ECC: Disable ECC but have Curve25519/448 and PK callbacks fix

Fix ed25519 certificates.
Tidy up testsuite.c

certs/ed25519/ca-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEIAw37caag1d0w0pY63b7oe9Frg8SA0rLDtnWWDl7MafZ
-oSIEIKqWfWdx1/6tqF8UGL4C0BV+gGS5IXuyP3x0bv/1hOKB
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAQjt6+YLP+d8Z3fPwMilt+v12T2jCwuBsR67CVWisDU0=
+-----END PUBLIC KEY-----

certs/ed25519/ca-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIAw37caag1d0w0pY63b7oe9Frg8SA0rLDtnWWDl7MafZ
+MC4CAQAwBQYDK2VwBCIEIPhVt7ZJP5mciOPFQmqkR0rkldrbv/inQp0O59BXjxZp
 -----END PRIVATE KEY-----

certs/ed25519/ca-ed25519.pem

@@ -1,15 +1,47 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    42:3b:7a:f9:82:cf:f9:df:19:dd:f3:f0:32:29:6d:
+                    fa:fd:76:4f:68:c2:c2:e0:6c:47:ae:c2:55:68:ac:
+                    0d:4d
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+            X509v3 Authority Key Identifier: 
+                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ED25519
+         da:fe:58:53:89:43:85:98:35:dc:13:1c:a3:f1:1f:8d:26:be:
+         b6:a2:fc:b7:fe:9c:b9:35:69:31:7e:d4:b9:11:45:16:a2:29:
+         35:a9:74:a7:97:da:7e:71:4f:b1:72:5d:75:17:ac:e3:f6:b8:
+         ce:1e:e4:8a:95:ba:cd:1d:ce:0d
 -----BEGIN CERTIFICATE-----
-MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe
-MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G
-A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF
-BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+
-3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F
+MIICTDCCAf6gAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
+MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDMx
+MDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAqMAUGAytlcAMh
+AEI7evmCz/nfGd3z8DIpbfr9dk9owsLgbEeuwlVorA1No2MwYTAdBgNVHQ4EFgQU
+dNU4GV6DuQP4AYo1NbuJTEm0I+kwHwYDVR0jBBgwFoAU+rpbdh3xHR1NdEjYmDtW
+77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VwA0EA
+2v5YU4lDhZg13BMco/EfjSa+tqL8t/6cuTVpMX7UuRFFFqIpNal0p5fafnFPsXJd
+dRes4/a4zh7kipW6zR3ODQ==
 -----END CERTIFICATE-----

certs/ed25519/client-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEICkn2+pW4KyBhuv1IuoymGLEqp9hTFcALhcvKrmHgkhs
-oSIEIE6fglljSpes+m6VbFo7Uuuj2ef2J7uJ+3e046zCCGrA
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA5ldbExvHURRr7Tv10fqrnmy26wIJo5n1br+dPP5UOeY=
+-----END PUBLIC KEY-----

certs/ed25519/client-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEICkn2+pW4KyBhuv1IuoymGLEqp9hTFcALhcvKrmHgkhs
+MC4CAQAwBQYDK2VwBCIEIJK1TOyvgca7AdbV3r03l1rSxvbDhbU75uTsMunHylLr
 -----END PRIVATE KEY-----

certs/ed25519/client-ed25519.pem

@@ -1,15 +1,57 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            40:66:c6:11:bc:00:f8:51:f9:e4:4b:bb:0b:ad:c1:09:38:b0:4a:e4
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    e6:57:5b:13:1b:c7:51:14:6b:ed:3b:f5:d1:fa:ab:
+                    9e:6c:b6:eb:02:09:a3:99:f5:6e:bf:9d:3c:fe:54:
+                    39:e6
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A
+            X509v3 Authority Key Identifier: 
+                keyid:FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A
+                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_ed25519/OU=Client-ed25519/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:40:66:C6:11:BC:00:F8:51:F9:E4:4B:BB:0B:AD:C1:09:38:B0:4A:E4
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Alternative Name: 
+                DNS:example.com, IP Address:127.0.0.1
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: ED25519
+         e0:87:e2:ce:d3:87:77:9d:f7:44:c0:73:00:ff:07:6d:2e:90:
+         90:5c:bf:30:46:9c:75:a9:48:50:8a:da:09:0f:a8:a8:04:b4:
+         33:c8:f4:28:61:9e:c2:a5:19:b7:70:1e:69:cd:49:5c:9a:f3:
+         81:e0:de:38:b3:37:ff:33:bb:07
 -----BEGIN CERTIFICATE-----
-MIICTDCCAf6gAwIBAgIQFcHfya6OWie0wxPOBaz6TDAFBgMrZXAwgZsxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ8wDQYD
-VQQEDAZjbGllbnQxEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkx
-GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEZMBcGA1UEBQAQaW5mb0B3b2xmc3Ns
-LmNvbTAiGA8yMDIxMDIwOTE5NTAwNFoYDzIwMjMwMjEwMTk1MDA0WjCBmzELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xDzAN
-BgNVBAQMBmNsaWVudDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx
-OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZz
-c2wuY29tMCowBQYDK2VwAyEATp+CWWNKl6z6bpVsWjtS66PZ5/Ynu4n7d7TjrMII
-asCjUjBQMB0GA1UdDgQWBBQxmyle67rNf5gcL3e47pgvKH2Z+DAfBgNVHSMEGDAW
-gBQxmyle67rNf5gcL3e47pgvKH2Z+DAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EA
-2DDJOFXo02UBBQyoCvcK5n21/GJmFQiwlQQICFMzq//6xYm8eYtNN/RkCnBDysvj
-p6jnAwZw6/MMujoxC3PtCg==
+MIIDVDCCAwagAwIBAgIUQGbGEbwA+FH55Eu7C63BCTiwSuQwBQYDK2VwMIGfMQsw
+CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
+MBYGA1UECgwPd29sZlNTTF9lZDI1NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQyNTUx
+OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
+QHdvbGZzc2wuY29tMB4XDTIxMDMxMDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZ8x
+CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu
+MRgwFgYDVQQKDA93b2xmU1NMX2VkMjU1MTkxFzAVBgNVBAsMDkNsaWVudC1lZDI1
+NTE5MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb20wKjAFBgMrZXADIQDmV1sTG8dRFGvtO/XR+quebLbrAgmj
+mfVuv508/lQ55qOCAVAwggFMMB0GA1UdDgQWBBT+QV4+geIuRrM+R4mQ1MK0jhHW
+ijCB3wYDVR0jBIHXMIHUgBT+QV4+geIuRrM+R4mQ1MK0jhHWiqGBpaSBojCBnzEL
+MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
+GDAWBgNVBAoMD3dvbGZTU0xfZWQyNTUxOTEXMBUGA1UECwwOQ2xpZW50LWVkMjU1
+MTkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
+b0B3b2xmc3NsLmNvbYIUQGbGEbwA+FH55Eu7C63BCTiwSuQwDAYDVR0TBAUwAwEB
+/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEF
+BQcDAQYIKwYBBQUHAwIwBQYDK2VwA0EA4IfiztOHd533RMBzAP8HbS6QkFy/MEac
+dalIUIraCQ+oqAS0M8j0KGGewqUZt3Aeac1JXJrzgeDeOLM3/zO7Bw==
 -----END CERTIFICATE-----

certs/ed25519/root-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEIPUBUd1CTNITOelSbDQlzuGA30xv42CVcvpe92sq7N+o
-oSIEIIgura+qJ+c7nKcbmd2OK5+dL++bfwkNtP5Cs9JL+nwO
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA6bNvfHCKq8pUIE5kdjwaT/f6Xkr/89u5ZC0QpQxaP9o=
+-----END PUBLIC KEY-----

certs/ed25519/root-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIPUBUd1CTNITOelSbDQlzuGA30xv42CVcvpe92sq7N+o
+MC4CAQAwBQYDK2VwBCIEIFcyr6XNVwsNpxIoY6ENIWmuvF/LJs2xkuvuxmoPrf1w
 -----END PRIVATE KEY-----

certs/ed25519/root-ed25519.pem

@@ -1,15 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3c:8f:b8:f9:5c:f1:81:97:76:e0:cc:04:c6:f6:77:7b:4f:92:4c:c6
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    e9:b3:6f:7c:70:8a:ab:ca:54:20:4e:64:76:3c:1a:
+                    4f:f7:fa:5e:4a:ff:f3:db:b9:64:2d:10:a5:0c:5a:
+                    3f:da
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+            X509v3 Authority Key Identifier: 
+                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ED25519
+         44:f7:5d:ad:c0:68:5e:0c:af:c5:dd:da:a4:f9:34:4f:33:4f:
+         b3:db:bb:b6:36:67:f4:4d:63:a5:61:e8:b8:98:b7:e7:d3:52:
+         8b:fb:ca:61:97:db:34:55:63:a8:27:e8:22:16:b6:a9:f1:8d:
+         0e:f8:d1:56:08:45:b6:40:d9:09
 -----BEGIN CERTIFICATE-----
-MIICVjCCAgigAwIBAgIQYlI7cNFaPvFoHcYXLFMPzTAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wKjAFBgMrZXADIQCILq2vqifnO5ynG5ndjiufnS/vm38JDbT+QrPSS/p8DqNg
-MF4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUGXoJpuYmX18GUs5jJFqPXHE9u3cw
-HwYDVR0jBBgwFoAUGXoJpuYmX18GUs5jJFqPXHE9u3cwDgYDVR0PAQH/BAQDAgHG
-MAUGAytlcANBAOzVbL+V/Ik567gy9xUG5NwC1PE/SXEl6pNWTewxHAj8wU1IkDLT
-FLYfC9ezVkWy9aOYaLH79T63Hl/tIahybgc=
+MIICYTCCAhOgAwIBAgIUPI+4+VzxgZd24MwExvZ3e0+STMYwBQYDK2VwMIGdMQsw
+CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
+MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
+GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
+b2xmc3NsLmNvbTAeFw0yMTAzMTAwNjQ5MDNaFw0yMzEyMDUwNjQ5MDNaMIGdMQsw
+CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
+MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
+GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
+b2xmc3NsLmNvbTAqMAUGAytlcAMhAOmzb3xwiqvKVCBOZHY8Gk/3+l5K//PbuWQt
+EKUMWj/ao2MwYTAdBgNVHQ4EFgQU+rpbdh3xHR1NdEjYmDtW77MU894wHwYDVR0j
+BBgwFoAU+rpbdh3xHR1NdEjYmDtW77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAYYwBQYDK2VwA0EARPddrcBoXgyvxd3apPk0TzNPs9u7tjZn9E1j
+pWHouJi359NSi/vKYZfbNFVjqCfoIha2qfGNDvjRVghFtkDZCQ==
 -----END CERTIFICATE-----

certs/ed25519/server-ed25519-cert.pem

@@ -1,30 +1,52 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    23:aa:4d:60:50:e0:13:d3:3a:ed:ab:f6:a9:cc:4a:
+                    fe:d7:4d:2f:d2:5b:1a:10:05:ef:5a:41:25:ce:1b:
+                    53:78
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
+            X509v3 Authority Key Identifier: 
+                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            Netscape Cert Type: 
+                SSL Server
+    Signature Algorithm: ED25519
+         f3:c2:ef:8b:55:65:4f:bc:e3:df:fc:d8:a1:ad:8e:43:07:73:
+         c8:58:c3:46:0a:c1:f1:4d:3f:fb:3d:78:e6:76:58:26:ce:d7:
+         59:55:ec:c5:b5:b4:05:ed:f9:d4:97:69:66:d6:2c:1b:43:5a:
+         51:5c:be:10:28:95:c4:96:af:00
 -----BEGIN CERTIFICATE-----
-MIICRjCCAfigAwIBAgIQQyBFY/XbM3h5GPnWdnTeajAFBgMrZXAwgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCIYDzIwMjEwMjA5MTk1MDA0WhgPMjAyMzAyMTAxOTUwMDRaMIGZMQswCQYDVQQG
-EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE
-BAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAi/OP+P/p9GU5NF71Iny3X/19LSd1vDHlmtPu8us3ryijUjBQ
-MB0GA1UdDgQWBBQp8hOvwv+m0cj7fJgvDhEuOGSijjAfBgNVHSMEGDAWgBRuiw3J
-LFlDYK+lMoVs9XTzulSbzDAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EAo/sGXBKn
-xIvogGi7VbdCmq1KbS04WEC2Kiu6DI22jOpQecqeUQ+iJ+Ua7tIlSsv0NPqqraq8
-KKxhcSh1nWQbDQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe
-MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G
-A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF
-BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+
-3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F
+MIICdTCCAiegAwIBAgIBATAFBgMrZXAwgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMTAzMTAw
+NjQ5MDNaFw0yMzEyMDUwNjQ5MDNaMIGfMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
+TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9lZDI1
+NTE5MRcwFQYDVQQLDA5TZXJ2ZXItZWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCowBQYDK2Vw
+AyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3ijgYkwgYYwHQYDVR0O
+BBYEFKMpgeeQb7lg+K/MFXqu16H0tIa6MB8GA1UdIwQYMBaAFHTVOBleg7kD+AGK
+NTW7iUxJtCPpMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAFBgMrZXADQQDzwu+LVWVP
+vOPf/NihrY5DB3PIWMNGCsHxTT/7PXjmdlgmztdZVezFtbQF7fnUl2lm1iwbQ1pR
+XL4QKJXElq8A
 -----END CERTIFICATE-----

certs/ed25519/server-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEIHyd6hRAi4voY3m+UTepnRnoKo50DlIF3i9js6EkbTEG
-oSIEIIvzj/j/6fRlOTRe9SJ8t1/9fS0ndbwx5ZrT7vLrN68o
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3g=
+-----END PUBLIC KEY-----

certs/ed25519/server-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIHyd6hRAi4voY3m+UTepnRnoKo50DlIF3i9js6EkbTEG
+MC4CAQAwBQYDK2VwBCIEII6YRLBUgcY6R9j7wza/GXBhCSN24xxvgziuSVXFnoci
 -----END PRIVATE KEY-----

certs/ed25519/server-ed25519.pem

@@ -1,30 +1,99 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    23:aa:4d:60:50:e0:13:d3:3a:ed:ab:f6:a9:cc:4a:
+                    fe:d7:4d:2f:d2:5b:1a:10:05:ef:5a:41:25:ce:1b:
+                    53:78
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
+            X509v3 Authority Key Identifier: 
+                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            Netscape Cert Type: 
+                SSL Server
+    Signature Algorithm: ED25519
+         f3:c2:ef:8b:55:65:4f:bc:e3:df:fc:d8:a1:ad:8e:43:07:73:
+         c8:58:c3:46:0a:c1:f1:4d:3f:fb:3d:78:e6:76:58:26:ce:d7:
+         59:55:ec:c5:b5:b4:05:ed:f9:d4:97:69:66:d6:2c:1b:43:5a:
+         51:5c:be:10:28:95:c4:96:af:00
 -----BEGIN CERTIFICATE-----
-MIICRjCCAfigAwIBAgIQQyBFY/XbM3h5GPnWdnTeajAFBgMrZXAwgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCIYDzIwMjEwMjA5MTk1MDA0WhgPMjAyMzAyMTAxOTUwMDRaMIGZMQswCQYDVQQG
-EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE
-BAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAi/OP+P/p9GU5NF71Iny3X/19LSd1vDHlmtPu8us3ryijUjBQ
-MB0GA1UdDgQWBBQp8hOvwv+m0cj7fJgvDhEuOGSijjAfBgNVHSMEGDAWgBRuiw3J
-LFlDYK+lMoVs9XTzulSbzDAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EAo/sGXBKn
-xIvogGi7VbdCmq1KbS04WEC2Kiu6DI22jOpQecqeUQ+iJ+Ua7tIlSsv0NPqqraq8
-KKxhcSh1nWQbDQ==
+MIICdTCCAiegAwIBAgIBATAFBgMrZXAwgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMTAzMTAw
+NjQ5MDNaFw0yMzEyMDUwNjQ5MDNaMIGfMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
+TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9lZDI1
+NTE5MRcwFQYDVQQLDA5TZXJ2ZXItZWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCowBQYDK2Vw
+AyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3ijgYkwgYYwHQYDVR0O
+BBYEFKMpgeeQb7lg+K/MFXqu16H0tIa6MB8GA1UdIwQYMBaAFHTVOBleg7kD+AGK
+NTW7iUxJtCPpMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAFBgMrZXADQQDzwu+LVWVP
+vOPf/NihrY5DB3PIWMNGCsHxTT/7PXjmdlgmztdZVezFtbQF7fnUl2lm1iwbQ1pR
+XL4QKJXElq8A
 -----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    42:3b:7a:f9:82:cf:f9:df:19:dd:f3:f0:32:29:6d:
+                    fa:fd:76:4f:68:c2:c2:e0:6c:47:ae:c2:55:68:ac:
+                    0d:4d
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+            X509v3 Authority Key Identifier: 
+                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ED25519
+         da:fe:58:53:89:43:85:98:35:dc:13:1c:a3:f1:1f:8d:26:be:
+         b6:a2:fc:b7:fe:9c:b9:35:69:31:7e:d4:b9:11:45:16:a2:29:
+         35:a9:74:a7:97:da:7e:71:4f:b1:72:5d:75:17:ac:e3:f6:b8:
+         ce:1e:e4:8a:95:ba:cd:1d:ce:0d
 -----BEGIN CERTIFICATE-----
-MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe
-MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G
-A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF
-BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+
-3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F
+MIICTDCCAf6gAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
+MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDMx
+MDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAqMAUGAytlcAMh
+AEI7evmCz/nfGd3z8DIpbfr9dk9owsLgbEeuwlVorA1No2MwYTAdBgNVHQ4EFgQU
+dNU4GV6DuQP4AYo1NbuJTEm0I+kwHwYDVR0jBBgwFoAU+rpbdh3xHR1NdEjYmDtW
+77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VwA0EA
+2v5YU4lDhZg13BMco/EfjSa+tqL8t/6cuTVpMX7UuRFFFqIpNal0p5fafnFPsXJd
+dRes4/a4zh7kipW6zR3ODQ==
 -----END CERTIFICATE-----

src/internal.c

@@ -24108,9 +24108,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     }
                     else
                 #endif
+                #ifdef HAVE_ECC
                     if (ssl->ctx->EccSharedSecretCb != NULL) {
                         break;
                     }
+                    else
+                #endif
+                    {
+                    }
             #endif /* HAVE_PK_CALLBACKS */
 
                 #ifdef HAVE_CURVE25519

tests/test-ed25519.conf

@@ -2,7 +2,7 @@
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/ed25519/server-ed25519.pem
--k ./certs/ed25519/server-ed25519-key.pem
+-k ./certs/ed25519/server-ed25519-priv.pem
 -d
 
 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
@@ -28,7 +28,7 @@
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/ed25519/server-ed25519.pem
--k ./certs/ed25519/server-ed25519-key.pem
+-k ./certs/ed25519/server-ed25519-priv.pem
 -A ./certs/ed25519/client-ed25519.pem
 -V
 # Remove -V when CRL for ED25519 certificates available.
@@ -37,7 +37,7 @@
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/ed25519/client-ed25519.pem
--k ./certs/ed25519/client-ed25519-key.pem
+-k ./certs/ed25519/client-ed25519-priv.pem
 -A ./certs/ed25519/root-ed25519.pem
 -C
 
@@ -45,7 +45,7 @@
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -c ./certs/ed25519/server-ed25519.pem
--k ./certs/ed25519/server-ed25519-key.pem
+-k ./certs/ed25519/server-ed25519-priv.pem
 -d
 
 # client TLSv1.3 TLS13-AES128-GCM-SHA256
@@ -59,7 +59,7 @@
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -c ./certs/ed25519/server-ed25519.pem
--k ./certs/ed25519/server-ed25519-key.pem
+-k ./certs/ed25519/server-ed25519-priv.pem
 -A ./certs/ed25519/client-ed25519.pem
 -V
 # Remove -V when CRL for ED25519 certificates available.
@@ -68,7 +68,7 @@
 -v 4
 -l TLS13-AES128-GCM-SHA256
 -c ./certs/ed25519/client-ed25519.pem
--k ./certs/ed25519/client-ed25519-key.pem
+-k ./certs/ed25519/client-ed25519-priv.pem
 -A ./certs/ed25519/root-ed25519.pem
 -C
 

testsuite/testsuite.c

@@ -56,6 +56,10 @@ static THREAD_RETURN simple_test(func_args*);
 #else
 static void simple_test(func_args*);
 #endif
+static int test_tls(func_args* server_args);
+static void show_ciphers(void);
+static void cleanup_output(void);
+static int validate_cleanup_output(void);
 
 enum {
     NUMARGS = 3
@@ -79,6 +83,7 @@ char* myoptarg = NULL;
 #endif /* NO_TESTSUITE_MAIN_DRIVER */
 
 #ifdef HAVE_STACK_SIZE
+/* Wrap TLS echo client to free thread locals. */
 static void *echoclient_test_wrapper(void* args) {
     echoclient_test(args);
 
@@ -108,8 +113,9 @@ int testsuite_test(int argc, char** argv)
     int num = 6;
 #endif
 #ifdef HAVE_STACK_SIZE
-    void *serverThreadStackContext = 0;
+    void *serverThreadStackContext = NULL;
 #endif
+    int ret;
 
 #ifdef HAVE_WNR
     if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) {
@@ -158,94 +164,42 @@ int testsuite_test(int argc, char** argv)
     if (server_args.return_code != 0) return server_args.return_code;
     /* Echo input wolfSSL client server test */
     #ifdef HAVE_STACK_SIZE
-        StackSizeCheck_launch(&server_args, echoserver_test, &serverThread, &serverThreadStackContext);
+        StackSizeCheck_launch(&server_args, echoserver_test, &serverThread,
+                              &serverThreadStackContext);
     #else
         start_thread(echoserver_test, &server_args, &serverThread);
     #endif
-    wait_tcp_ready(&server_args);
-    {
-        func_args echo_args;
-        char* myArgv[NUMARGS];
-
-        char arg[3][32];
-
-        myArgv[0] = arg[0];
-        myArgv[1] = arg[1];
-        myArgv[2] = arg[2];
-
-        echo_args.argc = 3;
-        echo_args.argv = myArgv;
-
-        /* Create unique file name */
-        outputName = mymktemp(tempName, len, num);
-        if (outputName == NULL) {
-            printf("Could not create unique file name");
-            return EXIT_FAILURE;
-        }
-
-        strcpy(arg[0], "testsuite");
-        strcpy(arg[1], "input");
-        strcpy(arg[2], outputName);
-
-        /* Share the signal, it has the new port number in it. */
-        echo_args.signal = server_args.signal;
-
-        /* make sure OK */
-
-    #ifdef HAVE_STACK_SIZE
-        fputs("echoclient_test #1: ", stdout);
-        StackSizeCheck(&echo_args, echoclient_test_wrapper);
-    #else
-        echoclient_test(&echo_args);
-    #endif
-        if (echo_args.return_code != 0) return echo_args.return_code;
 
-#ifdef WOLFSSL_DTLS
-        wait_tcp_ready(&server_args);
-#endif
-        /* send quit to echoserver */
-        echo_args.argc = 2;
-        strcpy(echo_args.argv[1], "quit");
+    /* Create unique file name */
+    outputName = mymktemp(tempName, len, num);
+    if (outputName == NULL) {
+        printf("Could not create unique file name");
+        return EXIT_FAILURE;
+    }
 
-    #ifdef HAVE_STACK_SIZE
-        fputs("echoclient_test #2: ", stdout);
-        StackSizeCheck(&echo_args, echoclient_test_wrapper);
-    #else
-        echoclient_test(&echo_args);
-    #endif
-        if (echo_args.return_code != 0) return echo_args.return_code;
-        #ifdef HAVE_STACK_SIZE
-            fputs("reaping echoserver_test: ", stdout);
-            StackSizeCheck_reap(serverThread, serverThreadStackContext);
-        #else
-            join_thread(serverThread);
-        #endif
-        if (server_args.return_code != 0) return server_args.return_code;
+    ret = test_tls(&server_args);
+    if (ret != 0) {
+        cleanup_output();
+        return ret;
     }
 
-    /* show ciphers */
-    {
-        char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
-        XMEMSET(ciphers, 0, sizeof(ciphers));
-        wolfSSL_get_ciphers(ciphers, sizeof(ciphers)-1);
-        printf("ciphers = %s\n", ciphers);
+    /* Server won't quit unless TLS test has worked. */
+#ifdef HAVE_STACK_SIZE
+    fputs("reaping echoserver_test: ", stdout);
+    StackSizeCheck_reap(serverThread, serverThreadStackContext);
+#else
+    join_thread(serverThread);
+#endif
+    if (server_args.return_code != 0) {
+        cleanup_output();
+        return server_args.return_code;
     }
 
-    /* validate output equals input */
-    {
-    #ifndef NO_SHA256
-        byte input[WC_SHA256_DIGEST_SIZE];
-        byte output[WC_SHA256_DIGEST_SIZE];
+    show_ciphers();
 
-        file_test("input",  input);
-        file_test(outputName, output);
-    #endif
-        remove(outputName);
-    #ifndef NO_SHA256
-        if (memcmp(input, output, sizeof(input)) != 0)
-            return EXIT_FAILURE;
-    #endif
-    }
+    ret = validate_cleanup_output();
+    if (ret != 0)
+        return EXIT_FAILURE;
 
     wolfSSL_Cleanup();
     FreeTcpReady(&ready);
@@ -270,6 +224,114 @@ int testsuite_test(int argc, char** argv)
 }
 
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
+/* Perform a basic TLS handshake.
+ *
+ * First connection to echo a file.
+ * Second to tell TLS server to quit.
+ *
+ * @param [in,out] server_args   Object sent to server thread.
+ * @return  0 on success.
+ * @return  echoclient error return code on failure.
+ */
+static int test_tls(func_args* server_args)
+{
+    func_args echo_args;
+    char* myArgv[NUMARGS];
+    char arg[3][32];
+
+    /* Set up command line arguments for echoclient to send input file
+     * and write echoed data to temporary output file. */
+    myArgv[0] = arg[0];
+    myArgv[1] = arg[1];
+    myArgv[2] = arg[2];
+
+    echo_args.argc = 3;
+    echo_args.argv = myArgv;
+
+    strcpy(arg[0], "testsuite");
+    strcpy(arg[1], "input");
+    strcpy(arg[2], outputName);
+
+    /* Share the signal, it has the new port number in it. */
+    echo_args.signal = server_args->signal;
+
+    /* Ready to execute client - wait for server to be ready. */
+    wait_tcp_ready(server_args);
+
+    /* Do a client TLS connection. */
+#ifdef HAVE_STACK_SIZE
+    fputs("echoclient_test #1: ", stdout);
+    StackSizeCheck(&echo_args, echoclient_test_wrapper);
+#else
+    echoclient_test(&echo_args);
+#endif
+    if (echo_args.return_code != 0)
+        return echo_args.return_code;
+
+#ifdef WOLFSSL_DTLS
+    /* Ensure server is ready for UDP data. */
+    wait_tcp_ready(server_args);
+#endif
+
+    /* Next client connection - send quit to shutdown server. */
+    echo_args.argc = 2;
+    strcpy(echo_args.argv[1], "quit");
+
+    /* Do a client TLS connection. */
+#ifdef HAVE_STACK_SIZE
+    fputs("echoclient_test #2: ", stdout);
+    StackSizeCheck(&echo_args, echoclient_test_wrapper);
+#else
+    echoclient_test(&echo_args);
+#endif
+    if (echo_args.return_code != 0)
+        return echo_args.return_code;
+
+    return 0;
+}
+
+/* Show cipher suites available. */
+static void show_ciphers()
+{
+    char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
+    XMEMSET(ciphers, 0, sizeof(ciphers));
+    wolfSSL_get_ciphers(ciphers, sizeof(ciphers)-1);
+    printf("ciphers = %s\n", ciphers);
+}
+
+/* Cleanup temporary output file. */
+static void cleanup_output()
+{
+    remove(outputName);
+}
+
+/* Validate output equals input using a hash. Remove temporary output file.
+ *
+ * @return  0 on success.
+ * @return  1 on failure.
+ */
+static int validate_cleanup_output()
+{
+#ifndef NO_SHA256
+    byte input[WC_SHA256_DIGEST_SIZE];
+    byte output[WC_SHA256_DIGEST_SIZE];
+
+    file_test("input",  input);
+    file_test(outputName, output);
+#endif
+    cleanup_output();
+#ifndef NO_SHA256
+    if (memcmp(input, output, sizeof(input)) != 0)
+        return 1;
+#endif
+    return 0;
+}
+
+/* Simple server.
+ *
+ * @param [in] args  Object for server data in thread.
+ * @return  Return code.
+ */
 #ifdef HAVE_STACK_SIZE
 static THREAD_RETURN simple_test(func_args* args)
 #else
@@ -313,13 +375,13 @@ static void simple_test(func_args* args)
     strcpy(argvc[0], "SimpleClient");
     cliArgs.argv = cliArgv;
     cliArgs.return_code = 0;
-    #ifndef USE_WINDOWS_API
-        cliArgs.argc = NUMARGS;
-        strcpy(argvc[1], "-p");
-        snprintf(argvc[2], sizeof(argvc[2]), "%d", svrArgs.signal->port);
-    #else
-        cliArgs.argc = 1;
-    #endif
+#ifndef USE_WINDOWS_API
+    cliArgs.argc = NUMARGS;
+    strcpy(argvc[1], "-p");
+    snprintf(argvc[2], sizeof(argvc[2]), "%d", svrArgs.signal->port);
+#else
+    cliArgs.argc = 1;
+#endif
 
     client_test(&cliArgs);
     if (cliArgs.return_code != 0) {
@@ -339,6 +401,10 @@ static void simple_test(func_args* args)
 #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
 
 
+/* Wait for the server to be ready for a connection.
+ *
+ * @param [in] args  Object to send to thread.
+ */
 void wait_tcp_ready(func_args* args)
 {
 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
@@ -355,6 +421,12 @@ void wait_tcp_ready(func_args* args)
 }
 
 
+/* Start a thread.
+ *
+ * @param [in]  fun     Function to executre in thread.
+ * @param [in]  args    Object to send to function in thread.
+ * @param [out] thread  Handle to thread.
+ */
 void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
 {
 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
@@ -377,6 +449,10 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
 }
 
 
+/* Join thread to wait for completion.
+ *
+ * @param [in] thread  Handle to thread.
+ */
 void join_thread(THREAD_TYPE thread)
 {
 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
@@ -400,6 +476,11 @@ void join_thread(THREAD_TYPE thread)
 
 
 #ifndef NO_SHA256
+/* Create SHA-256 hash of the file based on filename.
+ *
+ * @param [in]  file   Name of file.
+ * @parma [out] check  Buffer to hold SHA-256 hash.
+ */
 void file_test(const char* file, byte* check)
 {
     FILE* f;
@@ -455,16 +536,18 @@ char* myoptarg = NULL;
 
 int main(int argc, char** argv)
 {
-    func_args server_args;
+    func_args wolfcrypt_test_args;
 
-    server_args.argc = argc;
-    server_args.argv = argv;
+    wolfcrypt_test_args.argc = argc;
+    wolfcrypt_test_args.argv = argv;
 
     wolfSSL_Init();
     ChangeToWolfRoot();
 
-    wolfcrypt_test(&server_args);
-    if (server_args.return_code != 0) return server_args.return_code;
+    /* No TLS - only doing cryptographic algorithm testing. */
+    wolfcrypt_test(&wolfcrypt_test_args);
+    if (wolfcrypt_test_args.return_code != 0)
+        return wolfcrypt_test_args.return_code;
 
     wolfSSL_Cleanup();
     printf("\nAll tests passed!\n");

wolfssl/internal.h

@@ -2978,31 +2978,31 @@ struct WOLFSSL_CTX {
         CallbackEccSign   EccSignCb;    /* User EccSign   Callback handler */
         CallbackEccVerify EccVerifyCb;  /* User EccVerify Callback handler */
         CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
-        #ifdef HAVE_ED25519
-            /* User Ed25519Sign   Callback handler */
-            CallbackEd25519Sign   Ed25519SignCb;
-            /* User Ed25519Verify Callback handler */
-            CallbackEd25519Verify Ed25519VerifyCb;
-        #endif
-        #ifdef HAVE_CURVE25519
-            /* User X25519 KeyGen Callback Handler */
-            CallbackX25519KeyGen X25519KeyGenCb;
-            /* User X25519 SharedSecret Callback handler */
-            CallbackX25519SharedSecret X25519SharedSecretCb;
-        #endif
-        #ifdef HAVE_ED448
-            /* User Ed448Sign   Callback handler */
-            CallbackEd448Sign   Ed448SignCb;
-            /* User Ed448Verify Callback handler */
-            CallbackEd448Verify Ed448VerifyCb;
-        #endif
-        #ifdef HAVE_CURVE448
-            /* User X448 KeyGen Callback Handler */
-            CallbackX448KeyGen X448KeyGenCb;
-            /* User X448 SharedSecret Callback handler */
-            CallbackX448SharedSecret X448SharedSecretCb;
-        #endif
     #endif /* HAVE_ECC */
+    #ifdef HAVE_ED25519
+        /* User Ed25519Sign   Callback handler */
+        CallbackEd25519Sign   Ed25519SignCb;
+        /* User Ed25519Verify Callback handler */
+        CallbackEd25519Verify Ed25519VerifyCb;
+    #endif
+    #ifdef HAVE_CURVE25519
+        /* User X25519 KeyGen Callback Handler */
+        CallbackX25519KeyGen X25519KeyGenCb;
+        /* User X25519 SharedSecret Callback handler */
+        CallbackX25519SharedSecret X25519SharedSecretCb;
+    #endif
+    #ifdef HAVE_ED448
+        /* User Ed448Sign   Callback handler */
+        CallbackEd448Sign   Ed448SignCb;
+        /* User Ed448Verify Callback handler */
+        CallbackEd448Verify Ed448VerifyCb;
+    #endif
+    #ifdef HAVE_CURVE448
+        /* User X448 KeyGen Callback Handler */
+        CallbackX448KeyGen X448KeyGenCb;
+        /* User X448 SharedSecret Callback handler */
+        CallbackX448SharedSecret X448SharedSecretCb;
+    #endif
     #ifndef NO_DH
         CallbackDhAgree DhAgreeCb;      /* User DH Agree Callback handler */
     #endif
@@ -4358,27 +4358,27 @@ struct WOLFSSL {
 #endif
 #ifdef HAVE_PK_CALLBACKS
     #ifdef HAVE_ECC
-        void* EccKeyGenCtx;              /* EccKeyGen  Callback Context */
-        void* EccSignCtx;                /* Ecc Sign   Callback Context */
-        void* EccVerifyCtx;              /* Ecc Verify Callback Context */
-        void* EccSharedSecretCtx;        /* Ecc Pms    Callback Context */
-        #ifdef HAVE_ED25519
-            void* Ed25519SignCtx;        /* ED25519 Sign   Callback Context */
-            void* Ed25519VerifyCtx;      /* ED25519 Verify Callback Context */
-        #endif
-        #ifdef HAVE_CURVE25519
-            void* X25519KeyGenCtx;       /* X25519 KeyGen Callback Context */
-            void* X25519SharedSecretCtx; /* X25519 Pms    Callback Context */
-        #endif
-        #ifdef HAVE_ED448
-            void* Ed448SignCtx;          /* ED448 Sign   Callback Context */
-            void* Ed448VerifyCtx;        /* ED448 Verify Callback Context */
-        #endif
-        #ifdef HAVE_CURVE448
-            void* X448KeyGenCtx;         /* X448 KeyGen Callback Context */
-            void* X448SharedSecretCtx;   /* X448 Pms    Callback Context */
-        #endif
+        void* EccKeyGenCtx;          /* EccKeyGen  Callback Context */
+        void* EccSignCtx;            /* Ecc Sign   Callback Context */
+        void* EccVerifyCtx;          /* Ecc Verify Callback Context */
+        void* EccSharedSecretCtx;    /* Ecc Pms    Callback Context */
     #endif /* HAVE_ECC */
+    #ifdef HAVE_ED25519
+        void* Ed25519SignCtx;        /* ED25519 Sign   Callback Context */
+        void* Ed25519VerifyCtx;      /* ED25519 Verify Callback Context */
+    #endif
+    #ifdef HAVE_CURVE25519
+        void* X25519KeyGenCtx;       /* X25519 KeyGen Callback Context */
+        void* X25519SharedSecretCtx; /* X25519 Pms    Callback Context */
+    #endif
+    #ifdef HAVE_ED448
+        void* Ed448SignCtx;          /* ED448 Sign   Callback Context */
+        void* Ed448VerifyCtx;        /* ED448 Verify Callback Context */
+    #endif
+    #ifdef HAVE_CURVE448
+        void* X448KeyGenCtx;         /* X448 KeyGen Callback Context */
+        void* X448SharedSecretCtx;   /* X448 Pms    Callback Context */
+    #endif
     #ifndef NO_DH
         void* DhAgreeCtx; /* DH Pms Callback Context */
     #endif /* !NO_DH */

wolfssl/test.h

@@ -3084,6 +3084,8 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
     return ret;
 }
 
+#endif /* HAVE_ECC */
+
 #ifdef HAVE_ED25519
 static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
         byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
@@ -3406,8 +3408,6 @@ static WC_INLINE int myX448SharedSecret(WOLFSSL* ssl, curve448_key* otherKey,
 }
 #endif /* HAVE_CURVE448 */
 
-#endif /* HAVE_ECC */
-
 #ifndef NO_DH
 static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key,
         const unsigned char* priv, unsigned int privSz,