Merge pull request #115 from jackctj117/KeyGen-benchmark

JCE: Implements KeyGenerator benchmark

.github/workflows/android_gradle.yml

@@ -0,0 +1,52 @@
+name: Android Gradle Build test logic
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        required: true
+        type: string
+      jdk_distro:
+        required: true
+        type: string
+      jdk_version:
+        required: true
+        type: string
+
+jobs:
+  build_wolfssljni:
+    runs-on: ${{ inputs.os }}
+    steps:
+      - name: Clone wolfcrypt-jni
+        uses: actions/checkout@v4
+
+      # Clone native wolfSSL
+      - name: Clone native wolfSSL
+        uses: actions/checkout@v4
+        with:
+          repository: 'wolfssl/wolfssl'
+          path: IDE/Android/app/src/main/cpp/wolfssl
+
+      # Copy options.h.in to blank options.h
+      - name: Create blank options.h
+        run: cp IDE/Android/app/src/main/cpp/wolfssl/wolfssl/options.h.in IDE/Android/app/src/main/cpp/wolfssl/wolfssl/options.h
+
+      # Setup Java
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: ${{ inputs.jdk_distro }}
+          java-version: ${{ inputs.jdk_version }}
+
+      # Gradle assembleDebug
+      - name: Gradle assembleDebug
+        run: cd IDE/Android && ls && ./gradlew assembleDebug
+
+      # Gradle assembleDebugUnitTest
+      - name: Gradle assembleDebugUnitTest
+        run: cd IDE/Android && ls && ./gradlew assembleDebugUnitTest
+
+      # Gradle assembleDebugAndroidTest
+      - name: Gradle assembleDebugAndroidTest
+        run: cd IDE/Android && ls && ./gradlew assembleDebugAndroidTest
+

.github/workflows/infer.yml

@@ -0,0 +1,126 @@
+name: Common Linux test logic
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        required: true
+        type: string
+      jdk_distro:
+        required: true
+        type: string
+      jdk_version:
+        required: true
+        type: string
+      wolfssl_configure:
+        required: true
+        type: string
+
+jobs:
+  build_wolfcryptjni:
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      # Download Facebook Infer
+      - name: Download Infer
+        run: wget https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz
+      - name: Extract Infer
+        run: tar -xvf infer-linux64-v1.1.0.tar.xz
+      - name: Symlink Infer
+        run: ln -s "$GITHUB_WORKSPACE/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer
+      - name: Test Infer get version
+        run: infer --version
+
+      # Download Junit JARs
+      - name: Download junit-4.13.2.jar
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
+      - name: Download hamcrest-all-1.3.jar
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
+
+      # Build native wolfSSL
+      - name: Build native wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfSSL/wolfssl
+          ref: master
+          path: wolfssl
+          configure: ${{ inputs.wolfssl_configure }}
+          check: false
+          install: true
+
+      # Setup Java
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: ${{ inputs.jdk_distro }}
+          java-version: ${{ inputs.jdk_version }}
+
+      - name: Set JUNIT_HOME
+        run: |
+          echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV"
+      - name: Set LD_LIBRARY_PATH
+        run: |
+          echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"
+
+      # Only copy appropriate makefile for platform currently being tested
+      - name: Copy makefile
+        run: |
+          if [ "$RUNNER_OS" == "Linux" ]; then
+              cp makefile.linux makefile
+          elif [ "$RUNNER_OS" == "macOS" ]; then
+              cp makefile.macosx makefile
+          else
+            echo "$RUNNER_OS not supported"
+            exit 1
+          fi
+        shell: bash
+
+      - name: Build JNI library
+        run: PREFIX=$GITHUB_WORKSPACE/build-dir make
+
+      # ant build-jni-debug
+      - name: Build jce-debug JAR (ant build-jni-debug)
+        run: ant build-jni-debug
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      # ant build-jni-release
+      - name: Build jce-debug JAR (ant build-jni-release)
+        run: ant build-jni-release
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      # ant build-jce-debug
+      - name: Build jce-debug JAR (ant build-jce-debug)
+        run: ant build-jce-debug
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      # ant build-jce-release
+      - name: Build jce-debug JAR (ant build-jce-release)
+        run: ant build-jce-release
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      - name: Show logs on failure
+        if: failure() || cancelled()
+        run: |
+          cat build/reports/*.txt
+
+      # Run Facebook Infer
+      - name: Run Facebook Infer
+        run: ./scripts/infer.sh
+
+      - name: Shows Infer report on failure
+        if: failure()
+        run: cat infer-out/report.txt
+

.github/workflows/linux-common.yml

@@ -0,0 +1,104 @@
+name: Common Linux test logic
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        required: true
+        type: string
+      jdk_distro:
+        required: true
+        type: string
+      jdk_version:
+        required: true
+        type: string
+      wolfssl_configure:
+        required: true
+        type: string
+
+jobs:
+  build_wolfcryptjni:
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download junit-4.13.2.jar
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
+      - name: Download hamcrest-all-1.3.jar
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
+
+      - name: Build native wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfSSL/wolfssl
+          ref: master
+          path: wolfssl
+          configure: ${{ inputs.wolfssl_configure }}
+          check: false
+          install: true
+
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: ${{ inputs.jdk_distro }}
+          java-version: ${{ inputs.jdk_version }}
+
+      - name: Set JUNIT_HOME
+        run: |
+          echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV"
+      - name: Set LD_LIBRARY_PATH
+        run: |
+          echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"
+
+      # Only copy appropriate makefile for platform currently being tested
+      - name: Copy makefile
+        run: |
+          if [ "$RUNNER_OS" == "Linux" ]; then
+              cp makefile.linux makefile
+          elif [ "$RUNNER_OS" == "macOS" ]; then
+              cp makefile.macosx makefile
+          else
+            echo "$RUNNER_OS not supported"
+            exit 1
+          fi
+        shell: bash
+
+      - name: Build JNI library
+        run: PREFIX=$GITHUB_WORKSPACE/build-dir make
+
+      # ant build-jni-debug
+      - name: Build jce-debug JAR (ant build-jni-debug)
+        run: ant build-jni-debug
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      # ant build-jni-release
+      - name: Build jce-debug JAR (ant build-jni-release)
+        run: ant build-jni-release
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      # ant build-jce-debug
+      - name: Build jce-debug JAR (ant build-jce-debug)
+        run: ant build-jce-debug
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      # ant build-jce-release
+      - name: Build jce-debug JAR (ant build-jce-release)
+        run: ant build-jce-release
+      - name: Run Java tests (ant test)
+        run: ant test
+      - name: Clean JAR
+        run: ant clean
+
+      - name: Show logs on failure
+        if: failure() || cancelled()
+        run: |
+          cat build/reports/*.txt

.github/workflows/main.yml

@@ -0,0 +1,173 @@
+name: CI
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  # Oracle JDK (Linux, Mac)
+  # Oracle JDK requires JAR to be signed for some classes to load/run
+  # properly, for example KeyAgreement. These tests are commented out
+  # here until we get a solution in place for CI JAR signing
+  #linux-oracle:
+  #  strategy:
+  #    matrix:
+  #      os: [ 'ubuntu-latest', 'macos-latest' ]
+  #      jdk_version: [ '17', '21' ]
+  #      wolfssl_configure: [ '--enable-jni' ]
+  #  name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+  #  uses: ./.github/workflows/linux-common.yml
+  #  with:
+  #    os: ${{ matrix.os }}
+  #    jdk_distro: "oracle"
+  #    jdk_version: ${{ matrix.jdk_version }}
+  #    wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # Zulu JDK (Linux, Mac)
+  linux-zulu:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-latest' ]
+        jdk_version: [ '8', '11', '17', '21' ]
+        wolfssl_configure: [ '--enable-jni' ]
+    name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+    uses: ./.github/workflows/linux-common.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "zulu"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # Corretto JDK (Linux, Mac)
+  linux-corretto:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-latest' ]
+        jdk_version: [ '8', '11', '17', '21' ]
+        wolfssl_configure: [ '--enable-jni' ]
+    name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+    uses: ./.github/workflows/linux-common.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "corretto"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # Temurin JDK (Linux, Mac)
+  # JDK 8 seems to have been removed from Temurin macos, with 8 we see the error
+  # Could not find satisfied version for SemVer '8'
+  linux-temurin:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-latest' ]
+        jdk_version: [ '11', '17', '21' ]
+        wolfssl_configure: [ '--enable-jni' ]
+    name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+    uses: ./.github/workflows/linux-common.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "temurin"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # Microsoft JDK (Linux, Mac)
+  linux-microsoft:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-latest' ]
+        jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ]
+        wolfssl_configure: [ '--enable-jni' ]
+    name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+    uses: ./.github/workflows/linux-common.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "microsoft"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # -------------------- enable-all sanity checks -----------------------
+  # Only check one Linux and Mac JDK version with --enable-jni --enable-all
+  # as sanity. Using Zulu, but this can be expanded if needed.
+  linux-zulu-all:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-latest' ]
+        jdk_version: [ '11' ]
+        wolfssl_configure: [ '--enable-jni --enable-all' ]
+    name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+    uses: ./.github/workflows/linux-common.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "zulu"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # ------------------ RSA 1024 min size sanity check -------------------
+  # Only check one Linux and Mac JDK version as a sanity check. Using Zulu,
+  # but this can be expanded if needed.
+  # wolfSSL ./configure:
+  #     --enable-jni CFLAGS="-DRSA_MIN_SIZE=1024
+  linux-zulu-rsa-min-size:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-latest' ]
+        jdk_version: [ '11' ]
+        wolfssl_configure: [ '--enable-jni CFLAGS="-DRSA_MIN_SIZE=1024"' ]
+    name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+    uses: ./.github/workflows/linux-common.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "zulu"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # ------------------ Facebook Infer static analysis -------------------
+  # Run Facebook infer over PR code, only running on Linux with one
+  # JDK/version for now.
+  fb-infer:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest' ]
+        jdk_version: [ '11' ]
+        wolfssl_configure: [ '--enable-jni --enable-all' ]
+    name: Facebook Infer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }})
+    uses: ./.github/workflows/infer.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "zulu"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # ----------------------- Android Gradle build ------------------------
+  # Run Android gradle build over PR code, only running on Linux with one
+  # JDK/version for now.
+  android-gradle:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest' ]
+        jdk_version: [ '21' ]
+    name: Android Gradle (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }})
+    uses: ./.github/workflows/android_gradle.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "zulu"
+      jdk_version: ${{ matrix.jdk_version }}
+
+  # --------------------- Maven build - test pom.xml --------------------
+  # Run Maven build over PR code, running on Linux and Mac with only one
+  # JDK/version for now.
+  maven-build:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-latest' ]
+        jdk_version: [ '21' ]
+        wolfssl_configure: [ '--enable-jni' ]
+    name: Maven Build (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }})
+    uses: ./.github/workflows/maven.yml
+    with:
+      os: ${{ matrix.os }}
+      jdk_distro: "zulu"
+      jdk_version: ${{ matrix.jdk_version }}
+      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+

.github/workflows/maven.yml

@@ -0,0 +1,73 @@
+name: Maven Build (pom.xml)
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        required: true
+        type: string
+      jdk_distro:
+        required: true
+        type: string
+      jdk_version:
+        required: true
+        type: string
+      wolfssl_configure:
+        required: true
+        type: string
+
+jobs:
+  build_wolfcryptjni:
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build native wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfSSL/wolfssl
+          ref: master
+          path: wolfssl
+          configure: ${{ inputs.wolfssl_configure }}
+          check: false
+          install: true
+
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: ${{ inputs.jdk_distro }}
+          java-version: ${{ inputs.jdk_version }}
+
+      - name: Set LD_LIBRARY_PATH
+        run: |
+          echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"
+
+      # Only copy appropriate makefile for platform currently being tested
+      - name: Copy makefile
+        run: |
+          if [ "$RUNNER_OS" == "Linux" ]; then
+              cp makefile.linux makefile
+          elif [ "$RUNNER_OS" == "macOS" ]; then
+              cp makefile.macosx makefile
+          else
+            echo "$RUNNER_OS not supported"
+            exit 1
+          fi
+        shell: bash
+
+      - name: Build JNI library
+        run: PREFIX=$GITHUB_WORKSPACE/build-dir make
+
+      # Maven build
+      - name: mvn compile
+        run: mvn compile
+
+      - name: mvn test
+        run: mvn test
+
+      - name: mvn package
+        run: mvn package
+
+      - name: mvn clean
+        run: mvn clean
+

.gitignore

@@ -4,8 +4,38 @@ build/
 lib/
 
 # Generated Javadocs
-docs/
+docs/javadoc
+
+# makefile, since copied from makefile.linux or makefile.macosx
+makefile
 
 # Code signing key/alias info file
 codeSigning.properties
 
+# rpm package files
+rpm/spec
+*.rpm
+wolfcrypt*.tar.gz
+
+# Android
+IDE/Android/.idea/deploymentTargetDropDown.xml
+IDE/Android/app/.cxx/
+IDE/Android/app/src/main/cpp/wolfssl
+
+# Windows
+IDE/WIN/.vs
+IDE/WIN/wolfcryptjni.vcxproj.user
+IDE/WIN/DLL Debug
+IDE/WIN/DLL Debug FIPS
+IDE/WIN/DLL Release
+IDE/WIN/DLL Release FIPS
+
+# infer RacerD
+infer-out/
+
+# Maven output directory
+target/
+
+# Generated system cacerts.wks and jssecacerts.wks
+examples/certs/systemcerts/cacerts.wks
+examples/certs/systemcerts/jssecacerts.wks

ChangeLog.md

@@ -0,0 +1,200 @@
+### wolfCrypt JNI Release 1.8.0 (01/23/2025)
+
+Release 1.8.0 of wolfCrypt JNI and JCE has bug fixes and new features including:
+
+**New JCE Functionality:**
+- Add Java security property support for mapping JKS/PKCS12 to WKS type (PR 83)
+
+**JNI and JCE Changes:**
+- Run FIPS CASTs once up front to prevent threaded app errors (PR 84, 91)
+
+**Example Changes:**
+- Define `WOLFSSL_CUSTOM_CONFIG` in Android Studio project builds (PR 85)
+- Add basic JCE cryptography benchmark app (PR 88, 89, 93, 94)
+
+**Testing Changes:**
+- Add GitHub Action testing Maven (pom.xml) build on macOS and Linux (PR 82)
+
+The wolfCrypt JNI/JCE Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfcryptjni/. For build
+instructions and more details comments, please check the manual.
+
+### wolfCrypt JNI Release 1.7.0 (11/11/2024)
+
+Release 1.7.0 of wolfCrypt JNI and JCE has bug fixes and new features including:
+
+**New JCE Functionality:**
+- New WolfSSLKeyStore (WKS) KeyStore implementation for FIPS 140-2/3 compliance (PR 67)
+
+**JNI and JCE Changes:**
+- Remove call to BigInteger.longValueExact(), not available on some Java versions (PR 76)
+- Detect `RSA_MIN_SIZE` in tests, add `Rsa.RSA_MIN_SIZE` helper (PR 77)
+- Fix pointer use in native `X509CheckPrivateKey()` (PR 80)
+
+**Example Changes:**
+- Set keytool path correctly in `system-cacerts-to-wks.sh` (PR 78)
+- Add example Android Studio project (IDE/Android) (PR 79)
+
+**Testing Changes:**
+- Run Facebook Infer on pull requests with GitHub Actions (PR 74)
+- Add Android Gradle build with GitHub Actions to run on all pull requests (PR 79)
+
+The wolfCrypt JNI/JCE Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfcryptjni/. For build
+instructions and more details comments, please check the manual.
+
+### wolfCrypt JNI Release 1.6.0 (4/17/2024)
+
+Release 1.6.0 of wolfCrypt JNI and JCE has bug fixes and new features including:
+
+**New JCE Functionality:**
+- Add RSA support to `KeyPairGenerator` class (PR 49)
+- Add `AES/CBC/PKCS5Padding` support to `Cipher` class (PR 51)
+- Add `RSA` support to `Cipher` class (PR 51)
+- Add `PKIX` implementation of `CertPathValidator` class (PR 60, 66)
+- Add `SHA1` alias for `MessageDigest` `SHA-1` for interop compatibility (PR 61)
+- Add `AES/GCM/NoPadding` support to `Cipher` class (PR 62)
+- Add `SecretKeyFactory` implementation supporting `PBKDF2` (PR 70)
+- Add `DEFAULT` support to `SecureRandom` class (PR 72)
+
+**New JNI Wrapped APIs and Functionality:**
+- Add `AES-GCM` support to `com.wolfssl.wolfcrypt.AesGcm` class (PR 62)
+
+**JNI and JCE Changes:**
+- Add synchronization to `com.wolfssl.wolfcrypt.Rng` class (PR 44)
+- Correct preprocessor guards for 3DES with wolfCrypt FIPS (PR 47)
+- Correct order of operations in `wc_CreatePKCS8Key()` JNI wrapper API (PR 50)
+- Add synchronization around native structure pointer use (PR 53)
+- Remove inclusion of CyaSSL header includes, switch to wolfSSL (PR 56)
+- Call `PRIVATE_KEY_LOCK/UNLOCK()` for wolfCrypt FIPS 140-3 compatibility (PR 57)
+- Improve native HMAC feature detection (PR 58)
+- Prepend zero byte to DH shared secret if less than prime length (PR 69)
+- Add synchronization to protected methods in `WolfCryptSignature` (PR 68)
+- Add synchronization to public methods of `WolfCryptKeyPairGenerator` (PR 73)
+- Only allocate one `Rng` object per `WolfCryptSignature`, not per sign operation (PR 73)
+- Reduce extra `WolfCryptRng` object creation in `Signature` and `KeyPairGenerator` (PR 73)
+
+**New Platform Support:**
+- Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 46)
+
+**Build System Changes:**
+- Support custom wolfSSL library prefix and name in `makefile.linux` (PR 45)
+- Standardize JNI library name on OSX to .dylib (PR 54)
+- Update Maven build support (PR 55)
+
+**Example Changes:**
+- Print provider of `SecureRandom` from `ProviderTest.java` (PR 43)
+- Add Windows batch script to run `ProviderTest` example (PR 52)
+
+**Testing Changes:**
+- Add extended threading test for `WolfCryptRandom` class (PR 44)
+- Add Facebook Infer test script, make fixes (PR 48, 63)
+- Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 65)
+
+**Documentation Changes:**
+- Remove build instructions from `README.md` for FIPS historical cert #2425 (PR 56)
+- Fix Javadoc warnings for Java 21 and 22 (PR 71)
+
+The wolfCrypt JNI/JCE Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfcryptjni/. For build
+instructions and more details comments, please check the manual.
+
+### wolfCrypt JNI Release 1.5.0 (11/14/2022)
+
+Release 1.5.0 of wolfCrypt JNI has bug fixes and new features including:
+
+- Add build compatibility for Java 7 (PR 38)
+- Add support for "SHA" algorithm string in wolfJCE (PR 39)
+- Add rpm package support (PR 40)
+- Add wolfJCE MessageDigest.clone() support (PR 41)
+- Improve error checking of native Md5 API calls (PR 41)
+- Add unit tests for com.wolfssl.wolfcrypt.Md5 (PR 41)
+
+### wolfCrypt JNI Release 1.4.0 (08/11/2022)
+
+Release 1.4.0 of wolfCrypt JNI has bug fixes and new features including:
+
+- Add example directory with one simple ProviderTest example (PR 32)
+- Fix double free of ChaCha pointer (PR 34)
+- Add test cases for ChaCha.java (PR 34)
+- Skip WolfCryptMacTest for HMAC-MD5 when using wolfCrypt FIPS 140-3 (PR 35)
+- Use new hash struct names (wc\_Md5/wc\_Sha/etc) in native code (PR 35)
+- Fix potential build error with non-ASCII apostrophes in Fips.java (PR 36)
+
+### wolfCrypt JNI Release 1.3.0 (05/13/2022)
+
+Release 1.3.0 of wolfCrypt JNI has bug fixes and new features including:
+
+- Run FIPS tests on `ant test` when linked against a wolfCrypt FIPS library (PR 24)
+- Wrap native AesGcmSetExtIV\_fips() API (PR 24)
+- Fix releaseByteArray() usage in Fips.RsaSSL\_Sign() (PR 24)
+- Fix AES-GCM FIPS test cases (PR 24)
+- Keep existing JAVA\_HOME in makefiles if already set (PR 25)
+- Add JCE support for MessageDigestSpi.engineGetDigestLength() (PR 27)
+- Update junit to 4.13.2 (PR 28)
+- Update missing Javadocs, fixes warnings on newer Java versions (PR 29)
+
+### wolfCrypt JNI Release 1.2.0 (11/16/2021)
+
+Release 1.2.0 of wolfCrypt JNI has bug fixes and new features including:
+
+- Add **FIPS 140-3** compatibility when using wolfCrypt FIPS or FIPS Ready
+- Increase junit version from 4.12 to 4.13 in pom.xml
+- Add local `./lib` directory to `java.library.path` in pom.xml
+- Fix builds with `WOLFCRYPT_JNI_DEBUG_ON` defined
+- Fix compatibility with wolfCrypt `NO_OLD_*` defines
+- Fix compatibility with wolfSSL `./configure --enable-all` and ECC tests
+
+### wolfCrypt JNI Release 1.1.0 (08/26/2020)
+
+Release 1.1.0 of wolfCrypt JNI has bug fixes and new features including:
+
+- New JNI-level wrappers for ChaCha, Curve25519, and Ed25519
+- Maven pom.xml build file
+- Runtime detection of hash type enum values for broader wolfSSL support
+- Updated wolfSSL error codes to match native wolfSSL updates
+- Native HMAC wrapper fixes for building with wolfCrypt FIPSv2
+- Native wrapper to return `HAVE_FIPS_VERSION` value to Java
+- Remove Blake2b from HMAC types, to match native wolfSSL changes
+- Better native wolfSSL feature detection
+- Increase Junit version to 4.13
+- Use nativeheaderdir on supported platforms instead of javah
+- Use hamcrest-all-1.3.jar in build.xml
+- Add call to `wc_ecc_set_rng()` when needed
+
+### wolfCrypt JNI Release 1.0.0 (7/10/2017)
+
+Release 1.0.0 of wolfCrypt JNI has bug fixes and new features including:
+
+- Bug fixes to JCE classes: Cipher, KeyAgreement (DH), Signature
+- JCE debug logging with wolfjce.debug system property
+- Additional unit tests for JCE provider
+- Conditional ant build for JNI and/or JCE
+- New ant targets with choice of debug or release builds
+
+### wolfCrypt JNI Release 0.3 BETA
+
+Release 0.3 BETA of wolfCrypt JNI includes:
+
+- Support for ECC and DH key generation
+- Bug fixes regarding key import/export
+- Better argument sanitization at JNI level
+
+### wolfCrypt JNI Release 0.2 BETA
+
+Release 0.2 BETA of wolfCrypt JNI includes:
+
+- Support for Android
+- Support for Oracle JDK/JVM
+- Support for code signing wolfcrypt-jni.jar file
+- Compatibility with non-FIPS wolfSSL and wolfCrypt builds
+- Bug fixes regarding releasing native resources
+- Test package changed to (com.wolfssl.provider.jce.test)
+
+### wolfCrypt JNI Release 0.1 BETA
+
+Release 0.1 BETA of wolfCrypt JNI includes:
+
+- Initial JCE package
+- Support for OpenJDK
+

IDE/Android/.gitignore

@@ -0,0 +1,13 @@
+*.iml
+.gradle
+/local.properties
+/.idea/caches
+/.idea/libraries
+/.idea/modules.xml
+/.idea/workspace.xml
+/.idea/navEditor.xml
+/.idea/assetWizardSettings.xml
+.DS_Store
+/build
+/captures
+.externalNativeBuild

IDE/Android/.idea/.gitignore

@@ -0,0 +1,3 @@
+# Default ignored files
+/shelf/
+/workspace.xml

IDE/Android/.idea/codeStyles/Project.xml

@@ -0,0 +1,29 @@
+<component name="ProjectCodeStyleConfiguration">
+  <code_scheme name="Project" version="173">
+    <Objective-C-extensions>
+      <file>
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Import" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Macro" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Typedef" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Enum" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Constant" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Global" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Struct" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="FunctionPredecl" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Function" />
+      </file>
+      <class>
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Property" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="Synthesize" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="InitMethod" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="StaticMethod" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="InstanceMethod" />
+        <option name="com.jetbrains.cidr.lang.util.OCDeclarationKind" value="DeallocMethod" />
+      </class>
+      <extensions>
+        <pair source="cpp" header="h" fileNamingConvention="NONE" />
+        <pair source="c" header="h" fileNamingConvention="NONE" />
+      </extensions>
+    </Objective-C-extensions>
+  </code_scheme>
+</component>

IDE/Android/.idea/compiler.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="CompilerConfiguration">
+    <bytecodeTargetLevel target="17" />
+  </component>
+</project>

IDE/Android/.idea/gradle.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GradleMigrationSettings" migrationVersion="1" />
+  <component name="GradleSettings">
+    <option name="linkedExternalProjectsSettings">
+      <GradleProjectSettings>
+        <option name="externalProjectPath" value="$PROJECT_DIR$" />
+        <option name="gradleJvm" value="#GRADLE_LOCAL_JAVA_HOME" />
+        <option name="modules">
+          <set>
+            <option value="$PROJECT_DIR$" />
+            <option value="$PROJECT_DIR$/app" />
+          </set>
+        </option>
+        <option name="resolveExternalAnnotations" value="false" />
+      </GradleProjectSettings>
+    </option>
+  </component>
+</project>

IDE/Android/.idea/jarRepositories.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="RemoteRepositoriesConfiguration">
+    <remote-repository>
+      <option name="id" value="central" />
+      <option name="name" value="Maven Central repository" />
+      <option name="url" value="https://repo1.maven.org/maven2" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="jboss.community" />
+      <option name="name" value="JBoss Community repository" />
+      <option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="BintrayJCenter" />
+      <option name="name" value="BintrayJCenter" />
+      <option name="url" value="https://jcenter.bintray.com/" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="Google" />
+      <option name="name" value="Google" />
+      <option name="url" value="https://dl.google.com/dl/android/maven2/" />
+    </remote-repository>
+  </component>
+</project>

IDE/Android/.idea/misc.xml

@@ -0,0 +1,22 @@
+<project version="4">
+  <component name="DesignSurface">
+    <option name="filePathToZoomLevelMap">
+      <map>
+        <entry key="app/src/main/res/layout/activity_main.xml" value="0.1983695652173913" />
+      </map>
+    </option>
+  </component>
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_17" default="true" project-jdk-name="jbr-17" project-jdk-type="JavaSDK">
+    <output url="file://$PROJECT_DIR$/build/classes" />
+  </component>
+  <component name="ProjectType">
+    <option name="id" value="Android" />
+  </component>
+  <component name="VisualizationToolProject">
+    <option name="state">
+      <ProjectState>
+        <option name="scale" value="1.1" />
+      </ProjectState>
+    </option>
+  </component>
+</project>

IDE/Android/.idea/vcs.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
+    <mapping directory="$PROJECT_DIR$/app/src/main/cpp/wolfssl" vcs="Git" />
+  </component>
+</project>

IDE/Android/README.md

@@ -0,0 +1,92 @@
+# Android Studio Example Project
+
+This is an example Android Studio project file for wolfcrypt-jni / wolfJCE.
+This project should be used for reference only.
+
+Tool and version information used when testing this project:
+
+- Ubuntu 20.04.3 LTS
+- Android Studio Chipmunk 2021.2.1
+- Android Gradle Plugin Version: 4.2.2
+- Gradle Version: 7.1.3
+- API 30: Android 11
+- Emulator: Pixel 5 API 31
+
+The following sections outline steps required to run this example on an
+Android device or emulator.
+
+## 1. Add Native wolfSSL Library Source Code to Project
+
+This example project is already set up to compile and build the native
+wolfSSL library source files, but the wolfSSL files themselves have not been
+included in this package. You must download or link an appropriate version
+of wolfSSL to this project using one of the options below.
+
+The project looks for the directory
+`wolfcrypt-jni/IDE/Android/app/src/main/cpp/wolfssl` for wolfSSL source code.
+This can added in multiple ways:
+
+- OPTION A: Download the latest wolfSSL library release from www.wolfssl.com,
+unzip it, rename it to `wolfssl`, and place it in the direcotry
+`wolfcrypt-jni/IDE/Android/app/src/main/cpp/`.
+
+```
+$ unzip wolfssl-X.X.X.zip
+$ mv wolfssl-X.X.X wolfcrypt-jni/IDE/Android/app/src/main/cpp/wolfssl
+```
+
+- OPTION B: Alternatively GitHub can be used to clone wolfSSL:
+
+```
+$ cd /IDE/Android/app/src/main/cpp/
+$ git clone https://github.com/wolfssl/wolfssl
+$ cp wolfssl/options.h.in wolfssl/options.h
+```
+
+- OPTION C: A symbolic link to a wolfssl directory on the system by using:
+
+```
+$ cd /IDE/Android/app/src/main/cpp/
+$ ln -s /path/to/local/wolfssl ./wolfssl
+```
+
+## 2. Update Java Symbolic Links (Only applies to Windows Users)
+
+The following Java source directory is a Unix/Linux symlink:
+
+```
+wolfcrypt-jni/IDE/Android/app/src/main/java/com/wolfssl
+```
+
+This will not work correctly on Windows, and a new Windows symbolic link needs
+to be created in this location. To do so:
+
+1) Open Windows Command Prompt (Right click, and "Run as Administrator")
+2) Navigate to `wolfcrypt-jni\IDE\Android\app\src\main\java\com`
+3) Delete the existing symlink file (it shows up as a file called "wolfssl")
+
+```
+del wolfssl
+```
+
+4) Create a new relative symbolic link with `mklink`:
+
+```
+mklink /D wolfssl ..\..\..\..\..\..\..\src\java\com\wolfssl\
+```
+
+## 3. Import and Build the Example Project with Android Studio
+
+1) Open the Android Studio project by double clicking on the `Android` folder
+in wolfcrypt-jni/IDE/. Or, from inside Android Studio, open the `Android`
+project located in the wolfcrypt-jni/IDE directory.
+
+2) Build the project and run MainActivity from app -> java/com/example.wolfssl.
+This will ask for permissions to access the certificates in the /sdcard/
+directory and then print out the server certificate information on success.
+
+## Support
+
+Please contact wolfSSL support at support@wolfssl.com with any questions or
+feedback.
+

IDE/Android/app/.gitignore

@@ -0,0 +1 @@
+/build

IDE/Android/app/build.gradle

@@ -0,0 +1,50 @@
+apply plugin: 'com.android.application'
+
+android {
+    compileSdk 33
+    defaultConfig {
+        applicationId "com.example.wolfssl"
+        /* Min SDK should stay at 24 to detect if we try to use newer APIs
+         * than were available in that Android SDK. We have users who are still
+         on SDK 24 (ref ZD 18311) */
+        minSdkVersion 24
+        targetSdkVersion 33
+        versionCode 1
+        versionName "1.0"
+        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
+        externalNativeBuild {
+            cmake {
+                cppFlags ""
+            }
+        }
+    }
+    compileOptions {
+        sourceCompatibility JavaVersion.VERSION_11
+        targetCompatibility JavaVersion.VERSION_11
+    }
+    buildTypes {
+        release {
+            minifyEnabled false
+            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+        }
+    }
+    externalNativeBuild {
+        cmake {
+            path "src/main/cpp/CMakeLists.txt"
+        }
+    }
+    sourceSets {
+        main.java.srcDirs += '../../../src/main/java'
+        test.java.srcDirs += '../../../src/main/test'
+    }
+    namespace 'com.example.wolfssl'
+}
+
+dependencies {
+    implementation fileTree(dir: 'libs', include: ['*.jar'])
+    implementation 'com.android.support:appcompat-v7:28.0.0'
+    implementation 'com.android.support.constraint:constraint-layout:2.0.4'
+    testImplementation 'junit:junit:4.13.2'
+    androidTestImplementation 'com.android.support.test:runner:1.0.2'
+    androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'
+}

IDE/Android/app/proguard-rules.pro

@@ -0,0 +1,21 @@
+# Add project specific ProGuard rules here.
+# You can control the set of applied configuration files using the
+# proguardFiles setting in build.gradle.
+#
+# For more details, see
+#   http://developer.android.com/guide/developing/tools/proguard.html
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+#   public *;
+#}
+
+# Uncomment this to preserve the line number information for
+# debugging stack traces.
+#-keepattributes SourceFile,LineNumberTable
+
+# If you keep the line number information, uncomment this to
+# hide the original source file name.
+#-renamesourcefileattribute SourceFile

IDE/Android/app/src/main/AndroidManifest.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
+    <uses-permission android:name="android.permission.INTERNET"/>
+
+    <application
+        android:allowBackup="true"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher"
+        android:supportsRtl="true"
+        android:theme="@style/AppTheme"
+        android:requestLegacyExternalStorage="true"
+        android:preserveLegacyExternalStorage="true">
+        <activity android:name=".MainActivity" android:exported="true">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>

IDE/Android/app/src/main/cpp/CMakeLists.txt

@@ -0,0 +1,379 @@
+# For more information about using CMake with Android Studio, read the
+# documentation: https://d.android.com/studio/projects/add-native-code.html
+
+# Sets the minimum version of CMake required to build the native library.
+cmake_minimum_required(VERSION 3.4.1)
+
+# Define project as both C and ASM for cases for SP has assembly enabled
+project("wolfcryptjni-gradle" C ASM)
+
+# set wolfCrypt JNI location as environment variable, change if needed
+set(wolfcryptjni_DIR ${CMAKE_SOURCE_DIR}/../../../../../../)
+set(wolfssl_DIR      ${CMAKE_SOURCE_DIR}/wolfssl/)
+
+# set warnings as errors, used in this example project but may be different
+# in production apps/environments.
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Werror")
+
+# ---------------- wolfSSL Normal vs. FIPS Ready Selection ---------------------
+# Select if wolfSSL is normal ("normal") or FIPS Ready ("fipsready")
+# wolfSSL FIPS Ready is available for download on the wolfssl.com download page.
+# For more information on wolfSSL FIPS Ready see:
+#
+# https://www.wolfssl.com/license/fips/
+#
+# FIPS Ready requires different preprocessor flags, files, and a specific file
+# ordering as set up below.
+set(WOLFSSL_PKG_TYPE "normal")
+
+# -------------------------- Math Library Selection ----------------------------
+# wolfCrypt math library selection, used to switch on below. Should be one of:
+#     fastmath
+#     spmath
+set(WOLFSSL_MATH_LIB "spmath")
+
+# Add header directories to include paths
+include_directories(
+        ${wolfssl_DIR}
+        ${wolfcryptjni_DIR}/jni/include
+)
+
+# ---------------------------- Preprocessor Defines ----------------------------
+
+if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
+        # Add preprocessor defines to CFLAGS, these match those placed into
+        # wolfssl/options.h by configure if using: "./configure --enable-jni".
+        # This list may be configurable depending on use case and desired
+        # optimizations.
+        add_definitions(-DWC_RSA_BLINDING -DWOLFSSL_SHA224 -DWOLFSSL_SHA384
+                -DWOLFSSL_SHA512 -DHAVE_HKDF -DNO_DSA -DHAVE_ECC
+                -DECC_SHAMIR -DWC_RSA_PSS -DWOLFSSL_BASE64_ENCODE
+                -DWOLFSSL_SHA3 -DHAVE_POLY1305 -DHAVE_CHACHA -DHAVE_HASHDRBG
+                -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_FFDHE_2048
+                -DWOLFSSL_TLS13 -DHAVE_EXTENDED_MASTER -DWOLFSSL_JNI
+                -DHAVE_EX_DATA -DWOLFSSL_DTLS -DOPENSSL_EXTRA -DOPENSSL_ALL
+                -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR
+                -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER
+                -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN
+                -DHAVE_SNI -DHAVE_ALPN -DNO_RC4 -DHAVE_ENCRYPT_THEN_MAC
+                -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DHAVE_DH_DEFAULT_PARAMS
+                -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING
+                -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID
+                -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_ALWAYS_VERIFY_CB
+                -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS
+                -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET
+                -DWOLFSSL_AKID_NAME -DHAVE_CTS -DNO_DES3 -DGCM_TABLE_4BIT
+                -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT
+                -DHAVE_AESGCM -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
+                -DWOLFSSL_CUSTOM_CONFIG
+
+                # For gethostbyname()
+                -DHAVE_NETDB_H
+
+                # Defines added for debugging. These can be removed if debug
+                # logging is not needed and will increase performance and reduce
+                # library footprint size if removed.
+                #-DDEBUG_WOLFSSL -DWOLFSSL_ANDROID_DEBUG
+
+                # Defines added for wolfCrypt test and benchmark only, may not
+                # be needed for your own application. Add -DNO_FILESYSTEM to
+                # disable file system use for wolfCrypt test, but make sure
+                # to remove this define in production applications as
+                # filesystem access is required for wolfJCE use.
+                -DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256
+                -DNO_WRITE_TEMP_FILES -DNO_MAIN_DRIVER
+        )
+
+elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
+        # The wolfCrypt FIPS In Core Integrity checksum will vary with compiler
+        # versions, runtime library versions, target hardware, and build type.
+        # Anytime the module is shifted up or down in memory or loaded from a new
+        # memory location the hash will change. This is expected during normal
+        # development cycles but should be stable in a production deployment.
+        # The verifyCore[] hash can be manually updated in
+        # 'wolfcrypt/src/fips_test.c' and the app recompiled. Or, the define
+        # WOLFCRYPT_FIPS_CORE_HASH_VALUE can be set below, which is helpful
+        # for Android Studio, which builds for all these architectures in the same
+        # build.
+        #
+        # The hash values below are only for reference and will need to
+        # be updated to match your build. To update this value:
+        #
+        #  1. Build and install your app which contains wolfCrypt FIPS
+        #  2. Run your app on each architecture, looking at the logcat output
+        #     to see the expected verifyCore[] hash value.
+        #  3. Copy the expected hash value from logcat to the proper architecture
+        #     section below.
+        #  4. Re-build your application now that the expected hash value has
+        #     been set.
+        #  5. Re-install and re-run your application on each architecture to
+        #     confirm the hash is stable and application runs as expected.
+        #
+        # NOTE: If using wolfSSL FIPS Ready or FIPS proper with this sample
+        # application and run into the scenario where the verifyCore[] hash output
+        # at runtime is empty, consider checking/increasing the size of the
+        # MAX_FIPS_DATA_SZ define in 'wolfcrypt/src/fips_test.c'.
+
+        if("${ANDROID_ABI}" MATCHES "arm64-v8a")
+                # https://developer.android.com/ndk/guides/abis#arm64-v8a
+                add_definitions(-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=DF2FF40654C405467072356FBA6C02A88F17E79B08A1A8F3A887C0F6AB4E4650)
+        elseif("${ANDROID_ABI}" MATCHES "armeabi-v7a")
+                # https://developer.android.com/ndk/guides/abis#v7a
+                add_definitions(-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=DF2FF40654C405467072356FBA6C02A88F17E79B08A1A8F3A887C0F6AB4E4650)
+        elseif("${ANDROID_ABI}" MATCHES "x86_64")
+                # https://developer.android.com/ndk/guides/abis#86-64
+                add_definitions(-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=DF2FF40654C405467072356FBA6C02A88F17E79B08A1A8F3A887C0F6AB4E4650)
+        elseif("${ANDROID_ABI}" MATCHES "x86")
+                # https://developer.android.com/ndk/guides/abis#x86
+                add_definitions(-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=DF2FF40654C405467072356FBA6C02A88F17E79B08A1A8F3A887C0F6AB4E4650)
+        endif()
+
+        # Add preprocessor defines to CFLAGS, these match those placed into
+        # wolfssl/options.h by configure if using the following configure on a Unix/Linux
+        # platform with a wolfSSL FIPS Ready GPLv3 bundle:
+        #
+        # ./configure --enable-fips=ready --enable-jni
+        #
+        # This list may be configurable depending on use case and desired
+        # optimizations, being careful not to break FIPS compatibility if targeting
+        # FIPS proper in the future. Please contact support@wolfssl.com for assistance
+        # properly compiling for use with wolfCrypt FIPS variants.
+        add_definitions(
+                -DWOLFSSL_FIPS_READY -DHAVE_FIPS -DHAVE_FIPS_VERSION=7
+                -DHAVE_FIPS_VERSION_MAJOR=7 -DHAVE_FIPS_VERSION_MINOR=0
+                -DHAVE_FIPS_VERSION_PATCH=0 -DWC_RNG_SEED_CB -DHAVE_THREAD_LS
+
+                -DWOLFSSL_WOLFSSH -DNO_DO178 -DHAVE_REPRODUCIBLE_BUILD -DWC_NO_ASYNC_THREADING
+                -DNO_OLD_TLS -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SNI
+                -DHAVE_KEYING_MATERIAL -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES
+                -DHAVE_EXTENDED_MASTER -DHAVE_ENCRYPT_THEN_MAC -DWOLFSSL_JNI -DHAVE_EX_DATA
+                -DKEEP_PEER_CERT -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_DTLS -DOPENSSL_EXTRA
+                -DOPENSSL_ALL -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_CRL -DHAVE_CRL_MONITOR
+                -DHAVE_OCSP -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER
+                -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DWOLFSSL_CERT_REQ -DWOLFSSL_KEY_GEN
+                -DHAVE_ALPN -DWOLFSSL_ALT_CERT_CHAINS -DSESSION_CERTS -DWOLFSSL_ENCRYPTED_KEYS
+                -DWOLFSSL_SYS_CA_CERTS -DWOLFSSL_ALT_NAMES -DWOLFSSL_EITHER_SIDE
+                -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_CERT_NAME_ALL
+                -DHAVE_SERVER_RENEGOTIATION_INFO -DWOLFSSL_ASN_TEMPLATE -DWOLFSSL_ASN_PRINT
+                -DWOLFSSL_BASE64_ENCODE -DERROR_QUEUE_PER_THREAD -DNO_ERROR_QUEUE
+                -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWOLFSSL_USE_ALIGN
+                -DWOLFSSL_PUBLIC_MP
+
+                -DWC_RSA_BLINDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWC_RSA_NO_PADDING
+
+                -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DECC_MIN_KEY_SZ=192 -DHAVE_ECC_CDH
+                -DECC_USER_CURVES -DHAVE_ECC192 -DHAVE_ECC224 -DHAVE_ECC256 -DHAVE_ECC384
+                -DHAVE_ECC521 -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_VALIDATE_ECC_IMPORT
+                -DWOLFSSL_VALIDATE_ECC_KEYGEN
+
+                -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DHAVE_FFDHE_2048
+                -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192
+                -DHAVE_DH_DEFAULT_PARAMS
+
+                -DHAVE_HKDF -DHAVE_PBKDF2 -DHAVE_HASHDRBG -DWC_SRTP_KDF -DWOLFSSL_SRTP
+
+                -DHAVE_AESGCM -DGCM_TABLE_4BIT -DWOLFSSL_AESGCM_STREAM -DHAVE_AESCCM
+                -DWOLFSSL_AES_COUNTER -DWOLFSSL_CMAC -DWOLFSSL_AES_OFB -DWOLFSSL_AES_CFB
+                -DWOLFSSL_AES_XTS -DWOLFSSL_AESXTS_STREAM -DWOLFSSL_AES_DIRECT
+                -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_XTS -DHAVE_AES_KEYWRAP
+
+                -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT
+                -DWOLFSSL_ED448_STREAMING_VERIFY
+
+                -DHAVE_CURVE25519 -DHAVE_CURVE448
+
+                -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512 -DWOLFSSL_NOSHA512_224
+                -DWOLFSSL_NOSHA512_256 -DWOLFSSL_SHA3 -DWOLFSSL_SHAKE128 -DWOLFSSL_SHAKE256
+
+                -DNO_DSA -DNO_RC4 -DNO_MD4 -DNO_DES3 -DNO_DES3_TLS_SUITES
+
+                -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8 -DWOLFSSL_CUSTOM_CONFIG
+
+                # For gethostbyname()
+                -DHAVE_NETDB_H
+
+                # Enable below options for wolfSSL debug logging
+                #-DDEBUG_WOLFSSL -DWOLFSSL_ANDROID_DEBUG
+
+                # Below options are added only for wolfCrypt test and benchmark applications.
+                # These can be left off / removed when integrating into a real-world application.
+                # Add -DNO_FILESYSTEM to disable file system use for wolfCrypt test, but make sure
+                # to remove this define in production applications as filesystem access is required
+                # for wolfJSSE use.
+                -DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256
+                -DNO_WRITE_TEMP_FILES -DNO_MAIN_DRIVER
+        )
+endif()
+
+if ("$WOLFSSL_MATH_LIB" MATCHES "fastmath")
+        # Use fastmath library
+        add_definitions(-DUSE_FAST_MATH -DTFM_ECC256 -DTFM_NO_ASM)
+
+elseif("${WOLFSSL_MATH_LIB}" MATCHES "spmath")
+        # Use SP math Library
+        add_definitions(
+                -DWOLFSSL_HAVE_SP_RSA -DWOLFSSL_SP_4096
+                -DWOLFSSL_HAVE_SP_DH
+                -DWOLFSSL_HAVE_SP_ECC -DWOLFSSL_SP_384 -DWOLFSSL_SP_521
+                -DWOLFSSL_SP_LARGE_CODE
+                -DFP_MAX_BITS=16384 -DSP_INT_BITS=8192)
+
+        # SP Math architecture-specific settings (ex: assembly optimizations)
+        if("${ANDROID_ABI}" MATCHES "arm64-v8a")
+                # Using ASM for SP, need to use WOLFSSL_SP_MATH instead of WOLFSSL_SP_MATH_ALL
+                add_definitions(-DWOLFSSL_SP_MATH)
+                add_definitions(-DWOLFSSL_SP_ASM -DWOLFSSL_SP_ARM64 -DWOLFSSL_SP_ARM64_ASM -DHAVE___UINT128_T)
+        elseif("${ANDROID_ABI}" MATCHES "armeabi-v7a")
+                # Add SP optimizations for ARMv7 here when available.
+                # Not using ASM, need to use WOLFSSL_SP_MATH_ALL for SW-only implementation
+                add_definitions(-DWOLFSSL_SP_MATH_ALL)
+        elseif("${ANDROID_ABI}" MATCHES "x86_64")
+                # Using ASM for SP, need to use WOLFSSL_SP_MATH instead of WOLFSSL_SP_MATH_ALL
+                add_definitions(-DWOLFSSL_SP_MATH)
+                add_definitions(-DWOLFSSL_SP_ASM -DWOLFSSL_SP_X86_64 -DWOLFSSL_SP_X86_64_ASM -DHAVE___UINT128_T)
+                list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_x86_64_asm.S)
+        elseif("${ANDROID_ABI}" MATCHES "x86")
+                # Add SP optimizations for X86 here when available.
+                # Not using ASM, need to use WOLFSSL_SP_MATH_ALL for SW-only implementation
+                add_definitions(-DWOLFSSL_SP_MATH_ALL)
+        else()
+                # Not using ASM, need to use WOLFSSL_SP_MATH_ALL for SW-only implementation
+                add_definitions(-DWOLFSSL_SP_MATH_ALL)
+        endif()
+endif()
+
+# --------------------------- wolfSSL and wolfCrypt Source Files -----------------------------------
+# Add TLS sources to TLS_SOURCES list and remove files that are included inline by other files
+aux_source_directory(${wolfssl_DIR}/src TLS_SOURCES)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/bio.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/conf.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/pk.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_bn.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_asn1.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_certman.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_crypto.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_load.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_misc.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_p7p12.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/ssl_sess.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/x509.c)
+list(REMOVE_ITEM TLS_SOURCES ${wolfssl_DIR}/src/x509_str.c)
+
+if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
+        # Add crypto sources to CRYPTO_SOURCES, remove files that are included inline by other files
+        aux_source_directory(${wolfssl_DIR}/wolfcrypt/src CRYPTO_SOURCES)
+        list(REMOVE_ITEM CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/evp.c)
+        list(REMOVE_ITEM CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/misc.c)
+
+elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
+        # FIPS Ready needs to explicitly order files for in-core integrity check to work properly.
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wolfcrypt_first.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/hmac.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/random.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/kdf.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/rsa.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ecc.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/aes.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha256.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha512.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha3.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/dh.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/cmac.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/curve448.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ed448.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/curve25519.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ed25519.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pwdbased.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fips.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fips_test.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wolfcrypt_last.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/hash.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/cpuid.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/logging.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_port.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/error.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_encrypt.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/signature.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_arm32.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_arm64.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_armthumb.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_c32.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_c64.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_cortexm.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_dsp32.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_int.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sp_x86_64.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wolfmath.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/memory.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/asn.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/coding.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/md5.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pwdbased.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pkcs12.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/tfm.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_lms.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_lms_impl.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_xmss.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_xmss_impl.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fe_operations.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ge_operations.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fe_448.c)
+        list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ge_448.c)
+endif()
+
+# wolfSSL will be compiled as a SHARED library
+add_library(wolfssl SHARED
+        ${CRYPTO_SOURCES}
+        ${TLS_SOURCES}
+)
+
+# set_target_properties(wolfssl PROPERTIES LIBRARY_OUTPUT_DIRECTORY
+# ${CMAKE_SOURCE_DIR}/../jniLibs/${ANDROID_ABI})
+
+# wolfCrypt JNI/JCE library wil be compiled as SHARED library
+# wolfCrypt JNI Java files are tied into build in Module build.gradle file
+add_library(wolfcryptjni SHARED
+        ${wolfcryptjni_DIR}/jni/jni_aes.c
+        ${wolfcryptjni_DIR}/jni/jni_aesgcm.c
+        ${wolfcryptjni_DIR}/jni/jni_asn.c
+        ${wolfcryptjni_DIR}/jni/jni_chacha.c
+        ${wolfcryptjni_DIR}/jni/jni_curve25519.c
+        ${wolfcryptjni_DIR}/jni/jni_des3.c
+        ${wolfcryptjni_DIR}/jni/jni_dh.c
+        ${wolfcryptjni_DIR}/jni/jni_ecc.c
+        ${wolfcryptjni_DIR}/jni/jni_ed25519.c
+        ${wolfcryptjni_DIR}/jni/jni_error.c
+        ${wolfcryptjni_DIR}/jni/jni_feature_detect.c
+        ${wolfcryptjni_DIR}/jni/jni_fips.c
+        ${wolfcryptjni_DIR}/jni/jni_hmac.c
+        ${wolfcryptjni_DIR}/jni/jni_jce_wolfsslkeystore.c
+        ${wolfcryptjni_DIR}/jni/jni_logging.c
+        ${wolfcryptjni_DIR}/jni/jni_md5.c
+        ${wolfcryptjni_DIR}/jni/jni_native_struct.c
+        ${wolfcryptjni_DIR}/jni/jni_pwdbased.c
+        ${wolfcryptjni_DIR}/jni/jni_rng.c
+        ${wolfcryptjni_DIR}/jni/jni_rsa.c
+        ${wolfcryptjni_DIR}/jni/jni_sha.c
+        ${wolfcryptjni_DIR}/jni/jni_wolfcrypt.c
+        ${wolfcryptjni_DIR}/jni/jni_wolfobject.c
+        ${wolfcryptjni_DIR}/jni/jni_wolfssl_cert_manager.c
+)
+
+# set_target_properties(wolfcryptjni PROPERTIES LIBRARY_OUTPUT_DIRECTORY
+# ${CMAKE_SOURCE_DIR}/../jniLibs/${ANDROID_ABI})
+
+# Find the android log library, store into variable ${lib-log}
+find_library(lib-log log)
+
+# Link libwolfssl to android log library
+target_link_libraries(
+        wolfssl
+        ${lib-log}
+)
+
+# Link libwolfcryptjni to libwolfssl
+target_link_libraries(
+        wolfcryptjni
+        wolfssl
+)

IDE/Android/app/src/main/java/com/example/wolfssl/MainActivity.java

@@ -0,0 +1,95 @@
+/* MainActivity.java
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+package com.example.wolfssl;
+
+import android.support.v7.app.AppCompatActivity;
+import android.os.Bundle;
+import android.view.View;
+import android.widget.Button;
+import android.widget.TextView;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+
+import com.wolfssl.provider.jce.WolfCryptProvider;
+
+public class MainActivity extends AppCompatActivity {
+
+    private View.OnClickListener buttonListener = new View.OnClickListener() {
+        @Override
+        public void onClick(View v) {
+            TextView tv = (TextView) findViewById(R.id.sample_text);
+
+            try {
+                testFindProvider(tv);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    };
+
+    private void setDisplayText(String s)
+    {
+        runOnUiThread(() -> {
+            TextView tv = (TextView) findViewById(R.id.sample_text);
+            tv.setText(s);
+        });
+    }
+
+    private void appendDisplayText(String s)
+    {
+        runOnUiThread(() -> {
+            TextView tv = (TextView) findViewById(R.id.sample_text);
+            tv.append(s);
+        });
+    }
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        setContentView(R.layout.activity_main);
+
+        Button button = (Button) findViewById(R.id.button);
+        button.setOnClickListener(buttonListener);
+
+        setDisplayText("wolfCrypt JNI/JCE Android Studio Example app\n");
+    }
+
+    public void testFindProvider(TextView tv)
+            throws NoSuchProviderException, NoSuchAlgorithmException {
+
+        Security.insertProviderAt(new WolfCryptProvider(), 1);
+
+        Provider p = Security.getProvider("wolfJCE");
+        if (p == null) {
+            appendDisplayText("Unable to find wolfJCE provider\n");
+            return;
+        }
+        else {
+            appendDisplayText("Successfully found wolfJCE provider\n");
+            return;
+        }
+    }
+}

IDE/Android/app/src/main/res/drawable-v24/ic_launcher_foreground.xml

@@ -0,0 +1,34 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:aapt="http://schemas.android.com/aapt"
+    android:width="108dp"
+    android:height="108dp"
+    android:viewportWidth="108"
+    android:viewportHeight="108">
+    <path
+        android:fillType="evenOdd"
+        android:pathData="M32,64C32,64 38.39,52.99 44.13,50.95C51.37,48.37 70.14,49.57 70.14,49.57L108.26,87.69L108,109.01L75.97,107.97L32,64Z"
+        android:strokeWidth="1"
+        android:strokeColor="#00000000">
+        <aapt:attr name="android:fillColor">
+            <gradient
+                android:endX="78.5885"
+                android:endY="90.9159"
+                android:startX="48.7653"
+                android:startY="61.0927"
+                android:type="linear">
+                <item
+                    android:color="#44000000"
+                    android:offset="0.0" />
+                <item
+                    android:color="#00000000"
+                    android:offset="1.0" />
+            </gradient>
+        </aapt:attr>
+    </path>
+    <path
+        android:fillColor="#FFFFFF"
+        android:fillType="nonZero"
+        android:pathData="M66.94,46.02L66.94,46.02C72.44,50.07 76,56.61 76,64L32,64C32,56.61 35.56,50.11 40.98,46.06L36.18,41.19C35.45,40.45 35.45,39.3 36.18,38.56C36.91,37.81 38.05,37.81 38.78,38.56L44.25,44.05C47.18,42.57 50.48,41.71 54,41.71C57.48,41.71 60.78,42.57 63.68,44.05L69.11,38.56C69.84,37.81 70.98,37.81 71.71,38.56C72.44,39.3 72.44,40.45 71.71,41.19L66.94,46.02ZM62.94,56.92C64.08,56.92 65,56.01 65,54.88C65,53.76 64.08,52.85 62.94,52.85C61.8,52.85 60.88,53.76 60.88,54.88C60.88,56.01 61.8,56.92 62.94,56.92ZM45.06,56.92C46.2,56.92 47.13,56.01 47.13,54.88C47.13,53.76 46.2,52.85 45.06,52.85C43.92,52.85 43,53.76 43,54.88C43,56.01 43.92,56.92 45.06,56.92Z"
+        android:strokeWidth="1"
+        android:strokeColor="#00000000" />
+</vector>

IDE/Android/app/src/main/res/drawable/ic_launcher_background.xml

@@ -0,0 +1,170 @@
+<?xml version="1.0" encoding="utf-8"?>
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="108dp"
+    android:height="108dp"
+    android:viewportWidth="108"
+    android:viewportHeight="108">
+    <path
+        android:fillColor="#008577"
+        android:pathData="M0,0h108v108h-108z" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M9,0L9,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M19,0L19,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M29,0L29,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M39,0L39,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M49,0L49,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M59,0L59,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M69,0L69,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M79,0L79,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M89,0L89,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M99,0L99,108"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,9L108,9"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,19L108,19"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,29L108,29"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,39L108,39"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,49L108,49"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,59L108,59"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,69L108,69"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,79L108,79"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,89L108,89"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M0,99L108,99"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M19,29L89,29"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M19,39L89,39"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M19,49L89,49"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M19,59L89,59"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M19,69L89,69"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M19,79L89,79"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M29,19L29,89"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M39,19L39,89"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M49,19L49,89"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M59,19L59,89"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M69,19L69,89"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+    <path
+        android:fillColor="#00000000"
+        android:pathData="M79,19L79,89"
+        android:strokeWidth="0.8"
+        android:strokeColor="#33FFFFFF" />
+</vector>

IDE/Android/app/src/main/res/layout/activity_main.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<android.support.constraint.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto"
+    xmlns:tools="http://schemas.android.com/tools"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    tools:context=".MainActivity">
+
+    <Button
+        android:id="@+id/button"
+        android:layout_width="320dp"
+        android:layout_height="wrap_content"
+        android:text="Test Provider Lookup"
+        app:layout_constraintBottom_toTopOf="@+id/sample_text"
+        app:layout_constraintEnd_toEndOf="parent"
+        app:layout_constraintStart_toStartOf="parent"
+        app:layout_constraintTop_toTopOf="parent" />
+
+    <TextView
+        android:id="@+id/sample_text"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:layout_marginTop="16dp"
+        android:paddingVertical="16pt"
+        android:text="Hello World!"
+        android:textColor="#000000"
+        app:layout_constraintBottom_toBottomOf="parent"
+        app:layout_constraintHorizontal_bias="0.461"
+        app:layout_constraintLeft_toLeftOf="parent"
+        app:layout_constraintRight_toRightOf="parent"
+        app:layout_constraintTop_toTopOf="parent"
+        app:layout_constraintVertical_bias="0.067" />
+
+</android.support.constraint.ConstraintLayout>

IDE/Android/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
+  <background android:drawable="@mipmap/ic_launcher"/>
+  <foreground android:drawable="@mipmap/ic_launcher"/>
+  <monochrome android:drawable="@mipmap/ic_launcher"/>
+</adaptive-icon>

IDE/Android/app/src/main/res/values/colors.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <color name="colorPrimary">#008577</color>
+    <color name="colorPrimaryDark">#00574B</color>
+    <color name="colorAccent">#D81B60</color>
+</resources>

IDE/Android/app/src/main/res/values/strings.xml

@@ -0,0 +1,3 @@
+<resources>
+    <string name="app_name">wolfSSL</string>
+</resources>

IDE/Android/app/src/main/res/values/styles.xml

@@ -0,0 +1,11 @@
+<resources>
+
+    <!-- Base application theme. -->
+    <style name="AppTheme" parent="Theme.AppCompat.Light.DarkActionBar">
+        <!-- Customize your theme here. -->
+        <item name="colorPrimary">@color/colorPrimary</item>
+        <item name="colorPrimaryDark">@color/colorPrimaryDark</item>
+        <item name="colorAccent">@color/colorAccent</item>
+    </style>
+
+</resources>

IDE/Android/build.gradle

@@ -0,0 +1,32 @@
+// Top-level build file where you can add configuration options common to all sub-projects/modules.
+
+buildscript {
+    repositories {
+        google()
+        jcenter()
+        
+    }
+    dependencies {
+        classpath 'com.android.tools.build:gradle:8.3.1'
+        
+        // NOTE: Do not place your application dependencies here; they belong
+        // in the individual module build.gradle files
+    }
+}
+
+allprojects {
+    repositories {
+        google()
+        jcenter()
+    }
+    gradle.projectsEvaluated {
+        tasks.withType(JavaCompile) {
+            options.compilerArgs << "-Xlint:all" << "-Werror"
+            options.deprecation = false
+        }
+    }
+}
+
+task clean(type: Delete) {
+    delete rootProject.buildDir
+}

IDE/Android/gradle.properties

@@ -0,0 +1,17 @@
+# Project-wide Gradle settings.
+# IDE (e.g. Android Studio) users:
+# Gradle settings configured through the IDE *will override*
+# any settings specified in this file.
+# For more details on how to configure your build environment visit
+# http://www.gradle.org/docs/current/userguide/build_environment.html
+# Specifies the JVM arguments used for the daemon process.
+# The setting is particularly useful for tweaking memory settings.
+android.nonFinalResIds=false
+android.nonTransitiveRClass=false
+org.gradle.jvmargs=-Xmx1536m
+# When configured, Gradle will run in incubating parallel mode.
+# This option should only be used with decoupled projects. More details, visit
+# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
+# org.gradle.parallel=true
+
+

IDE/Android/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,6 @@
+#Thu Nov 04 15:51:08 MDT 2021
+distributionBase=GRADLE_USER_HOME
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
+distributionPath=wrapper/dists
+zipStorePath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME

IDE/Android/gradlew

@@ -0,0 +1,172 @@
+#!/usr/bin/env sh
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
+  cd "$(dirname "$0")"
+fi
+
+exec "$JAVACMD" "$@"

IDE/Android/gradlew.bat

@@ -0,0 +1,84 @@
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS=
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windows variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

IDE/Android/settings.gradle

@@ -0,0 +1 @@
+include ':app'

IDE/WIN/README.md

@@ -0,0 +1,434 @@
+# wolfCrypt JNI/JCE Windows Support
+
+wolfCrypt JNI/JCE supports building on Windows using Visual Studio.
+
+This README includes instructions and tips for building wolfCrypt JNI/JCE on
+Windows, along with environment setup instructions. wolfCrypt JNI/JCE depends
+on and links against the native wolfSSL SSL/TLS library. As such, native
+wolfSSL will need to be compiled first. Further instructions are below.
+
+## Windows Environment Setup
+
+### JDK and `JAVA_HOME`
+
+Make sure you have downloaded and installed a Java Developer Kit (JDK). Once
+a JDK has been installed, `JAVA_HOME` needs to be configured as a Windows
+environment variable.
+
+1. Open the "Environment Variables" window. This can be found by searching for
+"Environment Variables", or by opening "System Properties", clicking on the
+"Advanced" tab, then "Environment Variables...".
+
+![System Properties](./img/system_properties.png)
+
+2. In "Environment Variables", add a new variable called `JAVA_HOME` under
+"System variables". The value for this variable should point to your JDK
+installation location. For example:
+
+```
+C:\Program Files\Java\jdk1.8.0_361
+```
+
+![JAVA\_HOME](./img/environment_variables.png)
+
+### Apache Ant and `ANT_HOME`
+
+Apache ant needs to be downloaded in order to build the Java .JAR component of
+this package.
+
+1. Download Apache Ant from the
+[Apache Ant Binary Distributions](https://ant.apache.org/bindownload.cgi) page.
+On the download page there should be a binary zip file. For example,
+`apache-ant-1.10.13-bin.zip`. Unzip this archive to a location on your PC where
+you would like to install Apache Ant.
+
+![Apache Ant Download](./img/apache_ant_download.png)
+
+2. After you have downloaded and installed `ant`, configure a new Windows
+environment variable called `ANT_HOME`. Follow similar steps as above to open
+the "Environment Variables" window. The value of this variable should be the
+directory that you placed ant in. For example:
+
+`C:\apache-ant-1.10.13`
+
+![ANT\_HOME](./img/ant_home_environment_variable.png)
+
+3. After `ANT_HOME` has been configured as an environment variable, the
+Windows `Path` needs to be updated to contain the `ANT_HOME` location.
+
+- Open "Environment Variables" window.
+- Under "System variables", edit the "Path" variable.
+- Add a new entry at the bottom of the `Path` value list for `%ANT\_HOME%\bin`.
+
+![Windows Path](./img/environment_variables_path.png)
+
+![ANT\_HOME on Path](./img/path_ant_home.png)
+
+4. To test that `ant` has been correctly installed:
+
+- Open a Command Prompt window
+- Typing `ant -v` should output something similar to the following:
+
+```
+ANT_OPTS is set to  -Djava.security.manager=allow
+Apache Ant(TM) version 1.10.13 compiled on January 4 2023
+Trying the default build file: build.xml
+BuildFile: build.xml does not exist!
+Build failed
+```
+
+### Microsoft Visual Studio
+
+These instructions have been tested with Visual Studio 2019, although other 
+versions should work as well. If not installed,
+[download](https://visualstudio.microsoft.com/) and install before continuing
+these instructions.
+
+# Directory Setup Structure
+
+The Visual Studio projects included in this directory assume that the wolfCrypt
+JNI/JCE and wolfSSL SSL/TLS directories are side-by-side on the file system,
+and that the directories for each are simply named `wolfssl` and `wolfcryptjni`.
+This may require renaming the wolfSSL and wolfCrypt JNI/JCE directories.
+
+For example, your high-level directory structure should look like:
+
+```
+C:\wolfssl
+C:\wolfcryptjni
+```
+
+# Building wolfSSL SSL/TLS Library
+
+For instructions on building the wolfSSL SSL/TLS DLL, see wolfSSL Manual
+[Chapter 2 Building on Windows](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html#building-on-windows),
+or [Using wolfSSL with Visual Studio](https://www.wolfssl.com/docs/visual-studio/).
+
+There are a few different Visual Studio solutions which will compile wolfSSL,
+depending on what variant of wolfSSL you would like to build. Notes on each
+are provided below.
+
+## Normal wolfSSL (non-FIPS)
+
+To build a normal, non-FIPS wolfSSL DLL, use the Visual Studio solution file
+located in the root of the wolfSSL package:
+
+```
+<wolfssl>\wolfssl64.sln
+```
+
+This will contain build configurations for both 32-bit and 64-bit DLL's, with
+either "DLL Debug" or "DLL Release". wolfCrypt JNI/JCE will expect to link
+against a wolfSSL DLL library.
+
+wolfSSL proper's Visual Studio projects use a custom `user_settings.h` header
+file to customize preprocessor defines and configuration for the wolfSSL
+library build. The `user_settings.h` header that is used for this non-FIPS build
+is located at:
+
+```
+<wolfssl>\IDE\WIN\user_settings.h
+```
+
+When builidng wolfSSL for use with wolfCrypt JNI/JCE, edit this header file
+before compiling the library DLL and insert the following defines above the
+section titled `/* Configuration */`:
+
+```
+#define WOLFSSL_KEY_GEN
+#define HAVE_CRL
+#define OPENSSL_ALL
+```
+
+If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
+reference the Windows build documentation for wolfSSL JNI/JSSE if so.
+
+After editing and saving the `user_settings.h` file, select one of the following
+DLL Library configurations and build the wolfSSL library solution:
+
+- Win32 | DLL Debug
+- Win32 | DLL Release
+- x64 | DLL Debug
+- x64 | DLL Release
+
+The wolfSSL library DLL will be built and placed under one of the following
+directories:
+
+- `wolfssl\DLL Debug\Win32`
+- `wolfssl\DLL Debug\x64`
+- `wolfssl\DLL Release\Win32`
+- `wolfssl\DLL Release\x64`
+
+When bulding wolfCrypt JNI/JCE, the Visual Studio project file for that library
+will look in the above locations to link against the wolfSSL DLL matching
+the same build configuration.
+
+## wolfSSL FIPS 140-2 (Certificate #3389)
+
+To build a wolfSSL FIPS 140-2 variant of wolfSSL for use with FIPS 140-2
+certificate #3389 or later, use the Visual Studio solution file located under
+the `IDE\WIN10` directory inside the wolfSSL FIPS release package:
+
+```
+<wolfssl>\IDE\WIN10\wolfssl-fips.sln
+```
+
+Follow build instructions in the FIPS User Guide PDF included with the FIPS
+release package.
+
+In summary:
+
+1. Open the above Visual Studio solution file.
+2. Select one of the following build configurations:
+
+- x64 | DLL Debug
+- x64 | DLL Release
+
+3. Open Project properties for the `wolfssl` and `test` projects, go to
+`C/C++ -> Preprocessor`, and change `HAVE_FIPS_VERSION=5` to
+`HAVE_FIPS_VERSION=2`.
+4. Open the `user_settings.h` file under `<wolfssl>\IDE\WIN10\user_settings.h`
+and set the values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
+`HAVE_FIPS_VERSION_MINOR` to the following:
+
+```
+#if 1
+#undef HAVE_FIPS
+#define HAVE_FIPS
+#undef HAVE_FIPS_VERSION
+#define HAVE_FIPS_VERSION 2
+#undef HAVE_FIPS_VERSION_MINOR
+#define HAVE_FIPS_VERSION_MINOR 0
+#endif
+```
+
+5. When building for wolfCrypt JNI/JCE, add the following to the
+`user_settings.h` file mentioned in the previous step:
+
+```
+#define WOLFSSL_KEY_GEN
+#define HAVE_CRL
+#define OPENSSL_ALL
+```
+
+If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
+reference the Windows build documentation for wolfSSL JNI/JSSE if so.
+
+6. Build the `wolfssl-fips` project, which will create a DLL in one of the
+following locations:
+
+```
+<wolfssl>\IDE\WIN10\DLL Debug\x64\wolfssl-fips.dll
+<wolfssl>\IDE\WIN10\DLL Release\x64\wolfssl-fips.dll
+```
+
+7. Build the `test` project inside the wolfSSL Visual Studio solution, then
+run the wolfCrypt test by right clicking on the `test` project, selecting
+`Debug`, then `Run New Instance`.
+
+If a error shows up with "In Core Integrity check FIPS error", copy the
+provided hash value, open `fips_test.c`, update the `verifyCore` array with
+the given hash, then re-compile the `wolfssl-fips` DLL. This is the FIPS
+Power-On Integrity Check, which runs an HMAC-SHA256 over the object files
+within the FIPS module boundary.
+
+Re-compiling the `test` project and re-running the application should result
+in the wolfCrypt tests successfully running.
+
+See the FIPS User Guide for more details on the FIPS verifyCore hash, or
+email support@wolfssl.com.
+
+## wolfSSL FIPS 140-3 (Certificate #4718)
+
+To build a wolfSSL FIPS 140-3 variant for use with FIPS 140-3 certificate
+#4718, use the Visual Studio solution file located in the `IDE/WIN10`
+directory inside the wolfSSL package:
+
+```
+<wolfssl>\IDE\WIN10\wolfssl-fips.sln
+```
+
+Follow instructions in the above section for 140-2 / 3389, except use the
+following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`,
+`HAVE_FIPS_VERSION_MAJOR`, `HAVE_FIPS_VERSION_MINOR`, and
+`HAVE_FIPS_VERSION_PATCH` in `user_settings.h`:
+
+```
+#if 1
+#undef HAVE_FIPS
+#define HAVE_FIPS
+#undef HAVE_FIPS_VERSION
+#define HAVE_FIPS_VERSION 5
+#undef HAVE_FIPS_VERSION_MAJOR
+#define HAVE_FIPS_VERSION_MAJOR 5
+#undef HAVE_FIPS_VERSION_MINOR
+#define HAVE_FIPS_VERSION_MINOR 2
+#undef HAVE_FIPS_VERSION_PATCH
+#define HAVE_FIPS_VERSION_PATCH 0
+#endif
+```
+
+The following additional defines will also need to be added to
+`user_settings.h` like above, for compilation and use with wolfCrypt JNI/JCE.
+
+```
+#define WOLFSSL_KEY_GEN
+#define HAVE_CRL
+#define OPENSSL_ALL
+```
+
+If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
+reference the Windows build documentation for wolfSSL JNI/JSSE if so.
+
+For additional help, contact support@wolfssl.com.
+
+# Building wolfCrypt JNI/JCE Library
+
+After the wolfSSL SSL/TLS library DLL has been built (above), the wolfCrypt
+JNI/JCE library DLL can then be built using the Visual Studio solution
+located in this directory.
+
+1. Open the Visual Studio solution `wolfcryptjni.sln` under this directory.
+
+2. Select the build configuration which matches the one you built wolfSSL
+proper above for. The following are the possible build configurations for
+the `wolfcryptjni` project:
+
+- Win32 | DLL Debug
+- Win32 | DLL Release
+- x64 | DLL Debug
+- x64 | DLL Release
+- x64 | DLL Debug FIPS   (Requires wolfSSL FIPS 140-2/140-3 archive)
+- x64 | DLL Release FIPS (Requires wolfSSL FIPS 140-2/140-3 archive)
+
+3. Build Solution
+
+This will first compile the `wolfcryptjni.dll` library and place it under one
+of the following build directories, based on build configuration:
+
+- `wolfcryptjni\IDE\WIN\DLL Debug\Win32`
+- `wolfcryptjni\IDE\WIN\DLL Debug\x64`
+- `wolfcryptjni\IDE\WIN\DLL Debug FIPS\x64`
+- `wolfcryptjni\IDE\WIN\DLL Release\Win32`
+- `wolfcryptjni\IDE\WIN\DLL Release\x64`
+- `wolfcryptjni\IDE\WIN\DLL Release FIPS\x64`
+
+It will also run a post-build action which runs `ant` from the `wolfcryptjni`
+root directory. Specifically, this will either run `ant build-jce-debug` for
+DLL Debug builds, or `ant build-jce-release` for DLL Release builds. This
+compiles the Java JAR file, and places that in the following directory.
+
+```
+wolfcryptjni\lib\wolfcrypt-jni.jar
+```
+
+# Running ant Tests
+
+wolfCrypt JNI/JCE includes ant tests that can be run from a Windows Command
+Prompt or other shell that has access to the `ant` executable.
+
+You will need to download the following JUnit JAR files in order to run the
+wolfSSL JNI/JCE tests:
+
+[junit-4.13.2.jar](https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar)
+[hamcrest-all-1.3.jar](https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar)
+
+Download and place these JAR files on your system, noting the location to be
+used below to set the `JUNIT_HOME` environment variable.
+
+After wolfSSL and wolfCrypt JNI/JCE have been compiled using the above steps,
+the ant tests can be run with the following steps:
+
+1. Open the Windows Command Prompt
+2. Set the `JUNIT_HOME` environment variable to point to the directory which
+contains the JUnit JAR files you downloaded above:
+
+```
+set JUNIT_HOME=path\to\junit\jar\directory
+```
+
+2. Navigate to the `wolfcryptjni` directory
+
+```
+cd path\to\wolfcryptjni
+```
+
+3. Run one of the following ant test targets, depending on what library build
+configuration you compiled:
+
+```
+ant test-win32-debug
+ant test-win32-release
+
+ant test-win64-debug
+ant test-win64-release
+
+ant test-win32-debug-fips
+ant test-win32-release-fips
+
+ant test-win64-debug-fips
+ant test-win64-release-fips
+```
+
+# JAR Code Signing / JCE cannot authenticate the provider wolfJCE
+
+The Oracle JDK/JVM requires that JCE providers which implement several of the
+JCE classes be signed by a code signing certificate issued by Oracle.
+
+Full details on obtaining a JCE Code Signing Certifciate can be found here:
+
+http://www.oracle.com/technetwork/java/javase/tech/getcodesigningcertificate-361306.html
+
+For instructions on signing the "wolfcrypt-jni.jar" file generated by the ant
+build system, please see the main README.md included in this package.
+
+## Using a Pre-Signed JAR File
+
+wolfSSL Inc. has its own set of code signing certificates from Oracle that
+allow wolfJCE to be authenticated in the Oracle JDK. With each release of
+wolfJCE, wolfSSL ships two pre-signed versions of the ‘wolfcrypt-jni.jar”,
+located at:
+
+```
+wolfcrypt-jni-X.X.X/lib/signed/debug/wolfcrypt-jni.jar
+wolfcrypt-jni-X.X.X/lib/signed/release/wolfcrypt-jni.jar
+```
+
+One of these pre-signed JARs can be used with the JUnit tests, without having
+to re-compile the Java source files. To run the JUnit tests against this
+JAR file:
+
+```
+$ cd wolfcrypt-jni-X.X.X
+$ cp ./lib/signed/release/wolfcrypt-jni.jar ./lib
+$ ant test
+```
+
+# Running Examples
+
+Windows batch scripts have been included to easily run some of the provided
+examples from the Windows command line.
+
+After the above steps have been followed to compile native wolfSSL and
+wolfCrypt JNI/JCE, open a Command Prompt and navigate to the wolfCrypt JNI/JCE
+directory root (ie: wolfcryptjni).
+
+The examples are already compiled as part of running ant above.
+
+Edit the Windows configuration batch script to set the appropriate paths
+for native wolfSSL and wolfCrypt JNI DLL locations. This can change between
+build types (ex: normal wolfSSL, FIPS 140-2, etc):
+
+**Edit examples\WindowsConfig.bat**
+
+From the root wolfcryptjni directory, run the desired .bat file. For example,
+to run the ProviderTest:
+
+```
+examples\provider\ProviderTest.bat
+```
+
+# Support
+
+For support, please contact support@wolfssl.com.
+

IDE/WIN/wolfcryptjni.props

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ImportGroup Label="PropertySheets" />
+  <PropertyGroup Label="UserMacros">
+    <wolfSSLDir>..\..\..\wolfssl</wolfSSLDir>
+    <wolfSSLDebug32>$(wolfSSLDir)\Debug\Win32</wolfSSLDebug32>
+    <wolfSSLRelease32>$(wolfSSLDir)\Release\Win32</wolfSSLRelease32>
+    <wolfSSLDebug64>$(wolfSSLDir)\Debug\x64</wolfSSLDebug64>
+    <wolfSSLRelease64>$(wolfSSLDir)\Release\x64</wolfSSLRelease64>
+    <wolfSSLDllDebug32>$(wolfSSLDir)\DLL Debug\Win32</wolfSSLDllDebug32>
+    <wolfSSLDllRelease32>$(wolfSSLDir)\DLL Release\Win32</wolfSSLDllRelease32>
+    <wolfSSLDllDebug64>$(wolfSSLDir)\DLL Debug\x64</wolfSSLDllDebug64>
+    <wolfSSLDllRelease64>$(wolfSSLDir)\DLL Release\x64</wolfSSLDllRelease64>
+    <wolfSSLDllDebug32FIPS>$(wolfSSLDir)\IDE\WIN10\DLL Debug\Win32</wolfSSLDllDebug32FIPS>
+    <wolfSSLDllRelease32FIPS>$(wolfSSLDir)\IDE\WIN10\DLL Release\Win32</wolfSSLDllRelease32FIPS>
+    <wolfSSLDllDebug64FIPS>$(wolfSSLDir)\IDE\WIN10\DLL Debug\x64</wolfSSLDllDebug64FIPS>
+    <wolfSSLDllRelease64FIPS>$(wolfSSLDir)\IDE\WIN10\DLL Release\x64</wolfSSLDllRelease64FIPS>
+  </PropertyGroup>
+  <ItemDefinitionGroup />
+  <ItemGroup>
+    <BuildMacro Include="wolfSSLDir">
+      <Value>$(wolfSSLDir)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDebug32">
+      <Value>$(wolfSSLDebug32)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLRelease32">
+      <Value>$(wolfSSLRelease32)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDebug64">
+      <Value>$(wolfSSLDebug64)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLRelease64">
+      <Value>$(wolfSSLRelease64)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllDebug32">
+      <Value>$(wolfSSLDllDebug32)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllRelease32">
+      <Value>$(wolfSSLDllRelease32)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllDebug64">
+      <Value>$(wolfSSLDllDebug64)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllRelease64">
+      <Value>$(wolfSSLDllRelease64)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllDebug32FIPS">
+      <Value>$(wolfSSLDllDebug32FIPS)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllRelease32FIPS">
+      <Value>$(wolfSSLDllRelease32FIPS)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllDebug64FIPS">
+      <Value>$(wolfSSLDllDebug64FIPS)</Value>
+    </BuildMacro>
+    <BuildMacro Include="wolfSSLDllRelease64FIPS">
+      <Value>$(wolfSSLDllRelease64FIPS)</Value>
+    </BuildMacro>
+  </ItemGroup>
+</Project>

IDE/WIN/wolfcryptjni.sln

@@ -0,0 +1,43 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30621.155
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfcryptjni", "wolfcryptjni.vcxproj", "{A5CBD153-C26C-4AD5-A507-0A159F074B58}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		DLL Debug FIPS|Win32 = DLL Debug FIPS|Win32
+		DLL Debug FIPS|x64 = DLL Debug FIPS|x64
+		DLL Debug|Win32 = DLL Debug|Win32
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Release FIPS|Win32 = DLL Release FIPS|Win32
+		DLL Release FIPS|x64 = DLL Release FIPS|x64
+		DLL Release|Win32 = DLL Release|Win32
+		DLL Release|x64 = DLL Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug FIPS|Win32.ActiveCfg = DLL Debug FIPS|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug FIPS|Win32.Build.0 = DLL Debug FIPS|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug FIPS|x64.ActiveCfg = DLL Debug FIPS|x64
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug FIPS|x64.Build.0 = DLL Debug FIPS|x64
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release FIPS|Win32.ActiveCfg = DLL Release FIPS|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release FIPS|Win32.Build.0 = DLL Release FIPS|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release FIPS|x64.ActiveCfg = DLL Release FIPS|x64
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release FIPS|x64.Build.0 = DLL Release FIPS|x64
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{A5CBD153-C26C-4AD5-A507-0A159F074B58}.DLL Release|x64.Build.0 = DLL Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {5DCEC0DE-9962-4100-AA08-921D4697C999}
+	EndGlobalSection
+EndGlobal

IDE/WIN/wolfcryptjni.vcxproj

@@ -0,0 +1,463 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="DLL Debug FIPS|Win32">
+      <Configuration>DLL Debug FIPS</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug FIPS|x64">
+      <Configuration>DLL Debug FIPS</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release FIPS|Win32">
+      <Configuration>DLL Release FIPS</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release FIPS|x64">
+      <Configuration>DLL Release FIPS</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Aes.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Asn.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Chacha.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Curve25519.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Des3.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Dh.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Ecc.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Ed25519.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_FeatureDetect.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Fips.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Fips_ErrorCallback.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Hmac.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Hmac_hashType.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Logging.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Md5.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_NativeStruct.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Rng.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Rsa.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha256.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha384.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha512.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_WolfCrypt.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_WolfCryptError.h" />
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_WolfObject.h" />
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_debug.h" />
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_error.h" />
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_NativeStruct.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\jni\jni_aes.c" />
+    <ClCompile Include="..\..\jni\jni_aesgcm.c" />
+    <ClCompile Include="..\..\jni\jni_asn.c" />
+    <ClCompile Include="..\..\jni\jni_chacha.c" />
+    <ClCompile Include="..\..\jni\jni_curve25519.c" />
+    <ClCompile Include="..\..\jni\jni_des3.c" />
+    <ClCompile Include="..\..\jni\jni_dh.c" />
+    <ClCompile Include="..\..\jni\jni_ecc.c" />
+    <ClCompile Include="..\..\jni\jni_ed25519.c" />
+    <ClCompile Include="..\..\jni\jni_error.c" />
+    <ClCompile Include="..\..\jni\jni_feature_detect.c" />
+    <ClCompile Include="..\..\jni\jni_fips.c" />
+    <ClCompile Include="..\..\jni\jni_hmac.c" />
+    <ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c" />
+    <ClCompile Include="..\..\jni\jni_logging.c" />
+    <ClCompile Include="..\..\jni\jni_md5.c" />
+    <ClCompile Include="..\..\jni\jni_native_struct.c" />
+    <ClCompile Include="..\..\jni\jni_pwdbased.c" />
+    <ClCompile Include="..\..\jni\jni_rng.c" />
+    <ClCompile Include="..\..\jni\jni_rsa.c" />
+    <ClCompile Include="..\..\jni\jni_sha.c" />
+    <ClCompile Include="..\..\jni\jni_wolfcrypt.c" />
+    <ClCompile Include="..\..\jni\jni_wolfobject.c" />
+    <ClCompile Include="..\..\jni\jni_wolfssl_cert_manager.c" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{a5cbd153-c26c-4ad5-a507-0a159f074b58}</ProjectGuid>
+    <RootNamespace>wolfcryptjni</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <ProjectName>wolfcryptjni</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="wolfcryptjni.props" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <LinkIncremental>
+    </LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|Win32'">
+    <LinkIncremental />
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>
+    </LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|x64'">
+    <LinkIncremental />
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllDebug32)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>msvcrt.lib</IgnoreSpecificDefaultLibraries>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-debug</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN10;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllDebug32FIPS)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl-fips.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>msvcrt.lib</IgnoreSpecificDefaultLibraries>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-debug</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>true</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllRelease32)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>
+      </IgnoreSpecificDefaultLibraries>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-release</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN10;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>true</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllRelease32FIPS)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl-fips.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>
+      </IgnoreSpecificDefaultLibraries>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-release</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllDebug64)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>msvcrt.lib</IgnoreSpecificDefaultLibraries>
+      <OptimizeReferences>false</OptimizeReferences>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-debug
+
+</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug FIPS|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN10;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllDebug64FIPS)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl-fips.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>msvcrt.lib</IgnoreSpecificDefaultLibraries>
+      <OptimizeReferences>false</OptimizeReferences>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-debug
+
+</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>
+      </SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>
+      </EnableCOMDATFolding>
+      <OptimizeReferences>
+      </OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>true</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllRelease64)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>
+      </IgnoreSpecificDefaultLibraries>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-release</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release FIPS|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>
+      </SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;WOLFCRYPTJNI_EXPORTS;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>false</ConformanceMode>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <AdditionalIncludeDirectories>..;..\..\jni\include;$(wolfSSLDir);$(wolfSSLDir)/IDE/WIN10;$(JAVA_HOME)\include;$(JAVA_HOME)\include\win32;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>
+      </EnableCOMDATFolding>
+      <OptimizeReferences>
+      </OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>true</EnableUAC>
+      <AdditionalLibraryDirectories>$(wolfSSLDllRelease64FIPS)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>wolfssl-fips.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreSpecificDefaultLibraries>
+      </IgnoreSpecificDefaultLibraries>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\
+set JUNIT_HOME=$(SolutionDir)..\..\
+ant build-jce-release</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

IDE/WIN/wolfcryptjni.vcxproj.filters

@@ -0,0 +1,177 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Aes.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Asn.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Chacha.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Curve25519.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Des3.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Dh.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Ecc.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Ed25519.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_FeatureDetect.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Fips.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Fips_ErrorCallback.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Hmac.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Hmac_hashType.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Logging.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Md5.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_NativeStruct.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Rng.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Rsa.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha256.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha384.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_Sha512.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_WolfCrypt.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_WolfCryptError.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\com_wolfssl_wolfcrypt_WolfObject.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_debug.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_error.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_NativeStruct.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\jni\jni_aes.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_asn.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_chacha.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_curve25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_des3.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_dh.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_ecc.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_ed25519.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_error.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_feature_detect.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_fips.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_hmac.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_logging.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_md5.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_native_struct.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_rng.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_rsa.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_sha.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_wolfobject.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_aesgcm.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_pwdbased.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_wolfcrypt.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_wolfssl_cert_manager.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>

README.md

@@ -1,69 +1,93 @@
 
-## wolfCrypt JNI
+## wolfCrypt JCE Provider and JNI Wrapper
 
-This package provides a Java, JNI-based interface to the native wolfCrypt
-(and wolfCrypt FIPS API, if using with a FIPS version of wolfCrypt). It also
-includes a JCE provider for wolfCrypt.
+This packages includes both a JNI wrapper and JCE provider around the native
+wolfCrypt cryptography library. It supports both normal and FIPS validated
+versions of wolfCrypt.
 
-For instructions and notes on the JNI wrapper, please reference this README.md,
-or the wolfSSL online documentation.
+For instructions and notes on the **JNI wrapper**, please reference this
+README.md, or the wolfSSL online user manual.
 
-For instructions and notes on the JCE provider, please reference the
-README_JCE.md file, or online instructions.
+For instructions and notes on the **JCE provider**, please reference the
+[README_JCE.md](./README_JCE.md) file, or online user manual.
 
-### Compiling
+### Compiling Native wolfSSL (Dependency)
 ---------
 
-To compile the wolfCrypt JNI wrapper:
+To compile the wolfCrypt JNI wrapper and JCE provider, first the native (C)
+wolfSSL library must be compiled and installed.
 
-1) Compile and install a wolfSSL (wolfssl-x.x.x), wolfSSL FIPS
-release (wolfssl-x.x.x-commercial-fips), or wolfSSL FIPS Ready release:
+Compile and install a wolfSSL (wolfssl-x.x.x), wolfSSL FIPS
+release (wolfssl-x.x.x-commercial-fips), or wolfSSL FIPS Ready release.
 
-In any of these cases, you will need the "--enable-keygen" ./configure option.
+In any of these cases, you will need the `--enable-jni` ./configure option.
+The `--enable-jni` option includes all native wolfSSL features needed by
+both wolfCrypt JNI/JCE (this package) as well as wolfSSL JNI/JSSE (a
+separate package and repo). If you want the minimal set of requirements needed
+for only wolfJCE, you can use `--enable-keygen --enable-crl`, where
+CRL support is needed to support JCE `CertPathValidator(PKIX)` CRL support.
 
-wolfSSL Standard Build:
+**wolfSSL Standard Build**:
 ```
 $ cd wolfssl-x.x.x
-$ ./configure --enable-keygen
+$ ./configure --enable-jni
 $ make check
 $ sudo make install
 ```
 
-wolfSSL FIPSv1 Build:
+**wolfSSL FIPSv2 (FIPS 140-2 Cert 3389) Build**:
 
 ```
 $ cd wolfssl-x.x.x-commercial-fips
-$ ./configure --enable-fips --enable-keygen
+$ ./configure --enable-fips=v2 --enable-jni
 $ make check
 $ sudo make install
 ```
 
-wolfSSL FIPSv2 Build:
+**wolfSSL FIPSv5 (FIPS 140-3 Cert 4718) Build**:
 
 ```
 $ cd wolfssl-x.x.x-commercial-fips
-$ ./configure --enable-fips=v2 --enable-keygen
+$ ./configure --enable-fips=v2 --enable-jni
 $ make check
 $ sudo make install
 ```
 
-wolfSSL FIPS Ready Build:
+**wolfSSL FIPS Ready Build**:
 
 ```
 $ cd wolfssl-x.x.x-commercial-fips
-$ ./configure --enable-fips=ready --enable-keygen
+$ ./configure --enable-fips=ready --enable-jni
 $ make check
 $ sudo make install
 ```
 
-2) Compile the native wolfCrypt JNI object files:
+### Compiling wolfSSL JNI/JCE with ant
+---------
+
+wolfCrypt JNI/JCE's ant build is the most stable and well-tested. Newer support
+for building with Maven has also been added. See section below for instructions
+on building with Maven. Continue reading here for instructions to build with
+ant.
+
+1) Compile the native wolfCrypt JNI object files. Two makefiles are distributed,
+one for Linux (`makefile.linux`) and one for macOS (`makefile.macosx`). First
+copy the makefile for your platform to a file called `makefile`:
+
+```
+$ cd wolfcrypt-jni
+$ cp makefile.linux makefile
+```
+
+Then compile the native wolfCrypt JNI object files into a native C shared
+library:
 
 ```
 $ cd wolfcrypt-jni
 $ make
 ```
 
-3) Compile the wolfCrypt JNI Java sources files, from the wolfcrypt-jni
+2) Compile the wolfCrypt JNI/JCE Java sources files, from the wolfcrypt-jni
    directory:
 
 ```
@@ -76,16 +100,18 @@ please follow these steps (for Linux/Mac):
 
 Running "ant test" will execute JUnit tests included in this package. These
 tests require JUnit to be available on your system and for the correct JAR
-files to be on your JUNIT_HOME path.
+files to be on your `JUNIT_HOME` path.
 
 To install and set up JUnit:
 
-a) Download "junit-4.12.jar" and "hamcrest-all-1.3.jar" from junit.org
+a) Download "junit-4.13.2.jar" and "hamcrest-all-1.3.jar" from junit.org
 
-b) Place these JAR files on your system and set JUNIT_HOME to point to
+b) Place these JAR files on your system and set `JUNIT_HOME` to point to
    that location:
 
-    $ export JUNIT_HOME=/path/to/jar/files
+```
+$ export JUNIT_HOME=/path/to/jar/files
+```
 
 The JUnit tests can then be run with:
 
@@ -93,14 +119,111 @@ The JUnit tests can then be run with:
 $ ant test
 ```
 
-### API Javadocs
+To clean the both Java JAR and native library:
+
+```
+$ ant clean
+$ make clean
+```
+
+#### API Javadocs
 ---------
 
-After the "ant" command has been executed, this will generate a set of
-Javadocs under the wolfcrypt-jni/docs directory.  To view the root document,
-open the following file in a web browser:
+Running `ant` will generate a set of Javadocs under the `wolfcrypt-jni/docs`
+directory.  To view the root document, open the following file in a web browser:
+
+`wolfcrypt-jni/docs/index.html`
+
+### Compiling wolfSSL JNI/JCE with Maven
+---------
+
+wolfSSL JNI/JCE supports building and packaging with Maven, for those projects
+that are already set up to use and consume Maven packages.
+
+wolfSSL JNI/JCE's Maven build configuration is defined in the included
+`pom.xml` file.
+
+First, compile the native JNI shared library (libwolfcryptjni.so/dylib) same
+as above. This will create the native JNI shared library under the `./lib`
+directory:
+
+```
+$ cd wolfcrypt-jni
+$ cp makefile.linux makefile
+$ make
+```
+
+Compile the Java sources, where Maven will place the compiled `.class` files
+under the `./target/classes` directory:
+
+```
+$ mvn compile
+```
+
+Compile and run JUnit tests using:
+
+```
+$ mvn test
+```
+
+Package up the wolfCrypt JNI/JCE JAR file using the following command. This will
+run the JUnit tests then create a `.jar` file located under the `./target`
+directory, similar to `target/wolfcrypt-jni-X.X.X-SNAPSHOT.jar`:
+
+```
+$ mvn package
+```
+
+To build the Javadoc API reference for wolfCrypt JNI/JCE run the following. This
+will generate Javadoc HTML under the `./docs/apidocs` directory:
+
+```
+$ mvn javadoc:javadoc
+```
+
+To install the wolfSSL JNI/JCE JAR file, run the following. This will install
+the JAR into the local Maven repository:
+
+```
+$ mvn install
+```
+
+The local Maven repository installation location will be similar to:
+
+```
+~/.m2/repository/com/wolfssl/wolfcrypt-jni/X.X.X-SNAPSHOT/wolfcrypt-jni-X.X.X-SNAPSHOT.jar
+```
+
+The wolfCrypt JNI shared library (`libwolfcryptjni.so/dylib`) created with
+`make` will need to be "installed" by being placed on your native
+library search path. For example, copied into `/usr/local/lib`, `/usr/lib`,
+or other location. Alternatively, append the `./libs` directory to your native
+library search path by exporting `LD_LIBRARY_PATH` (Linux) or
+`DYLD_LIBRARY_PATH` (OSX):
+
+```
+$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/wolfcryptjni/lib
+```
+
+After wolfCrypt JNI/JCE has been installed into the local Maven repository,
+an application can include this as a dependency in the application's
+`pom.xml` file, similar to (where the version number will change depending
+on the current release):
+
+```
+<project ...>
+    ...
+    <dependencies>
+        <dependency>
+            <groupId>com.wolfssl</groupId>
+            <artifactId>wolfcrypt-jni</artifactId>
+            <version>1.8.0-SNAPSHOT</version>
+        </dependency>
+    </dependencies>
+    ...
+</project>
+```
 
-wolfcrypt-jni/docs/index.html
 
 ### Example / Test Code
 ---------
@@ -109,7 +232,14 @@ The JUnit test code can act as a good usage example of the wolfCrypt JNI
 API. This test code is run automatically when "ant test" is executed from
 the root wolfcrypt-jni directory.  The test source code is located at:
 
-wolfcrypt-jni/src/test/com/wolfssl/wolfcrypt
+`wolfcrypt-jni/src/test/com/wolfssl/wolfcrypt`
+
+JCE-specific examples can be found in the `examples/provider` sub-directory.
+These examples will only be compiled with either `ant build-jce-debug` or
+`ant build-jce-release` are used. Since these are JCE/provider-only examples,
+they are not built for JNI-only builds (`ant build-jni-debug/release`).
+
+For more details, see the [README_JCE.md](./README_JCE.md).
 
 ### JAR Code Signing
 ---------
@@ -130,61 +260,10 @@ sign.tsaurl=<timestamp server url>
 
 Signing the JAR is important especially if using the JCE Provider with a JDK
 that requires JCE provider JAR's to be authenticated.  Please see
-README_JCE.md for more details.
+[README_JCE.md](./README_JCE.md) for more details.
 
-### Revision History
+### Release Notes
 ---------
 
-********* wolfCrypt JNI Release 1.1.0 (08/26/2020)
-
-Release 1.1.0 of wolfCrypt JNI has bug fixes and new features including:
-
-- New JNI-level wrappers for ChaCha, Curve25519, and Ed25519
-- Maven pom.xml build file
-- Runtime detection of hash type enum values for broader wolfSSL support
-- Updated wolfSSL error codes to match native wolfSSL updates
-- Native HMAC wrapper fixes for building with wolfCrypt FIPSv2
-- Native wrapper to return HAVE_FIPS_VERSION value to Java
-- Remove Blake2b from HMAC types, to match native wolfSSL changes
-- Better native wolfSSL feature detection
-- Increase Junit version to 4.13
-- Use nativeheaderdir on supported platforms instead of javah
-- Use hamcrest-all-1.3.jar in build.xml
-- Add call to wc_ecc_set_rng() when needed
-
-********* wolfCrypt JNI Release 1.0.0 (7/10/2017)
-
-Release 1.0.0 of wolfCrypt JNI has bug fixes and new features including:
-
-- Bug fixes to JCE classes: Cipher, KeyAgreement (DH), Signature
-- JCE debug logging with wolfjce.debug system property
-- Additional unit tests for JCE provider
-- Conditional ant build for JNI and/or JCE
-- New ant targets with choice of debug or release builds
-
-********* wolfCrypt JNI Release 0.3 BETA
-
-Release 0.3 BETA of wolfCrypt JNI includes:
-
-- Support for ECC and DH key generation
-- Bug fixes regarding key import/export
-- Better argument sanitization at JNI level
-
-********* wolfCrypt JNI Release 0.2 BETA
-
-Release 0.2 BETA of wolfCrypt JNI includes:
-
-- Support for Android
-- Support for Oracle JDK/JVM
-- Support for code signing wolfcrypt-jni.jar file
-- Compatibility with non-FIPS wolfSSL and wolfCrypt builds
-- Bug fixes regarding releasing native resources
-- Test package changed to (com.wolfssl.provider.jce.test)
-
-********* wolfCrypt JNI Release 0.1 BETA
-
-Release 0.1 BETA of wolfCrypt JNI includes:
-
-- Initial JCE package
-- Support for OpenJDK
+Release notes can be found in [ChangeLog.md](./ChangeLog.md).
 

README_JCE.md

@@ -21,6 +21,65 @@ and Android platforms.
 Pre-compiled and signed wolfCrypt JNI/JCE JAR's are included with the stable
 releases of the JCE provider. See below for more details.
 
+### System and Security Property Support
+---------
+
+wolfJCE supports the following System and Security properties for behavior
+customization and debugging.
+
+#### Security Property Support
+
+The following Java Security properties can be set in the `java.security`
+file for JCE provider customization:
+
+| Security Property | Default | To Enable | Description |
+| --- | --- | --- | --- |
+| wolfjce.wks.iterationCount | 210,000 | Numeric | PBKDF2 iteration count (10,000 minimum) |
+| wolfjce.wks.maxCertChainLength | 100 | Integer | Max cert chain length |
+| wolfjce.mapJKStoWKS | UNSET | true | Register fake JKS KeyStore service mapped to WKS |
+| wolfjce.mapPKCS12toWKS | UNSET | true | Register fake PKCS12 KeyStore service mapped to WKS |
+
+**wolfjce.mapJKStoWKS** - this Security property should be used with caution.
+When enabled, this will register a "JKS" KeyStore type in wolfJCE, which means
+calling applications using `KeyStore.getInstance("JKS")` will get a KeyStore
+implementation from wolfJCE. BUT, this KeyStore type will actually be a
+WolfSSLKeyStore (WKS) type internally. Loading actual JKS files will fail.
+This can be helpful when FIPS compliance is required, but existing code gets
+a JKS KeyStore instance - and this assumes the caller has the flexibility to
+actually load a real WKS KeyStore file into this KeyStore object. If this
+property is being set at runtime programatically, the wolfJCE provider services
+will need to be refreshed / reloaded, by doing:
+
+```
+WolfCryptProvider prov = (WolfCryptProvider)Security.getProvider("wolfJCE");
+prov.refreshServices();
+```
+
+**wolfjce.mapPKCS12toWKS** - this Security property should be used with caution.
+When enabled, this will register a "PKCS12" KeyStore type in wolfJCE, which
+means calling applications using `KeyStore.getInstance("PKCS12")` will get a
+KeyStore implementation from wolfJCE. BUT, this KeyStore type will actually be a
+WolfSSLKeyStore (WKS) type internally. Loading actual PKCS12 files will fail.
+This can be helpful when FIPS compliance is required, but existing code gets
+a PKCS12 KeyStore instance - and this assumes the caller has the flexibility to
+actually load a real WKS KeyStore file into this KeyStore object. If this
+property is being set at runtime programatically, the wolfJCE provider services
+will need to be refreshed / reloaded, by doing:
+
+```
+WolfCryptProvider prov = (WolfCryptProvider)Security.getProvider("wolfJCE");
+prov.refreshServices();
+```
+
+#### System Property Support
+
+The following Java System properties can be set on the command line or
+programatically for JCE provider customization:
+
+| System Property | Default | To Enable | Description |
+| --- | --- | --- | --- |
+| wolfjce.debug | "false" | "true" | Enable wolfJCE debug logging |
+
 ### Algorithm Support:
 ---------
 
@@ -29,51 +88,330 @@ The JCE provider currently supports the following algorithms:
     MessageDigest Class
         MD5
         SHA-1
+        SHA-224
         SHA-256
         SHA-384
         SHA-512
+        SHA3-224
+        SHA3-256
+        SHA3-384
+        SHA3-512
 
     SecureRandom Class
+        DEFAULT (maps to HashDRBG)
         HashDRBG
 
     Cipher Class
         AES/CBC/NoPadding
+        AES/CBC/PKCS5Padding
+        AES/GCM/NoPadding
         DESede/CBC/NoPadding
+        RSA
         RSA/ECB/PKCS1Padding
 
     Mac Class
         HmacMD5
         HmacSHA1
+        HmacSHA224
         HmacSHA256
         HmacSHA384
         HmacSHA512
+        HmacSHA3-224
+        HmacSHA3-256
+        HmacSHA3-384
+        HmacSHA3-512
 
     Signature Class
         MD5withRSA
         SHA1withRSA
+        SHA224withRSA
         SHA256withRSA
         SHA384withRSA
         SHA512withRSA
+        SHA3-224withRSA
+        SHA3-256withRSA
+        SHA3-384withRSA
+        SHA3-512withRSA
         SHA1withECDSA
+        SHA224withECDSA
         SHA256withECDSA
         SHA384withECDSA
         SHA512withECDSA
+        SHA3-224withECDSA
+        SHA3-256withECDSA
+        SHA3-384withECDSA
+        SHA3-512withECDSA
 
     KeyAgreement Class
         DiffieHellman
         DH
         ECDH
 
+    KeyGenerator
+        AES
+        HmacSHA1
+        HmacSHA224
+        HmacSHA256
+        HmacSHA384
+        HmacSHA512
+
     KeyPairGenerator Class
+        RSA
         EC
         DH
 
+    CertPathValidator Class
+        PKIX
+
+    SecretKeyFactory
+        PBKDF2WithHmacSHA1
+        PBKDF2WithHmacSHA224
+        PBKDF2WithHmacSHA256
+        PBKDF2WithHmacSHA384
+        PBKDF2WithHmacSHA512
+        PBKDF2WithHmacSHA3-224
+        PBKDF2WithHmacSHA3-256
+        PBKDF2WithHmacSHA3-384
+        PBKDF2WithHmacSHA3-512
+
+    KeyStore
+        WKS
+
+### SecureRandom.getInstanceStrong()
+
+When registered as the highest priority security provider, wolfJCE will provide
+`SecureRandom` with the underlying `HashDRBG` algorithm.
+
+Java applications can alternatively call the `SecureRandom.getInstanceStrong()`
+API to get a "known strong SecureRandom implementation". To provide this
+with wolfJCE, the `java.security` file needs to be modified by setting the
+`securerandom.strongAlgorithms` property to:
+
+```
+securerandom.strongAlgorithms=HashDRBG:wolfJCE
+```
+
+Note that the `securerandom.source` property in `java.security` has no affect
+on the wolfJCE provider.
+
+### WolfSSLKeyStore (WKS) Implementation Details and Usage
+
+wolfJCE implements one custom KeyStore class named WolfSSLKeyStore, represented
+as "WKS". If wolfJCE has been installed as a Security provider, this KeyStore
+can be used with:
+
+```
+KeyStore store = KeyStore.getInstance("WKS");
+```
+
+#### Algorithm Use and FIPS 140-2 / 140-3 Compatibility
+
+The WKS KeyStore has been designed to be compatible with wolfCrypt
+FIPS 140-2 and 140-3.
+
+PrivateKey and SecretKey objects stored are protected inside the KeyStore
+using AES-CBC-256 with HMAC-SHA512 in an Encrypt-then-MAC manner. PKCS#5
+PBKDF2-HMAC-SHA512 is used to generate 96 bytes of key material which is split
+between a 32-byte AES-CBC-256 key and 64-byte HMAC-SHA512 key.
+
+PBKDF2 salt is 16 bytes, randomly generated for each key storage operation
+PBKDF2 iteration count defaults to 210,000 (current OWASP recommendation), but
+is user overridable with wolfjce.wks.iterationCount Security property in
+java.security file. User password is converted from char[] to byte[] using
+UTF-8, consistent with how SunJCE uses UTF-8 for PBKDF2 SecretKeyFactory.
+AES-CBC IV is randomly generated for each key storage operation
+
+This KeyStore uses a different format that is not directly compatible with
+existing formats (ex: JKS, PKCS12, etc). Other KeyStore types will need to be
+converted over to WKS KeyStore objects for FIPS compliant use with wolfCrypt
+FIPS 140-2/3.
+
+#### Stored Object Compatibility
+
+The WKS KeyStore supports storage of PrivateKey, Certificate, and
+SecretKey objects.
+
+#### Converting Other KeyStore Formats to WKS
+
+The Java `keytool` application can be used to convert between KeyStore formats.
+This can be easily used to convert a JKS KeyStore into a WKS format KeyStore.
+
+The following example command would convert a KeyStore in JKS format named
+`server.jks` to a KeyStore in WKS format named `server.wks`:
+
+```
+keytool -importkeystore -srckeystore server.jks -destkeystore server.wks \
+    -srcstoretype JKS -deststoretype WKS \
+    -srcstorepass "pass" -deststorepass "pass" \
+    -provider com.wolfssl.provider.jce.WolfCryptProvider \
+    --providerpath /path/to/wolfcrypt-jni.jar
+```
+
+Additionally, wolfJCE provides a utility method `WolfCryptUtil.convertKeyStoreToWKS()` 
+that can be used programmatically to convert KeyStore formats. This method
+supports converting from JKS, PKCS12, and WKS formats to WKS format. When
+converting from WKS to WKS, the method efficiently returns the same input
+stream without performing any conversion.
+
+The method automatically detects the input KeyStore format and handles the
+conversion appropriately. It supports the following features:
+
+- Automatic format detection (WKS, JKS, PKCS12)
+- Preservation of all certificates and keys from the source KeyStore
+- Support for both key entries (with certificate chains) and certificate-only entries
+- Efficient handling of WKS input (returns same stream)
+- Proper stream handling with mark/reset support for large KeyStores
+
+**FIPS NOTE:** This utility method will call Sun provider code for JKS
+and PKCS12. This means that if using wolfCrypt FIPS, these calls will make
+calls into non-FIPS compliant cryptography for the conversion. Please take
+this into consideration when being used in a FIPS compliant environment.
+
+Example usage:
+
+```java
+import com.wolfssl.provider.jce.WolfCryptUtil;
+import java.io.InputStream;
+import java.security.KeyStore;
+
+/* Load your source KeyStore (JKS, PKCS12, or WKS) */
+InputStream sourceStream = ...;
+char[] password = "your_password".toCharArray();
+
+/* Convert to WKS format, fail on insert errors */
+InputStream wksStream = WolfCryptUtil.convertKeyStoreToWKS(sourceStream, password, true);
+
+/* Load the converted WKS KeyStore */
+KeyStore wksStore = KeyStore.getInstance("WKS", "wolfJCE");
+wksStore.load(wksStream, password);
+```
+
+The method respects the Security properties `wolfjce.mapJKStoWKS` and 
+`wolfjce.mapPKCS12toWKS` when performing conversions. If these properties are
+set to "true", the method will use reflection to find the Sun provider
+implementations for JKS and PKCS12 to use for conversion.
+
+To list entries inside a WKS keystore using the `keytool`, a command
+similar to the following can be used (with the `-list` option):
+
+```
+keytool -list -provider com.wolfssl.provider.jce.WolfCryptProvider \
+    --providerpath /path/to/wolfcrypt-jni.jar \
+    -storetype WKS -storepass "pass" -keystore server.wks
+```
+
+If running the above commands gives an error about the native wolfcryptjni
+shared library not being found, you may need to add the library location
+to `LD_LIBRARY_PATH` (Linux) or `DYLD_LIBRARY_PATH` (Mac OSX), ie:
+
+```
+export LD_LIBRARY_PATH=/path/to/libwolfcryptjni.so:$LD_LIBRARY_PATH
+```
+
+#### Converting System cacerts to WKS Format KeyStore
+
+For FIPS compatibility, users who do not want to use non-wolfSSL KeyStore
+implementations (ex: JKS) may need to convert the system cacerts or
+jssecacerts KeyStore to WKS format. This can be done using the keytool
+command as described above (default password for cacerts is 'changeit'), or
+the helper script located in this package at:
+
+```
+examples/certs/systemcerts/system-cacerts-to-wks.sh
+```
+
+This is a shell script that takes no arguments. It tries to detect the
+location of the active Java installation and converts `cacerts` and/or
+`jssecacerts` to WKS format if they are found. Converted KeyStores are placed
+under the same directory as the script, specifically:
+
+```
+examples/certs/systemcerts/cacerts.wks
+examples/certs/systemcerts/jssecacerts.wks
+```
+
+#### Design Notes
+
+More complete design documentation can be found in
+[docs/WolfSSLKeyStore.md](./docs/design/WolfSSLKeyStore.md).
+
 ### Example / Test Code
 ---------
 
-Example code will be added in the near future. JUnit test code is located
-under the "./src/test/java/com/wolfssl/provider/jce/test/" directory for
-each wolfJCE engine class.
+JUnit test code can act as a good usage reference, and is located under the
+`./src/test/java/com/wolfssl/provider/jce/test/` directory for each wolfJCE
+engine class.
+
+There are some JCE examples located under the `examples/provider` directory,
+including:
+
+**ProviderTest**
+
+This is an example that prints out all Security providers that are registered
+in the system. It then programatically registers wolfJCE as the highest-level
+provider and prints out the list again.
+
+This example will be built when using the following ant targets:
+
+```
+$ ant build-jce-debug
+$ ant build-jce-release
+```
+
+The example can then be run using:
+
+```
+$ ./examples/provider/ProviderTest.sh
+```
+
+**CryptoBenchmark**
+
+This example benchmarks the performance of cryptographic operations using the
+wolfJCE provider. It tests AES-CBC with 256-bit key encryption/decryption
+operations.
+
+Build and run:
+
+```
+# From wolfcrypt-jni root directory
+make                      # Build native library
+ant build-jce-release     # Build JCE JAR
+
+# Run benchmark
+./examples/provider/CryptoBenchmark.sh
+```
+
+This script requires for `JAVA_HOME` to be set.
+
+For Bouncy Castle comparison testing:
+
+CryptoBenchmark.sh will prompt with the following:
+
+```
+Would you like to download Bouncy Castle JARs? (y/n)
+```
+
+If you respond with 'y', the script will download the Bouncy Castle JARs and
+run the benchmark with Bouncy Castle. At the end of the benchmark, the script
+will prompt whether or not to remove the Bouncy Castle JAR files.
+
+If you prefer to download the JARs manually, follow the instructions below:
+
+Visit [bouncy-castle-java](https://www.bouncycastle.org/download/bouncy-castle-java/)
+
+Download:
+
+```
+bcprov-jdk18on-1.79.jar # Bouncy Castle Provider
+bctls-jdk18on-1.79.jar  # Bouncy Castle DTLS/TLS API/JSSE Provider
+```
+
+Copy jar files to wolfcrypt-jni/lib/:
+
+```
+cp bcprov-jdk18on-1.79.jar wolfcrypt-jni/lib
+cp bctls-jdk18on-1.79.jar wolfcrypt-jni/lib
+```
 
 ### JAR Code Signing
 ---------
@@ -90,10 +428,10 @@ ant build system, please see the main README.md included in this package.
 
 ### Using a Pre-Signed JAR File
 
-wolfSSL (company) has it’s own set of code signing certificates from Oracle
+wolfSSL (company) has it's own set of code signing certificates from Oracle
 that allow wolfJCE to be authenticated in the Oracle JDK.  With each release
 of wolfJCE, wolfSSL ships a couple pre-signed versions of the
-‘wolfcrypt-jni.jar”, located at:
+'wolfcrypt-jni.jar", located at:
 
 wolfcrypt-jni-X.X.X/lib/signed/debug/wolfcrypt-jni.jar
 wolfcrypt-jni-X.X.X/lib/signed/release/wolfcrypt-jni.jar

build.xml

@@ -19,28 +19,40 @@
     <!-- versioning/manifest properties -->
     <property name="implementation.vendor"  value="wolfSSL Inc." />
     <property name="implementation.title"   value="wolfCrypt JNI" />
-    <property name="implementation.version" value="1.0" />
+    <property name="implementation.version" value="1.8" />
 
     <!-- set properties for this build -->
     <property name="src.dir" value="src/main/java/" />
     <property name="jni.dir" value="jni/include/" />
     <property name="lib.dir" value="lib/" />
     <property name="build.dir" value="build" />
-    <property name="doc.dir" value="docs" />
+    <property name="doc.dir" value="docs/javadoc" />
     <property name="test.dir" value="src/test/java/" />
     <property name="test.build.dir" value="build/test" />
     <property name="reports.dir" value="build/reports" />
+    <property name="examples.build.dir" value="examples/build" />
+    <property name="examples.provider.dir" value="examples/provider" />
+    <property name="examples.provider.build.dir" value="examples/build/provider" />
 
-    <property name="junit4" value="junit-4.13.jar" />
+    <property name="junit4" value="junit-4.13.2.jar" />
     <property name="hamcrest-core" value="hamcrest-all-1.3.jar" />
     <property name="ant-junit4" value="ant/ant-junit4.jar" />
     <property name="jce.debug" value="false" />
 
+    <!-- compatible defaults -->
+    <property name="java.source" value="1.8" />
+    <property name="java.target" value="1.8" />
+
     <!-- property file for code signing -->
     <property file="codeSigning.properties" />
 
     <property environment="env" />
 
+    <!-- Detect if running on Windows host -->
+    <condition property="isWindows">
+        <os family="windows" />
+    </condition>
+
     <!-- check if javac nativeheaderdir is available -->
     <condition property="have-nativeheaderdir">
         <and>
@@ -68,11 +80,15 @@
     <target name="clean">
         <delete dir="${test.build.dir}" />
         <delete dir="${build.dir}" />
+        <delete dir="${examples.provider.build.dir}" />
         <delete dir="${examples.build.dir}" />
         <delete dir="${reports.dir}" />
         <delete failonerror="false">
             <fileset dir="${lib.dir}" includes="wolfcrypt-jni.jar" />
         </delete>
+        <delete includeemptydirs="true" failonerror="false">
+            <fileset dir="${doc.dir}" includes="**/*"/>
+        </delete>
     </target>
 
     <!-- set javac flags: debug jar, no optimization, all debug symbols -->
@@ -81,8 +97,8 @@
         <property name="java.debuglevel" value="source,lines,vars" />
         <property name="java.deprecation" value="true" />
         <property name="java.optimize" value="true" />
-        <property name="java.source" value="1.8" />
-        <property name="java.target" value="1.8" />
+        <property name="java.source" value="${java.source}" />
+        <property name="java.target" value="${java.target}" />
     </target>
 
     <!-- set javac flags: release, no debug, optimize -->
@@ -91,15 +107,17 @@
         <property name="java.debuglevel" value="none" />
         <property name="java.deprecation" value="true" />
         <property name="java.optimize" value="true" />
-        <property name="java.source" value="1.8" />
-        <property name="java.target" value="1.8" />
+        <property name="java.source" value="${java.source}" />
+        <property name="java.target" value="${java.target}" />
     </target>
 
     <target name="init" depends="clean, debug-javac-flags, release-javac-flags">
         <mkdir dir="${build.dir}" />
         <mkdir dir="${lib.dir}" />
+        <mkdir dir="${doc.dir}" />
         <mkdir dir="${test.build.dir}" />
         <mkdir dir="${reports.dir}" />
+        <mkdir dir="${examples.provider.build.dir}" />
     </target>
 
     <!-- compile all JNI and JCE source files -->
@@ -235,6 +253,22 @@
         <javadoc sourcepath="${src.dir}" destdir="${doc.dir}" />
     </target>
 
+    <target name="examples-jce" description="Build JCE Examples">
+        <javac
+            srcdir="${examples.provider.dir}"
+            destdir="${examples.provider.build.dir}"
+            debug="${java.debug}"
+            debuglevel="${java.debuglevel}"
+            deprecation="${java.deprecation}"
+            optimize="${java.optimize}"
+            source="${java.source}"
+            target="${java.target}"
+            classpathref="classpath"
+            includeantruntime="false">
+            <compilerarg value="-Xlint:-options"/>
+        </javac>
+    </target>
+
     <!-- compile JNI/JCE test classes, depending on how 'ant build' was run -->
     <target name="build-test" depends="set-build-debug, debug-javac-flags">
 
@@ -255,7 +289,112 @@
 
     </target>
 
-    <target name="test" description="Compile and run JUnit tests">
+    <!-- Set property to indicate Windows platform (Win32, x86) -->
+    <target name="setup-win32-debug">
+        <property name="ant.test.platform" value="Win32"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Debug/Win32/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/DLL Debug/Win32"/>
+    </target>
+    <target name="setup-win32-release">
+        <property name="ant.test.platform" value="Win32"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Release/Win32/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/DLL Release/Win32"/>
+    </target>
+
+    <target name="setup-win64-debug">
+        <property name="ant.test.platform" value="x64"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Debug/x64/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/DLL Debug/x64"/>
+    </target>
+    <target name="setup-win64-release">
+        <property name="ant.test.platform" value="x64"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Release/x64/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/DLL Release/x64"/>
+    </target>
+
+    <target name="setup-win32-debug-fips">
+        <property name="ant.test.platform" value="Win32"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Debug FIPS/Win32/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/IDE/WIN10/DLL Debug/Win32"/>
+    </target>
+    <target name="setup-win32-release-fips">
+        <property name="ant.test.platform" value="Win32"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Release FIPS/Win32/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/IDE/WIN10/DLL Release/Win32"/>
+    </target>
+    <target name="setup-win64-debug-fips">
+        <property name="ant.test.platform" value="x64"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Debug FIPS/x64/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/IDE/WIN10/DLL Debug/x64"/>
+    </target>
+    <target name="setup-win64-release-fips">
+        <property name="ant.test.platform" value="x64"/>
+        <property name="lib.win.dir" value="IDE/WIN/DLL Release FIPS/x64/"/>
+        <property name="lib.wolfssl.win.dir" value="../wolfssl/IDE/WIN10/DLL Release/x64"/>
+    </target>
+
+    <!-- Windows ant test targets, should be used in place of 'ant test' -->
+    <!-- Windows 32-bit -->
+    <target name="test-win32-debug" depends="setup-win32-debug, test"
+            description="Run JUnit tests on Windows x86/32-bit DLL Debug">
+    </target>
+    <target name="test-win32-release" depends="setup-win32-release, test"
+            description="Run JUnit tests on Windows x86/32-bit DLL Release">
+    </target>
+
+    <!-- Windows x64 -->
+    <target name="test-win64-debug" depends="setup-win64-debug, test"
+            description="Run JUnit tests on Windows x64/64-bit DLL Debug">
+    </target>
+    <target name="test-win64-release" depends="setup-win64-release, test"
+            description="Run JUnit tests on Windows x64/64-bit DLL Release">
+    </target>
+
+    <!-- Windows FIPS 140-2/140-3 -->
+    <target name="test-win32-debug-fips" depends="setup-win32-debug-fips, test"
+            description="Run JUnit tests on Windows x86/32-bit DLL FIPS Debug">
+    </target>
+    <target name="test-win32-release-fips" depends="setup-win32-release-fips, test"
+            description="Run JUnit tests on Windows x86/32-bit DLL FIPS Release">
+    </target>
+    <target name="test-win64-debug-fips" depends="setup-win64-debug-fips, test"
+            description="Run JUnit tests on Windows x64/64-bit DLL FIPS Debug">
+    </target>
+    <target name="test-win64-release-fips" depends="setup-win64-release-fips, test"
+            description="Run JUnit tests on Windows x64/64-bit DLL FIPS Release">
+    </target>
+
+    <!-- Print usage if plain 'ant test' called on Windows -->
+    <target name="antTestWindowsCheck">
+      <condition property="antTestCalledIncorrect">
+        <and>
+          <equals arg1="${isWindows}" arg2="true"/>
+          <equals arg1="${ant.project.invoked-targets}" arg2="test"/>
+        </and>
+      </condition>
+
+      <fail message="Please see usage instructions below" if="antTestCalledIncorrect">
+        wolfCrypt JNI and JCE: JUnit Test Usage on Windows
+        ---------------------------------------------------------------------------->
+        Run one of the following ant test targets for Windows use:
+        Normal wolfSSL (non-FIPS):
+            ant test-win32-debug         |  Run JUnit tests for Windows 32-bit Debug build
+            ant test-win32-release       |  Run JUnit tests for Windows 32-bit Release build
+            ant test-win64-debug         |  Run JUnit tests for Windows 64-bit Debug build
+            ant test-win64-release       |  Run JUnit tests for Windows 64-bit Release build
+
+        wolfSSL FIPS 140-2 / 140-3:
+            ant test-win32-debug-fips    |  Run JUnit tests for Windows 32-bit Debug FIPS build
+            ant test-win32-release-fips  |  Run JUnit tests for Windows 32-bit Release FIPS build
+            ant test-win64-debug-fips    |  Run JUnit tests for Windows 64-bit Debug FIPS build
+            ant test-win64-release-fips  |  Run JUnit tests for Windows 64-bit Release FIPS build
+        ----------------------------------------------------------------------------
+      </fail>
+    </target>
+
+    <!-- Primary ant test target, called direct on Linux/OSX
+         or from test-win32/test-win64 on Windows -->
+    <target name="test" description="Compile and run JUnit tests" depends="antTestWindowsCheck">
 
         <!-- detect if compiled JAR includes JCE or not -->
         <whichresource property="jar.includes.jce"
@@ -284,6 +423,9 @@
             showoutput="yes"
             haltonfailure="yes"
             fork="true">
+
+            <jvmarg value="-Djava.library.path=$JAVA_HOME/bin${path.separator}${lib.dir}${path.separator}${lib.win.dir}${path.separator}${lib.wolfssl.win.dir}"/>
+
             <classpath>
                 <pathelement location="${lib.dir}/wolfcrypt-jni.jar" />
                 <pathelement location="${test.build.dir}" />
@@ -299,13 +441,14 @@
 
             <sysproperty key="sun.boot.library.path" value="$JAVA_HOME/bin:${lib.dir}" />
             <sysproperty key="wolfjce.debug" value="${jce.debug}" />
-            <env key="LD_LIBRARY_PATH" path="$LD_LIBRARY_PATH:{lib.dir}:/usr/local/lib" />
-            <env key="CLASSPATH" path="$LD_LIBRARY_PATH:${env.JUNIT_HOME}/${junit4}" />
+            <env key="LD_LIBRARY_PATH" path="${env.LD_LIBRARY_PATH}:{lib.dir}:/usr/local/lib" />
+            <env key="CLASSPATH" path="${env.LD_LIBRARY_PATH}:${env.JUNIT_HOME}/${junit4}" />
 
             <batchtest fork="yes" todir="${reports.dir}">
                 <fileset dir="${test.dir}">
                     <!--<include name="**/*TestSuite.java" />-->
                     <include name="com/wolfssl/wolfcrypt/test/*TestSuite.java" />
+                    <include name="com/wolfssl/wolfcrypt/test/fips/*TestSuite.java" />
                     <include if="jar.includes.jce" name="com/wolfssl/provider/jce/test/*TestSuite.java" />
                 </fileset>
             </batchtest>
@@ -345,11 +488,11 @@
         description="Build library JAR (JNI classes ONLY)">
     </target>
 
-    <target name="build-jce-debug" depends="set-build-debug, jar-jce, sign, sign-alt, javah, javadoc"
+    <target name="build-jce-debug" depends="set-build-debug, jar-jce, sign, sign-alt, javah, javadoc, examples-jce"
         description="Build library JAR (JNI + JCE classes)">
     </target>
 
-    <target name="build-jce-release" depends="set-build-release, jar-jce, sign, sign-alt, javah, javadoc"
+    <target name="build-jce-release" depends="set-build-release, jar-jce, sign, sign-alt, javah, javadoc, examples-jce"
         description="Build library JAR (JNI + JCE classes)">
     </target>
 

docs/design/WolfSSLKeyStore.md

@@ -0,0 +1,256 @@
+
+# wolfSSL KeyStore (WKS) Design Notes
+
+The WKS KeyStore format was designed to be compatible with wolfCrypt FIPS
+140-2 and 140-3, meaning it utilizes FIPS validated cryptographic algorithms.
+This document includes notes on the design and algorithm choices used by WKS.
+For details on the wolfCrypt FIPS 140-2/3 cryptographic module and boundary,
+please reference the appropriate Security Policy or contact fips@wolfssl.com.
+
+## User Customizable Properties
+
+| Security Property | Default | Min | Description |
+| --- | --- | --- | --- |
+| `wolfjce.wks.iterationCount` | 210,000 | 10,000 | PBKDF2 iteration count |
+| `wolfjce.wks.maxCertChainLength` | 100 | N/A | Max cert chain length |
+
+## Notes on Algorithm and Security Properties
+
+PBKDF2-HMAC-SHA512 was chosen over PBKDF2-HMAC-SHA256 for AES and HMAC key
+generation to allow use of fewer iterations (210,000, as per current
+[OWASP recommendations](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2)) versus the recommended 600,000 for SHA-256.
+
+PBKDF2 salt size of 128-bits (16 bytes) is used to follow recommendations
+in [NIST SP 800-132, Page 6](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf).
+
+AES-CBC (AES/CBC/PKCS5Padding) was chosen over AES-GCM since AES-GCM requires
+that each {key,nonce} combination be unique. Simply generating a random nonce
+via RNG does not guarantee uniqueness, and we have no way of maintaining an
+accurate counter across KeyStore objects and store/load operations.
+
+Different keys are used for PrivateKey/SecretKey encryption and HMAC, and
+derived from one larger PBKDF2 operation (96 bytes) then split between
+encryption (32-byte key) and HMAC (64-byte key) operations. A
+random salt is generated for each PBKDF2 key generation operation.
+
+HMAC values are calculated over content but also the PBKDF2 salt length,
+salt, and iteration count, and all other key parameters (ex: IV and length) to
+also include those in the integrity check.
+
+## KeyStore Integrity
+
+### HMAC Generation During KeyStore Storage
+
+When WKS KeyStore objects are stored (`engineStore()`), the following format
+is used. This is composed of a *HEADER* section, an *ENTRIES* section, followed
+lastly by an HMAC generated over the *HEADER* and *ENTRIES*, including the
+PBKDF2 salt, salt length, and iteration count.
+
+The *HEADER* includes a magic number specific to the WKS KeyStore type (`7`), a
+WKS KeyStore version (may be incremented in the future as features are added
+or if the WKS type definition changes), and a count of the entries included in
+the store.
+
+The *ENTRIES* section is made up of one or more `WKSPrivateKey`,
+`WKSSecretKey`, or `WKSCertificate` entries. These represent the storage of
+a `PrivateKey`, `SecretKey`, and `Certificate` objects respectively.
+
+Generation of the HMAC happens during a call to
+`engineStore(OutputStream stream, char[] password)` and is generated in the
+following manner:
+
+- Input password must not be null or zero length
+- Input password is converted from `char[]` into `byte[]` using password
+conversion algorithm described below.
+- Random salt of size `WKS_PBKDF2_SALT_SIZE` (128 bits) is generated
+- HMAC-SHA512 key (64-bytes) is generated with PBKDF2-HMAC-SHA512 using:
+    + Password byte array
+    + Random 16-byte salt (`WKS_PBKDF2_SALT_SIZE`)
+    + 210,000 iterations (`WKS_PBKDF2_ITERATION_COUNT`), but can be overriden
+      by user by setting `wolfjce.wks.iterationCount` Security property.
+      Minimum iteration count is 10,000.
+- The final HMAC-SHA512 is calculated using the derived key over the bytes of
+*HEADER*, *ENTRIES*, salt length, salt, and iteration count. It is then
+written out to the OutputStream.
+
+### HMAC Verification During KeyStore Load
+
+When a WKS KeyStore is loaded with
+`engineLoad(InputStream stream, char[] password)`, the input password is
+optional. If a password is provided, the KeyStore integrity will be checked
+using the included HMAC, otherwise the integrity check will be skipped.
+This design is to maintain consistency with how the Java JKS format handles
+integrity checks upon KeyStore load, and allows for easy conversion and use
+of files such as `cacerts` to a WKS type where users do not normally provide
+the password when loading the KeyStore file.
+
+Since the HMAC is stored at the end of the KeyStore stream, `engineLoad()`
+buffers KeyStore bytes as they are read in, up to and including the PBKDF2
+salt size, salt, and PBKDF2 iteration count. Once all entries have been read,
+the HMAC is read and verified:
+- The salt length is read, sanitized against `WKS_PBKDF2_SALT_SIZE`
+- The salt is read
+- The PBKDF2 iteration count is read, and checked against min size of
+`WKS_PBKDF2_MIN_ITERATIONS`
+- Caching of data is paused while the HMAC is read in next
+- The original HMAC length is read
+- An HMAC-SHA512 is regenerated over the buffered header and entry bytes
+    + Password is converted from char[] to byte[] as explained below
+    + An HMAC-SHA512 key (64-bytes) is calculated as explained above, using
+      salt that was read from input KeyStore stream
+    + The generated HMAC value is calculated using this key
+- The generated HMAC is compared in both size and contents against the stored
+HMAC. If these are different, an IOException is thrown.
+
+### Stored WKS format:
+
+```
+ *   HEADER:
+ *     magicNumber                       (int / 7)
+ *     keystoreVersion                   (int)
+ *     entryCount                        (int)
+ *   ENTRIES (can be any of below, depending on type)
+ *     [WKSPrivateKey]
+ *       entryId                         (int / 1)
+ *       alias                           (UTF String)
+ *       creationDate.getTime()          (long)
+ *       kdfSalt.length                  (int)
+ *       kdfSalt                         (byte[])
+ *       kdfIterations                   (int)
+ *       iv.length                       (int)
+ *       iv                              (byte[])
+ *       encryptedKey.length             (int)
+ *       encryptedKey                    (byte[])
+ *       chain.length                    (int)
+ *       FOR EACH CERT:
+ *         chain[i].getType()            (UTF String)
+ *         chain[i].getEncoded().length  (int)
+ *         chain[i].getEncoced()         (byte[])
+ *       hmac.length                     (int)
+ *       hmac (HMAC-SHA512)              (byte[])
+ *     [WKSSecretKey]
+ *       entryId                         (int / 3)
+ *       alias                           (UTF String)
+ *       creationDate.getTime()          (long)
+ *       key.getAlgorithm()              (UTF String)
+ *       kdfSalt.length                  (int)
+ *       kdfIterations                   (int)
+ *       kdfSalt                         (byte[])
+ *       iv.length                       (int)
+ *       iv                              (byte[])
+ *       encryptedKey.length             (int)
+ *       encryptedKey                    (byte[])
+ *       hmac.length                     (int)
+ *       hmac (HMAC-SHA512)              (byte[])
+ *     [WKSCertificate]
+ *       entryId                         (int / 2)
+ *       alias                           (UTF String)
+ *       creationDate.getTime()          (long)
+ *       cert.getType()                  (UTF String)
+ *       cert.getEncoded().length        (int)
+ *       cert.getEncoced()               (byte[])
+ *   HMAC PBKDF2 salt length             int
+ *   HMAC PBKDF2 salt                    (byte[])
+ *   HMAC PBKDF2 iterations              int
+ *   HMAC length                         int
+ *   HMAC (HMAC-SHA512)                  (byte[])
+```
+
+## PrivateKey Protection
+
+A PrivateKey entry is stored into the KeyStore with the `engineSetKeyEntry()`
+method, exposed publicly through `KeyStore` as `setKeyEntry()`, when
+passing in a `Key` of type `PrivateKey`. The password argument is not allowed
+to be null, otherwise a KeyStoreException is thrown.
+
+```
+void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
+```
+
+Process of storing a PrivateKey is as follows:
+- Sanity check the certificate chain:
+    + Chain is not null or zero length chain
+    + Chain is made up of X509Certificate objects
+    + Chain cert signatures are correct as we walk up the chain. The cert
+      chain should be ordered from leaf cert (entity) to top-most intermedate
+      certificate. The last cert is loaded as a trusted root, and used to
+      verify the rest of the chain, since we don't have the root CA cert
+      available at this point.
+- Verify private key (`Key key`) matches the leaf certificate (`chain[0]`)
+- Encrypt private key before storing into KeyStore map:
+    + Generate random PBKDF2 salt, of size `WKS_PBKDF2_SALT_SIZE` bytes
+    + Generate random IV, of size `WKS_ENC_IV_LENGTH` bytes
+    + Convert password from char[] into byte[] using password conversion
+      algorithm described below.
+    + Encryption key is derived using PBKDF2-SHA256 using byte array, random
+      salt, and `WKS_PBKDF2_ITERATION_COUNT` (or customized) iteration count.
+        - 96-byte key is generated with PBKDF2 in total, split between 32-byte
+          AES-CBC-256 and 64-byte HMAC-SHA512 keys.
+    + Encrypt key bytes using AES-CBC-256
+    + Generate HMAC-SHA512 over encrypted key and other WKSPrivateKey
+      object members
+    + Zeroize KEK and HMAC keys (generated from PBKDF2)
+
+When importing a PrivateKey from a KeyStore stream, the process is reversed.
+Initially during `engineLoad()`, parameters are read in as well as the encrypted
+key:
+- Read PBKDF2 salt length, sanity check against `WKS_PBKDF2_SALT_SIZE`
+- Read PBKDF2 salt
+- Read PBKDF2 iterations, sanity check against `WKS_PBKDF2_MIN_ITERATIONS`
+- Read encryption IV, santiy check against `WKS_ENC_IV_LENGTH`
+- Read encrypted key
+- Read certificate chain if present, check length against `WKS_MAX_CHAIN_COUNT`
+- Read HMAC value into object variable, will be checked when user gets key out
+
+The PrivateKey is stored encrypted internal to the WolfSSLKeyStore until
+a caller retrieves it with `getKey()`. At that point, WolfSSLKeyStore:
+- Derives the decryption key using PBKDF2-SHA256
+    + Converts password from `char[]` to `byte[]` using algorithm below
+    + Uses salt and iteration count stored internally from encryption
+      process or read from KeyStore stream after loading
+    + Derives decryption key and HMAC key with PBKDF2-HMAC-SHA512
+    + Regenerate and verify HMAC against stored value
+    + Decrypts key using AES-CBC-256
+    + Zeroizes KEK and HMAC keys (generated from PBKDF2)
+
+## SecretKey Protection
+
+A SecretKey entry is stored into the KeyStore with the `engineSetKeyEntry()`
+method, exposed publicly through `KeyStore` as `setKeyEntry()`, when
+passing in a `Key` of type `SecretKey`. The password argument is not allowed
+to be null, otherwise a KeyStoreException is thrown.
+
+```
+void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
+```
+
+Process of storing a SecretKey is the same as PrivateKey above, except
+there is no certificate so no certifiate or private key sanity checks are done.
+The same encrypt/decrypt process is shared between PrivateKey and SecretKey
+protection.
+
+## Certificate Protection
+
+A Certificate entry is stored into the KeyStore with the
+`engineSetCertificateEntry()` method. Certificate entries are not protected
+and are stored directly into the KeyStore.
+
+They are integrity protected by the KeyStore HMAC when a KeyStore is written
+out to a stream with `engineStore()`, but otherwise have no internal
+encryption or integrity protection since no password is provided when storing
+certificates.
+
+## Password Conversion Algorithm
+
+The Java KeyStore class specifies that passwords are provided by the user as a
+Java character array (`char[]`). Before using a password as input to PBKDF2,
+wolfJCE is converts it into a byte array. In Java, one character (`char`) is
+composed of two bytes (`byte`). RFC 2898 (PBKDF2) considers a password to be an
+octet string and recommends for interop ASCII or UTF-8 encoding be used. SunJCE
+uses UTF-8 for PBKDF2 SecretKeyFactory, so we do the same in WolfSSLKeyStore
+using `WolfCryptSecretKeyFactory.passwordToByteArray(char[])`.
+
+# Support
+
+Please email support@wolfssl.com with any questions.
+

examples/WindowsConfig.bat

@@ -0,0 +1,42 @@
+
+:: -----------------------------------------------------------------------------
+:: Build Configuration
+:: -----------------------------------------------------------------------------
+
+:: Set below directories containing native wolfSSL DLL and wolfSSL JNI DLL
+:: Default pathing expects wolfssl and wolfssljni dirs to be side by side
+:: May uncomment / comment lines below that match your build. This file is
+:: included by other example .bat files.
+
+:: wolfSSL Normal non-FIPS (DLL Debug x64)
+SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\DLL Debug\x64
+SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug\x64
+
+:: wolfSSL Normal non-FIPS (DLL Release x64)
+:: SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Release\x64
+:: SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Release\x64
+
+:: wolfSSL Normal non-FIPS (DLL Debug Win32)
+:: SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Debug\Win32
+:: SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug\Win32
+
+:: wolfSSL Normal non-FIPS (DLL Release Win32)
+:: SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Release\Win32
+:: SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Release\Win32
+
+:: wolfSSL FIPS 140-2 #3389 Build (DLL Debug x64)
+:: SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Debug\x64
+:: SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug FIPS\x64
+
+:: wolfSSL FIPS 140-2 #3389 Build (DLL Release x64)
+:: SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Release\x64
+:: SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Release FIPS\x64
+
+:: wolfSSL FIPS 140-2 #3389 Build (DLL Debug Win32)
+:: SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Debug\Win32
+:: SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug FIPS\Win32
+
+:: wolfSSL FIPS 140-2 #3389 Build (DLL Release Win32)
+:: SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Release\Win32
+:: SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Release FIPS\Win32
+

examples/certs/README.md

@@ -0,0 +1,55 @@
+
+# Example and Test Certificates, Keys, and KeyStore Files
+
+This directory contains example certificates, keys, and Java KeyStore
+files used for testing and examples.
+
+These certificates and keys have been copied over from the wolfSSL proper
+example certs directory.
+
+If new certs/keys are needed or added here, consider if they should also be
+added to wolfSSL proper.
+
+## Updating Example Certificates and Keys
+
+To update the example certificates and keys, use the provided
+`update-certs.sh` bash script. This script requires one argument on the
+command line which is the location of the wolfSSL proper certs directory.
+
+```
+$ cd wolfcryptjni/examples/certs
+$ ./update-certs.sh /path/to/wolfssl/certs
+```
+
+This script only updates the .pem and .der certificate and key files. To update
+the example Java KeyStore files, see the next section.
+
+## Updating Example Java KeyStore Files
+
+To update the example Java KeyStore files, use the provided `update-jks-wks.sh`
+bash script. This script requires one argument on the command line which is
+the location of the wolfSSL proper certs directory.
+
+This script will create new KeyStore files from original certificates. It will
+first create JKS KeyStore files, then convert those to WKS (WolfSSLKeyStore)
+format.
+
+```
+$ cd wolfcryptjni/examples/certs
+$ ./update-jks-wks.sh /path/to/wolfssl/certs
+```
+
+This script only updates the example .jks and .wks files and not the individual
+.pem or .der files in this directory. For that, please see the above section.
+
+## Testing that Java keytool can read/parse WKS files
+
+To confirm that Java keytool can parse WolfSSLKeyStore (WKS) format stores OK,
+the `keytool-print-wks.sh` script can be used. This will call `keytool -list`
+on each WKS KeyStore which is expected to pass successfully.
+
+## Support
+
+Please contact the wolfSSL support team at support@wolfssl.com with any
+questions or feedback.
+

examples/certs/ca-cert.pem

@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Dec 13 22:19:28 2023 GMT
+            Not After : Sep  8 22:19:28 2026 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Alternative Name: 
+                DNS:example.com, IP Address:127.0.0.1
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
+         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
+         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
+         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
+         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
+         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
+         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
+         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
+         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
+         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
+         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
+         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
+         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
+         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
+         b9:a2:fe:35
+-----BEGIN CERTIFICATE-----
+MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
+DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ry
+TXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQ
+u2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkc
+rMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfa
+QG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+j
+JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02
+eQIDAQABo4IBRTCCAUEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHU
+BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
+M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
+OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
+bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
+w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
+tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
+qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+-----END CERTIFICATE-----

examples/certs/ca-ecc-cert.pem

@@ -0,0 +1,53 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            0f:17:46:70:fd:c2:70:d1:f9:42:49:9c:1a:c3:5d:dd:30:c8:5f:85
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Dec 13 22:19:28 2023 GMT
+            Not After : Sep  8 22:19:28 2026 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:02:d3:d9:6e:d6:01:8e:45:c8:b9:90:31:e5:c0:
+                    4c:e3:9e:ad:29:38:98:ba:10:d6:e9:09:2a:80:a9:
+                    2e:17:2a:b9:8a:bf:33:83:46:e3:95:0b:e4:77:40:
+                    b5:3b:43:45:33:0f:61:53:7c:37:44:c1:cb:fc:80:
+                    ca:e8:43:ea:a7
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+            X509v3 Authority Key Identifier: 
+                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:21:00:c8:64:7f:ee:4b:be:83:48:13:ea:92:f8:1a:
+         82:1e:85:b1:5a:a4:1c:e3:e8:ea:25:44:6f:e7:70:fd:eb:f3:
+         76:02:20:44:02:a2:ec:c5:a1:ae:e2:a4:8a:d9:13:95:2b:a6:
+         5b:09:57:86:61:42:96:97:f0:95:62:0c:03:e6:53:04:25
+-----BEGIN CERTIFICATE-----
+MIIClTCCAjugAwIBAgIUDxdGcP3CcNH5QkmcGsNd3TDIX4UwCgYIKoZIzj0EAwIw
+gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
+ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZcxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
+MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t
+KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj
+MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO
+msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgGGMAoGCCqGSM49BAMCA0gAMEUCIQDIZH/uS76DSBPqkvgagh6FsVqkHOPo6iVE
+b+dw/evzdgIgRAKi7MWhruKkitkTlSumWwlXhmFClpfwlWIMA+ZTBCU=
+-----END CERTIFICATE-----

examples/certs/ca-ecc-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgAuEzmHeXrEpZbSib
+bqCTmwdxi01gY4WZ5rsWcOkK9oChRANCAAQC09lu1gGORci5kDHlwEzjnq0pOJi6
+ENbpCSqAqS4XKrmKvzODRuOVC+R3QLU7Q0UzD2FTfDdEwcv8gMroQ+qn
+-----END PRIVATE KEY-----

examples/certs/ca-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY
+sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB
+la0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVT
+lDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5je
+hHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgW
+C6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABAoIBAD1uTmAahH+dhXzh
+Swd84NaZKt6d+TY0DncOPgjqT+UGJtT2OPffDQ8cLgai9CponGNy4zXmBJGRtcGx
+pFSs18b7QaDWdW+9C06/sVLoX0kmmFZHx97p6jxgAb8o3DG/SV+TSYd6gVuWS03K
+XDhPt+Gy08ch2jwShwfkG9xD7OjsVGHn9u2mCy7134J/xh9hGZykgznfIYWJb3ev
+hhUyCKJaCyZh+3AMypw4fbwi7uujqBYA+YqAHgCEqEpB+IQDZy8jWy+baybDBzSU
+owM7ctWfcuCtzDSrvcfV9SYwhQ8wIzlS/zzLmSFNiKWr7mK5x+C7R4fBac9z8zC+
+zjkEnOUCgYEA4XZFgFm200nfCu8S1g/wt8sqN7+n+LVN9TE1reSjlKHb8ZattQVk
+hYP8G1spqr74Jj92fq0c8MvXJrQbBY5Whn4IYiHBhtZHeT63XaTGOtexdCD2UJdB
+BFPtPybWb5H6aCbsKtya8efc+3PweUMbIaNZBGNSB8nX5tEbXV6W+lMCgYEA2O1O
+ZGFrkQxhAbUPu0RnUx7cB8Qkfp5shCORDOQSBBZNeJjMlj0gTg9Fmrb4s5MNsqIb
+KfImecjF0nh+XnPy13Bhu0DOYQX+aR6CKeYUuKHnltAjPwWTAPLhTX7tt5Zs9/Dk
+0c8BmE/cdFSqbV5aQTH+/5q2oAXdqRBU+GvQqoMCgYAh0wSKROtQt3xmv4cr5ihO
+6oPi6TXh8hFH/6H1/J8t5TqB/AEDb1OtVCe2Uu7lVtETq+GzD3WQCoS0ocCMDNae
+RrorPrUx7WO7pNUNj3LN0R4mNeu+G3L9mzm0h7cT9eqDRZOYuo/kSsy0TKh/CLpB
+SahJKD1ePcHONwDL+SzdUQKBgQChV58+udavg22DP4/70NyozgMJI7GhG2PKxElW
+NSvRLmVglQVVmRE1/dXfRMeliHJfsoJRqHFFkzbPXB9hUQwFgOivxXu6XiLjPHXD
+hAVVbdY6LYSJkzPLONqqMQXNzmwt3VXTVwvwpTVqsK4xukOWygDHS+MZEkPTQvpv
+6oDA0QKBgQC524kgNCdwYjTqXyViEvOdgb9I7poOwY0Q/2WanS0aipRayMClpYRh
+ntQkue+pncl3C8dwZj26yFTf0jPh9X/5J2G+V0Xdt0UXJPUj5DgOkSfu4yDYFMiU
+R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==
+-----END RSA PRIVATE KEY-----

examples/certs/client-cert.pem

@@ -0,0 +1,94 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            08:b0:54:7a:03:5a:ec:55:8a:12:e8:f9:8e:34:b6:13:d9:59:b8:e8
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Dec 13 22:19:28 2023 GMT
+            Not After : Sep  8 22:19:28 2026 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+            X509v3 Authority Key Identifier: 
+                keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:08:B0:54:7A:03:5A:EC:55:8A:12:E8:F9:8E:34:B6:13:D9:59:B8:E8
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Alternative Name: 
+                DNS:example.com, IP Address:127.0.0.1
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         89:84:eb:6a:70:3b:2a:6e:a8:8b:f2:92:79:97:5c:bd:98:8b:
+         71:db:db:7c:df:db:a4:2c:59:d3:a6:75:41:c2:06:b6:17:1e:
+         0c:1f:7d:0b:7f:58:3e:c1:e7:0c:f0:62:92:77:ab:99:79:7b:
+         85:f4:d9:6c:d0:0e:e5:8b:13:35:65:9e:d7:9a:51:98:e4:49:
+         44:51:c8:e3:e0:9a:ff:c2:cb:3d:81:eb:ee:f4:1a:d1:96:4b:
+         e9:7d:de:5b:f2:64:40:ad:e1:d9:d6:b7:e1:eb:a9:3a:52:29:
+         89:aa:07:37:96:44:e3:23:49:f3:be:f3:0d:70:d1:a2:ce:78:
+         86:22:fc:76:00:84:1d:fa:8b:8a:d2:43:93:88:fa:ee:22:cc:
+         a6:86:f5:3f:24:f1:d4:70:05:4f:3b:18:32:50:67:c1:80:77:
+         0d:3c:78:75:35:d0:fd:60:f3:ed:a1:30:d0:62:25:99:6b:80:
+         56:17:3d:b4:af:1d:df:ab:48:21:c1:d2:0b:6b:94:a7:33:d1:
+         d0:82:b7:3b:92:eb:9d:d6:6c:32:81:5e:07:3c:46:34:32:7b:
+         ea:22:db:a6:a3:18:69:7c:ad:17:e4:c8:a9:8f:a8:ba:67:af:
+         99:39:ef:6e:0c:f8:a9:b3:bd:ab:71:94:e0:41:aa:a4:2d:72:
+         60:51:d1:5c
+-----BEGIN CERTIFICATE-----
+MIIFHTCCBAWgAwIBAgIUCLBUegNa7FWKEuj5jjS2E9lZuOgwDQYJKoZIhvcNAQEL
+BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
+aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
+MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
+bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
+CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDDA9Er/jmkMkU7U8iEKyp8dJq9qipSB0fWpjayBzKO0Lppe8bDRJ7UgUj9
+LWiii2e7oXXINixK0hv3i7rPDfnv7PGBHnubA0eav2XMf2UkaaboFIlb5DT3xbAU
+k/Vnezp6eOEBVlaRphNCjdI8QJxM79GG3zdRGwyhO/Xxo0o15OHOlt8bfr9Ol9AQ
+6KgIMIGvIAtDFMV0Z7Qygm+NhsKIQJk2g7oeQHIiF9dSZSRzsM7vGc2u/3hse8AS
+A9ROcg1QbTujO6OZXp3I2QyFs9mK2VQm2236rLv/JUzE0Xn0cdOGQBgTsGO1ck4w
+xJeEhi1WL9cV93/ArvX8W+X7obrTAgMBAAGjggFPMIIBSzAdBgNVHQ4EFgQUM9hF
+Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
+JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
+DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
+EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCLBUegNa7FWKEuj5jjS2E9lZ
+uOgwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
+BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
+AImE62pwOypuqIvyknmXXL2Yi3Hb23zf26QsWdOmdUHCBrYXHgwffQt/WD7B5wzw
+YpJ3q5l5e4X02WzQDuWLEzVlnteaUZjkSURRyOPgmv/Cyz2B6+70GtGWS+l93lvy
+ZECt4dnWt+HrqTpSKYmqBzeWROMjSfO+8w1w0aLOeIYi/HYAhB36i4rSQ5OI+u4i
+zKaG9T8k8dRwBU87GDJQZ8GAdw08eHU10P1g8+2hMNBiJZlrgFYXPbSvHd+rSCHB
+0gtrlKcz0dCCtzuS653WbDKBXgc8RjQye+oi26ajGGl8rRfkyKmPqLpnr5k5724M
++KmzvatxlOBBqqQtcmBR0Vw=
+-----END CERTIFICATE-----

examples/certs/client-ecc-cert.pem

@@ -0,0 +1,62 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            37:67:2a:05:24:b5:2b:b6:ae:40:6b:e1:75:e0:97:cc:1d:12:8b:2a
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Dec 13 22:19:28 2023 GMT
+            Not After : Sep  8 22:19:28 2026 GMT
+        Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
+                    f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
+                    62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
+                    06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
+                    5f:c7:5d:7f:b4
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+            X509v3 Authority Key Identifier: 
+                keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+                DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:37:67:2A:05:24:B5:2B:B6:AE:40:6B:E1:75:E0:97:CC:1D:12:8B:2A
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Alternative Name: 
+                DNS:example.com, IP Address:127.0.0.1
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: ecdsa-with-SHA256
+         30:44:02:20:7a:6d:c5:bd:6f:9d:54:4f:c5:4c:d0:12:8c:31:
+         3b:b6:17:80:9e:c7:34:f8:c5:da:fb:61:23:35:e6:93:35:b4:
+         02:20:1b:6a:86:c4:11:be:7c:15:a7:5e:ab:85:ee:b7:8c:20:
+         dc:eb:17:a3:f2:66:63:aa:6b:67:e0:62:1f:17:3e:ac
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAwSgAwIBAgIUN2cqBSS1K7auQGvhdeCXzB0SiyowCgYIKoZIzj0EAwIw
+gY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBVNhbGVt
+MRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0MRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
+HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBjTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVu
+dCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
+MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABFW/9A9EUJo9zpu38MVN9XB71OwkjhmA7FpMoiQDYiyb2u+iNRJD
+hHYWxlaVBswBqb32dRpC972psjYiX8ddf7SjggE+MIIBOjAdBgNVHQ4EFgQU69RL
+WWuVYT9RV7YETYlBiERcq/Iwgc0GA1UdIwSBxTCBwoAU69RLWWuVYT9RV7YETYlB
+iERcq/KhgZOkgZAwgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAM
+BgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0
+MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
+d29sZnNzbC5jb22CFDdnKgUktSu2rkBr4XXgl8wdEosqMAwGA1UdEwQFMAMBAf8w
+HAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0cAMEQCIHptxb1vnVRPxUzQEowxO7YX
+gJ7HNPjF2vthIzXmkzW0AiAbaobEEb58Fadeq4Xut4wg3OsXo/JmY6prZ+BiHxc+
+rA==
+-----END CERTIFICATE-----

examples/certs/client-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG
+w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ
+W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf
+G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN
+rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY
+E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u
+bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl
+yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac
+PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T
+K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk
+VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU
+bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m
+bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN
+p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4
+G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m
+JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc
+N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS
+ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe
+CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL
+78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c
+YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO
+8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue
+42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T
+f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA
+62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw==
+-----END RSA PRIVATE KEY-----

examples/certs/crl/cliCrl.pem

@@ -0,0 +1,42 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                8
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+         52:11:97:57:04:d7:e2:14:1f:c4:7f:a2:d8:cf:4c:b7:5b:0c:
+         d3:ac:ca:29:10:74:09:2f:3d:fb:4d:75:3e:32:21:5a:0f:41:
+         5f:cc:e7:98:f8:ea:8e:e2:c9:57:60:b6:a3:b0:70:10:18:b9:
+         86:a3:65:1e:3a:88:13:df:44:18:15:51:00:f6:33:d6:ab:90:
+         18:93:df:ac:7d:15:5c:6a:63:55:d1:4d:41:37:03:89:86:65:
+         fa:fb:d7:b1:73:db:c3:43:08:ff:89:94:89:b1:b4:ad:96:78:
+         52:92:50:8c:0a:5d:ca:29:8b:e0:bc:ca:88:c0:7a:52:48:d3:
+         cf:09:03:08:5f:a1:b9:16:b0:55:5e:11:60:7f:73:9a:98:05:
+         54:97:bf:eb:0e:04:61:4f:b4:40:23:61:9a:07:69:78:fc:16:
+         de:f4:54:04:cf:f0:2b:07:8d:51:9e:6b:b5:77:c4:13:2c:a3:
+         40:99:ed:fa:f4:00:4a:45:36:da:52:9d:dc:88:66:3e:03:f0:
+         20:ce:54:a4:56:58:a8:9e:30:78:e8:42:2d:a8:0f:9b:c4:a9:
+         ab:13:c2:4e:ec:be:2e:99:16:56:2f:22:86:96:27:1d:30:80:
+         7d:a5:f8:45:ef:93:b4:63:13:96:4f:6a:df:a0:11:3b:52:be:
+         93:03:7a:81
+-----BEGIN X509 CRL-----
+MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
+MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
+MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQwEgIBAhcNMjQwMTA5MDAzNDMwWqAO
+MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAFIRl1cE1+IUH8R/otjP
+TLdbDNOsyikQdAkvPftNdT4yIVoPQV/M55j46o7iyVdgtqOwcBAYuYajZR46iBPf
+RBgVUQD2M9arkBiT36x9FVxqY1XRTUE3A4mGZfr717Fz28NDCP+JlImxtK2WeFKS
+UIwKXcopi+C8yojAelJI088JAwhfobkWsFVeEWB/c5qYBVSXv+sOBGFPtEAjYZoH
+aXj8Ft70VATP8CsHjVGea7V3xBMso0CZ7fr0AEpFNtpSndyIZj4D8CDOVKRWWKie
+MHjoQi2oD5vEqasTwk7svi6ZFlYvIoaWJx0wgH2l+EXvk7RjE5ZPat+gETtSvpMD
+eoE=
+-----END X509 CRL-----

examples/certs/crl/crl.pem

@@ -0,0 +1,41 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                2
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
+         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
+         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
+         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
+         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
+         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
+         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
+         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
+         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
+         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
+         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
+         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
+         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
+         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
+         ab:74:82:8b
+-----BEGIN X509 CRL-----
+MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
+MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
+jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
+uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
+C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
+dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
+lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
+-----END X509 CRL-----

examples/certs/crl/crl.revoked

@@ -0,0 +1,44 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                3
+Revoked Certificates:
+    Serial Number: 01
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Serial Number: 02
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+         35:50:96:da:71:71:90:d5:b7:37:5a:a6:b9:09:07:2f:af:c9:
+         e0:02:32:6a:43:6e:20:ec:20:a4:ac:d0:39:a9:19:35:d0:d2:
+         6f:bb:d1:cd:46:10:a7:cb:8a:be:0a:02:a2:91:f5:29:74:ee:
+         34:83:a3:8c:a0:ca:39:af:94:4a:23:d7:56:57:6b:cc:c6:eb:
+         b0:ce:9f:0a:e1:b0:a8:12:6b:6a:8b:21:73:22:6f:49:41:cd:
+         fd:85:44:d1:fa:52:6b:2f:b2:2b:02:e7:43:0e:f1:92:bc:15:
+         8f:22:28:49:25:69:93:d8:50:10:2f:93:e2:f5:b0:31:5c:eb:
+         1a:35:e2:40:83:25:87:55:4d:c0:85:06:37:9e:23:44:80:a1:
+         f9:e2:eb:9c:90:28:7a:71:d8:55:a2:8b:70:32:31:33:26:70:
+         fe:1d:11:d5:4b:c1:04:47:19:59:44:8f:0b:0a:ec:d6:62:40:
+         8a:6f:67:2e:6a:50:38:54:35:c9:f8:d5:ec:e8:ae:93:88:3d:
+         a0:40:81:2c:e0:fe:f7:c8:68:24:8e:41:04:88:af:94:82:97:
+         75:e5:69:4c:22:1d:f9:67:53:a3:4c:a3:db:bf:55:08:e7:3a:
+         07:67:a2:28:25:63:af:f8:0e:c7:d3:c1:77:ef:20:20:20:63:
+         9e:5c:22:81
+-----BEGIN X509 CRL-----
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAxMDkwMDM0MzBa
+Fw0yNjEwMDUwMDM0MzBaMCgwEgIBARcNMjQwMTA5MDAzNDMwWjASAgECFw0yNDAx
+MDkwMDM0MzBaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEANVCW
+2nFxkNW3N1qmuQkHL6/J4AIyakNuIOwgpKzQOakZNdDSb7vRzUYQp8uKvgoCopH1
+KXTuNIOjjKDKOa+USiPXVldrzMbrsM6fCuGwqBJraoshcyJvSUHN/YVE0fpSay+y
+KwLnQw7xkrwVjyIoSSVpk9hQEC+T4vWwMVzrGjXiQIMlh1VNwIUGN54jRICh+eLr
+nJAoenHYVaKLcDIxMyZw/h0R1UvBBEcZWUSPCwrs1mJAim9nLmpQOFQ1yfjV7Oiu
+k4g9oECBLOD+98hoJI5BBIivlIKXdeVpTCId+WdTo0yj279VCOc6B2eiKCVjr/gO
+x9PBd+8gICBjnlwigQ==
+-----END X509 CRL-----

examples/certs/crl/eccCliCRL.pem

@@ -0,0 +1,26 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                9
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:3b:07:f1:6c:fb:19:62:f2:56:2a:5c:21:a3:7d:
+         bf:06:33:3e:b4:53:01:f3:f5:0e:e6:ca:f5:b9:26:7e:4d:ca:
+         02:21:00:dd:04:d6:b1:18:01:b7:d6:ca:d9:7b:29:53:cf:9e:
+         ad:38:ef:fa:70:2c:41:74:ba:ce:e6:77:1f:22:86:f0:e3
+-----BEGIN X509 CRL-----
+MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
+Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
+BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1MDAz
+NDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
+SM49BAMCA0gAMEUCIDsH8Wz7GWLyVipcIaN9vwYzPrRTAfP1DubK9bkmfk3KAiEA
+3QTWsRgBt9bK2XspU8+erTjv+nAsQXS6zuZ3HyKG8OM=
+-----END X509 CRL-----

examples/certs/crl/eccSrvCRL.pem

@@ -0,0 +1,26 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                10
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:4e:83:3e:21:ee:69:a6:f2:7e:87:45:10:5c:60:
+         ad:24:49:1e:0f:9e:1f:81:03:00:43:a9:e6:1b:63:27:3f:6b:
+         02:21:00:b2:7f:bd:3d:af:c4:f5:ff:82:3f:b7:6a:56:25:7c:
+         07:85:54:d9:19:44:42:60:b4:8a:e3:55:f4:a4:96:c7:d1
+-----BEGIN X509 CRL-----
+MIIBPzCB5gIBATAKBggqhkjOPQQDAjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
+MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1
+MDAzNDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEKMAoG
+CCqGSM49BAMCA0gAMEUCIE6DPiHuaabyfodFEFxgrSRJHg+eH4EDAEOp5htjJz9r
+AiEAsn+9Pa/E9f+CP7dqViV8B4VU2RlEQmC0iuNV9KSWx9E=
+-----END X509 CRL-----

examples/certs/dh2048.pem

@@ -0,0 +1,29 @@
+Diffie-Hellman-Parameters: (2048 bit)
+    prime:
+        00:b0:a1:08:06:9c:08:13:ba:59:06:3c:bc:30:d5:
+        f5:00:c1:4f:44:a7:d6:ef:4a:c6:25:27:1c:e8:d2:
+        96:53:0a:5c:91:dd:a2:c2:94:84:bf:7d:b2:44:9f:
+        9b:d2:c1:8a:c5:be:72:5c:a7:e7:91:e6:d4:9f:73:
+        07:85:5b:66:48:c7:70:fa:b4:ee:02:c9:3d:9a:4a:
+        da:3d:c1:46:3e:19:69:d1:17:46:07:a3:4d:9f:2b:
+        96:17:39:6d:30:8d:2a:f3:94:d3:75:cf:a0:75:e6:
+        f2:92:1f:1a:70:05:aa:04:83:57:30:fb:da:76:93:
+        38:50:e8:27:fd:63:ee:3c:e5:b7:c8:09:ae:6f:50:
+        35:8e:84:ce:4a:00:e9:12:7e:5a:31:d7:33:fc:21:
+        13:76:cc:16:30:db:0c:fc:c5:62:a7:35:b8:ef:b7:
+        b0:ac:c0:36:f6:d9:c9:46:48:f9:40:90:00:2b:1b:
+        aa:6c:e3:1a:c3:0b:03:9e:1b:c2:46:e4:48:4e:22:
+        73:6f:c3:5f:d4:9a:d6:30:07:48:d6:8c:90:ab:d4:
+        f6:f1:e3:48:d3:58:4b:a6:b9:cd:29:bf:68:1f:08:
+        4b:63:86:2f:5c:6b:d6:b6:06:65:f7:a6:dc:00:67:
+        6b:bb:c3:a9:41:83:fb:c7:fa:c8:e2:1e:7e:af:00:
+        3f:93
+    generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE
+v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN
+nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1
+joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa
+wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW
+tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==
+-----END DH PARAMETERS-----