen,
+    int digest, void* heap);
+#endif /* !defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3) */
+
+#endif /* HAVE_HKDF */
+
+#ifdef WOLFSSL_WOLFSSH
+
+WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId,
+        byte* key, word32 keySz,
+        const byte* k, word32 kSz,
+        const byte* h, word32 hSz,
+        const byte* sessionId, word32 sessionIdSz);
+
+#endif /* WOLFSSL_WOLFSSH */
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_KDF_H */
+
+#endif /* NO_KDF */
+

source/libs/libwolfssl/wolfcrypt/logging.h

@@ -1,6 +1,6 @@
 /* logging.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -105,19 +105,29 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
     WOLFSSL_API const char *wolfSSL_global_cflags(void);
 #endif
 
+
+#if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && \
+        !defined(NO_ERROR_QUEUE)) || defined(DEBUG_WOLFSSL_VERBOSE)
+#define WOLFSSL_HAVE_ERROR_QUEUE
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
     WOLFSSL_LOCAL int wc_LoggingInit(void);
     WOLFSSL_LOCAL int wc_LoggingCleanup(void);
     WOLFSSL_LOCAL int wc_AddErrorNode(int error, int line, char* buf,
             char* file);
-    WOLFSSL_LOCAL int wc_PeekErrorNode(int index, const char **file,
+    WOLFSSL_LOCAL int wc_PeekErrorNode(int idx, const char **file,
             const char **reason, int *line);
-    WOLFSSL_LOCAL void wc_RemoveErrorNode(int index);
+    WOLFSSL_LOCAL void wc_RemoveErrorNode(int idx);
     WOLFSSL_LOCAL void wc_ClearErrorNodes(void);
     WOLFSSL_LOCAL int wc_PullErrorNode(const char **file, const char **reason,
                             int *line);
     WOLFSSL_API   int wc_SetLoggingHeap(void* h);
     WOLFSSL_API   int wc_ERR_remove_state(void);
+    WOLFSSL_LOCAL unsigned long wc_PeekErrorNodeLineData(
+            const char **file, int *line, const char **data, int *flags,
+            int (*ignore_err)(int err));
+    WOLFSSL_LOCAL unsigned long wc_GetErrorNodeErr(void);
     #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp);
         WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str,
@@ -156,7 +166,12 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
     #define WOLFSSL_STUB(m) \
         WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
     WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
-
+#if !defined(_WIN32) && defined(XVSNPRINTF)
+    WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
+    #define HAVE_WOLFSSL_MSG_EX
+#else
+    #define WOLFSSL_MSG_EX(...)
+#endif
     WOLFSSL_API void WOLFSSL_MSG(const char* msg);
     WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
 
@@ -167,29 +182,36 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
     #define WOLFSSL_STUB(m)
     #define WOLFSSL_IS_DEBUG_ON() 0
 
-    #define WOLFSSL_MSG(m)
+    #define WOLFSSL_MSG_EX(...)    do{} while(0)
-    #define WOLFSSL_BUFFER(b, l)
+    #define WOLFSSL_MSG(m)            do{} while(0)
+    #define WOLFSSL_BUFFER(b, l)      do{} while(0)
 
 #endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */
 
 #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
     defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
 
-    #if (!defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && !defined(_WIN32))\
+    #ifdef WOLFSSL_HAVE_ERROR_QUEUE
-        || defined(DEBUG_WOLFSSL_VERBOSE)
         WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
             const char* file, void* ctx);
         #define WOLFSSL_ERROR(x) \
             WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
     #else
         WOLFSSL_API void WOLFSSL_ERROR(int err);
-    #endif
+    #endif /* WOLFSSL_HAVE_ERROR_QUEUE */
-    WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg);
 
+    WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg);
 #else
     #define WOLFSSL_ERROR(e)
     #define WOLFSSL_ERROR_MSG(m)
-#endif
+#endif /* DEBUG_WOLFSSL | OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
+          OPENSSL_EXTRA */
+
+#ifdef WOLFSSL_VERBOSE_ERRORS
+#define WOLFSSL_ERROR_VERBOSE(e) WOLFSSL_ERROR(e)
+#else
+#define WOLFSSL_ERROR_VERBOSE(e) (void)(e)
+#endif /* WOLFSSL_VERBOSE_ERRORS */
 
 #ifdef HAVE_STACK_SIZE_VERBOSE
     extern WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack;

source/libs/libwolfssl/wolfcrypt/md2.h

@@ -1,6 +1,6 @@
 /* md2.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2022 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -54,10 +54,10 @@ typedef struct Md2 {
 } Md2;
 
 
-WOLFSSL_API void wc_InitMd2(Md2*);
+WOLFSSL_API void wc_InitMd2(Md2* md2);
-WOLFSSL_API void wc_Md2Update(Md2*, const byte*, word32);
+WOLFSSL_API void wc_Md2Update(Md2* md2, const byte* data, word32 len);
-WOLFSSL_API void wc_Md2Final(Md2*, byte*);
+WOLFSSL_API void wc_Md2Final(Md2* md2, byte* hash);
-WOLFSSL_API int  wc_Md2Hash(const byte*, word32, byte*);
+WOLFSSL_API int  wc_Md2Hash(const byte* data, word32 len, byte* hash);
 
 
 #ifdef __cplusplus