wolfssl/tests/api.c

/* api.c API unit tests
 *
 * Copyright (C) 2006-2021 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/* For AES-CBC, input lengths can optionally be validated to be a
 * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
 * also available via the configure option --enable-aescbc-length-checks.
 */


/*----------------------------------------------------------------------------*
 | Includes
 *----------------------------------------------------------------------------*/

#ifdef HAVE_CONFIG_H
    #include <config.h>
#endif

#include <wolfssl/wolfcrypt/settings.h>

#ifndef FOURK_BUF
    #define FOURK_BUF 4096
#endif
#ifndef TWOK_BUF
    #define TWOK_BUF 2048
#endif
#ifndef ONEK_BUF
    #define ONEK_BUF 1024
#endif
#if defined(WOLFSSL_STATIC_MEMORY)
    #include <wolfssl/wolfcrypt/memory.h>
#endif /* WOLFSSL_STATIC_MEMORY */
#ifndef HEAP_HINT
    #define HEAP_HINT NULL
#endif /* WOLFSSL_STAIC_MEMORY */
#ifdef WOLFSSL_ASNC_CRYPT
    #include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef HAVE_ECC
    #include <wolfssl/wolfcrypt/ecc.h>   /* wc_ecc_fp_free */
    #ifndef ECC_ASN963_MAX_BUF_SZ
        #define ECC_ASN963_MAX_BUF_SZ 133
    #endif
    #ifndef ECC_PRIV_KEY_BUF
        #define ECC_PRIV_KEY_BUF 66  /* For non user defined curves. */
    #endif
    /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
    /* logic to choose right key ECC size */
    #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
        #define KEY14 14
    #else
        #define KEY14 32
    #endif
    #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
        #define KEY16 16
    #else
        #define KEY16 32
    #endif
    #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
        #define KEY20 20
    #else
        #define KEY20 32
    #endif
    #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
        #define KEY24 24
    #else
        #define KEY24 32
    #endif
    #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
        #define KEY28 28
    #else
        #define KEY28 32
    #endif
    #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
        #define KEY30 30
    #else
        #define KEY30 32
    #endif
    #define KEY32 32
    #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
        #define KEY40 40
    #else
        #define KEY40 32
    #endif
    #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
        #define KEY48 48
    #else
        #define KEY48 32
    #endif
    #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
        #define KEY64 64
    #else
        #define KEY64 32
    #endif

    #if !defined(HAVE_COMP_KEY)
        #if !defined(NOCOMP)
            #define NOCOMP 0
        #endif
    #else
        #if !defined(COMP)
            #define COMP 1
        #endif
    #endif
    #if !defined(DER_SZ)
        #define DER_SZ(ks) (ks * 2 + 1)
    #endif
#endif
#ifndef NO_ASN
    #include <wolfssl/wolfcrypt/asn_public.h>
#endif
#include <wolfssl/error-ssl.h>

#include <stdlib.h>
#include <wolfssl/ssl.h>  /* compatibility layer */
#include <wolfssl/test.h>
#include <tests/unit.h>
#include "examples/server/server.h"
     /* for testing compatibility layer callbacks */

#ifndef NO_MD5
    #include <wolfssl/wolfcrypt/md5.h>
#endif
#ifndef NO_SHA
    #include <wolfssl/wolfcrypt/sha.h>
#endif
#ifndef NO_SHA256
    #include <wolfssl/wolfcrypt/sha256.h>
#endif
#ifdef WOLFSSL_SHA512
    #include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef WOLFSSL_SHA384
    #include <wolfssl/wolfcrypt/sha512.h>
#endif

#ifdef WOLFSSL_SHA3
    #include <wolfssl/wolfcrypt/sha3.h>
    #ifndef HEAP_HINT
        #define HEAP_HINT   NULL
    #endif
#endif

#ifndef NO_AES
    #include <wolfssl/wolfcrypt/aes.h>
    #ifdef HAVE_AES_DECRYPT
        #include <wolfssl/wolfcrypt/wc_encrypt.h>
    #endif
#endif
#ifdef WOLFSSL_RIPEMD
    #include <wolfssl/wolfcrypt/ripemd.h>
#endif
#ifdef HAVE_IDEA
    #include <wolfssl/wolfcrypt/idea.h>
#endif
#ifndef NO_DES3
    #include <wolfssl/wolfcrypt/des3.h>
    #include <wolfssl/wolfcrypt/wc_encrypt.h>
#endif
#ifdef WC_RC2
    #include <wolfssl/wolfcrypt/rc2.h>
#endif

#ifndef NO_HMAC
    #include <wolfssl/wolfcrypt/hmac.h>
#endif

#ifdef HAVE_CHACHA
    #include <wolfssl/wolfcrypt/chacha.h>
#endif

#ifdef HAVE_POLY1305
    #include <wolfssl/wolfcrypt/poly1305.h>
#endif

#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
    #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#endif

#ifdef HAVE_CAMELLIA
    #include <wolfssl/wolfcrypt/camellia.h>
#endif

#ifndef NO_RABBIT
    #include <wolfssl/wolfcrypt/rabbit.h>
#endif

#ifndef NO_RC4
    #include <wolfssl/wolfcrypt/arc4.h>
#endif

#ifdef HAVE_BLAKE2
    #include <wolfssl/wolfcrypt/blake2.h>
#endif

#include <wolfssl/wolfcrypt/hash.h>
#ifndef NO_RSA
    #include <wolfssl/wolfcrypt/rsa.h>

    #define FOURK_BUF 4096
    #define GEN_BUF  294

    #ifndef USER_CRYPTO_ERROR
        #define USER_CRYPTO_ERROR -101 /* error returned by IPP lib. */
    #endif
#endif

#ifndef NO_SIG_WRAPPER
    #include <wolfssl/wolfcrypt/signature.h>
#endif


#ifdef HAVE_AESCCM
    #include <wolfssl/wolfcrypt/aes.h>
#endif

#ifdef HAVE_HC128
    #include <wolfssl/wolfcrypt/hc128.h>
#endif

#ifdef HAVE_PKCS7
    #include <wolfssl/wolfcrypt/pkcs7.h>
    #include <wolfssl/wolfcrypt/asn.h>
    #ifdef HAVE_LIBZ
    #include <wolfssl/wolfcrypt/compress.h>
    #endif
#endif

#ifdef WOLFSSL_SMALL_CERT_VERIFY
    #include <wolfssl/wolfcrypt/asn.h>
#endif

#ifndef NO_DSA
    #include <wolfssl/wolfcrypt/dsa.h>
    #ifndef ONEK_BUF
        #define ONEK_BUF 1024
    #endif
    #ifndef TWOK_BUF
        #define TWOK_BUF 2048
    #endif
    #ifndef FOURK_BUF
        #define FOURK_BUF 4096
    #endif
    #ifndef DSA_SIG_SIZE
        #define DSA_SIG_SIZE 40
    #endif
    #ifndef MAX_DSA_PARAM_SIZE
        #define MAX_DSA_PARAM_SIZE 256
    #endif
#endif

#ifdef WOLFSSL_CMAC
    #include <wolfssl/wolfcrypt/cmac.h>
#endif

#ifdef HAVE_ED25519
    #include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_CURVE25519
    #include <wolfssl/wolfcrypt/curve25519.h>
#endif
#ifdef HAVE_ED448
    #include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef HAVE_CURVE448
    #include <wolfssl/wolfcrypt/curve448.h>
#endif

#ifdef HAVE_PKCS12
    #include <wolfssl/wolfcrypt/pkcs12.h>
#endif

#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
    #include <wolfssl/openssl/ssl.h>
    #ifndef NO_ASN
        /* for ASN_COMMON_NAME DN_tags enum */
        #include <wolfssl/wolfcrypt/asn.h>
    #endif
    #ifdef HAVE_OCSP
        #include <wolfssl/openssl/ocsp.h>
    #endif
#endif
#ifdef OPENSSL_EXTRA
    #include <wolfssl/openssl/cmac.h>
    #include <wolfssl/openssl/x509v3.h>
    #include <wolfssl/openssl/asn1.h>
    #include <wolfssl/openssl/crypto.h>
    #include <wolfssl/openssl/pkcs12.h>
    #include <wolfssl/openssl/evp.h>
    #include <wolfssl/openssl/dh.h>
    #include <wolfssl/openssl/bn.h>
    #include <wolfssl/openssl/buffer.h>
    #include <wolfssl/openssl/pem.h>
    #include <wolfssl/openssl/ec.h>
    #include <wolfssl/openssl/engine.h>
    #include <wolfssl/openssl/hmac.h>
    #include <wolfssl/openssl/objects.h>
    #include <wolfssl/openssl/rand.h>
#ifdef OPENSSL_ALL
    #include <wolfssl/openssl/txt_db.h>
    #include <wolfssl/openssl/lhash.h>
#endif
#ifndef NO_AES
    #include <wolfssl/openssl/aes.h>
#endif
#ifndef NO_DES3
    #include <wolfssl/openssl/des.h>
#endif
#ifdef HAVE_ECC
    #include <wolfssl/openssl/ecdsa.h>
#endif
#ifdef HAVE_PKCS7
    #include <wolfssl/openssl/pkcs7.h>
#endif
#ifdef HAVE_ED25519
    #include <wolfssl/openssl/ed25519.h>
#endif
#ifdef HAVE_ED448
    #include <wolfssl/openssl/ed448.h>
#endif
#endif /* OPENSSL_EXTRA */

#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
    && !defined(NO_SHA256) && !defined(RC_NO_RNG)
        #include <wolfssl/wolfcrypt/srp.h>
#endif

#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
    defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
    !defined(WOLFSSL_ASN_TEMPLATE))
    /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
     * or for setting authKeyIdSrc in WOLFSSL_X509 */
#include "wolfssl/internal.h"
#endif

/* force enable test buffers */
#ifndef USE_CERT_BUFFERS_2048
    #define USE_CERT_BUFFERS_2048
#endif
#ifndef USE_CERT_BUFFERS_256
    #define USE_CERT_BUFFERS_256
#endif
#include <wolfssl/certs_test.h>


typedef struct testVector {
    const char* input;
    const char* output;
    size_t inLen;
    size_t outLen;

} testVector;

#if defined(HAVE_PKCS7)
    typedef struct {
        const byte* content;
        word32      contentSz;
        int         contentOID;
        int         encryptOID;
        int         keyWrapOID;
        int         keyAgreeOID;
        byte*       cert;
        size_t      certSz;
        byte*       privateKey;
        word32      privateKeySz;
    } pkcs7EnvelopedVector;

    #ifndef NO_PKCS7_ENCRYPTED_DATA
        typedef struct {
            const byte*     content;
            word32          contentSz;
            int             contentOID;
            int             encryptOID;
            byte*           encryptionKey;
            word32          encryptionKeySz;
        } pkcs7EncryptedVector;
    #endif
#endif /* HAVE_PKCS7 */


/*----------------------------------------------------------------------------*
 | Constants
 *----------------------------------------------------------------------------*/

#define TEST_SUCCESS    (1)
#define TEST_FAIL       (0)

#define testingFmt "   %s:"
#define resultFmt  " %s\n"
static const char* passed = "passed";
static const char* failed = "failed";

#define TEST_STRING    "Everyone gets Friday off."
#define TEST_STRING_SZ 25

#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
#define TEST_RSA_BITS 1024
#else
#define TEST_RSA_BITS 2048
#endif
#define TEST_RSA_BYTES (TEST_RSA_BITS/8)

#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
    static const char* bogusFile  =
    #ifdef _WIN32
        "NUL"
    #else
        "/dev/null"
    #endif
    ;
#endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */

enum {
    TESTING_RSA = 1,
    TESTING_ECC = 2
};

#ifdef WOLFSSL_QNX_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
static int devId = WOLFSSL_CAAM_DEVID;
#else
static int devId = INVALID_DEVID;
#endif


/*----------------------------------------------------------------------------*
 | Setup
 *----------------------------------------------------------------------------*/

static int test_wolfSSL_Init(void)
{
    int result;

    printf(testingFmt, "wolfSSL_Init()");
    result = wolfSSL_Init();
    printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);

    return result;
}


static int test_wolfSSL_Cleanup(void)
{
    int result;

    printf(testingFmt, "wolfSSL_Cleanup()");
    result = wolfSSL_Cleanup();
    printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);

    return result;
}


/*  Initialize the wolfCrypt state.
 *  POST: 0 success.
 */
static int test_wolfCrypt_Init(void)
{
    int result;

    printf(testingFmt, "wolfCrypt_Init()");
    result = wolfCrypt_Init();
    printf(resultFmt, result == 0 ? passed : failed);

    return result;

} /* END test_wolfCrypt_Init */

/*----------------------------------------------------------------------------*
 | Platform dependent function test
 *----------------------------------------------------------------------------*/
 static int test_fileAccess(void)
{
#if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM)
    const char *fname[] = {
    svrCertFile, svrKeyFile, caCertFile,
    eccCertFile, eccKeyFile, eccRsaCertFile,
    cliCertFile, cliCertDerFile, cliKeyFile,
    dhParamFile,
    cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
    cliEdCertFile, cliEdKeyFile, caEdCertFile,
    NULL
    };
     const char derfile[] = "./certs/server-cert.der";
    XFILE f;
    size_t sz;
    byte *buff;
    int i;

    printf(testingFmt, "test_fileAccess()");

    AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE);
     for(i=0; fname[i] != NULL ; i++){
        AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE);
        XFCLOSE(f);
    }

    AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE);
    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
    sz = (size_t) XFTELL(f);
    XREWIND(f);
    AssertTrue(sz == sizeof_server_cert_der_2048);
    AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ;
    AssertTrue(XFREAD(buff, 1, sz, f) == sz);
    XMEMCMP(server_cert_der_2048, buff, sz);
    printf(resultFmt, passed);
#endif
    return WOLFSSL_SUCCESS;
}

/*----------------------------------------------------------------------------*
 | Method Allocators
 *----------------------------------------------------------------------------*/

static void test_wolfSSL_Method_Allocators(void)
{
    #define TEST_METHOD_ALLOCATOR(allocator, condition) \
        do {                                            \
            WOLFSSL_METHOD *method;                      \
            condition(method = allocator());            \
            XFREE(method, 0, DYNAMIC_TYPE_METHOD);      \
        } while(0)

    #define TEST_VALID_METHOD_ALLOCATOR(a) \
            TEST_METHOD_ALLOCATOR(a, AssertNotNull)

    #define TEST_INVALID_METHOD_ALLOCATOR(a) \
            TEST_METHOD_ALLOCATOR(a, AssertNull)

#ifndef NO_OLD_TLS
    #ifdef WOLFSSL_ALLOW_SSLV3
        #ifndef NO_WOLFSSL_SERVER
        TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
        #endif
        #ifndef NO_WOLFSSL_CLIENT
        TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
        #endif
    #endif
    #ifdef WOLFSSL_ALLOW_TLSV10
        #ifndef NO_WOLFSSL_SERVER
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
        #endif
        #ifndef NO_WOLFSSL_CLIENT
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
        #endif
    #endif
    #ifndef NO_WOLFSSL_SERVER
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
    #endif
    #ifndef NO_WOLFSSL_CLIENT
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
    #endif
#endif /* !NO_OLD_TLS */

#ifndef WOLFSSL_NO_TLS12
    #ifndef NO_WOLFSSL_SERVER
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
    #endif
    #ifndef NO_WOLFSSL_CLIENT
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
    #endif
#endif /* !WOLFSSL_NO_TLS12 */

#ifdef WOLFSSL_TLS13
    #ifndef NO_WOLFSSL_SERVER
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
    #endif
    #ifndef NO_WOLFSSL_CLIENT
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
    #endif
#endif /* WOLFSSL_TLS13 */

#ifndef NO_WOLFSSL_SERVER
    TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
    TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
#endif

#ifdef WOLFSSL_DTLS
    #ifndef NO_OLD_TLS
        #ifndef NO_WOLFSSL_SERVER
        TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
        #endif
        #ifndef NO_WOLFSSL_CLIENT
        TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
        #endif
    #endif
    #ifndef WOLFSSL_NO_TLS12
        #ifndef NO_WOLFSSL_SERVER
        TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
        #endif
        #ifndef NO_WOLFSSL_CLIENT
        TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
        #endif
    #endif
#endif /* WOLFSSL_DTLS */

#if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA)
    /* Stubs */
    #ifndef NO_WOLFSSL_SERVER
        TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
    #endif
    #ifndef NO_WOLFSSL_CLIENT
        TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
    #endif
#endif

    /* Test Either Method (client or server) */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method);
    #ifndef NO_OLD_TLS
        #ifdef WOLFSSL_ALLOW_TLSV10
            TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method);
        #endif
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method);
    #endif /* !NO_OLD_TLS */
    #ifndef WOLFSSL_NO_TLS12
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method);
    #endif /* !WOLFSSL_NO_TLS12 */
    #ifdef WOLFSSL_TLS13
        TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method);
    #endif /* WOLFSSL_TLS13 */
    #ifdef WOLFSSL_DTLS
        TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method);
        #ifndef NO_OLD_TLS
            TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method);
        #endif /* !NO_OLD_TLS */
        #ifndef WOLFSSL_NO_TLS12
            TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
        #endif /* !WOLFSSL_NO_TLS12 */
    #endif /* WOLFSSL_DTLS */
#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
}


/*----------------------------------------------------------------------------*
 | Context
 *----------------------------------------------------------------------------*/
#ifndef NO_WOLFSSL_SERVER
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
{
    WOLFSSL_CTX *ctx;

    AssertNull(ctx = wolfSSL_CTX_new(NULL));

    AssertNotNull(method);
    AssertNotNull(ctx = wolfSSL_CTX_new(method));
    wolfSSL_CTX_free(ctx);
}
#endif

#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
static void test_for_double_Free(void)
{
    WOLFSSL_CTX* ctx;
    WOLFSSL*     ssl;
    int skipTest = 0;
    const char* testCertFile;
    const char* testKeyFile;
    char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA"
":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM"
"-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-"
"AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE"
"-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-"
"8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-"
"NULL-SHA:HC128-MD5:HC128-SHA:RABBIT-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-"
"AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-"
"SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R"
"SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA"
":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-"
"RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA"
":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3"
"-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES"
"256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E"
"CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25"
"6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC"
"M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL"
"LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH"
"E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD"
"H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD"
"SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA"
"CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R"
"SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO"
"LY1305-OLD:IDEA-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A"
"ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA"
"CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S"
"HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
"8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
#ifndef NO_RSA
        testCertFile = svrCertFile;
        testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
        testCertFile = eccCertFile;
        testKeyFile = eccKeyFile;
#else
    skipTest = 1;
#endif

    if (skipTest != 1) {
#ifndef NO_WOLFSSL_SERVER
        ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
        AssertNotNull(ctx);
#else
        ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
        AssertNotNull(ctx);
#endif
        AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
        AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
        ssl = wolfSSL_new(ctx);
        AssertNotNull(ssl);

        /* First test freeing SSL, then CTX */
        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);

#ifndef NO_WOLFSSL_CLIENT
        ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
        AssertNotNull(ctx);
#else
        ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
        AssertNotNull(ctx);
#endif
        AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
        AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
        ssl = wolfSSL_new(ctx);
        AssertNotNull(ssl);

        /* Next test freeing CTX then SSL */
        wolfSSL_CTX_free(ctx);
        wolfSSL_free(ssl);

#ifndef NO_WOLFSSL_SERVER
        ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
        AssertNotNull(ctx);
#else
        ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
        AssertNotNull(ctx);
#endif
        /* Test setting ciphers at ctx level */
        AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
        AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
        AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
        defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
        /* only update TLSv13 suites */
        AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384"));
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
    !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
    defined(WOLFSSL_AES_128) && !defined(NO_RSA)
        /* only update pre-TLSv13 suites */
        AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256"));
#endif
        AssertNotNull(ssl = wolfSSL_new(ctx));
        wolfSSL_CTX_free(ctx);
        wolfSSL_free(ssl);

#ifndef NO_WOLFSSL_CLIENT
        ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
        AssertNotNull(ctx);
#else
        ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
        AssertNotNull(ctx);
#endif
        AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
        AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
        ssl = wolfSSL_new(ctx);
        AssertNotNull(ssl);
        /* test setting ciphers at SSL level */
        AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
        defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
        /* only update TLSv13 suites */
        AssertTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"));
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
    !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
    defined(WOLFSSL_AES_128) && !defined(NO_RSA)
        /* only update pre-TLSv13 suites */
        AssertTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"));
#endif
        wolfSSL_CTX_free(ctx);
        wolfSSL_free(ssl);
    }
}
#endif


static void test_wolfSSL_CTX_use_certificate_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX *ctx;

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));

    /* invalid context */
    AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
                                                             WOLFSSL_FILETYPE_PEM));
    /* invalid cert file */
    AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
                                                             WOLFSSL_FILETYPE_PEM));
    /* invalid cert type */
    AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));

#ifdef NO_RSA
    /* rsa needed */
    AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM));
#else
    /* success */
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
#endif

    wolfSSL_CTX_free(ctx);
#endif
}

#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static int test_wolfSSL_CTX_use_certificate_ASN1(void)
{
#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
    WOLFSSL_CTX*            ctx;
    int                     ret;

    printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()");
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));

    ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
                server_cert_der_2048);

    printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
    wolfSSL_CTX_free(ctx);

    return ret;
#else
    return WOLFSSL_SUCCESS;
#endif
}
#endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */

/*  Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
 *  context using buffer.
 *  PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
 *  --enable-testcert flag.
 */
static int test_wolfSSL_CTX_use_certificate_buffer(void)
{
    #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
            !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
        WOLFSSL_CTX*            ctx;
        int                     ret;

        printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));

        ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
                    sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1);

        printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
        wolfSSL_CTX_free(ctx);

        return ret;
    #else
        return WOLFSSL_SUCCESS;
    #endif

} /*END test_wolfSSL_CTX_use_certificate_buffer*/

static void test_wolfSSL_CTX_use_PrivateKey_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX *ctx;

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));

    /* invalid context */
    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
                                                             WOLFSSL_FILETYPE_PEM));
    /* invalid key file */
    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
                                                             WOLFSSL_FILETYPE_PEM));
    /* invalid key type */
    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));

    /* success */
#ifdef NO_RSA
    /* rsa needed */
    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else
    /* success */
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#endif

    wolfSSL_CTX_free(ctx);
#endif
}


/* test both file and buffer versions along with unloading trusted peer certs */
static void test_wolfSSL_CTX_trust_peer_cert(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
    !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx;

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

#if !defined(NO_FILESYSTEM)
    /* invalid file */
    assert(wolfSSL_CTX_trust_peer_cert(ctx, NULL,
                                              WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
    assert(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile,
                                              WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
    assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
                                             WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);

    /* success */
    assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM)
                                                                == WOLFSSL_SUCCESS);

    /* unload cert */
    assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
    assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);
#endif

    /* Test of loading certs from buffers */

    /* invalid buffer */
    assert(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1,
                                             WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);

    /* success */
#ifdef USE_CERT_BUFFERS_1024
    assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024,
                sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
#endif
#ifdef USE_CERT_BUFFERS_2048
    assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048,
                sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
#endif

    /* unload cert */
    assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
    assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
#endif
}


static void test_wolfSSL_CTX_load_verify_locations(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx;
#ifndef NO_RSA
    WOLFSSL_CERT_MANAGER* cm;
#ifdef PERSIST_CERT_CACHE
    int cacheSz;
#endif
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
    const char* load_certs_path = "./certs/external";
    const char* load_no_certs_path = "./examples";
    const char* load_expired_path = "./certs/test/expired";
#endif

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

    /* invalid arguments */
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);

    /* invalid ca file */
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
     WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));


#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
  (defined(WOLFSSL_QT) && \
  !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
    /* invalid path */
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
     WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
#endif

    /* load ca cert */
#ifdef NO_RSA
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
     WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
#else /* Skip the following test without RSA certs. */
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);

#ifdef PERSIST_CERT_CACHE
    /* Get cert cache size */
    cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
#endif
    /* Test unloading CA's */
    AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);

#ifdef PERSIST_CERT_CACHE
    /* Verify no certs (result is less than cacheSz) */
    AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif

    /* load ca cert again */
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);

    /* Test getting CERT_MANAGER */
    AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));

    /* Test unloading CA's using CM */
    AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);

#ifdef PERSIST_CERT_CACHE
    /* Verify no certs (result is less than cacheSz) */
    AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
#endif

#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
    /* Test loading CA certificates using a path */
    #ifdef NO_RSA
    /* failure here okay since certs in external directory are RSA */
    AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
        WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
    #else
    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
        WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
    #endif

    /* Test loading path with no files */
    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
        WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);

    /* Test loading expired CA certificates */
    #ifdef NO_RSA
    AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
        WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
        WOLFSSL_SUCCESS);
    #else
    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
        WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
        WOLFSSL_SUCCESS);
    #endif

    /* Test loading CA certificates and ignoring all errors */
    #ifdef NO_RSA
    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
    #else
    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
    #endif
#endif

    wolfSSL_CTX_free(ctx);
#endif
}

#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
{
    int ret;
    WOLFSSL_CERT_MANAGER* cm;

    cm = wolfSSL_CertManagerNew();
    if (cm == NULL) {
        printf("test_cm_load_ca failed\n");
        return -1;
    }

    ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);

    wolfSSL_CertManagerFree(cm);

    return ret;
}

static int test_cm_load_ca_file(const char* ca_cert_file)
{
    int ret = 0;
    byte* cert_buf = NULL;
    size_t cert_sz = 0;
#if defined(WOLFSSL_PEM_TO_DER)
    DerBuffer* pDer = NULL;
#endif

    ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
    if (ret == 0) {
        /* normal test */
        ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);

        if (ret == WOLFSSL_SUCCESS) {
            /* test including null terminator in length */
            byte* tmp = (byte*)realloc(cert_buf, cert_sz+1);
            if (tmp == NULL) {
                ret = MEMORY_E;
            }
            else {
                cert_buf = tmp;
                cert_buf[cert_sz] = '\0';
                ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1,
                        WOLFSSL_FILETYPE_PEM);
            }

        }

    #if defined(WOLFSSL_PEM_TO_DER)
        if (ret == WOLFSSL_SUCCESS) {
            /* test loading DER */
            ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
            if (ret == 0 && pDer != NULL) {
                ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
                    WOLFSSL_FILETYPE_ASN1);

                wc_FreeDer(&pDer);
            }
        }
    #endif

    }
    free(cert_buf);

    return ret;
}
#endif /* !NO_FILESYSTEM && !NO_CERTS */

static void test_wolfSSL_CertManagerCheckOCSPResponse(void)
{
#if defined(HAVE_OCSP) && !defined(NO_RSA)
/* Need one of these for wolfSSL_OCSP_REQUEST_new. */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
    defined(HAVE_LIGHTY)
    WOLFSSL_CERT_MANAGER* cm = NULL;
    /* Raw OCSP response bytes captured using the following setup:
     * - Run responder with
     *      openssl ocsp -port 9999 -ndays 9999
     *      -index certs/ocsp/index-intermediate1-ca-issued-certs.txt
     *      -rsigner certs/ocsp/ocsp-responder-cert.pem
     *      -rkey certs/ocsp/ocsp-responder-key.pem
     *      -CA certs/ocsp/intermediate1-ca-cert.pem
     * - Run client with
     *      openssl ocsp -host 127.0.0.1:9999 -respout resp.out
     *      -issuer certs/ocsp/intermediate1-ca-cert.pem
     *      -cert certs/ocsp/server1-cert.pem
     *      -CAfile certs/ocsp/root-ca-cert.pem -noverify
     * - Copy raw response from Wireshark.
     */
    byte response[] = {
        0x30, 0x82, 0x07, 0x40, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, 0x82, 0x07, 0x35, 0x06,
        0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x07, 0x26, 0x30, 0x82,
        0x07, 0x22, 0x30, 0x82, 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
        0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
        0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
        0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
        0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
        0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
        0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
        0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20,
        0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
        0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
        0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31,
        0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0x30, 0x64, 0x30, 0x62, 0x30,
        0x3a, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x71, 0x4d,
        0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18,
        0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2,
        0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32,
        0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa0, 0x11,
        0x18, 0x0f, 0x32, 0x30, 0x34, 0x38, 0x30, 0x39, 0x31, 0x37, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30,
        0x5a, 0xa1, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
        0x01, 0x02, 0x04, 0x12, 0x04, 0x10, 0x38, 0x31, 0x60, 0x99, 0xc8, 0x05, 0x09, 0x68, 0x1c, 0x33,
        0x49, 0xea, 0x45, 0x26, 0x2f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
        0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0x58, 0xcc, 0x69, 0x42, 0xe2,
        0x9e, 0x64, 0xf6, 0x57, 0xce, 0xcb, 0x5f, 0x14, 0xaf, 0x08, 0x6c, 0xc1, 0x52, 0x7a, 0x40, 0x0a,
        0xfd, 0xb6, 0xce, 0xbb, 0x40, 0xf4, 0xb9, 0xa5, 0x88, 0xc7, 0xf3, 0x42, 0x9f, 0xa9, 0x94, 0xbe,
        0x6e, 0x7e, 0x09, 0x30, 0x9d, 0x0e, 0x10, 0x6f, 0x9c, 0xd9, 0x4c, 0x71, 0x81, 0x41, 0x64, 0x95,
        0xf5, 0x85, 0x77, 0x94, 0x81, 0x61, 0x88, 0xc8, 0x0b, 0x50, 0xbb, 0x37, 0xc8, 0x86, 0x76, 0xd8,
        0xa2, 0xed, 0x66, 0x34, 0xfb, 0xe4, 0xe7, 0x09, 0x8c, 0xf5, 0xb5, 0x85, 0xd0, 0x4b, 0xb5, 0xe6,
        0x23, 0x62, 0xc3, 0xd0, 0xef, 0xf7, 0x42, 0x89, 0x02, 0x80, 0x64, 0xc9, 0xed, 0xdd, 0x7c, 0x8f,
        0x0d, 0xe7, 0x43, 0x9b, 0x88, 0x1f, 0xb0, 0xfd, 0x24, 0x01, 0xc7, 0x55, 0xc3, 0x73, 0x12, 0x84,
        0x09, 0x7c, 0x57, 0xa8, 0x5d, 0xab, 0x75, 0x29, 0x5c, 0x36, 0x97, 0x64, 0x40, 0x0b, 0x55, 0x34,
        0x0a, 0x5d, 0xb1, 0x1b, 0x61, 0x1b, 0xdc, 0xe5, 0x89, 0xdd, 0x92, 0x62, 0x57, 0xa7, 0x52, 0xb4,
        0x38, 0x9a, 0x48, 0xc8, 0x3a, 0x14, 0xde, 0x69, 0x42, 0xe9, 0x37, 0xa4, 0xe7, 0x2d, 0x00, 0xa7,
        0x0b, 0x29, 0x18, 0xd5, 0xce, 0xd9, 0x0d, 0xdd, 0xfe, 0xae, 0x86, 0xb3, 0x32, 0x1c, 0xc9, 0x33,
        0xb0, 0x2b, 0xb7, 0x3c, 0x0d, 0x43, 0xd8, 0x6c, 0xf2, 0xb7, 0xcd, 0x7b, 0xd5, 0x7d, 0xf0, 0xde,
        0x34, 0x9f, 0x6d, 0x83, 0xb9, 0xd5, 0xed, 0xe3, 0xda, 0x96, 0x40, 0x9e, 0xd6, 0xa6, 0xfd, 0x70,
        0x80, 0x70, 0x87, 0x61, 0x0f, 0xc5, 0x9f, 0x75, 0xfe, 0x11, 0x78, 0x34, 0xc9, 0x42, 0x16, 0x73,
        0x46, 0x7b, 0x05, 0x53, 0x28, 0x43, 0xbe, 0xee, 0x88, 0x67, 0x1d, 0xcc, 0x74, 0xa7, 0xb6, 0x58,
        0x7b, 0x29, 0x68, 0x40, 0xcf, 0xce, 0x7b, 0x19, 0x33, 0x68, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82,
        0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
        0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
        0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
        0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
        0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
        0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
        0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
        0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53,
        0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
        0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32,
        0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x33,
        0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b,
        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
        0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
        0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
        0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
        0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
        0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03,
        0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53,
        0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06,
        0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
        0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22,
        0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
        0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23,
        0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85,
        0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63,
        0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41,
        0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b,
        0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8,
        0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce,
        0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a,
        0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2,
        0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a,
        0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb,
        0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab,
        0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11,
        0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b,
        0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14,
        0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3,
        0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01,
        0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d,
        0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
        0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46,
        0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30,
        0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
        0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81,
        0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
        0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
        0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65,
        0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07,
        0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
        0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30,
        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
        0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
        0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
        0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55,
        0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09,
        0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
        0x82, 0x01, 0x01, 0x00, 0x07, 0xca, 0xa6, 0xa1, 0x9f, 0xbf, 0xaf, 0x92, 0x41, 0x35, 0x66, 0x51,
        0xac, 0xbc, 0x2c, 0xec, 0xe7, 0x8d, 0x65, 0x7e, 0xe9, 0x40, 0xfe, 0x5a, 0xab, 0x8a, 0x1d, 0x3d,
        0x13, 0xdb, 0xb4, 0x43, 0x2c, 0x9a, 0x36, 0x98, 0x21, 0xa5, 0xe8, 0xca, 0xa9, 0x4d, 0xfc, 0xe3,
        0xf7, 0x45, 0x88, 0xcd, 0x33, 0xbf, 0x8a, 0x62, 0x10, 0x2f, 0xb2, 0xb7, 0x04, 0xef, 0x26, 0x43,
        0x51, 0x1d, 0x43, 0x62, 0x7d, 0x1e, 0x50, 0xc8, 0xd5, 0x98, 0x94, 0x71, 0x8f, 0x3b, 0x23, 0x26,
        0xf1, 0x71, 0x8e, 0x1e, 0x3d, 0x3f, 0x21, 0xfd, 0xb7, 0x2d, 0x65, 0xe4, 0x07, 0x65, 0xac, 0x3c,
        0xfc, 0xc0, 0x47, 0xa9, 0x32, 0xf6, 0xda, 0x26, 0x93, 0x10, 0xb2, 0xd1, 0x6d, 0xc8, 0x81, 0x31,
        0x7c, 0xb0, 0x6b, 0xc5, 0x22, 0x8d, 0xb3, 0xfa, 0xbe, 0x82, 0xea, 0x41, 0x42, 0xc4, 0xc0, 0xef,
        0xe3, 0x84, 0x0f, 0x6f, 0x9a, 0x03, 0x63, 0xb3, 0x30, 0xe0, 0x31, 0x81, 0x2a, 0x16, 0xb3, 0x47,
        0xd9, 0x5b, 0x38, 0x93, 0x07, 0xd0, 0x6e, 0x79, 0x52, 0x2c, 0xe5, 0x50, 0x84, 0x79, 0x10, 0xe7,
        0xf6, 0x31, 0x7a, 0x3e, 0x48, 0xa2, 0x38, 0x21, 0x90, 0x7a, 0xf2, 0x5f, 0x48, 0xa4, 0x46, 0x93,
        0x87, 0xdd, 0x5c, 0x83, 0x64, 0xea, 0xb5, 0x99, 0xa2, 0xe9, 0x01, 0x40, 0xfe, 0xf0, 0x48, 0x66,
        0x4f, 0x96, 0xf7, 0x83, 0x52, 0xf8, 0x6d, 0xf8, 0x5f, 0xed, 0x0c, 0xbb, 0xbe, 0xd0, 0x69, 0x10,
        0x4b, 0x99, 0x8f, 0xf8, 0x61, 0x53, 0x9d, 0x12, 0xca, 0x86, 0xaa, 0xb1, 0x80, 0xb4, 0xa6, 0xc1,
        0xcb, 0xb7, 0x48, 0xf7, 0x9f, 0x55, 0xb4, 0x6e, 0xab, 0xd3, 0xa1, 0xaa, 0x4b, 0xa7, 0x21, 0x6e,
        0x16, 0x7f, 0xad, 0xbb, 0xea, 0x0f, 0x41, 0x80, 0x9b, 0x7f, 0xd6, 0x46, 0xa2, 0xc0, 0x61, 0x72,
        0x59, 0x59, 0xa0, 0x07
    };
    OcspEntry entry[1];
    CertStatus status[1];
    OcspRequest* request;

    byte serial[] = {0x05};
    byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04};
    byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e};

    printf(testingFmt, "wolfSSL_CertManagerCheckOCSPResponse()");

    XMEMSET(entry, 0, sizeof(OcspEntry));
    XMEMSET(status, 0, sizeof(CertStatus));

    AssertNotNull(request = wolfSSL_OCSP_REQUEST_new());
    request->serial = (byte*)XMALLOC(sizeof(serial), NULL,
                                     DYNAMIC_TYPE_OCSP_REQUEST);
    AssertNotNull(request->serial);

    request->serialSz = sizeof(serial);
    XMEMCPY(request->serial, serial, sizeof(serial));
    XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash));
    XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash));

    AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
    AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CertManagerLoadCA(cm,
        "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS);

    /* Response should be valid. */
    AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
        sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);

    /* Flip a byte in the request serial number, response should be invalid
     * now. */
    request->serial[0] ^= request->serial[0];
    AssertIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
        sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);


    wolfSSL_OCSP_REQUEST_free(request);
    wolfSSL_CertManagerFree(cm);

    printf(resultFmt, passed);
#endif /* OPENSSL_ALL || WOLFSSL_NGINX ||  WOLFSSL_HAPROXY ||
        * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */
#endif /* HAVE_OCSP */
}

static int test_wolfSSL_CertManagerLoadCABuffer(void)
{
    int ret = 0;

#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
    const char* ca_cert = "./certs/ca-cert.pem";
    const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";

    ret = test_cm_load_ca_file(ca_cert);
    #ifdef NO_RSA
    AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
    #else
    AssertIntEQ(ret, WOLFSSL_SUCCESS);
    #endif

    ret = test_cm_load_ca_file(ca_expired_cert);
    #ifdef NO_RSA
    AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
    #else
    #if !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
            !defined(OPENSSL_COMPATIBLE_DEFAULTS)
    AssertIntEQ(ret, ASN_AFTER_DATE_E);
    #else
    AssertIntEQ(ret, WOLFSSL_SUCCESS);
    #endif
    #endif
#endif

    return ret;
}

static void test_wolfSSL_CertManagerGetCerts(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
     defined(WOLFSSL_SIGNER_DER_CERT)

    WOLFSSL_CERT_MANAGER* cm = NULL;
    WOLFSSL_STACK* sk = NULL;
    X509* x509 = NULL;
    X509* cert1 = NULL;
    FILE* file1 = NULL;
#ifdef DEBUG_WOLFSSL_VERBOSE
    WOLFSSL_BIO* bio = NULL;
#endif
    int i = 0;

    printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
    AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));

    AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
    fclose(file1);

    AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
    AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                "./certs/ca-cert.pem", NULL));

    AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));

    for (i = 0; i < sk_X509_num(sk); i++) {
        x509 = sk_X509_value(sk, i);
        AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1));

#ifdef DEBUG_WOLFSSL_VERBOSE
        bio = BIO_new(wolfSSL_BIO_s_file());
        if (bio != NULL) {
            BIO_set_fp(bio, stdout, BIO_NOCLOSE);
            X509_print(bio, x509);
            BIO_free(bio);
        }
#endif /* DEBUG_WOLFSSL_VERBOSE */
    }
    wolfSSL_X509_free(cert1);
    sk_X509_pop_free(sk, NULL);
    wolfSSL_CertManagerFree(cm);
    printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
          !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
          defined(WOLFSSL_SIGNER_DER_CERT) */
}

static int test_wolfSSL_CertManagerSetVerify(void)
{
    int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
    (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
    WOLFSSL_CERT_MANAGER* cm;
    int tmp = myVerifyAction;
    const char* ca_cert = "./certs/ca-cert.pem";
    const char* expiredCert = "./certs/test/expired/expired-cert.pem";

    cm = wolfSSL_CertManagerNew();
    AssertNotNull(cm);

    wolfSSL_CertManagerSetVerify(cm, myVerify);

    ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL);
    AssertIntEQ(ret, WOLFSSL_SUCCESS);

    /* Use the test CB that always accepts certs */
    myVerifyAction = VERIFY_OVERRIDE_ERROR;

    ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM);
    AssertIntEQ(ret, WOLFSSL_SUCCESS);

#ifdef WOLFSSL_ALWAYS_VERIFY_CB
    {
        const char* verifyCert = "./certs/server-cert.pem";
        /* Use the test CB that always fails certs */
        myVerifyAction = VERIFY_FORCE_FAIL;

        ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM);
        AssertIntEQ(ret, VERIFY_CERT_ERROR);
    }
#endif

    wolfSSL_CertManagerFree(cm);
    myVerifyAction = tmp;
#endif

    return ret;
}

#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
    defined(DEBUG_UNIT_TEST_CERTS)
/* used when debugging name constraint tests */
static void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName)
{
    BIO* out = BIO_new(BIO_s_file());
    if (out != NULL) {
        FILE* f = fopen(fileName, "wb");
        BIO_set_fp(out, f, BIO_CLOSE);
        PEM_write_bio_X509(out, x509);
        BIO_free(out);
    }
}
static void DEBUG_WRITE_CERT_DER(const byte* der, int derSz, const char* fileName)
{
    BIO* out = BIO_new(BIO_s_file());
    if (out != NULL) {
        FILE* f = fopen(fileName, "wb");
        BIO_set_fp(out, f, BIO_CLOSE);
        BIO_write(out, der, derSz);
        BIO_free(out);
    }
}
#else
#define DEBUG_WRITE_CERT_X509(x509, fileName)
#define DEBUG_WRITE_CERT_DER(der, derSz, fileName)
#endif


static void test_wolfSSL_CertManagerNameConstraint(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
    defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
    !defined(NO_SHA256)
    WOLFSSL_CERT_MANAGER* cm;
    WOLFSSL_EVP_PKEY *priv;
    WOLFSSL_X509_NAME* name;
    const char* ca_cert = "./certs/test/cert-ext-nc.der";
    const char* server_cert = "./certs/test/server-goodcn.pem";
    int i = 0;
    static const byte extNameConsOid[] = {85, 29, 30};

    RsaKey  key;
    WC_RNG  rng;
    byte    *der;
    int     derSz;
    word32  idx = 0;
    byte    *pt;
    WOLFSSL_X509 *x509, *ca;

    wc_InitRng(&rng);

    /* load in CA private key for signing */
    AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, devId), 0);
    AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
                sizeof_server_key_der_2048), 0);

    /* get ca certificate then alter it */
    AssertNotNull(der =
            (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
                WOLFSSL_FILETYPE_ASN1));
    AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
    XMEMCPY(der, pt, derSz);

    /* find the name constraint extension and alter it */
    pt = der;
    for (i = 0; i < derSz - 3; i++) {
        if (XMEMCMP(pt, extNameConsOid, 3) == 0) {
            pt += 3;
            break;
        }
        pt++;
    }
    AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */

    /* go to the length value and set it to 0 */
    while (i < derSz && *pt != 0x81) {
        pt++;
        i++;
    }
    AssertIntNE(i, derSz); /* did not place to alter */
    pt++;
    *pt = 0x00;

    /* resign the altered certificate */
    AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der,
                             FOURK_BUF, &key, NULL, &rng)), 0);

    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
    wolfSSL_CertManagerFree(cm);

    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    wolfSSL_X509_free(x509);
    wc_FreeRsaKey(&key);
    wc_FreeRng(&rng);

    /* add email alt name to satisfy constraint */
    pt = (byte*)server_key_der_2048;
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
                (const unsigned char**)&pt, sizeof_server_key_der_2048));

    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
                WOLFSSL_FILETYPE_ASN1));

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
    DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");

    AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* Good cert test with proper alt email name */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                     (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);

    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);


    /* Cert with bad alt name list */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                     (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
    wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);

    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);

    wolfSSL_CertManagerFree(cm);
    wolfSSL_X509_free(x509);
    wolfSSL_X509_free(ca);
    wolfSSL_EVP_PKEY_free(priv);
#endif
}


static void test_wolfSSL_CertManagerNameConstraint2(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
    defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
    const char* ca_cert  = "./certs/test/cert-ext-ndir.der";
    const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der";
    const char* server_cert = "./certs/server-cert.pem";
    WOLFSSL_CERT_MANAGER* cm;
    WOLFSSL_X509 *x509, *ca;

    const unsigned char *der;
    const unsigned char *pt;
    WOLFSSL_EVP_PKEY *priv;
    WOLFSSL_X509_NAME* name;
    int   derSz;

    /* C=US*/
    char altName[] = {
        0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
        0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53
    };

    /* C=ID */
    char altNameFail[] = {
        0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
        0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44
    };

    /* C=US ST=California*/
    char altNameExc[] = {
        0x30, 0x22,
        0x31, 0x0B,
        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
        0x31, 0x13,
        0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
        0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61
    };
    /* load in CA private key for signing */
    pt = ca_key_der_2048;
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
                                                sizeof_ca_key_der_2048));

    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
                WOLFSSL_FILETYPE_ASN1));
    AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
    wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
    AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* add in matching DIR alt name and resign */
    wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
    wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif

    AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    /* check verify fail */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    /* add in miss matching DIR alt name and resign */
    wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
            ASN_DIR_TYPE);

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
    wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
    AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif

    /* check that it still fails if one bad altname and one good altname is in
     * the certificate */
    wolfSSL_X509_free(x509);
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
    wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
    wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
            ASN_DIR_TYPE);

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
    wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
    AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif

    /* check it fails with switching position of bad altname */
    wolfSSL_X509_free(x509);
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
    wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
            ASN_DIR_TYPE);
    wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
    wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
    AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
    wolfSSL_CertManagerFree(cm);

    wolfSSL_X509_free(x509);
    wolfSSL_X509_free(ca);

    /* now test with excluded name constraint */
    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2,
                WOLFSSL_FILETYPE_ASN1));
    AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc),
            ASN_DIR_TYPE);
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
    wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
    AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
    wolfSSL_CertManagerFree(cm);
    wolfSSL_X509_free(x509);
    wolfSSL_X509_free(ca);
    wolfSSL_EVP_PKEY_free(priv);
#endif
}

static void test_wolfSSL_CertManagerNameConstraint3(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
    defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
    !defined(NO_SHA256)
    WOLFSSL_CERT_MANAGER* cm;
    WOLFSSL_EVP_PKEY *priv;
    WOLFSSL_X509_NAME* name;
    const char* ca_cert = "./certs/test/cert-ext-mnc.der";
    const char* server_cert = "./certs/test/server-goodcn.pem";

    byte    *der;
    int     derSz;
    byte    *pt;
    WOLFSSL_X509 *x509, *ca;

    pt = (byte*)server_key_der_2048;
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
                (const unsigned char**)&pt, sizeof_server_key_der_2048));

    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
                WOLFSSL_FILETYPE_ASN1));
    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
    DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");

    AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* check satisfying .wolfssl.com constraint passes */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                     (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);

    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    /* check satisfying .random.com constraint passes */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                     (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE);

    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    /* check fail case when neither constraint is matched */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                     (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);

    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);

    wolfSSL_CertManagerFree(cm);
    wolfSSL_X509_free(x509);
    wolfSSL_X509_free(ca);
    wolfSSL_EVP_PKEY_free(priv);
#endif
}

static void test_wolfSSL_CertManagerNameConstraint4(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
    defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
    !defined(NO_SHA256)
    WOLFSSL_CERT_MANAGER* cm;
    WOLFSSL_EVP_PKEY *priv;
    WOLFSSL_X509_NAME* name;
    const char* ca_cert = "./certs/test/cert-ext-ncdns.der";
    const char* server_cert = "./certs/test/server-goodcn.pem";

    byte    *der;
    int     derSz;
    byte    *pt;
    WOLFSSL_X509 *x509, *ca;

    pt = (byte*)server_key_der_2048;
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
                (const unsigned char**)&pt, sizeof_server_key_der_2048));

    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
                WOLFSSL_FILETYPE_ASN1));
    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
    DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");

    AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* check satisfying wolfssl.com constraint passes */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    /* check satisfying example.com constraint passes */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"example.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    /* check satisfying wolfssl.com constraint passes with list of DNS's */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    /* check fail when one DNS in the list is bad */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
    wolfSSL_X509_free(x509);

    /* check fail case when neither constraint is matched */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"common", 6, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);

    wolfSSL_CertManagerFree(cm);
    wolfSSL_X509_free(x509);
    wolfSSL_X509_free(ca);
    wolfSSL_EVP_PKEY_free(priv);
#endif
}

static void test_wolfSSL_CertManagerNameConstraint5(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
    defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
    !defined(NO_SHA256)
    WOLFSSL_CERT_MANAGER* cm;
    WOLFSSL_EVP_PKEY *priv;
    WOLFSSL_X509_NAME* name;
    const char* ca_cert = "./certs/test/cert-ext-ncmixed.der";
    const char* server_cert = "./certs/test/server-goodcn.pem";

    byte    *der;
    int     derSz;
    byte    *pt;
    WOLFSSL_X509 *x509, *ca;

    pt = (byte*)server_key_der_2048;
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
                (const unsigned char**)&pt, sizeof_server_key_der_2048));

    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
                WOLFSSL_FILETYPE_ASN1));
    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
    DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");

    AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* check satisfying wolfssl.com constraint passes */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"example", 7, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    /* fail with DNS check because of common name */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
    wolfSSL_X509_free(x509);

    /* fail on permitted DNS name constraint */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
    wolfSSL_X509_free(x509);

    /* fail on permitted email name constraint */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
    wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
    wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
    wolfSSL_X509_free(x509);

    /* success with empty email name */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
                WOLFSSL_FILETYPE_PEM));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
    X509_NAME_free(name);

    wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
    AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
    DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem");

    AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
    AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    wolfSSL_X509_free(x509);

    wolfSSL_CertManagerFree(cm);
    wolfSSL_X509_free(ca);
    wolfSSL_EVP_PKEY_free(priv);
#endif
}

static void test_wolfSSL_CertManagerCRL(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
    !defined(NO_RSA)

    const char* ca_cert = "./certs/ca-cert.pem";
    const char* crl1     = "./certs/crl/crl.pem";
    const char* crl2     = "./certs/crl/crl2.pem";

    WOLFSSL_CERT_MANAGER* cm = NULL;

    AssertNotNull(cm = wolfSSL_CertManagerNew());
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
    wolfSSL_CertManagerFreeCRL(cm);

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
    wolfSSL_CertManagerFree(cm);

#endif
}

static void test_wolfSSL_CTX_load_verify_locations_ex(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
    !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX* ctx;
    const char* ca_cert = "./certs/ca-cert.pem";
    const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);

    /* test good CA */
    AssertTrue(WOLFSSL_SUCCESS ==
        wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL,
            WOLFSSL_LOAD_FLAG_NONE));

    /* test expired CA */
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
    AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
            WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#else
    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
            WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#endif
    AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);

#endif
}

static void test_wolfSSL_CTX_load_verify_buffer_ex(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
    defined(USE_CERT_BUFFERS_2048)
    WOLFSSL_CTX* ctx;
    const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
    byte ca_expired_cert[TWOK_BUF];
    word32 sizeof_ca_expired_cert;
    XFILE fp;

#ifndef NO_WOLFSSL_CLIENT
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#else
    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
#endif
    AssertNotNull(ctx);

    /* test good CA */
    AssertTrue(WOLFSSL_SUCCESS ==
        wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
            sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
            WOLFSSL_LOAD_FLAG_NONE));

    /* load expired CA */
    XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
    fp = XFOPEN(ca_expired_cert_file, "rb");
    AssertTrue(fp != XBADFILE);
    sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1,
        sizeof(ca_expired_cert), fp);
    XFCLOSE(fp);

    /* test expired CA failure */


#ifndef OPENSSL_COMPATIBLE_DEFAULTS
    AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
            sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
            WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#else
    AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
            sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
            WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#endif
    /* test expired CA success */
    AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
            sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);

#endif
}

static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048)
    WOLFSSL_CTX* ctx;

  #ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  #else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  #endif

    AssertTrue(WOLFSSL_SUCCESS ==
               wolfSSL_CTX_load_verify_chain_buffer_format(ctx, ca_cert_chain_der,
                                                           sizeof_ca_cert_chain_der,
                                                           WOLFSSL_FILETYPE_ASN1));

    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_CTX_add1_chain_cert(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
    defined(KEEP_OUR_CERT)
    WOLFSSL_CTX*        ctx;
    WOLFSSL*            ssl;
    const char *certChain[] = {
            "./certs/intermediate/client-int-cert.pem",
            "./certs/intermediate/ca-int2-cert.pem",
            "./certs/intermediate/ca-int-cert.pem",
            "./certs/ca-cert.pem",
            NULL
    };
    const char** cert;
    WOLFSSL_X509* x509;
    WOLF_STACK_OF(X509)* chain = NULL;

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
    AssertNotNull(ssl = wolfSSL_new(ctx));

    for (cert = certChain; *cert != NULL; cert++) {
        x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
        AssertNotNull(x509);
        AssertIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1);
        X509_free(x509);
    }
    for (cert = certChain; *cert != NULL; cert++) {
        x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
        AssertNotNull(x509);
        AssertIntEQ(SSL_add1_chain_cert(ssl, x509), 1);
        X509_free(x509);
    }

    AssertIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1);
    AssertIntEQ(sk_X509_num(chain), 3);
    AssertIntEQ(SSL_get0_chain_certs(ssl, &chain), 1);
    AssertIntEQ(sk_X509_num(chain), 3);

    SSL_free(ssl);
    SSL_CTX_free(ctx);
#endif
}

static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
{
    int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
    const char* server_chain_der = "./certs/server-cert-chain.der";
    WOLFSSL_CTX* ctx;

  #ifndef NO_WOLFSSL_CLIENT
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
  #else
    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertNotNull(ctx);
  #endif

    AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
        server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
#endif
    return ret;
}

static void test_wolfSSL_CTX_SetTmpDH_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH)
    WOLFSSL_CTX *ctx;

  #ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  #else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  #endif

    /* invalid context */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
                dhParamFile, WOLFSSL_FILETYPE_PEM));

    /* invalid dhParamFile file */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
                NULL, WOLFSSL_FILETYPE_PEM));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
                bogusFile, WOLFSSL_FILETYPE_PEM));

    /* success */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
                WOLFSSL_FILETYPE_PEM));

    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_CTX_SetTmpDH_buffer(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH)
    WOLFSSL_CTX *ctx;

  #ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  #else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  #endif

    /* invalid context */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    /* invalid dhParamFile file */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
                0, WOLFSSL_FILETYPE_ASN1));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048,
                sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    /* success */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH)
    WOLFSSL_CTX *ctx;

  #ifndef NO_WOLFSSL_CLIENT
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
  #else
    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertNotNull(ctx);
  #endif

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));

    AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));

    AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_CTX_der_load_verify_locations(void)
{
#ifdef WOLFSSL_DER_LOAD
    WOLFSSL_CTX* ctx = NULL;
    const char* derCert = "./certs/server-cert.der";
    const char* nullPath = NULL;
    const char* invalidPath = "./certs/this-cert-does-not-exist.der";
    const char* emptyPath = "";

    /* der load Case 1 ctx NULL */
    AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);

  #ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  #else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  #endif

    /* Case 2 filePath NULL */
    AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
    /* Case 3 invalid format */
    AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
    /* Case 4 filePath not valid */
    AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
    /* Case 5 filePath empty */
    AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
#ifndef NO_RSA
    /* Case 6 success case */
    AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif

    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_CTX_enable_disable(void)
{
#ifndef NO_CERTS
    WOLFSSL_CTX* ctx = NULL;

  #ifdef HAVE_CRL
    AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
  #endif

  #ifdef HAVE_OCSP
    AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
  #endif

  #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
      defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
    AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
  #endif

  #ifndef NO_WOLFSSL_CLIENT

    #ifdef HAVE_EXTENDED_MASTER
    AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
    #endif
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);

    #ifdef HAVE_EXTENDED_MASTER
    AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS);
    #endif

  #elif !defined(NO_WOLFSSL_SERVER)
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  #else
    return;
  #endif

  #ifdef HAVE_CRL
    AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS);
  #endif

  #ifdef HAVE_OCSP
    AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE),
                WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE),
                WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL),
                WOLFSSL_SUCCESS);
  #endif

  #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
      defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
    AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
  #endif
    wolfSSL_CTX_free(ctx);
#endif /* NO_CERTS */
}

static void test_wolfSSL_CTX_ticket_API(void)
{
#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX* ctx = NULL;
    void *userCtx = (void*)"this is my ctx";

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx));
    AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx));

    wolfSSL_CTX_free(ctx);

    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
    AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
}

static void test_wolfSSL_set_minmax_proto_version(void)
{
#ifdef OPENSSL_EXTRA
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
int ret;
(void)ret;
(void)ssl;
printf(testingFmt, "test_wolfSSL_set_minmax_proto_version");

#ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
    AssertNotNull(ssl = wolfSSL_new(ctx));

    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);

    AssertIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
    AssertIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
    AssertIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);

#else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));

    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
#endif

    printf(resultFmt, passed);
#endif
}

/*----------------------------------------------------------------------------*
 | SSL
 *----------------------------------------------------------------------------*/

static void test_server_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
        !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX *ctx;
    WOLFSSL_CTX *ctx_nocert;
    WOLFSSL *ssl;

    AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
    AssertNotNull(ctx        = wolfSSL_CTX_new(wolfSSLv23_server_method()));

    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));

    /* invalid context */
    AssertNull(ssl = wolfSSL_new(NULL));
#if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && !defined(OPENSSL_EXTRA)
    AssertNull(ssl = wolfSSL_new(ctx_nocert));
#endif

    /* success */
    AssertNotNull(ssl = wolfSSL_new(ctx));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_CTX_free(ctx_nocert);
#endif
}


static void test_client_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
        !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx;
    WOLFSSL_CTX *ctx_nocert;
    WOLFSSL *ssl;

    AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
    AssertNotNull(ctx        = wolfSSL_CTX_new(wolfSSLv23_client_method()));

    AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));

    /* invalid context */
    AssertNull(ssl = wolfSSL_new(NULL));

    /* success */
    AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
    wolfSSL_free(ssl);

    /* success */
    AssertNotNull(ssl = wolfSSL_new(ctx));
    wolfSSL_free(ssl);

    wolfSSL_CTX_free(ctx);
    wolfSSL_CTX_free(ctx_nocert);
#endif
}

static void test_wolfSSL_SetTmpDH_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
        !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX *ctx;
    WOLFSSL *ssl;

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#ifndef NO_RSA
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
               WOLFSSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
               WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ECC)
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
               WOLFSSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
               WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ED25519)
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
               WOLFSSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
               WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ED448)
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
               WOLFSSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
               WOLFSSL_FILETYPE_PEM));
#endif
    AssertNotNull(ssl = wolfSSL_new(ctx));

    /* invalid ssl */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
                dhParamFile, WOLFSSL_FILETYPE_PEM));

    /* invalid dhParamFile file */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
                NULL, WOLFSSL_FILETYPE_PEM));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
                bogusFile, WOLFSSL_FILETYPE_PEM));

    /* success */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
                WOLFSSL_FILETYPE_PEM));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_SetTmpDH_buffer(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX *ctx;
    WOLFSSL *ssl;

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
    AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
                sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
                sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
    AssertNotNull(ssl = wolfSSL_new(ctx));

    /* invalid ssl */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    /* invalid dhParamFile file */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
                0, WOLFSSL_FILETYPE_ASN1));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
                sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    /* success */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_SetMinMaxDhKey_Sz(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX *ctx, *ctx2;
    WOLFSSL *ssl, *ssl2;
    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertNotNull(ctx);
    AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
                sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
                sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
    ssl = wolfSSL_new(ctx);
    AssertNotNull(ssl);
    ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertNotNull(ctx2);
    AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
                sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
                sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
    ssl2 = wolfSSL_new(ctx2);
    AssertNotNull(ssl2);

    AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
    AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
    AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));

    wolfSSL_free(ssl2);
    wolfSSL_CTX_free(ctx2);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}


/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
 * allowed.
 * POST: return 1 on success.
 */
static int test_wolfSSL_SetMinVersion(void)
{
    int                 failFlag = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_CLIENT
    WOLFSSL_CTX*        ctx;
    WOLFSSL*            ssl;
    int                 itr;

    #ifndef NO_OLD_TLS
        const int versions[]  =  {
                            #ifdef WOLFSSL_ALLOW_TLSV10
                                   WOLFSSL_TLSV1,
                            #endif
                                   WOLFSSL_TLSV1_1,
                                   WOLFSSL_TLSV1_2};
    #elif !defined(WOLFSSL_NO_TLS12)
        const int versions[]  =  { WOLFSSL_TLSV1_2 };
    #else
        const int versions[]  =  { WOLFSSL_TLSV1_3 };
    #endif

    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    ssl = wolfSSL_new(ctx);

    printf(testingFmt, "wolfSSL_SetMinVersion()");

    for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
       if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS){
            failFlag = WOLFSSL_FAILURE;
        }
    }

    printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
    return failFlag;

} /* END test_wolfSSL_SetMinVersion */


/*----------------------------------------------------------------------------*
 | EC
 *----------------------------------------------------------------------------*/

/* Test function for EC_POINT_new, EC_POINT_mul, EC_POINT_free,
    EC_GROUP_new_by_curve_name, EC_GROUP_order_bits
 */

# if defined(OPENSSL_EXTRA) && \
  (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
static void test_wolfSSL_EC(void)
{
#if defined(HAVE_ECC)
    BN_CTX *ctx;
    EC_GROUP *group;
    EC_GROUP *group2;
    EC_POINT *Gxy, *new_point, *set_point;
    BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
    BIGNUM *X, *Y;
    BIGNUM *set_point_bn;
    char* hexStr;
    int group_bits;

    const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0";
    /* NISTP256R1 Gx/Gy */
    const char* kGx   = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
    const char* kGy   = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";

#ifndef HAVE_SELFTEST
    EC_POINT *tmp;
    size_t bin_len;
    unsigned char* buf = NULL;

    const char* uncompG   = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
    const unsigned char binUncompG[] = {
        0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
        0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
        0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
    };

#ifdef HAVE_COMP_KEY
    const char* compG   = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
    const unsigned char binCompG[] = {
        0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
    };
#endif
#endif

    AssertNotNull(ctx = BN_CTX_new());
    AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
    AssertNotNull(group2 = EC_GROUP_dup(group));
    AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
    AssertNotNull(Gxy = EC_POINT_new(group));
    AssertNotNull(new_point = EC_POINT_new(group));
    AssertNotNull(set_point = EC_POINT_new(group));
    AssertNotNull(X = BN_new());
    AssertNotNull(Y = BN_new());
    AssertNotNull(set_point_bn = BN_new());

    /* load test values */
    AssertIntEQ(BN_hex2bn(&k,  kTest), WOLFSSL_SUCCESS);
    AssertIntEQ(BN_hex2bn(&Gx, kGx),   WOLFSSL_SUCCESS);
    AssertIntEQ(BN_hex2bn(&Gy, kGy),   WOLFSSL_SUCCESS);
    AssertIntEQ(BN_hex2bn(&Gz, "1"),   WOLFSSL_SUCCESS);

    /* populate coordinates for input point */
    Gxy->X = Gx;
    Gxy->Y = Gy;
    Gxy->Z = Gz;

#ifndef HAVE_SELFTEST
    /* perform point multiplication */
    AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(BN_is_zero(new_point->X), 0);
    AssertIntEQ(BN_is_zero(new_point->Y), 0);
    AssertIntEQ(BN_is_zero(new_point->Z), 0);
    AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(BN_is_zero(new_point->X), 0);
    AssertIntEQ(BN_is_zero(new_point->Y), 0);
    AssertIntEQ(BN_is_zero(new_point->Z), 0);
    AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(BN_is_zero(new_point->X), 0);
    AssertIntEQ(BN_is_zero(new_point->Y), 0);
    AssertIntEQ(BN_is_zero(new_point->Z), 0);
#else
    AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(BN_is_zero(new_point->X), 0);
    AssertIntEQ(BN_is_zero(new_point->Y), 0);
    AssertIntEQ(BN_is_zero(new_point->Z), 0);
#endif

    /* check if point X coordinate is zero */
    AssertIntEQ(BN_is_zero(new_point->X), 0);

#ifdef USE_ECC_B_PARAM
    AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
#endif /* USE_ECC_B_PARAM */

    /* Force non-affine coordinates */
    AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
                                     (WOLFSSL_BIGNUM*)BN_value_one()), 1);
    new_point->inSet = 0;

    /* extract the coordinates from point */
    AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);

    /* check if point X coordinate is zero */
    AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);

    /* set the same X and Y points in another object */
    AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS);

    /* compare points as they should be the same */
    AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);

    /* Test copying */
    AssertIntEQ(EC_POINT_copy(new_point, set_point), 1);

    /* Test inverting */
    AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1);

    AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED,
                                  set_point_bn, ctx), set_point_bn);

    /* check bn2hex */
    hexStr = BN_bn2hex(k);
    AssertStrEQ(hexStr, kTest);
#ifndef NO_FILESYSTEM
    BN_print_fp(stdout, k);
    printf("\n");
#endif
    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);

    hexStr = BN_bn2hex(Gx);
    AssertStrEQ(hexStr, kGx);
#ifndef NO_FILESYSTEM
    BN_print_fp(stdout, Gx);
    printf("\n");
#endif
    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);

    hexStr = BN_bn2hex(Gy);
    AssertStrEQ(hexStr, kGy);
#ifndef NO_FILESYSTEM
    BN_print_fp(stdout, Gy);
    printf("\n");
#endif
    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);

#ifndef HAVE_SELFTEST
    hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
    AssertStrEQ(hexStr, uncompG);
    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);

#ifdef HAVE_COMP_KEY
    hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
    AssertStrEQ(hexStr, compG);
    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
#endif

    bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx);
    AssertIntEQ(bin_len, sizeof(binUncompG));
    AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
    AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf,
                                   bin_len, ctx), bin_len);
    AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);

#ifdef HAVE_COMP_KEY
    bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
    AssertIntEQ(bin_len, sizeof(binCompG));
    AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
    AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
                                   bin_len, ctx), bin_len);
    AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
#endif

    AssertNotNull(tmp = EC_POINT_new(group));
    AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1);
    AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
    EC_POINT_free(tmp);

#ifdef HAVE_COMP_KEY
    AssertNotNull(tmp = EC_POINT_new(group));
    AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1);
    AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
    EC_POINT_free(tmp);
#endif
#endif

    /* test BN_mod_add */
    AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
                                         (WOLFSSL_BIGNUM*)BN_value_one(),
                                         (WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1);
    AssertIntEQ(BN_is_zero(new_point->Z), 1);
    /* cleanup */
    BN_free(X);
    BN_free(Y);
    BN_free(k);
    BN_free(set_point_bn);
    EC_POINT_free(new_point);
    EC_POINT_free(set_point);
    EC_POINT_free(Gxy);
    EC_GROUP_free(group);
    EC_GROUP_free(group2);
    BN_CTX_free(ctx);
#endif /* HAVE_ECC */
}
#endif /* OPENSSL_EXTRA && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */

#ifndef NO_BIO
static void test_wolfSSL_PEM_read_bio_ECPKParameters(void)
{
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
    EC_GROUP *group;
    BIO* bio;

    AssertNotNull(bio = BIO_new(BIO_s_file()));
    AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
    AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
    AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
    EC_GROUP_free(group);
    BIO_free(bio);
#endif /* HAVE_ECC */
}
#endif /* !NO_BIO */

# if defined(OPENSSL_EXTRA)
static void test_wolfSSL_ECDSA_SIG(void)
{
#ifdef HAVE_ECC
    WOLFSSL_ECDSA_SIG* sig = NULL;
    WOLFSSL_ECDSA_SIG* sig2 = NULL;
    const unsigned char* cp;
    unsigned char* p;
    unsigned char outSig[8];
    unsigned char sigData[8] =
                             { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
    sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData));
    AssertNull(sig);
    cp = sigData;
    AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
    AssertIntEQ((cp == sigData + 8), 1);
    cp = sigData;
    AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
    AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
    AssertIntEQ((sig == sig2), 1);
    cp = outSig;

    p = outSig;
    AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
    AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
    AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
    AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
    AssertIntEQ((p == outSig + 8), 1);
    AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0);

    wolfSSL_ECDSA_SIG_free(sig);
#endif /* HAVE_ECC */
}

static void test_EC_i2d(void)
{
#if defined(HAVE_ECC) && !defined(HAVE_FIPS)
    EC_KEY *key;
    EC_KEY *copy;
    int len;
    unsigned char *buf = NULL;
    const unsigned char *tmp = NULL;

    AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
    AssertIntEQ(EC_KEY_generate_key(key), 1);

    AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
    AssertIntEQ(i2d_EC_PUBKEY(key, &buf), len);

    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    buf = NULL;

    AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
    AssertIntEQ(i2d_ECPrivateKey(key, &buf), len);

    tmp = buf;
    AssertNotNull(d2i_ECPrivateKey(&copy, &tmp, len));
    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    buf = NULL;

    AssertIntGT((len = i2o_ECPublicKey(key, &buf)), 0);
    tmp = buf;
    AssertNotNull(o2i_ECPublicKey(&copy, &tmp, len));
    AssertIntEQ(EC_KEY_check_key(key), 1);
    XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);

    EC_KEY_free(key);
    EC_KEY_free(copy);
#endif /* HAVE_ECC */
}

static void test_ECDSA_size_sign(void)
{
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
    EC_KEY *key;
    int id;
    byte hash[WC_MAX_DIGEST_SIZE];
    byte sig[ECC_MAX_SIG_SIZE];
    unsigned int sigSz = sizeof(sig);

    XMEMSET(hash, 123, sizeof(hash));

    id = wc_ecc_get_curve_id_from_name("SECP256R1");
    AssertIntEQ(id, ECC_SECP256R1);

    AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
    AssertIntEQ(EC_KEY_generate_key(key), 1);
    AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
    AssertIntGE(ECDSA_size(key), sigSz);
    AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);

    EC_KEY_free(key);

#endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
}

static void test_ED25519(void)
{
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
    defined(WOLFSSL_KEY_GEN)
    byte         priv[ED25519_PRV_KEY_SIZE];
    unsigned int privSz = (unsigned int)sizeof(priv);
    byte         pub[ED25519_PUB_KEY_SIZE];
    unsigned int pubSz = (unsigned int)sizeof(pub);
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
    const char*  msg = TEST_STRING;
    unsigned int msglen = (unsigned int)TEST_STRING_SZ;
    byte         sig[ED25519_SIG_SIZE];
    unsigned int sigSz = (unsigned int)sizeof(sig);
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */

    AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
                WOLFSSL_SUCCESS);
    AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE);
    AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE);

#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
    AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
                                      &sigSz), WOLFSSL_SUCCESS);
    AssertIntEQ(sigSz, ED25519_SIG_SIZE);

#ifdef HAVE_ED25519_VERIFY
    AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
                                       sigSz), WOLFSSL_SUCCESS);
#endif /* HAVE_ED25519_VERIFY */
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
}

static void test_ED448(void)
{
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
    defined(WOLFSSL_KEY_GEN)
    byte         priv[ED448_PRV_KEY_SIZE];
    unsigned int privSz = (unsigned int)sizeof(priv);
    byte         pub[ED448_PUB_KEY_SIZE];
    unsigned int pubSz = (unsigned int)sizeof(pub);
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
    const char*  msg = TEST_STRING;
    unsigned int msglen = (unsigned int)TEST_STRING_SZ;
    byte         sig[ED448_SIG_SIZE];
    unsigned int sigSz = (unsigned int)sizeof(sig);
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */

    AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
                WOLFSSL_SUCCESS);
    AssertIntEQ(privSz, ED448_PRV_KEY_SIZE);
    AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE);

#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
    AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
                                   &sigSz), WOLFSSL_SUCCESS);
    AssertIntEQ(sigSz, ED448_SIG_SIZE);

#ifdef HAVE_ED448_VERIFY
    AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
                                     sigSz), WOLFSSL_SUCCESS);
#endif /* HAVE_ED448_VERIFY */
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
}
#endif /* OPENSSL_EXTRA */

#include <wolfssl/openssl/pem.h>
/*----------------------------------------------------------------------------*
 | EVP
 *----------------------------------------------------------------------------*/

static void test_wolfSSL_EVP_PKEY_print_public(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)

    WOLFSSL_BIO* rbio = NULL;
    WOLFSSL_BIO* wbio = NULL;
    WOLFSSL_EVP_PKEY* pkey = NULL;
    char line[256] = { 0 };
    char line1[256] = { 0 };
    int i;

    printf(testingFmt, "EVP_PKEY_print_public()");
    /* test error cases */
    AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L);

    /*
     *  test RSA public key print
     *  in this test, pass '3' for indent
     */
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024)

    rbio = BIO_new_mem_buf( client_keypub_der_1024,
                            sizeof_client_keypub_der_1024);
    AssertNotNull(rbio);

    wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
    AssertNotNull(pkey);

    wbio = BIO_new(BIO_s_mem());
    AssertNotNull(wbio);

    AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "   RSA Public-Key: (1024 bit)\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "   Modulus:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "       00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);


    /* skip to the end of modulus element*/
    for( i = 0; i < 8 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "   Exponent: 65537 (0x010001)\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);


    /* should reach EOF */
    AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);

    EVP_PKEY_free(pkey);
    pkey = NULL;
    BIO_free(rbio);
    BIO_free(wbio);
    rbio = NULL;
    wbio = NULL;

#endif  /* !NO_RSA && USE_CERT_BUFFERS_1024*/

    /*
     *  test DSA public key print
     */
#if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048)
    rbio = BIO_new_mem_buf( dsa_pub_key_der_2048,
                            sizeof_dsa_pub_key_der_2048);
    AssertNotNull(rbio);

    wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
    AssertNotNull(pkey);

    wbio = BIO_new(BIO_s_mem());
    AssertNotNull(wbio);

    AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "DSA Public-Key: (2048 bit)\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "pub:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1,
        "    00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* skip to the end of pub element*/
    for( i = 0; i < 17 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "P:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* skip to the end of P element*/
    for( i = 0; i < 18 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "Q:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* skip to the end of Q element*/
    for( i = 0; i < 3 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }
    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "G:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* skip to the end of G element*/
    for( i = 0; i < 18 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }
    /* should reach EOF */
    AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);

    EVP_PKEY_free(pkey);
    pkey = NULL;
    BIO_free(rbio);
    BIO_free(wbio);
    rbio = NULL;
    wbio = NULL;

#endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */

    /*
     *  test ECC public key print
     */
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)

    rbio = BIO_new_mem_buf( ecc_clikeypub_der_256,
                            sizeof_ecc_clikeypub_der_256);
    AssertNotNull(rbio);

    wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
    AssertNotNull(pkey);

    wbio = BIO_new(BIO_s_mem());
    AssertNotNull(wbio);

    AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "Public-Key: (256 bit)\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "pub:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1,
            "    04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* skip to the end of pub element*/
    for( i = 0; i < 4 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "ASN1 OID: prime256v1\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "NIST CURVE: P-256\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);


    /* should reach EOF */
    AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);

    EVP_PKEY_free(pkey);
    pkey = NULL;
    BIO_free(rbio);
    BIO_free(wbio);
    rbio = NULL;
    wbio = NULL;

#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */

    /*
     *  test DH public key print
     */
#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)

    rbio = BIO_new_mem_buf( dh_pub_key_der_2048,
                            sizeof_dh_pub_key_der_2048);
    AssertNotNull(rbio);

    wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
    AssertNotNull(pkey);

    wbio = BIO_new(BIO_s_mem());
    AssertNotNull(wbio);

    AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "DH Public-Key: (2048 bit)\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "public-key:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1,
        "    34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* skip to the end of public-key element*/
    for( i = 0; i < 17 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "prime:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1,
        "    00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* skip to the end of prime element*/
    for( i = 0; i < 17 ;i++) {
        BIO_gets(wbio, line, sizeof(line));
    }

    BIO_gets(wbio, line, sizeof(line));
    strcpy(line1, "generator: 2 (0x02)\n");
    AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);

    /* should reach EOF */
    AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);

    EVP_PKEY_free(pkey);
    pkey = NULL;
    BIO_free(rbio);
    BIO_free(wbio);
    rbio = NULL;
    wbio = NULL;

#endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */

    /* to prevent "unused variable" warning */
    (void)pkey;
    (void)wbio;
    (void)rbio;
    (void)line;
    (void)line1;
    (void)i;
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
/* Test functions for base64 encode/decode */
static void test_wolfSSL_EVP_ENCODE_CTX_new(void)
{
#if defined(OPENSSL_EXTRA) && \
( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
    printf(testingFmt, "EVP_ENCODE_CTX_new()");

    EVP_ENCODE_CTX* ctx = NULL;

    AssertNotNull( ctx = EVP_ENCODE_CTX_new());
    AssertIntEQ( ctx->remaining,0);
    AssertIntEQ( ctx->data[0],0);
    AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
    EVP_ENCODE_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
}
static void test_wolfSSL_EVP_ENCODE_CTX_free(void)
{
#if defined(OPENSSL_EXTRA) && \
( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
    printf(testingFmt, "EVP_ENCODE_CTX_free()");
    EVP_ENCODE_CTX* ctx = NULL;

    AssertNotNull( ctx = EVP_ENCODE_CTX_new());
    EVP_ENCODE_CTX_free(ctx);
    printf(resultFmt, passed);
#endif /*OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
}

static void test_wolfSSL_EVP_EncodeInit(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
    printf(testingFmt, "EVP_EncodeInit()");
    EVP_ENCODE_CTX* ctx = NULL;

    AssertNotNull( ctx = EVP_ENCODE_CTX_new());
    AssertIntEQ( ctx->remaining,0);
    AssertIntEQ( ctx->data[0],0);
    AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);

    /* make ctx dirty */
    ctx->remaining = 10;
    XMEMSET( ctx->data, 0x77, sizeof(ctx->data));

    EVP_EncodeInit(ctx);

    AssertIntEQ( ctx->remaining,0);
    AssertIntEQ( ctx->data[0],0);
    AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);

    EVP_ENCODE_CTX_free(ctx);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_EncodeUpdate(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
    printf(testingFmt, "EVP_EncodeUpdate()");
    int outl;
    int total;

    const unsigned char plain0[] = {"Th"};
    const unsigned char plain1[] = {"This is a base64 encodeing test."};
    const unsigned char plain2[] = {"This is additional data."};

    const unsigned char enc0[]   = {"VGg=\n"};
    /* expected encoded result for the first output 64 chars plus trailing LF*/
    const unsigned char enc1[]   = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"};

    const unsigned char enc2[]   =
    {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"};

    unsigned char encOutBuff[300];

    EVP_ENCODE_CTX* ctx = NULL;
    AssertNotNull( ctx = EVP_ENCODE_CTX_new());

    EVP_EncodeInit(ctx);

    /* illegal parameter test */
    AssertIntEQ(
        EVP_EncodeUpdate(
            NULL,            /* pass NULL as ctx */
            encOutBuff,
            &outl,
            plain1,
            sizeof(plain1)-1),
        0                    /* expected result code 0: fail */
    );

    AssertIntEQ(
        EVP_EncodeUpdate(
            ctx,
            NULL,           /* pass NULL as out buff */
            &outl,
            plain1,
            sizeof(plain1)-1),
        0                    /* expected result code 0: fail */
    );

    AssertIntEQ(
        EVP_EncodeUpdate(
            ctx,
            encOutBuff,
            NULL,            /* pass NULL as outl */
            plain1,
            sizeof(plain1)-1),
        0                    /* expected result code 0: fail */
    );

    AssertIntEQ(
        EVP_EncodeUpdate(
            ctx,
            encOutBuff,
            &outl,
            NULL,            /* pass NULL as in */
            sizeof(plain1)-1),
        0                    /* expected result code 0: fail */
    );

    /* meaningless parameter test */

    AssertIntEQ(
        EVP_EncodeUpdate(
            ctx,
            encOutBuff,
            &outl,
            plain1,
            0),              /* pass zero input */
        1                    /* expected result code 1: success */
    );

    /* very small data encoding test */

    EVP_EncodeInit(ctx);

    AssertIntEQ(
        EVP_EncodeUpdate(
            ctx,
            encOutBuff,
            &outl,
            plain0,
            sizeof(plain0)-1),
        1                    /* expected result code 1: success */
    );
    AssertIntEQ(outl,0);

        EVP_EncodeFinal(
            ctx,
            encOutBuff + outl,
            &outl);

    AssertIntEQ( outl, sizeof(enc0)-1);
    AssertIntEQ(
        XSTRNCMP(
            (const char*)encOutBuff,
            (const char*)enc0,sizeof(enc0) ),
    0);

    /* pass small size( < 48bytes ) input, then make sure they are not
     * encoded  and just stored in ctx
     */

    EVP_EncodeInit(ctx);

    total = 0;
    outl = 0;
    XMEMSET( encOutBuff,0, sizeof(encOutBuff));

    AssertIntEQ(
    EVP_EncodeUpdate(
        ctx,
        encOutBuff,         /* buffer for output */
        &outl,              /* size of output */
        plain1,             /* input */
        sizeof(plain1)-1),  /* size of input */
        1);                 /* expected result code 1:success */

    total += outl;

    AssertIntEQ(outl, 0);  /* no output expected */
    AssertIntEQ(ctx->remaining, sizeof(plain1) -1);
    AssertTrue(
        XSTRNCMP((const char*)(ctx->data),
                 (const char*)plain1,
                 ctx->remaining) ==0 );
    AssertTrue(encOutBuff[0] == 0);

    /* call wolfSSL_EVP_EncodeUpdate again to make it encode
     * the stored data and the new input together
     */
    AssertIntEQ(
    EVP_EncodeUpdate(
        ctx,
        encOutBuff + outl,  /* buffer for output */
        &outl,              /* size of output */
        plain2,             /* additional input */
        sizeof(plain2) -1), /* size of additional input */
        1);                 /* expected result code 1:success */

    total += outl;

    AssertIntNE(outl, 0);   /* some output is expected this time*/
    AssertIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */
    AssertIntEQ(
        XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0);

    /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */
    EVP_EncodeFinal(
        ctx,
        encOutBuff + outl,
        &outl);

    total += outl;

    AssertIntNE(total,0);
    AssertIntNE(outl,0);
    AssertIntEQ(XSTRNCMP(
        (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0);

    /* test with illeagal parameters */
    outl = 1;
    EVP_EncodeFinal(NULL, encOutBuff + outl, &outl);
    AssertIntEQ(outl, 0);
    outl = 1;
    EVP_EncodeFinal(ctx, NULL, &outl);
    AssertIntEQ(outl, 0);
    EVP_EncodeFinal(ctx, encOutBuff + outl, NULL);
    EVP_EncodeFinal(NULL, NULL, NULL);

    EVP_ENCODE_CTX_free(ctx);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_EncodeFinal(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
    printf(testingFmt, "wolfSSL_EVP_EncodeFinal()");

    /* tests for wolfSSL_EVP_EncodeFinal are included in
     * test_wolfSSL_EVP_EncodeUpdate
     */
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}


static void test_wolfSSL_EVP_DecodeInit(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
    printf(testingFmt, "EVP_DecodeInit()");

    EVP_ENCODE_CTX* ctx = NULL;

    AssertNotNull( ctx = EVP_ENCODE_CTX_new());
    AssertIntEQ( ctx->remaining,0);
    AssertIntEQ( ctx->data[0],0);
    AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);

    /* make ctx dirty */
    ctx->remaining = 10;
    XMEMSET( ctx->data, 0x77, sizeof(ctx->data));

    EVP_DecodeInit(ctx);

    AssertIntEQ( ctx->remaining,0);
    AssertIntEQ( ctx->data[0],0);
    AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);

    EVP_ENCODE_CTX_free(ctx);
    printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
static void test_wolfSSL_EVP_DecodeUpdate(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
    printf(testingFmt, "EVP_DecodeUpdate()");

    int outl;
    unsigned char decOutBuff[300];

    EVP_ENCODE_CTX* ctx = EVP_ENCODE_CTX_new();
    EVP_DecodeInit(ctx);

    const unsigned char enc1[]   =
            {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
/*    const unsigned char plain1[] =
    {"This is a base64 decoding test."} */

    /* illegal parameter tests */

    /* pass NULL as ctx */
    AssertIntEQ(
        EVP_DecodeUpdate(
            NULL,            /* pass NULL as ctx */
            decOutBuff,
            &outl,
            enc1,
            sizeof(enc1)-1),
        -1                    /* expected result code -1: fail */
    );
    AssertIntEQ( outl, 0);

    /* pass NULL as output */
    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            NULL,           /* pass NULL as out buff */
            &outl,
            enc1,
            sizeof(enc1)-1),
        -1                    /* expected result code -1: fail */
    );
    AssertIntEQ( outl, 0);

    /* pass NULL as outl */
    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff,
            NULL,            /* pass NULL as outl */
            enc1,
            sizeof(enc1)-1),
        -1                   /* expected result code -1: fail */
    );

    /* pass NULL as input */
    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff,
            &outl,
            NULL,            /* pass NULL as in */
            sizeof(enc1)-1),
        -1                    /* expected result code -1: fail */
    );
    AssertIntEQ( outl, 0);

    /* pass zero length input */

    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff,
            &outl,
            enc1,
            0),              /* pass zero as input len */
        1                    /* expected result code 1: success */
    );

    /* decode correct base64 string */

        const unsigned char enc2[]   =
        {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
        const unsigned char plain2[] =
        {"This is a base64 decoding test."};

    EVP_EncodeInit(ctx);

    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff,
            &outl,
            enc2,
            sizeof(enc2)-1),
        0                    /* expected result code 0: success */
    );

    AssertIntEQ(outl,sizeof(plain2) -1);

    AssertIntEQ(
        EVP_DecodeFinal(
            ctx,
            decOutBuff + outl,
            &outl),
        1                    /* expected result code 1: success */
    );
    AssertIntEQ(outl, 0);   /* expected DecodeFinal outout no data */

    AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff,
                sizeof(plain2) -1 ),0);

    /* decode correct base64 string which does not have '\n' in its last*/

        const unsigned char enc3[]   =
        {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */
        const unsigned char plain3[] =
        {"This is a base64 decoding test."}; /* 31 chars */

    EVP_EncodeInit(ctx);

    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff,
            &outl,
            enc3,
            sizeof(enc3)-1),
        0                    /* expected result code 0: success */
    );

    AssertIntEQ(outl,sizeof(plain3)-1);   /* 31 chars should be output */

    AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff,
                sizeof(plain3) -1 ),0);

    AssertIntEQ(
        EVP_DecodeFinal(
            ctx,
            decOutBuff + outl,
            &outl),
        1                    /* expected result code 1: success */
    );

    AssertIntEQ(outl,0 );

    /* decode string which has a padding char ('=') in the illegal position*/

        const unsigned char enc4[]   =
            {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"};


    EVP_EncodeInit(ctx);

    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff,
            &outl,
            enc4,
            sizeof(enc4)-1),
        -1                    /* expected result code -1: error */
    );
    AssertIntEQ(outl,0);

    /* small data decode test */

    const unsigned char enc00[]   = {"VG"};
    const unsigned char enc01[]   = {"g=\n"};
    const unsigned char plain4[]  = {"Th"};

    EVP_EncodeInit(ctx);

    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff,
            &outl,
            enc00,
            sizeof(enc00)-1),
        1                    /* expected result code 1: success */
    );
    AssertIntEQ(outl,0);

    AssertIntEQ(
        EVP_DecodeUpdate(
            ctx,
            decOutBuff + outl,
            &outl,
            enc01,
            sizeof(enc01)-1),
        0                    /* expected result code 0: success */
    );

    AssertIntEQ(outl,sizeof(plain4)-1);

    /* test with illegal parameters */
    AssertIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1);
    AssertIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1);
    AssertIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1);
    AssertIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1);

    EVP_DecodeFinal(
            ctx,
            decOutBuff + outl,
            &outl);

    AssertIntEQ( outl, 0);
    AssertIntEQ(
        XSTRNCMP(
            (const char*)decOutBuff,
            (const char*)plain4,sizeof(plain4)-1 ),
        0);

    EVP_ENCODE_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
static void test_wolfSSL_EVP_DecodeFinal(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
    printf(testingFmt, "EVP_DecodeFinal()");
    /* tests for wolfSSL_EVP_DecodeFinal are included in
     * test_wolfSSL_EVP_DecodeUpdate
     */
    printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}

/* Test function for wolfSSL_EVP_get_cipherbynid.
 */

#ifdef OPENSSL_EXTRA
static void test_wolfSSL_EVP_get_cipherbynid(void)
{
#ifndef NO_AES
    const WOLFSSL_EVP_CIPHER* c;

    c = wolfSSL_EVP_get_cipherbynid(419);
    #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
         defined(WOLFSSL_AES_128)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_128_CBC", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(423);
    #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
         defined(WOLFSSL_AES_192)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_192_CBC", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(427);
    #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
         defined(WOLFSSL_AES_256)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_256_CBC", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(904);
    #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_128_CTR", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(905);
    #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_192_CTR", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(906);
    #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_256_CTR", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(418);
    #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_128_ECB", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(422);
    #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_192_ECB", c));
    #else
        AssertNull(c);
    #endif

    c = wolfSSL_EVP_get_cipherbynid(426);
    #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
        AssertNotNull(c);
        AssertNotNull(strcmp("EVP_AES_256_ECB", c));
    #else
        AssertNull(c);
    #endif
#endif /* !NO_AES */

#ifndef NO_DES3
    AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
#ifdef WOLFSSL_DES_ECB
    AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29)));
#endif
    AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44)));
#ifdef WOLFSSL_DES_ECB
    AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
#endif
#endif /* !NO_DES3 */

#ifdef HAVE_IDEA
    AssertNotNull(strcmp("EVP_IDEA_CBC", wolfSSL_EVP_get_cipherbynid(34)));
#endif

  /* test for nid is out of range */
  AssertNull(wolfSSL_EVP_get_cipherbynid(1));

}

static void test_wolfSSL_EVP_CIPHER_CTX(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    const EVP_CIPHER *init = EVP_aes_128_cbc();
    const EVP_CIPHER *test;
    byte key[AES_BLOCK_SIZE] = {0};
    byte iv[AES_BLOCK_SIZE] = {0};

    AssertNotNull(ctx);
    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
    test = EVP_CIPHER_CTX_cipher(ctx);
    AssertTrue(init == test);
    AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);

    AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);

    EVP_CIPHER_CTX_free(ctx);
    /* test EVP_CIPHER_CTX_cleanup with NULL */
    AssertIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS);
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
}
#endif /* OPENSSL_EXTRA */

/*----------------------------------------------------------------------------*
 | IO
 *----------------------------------------------------------------------------*/
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
#define HAVE_IO_TESTS_DEPENDENCIES
#endif

/* helper functions */
#ifdef HAVE_IO_TESTS_DEPENDENCIES

#ifdef WOLFSSL_SESSION_EXPORT
#ifdef WOLFSSL_DTLS
/* set up function for sending session information */
static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx)
{
    WOLFSSL_CTX* ctx = NULL;
    WOLFSSL*     ssl = NULL;

    AssertNotNull(inSsl);
    AssertNotNull(buf);
    AssertIntNE(0, sz);

    /* Set ctx to DTLS 1.2 */
    ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
    AssertNotNull(ctx);

    ssl = wolfSSL_new(ctx);
    AssertNotNull(ssl);

    AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    (void)userCtx;
    return WOLFSSL_SUCCESS;
}
#endif

/* returns negative value on fail and positive (including 0) on success */
static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
{
    int ret, err, loop_count, count, timeout = 10;
    char msg[] = "I hear you fa shizzle!";
    char input[1024];

    loop_count = ((func_args*)args)->argc;

    err = 0; /* Reset error */
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_accept(ssl);
        err = wolfSSL_get_error(ssl, 0);

        if (err == WOLFSSL_ERROR_WANT_READ ||
            err == WOLFSSL_ERROR_WANT_WRITE) {
            int select_ret;

            err = WC_PENDING_E;
            select_ret = tcp_select(*sockfd, timeout);
            if (select_ret == TEST_TIMEOUT) {
                return WOLFSSL_FATAL_ERROR;
            }
        }
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        return ret;
    }

    for (count = 0; count < loop_count; count++) {
        int select_ret;

        select_ret = tcp_select(*sockfd, timeout);
        if (select_ret == TEST_TIMEOUT) {
            ret = WOLFSSL_FATAL_ERROR;
            break;
        }

        do {
            ret = wolfSSL_read(ssl, input, sizeof(input)-1);
            if (ret > 0) {
                input[ret] = '\0';
                printf("Client message: %s\n", input);
            }
        } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);

        do {
            if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) {
                return WOLFSSL_FATAL_ERROR;
            }
            err = wolfSSL_get_error(ssl, ret);
        } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
    }
    return ret;
}
#endif /* WOLFSSL_SESSION_EXPORT */

/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
    defined(HAVE_AES_CBC)

    typedef struct openssl_key_ctx {
        byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
        byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
        byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */
        byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */
    } openssl_key_ctx;

    static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx;
    static THREAD_LS_T WC_RNG myOpenSSLKey_rng;

    static WC_INLINE int OpenSSLTicketInit(void)
    {
        int ret = wc_InitRng(&myOpenSSLKey_rng);
        if (ret != 0) return ret;

        ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name,
                sizeof(myOpenSSLKey_ctx.name));
        if (ret != 0) return ret;

        ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key,
                sizeof(myOpenSSLKey_ctx.key));
        if (ret != 0) return ret;

        ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey,
                sizeof(myOpenSSLKey_ctx.hmacKey));
        if (ret != 0) return ret;

        ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv,
                sizeof(myOpenSSLKey_ctx.iv));
        if (ret != 0) return ret;

        return 0;
    }

    static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl,
                             byte name[WOLFSSL_TICKET_NAME_SZ],
                             byte iv[WOLFSSL_TICKET_IV_SZ],
                             WOLFSSL_EVP_CIPHER_CTX *ectx,
                             WOLFSSL_HMAC_CTX *hctx, int enc) {
        (void)ssl;
        if (enc) {
            XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name));
            XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv));
        }
        else if (XMEMCMP(name, myOpenSSLKey_ctx.name,
                            sizeof(myOpenSSLKey_ctx.name)) != 0 ||
                 XMEMCMP(iv, myOpenSSLKey_ctx.iv,
                            sizeof(myOpenSSLKey_ctx.iv)) != 0) {
            return 0;
        }
        HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL);
        if (enc)
            EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
        else
            EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
        return 1;
    }

    static WC_INLINE void OpenSSLTicketCleanup(void)
    {
        wc_FreeRng(&myOpenSSLKey_rng);
    }
#endif

#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
    #ifdef WC_SHA512_DIGEST_SIZE
        #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
    #else
        #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
    #endif
    byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
    byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
    byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
    byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
#endif
static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
{
    SOCKET_T sockfd = 0;
    SOCKET_T clientfd = 0;
    word16 port;

    callback_functions* cbf;
    WOLFSSL_CTX* ctx = 0;
    WOLFSSL* ssl = 0;

    char msg[] = "I hear you fa shizzle!";
    char input[1024];
    int idx;
    int ret, err = 0;
    int sharedCtx = 0;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
    size_t msg_len = 0;
#endif

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    ((func_args*)args)->return_code = TEST_FAIL;
    cbf = ((func_args*)args)->callbacks;

#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (cbf != NULL && cbf->ctx) {
        ctx = cbf->ctx;
        sharedCtx = 1;
    }
    else
#endif
    {
        WOLFSSL_METHOD* method = NULL;
        if (cbf != NULL && cbf->method != NULL) {
            method = cbf->method();
        }
        else {
            method = wolfSSLv23_server_method();
        }
        ctx = wolfSSL_CTX_new(method);
    }
    if (ctx == NULL) {
        goto done;
    }

#if defined(HAVE_SESSION_TICKET) && \
    ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
    OpenSSLTicketInit();
    wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
    TicketInit();
    wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
#endif

#if defined(USE_WINDOWS_API)
    port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
     !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
    /* Let tcp_listen assign port */
    port = 0;
#else
    /* Use default port */
    port = wolfSSLPort;
#endif

    /* do it here to detect failure */
    tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
    CloseSocket(sockfd);

    wolfSSL_CTX_set_verify(ctx,
                  WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);

#ifdef WOLFSSL_ENCRYPTED_KEYS
    wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

    if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
                                                           != WOLFSSL_SUCCESS) {
        /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
        goto done;
    }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
        /*err_sys("can't load server cert chain file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
        /*err_sys("can't load server key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }

    /* call ctx setup callback */
    if (cbf != NULL && cbf->ctx_ready != NULL) {
        cbf->ctx_ready(ctx);
    }

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        goto done;
    }

#ifdef WOLFSSL_SESSION_EXPORT
    /* only add in more complex nonblocking case with session export tests */
    if (args && ((func_args*)args)->argc > 0) {
        /* set as nonblock and time out for waiting on read/write */
        tcp_set_nonblocking(&clientfd);
        wolfSSL_dtls_set_using_nonblock(ssl, 1);
    }
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_use_certificate_file(ssl, svrCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
        /*err_sys("can't load server cert chain file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
        /*err_sys("can't load server key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }

    if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
        /*err_sys("SSL_set_fd failed");*/
        goto done;
    }

#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
    wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
    SetDH(ssl);  /* will repick suites with DHE, higher priority than PSK */
#endif

    /* call ssl setup callback */
    if (cbf != NULL && cbf->ssl_ready != NULL) {
        cbf->ssl_ready(ssl);
    }

#ifdef WOLFSSL_SESSION_EXPORT
    /* only add in more complex nonblocking case with session export tests */
    if (((func_args*)args)->argc > 0) {
        ret = nonblocking_accept_read(args, ssl, &clientfd);
        if (ret >= 0) {
            ((func_args*)args)->return_code = TEST_SUCCESS;
        }
    #ifdef WOLFSSL_TIRTOS
        Task_yield();
    #endif
        goto done;
    }
#endif

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_accept(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        /*err_sys("SSL_accept failed");*/
        goto done;
    }

#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
    XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
    msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
    AssertIntGE(msg_len, 0);

    XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
    msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
    AssertIntGE(msg_len, 0);
#endif

    idx = wolfSSL_read(ssl, input, sizeof(input)-1);
    if (idx > 0) {
        input[idx] = '\0';
        printf("Client message: %s\n", input);
    }

    if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
        /*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
        return;
#else
        return 0;
#endif
    }

    if (cbf != NULL && cbf->on_result != NULL)
        cbf->on_result(ssl);

#ifdef WOLFSSL_TIRTOS
    Task_yield();
#endif

    ((func_args*)args)->return_code = TEST_SUCCESS;

done:
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    if (!sharedCtx)
        wolfSSL_CTX_free(ctx);

    CloseSocket(clientfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
                            && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

#if defined(HAVE_SESSION_TICKET) && \
    ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
    OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
    TicketCleanup();
#endif
#endif

#ifndef WOLFSSL_TIRTOS
    return 0;
#endif
}

#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
{
    SOCKET_T sockfd = 0;
    SOCKET_T clientfd = 0;
    word16 port;

    callback_functions* cbf;
    WOLFSSL_CTX* ctx = 0;
    WOLFSSL* ssl = 0;

    char msg[] = "I hear you fa shizzle!";
    char input[1024];
    int idx;
    int ret, err = 0;
    int sharedCtx = 0;
    int loop_count = ((func_args*)args)->argc;
    int count = 0;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    ((func_args*)args)->return_code = TEST_FAIL;
    cbf = ((func_args*)args)->callbacks;

#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (cbf != NULL && cbf->ctx) {
        ctx = cbf->ctx;
        sharedCtx = 1;
    }
    else
#endif
    {
        WOLFSSL_METHOD* method = NULL;
        if (cbf != NULL && cbf->method != NULL) {
            method = cbf->method();
        }
        else {
            method = wolfSSLv23_server_method();
        }
        ctx = wolfSSL_CTX_new(method);
    }

#if defined(USE_WINDOWS_API)
    port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
     !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
    /* Let tcp_listen assign port */
    port = 0;
#else
    /* Use default port */
    port = wolfSSLPort;
#endif

    wolfSSL_CTX_set_verify(ctx,
                  WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);

#ifdef WOLFSSL_ENCRYPTED_KEYS
    wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

    if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
                                                           != WOLFSSL_SUCCESS) {
        /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
        goto done;
    }
    if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load server cert chain file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
    if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load server key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
    /* call ctx setup callback */
    if (cbf != NULL && cbf->ctx_ready != NULL) {
        cbf->ctx_ready(ctx);
    }

    while(count != loop_count) {
        ssl = wolfSSL_new(ctx);
        if (ssl == NULL) {
            goto done;
        }
        if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
                                        WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
            /*err_sys("can't load server cert chain file, "
                    "Please run from wolfSSL home dir");*/
            goto done;
        }
        if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
                                        WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
            /*err_sys("can't load server key file, "
                    "Please run from wolfSSL home dir");*/
            goto done;
        }

#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
        wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
        SetDH(ssl);  /* will repick suites with DHE, higher priority than PSK */
#endif
        /* call ssl setup callback */
        if (cbf != NULL && cbf->ssl_ready != NULL) {
            cbf->ssl_ready(ssl);
        }
        /* do it here to detect failure */
        tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
        CloseSocket(sockfd);
        if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
            /*err_sys("SSL_set_fd failed");*/
            goto done;
        }

        #ifdef WOLFSSL_ASYNC_CRYPT
        err = 0; /* Reset error */
        #endif
        do {
        #ifdef WOLFSSL_ASYNC_CRYPT
            if (err == WC_PENDING_E) {
                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                if (ret < 0) { break; } else if (ret == 0) { continue; }
            }
        #endif
            ret = wolfSSL_accept(ssl);
            err = wolfSSL_get_error(ssl, 0);
        } while (err == WC_PENDING_E);
        if (ret != WOLFSSL_SUCCESS) {
            char buff[WOLFSSL_MAX_ERROR_SZ];
            printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
            /*err_sys("SSL_accept failed");*/
            goto done;
        }

        idx = wolfSSL_read(ssl, input, sizeof(input)-1);
        if (idx > 0) {
            input[idx] = '\0';
            printf("Client message: %s\n", input);
        }

        if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
            /*err_sys("SSL_write failed");*/
    #ifdef WOLFSSL_TIRTOS
            return;
    #else
            return 0;
    #endif
        }
        /* free ssl for this connection */
        wolfSSL_shutdown(ssl);
        wolfSSL_free(ssl); ssl = NULL;
        CloseSocket(clientfd);

        count++;
    }
#ifdef WOLFSSL_TIRTOS
    Task_yield();
#endif

    ((func_args*)args)->return_code = TEST_SUCCESS;

done:
    if(ssl != NULL) {
        wolfSSL_shutdown(ssl);
        wolfSSL_free(ssl);
    }
    if (!sharedCtx)
        wolfSSL_CTX_free(ctx);

    CloseSocket(clientfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
                            && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

#ifndef WOLFSSL_TIRTOS
    return 0;
#endif
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */

typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);

static void test_client_nofail(void* args, cbType cb)
{
    SOCKET_T sockfd = 0;
    callback_functions* cbf;

    WOLFSSL_CTX*     ctx     = 0;
    WOLFSSL*         ssl     = 0;
    WOLFSSL_CIPHER*  cipher;

    char msg[64] = "hello wolfssl!";
    char reply[1024];
    int  input;
    int  msgSz = (int)XSTRLEN(msg);
    int  ret, err = 0;
    int  cipherSuite;
    int  sharedCtx = 0;
    const char* cipherName1, *cipherName2;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    ((func_args*)args)->return_code = TEST_FAIL;
    cbf = ((func_args*)args)->callbacks;

#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (cbf != NULL && cbf->ctx) {
        ctx = cbf->ctx;
        sharedCtx = cbf->isSharedCtx;
    }
    else
#endif
    {
        WOLFSSL_METHOD* method  = NULL;
        if (cbf != NULL && cbf->method != NULL) {
            method = cbf->method();
        }
        else {
            method = wolfSSLv23_client_method();
        }
        ctx = wolfSSL_CTX_new(method);
    }

#ifdef WOLFSSL_ENCRYPTED_KEYS
    wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

    /* Do connect here so server detects failures */
    tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
                0, 0, NULL);

    if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
    {
        /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
        goto done;
    }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
        /*err_sys("can't load client cert file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif

        /*err_sys("can't load client key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }

    /* call ctx setup callback */
    if (cbf != NULL && cbf->ctx_ready != NULL) {
        cbf->ctx_ready(ctx);
    }

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        goto done;
    }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_use_certificate_file(ssl, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
        /*err_sys("can't load client cert file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
    if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
        /*err_sys("can't load client key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }

    if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
        /*err_sys("SSL_set_fd failed");*/
        goto done;
    }

    /* call ssl setup callback */
    if (cbf != NULL && cbf->ssl_ready != NULL) {
        cbf->ssl_ready(ssl);
    }

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_connect(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        /*err_sys("SSL_connect failed");*/
        goto done;
    }

    /* test the various get cipher methods */
    /* Internal cipher suite names */
    cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
    cipherName1 = wolfSSL_get_cipher_name(ssl);
    cipherName2 = wolfSSL_get_cipher_name_from_suite(
        (cipherSuite >> 8), cipherSuite & 0xFF);
    AssertStrEQ(cipherName1, cipherName2);

    /* IANA Cipher Suites Names */
    /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS,
        then it's the internal cipher suite name */
    cipher = wolfSSL_get_current_cipher(ssl);
    cipherName1 = wolfSSL_CIPHER_get_name(cipher);
    cipherName2 = wolfSSL_get_cipher(ssl);
    AssertStrEQ(cipherName1, cipherName2);
#if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
    !defined(WOLFSSL_QT)
    cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
            (cipherSuite >> 8), cipherSuite & 0xFF);
    AssertStrEQ(cipherName1, cipherName2);
#endif

    if (cb != NULL)
        (cb)(ctx, ssl);

    if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
        /*err_sys("SSL_write failed");*/
        goto done;
    }

    input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
    if (input > 0) {
        reply[input] = '\0';
        printf("Server response: %s\n", reply);
    }

    ((func_args*)args)->return_code = TEST_SUCCESS;

done:
    wolfSSL_free(ssl);
    if (!sharedCtx)
        wolfSSL_CTX_free(ctx);

    CloseSocket(sockfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
                            && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

    return;
}

#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
{
    SOCKET_T sockfd = 0;
    callback_functions* cbf;

    WOLFSSL_CTX*     ctx     = 0;
    WOLFSSL*         ssl     = 0;
    WOLFSSL_SESSION* session = NULL;

    char msg[64] = "hello wolfssl!";
    char reply[1024];
    int  input;
    int  msgSz = (int)XSTRLEN(msg);
    int  ret, err = 0;
    int  sharedCtx = 0;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    ((func_args*)args)->return_code = TEST_FAIL;
    cbf = ((func_args*)args)->callbacks;

#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
    if (cbf != NULL && cbf->ctx) {
        ctx = cbf->ctx;
        sharedCtx = 1;
    }
    else
#endif
    {
        WOLFSSL_METHOD* method  = NULL;
        if (cbf != NULL && cbf->method != NULL) {
            method = cbf->method();
        }
        else {
            method = wolfSSLv23_client_method();
        }
        ctx = wolfSSL_CTX_new(method);
    }

#ifdef WOLFSSL_ENCRYPTED_KEYS
    wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

    /* Do connect here so server detects failures */
    tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
                0, 0, NULL);

    if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
    {
        /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
        goto done;
    }
    if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load client cert file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
    if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load client key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }

    /* call ctx setup callback */
    if (cbf != NULL && cbf->ctx_ready != NULL) {
        cbf->ctx_ready(ctx);
    }

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        goto done;
    }
    /* keep handshakre resources for re-using WOLFSSL obj */
    wolfSSL_KeepArrays(ssl);
    if(wolfSSL_KeepHandshakeResources(ssl)) {
        /* err_sys("SSL_KeepHandshakeResources failed"); */
        goto done;
    }
    if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load client cert file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
    if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load client key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }

    if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
        /*err_sys("SSL_set_fd failed");*/
        goto done;
    }

    /* call ssl setup callback */
    if (cbf != NULL && cbf->ssl_ready != NULL) {
        cbf->ssl_ready(ssl);
    }

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_connect(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        /*err_sys("SSL_connect failed");*/
        goto done;
    }
    /* Build first session */
    if (cb != NULL)
        ((cbType)cb)(ctx, ssl);

    if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
        /*err_sys("SSL_write failed");*/
        goto done;
    }

    input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
    if (input > 0) {
        reply[input] = '\0';
        printf("Server response: %s\n", reply);
    }

    /* Session Resumption by re-using WOLFSSL object */
    wolfSSL_set_quiet_shutdown(ssl, 1);
    if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
        /* err_sys ("SSL shutdown failed"); */
        goto done;
    }
    session = wolfSSL_get_session(ssl);
    if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
        /* err_sys ("SSL_clear failed"); */
        goto done;
    }
    wolfSSL_set_session(ssl, session);
    /* close socket once */
    CloseSocket(sockfd);
    sockfd = 0;
    /* wait until server ready */
    wait_tcp_ready((func_args*)server_args);
    printf("session resumption\n");
    /* Do re-connect  */
    tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
                0, 0, NULL);
    if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
        /*err_sys("SSL_set_fd failed");*/
        goto done;
    }

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_connect(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        /*err_sys("SSL_connect failed");*/
        goto done;
    }
    /* Build first session */
    if (cb != NULL)
        ((cbType)cb)(ctx, ssl);

    if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
        /*err_sys("SSL_write failed");*/
        goto done;
    }

    input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
    if (input > 0) {
        reply[input] = '\0';
        printf("Server response: %s\n", reply);
    }

    ((func_args*)args)->return_code = TEST_SUCCESS;

done:
    wolfSSL_free(ssl);
    if (!sharedCtx)
        wolfSSL_CTX_free(ctx);

    CloseSocket(sockfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

    return;
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */


static void test_client_verifyDepth(void* args)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)
    SOCKET_T sockfd = 0;
    callback_functions* cbf;

    WOLFSSL_CTX*     ctx     = 0;
    WOLFSSL*         ssl     = 0;

    char msg[64] = "hello wolfssl!";
    char reply[1024];
    int  input;
    int  msgSz = (int)XSTRLEN(msg);
    int  ret, err = 0;
    int  verify_depth = ((func_args*)args)->argc;

    ((func_args*)args)->return_code = TEST_FAIL;
    cbf = ((func_args*)args)->callbacks;

    {
        WOLFSSL_METHOD* method = NULL;
        if (cbf != NULL && cbf->method != NULL) {
            method = cbf->method();
        }
        else {
            method = wolfSSLv23_client_method();
        }
        ctx = wolfSSL_CTX_new(method);
    }

    /* Do connect here so server detects failures */
    tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
                0, 0, NULL);

    if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)
                                                        != WOLFSSL_SUCCESS)
    {
        /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
        goto done;
    }
    if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load client cert file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }
    if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        /*err_sys("can't load client key file, "
                "Please run from wolfSSL home dir");*/
        goto done;
    }

    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);

    /* set verify depth */
    if (verify_depth == 0) {
        myVerifyAction = VERIFY_OVERRIDE_ERROR;
        SSL_CTX_set_verify_depth(ctx, verify_depth);
    } else if (verify_depth == -1) {
        myVerifyAction = VERIFY_USE_PREVERFIY;
        SSL_CTX_set_verify_depth(ctx, 0);
    } else if (verify_depth > 0) {
        myVerifyAction = VERIFY_USE_PREVERFIY;
        SSL_CTX_set_verify_depth(ctx, verify_depth);
    }

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        goto done;
    }

    if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
        /*err_sys("SSL_set_fd failed");*/
        goto done;
    }

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_connect(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        goto done;
    }

    if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
        goto done;
    }

    input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
    if (input > 0) {
        reply[input] = '\0';
        printf("Server response: %s\n", reply);
    }

    ((func_args*)args)->return_code = TEST_SUCCESS;

done:
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(sockfd);
#else
    (void)args;
#endif /* defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) */
}

#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
     defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \
    defined(HAVE_ALPN) && defined(HAVE_SNI) && \
    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO)
    #define HAVE_ALPN_PROTOS_SUPPORT
#endif

/* Generic TLS client / server with callbacks for API unit tests
 * Used by SNI / ALPN / crypto callback helper functions */
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
    (defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \
     defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY)
    #define ENABLE_TLS_CALLBACK_TEST
#endif

#if defined(ENABLE_TLS_CALLBACK_TEST) || \
    (defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT))
/* TLS server for API unit testing - generic */
static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
{
    callback_functions* callbacks = ((func_args*)args)->callbacks;

    WOLFSSL_CTX* ctx = NULL;
    WOLFSSL*     ssl = NULL;
    SOCKET_T     sfd = 0;
    SOCKET_T     cfd = 0;
    word16       port;

    char msg[] = "I hear you fa shizzle!";
    int  len   = (int) XSTRLEN(msg);
    char input[1024];
    int  idx;
    int  ret, err = 0;

    ((func_args*)args)->return_code = TEST_FAIL;

#ifdef WOLFSSL_STATIC_MEMORY
    if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
        callbacks->memSz > 0) {
        ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
            callbacks->mem, callbacks->memSz, 0, 1);
        if (ret != WOLFSSL_SUCCESS) {
            printf("CTX static new failed %d\n", ret);
            return 0;
        }
    }
#endif
    if (ctx == NULL) {
        ctx = wolfSSL_CTX_new(callbacks->method());
    }
    if (ctx == NULL) {
        printf("CTX new failed\n");
        return 0;
    }

    /* set defaults */
    if (callbacks->caPemFile == NULL)
        callbacks->caPemFile = cliCertFile;
    if (callbacks->certPemFile == NULL)
        callbacks->certPemFile = svrCertFile;
    if (callbacks->keyPemFile == NULL)
        callbacks->keyPemFile = svrKeyFile;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    wolfSSL_CTX_SetDevId(ctx, callbacks->devId);

#if defined(USE_WINDOWS_API)
    port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
     !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
    /* Let tcp_listen assign port */
    port = 0;
#else
    /* Use default port */
    port = wolfSSLPort;
#endif

    wolfSSL_CTX_set_verify(ctx,
                  WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);

#ifdef WOLFSSL_ENCRYPTED_KEYS
    wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS)
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export));
#endif


    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
            WOLFSSL_FILETYPE_PEM));

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
            WOLFSSL_FILETYPE_PEM));

    if (callbacks->ctx_ready)
        callbacks->ctx_ready(ctx);

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        printf("SSL new failed\n");
        wolfSSL_CTX_free(ctx);
        return 0;
    }
    if (wolfSSL_dtls(ssl)) {
        SOCKADDR_IN_T cliAddr;
        socklen_t     cliLen;

        cliLen = sizeof(cliAddr);
        tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0);
        idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
                (struct sockaddr*)&cliAddr, &cliLen);
        AssertIntGT(idx, 0);
        wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
    }
    else {
        tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
        CloseSocket(sfd);
    }

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));

    if (callbacks->loadToSSL) {
        wolfSSL_SetDevId(ssl, callbacks->devId);

        AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
                WOLFSSL_FILETYPE_PEM));

        AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
                WOLFSSL_FILETYPE_PEM));
    }

#ifdef NO_PSK
    #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
        wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
    #elif !defined(NO_DH)
        SetDH(ssl);  /* will repick suites with DHE, higher priority than PSK */
    #endif
#endif

    if (callbacks->ssl_ready)
        callbacks->ssl_ready(ssl);


    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_accept(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        /*err_sys("SSL_accept failed");*/
    }
    else {
        if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
            input[idx] = 0;
            printf("Client message: %s\n", input);
        }

        AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \
        defined(WOLFSSL_DTLS)
        if (wolfSSL_dtls(ssl)) {
            byte*  import;
            word32 sz;

            wolfSSL_dtls_export(ssl, NULL, &sz);
            import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
            AssertNotNull(import);
            idx = wolfSSL_dtls_export(ssl, import, &sz);
            AssertIntGE(idx, 0);
            AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0);
            XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER);
        }
#endif
#ifdef WOLFSSL_TIRTOS
        Task_yield();
#endif
        ((func_args*)args)->return_code = TEST_SUCCESS;
    }

    if (callbacks->on_result)
        callbacks->on_result(ssl);

    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(cfd);


#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
                            && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

#ifndef WOLFSSL_TIRTOS
    return 0;
#endif
}

/* TLS Client for API unit testing - generic */
static void run_wolfssl_client(void* args)
{
    callback_functions* callbacks = ((func_args*)args)->callbacks;

    WOLFSSL_CTX* ctx = NULL;
    WOLFSSL*     ssl = NULL;
    SOCKET_T    sfd = 0;

    char msg[] = "hello wolfssl server!";
    int  len   = (int) XSTRLEN(msg);
    char input[1024];
    int  ret, err = 0;

    ((func_args*)args)->return_code = TEST_FAIL;

    /* set defaults */
    if (callbacks->caPemFile == NULL)
        callbacks->caPemFile = caCertFile;
    if (callbacks->certPemFile == NULL)
        callbacks->certPemFile = cliCertFile;
    if (callbacks->keyPemFile == NULL)
        callbacks->keyPemFile = cliKeyFile;

#ifdef WOLFSSL_STATIC_MEMORY
    if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
        callbacks->memSz > 0) {
        ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
            callbacks->mem, callbacks->memSz, 0, 1);
        if (ret != WOLFSSL_SUCCESS) {
            printf("CTX static new failed %d\n", ret);
            return;
        }
    }
#endif
    if (ctx == NULL) {
        ctx = wolfSSL_CTX_new(callbacks->method());
    }
    if (ctx == NULL) {
        printf("CTX new failed\n");
        return;
    }

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    if (!callbacks->loadToSSL) {
        wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
    }

#ifdef WOLFSSL_ENCRYPTED_KEYS
    wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));

    if (!callbacks->loadToSSL) {
        AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
                WOLFSSL_FILETYPE_PEM));

        AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
                WOLFSSL_FILETYPE_PEM));
    }

    if (callbacks->ctx_ready)
        callbacks->ctx_ready(ctx);

    ssl = wolfSSL_new(ctx);
    if (wolfSSL_dtls(ssl)) {
        tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
                    1, 0, ssl);
    }
    else {
        tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
                    0, 0, ssl);
    }
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));

    if (callbacks->loadToSSL) {
        wolfSSL_SetDevId(ssl, callbacks->devId);

        AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
                WOLFSSL_FILETYPE_PEM));

        AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
                WOLFSSL_FILETYPE_PEM));
    }

    if (callbacks->ssl_ready)
        callbacks->ssl_ready(ssl);

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_connect(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        /*err_sys("SSL_connect failed");*/
    }
    else {
        #ifdef WOLFSSL_ASYNC_CRYPT
        err = 0; /* Reset error */
        #endif
        do {
        #ifdef WOLFSSL_ASYNC_CRYPT
            if (err == WC_PENDING_E) {
                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                if (ret < 0) { break; } else if (ret == 0) { continue; }
            }
        #endif
            ret = wolfSSL_write(ssl, msg, len);
            err = wolfSSL_get_error(ssl, 0);
        } while (err == WC_PENDING_E);
        AssertIntEQ(len, ret);

        #ifdef WOLFSSL_ASYNC_CRYPT
        err = 0; /* Reset error */
        #endif
        do {
        #ifdef WOLFSSL_ASYNC_CRYPT
            if (err == WC_PENDING_E) {
                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                if (ret < 0) { break; } else if (ret == 0) { continue; }
            }
        #endif
            ret = wolfSSL_read(ssl, input, sizeof(input)-1);
            err = wolfSSL_get_error(ssl, 0);
        } while (err == WC_PENDING_E);
        if (ret > 0) {
            input[ret] = '\0'; /* null term */
            printf("Server response: %s\n", input);
        }
        ((func_args*)args)->return_code = TEST_SUCCESS;
    }

    if (callbacks->on_result)
        callbacks->on_result(ssl);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(sfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif
}

#endif /* ENABLE_TLS_CALLBACK_TEST */


static void test_wolfSSL_read_write(void)
{
    /* The unit testing for read and write shall happen simultaneously, since
     * one can't do anything with one without the other. (Except for a failure
     * test case.) This function will call all the others that will set up,
     * execute, and report their test findings.
     *
     * Set up the success case first. This function will become the template
     * for the other tests. This should eventually be renamed
     *
     * The success case isn't interesting, how can this fail?
     * - Do not give the client context a CA certificate. The connect should
     *   fail. Do not need server for this?
     * - Using NULL for the ssl object on server. Do not need client for this.
     * - Using NULL for the ssl object on client. Do not need server for this.
     * - Good ssl objects for client and server. Client write() without server
     *   read().
     * - Good ssl objects for client and server. Server write() without client
     *   read().
     * - Forgetting the password callback?
    */
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
}

#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static void test_wolfSSL_reuse_WOLFSSLobj(void)
{
    /* The unit test for session resumption by re-using WOLFSSL object.
     * WOLFSSL object is not cleared after first session. It re-use the obeject
     * for second connection.
    */
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    /* the var is used for loop number */
    server_args.argc = 2;

    start_thread(test_server_loop, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */

static void test_wolfSSL_CTX_verifyDepth_ServerClient(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)

    /* This unit test is to check set verify Depth */
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;
    callback_functions client_cbf;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&client_cbf, 0, sizeof(callback_functions));

    printf(testingFmt, "test_wolfSSL_CTX_verifyDepth_ServerClient()\n");

#ifdef WOLFSSL_TLS13
    client_cbf.method = wolfTLSv1_3_client_method;
#endif /* WOLFSSL_TLS13 */

    client_args.callbacks = &client_cbf;

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    /* the var is used for loop number */
    server_args.argc = 1;

    /* test case 1 verify depth is equal to peer chain */
    {
        start_thread(test_server_nofail, &server_args, &serverThread);
        wait_tcp_ready(&server_args);

        /* the var is used for verify depth */
        client_args.argc = 2;

        test_client_verifyDepth(&client_args);
        join_thread(serverThread);
        AssertIntEQ(client_args.return_code, TEST_SUCCESS);
        AssertIntEQ(server_args.return_code, TEST_SUCCESS);
    }

    /* test case 2
     * verify depth is zero, number of peer's chain is 2.
     * verify result becomes MAX_CHAIN_ERROR, but it is overridden in
     * callback.
     */

    /* the var is used for verify depth 0 and VERIFY_OVERRIDE_ERROR   */
    {
        start_thread(test_server_nofail, &server_args, &serverThread);
        wait_tcp_ready(&server_args);

        client_args.argc = 0;
        test_client_verifyDepth(&client_args);
        join_thread(serverThread);
        AssertIntEQ(client_args.return_code, TEST_SUCCESS);
        AssertIntEQ(server_args.return_code, TEST_SUCCESS);
    }
    /* test case 3
     * verify depth is zero, number of peer's chain is 2
     * verify result becomes MAX_CHAIN_ERRO. call-back returns failure.
     * therefore, handshake becomes failure.
     */
    /* the var is used for verify depth 0 and VERIFY_USE_PREVERFIY   */
    {
        start_thread(test_server_nofail, &server_args, &serverThread);
        wait_tcp_ready(&server_args);

        client_args.argc = -1;
        test_client_verifyDepth(&client_args);
        join_thread(serverThread);
        AssertIntEQ(client_args.return_code, TEST_SUCCESS);
        AssertIntEQ(server_args.return_code, TEST_SUCCESS);
    }

    FreeTcpReady(&ready);
    printf(resultFmt, passed);
#else
    (void)test_client_verifyDepth;
#endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */
}

static void test_client_get_finished(void* args, cbType cb)
{
    (void) args;
    (void) cb;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
    SOCKET_T sockfd = 0;
    callback_functions* cbf;

    WOLFSSL_CTX*     ctx     = 0;
    WOLFSSL*         ssl     = 0;

    char msg[64] = "hello wolfssl!";
    char reply[1024];
    int  msgSz = (int)XSTRLEN(msg);
    int  ret, err = 0;
    WOLFSSL_METHOD* method  = NULL;
    size_t msg_len = 0;

    ((func_args*)args)->return_code = TEST_FAIL;
    cbf = ((func_args*)args)->callbacks;

    if (cbf != NULL && cbf->method != NULL) {
        method = cbf->method();
    }
    else {
        method = wolfSSLv23_client_method();
    }
    ctx = wolfSSL_CTX_new(method);

    /* Do connect here so server detects failures */
    tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
                0, 0, NULL);

    if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
    {
        /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
        goto done;
    }

    if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        goto done;
    }
    if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
        goto done;
    }

    /* call ctx setup callback */
    if (cbf != NULL && cbf->ctx_ready != NULL) {
        cbf->ctx_ready(ctx);
    }

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        goto done;
    }

    if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
        goto done;
    }

    /* call ssl setup callback */
    if (cbf != NULL && cbf->ssl_ready != NULL) {
        cbf->ssl_ready(ssl);
    }

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_connect(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
        goto done;
    }

    /* get_finished test */
    /* 1. get own sent message */
    XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
    msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
    AssertIntGE(msg_len, 0);
    /* 2. get peer message */
    XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
    msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
    AssertIntGE(msg_len, 0);

    if (cb != NULL)
        (cb)(ctx, ssl);

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_write(ssl, msg, msgSz);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret != msgSz) {
        /*err_sys("SSL_write failed");*/
        goto done;
    }

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    if (ret > 0) {
        reply[ret] = '\0';
        printf("Server response: %s\n", reply);
    }

    ((func_args*)args)->return_code = TEST_SUCCESS;

done:
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(sockfd);

    return;
#endif
}

static void test_wolfSSL_get_finished(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)

    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_get_finished(&client_args, NULL);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    /* test received msg vs sent msg */
    AssertIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
    AssertIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));

    FreeTcpReady(&ready);
#else
    (void)test_client_get_finished;
#endif
}

#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
/* canned export of a session using older version 3 */
static unsigned char version_3[] = {
    0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01,
    0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
    0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
    0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30,
    0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05,
    0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00,
    0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01,
    0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05,
    0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D,
    0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B,
    0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98,
    0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0,
    0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74,
    0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26,
    0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9,
    0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04,
    0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
    0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D,
    0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00,
    0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01,
    0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00,
    0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30,
    0x2E, 0x31, 0xED, 0x4F
};
#endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */

static void test_wolfSSL_dtls_export(void)
{
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;
    callback_functions server_cbf;
    callback_functions client_cbf;
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    /* set using dtls */
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    XMEMSET(&client_cbf, 0, sizeof(callback_functions));
    server_cbf.method = wolfDTLSv1_2_server_method;
    client_cbf.method = wolfDTLSv1_2_client_method;
    server_args.callbacks = &server_cbf;
    client_args.callbacks = &client_cbf;

    server_args.signal = &ready;
    client_args.signal = &ready;

    start_thread(run_wolfssl_server, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    run_wolfssl_client(&client_args);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    {
        SOCKET_T sockfd = 0;
        WOLFSSL_CTX* ctx;
        WOLFSSL*     ssl;
        char msg[64] = "hello wolfssl!";
        char reply[1024];
        int  msgSz = (int)XSTRLEN(msg);
        byte *session, *window;
        unsigned int sessionSz, windowSz;
        struct sockaddr_in peerAddr;
        int i;


        /* Set ctx to DTLS 1.2 */
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
        AssertNotNull(ssl = wolfSSL_new(ctx));

        /* test importing version 3 */
        AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);

        /* test importing bad length and bad version */
        version_3[2] += 1;
        AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
        version_3[2] -= 1; version_3[1] = 0XA0;
        AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);


    /* check storing client state after connection and storing window only */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    /* set using dtls */
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    server_cbf.method = wolfDTLSv1_2_server_method;
    server_args.callbacks = &server_cbf;
    server_args.argc = 3; /* set loop_count to 3 */


    server_args.signal = &ready;
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);

    /* create and connect with client */
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
    AssertIntEQ(WOLFSSL_SUCCESS,
          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
    tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
    AssertNotNull(ssl = wolfSSL_new(ctx));
    AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);

    /* store server information connected too */
    XMEMSET(&peerAddr, 0, sizeof(peerAddr));
    peerAddr.sin_family = AF_INET;
    peerAddr.sin_port = XHTONS(server_args.signal->port);
    wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr));

    AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0);
    session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0);
    AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
    AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
    AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0);
    window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
    wolfSSL_free(ssl);

    for (i = 1; i < server_args.argc; i++) {
        /* restore state */
        AssertNotNull(ssl = wolfSSL_new(ctx));
        AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0);
        AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0);
        AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
        AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
        AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
        wolfSSL_free(ssl);
    }
    XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    wolfSSL_CTX_free(ctx);

    printf("done and waiting for server\n");
    join_thread(serverThread);
    AssertIntEQ(server_args.return_code, TEST_SUCCESS);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    }


    printf(testingFmt, "wolfSSL_dtls_export()");
    printf(resultFmt, passed);
#endif
}


#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
#ifdef WOLFSSL_TLS13
static const byte canned_client_tls13_session[] = {
    0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
    0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01,
    0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
    0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
    0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
    0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00,
    0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
    0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00,
    0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
    0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
    0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
    0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
    0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
    0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
    0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
    0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
    0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
    0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
    0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
    0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
    0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
    0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
    0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
    0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
    0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0,
    0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A,
    0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06,
    0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
    0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
    0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x03
};

static const byte canned_server_tls13_session[] = {
    0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00,
    0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
    0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00,
    0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
    0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
    0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F,
    0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
    0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
    0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
    0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
    0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
    0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
    0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
    0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
    0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
    0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
    0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
    0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
    0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
    0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
    0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
    0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
    0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
    0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
    0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D,
    0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3,
    0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1,
    0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
    0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
    0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x04
};
#endif /* WOLFSSL_TLS13 */

static const byte canned_client_session[] = {
    0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
    0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01,
    0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
    0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00,
    0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
    0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00,
    0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
    0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
    0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
    0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
    0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
    0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
    0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
    0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
    0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
    0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
    0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
    0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
    0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
    0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
    0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
    0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
    0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
    0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
    0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
    0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
    0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
    0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
    0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x03
};


static const byte canned_server_session[] = {
    0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
    0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
    0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11,
    0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
    0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
    0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
    0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
    0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
    0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
    0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
    0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
    0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
    0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
    0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
    0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
    0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
    0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
    0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
    0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
    0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
    0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
    0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
    0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
    0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
    0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
    0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
    0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
    0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x04
};


static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args)
{
    SOCKET_T sockfd = 0;
    SOCKET_T clientfd = 0;
    word16 port;

    callback_functions* cbf;
    WOLFSSL_CTX* ctx = 0;
    WOLFSSL* ssl = 0;

    char msg[] = "I hear you fa shizzle!";
    char input[1024];
    int idx;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    ((func_args*)args)->return_code = TEST_FAIL;
    cbf = ((func_args*)args)->callbacks;

    {
        WOLFSSL_METHOD* method = NULL;
        if (cbf != NULL && cbf->method != NULL) {
            method = cbf->method();
        }
        else {
            method = wolfTLSv1_2_server_method();
        }
        ctx = wolfSSL_CTX_new(method);
    }
    if (ctx == NULL) {
        goto done;
    }
    wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");

#if defined(USE_WINDOWS_API)
    port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
     !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
    /* Let tcp_listen assign port */
    port = 0;
#else
    /* Use default port */
    port = wolfSSLPort;
#endif

    /* do it here to detect failure */
    tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
    CloseSocket(sockfd);

    /* call ctx setup callback */
    if (cbf != NULL && cbf->ctx_ready != NULL) {
        cbf->ctx_ready(ctx);
    }

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        goto done;
    }
    wolfSSL_set_fd(ssl, clientfd);

    /* call ssl setup callback */
    if (cbf != NULL && cbf->ssl_ready != NULL) {
        cbf->ssl_ready(ssl);
    }
    idx = wolfSSL_read(ssl, input, sizeof(input)-1);
    if (idx > 0) {
        input[idx] = '\0';
        printf("Client message export/import: %s\n", input);
    }
    else {
        printf("ret = %d error = %d\n", idx, wolfSSL_get_error(ssl, idx));
        goto done;
    }

    if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
        /*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
        return;
#else
        return 0;
#endif
    }

#ifdef WOLFSSL_TIRTOS
    Task_yield();
#endif

    ((func_args*)args)->return_code = TEST_SUCCESS;

done:
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);

    CloseSocket(clientfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
                            && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

#if defined(HAVE_SESSION_TICKET) && \
    ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
    OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
    TicketCleanup();
#endif
#endif

#ifndef WOLFSSL_TIRTOS
    return 0;
#endif
}


static void load_tls12_canned_server(WOLFSSL* ssl)
{
    int clientfd = wolfSSL_get_fd(ssl);
    AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session,
                sizeof(canned_server_session)), sizeof(canned_server_session));
    wolfSSL_set_fd(ssl, clientfd);
}


#ifdef WOLFSSL_TLS13
static void load_tls13_canned_server(WOLFSSL* ssl)
{
    int clientfd = wolfSSL_get_fd(ssl);
    AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session,
            sizeof(canned_server_tls13_session)),
            sizeof(canned_server_tls13_session));
    wolfSSL_set_fd(ssl, clientfd);
}
#endif


/* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wolfSSL_tls_export_run(int v)
{
    SOCKET_T sockfd = 0;
    WOLFSSL_CTX*     ctx     = 0;
    WOLFSSL*         ssl     = 0;
    char msg[64] = "hello wolfssl!";
    char reply[1024];
    word32 replySz;
    int  msgSz = (int)XSTRLEN(msg);
    const byte* clientSession = NULL;
    int   clientSessionSz = 0;

    tcp_ready ready;
    func_args server_args;
    THREAD_TYPE serverThread;
    callback_functions server_cbf;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    switch (v) {
        case WOLFSSL_TLSV1_2:
            server_cbf.method     = wolfTLSv1_2_server_method;
            server_cbf.ssl_ready  = load_tls12_canned_server;

            /* setup the client side */
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
            wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
            clientSession   = canned_client_session;
            clientSessionSz = sizeof(canned_client_session);
            break;
    #ifdef WOLFSSL_TLS13
        case WOLFSSL_TLSV1_3:
            server_cbf.method     = wolfTLSv1_3_server_method;
            server_cbf.ssl_ready  = load_tls13_canned_server;

            /* setup the client side */
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
            clientSession   = canned_client_tls13_session;
            clientSessionSz = sizeof(canned_client_tls13_session);
            break;
    #endif
    }
    server_args.callbacks = &server_cbf;
    server_args.signal    = &ready;

    start_thread(tls_export_server, &server_args, &serverThread);
    wait_tcp_ready(&server_args);


#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    AssertNotNull(ssl = wolfSSL_new(ctx));
    tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
    AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz),
                clientSessionSz);
    replySz = sizeof(reply);
    AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0);
#if !defined(NO_PSK) && defined(HAVE_ANON)
    /* index 20 has is setting if PSK was on and 49 is if anon is allowed */
    AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0);
#endif
    wolfSSL_set_fd(ssl, sockfd);

    AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
    AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);

    CloseSocket(sockfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
                            && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

    join_thread(serverThread);

    AssertIntEQ(server_args.return_code, TEST_SUCCESS);
    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

}
#endif

static void test_wolfSSL_tls_export(void)
{
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
    printf(testingFmt, "wolfSSL_tls_export()");
    test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2);
    #ifdef WOLFSSL_TLS13
    test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3);
    #endif
    printf(resultFmt, passed);
#endif
}

/*----------------------------------------------------------------------------*
 | TLS extensions tests
 *----------------------------------------------------------------------------*/

#ifdef ENABLE_TLS_CALLBACK_TEST
/* Connection test runner - generic */
static void test_wolfSSL_client_server(callback_functions* client_callbacks,
                                       callback_functions* server_callbacks)
{
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();

    client_args.callbacks = client_callbacks;
    server_args.callbacks = server_callbacks;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    /* RUN Server side */
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    start_thread(run_wolfssl_server, &server_args, &serverThread);
    wait_tcp_ready(&server_args);

    /* RUN Client side */
    run_wolfssl_client(&client_args);
    join_thread(serverThread);

    FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

    client_callbacks->return_code = client_args.return_code;
    server_callbacks->return_code = server_args.return_code;
}
#endif /* ENABLE_TLS_CALLBACK_TEST */


#ifdef HAVE_SNI
static void test_wolfSSL_UseSNI_params(void)
{
    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    WOLFSSL     *ssl = wolfSSL_new(ctx);

    AssertNotNull(ctx);
    AssertNotNull(ssl);

    /* invalid [ctx|ssl] */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    NULL, 0, "ssl", 3));
    /* invalid type */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl, -1, "ssl", 3));
    /* invalid data */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx,  0, NULL,  3));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl,  0, NULL,  3));
    /* success case */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx,  0, "ctx", 3));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl,  0, "ssl", 3));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
}

/* BEGIN of connection tests callbacks */
static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}

static void use_SNI_at_ssl(WOLFSSL* ssl)
{
    AssertIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}

static void different_SNI_at_ssl(WOLFSSL* ssl)
{
    AssertIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
}

static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
{
    use_SNI_at_ssl(ssl);
    wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
                                              WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
}

static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
{
    use_SNI_at_ssl(ssl);
    wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
                                                WOLFSSL_SNI_ANSWER_ON_MISMATCH);
}

static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
    use_SNI_at_ctx(ctx);
    wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
                                                  WOLFSSL_SNI_ABORT_ON_ABSENCE);
}

static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
{
    use_SNI_at_ssl(ssl);
    wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
                                                  WOLFSSL_SNI_ABORT_ON_ABSENCE);
}

static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
    use_SNI_at_ctx(ctx);
    wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
                 WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
}

static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
{
    AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
}

static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
{
    AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
}

static void verify_SNI_no_matching(WOLFSSL* ssl)
{
    byte type = WOLFSSL_SNI_HOST_NAME;
    char* request = (char*) &type; /* to be overwritten */

    AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
    AssertNotNull(request);
    AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
    AssertNull(request);
}

static void verify_SNI_real_matching(WOLFSSL* ssl)
{
    byte type = WOLFSSL_SNI_HOST_NAME;
    char* request = NULL;

    AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
    AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
    AssertNotNull(request);
    AssertStrEQ("www.wolfssl.com", request);
}

static void verify_SNI_fake_matching(WOLFSSL* ssl)
{
    byte type = WOLFSSL_SNI_HOST_NAME;
    char* request = NULL;

    AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
    AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
    AssertNotNull(request);
    AssertStrEQ("ww2.wolfssl.com", request);
}

static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
{
    AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
}
/* END of connection tests callbacks */

static void test_wolfSSL_UseSNI_connection(void)
{
    callback_functions client_cb;
    callback_functions server_cb;

    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));
    client_cb.method = wolfSSLv23_client_method;
    server_cb.method = wolfSSLv23_server_method;
    server_cb.devId = devId;
    server_cb.devId = devId;

    /* success case at ctx */
    client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
    server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* success case at ssl */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* default mismatch behavior */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl;       server_cb.on_result = verify_UNKNOWN_SNI_on_server;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* continue on mismatch */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl;         client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* fake answer on mismatch */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl;            client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* sni abort - success */
    client_cb.ctx_ready = use_SNI_at_ctx;           client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
    server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* sni abort - abort when absent (ctx) */
    client_cb.ctx_ready = NULL;                     client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
    server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server;

    /* sni abort - abort when absent (ssl) */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL;                     client_cb.on_result = verify_FATAL_ERROR_on_client;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* sni abort - success when overwritten */
    client_cb.ctx_ready = NULL;                     client_cb.ssl_ready = NULL;           client_cb.on_result = NULL;
    server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* sni abort - success when allowing mismatches */
    client_cb.ctx_ready = NULL;                            client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
    server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL;                 server_cb.on_result = verify_SNI_fake_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);
}

static void test_wolfSSL_SNI_GetFromBuffer(void)
{
    byte buff[] = { /* www.paypal.com */
        0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
        0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
        0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
        0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
        0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
        0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
        0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
        0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
        0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
    };

    byte buff2[] = { /* api.textmate.org */
        0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
        0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
        0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
        0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
        0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
        0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
        0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
        0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
        0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
        0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
        0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
        0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
        0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
        0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
        0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
        0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
        0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
    };

    byte buff3[] = { /* no sni extension */
        0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
        0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
        0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
        0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
        0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
        0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
        0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
    };

    byte buff4[] = { /* last extension has zero size */
        0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
        0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
        0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
        0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
        0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
        0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
        0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
        0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
        0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
        0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
        0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
        0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
        0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
        0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
        0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
        0x12, 0x00, 0x00
    };

    byte buff5[] = { /* SSL v2.0 client hello */
        0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
        /* dummy bytes bellow, just to pass size check */
        0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
        0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
        0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
    };

    byte result[32] = {0};
    word32 length   = 32;

    AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4),
                                                           0, result, &length));

    AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3),
                                                           0, result, &length));

    AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
                                                           1, result, &length));

    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                           0, result, &length));
    buff[0] = 0x16;

    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                           0, result, &length));
    buff[1] = 0x03;

    AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
                                           sizeof(buff), 0, result, &length));
    buff[2] = 0x03;

    AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
                                           sizeof(buff), 0, result, &length));
    buff[4] = 0x64;

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                           0, result, &length));
    result[length] = 0;
    AssertStrEQ("www.paypal.com", (const char*) result);

    length = 32;

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
                                                           0, result, &length));
    result[length] = 0;
    AssertStrEQ("api.textmate.org", (const char*) result);

    /* SSL v2.0 tests */
    AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
                                          sizeof(buff5), 0, result, &length));

    buff5[2] = 0x02;
    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
                                          sizeof(buff5), 0, result, &length));

    buff5[2] = 0x01; buff5[6] = 0x08;
    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
                                          sizeof(buff5), 0, result, &length));

    buff5[6] = 0x09; buff5[8] = 0x01;
    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
                                          sizeof(buff5), 0, result, &length));
}

#endif /* HAVE_SNI */

static void test_wolfSSL_UseSNI(void)
{
#ifdef HAVE_SNI
    test_wolfSSL_UseSNI_params();
    test_wolfSSL_UseSNI_connection();

    test_wolfSSL_SNI_GetFromBuffer();
#endif
}

#endif /* HAVE_IO_TESTS_DEPENDENCIES */

static void test_wolfSSL_UseTrustedCA(void)
{
#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
    && !defined(NO_RSA)
    WOLFSSL_CTX *ctx;
    WOLFSSL     *ssl;
    byte        id[20];

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())));
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#else
    AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())));
#endif
    AssertNotNull((ssl = wolfSSL_new(ctx)));
    XMEMSET(id, 0, sizeof(id));

    /* error cases */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
#ifdef NO_SHA
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));

    /* success cases */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
#ifndef NO_SHA
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif /* HAVE_TRUSTED_CA */
}

static void test_wolfSSL_UseMaxFragment(void)
{
#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  #ifndef NO_WOLFSSL_SERVER
    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  #else
    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  #endif
    WOLFSSL     *ssl = wolfSSL_new(ctx);

#ifdef OPENSSL_EXTRA
    int (*UseMaxFragment)(SSL *s, uint8_t mode);
    int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode);

    CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length;
    UseMaxFragment = SSL_set_tlsext_max_fragment_length;
#else
    int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode);
    int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode);

    UseMaxFragment = wolfSSL_UseMaxFragment;
    CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment;
#endif

    AssertNotNull(ctx);
    AssertNotNull(ssl);

    /* error cases */
    AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
    AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(    NULL, WOLFSSL_MFL_2_9));
    AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1));
    AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1));
    AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1));
    AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1));

    /* success case */
#ifdef OPENSSL_EXTRA
    AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
#else
    AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
#endif
    AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_9));
    AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_10));
    AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_11));
    AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_12));
#ifdef OPENSSL_EXTRA
    AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));

    AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
#else
    AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_13));

    AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
#endif
    AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_9));
    AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_10));
    AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_11));
    AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_12));

#ifdef OPENSSL_EXTRA
    AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
#else
    AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
#endif

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_UseTruncatedHMAC(void)
{
#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  #ifndef NO_WOLFSSL_SERVER
    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  #else
    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  #endif
    WOLFSSL     *ssl = wolfSSL_new(ctx);

    AssertNotNull(ctx);
    AssertNotNull(ssl);

    /* error cases */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));

    /* success case */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_UseSupportedCurve(void)
{
#if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    WOLFSSL     *ssl = wolfSSL_new(ctx);

    AssertNotNull(ctx);
    AssertNotNull(ssl);

    /* error cases */
    AssertIntNE(WOLFSSL_SUCCESS,
                      wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx,  0));

    AssertIntNE(WOLFSSL_SUCCESS,
                          wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl,  0));

    /* success case */
    AssertIntEQ(WOLFSSL_SUCCESS,
                       wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
    AssertIntEQ(WOLFSSL_SUCCESS,
                           wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}

#if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES)

static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
{
    AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
}

static void use_ALPN_all(WOLFSSL* ssl)
{
    /* http/1.1,spdy/1,spdy/2,spdy/3 */
    char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
                        0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
                        0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
                        0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
                                             WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}

static void use_ALPN_all_continue(WOLFSSL* ssl)
{
    /* http/1.1,spdy/1,spdy/2,spdy/3 */
    char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
        0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
        0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
        0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
                                             WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
}

static void use_ALPN_one(WOLFSSL* ssl)
{
    /* spdy/2 */
    char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
                                             WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}

static void use_ALPN_unknown(WOLFSSL* ssl)
{
    /* http/2.0 */
    char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
                                             WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}

static void use_ALPN_unknown_continue(WOLFSSL* ssl)
{
    /* http/2.0 */
    char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
                                             WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
}

static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl)
{
    /* spdy/3 */
    char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};

    char *proto = NULL;
    word16 protoSz = 0;

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));

    /* check value */
    AssertIntNE(1, sizeof(nego_proto) == protoSz);
    if (proto) {
        AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto)));
    }
}

static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
{
    char *proto = NULL;
    word16 protoSz = 0;

    AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
                wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));

    /* check value */
    AssertIntEQ(1, (0 == protoSz));
    AssertIntEQ(1, (NULL == proto));
}

static void verify_ALPN_matching_http1(WOLFSSL* ssl)
{
    /* http/1.1 */
    char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
    char *proto;
    word16 protoSz = 0;

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));

    /* check value */
    AssertIntEQ(1, sizeof(nego_proto) == protoSz);
    AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}

static void verify_ALPN_matching_spdy2(WOLFSSL* ssl)
{
    /* spdy/2 */
    char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
    char *proto;
    word16 protoSz = 0;

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));

    /* check value */
    AssertIntEQ(1, sizeof(nego_proto) == protoSz);
    AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}

static void verify_ALPN_client_list(WOLFSSL* ssl)
{
    /* http/1.1,spdy/1,spdy/2,spdy/3 */
    char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
                        0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
                        0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
                        0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
    char    *clist = NULL;
    word16  clistSz = 0;

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist,
                                                          &clistSz));

    /* check value */
    AssertIntEQ(1, sizeof(alpn_list) == clistSz);
    AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz));

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
}

static void test_wolfSSL_UseALPN_connection(void)
{
    callback_functions client_cb;
    callback_functions server_cb;

    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));
    client_cb.method = wolfSSLv23_client_method;
    server_cb.method = wolfSSLv23_server_method;
    server_cb.devId = devId;
    server_cb.devId = devId;

    /* success case same list */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* success case only one for server */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* success case only one for client */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* success case none for client */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL;         client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* success case mismatch behavior but option 'continue' set */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue;     client_cb.on_result = verify_ALPN_not_matching_continue;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* success case read protocol send by client */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* mismatch behavior with same list
        * the first and only this one must be taken */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* default mismatch behavior */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all;     client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
    test_wolfSSL_client_server(&client_cb, &server_cb);
}

static void test_wolfSSL_UseALPN_params(void)
{
#ifndef NO_WOLFSSL_CLIENT
    /* "http/1.1" */
    char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
    /* "spdy/1" */
    char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31};
    /* "spdy/2" */
    char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
    /* "spdy/3" */
    char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
    char buff[256];
    word32 idx;

    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    WOLFSSL     *ssl = wolfSSL_new(ctx);

    AssertNotNull(ctx);
    AssertNotNull(ssl);

    /* error cases */
    AssertIntNE(WOLFSSL_SUCCESS,
                wolfSSL_UseALPN(NULL, http1, sizeof(http1),
                                WOLFSSL_ALPN_FAILED_ON_MISMATCH));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0,
                                             WOLFSSL_ALPN_FAILED_ON_MISMATCH));

    /* success case */
    /* http1 only */
    AssertIntEQ(WOLFSSL_SUCCESS,
                wolfSSL_UseALPN(ssl, http1, sizeof(http1),
                                WOLFSSL_ALPN_FAILED_ON_MISMATCH));

    /* http1, spdy1 */
    XMEMCPY(buff, http1, sizeof(http1));
    idx = sizeof(http1);
    buff[idx++] = ',';
    XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
    idx += sizeof(spdy1);
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
                                             WOLFSSL_ALPN_FAILED_ON_MISMATCH));

    /* http1, spdy2, spdy1 */
    XMEMCPY(buff, http1, sizeof(http1));
    idx = sizeof(http1);
    buff[idx++] = ',';
    XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
    idx += sizeof(spdy2);
    buff[idx++] = ',';
    XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
    idx += sizeof(spdy1);
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
                                             WOLFSSL_ALPN_FAILED_ON_MISMATCH));

    /* spdy3, http1, spdy2, spdy1 */
    XMEMCPY(buff, spdy3, sizeof(spdy3));
    idx = sizeof(spdy3);
    buff[idx++] = ',';
    XMEMCPY(buff+idx, http1, sizeof(http1));
    idx += sizeof(http1);
    buff[idx++] = ',';
    XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
    idx += sizeof(spdy2);
    buff[idx++] = ',';
    XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
    idx += sizeof(spdy1);
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
                                             WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}
#endif /* HAVE_ALPN  */

#ifdef HAVE_ALPN_PROTOS_SUPPORT
static void CTX_set_alpn_protos(SSL_CTX *ctx)
{
    unsigned char p[] = {
       8, 'h', 't', 't', 'p', '/', '1', '.', '1',
       6, 's', 'p', 'd', 'y', '/', '2',
       6, 's', 'p', 'd', 'y', '/', '1',
    };

    unsigned char p_len = sizeof(p);
    int ret;

    ret = SSL_CTX_set_alpn_protos(ctx, p, p_len);

#ifdef WOLFSSL_ERROR_CODE_OPENSSL
    AssertIntEQ(ret, 0);
#else
    AssertIntEQ(ret, SSL_SUCCESS);
#endif
}

static void set_alpn_protos(SSL* ssl)
{
    unsigned char p[] = {
       6, 's', 'p', 'd', 'y', '/', '3',
       8, 'h', 't', 't', 'p', '/', '1', '.', '1',
       6, 's', 'p', 'd', 'y', '/', '2',
       6, 's', 'p', 'd', 'y', '/', '1',
    };

    unsigned char p_len = sizeof(p);
    int ret;

    ret = SSL_set_alpn_protos(ssl, p, p_len);

#ifdef WOLFSSL_ERROR_CODE_OPENSSL
    AssertIntEQ(ret, 0);
#else
    AssertIntEQ(ret, SSL_SUCCESS);
#endif

}

static void verify_alpn_matching_spdy3(WOLFSSL* ssl)
{
    /* "spdy/3" */
    char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
    const unsigned char *proto;
    unsigned int protoSz = 0;

    SSL_get0_alpn_selected(ssl, &proto, &protoSz);

    /* check value */
    AssertIntEQ(1, sizeof(nego_proto) == protoSz);
    AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}

static void verify_alpn_matching_http1(WOLFSSL* ssl)
{
    /* "http/1.1" */
    char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
    const unsigned char *proto;
    unsigned int protoSz = 0;

    SSL_get0_alpn_selected(ssl, &proto, &protoSz);

    /* check value */
    AssertIntEQ(1, sizeof(nego_proto) == protoSz);
    AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}

static void test_wolfSSL_set_alpn_protos(void)
{
    callback_functions client_cb;
    callback_functions server_cb;

    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));
    client_cb.method = wolfSSLv23_client_method;
    server_cb.method = wolfSSLv23_server_method;
    server_cb.devId = devId;
    server_cb.devId = devId;

    /* use CTX_alpn_protos */
    client_cb.ctx_ready = CTX_set_alpn_protos; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
    server_cb.ctx_ready = CTX_set_alpn_protos; server_cb.ssl_ready = NULL; server_cb.on_result = verify_alpn_matching_http1;
    test_wolfSSL_client_server(&client_cb, &server_cb);

    /* use set_alpn_protos */
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = set_alpn_protos; client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3;
    test_wolfSSL_client_server(&client_cb, &server_cb);
}

#endif /* HAVE_ALPN_PROTOS_SUPPORT */

static void test_wolfSSL_UseALPN(void)
{
#if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) &&\
    defined(HAVE_IO_TESTS_DEPENDENCIES)
    test_wolfSSL_UseALPN_connection();
    test_wolfSSL_UseALPN_params();
#endif

#ifdef HAVE_ALPN_PROTOS_SUPPORT
    test_wolfSSL_set_alpn_protos();
#endif
}

static void test_wolfSSL_DisableExtendedMasterSecret(void)
{
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    WOLFSSL     *ssl = wolfSSL_new(ctx);

    AssertNotNull(ctx);
    AssertNotNull(ssl);

    /* error cases */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));

    /* success cases */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
{
#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    WOLFSSL     *ssl = wolfSSL_new(ctx);

    AssertNotNull(ctx);
    AssertNotNull(ssl);

    /* error cases */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL));

    /* success cases */
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}


/*----------------------------------------------------------------------------*
 | X509 Tests
 *----------------------------------------------------------------------------*/
static void test_wolfSSL_X509_NAME_get_entry(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
#if defined(OPENSSL_ALL) || \
        (defined(OPENSSL_EXTRA) && \
            (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
    printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");

    {
        /* use openssl like name to test mapping */
        X509_NAME_ENTRY* ne;
        X509_NAME* name;
        X509* x509;
    #ifndef NO_FILESYSTEM
        ASN1_STRING* asn;
        char* subCN = NULL;
    #endif
        int idx;
        ASN1_OBJECT *object = NULL;
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
#ifndef NO_BIO
        BIO* bio;
#endif
#endif

    #ifndef NO_FILESYSTEM
        x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
        AssertNotNull(x509);
        name = X509_get_subject_name(x509);
        idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
        AssertIntGE(idx, 0);
        ne = X509_NAME_get_entry(name, idx);
        AssertNotNull(ne);
        asn = X509_NAME_ENTRY_get_data(ne);
        AssertNotNull(asn);
        subCN = (char*)ASN1_STRING_data(asn);
        AssertNotNull(subCN);
        wolfSSL_FreeX509(x509);
    #endif

        x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
        AssertNotNull(x509);
        name = X509_get_subject_name(x509);
        idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
        AssertIntGE(idx, 0);

#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
#ifndef NO_BIO
        AssertNotNull(bio = BIO_new(BIO_s_mem()));
        AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
                        (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
        AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4,
                        (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
        BIO_free(bio);
#endif
#endif

        ne = X509_NAME_get_entry(name, idx);
        AssertNotNull(ne);
        AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
        wolfSSL_FreeX509(x509);
    }

    printf(resultFmt, passed);
#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
#endif /* !NO_CERTS && !NO_RSA */
}

/* Testing functions dealing with PKCS12 parsing out X509 certs */
static void test_wolfSSL_PKCS12(void)
{
    /* .p12 file is encrypted with DES3 */
#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
                   * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
                   * Password Key
                   */
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
    !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
    !defined(NO_SHA) && defined(HAVE_PKCS12)
    byte buf[6000];
    char file[] = "./certs/test-servercert.p12";
    char order[] = "./certs/ecc-rsa-server.p12";
#ifdef WC_RC2
    char rc2p12[] = "./certs/test-servercert-rc2.p12";
#endif
    char pass[] = "a password";
    const char goodPsw[] = "wolfSSL test";
    const char badPsw[] = "bad";
#ifdef HAVE_ECC
    WOLFSSL_X509_NAME* subject;
    WOLFSSL_X509     *x509;
#endif
    XFILE f;
    int  bytes, ret, goodPswLen, badPswLen;
    WOLFSSL_BIO      *bio;
    WOLFSSL_EVP_PKEY *pkey;
    WC_PKCS12        *pkcs12;
    WC_PKCS12        *pkcs12_2;
    WOLFSSL_X509     *cert;
    WOLFSSL_X509     *tmp;
    WOLF_STACK_OF(WOLFSSL_X509) *ca;
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
    || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
    WOLFSSL_CTX      *ctx;
    WOLFSSL          *ssl;
    WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
#endif

    printf(testingFmt, "wolfSSL_PKCS12()");

    f = XFOPEN(file, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    goodPswLen = (int)XSTRLEN(goodPsw);
    badPswLen = (int)XSTRLEN(badPsw);

    bio = BIO_new_mem_buf((void*)buf, bytes);
    AssertNotNull(bio);

    pkcs12 = d2i_PKCS12_bio(bio, NULL);
    AssertNotNull(pkcs12);
    PKCS12_free(pkcs12);

    d2i_PKCS12_bio(bio, &pkcs12);
    AssertNotNull(pkcs12);
    BIO_free(bio);

    /* check verify MAC directly */
    ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen);
    AssertIntEQ(ret, 1);

    /* check verify MAC fail case directly */
    ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen);
    AssertIntEQ(ret, 0);

    /* check verify MAC fail case */
    ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
    AssertIntEQ(ret, 0);
    AssertNull(pkey);
    AssertNull(cert);

    /* check parse with no extra certs kept */
    ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
    AssertIntEQ(ret, 1);
    AssertNotNull(pkey);
    AssertNotNull(cert);

    wolfSSL_EVP_PKEY_free(pkey);
    wolfSSL_X509_free(cert);

    /* check parse with extra certs kept */
    ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
    AssertIntEQ(ret, 1);
    AssertNotNull(pkey);
    AssertNotNull(cert);
    AssertNotNull(ca);

#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
    || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)

    /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
    /* Copy stack structure */
    AssertNotNull(tmp_ca = X509_chain_up_ref(ca));
    AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
    /* CTX now owns the tmp_ca stack structure */
    tmp_ca = NULL;
    AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
    AssertNotNull(tmp_ca);
    AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
    /* Check that the main cert is also set */
    AssertNotNull(SSL_CTX_get0_certificate(ctx));
    AssertNotNull(ssl = SSL_new(ctx));
    AssertNotNull(SSL_get_certificate(ssl));
    SSL_free(ssl);
    SSL_CTX_free(ctx);
#endif

    /* should be 2 other certs on stack */
    tmp = sk_X509_pop(ca);
    AssertNotNull(tmp);
    X509_free(tmp);
    tmp = sk_X509_pop(ca);
    AssertNotNull(tmp);
    X509_free(tmp);
    AssertNull(sk_X509_pop(ca));

    EVP_PKEY_free(pkey);
    X509_free(cert);
    sk_X509_pop_free(ca, X509_free);

    /* check PKCS12_create */
    AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
    AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
            SSL_SUCCESS);
    AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
                    -1, -1, 100, -1, 0)));
    EVP_PKEY_free(pkey);
    X509_free(cert);
    sk_X509_pop_free(ca, NULL);

    AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
            SSL_SUCCESS);
    PKCS12_free(pkcs12_2);
    AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
             NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
             NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
             2000, 1, 0)));
    EVP_PKEY_free(pkey);
    X509_free(cert);
    sk_X509_pop_free(ca, NULL);

    /* convert to DER then back and parse */
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
    PKCS12_free(pkcs12_2);

    AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
    BIO_free(bio);
    AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
            SSL_SUCCESS);

    /* should be 2 other certs on stack */
    tmp = sk_X509_pop(ca);
    AssertNotNull(tmp);
    X509_free(tmp);
    tmp = sk_X509_pop(ca);
    AssertNotNull(tmp);
    X509_free(tmp);
    AssertNull(sk_X509_pop(ca));


#ifndef NO_RC4
    PKCS12_free(pkcs12_2);
    AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
             NID_pbe_WithSHA1And128BitRC4,
             NID_pbe_WithSHA1And128BitRC4,
             2000, 1, 0)));
    EVP_PKEY_free(pkey);
    X509_free(cert);
    sk_X509_pop_free(ca, NULL);

    AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
            SSL_SUCCESS);

#endif /* NO_RC4 */

    EVP_PKEY_free(pkey);
    X509_free(cert);
    PKCS12_free(pkcs12);
    PKCS12_free(pkcs12_2);
    sk_X509_pop_free(ca, NULL);

#ifdef HAVE_ECC
    /* test order of parsing */
    f = XFOPEN(order, "rb");
    AssertTrue(f != XBADFILE);
    bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
    AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
    AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
            WOLFSSL_SUCCESS);
    AssertNotNull(pkey);
    AssertNotNull(cert);
    AssertNotNull(ca);

    /* compare subject lines of certificates */
    AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
                SSL_FILETYPE_PEM));
    AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
    X509_free(x509);

    /* test expected fail case */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
                SSL_FILETYPE_PEM));
    AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
    X509_free(x509);
    X509_free(cert);

    /* get subject line from ca stack */
    AssertNotNull(cert = sk_X509_pop(ca));
    AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));

    /* compare subject from certificate in ca to expected */
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
                SSL_FILETYPE_PEM));
    AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);

    EVP_PKEY_free(pkey);
    X509_free(x509);
    X509_free(cert);
    BIO_free(bio);
    PKCS12_free(pkcs12);
    sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */

    /* test order of parsing */
    f = XFOPEN(file, "rb");
    AssertTrue(f != XBADFILE);
    AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
    XFCLOSE(f);

    /* check verify MAC fail case */
    ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
    AssertIntEQ(ret, 0);
    AssertNull(pkey);
    AssertNull(cert);

    /* check parse with no extra certs kept */
    ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
    AssertIntEQ(ret, 1);
    AssertNotNull(pkey);
    AssertNotNull(cert);

    wolfSSL_EVP_PKEY_free(pkey);
    wolfSSL_X509_free(cert);

    /* check parse with extra certs kept */
    ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
    AssertIntEQ(ret, 1);
    AssertNotNull(pkey);
    AssertNotNull(cert);
    AssertNotNull(ca);

    wolfSSL_EVP_PKEY_free(pkey);
    wolfSSL_X509_free(cert);
    sk_X509_pop_free(ca, NULL);

    PKCS12_free(pkcs12);
#endif /* HAVE_ECC */

#ifdef WC_RC2
    /* test PKCS#12 with RC2 encryption */
    f = XFOPEN(rc2p12, "rb");
    AssertTrue(f != XBADFILE);
    bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
    AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));

    /* check verify MAC fail case */
    ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
    AssertIntEQ(ret, 0);
    AssertNull(pkey);
    AssertNull(cert);

    /* check parse iwth not extra certs kept */
    ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
    AssertIntEQ(ret, WOLFSSL_SUCCESS);
    AssertNotNull(pkey);
    AssertNotNull(cert);

    /* check parse with extra certs kept */
    ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
    AssertIntEQ(ret, WOLFSSL_SUCCESS);
    AssertNotNull(pkey);
    AssertNotNull(cert);
    AssertNotNull(ca);

    wolfSSL_EVP_PKEY_free(pkey);
    wolfSSL_X509_free(cert);
    sk_X509_pop_free(ca, NULL);

    BIO_free(bio);
    PKCS12_free(pkcs12);
#endif /* WC_RC2 */

    /* Test i2d_PKCS12_bio */
    f = XFOPEN(file, "rb");
    AssertTrue((f != XBADFILE));
    AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
    XFCLOSE(f);

    bio = BIO_new(BIO_s_mem());
    AssertNotNull(bio);

    ret = i2d_PKCS12_bio(bio, pkcs12);
    AssertIntEQ(ret, 1);

    ret = i2d_PKCS12_bio(NULL, pkcs12);
    AssertIntEQ(ret, 0);

    ret = i2d_PKCS12_bio(bio, NULL);
    AssertIntEQ(ret, 0);

    PKCS12_free(pkcs12);
    BIO_free(bio);

    (void)order;

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
#endif /* HAVE_FIPS */
}


#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
    defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
    (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5)
    #define TEST_PKCS8_ENC
#endif

#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)

/* used to keep track if FailTestCallback was called */
static int failTestCallbackCalled = 0;

static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
{
    (void)passwd;
    (void)sz;
    (void)rw;
    (void)userdata;

    /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */
    failTestCallbackCalled = 1;

    return -1;
}
#endif

static void test_wolfSSL_no_password_cb(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
    WOLFSSL_CTX* ctx;
    byte buff[FOURK_BUF];
    const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
    const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
    XFILE f;
    int bytes;

    printf(testingFmt, "test_wolfSSL_no_password_cb()");

#ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
#else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
#endif
    wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);

    AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    AssertIntLE(bytes, sizeof(buff));
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    AssertIntLE(bytes, sizeof(buff));
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);

    if (failTestCallbackCalled != 0) {
        Fail(("Password callback should not be called by default"),
            ("Password callback was called without attempting "
             "to first decipher private key without password."));
}

    printf(resultFmt, passed);
#endif
}

#ifdef TEST_PKCS8_ENC
/* for PKCS8 test case */
static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
{
    int flag = 0;

    (void)rw;
    if (userdata != NULL) {
        flag = *((int*)userdata); /* user set data */
    }

    switch (flag) {
        case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata
                 * can be anything the user wishes to be passed to the callback
                 * associated with the WOLFSSL_CTX */
            XSTRNCPY(passwd, "yassl123", sz);
            return 8;

        default:
            return BAD_FUNC_ARG;
    }
}
#endif /* TEST_PKCS8_ENC */

/* Testing functions dealing with PKCS8 */
static void test_wolfSSL_PKCS8(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
    byte buff[FOURK_BUF];
    byte der[FOURK_BUF];
    #ifndef NO_RSA
        const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
        const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
    #endif
    const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
    #ifdef HAVE_ECC
        const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
    #endif
    XFILE f;
    int bytes;
    WOLFSSL_CTX* ctx;
#if defined(HAVE_ECC) && !defined(NO_CODING)
    int ret;
    ecc_key key;
    word32 x = 0;
#endif
#ifdef TEST_PKCS8_ENC
    #if !defined(NO_RSA) && !defined(NO_SHA)
        const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
        const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
    #endif
    #if defined(HAVE_ECC) && !defined(NO_SHA)
        const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
        const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
    #endif
    int flag;
#endif

    (void)der;

    printf(testingFmt, "wolfSSL_PKCS8()");

#ifndef NO_WOLFSSL_CLIENT
    #ifndef WOLFSSL_NO_TLS12
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
    #else
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
    #endif
#else
    #ifndef WOLFSSL_NO_TLS12
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
    #else
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
    #endif
#endif

#ifdef TEST_PKCS8_ENC
    wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
    wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
    flag = 1; /* used by password callback as return code */

    #if !defined(NO_RSA) && !defined(NO_SHA)
    /* test loading PEM PKCS8 encrypted file */
    f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);

    /* this next case should fail because of password callback return code */
    flag = 0; /* used by password callback as return code */
    AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);

    /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
    AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
        "yassl123"), 0);

    /* test that error value is returned with a bad password */
    AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
        "bad"), 0);

    /* test loading PEM PKCS8 encrypted file */
    f = XFOPEN(serverKeyPkcs8EncDerFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    flag = 1; /* used by password callback as return code */
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* this next case should fail because of password callback return code */
    flag = 0; /* used by password callback as return code */
    AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    #endif /* !NO_RSA && !NO_SHA */

    #if defined(HAVE_ECC) && !defined(NO_SHA)
    /* test loading PEM PKCS8 encrypted ECC Key file */
    f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    flag = 1; /* used by password callback as return code */
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);

    /* this next case should fail because of password callback return code */
    flag = 0; /* used by password callback as return code */
    AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);

    /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
    AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
        "yassl123"), 0);

    /* test that error value is returned with a bad password */
    AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
        "bad"), 0);

    /* test loading DER PKCS8 encrypted ECC Key file */
    f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    flag = 1; /* used by password callback as return code */
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* this next case should fail because of password callback return code */
    flag = 0; /* used by password callback as return code */
    AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* leave flag as "okay" */
    flag = 1;
    #endif /* HAVE_ECC && !NO_SHA */
#endif /* TEST_PKCS8_ENC */


#ifndef NO_RSA
    /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
    f = XFOPEN(serverKeyPkcs8DerFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    /* test loading PEM PKCS8 private key file (not encrypted) */
    f = XFOPEN(serverKeyPkcs8PemFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif /* !NO_RSA */

    /* Test PKCS8 PEM ECC key no crypt */
    f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);
#ifdef HAVE_ECC
    /* Test PKCS8 PEM ECC key no crypt */
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);

#ifndef NO_CODING
    /* decrypt PKCS8 PEM to key in DER format */
    AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
        (word32)sizeof(der), NULL)), 0);
    ret = wc_ecc_init(&key);
    if (ret == 0) {
        ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
        wc_ecc_free(&key);
    }
    AssertIntEQ(ret, 0);
#endif

    /* Test PKCS8 DER ECC key no crypt */
    f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);

    /* Test using a PKCS8 ECC PEM */
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#else
    /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
    AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
        (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
#endif /* HAVE_ECC */

    wolfSSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
}

static void test_wolfSSL_PKCS8_ED25519(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
    defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
    defined(HAVE_ED25519_KEY_IMPORT)
    const byte encPrivKey[] = \
    "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
    "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
    "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
    "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
    "2L9W4v7swXkV+X+a1ww=\n"
    "-----END ENCRYPTED PRIVATE KEY-----\n";
    const char password[] = "abcdefghijklmnopqrstuvwxyz";
    byte der[FOURK_BUF];
    WOLFSSL_CTX* ctx;
    int bytes;

    XMEMSET(der, 0, sizeof(der));
    AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
        (word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_PKCS8_ED448(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
    defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
    defined(HAVE_ED448_KEY_IMPORT)
    const byte encPrivKey[] = \
    "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
    "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n"
    "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n"
    "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n"
    "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n"
    "-----END ENCRYPTED PRIVATE KEY-----\n";
    const char password[] = "abcdefghijklmnopqrstuvwxyz";
    byte der[FOURK_BUF];
    WOLFSSL_CTX* ctx;
    int bytes;

    XMEMSET(der, 0, sizeof(der));
    AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
        (word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
#endif
}

/* Testing functions dealing with PKCS5 */
static void test_wolfSSL_PKCS5(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
#ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
    const char* passwd = "myfipsPa$$W0rd";
#else
    const char *passwd = "pass1234";
#endif
    const unsigned char *salt = (unsigned char *)"salt1234";
    unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
                                                  DYNAMIC_TYPE_TMP_BUFFER);
    int ret = 0;

    AssertNotNull(out);
    ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt,
                                 (int)XSTRLEN((const char *) salt), 10,
                                 WC_SHA_DIGEST_SIZE,out);
    AssertIntEQ(ret, SSL_SUCCESS);

#ifdef WOLFSSL_SHA512
    ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
                             (int)XSTRLEN((const char *) salt), 10,
                             wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out);
    AssertIntEQ(ret, SSL_SUCCESS);
#endif

    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
}

/* test parsing URI from certificate */
static void test_wolfSSL_URI(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
    && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
    defined(OPENSSL_EXTRA))
    WOLFSSL_X509* x509;
    const char uri[] = "./certs/client-uri-cert.pem";
    const char badUri[] = "./certs/client-relative-uri.pem";

    printf(testingFmt, "wolfSSL URI parse");

    x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);

    wolfSSL_FreeX509(x509);

    x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT)
    AssertNull(x509);
#else
    AssertNotNull(x509);
#endif

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_TBS(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
    && defined(OPENSSL_EXTRA)
    WOLFSSL_X509* x509;
    const unsigned char* tbs;
    int tbsSz;

    printf(testingFmt, "wolfSSL TBS");

    AssertNotNull(x509 =
          wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));

    AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
    AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
    AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
    AssertIntEQ(tbsSz, 981);

    wolfSSL_FreeX509(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_verify(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
    && defined(OPENSSL_EXTRA)
    WOLFSSL_X509* ca;
    WOLFSSL_X509* serv;
    WOLFSSL_EVP_PKEY* pkey;
    unsigned char buf[2048];
    const unsigned char* pt = NULL;
    int bufSz;

    printf(testingFmt, "wolfSSL X509 verify");

    AssertNotNull(ca =
          wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));

    AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
            WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
            WOLFSSL_SUCCESS);
    AssertIntEQ(bufSz, 294);

    bufSz = 2048;
    AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
            WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);


    AssertNotNull(serv =
          wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM));

    /* success case */
    pt = buf;
    AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));

    AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);

    AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS);
    wolfSSL_EVP_PKEY_free(pkey);

    /* fail case */
    bufSz = 2048;
    AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz),
            WOLFSSL_SUCCESS);
    pt = buf;
    AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
    AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);

    AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
    AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
    wolfSSL_EVP_PKEY_free(pkey);

    wolfSSL_FreeX509(ca);
    wolfSSL_FreeX509(serv);

    printf(resultFmt, passed);
#endif
}


#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
        !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
         defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
        defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
/* create certificate with version 2 */
static void test_set_x509_badversion(WOLFSSL_CTX* ctx)
{
    WOLFSSL_X509 *x509, *x509v2;
    WOLFSSL_EVP_PKEY *priv, *pub;
    unsigned char *der = NULL, *key = NULL, *pt;
    char *header, *name;
    int derSz;
    long keySz;
    XFILE fp;
    WOLFSSL_ASN1_TIME *notBefore, *notAfter;
    time_t t;

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                WOLFSSL_FILETYPE_PEM));

    fp = XFOPEN(cliKeyFile, "rb");
    AssertIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz),
            WOLFSSL_SUCCESS);
    XFCLOSE(fp);
    pt = key;
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
                (const unsigned char**)&pt, keySz));


    /* create the version 2 certificate */
    AssertNotNull(x509v2 = X509_new());
    AssertIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_X509_set_subject_name(x509v2,
                wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509v2,
                wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS);
    AssertNotNull(pub = wolfSSL_X509_get_pubkey(x509));
    AssertIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS);

    t = time(NULL);
    AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
    AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
    AssertTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore));
    AssertTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter));

    AssertIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0);
    derSz = wolfSSL_i2d_X509(x509v2, &der);
    AssertIntGT(derSz, 0);
    AssertIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
                                     WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); /* TODO: Replace with API call */
    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    wolfSSL_X509_free(x509);
    wolfSSL_X509_free(x509v2);
    wolfSSL_EVP_PKEY_free(priv);
    wolfSSL_EVP_PKEY_free(pub);
    wolfSSL_ASN1_TIME_free(notBefore);
    wolfSSL_ASN1_TIME_free(notAfter);
}


/* override certificate version error */
static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
{
    AssertIntEQ(store->error, ASN_VERSION_E);
    AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1);
    (void)preverify;
    return 1;
}


/* set verify callback that will override bad certificate version */
static void test_set_override_x509(WOLFSSL_CTX* ctx)
{
    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509);
}
#endif


static void test_wolfSSL_X509_TLS_version(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
        !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
         defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
        defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
    tcp_ready   ready;
    func_args   server_args;
    func_args   client_args;
    THREAD_TYPE serverThread;
    callback_functions func_cb_client;
    callback_functions func_cb_server;

    printf(testingFmt, "test_wolfSSL_X509_TLS_version");

    /* test server rejects a client certificate that is not version 3 */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
    XMEMSET(&func_cb_server, 0, sizeof(callback_functions));

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    server_args.return_code = TEST_FAIL;
    client_args.return_code = TEST_FAIL;

    func_cb_client.ctx_ready = &test_set_x509_badversion;
#ifndef WOLFSSL_NO_TLS12
    func_cb_client.method = wolfTLSv1_2_client_method;
#else
    func_cb_client.method = wolfTLSv1_3_client_method;
#endif
    client_args.callbacks = &func_cb_client;

#ifndef WOLFSSL_NO_TLS12
    func_cb_server.method = wolfTLSv1_2_server_method;
#else
    func_cb_server.method = wolfTLSv1_3_server_method;
#endif
    server_args.callbacks = &func_cb_server;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    AssertIntEQ(client_args.return_code, TEST_FAIL);
    AssertIntEQ(server_args.return_code, TEST_FAIL);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

    /* Now re run but override the bad X509 version */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
    XMEMSET(&func_cb_server, 0, sizeof(callback_functions));

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    server_args.return_code = TEST_FAIL;
    client_args.return_code = TEST_FAIL;

    func_cb_client.ctx_ready = &test_set_x509_badversion;
    func_cb_server.ctx_ready = &test_set_override_x509;
#ifndef WOLFSSL_NO_TLS12
    func_cb_client.method = wolfTLSv1_2_client_method;
#else
    func_cb_client.method = wolfTLSv1_3_client_method;
#endif
    client_args.callbacks = &func_cb_client;

#ifndef WOLFSSL_NO_TLS12
    func_cb_server.method = wolfTLSv1_2_server_method;
#else
    func_cb_server.method = wolfTLSv1_3_server_method;
#endif
    server_args.callbacks = &func_cb_server;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    AssertIntEQ(client_args.return_code, TEST_SUCCESS);
    AssertIntEQ(server_args.return_code, TEST_SUCCESS);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif

    printf(resultFmt, passed);
#endif
}

/* Testing function  wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
 * version allowed.
 * POST: 1 on success.
 */
static int test_wolfSSL_CTX_SetMinVersion(void)
{
    int                     failFlag = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_CLIENT
    WOLFSSL_CTX*            ctx;
    int                     itr;

    #ifndef NO_OLD_TLS
        const int versions[]  = {
                            #ifdef WOLFSSL_ALLOW_TLSV10
                                  WOLFSSL_TLSV1,
                            #endif
                                  WOLFSSL_TLSV1_1,
                                  WOLFSSL_TLSV1_2 };
    #elif !defined(WOLFSSL_NO_TLS12)
        const int versions[]  = { WOLFSSL_TLSV1_2 };
    #elif defined(WOLFSSL_TLS13)
        const int versions[]  = { WOLFSSL_TLSV1_3 };
    #else
        const int versions[0];
    #endif

    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());

    printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");

    for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
        if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != WOLFSSL_SUCCESS){
            failFlag = WOLFSSL_FAILURE;
        }
    }

    printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);

    wolfSSL_CTX_free(ctx);
#endif
    return failFlag;

} /* END test_wolfSSL_CTX_SetMinVersion */


/*----------------------------------------------------------------------------*
 | OCSP Stapling
 *----------------------------------------------------------------------------*/


/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
 * need to contact the CA, lowering the cost of cert revocation checking.
 * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
 * POST: 1 returned for success.
 */
static int test_wolfSSL_UseOCSPStapling(void)
{
    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
            !defined(NO_WOLFSSL_CLIENT)
        int             ret;
        WOLFSSL_CTX*    ctx;
        WOLFSSL*        ssl;

#ifndef NO_WOLFSSL_CLIENT
    #ifndef WOLFSSL_NO_TLS12
        ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    #else
        ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
    #endif
#else
    #ifndef WOLFSSL_NO_TLS12
        ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
    #else
        ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
    #endif
#endif
        ssl = wolfSSL_new(ctx);
        printf(testingFmt, "wolfSSL_UseOCSPStapling()");

        ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
                                    WOLFSSL_CSR2_OCSP_USE_NONCE);

        printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);


        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);

        return ret;
    #else
        return WOLFSSL_SUCCESS;
    #endif

} /*END test_wolfSSL_UseOCSPStapling */


/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP
 * stapling eliminates the need to contact the CA and lowers cert revocation
 * check.
 * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
 */
static int test_wolfSSL_UseOCSPStaplingV2 (void)
{
    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
            !defined(NO_WOLFSSL_CLIENT)
        int                 ret;
        WOLFSSL_CTX*        ctx;
        WOLFSSL*            ssl;

#ifndef NO_WOLFSSL_CLIENT
    #ifndef WOLFSSL_NO_TLS12
        ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    #else
        ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
    #endif
#else
    #ifndef WOLFSSL_NO_TLS12
        ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
    #else
        ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
    #endif
#endif
        ssl = wolfSSL_new(ctx);
        printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");

        ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
                                        WOLFSSL_CSR2_OCSP_USE_NONCE );

        printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);

        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);

        return ret;
    #else
        return WOLFSSL_SUCCESS;
    #endif

} /*END test_wolfSSL_UseOCSPStaplingV2*/

/*----------------------------------------------------------------------------*
 | Multicast Tests
 *----------------------------------------------------------------------------*/
static void test_wolfSSL_mcast(void)
{
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \
    (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER))
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    int result;
    byte preMasterSecret[512];
    byte clientRandom[32];
    byte serverRandom[32];
    byte suite[2] = {0, 0xfe};  /* WDM_WITH_NULL_SHA256 */
    byte buf[256];
    word16 newId;

    ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
    AssertNotNull(ctx);

    result = wolfSSL_CTX_mcast_set_member_id(ctx, 0);
    AssertIntEQ(result, WOLFSSL_SUCCESS);

    ssl = wolfSSL_new(ctx);
    AssertNotNull(ssl);

    XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
    XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
    XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
    result = wolfSSL_set_secret(ssl, 23,
                preMasterSecret, sizeof(preMasterSecret),
                clientRandom, serverRandom, suite);
    AssertIntEQ(result, WOLFSSL_SUCCESS);

    result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf));
    AssertIntLE(result, 0);
    AssertIntLE(newId, 100);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || WOLFSSL_SNIFFER) */
}


/*----------------------------------------------------------------------------*
 |  Wolfcrypt
 *----------------------------------------------------------------------------*/

/*
 * Unit test for the wc_InitBlake2b()
 */
static int test_wc_InitBlake2b (void)
{
    int ret = 0;
#ifdef HAVE_BLAKE2

    Blake2b blake2b;

    printf(testingFmt, "wc_InitBlake2B()");

    /* Test good arg. */
    ret = wc_InitBlake2b(&blake2b, 64);
    if (ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!ret) {
        ret = wc_InitBlake2b(NULL, 64);
        if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    if (!ret) {
        ret = wc_InitBlake2b(NULL, 128);
        if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    if (!ret) {
        ret = wc_InitBlake2b(&blake2b, 128);
        if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    if (!ret) {
        ret = wc_InitBlake2b(NULL, 0);
        if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    if (!ret) {
        ret = wc_InitBlake2b(&blake2b, 0);
        if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}     /*END test_wc_InitBlake2b*/

/*
 * Unit test for the wc_InitBlake2b_WithKey()
 */
static int test_wc_InitBlake2b_WithKey (void)
{
    int ret = 0;
#ifdef HAVE_BLAKE2
    Blake2b     blake2b;
    word32      digestSz = BLAKE2B_KEYBYTES;
    byte        key[BLAKE2B_KEYBYTES];
    word32      keylen = BLAKE2B_KEYBYTES;



    printf(testingFmt, "wc_InitBlake2b_WithKey()");

    /* Test good arg. */
    ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, keylen);
    if (ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, 256);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, NULL, keylen);
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}     /*END wc_InitBlake2b_WithKey*/

/*
 * Unit test for the wc_InitBlake2s_WithKey()
 */
static int test_wc_InitBlake2s_WithKey (void)
{
    int ret = 0;
#ifdef HAVE_BLAKE2S
    Blake2s     blake2s;
    word32      digestSz = BLAKE2S_KEYBYTES;
    byte        *key = (byte*)"01234567890123456789012345678901";
    word32      keylen = BLAKE2S_KEYBYTES;

    printf(testingFmt, "wc_InitBlake2s_WithKey()");

    /* Test good arg. */
    ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, keylen);
    if (ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, 256);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, NULL, keylen);
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}     /*END wc_InitBlake2s_WithKey*/

/*
 * Unit test for the wc_InitMd5()
 */
static int test_wc_InitMd5 (void)
{
    int flag = 0;
#ifndef NO_MD5

    wc_Md5 md5;
    int ret;

    printf(testingFmt, "wc_InitMd5()");

    /* Test good arg. */
    ret = wc_InitMd5(&md5);
    if (ret != 0) {
        flag = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitMd5(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Md5Free(&md5);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
}     /* END test_wc_InitMd5 */


/*
 * Testing wc_UpdateMd5()
 */
static int test_wc_Md5Update (void)
{

    int flag = 0;
#ifndef NO_MD5
    wc_Md5 md5;
    byte hash[WC_MD5_DIGEST_SIZE];
    testVector a, b, c;
    int ret;

    ret = wc_InitMd5(&md5);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_Md5Update()");

    /* Input */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Md5Final(&md5, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
                    "\x72";
        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Md5Final(&md5, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /*Pass in bad values. */
    if (!flag) {
        b.input = NULL;
        b.inLen = 0;

        ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_MD5_DIGEST_SIZE;

        ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Md5Free(&md5);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Md5Update()  */


/*
 *  Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
 */
static int test_wc_Md5Final (void)
{

    int flag = 0;
#ifndef NO_MD5
    /* Instantiate */
    wc_Md5 md5;
    byte* hash_test[3];
    byte hash1[WC_MD5_DIGEST_SIZE];
    byte hash2[2*WC_MD5_DIGEST_SIZE];
    byte hash3[5*WC_MD5_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitMd5(&md5);
    if (ret != 0)  {
        flag = ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test)/sizeof(byte*);

    /* Test good args. */
    printf(testingFmt, "wc_Md5Final()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Md5Final(&md5, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_Md5Final(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Md5Final(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Md5Final(&md5, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Md5Free(&md5);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
}

/*
 * Unit test for the wc_InitSha()
 */
static int test_wc_InitSha(void)
{
    int flag = 0;
#ifndef NO_SHA
    wc_Sha sha;
    int ret;

    printf(testingFmt, "wc_InitSha()");

    /* Test good arg. */
    ret = wc_InitSha(&sha);
    if (ret != 0) {
        flag = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitSha(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_ShaFree(&sha);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_InitSha */

/*
 *  Tesing wc_ShaUpdate()
 */
static int test_wc_ShaUpdate (void)
{
    int flag = 0;
#ifndef NO_SHA
    wc_Sha sha;
    byte hash[WC_SHA_DIGEST_SIZE];
    testVector a, b, c;
    int ret;

    ret = wc_InitSha(&sha);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_ShaUpdate()");

    /* Input. */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_ShaUpdate(&sha, NULL, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_ShaUpdate(&sha, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_ShaFinal(&sha, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
                    "\x6C\x9C\xD0\xD8\x9D";
        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_ShaFinal(&sha, hash);
        if (ret !=0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try passing in bad values. */
    if (!flag) {
        b.input = NULL;
        b.inLen = 0;

        ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_SHA_DIGEST_SIZE;

        ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_ShaFree(&sha);
    /* If not returned then the unit test passed test vectors. */
    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_ShaUpdate() */


/*
 * Unit test on wc_ShaFinal
 */
static int test_wc_ShaFinal (void)
{
    int flag = 0;
#ifndef NO_SHA
    wc_Sha sha;
    byte* hash_test[3];
    byte hash1[WC_SHA_DIGEST_SIZE];
    byte hash2[2*WC_SHA_DIGEST_SIZE];
    byte hash3[5*WC_SHA_DIGEST_SIZE];
    int times, i, ret;

    /*Initialize*/
    ret = wc_InitSha(&sha);
    if (ret) {
        flag =  ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test)/sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_ShaFinal()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_ShaFinal(&sha, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_ShaFinal(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_ShaFinal(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_ShaFinal(&sha, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_ShaFree(&sha);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_ShaFinal */


/*
 * Unit test for wc_InitSha256()
 */
static int test_wc_InitSha256 (void)
{
    int flag = 0;
#ifndef NO_SHA256
    wc_Sha256 sha256;
    int ret;

    printf(testingFmt, "wc_InitSha256()");

    /* Test good arg. */
    ret = wc_InitSha256(&sha256);
    if (ret != 0) {
        flag = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitSha256(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha256Free(&sha256);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_InitSha256 */


/*
 * Unit test for wc_Sha256Update()
 */
static int test_wc_Sha256Update (void)
{
    int flag = 0;
#ifndef NO_SHA256
    wc_Sha256 sha256;
    byte hash[WC_SHA256_DIGEST_SIZE];
    testVector a, b, c;
    int ret;

    ret = wc_InitSha256(&sha256);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_Sha256Update()");

    /*  Input. */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_Sha256Update(&sha256, NULL, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha256Update(&sha256, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha256Final(&sha256, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
                    "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
                    "\x15\xAD";
        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha256Final(&sha256, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try passing in bad values */
    if (!flag) {
        b.input = NULL;
        b.inLen = 0;

        ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_SHA256_DIGEST_SIZE;

        ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha256Free(&sha256);

    /* If not returned then the unit test passed. */
    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha256Update */


/*
 * Unit test function for wc_Sha256Final()
 */
static int test_wc_Sha256Final (void)
{
    int flag = 0;
#ifndef NO_SHA256
    wc_Sha256 sha256;
    byte* hash_test[3];
    byte hash1[WC_SHA256_DIGEST_SIZE];
    byte hash2[2*WC_SHA256_DIGEST_SIZE];
    byte hash3[5*WC_SHA256_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitSha256(&sha256);
    if (ret != 0) {
        flag =  ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_Sha256Final()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Sha256Final(&sha256, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag ) {
        ret = wc_Sha256Final(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha256Final(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha256Final(&sha256, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha256Free(&sha256);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Sha256Final */
/*
 * Unit test function for wc_Sha256FinalRaw()
 */
static int test_wc_Sha256FinalRaw (void)
{
    int flag = 0;
#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
    !defined(WOLFSSL_NO_HASH_RAW)
    wc_Sha256 sha256;
    byte* hash_test[3];
    byte hash1[WC_SHA256_DIGEST_SIZE];
    byte hash2[2*WC_SHA256_DIGEST_SIZE];
    byte hash3[5*WC_SHA256_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitSha256(&sha256);
    if (ret != 0) {
        flag =  ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_Sha256FinalRaw()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Sha256FinalRaw(&sha256, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag ) {
        ret = wc_Sha256FinalRaw(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha256FinalRaw(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha256FinalRaw(&sha256, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha256Free(&sha256);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha256FinalRaw */
/*
 * Unit test function for wc_Sha256GetFlags()
 */
static int test_wc_Sha256GetFlags (void)
{
    int flag = 0;
#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha256 sha256;
    word32 flags = 0;

    printf(testingFmt, "wc_Sha256GetFlags()");

    /* Initialize */
    flag = wc_InitSha256(&sha256);
    if (flag == 0) {
        flag = wc_Sha256GetFlags(&sha256, &flags);
    }
    if (flag == 0) {
        if (flags & WC_HASH_FLAG_ISCOPY) {
            flag = 0;
        }
    }

    wc_Sha256Free(&sha256);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha256GetFlags */
/*
 * Unit test function for wc_Sha256Free()
 */
static int test_wc_Sha256Free (void)
{
    int flag = 0;
#ifndef NO_SHA256
    printf(testingFmt, "wc_Sha256Free()");
    wc_Sha256Free(NULL);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha256Free */
/*
 * Unit test function for wc_Sha256GetHash()
 */
static int test_wc_Sha256GetHash (void)
{
    int flag = 0;
#ifndef NO_SHA256
    wc_Sha256 sha256;
    byte hash1[WC_SHA256_DIGEST_SIZE];

    printf(testingFmt, "wc_Sha256GetHash()");

    /* Initialize */
    flag = wc_InitSha256(&sha256);

    if (flag == 0) {
        flag = wc_Sha256GetHash(&sha256, hash1);
    }
    /*test bad arguements*/
    if (flag == 0) {
        flag = wc_Sha256GetHash(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }
    if (flag == 0) {
        flag = wc_Sha256GetHash(NULL, hash1);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }
    if (flag == 0) {
        flag = wc_Sha256GetHash(&sha256, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }

    wc_Sha256Free(&sha256);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha256GetHash */
/*
 * Unit test function for wc_Sha256Copy()
 */
static int test_wc_Sha256Copy (void)
{
    int flag = 0;
#ifndef NO_SHA256
    wc_Sha256 sha256;
    wc_Sha256 temp;

    printf(testingFmt, "wc_Sha256Copy()");

    /* Initialize */
    flag = wc_InitSha256(&sha256);
    if (flag == 0) {
        flag = wc_InitSha256(&temp);
    }
    if (flag == 0) {
        flag = wc_Sha256Copy(&sha256, &temp);
    }
    /*test bad arguements*/
     if (flag == 0) {
        flag = wc_Sha256Copy(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha256Copy(NULL, &temp);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha256Copy(&sha256, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }

    wc_Sha256Free(&sha256);
    wc_Sha256Free(&temp);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha256Copy */
/*
 * Testing wc_InitSha512()
 */
static int test_wc_InitSha512 (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA512
    wc_Sha512 sha512;
    int ret;

    printf(testingFmt, "wc_InitSha512()");

    /* Test good arg. */
    ret = wc_InitSha512(&sha512);
    if (ret != 0) {
        flag  = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitSha512(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_InitSha512 */


/*
 *  wc_Sha512Update() test.
 */
static int test_wc_Sha512Update (void)
{

    int flag = 0;
#ifdef WOLFSSL_SHA512
    wc_Sha512 sha512;
    byte hash[WC_SHA512_DIGEST_SIZE];
    testVector a, b, c;
    int ret;

    ret = wc_InitSha512(&sha512);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_Sha512Update()");

    /* Input. */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_Sha512Update(&sha512, NULL, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512Update(&sha512,(byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512Final(&sha512, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
                    "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
                    "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
                    "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
                    "\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha512Final(&sha512, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try passing in bad values */
    if (!flag) {
        b.input = NULL;
        b.inLen = 0;

        ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_SHA512_DIGEST_SIZE;

        ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512Free(&sha512);

    /* If not returned then the unit test passed test vectors. */
    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha512Update  */

#ifdef WOLFSSL_SHA512
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
        (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
/* Perfoms test for
 * - wc_Sha512Final/wc_Sha512FinalRaw
 * - wc_Sha512_224Final/wc_Sha512_224Final
 * - wc_Sha512_256Final/wc_Sha512_256Final
 * parameter:
 * - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or
 *          WC_HASH_TYPE_SHA512_256
 * - isRaw: if is non-zero, xxxFinalRaw function will be tested
 *return 0 on success
 */
static int test_Sha512_Family_Final(int type, int isRaw)
{
    wc_Sha512 sha512;
    byte* hash_test[3];
    byte hash1[WC_SHA512_DIGEST_SIZE];
    byte hash2[2*WC_SHA512_DIGEST_SIZE];
    byte hash3[5*WC_SHA512_DIGEST_SIZE];
    int times, i, ret;

    int(*initFp)(wc_Sha512*);
    int(*finalFp)(wc_Sha512*, byte*);
    void(*freeFp)(wc_Sha512*);

    if (type == WC_HASH_TYPE_SHA512) {
        initFp  = wc_InitSha512;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
    !defined(WOLFSSL_NO_HASH_RAW)
        finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final;
#else
        finalFp = (isRaw)? NULL : wc_Sha512Final;
#endif
        freeFp  = wc_Sha512Free;
    }
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if !defined(WOLFSSL_NOSHA512_224)
    else if (type == WC_HASH_TYPE_SHA512_224) {
        initFp  = wc_InitSha512_224;
    #if !defined(WOLFSSL_NO_HASH_RAW)
        finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final;
    #else
        finalFp = (isRaw)? NULL : wc_Sha512_224Final;
    #endif
        freeFp  = wc_Sha512_224Free;
    }
#endif
#if !defined(WOLFSSL_NOSHA512_256)
    else if (type == WC_HASH_TYPE_SHA512_256) {
        initFp  = wc_InitSha512_256;
    #if !defined(WOLFSSL_NO_HASH_RAW)
        finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final;
    #else
        finalFp = (isRaw)? NULL : wc_Sha512_256Final;
    #endif
        freeFp  = wc_Sha512_256Free;
    }
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    else
        return BAD_FUNC_ARG;

    /* Initialize  */
    ret = initFp(&sha512);

    if (!ret) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte *);

    /* Good test args. */
    for (i = 0; i < times && ret == 0; i++) {
        ret = finalFp(&sha512, hash_test[i]);
    }
    /* Test bad args. */
    if (!ret) {
        if (finalFp(NULL, NULL) != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    if (!ret) {
        if (finalFp(NULL, hash1) != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!ret) {
        if (finalFp(&sha512, NULL) != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    freeFp(&sha512);
    return ret;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
                        (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
#endif /* WOLFSSL_SHA512 */
/*
 * Unit test function for wc_Sha512Final()
 */
static int test_wc_Sha512Final (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA512
    wc_Sha512 sha512;
    byte* hash_test[3];
    byte hash1[WC_SHA512_DIGEST_SIZE];
    byte hash2[2*WC_SHA512_DIGEST_SIZE];
    byte hash3[5*WC_SHA512_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize  */
    ret = wc_InitSha512(&sha512);
    if (ret != 0) {
        flag =  ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte *);

    /* Good test args. */
    printf(testingFmt, "wc_Sha512Final()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Sha512Final(&sha512, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }
    /* Test bad args. */
    if (!flag) {
        ret = wc_Sha512Final(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }

    if (!flag) {}
        ret = wc_Sha512Final(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha512Final(&sha512, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;
} /* END test_wc_Sha512Final */
/*
 * Unit test function for wc_Sha512GetFlags()
 */
static int test_wc_Sha512GetFlags (void)
{
    int flag = 0;
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha512 sha512;
    word32 flags = 0;

    printf(testingFmt, "wc_Sha512GetFlags()");

    /* Initialize */
    flag = wc_InitSha512(&sha512);
    if (flag == 0) {
        flag = wc_Sha512GetFlags(&sha512, &flags);
    }
    if (flag == 0) {
        if (flags & WC_HASH_FLAG_ISCOPY) {
            flag = 0;
        }
    }


    wc_Sha512Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha512GetFlags */
/*
 * Unit test function for wc_Sha512FinalRaw()
 */
static int test_wc_Sha512FinalRaw (void)
{
    int flag = 0;
#if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
    !defined(WOLFSSL_NO_HASH_RAW)
    wc_Sha512 sha512;
    byte* hash_test[3];
    byte hash1[WC_SHA512_DIGEST_SIZE];
    byte hash2[2*WC_SHA512_DIGEST_SIZE];
    byte hash3[5*WC_SHA512_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitSha512(&sha512);
    if (ret != 0) {
        flag =  ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_Sha512FinalRaw()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Sha512FinalRaw(&sha512, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag ) {
        ret = wc_Sha512FinalRaw(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha512FinalRaw(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha512FinalRaw(&sha512, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha512FinalRaw */

/*
 * Unit test function for wc_Sha512Free()
 */
static int test_wc_Sha512Free (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA512
    printf(testingFmt, "wc_Sha512Free()");
    wc_Sha512Free(NULL);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha512Free */
#ifdef WOLFSSL_SHA512

#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
        (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
static int test_Sha512_Family_GetHash(int type )
{
    int flag = 0;
    int(*initFp)(wc_Sha512*);
    int(*ghashFp)(wc_Sha512*, byte*);
    wc_Sha512 sha512;
    byte hash1[WC_SHA512_DIGEST_SIZE];

    if (type == WC_HASH_TYPE_SHA512) {
        initFp  = wc_InitSha512;
        ghashFp = wc_Sha512GetHash;
    }
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if !defined(WOLFSSL_NOSHA512_224)
    else if (type == WC_HASH_TYPE_SHA512_224) {
        initFp  = wc_InitSha512_224;
        ghashFp = wc_Sha512_224GetHash;
    }
#endif
#if !defined(WOLFSSL_NOSHA512_256)
    else if (type == WC_HASH_TYPE_SHA512_256) {
        initFp  = wc_InitSha512_256;
        ghashFp = wc_Sha512_256GetHash;
    }
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    else {
        initFp  = NULL;
        ghashFp = NULL;
    }

    if (initFp == NULL || ghashFp == NULL)
        return WOLFSSL_FATAL_ERROR;

    if (!flag) {
        flag = initFp(&sha512);
    }

    if (!flag) {
        flag = ghashFp(&sha512, hash1);
    }

    /*test bad arguements*/
     if (!flag) {
        if (ghashFp(NULL, NULL) != BAD_FUNC_ARG )
            flag = WOLFSSL_FATAL_ERROR;
     }

     if (!flag) {
        if (ghashFp(NULL, hash1) != BAD_FUNC_ARG )
            flag = WOLFSSL_FATAL_ERROR;
     }

     if (!flag) {
        if (ghashFp(&sha512, NULL) != BAD_FUNC_ARG )
            flag = WOLFSSL_FATAL_ERROR;
    }

    wc_Sha512Free(&sha512);
    return flag;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
                        (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
#endif /* WOLFSSL_SHA512 */
/*
 * Unit test function for wc_Sha512GetHash()
 */
static int test_wc_Sha512GetHash (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA512
    wc_Sha512 sha512;
    byte hash1[WC_SHA512_DIGEST_SIZE];

    printf(testingFmt, "wc_Sha512GetHash()");

    /* Initialize */
    flag = wc_InitSha512(&sha512);

    if (flag == 0) {
        flag = wc_Sha512GetHash(&sha512, hash1);
    }
    /*test bad arguements*/
     if (flag == 0) {
        flag = wc_Sha512GetHash(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha512GetHash(NULL, hash1);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha512GetHash(&sha512, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }

    wc_Sha512Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha512GetHash */

/*
 * Unit test function for wc_Sha512Copy()
 */
static int test_wc_Sha512Copy (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA512
    wc_Sha512 sha512;
    wc_Sha512 temp;

    printf(testingFmt, "wc_Sha512Copy()");

    /* Initialize */
    flag = wc_InitSha512(&sha512);
    if (flag == 0) {
        flag = wc_InitSha512(&temp);
    }
    if (flag == 0) {
        flag = wc_Sha512Copy(&sha512, &temp);
    }
    /*test bad arguements*/
     if (flag == 0) {
        flag = wc_Sha512Copy(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha512Copy(NULL, &temp);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha512Copy(&sha512, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }

    wc_Sha512Free(&sha512);
    wc_Sha512Free(&temp);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha512Copy */

static int test_wc_InitSha512_224 (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
    wc_Sha512 sha512;
    int ret;

    printf(testingFmt, "wc_InitSha512_224()");

    /* Test good arg. */
    ret = wc_InitSha512_224(&sha512);
    if (ret != 0) {
        flag  = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitSha512_224(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512_224Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_224Update (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
    wc_Sha512 sha512;
    byte hash[WC_SHA512_DIGEST_SIZE];
    testVector a, c;
    int ret;

    ret = wc_InitSha512_224(&sha512);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_Sha512_224Update()");

    /* Input. */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_Sha512_224Update(&sha512, NULL, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512_224Update(&sha512,(byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512_224Final(&sha512, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08"
                   "\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa";

        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha512_224Final(&sha512, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_SHA512_224_DIGEST_SIZE;

        ret = wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512_224Free(&sha512);

    /* If not returned then the unit test passed test vectors. */
    printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_224Final (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
    printf(testingFmt, "wc_Sha512_224Final()");
    flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0);
    printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;
}

static int test_wc_Sha512_224GetFlags (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha512 sha512, copy;
    word32 flags = 0;

    printf(testingFmt, "wc_Sha512_224GetFlags()");

    /* Initialize */
    flag = wc_InitSha512_224(&sha512);
    if (!flag) {
        flag = wc_InitSha512_224(&copy);
    }
    if (!flag) {
        flag = wc_Sha512_224Copy(&sha512, &copy);
    }
    if (!flag) {
        flag = wc_Sha512_224GetFlags(&copy, &flags);
    }
    if (!flag) {
        if (flags & WC_HASH_FLAG_ISCOPY)
            flag = 0;
        else
            flag = WOLFSSL_FATAL_ERROR;
    }
    wc_Sha512_224Free(&copy);
    wc_Sha512_224Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_224FinalRaw (void)
{
    int flag = 0;

#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
    defined(WOLFSSL_SHA512) &&  !defined(WOLFSSL_NOSHA512_224) && \
    !defined(WOLFSSL_NO_HASH_RAW)
    printf(testingFmt, "wc_Sha512_224FinalRaw()");
    flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1);
    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

}

static int test_wc_Sha512_224Free (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
    printf(testingFmt, "wc_Sha512_224Free()");
    wc_Sha512_224Free(NULL);

    printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_224GetHash (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
    printf(testingFmt, "wc_Sha512_224GetHash()");
    flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224);
    printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}
static int test_wc_Sha512_224Copy (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
    wc_Sha512 sha512;
    wc_Sha512 temp;

    printf(testingFmt, "wc_Sha512_224Copy()");

    /* Initialize */
    flag = wc_InitSha512_224(&sha512);
    if (flag == 0) {
        flag = wc_InitSha512_224(&temp);
    }
    if (flag == 0) {
        flag = wc_Sha512_224Copy(&sha512, &temp);
    }
    /*test bad arguements*/
    if (flag == 0) {
        if (wc_Sha512_224Copy(NULL, NULL) != BAD_FUNC_ARG)
            flag = WOLFSSL_FATAL_ERROR;
    }
    if (flag == 0) {
        if (wc_Sha512_224Copy(NULL, &temp) != BAD_FUNC_ARG)
            flag = WOLFSSL_FATAL_ERROR;
    }
    if (flag == 0) {
        if (wc_Sha512_224Copy(&sha512, NULL) != BAD_FUNC_ARG)
            flag = WOLFSSL_FATAL_ERROR;
    }

    wc_Sha512_224Free(&sha512);
    wc_Sha512_224Free(&temp);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_InitSha512_256 (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
    wc_Sha512 sha512;
    int ret;

    printf(testingFmt, "wc_InitSha512_256()");

    /* Test good arg. */
    ret = wc_InitSha512_256(&sha512);
    if (ret != 0) {
        flag  = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitSha512_256(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512_256Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_256Update (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
    wc_Sha512 sha512;
    byte hash[WC_SHA512_DIGEST_SIZE];
    testVector a, c;
    int ret;

    ret = wc_InitSha512_256(&sha512);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_Sha512_256Update()");

    /* Input. */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_Sha512_256Update(&sha512, NULL, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512_256Update(&sha512,(byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha512_256Final(&sha512, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c"
                   "\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31"
                   "\x07\xe7\xaf\x23";

        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha512_256Final(&sha512, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_SHA512_256_DIGEST_SIZE;

        ret = wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha512_256Free(&sha512);

    /* If not returned then the unit test passed test vectors. */
    printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_256Final (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
    printf(testingFmt, "wc_Sha512_256Final()");
    flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0);
    printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;
}

static int test_wc_Sha512_256GetFlags (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha512 sha512, copy;
    word32 flags = 0;

    printf(testingFmt, "wc_Sha512_256GetFlags()");

    /* Initialize */
    flag = wc_InitSha512_256(&sha512);
    if (!flag ) {
        flag = wc_InitSha512_256(&copy);
    }
    if (!flag ) {
        flag = wc_Sha512_256Copy(&sha512, &copy);
    }
    if (!flag ) {
        flag = wc_Sha512_256GetFlags(&copy, &flags);
    }
    if (!flag) {
        if (flags & WC_HASH_FLAG_ISCOPY)
            flag = 0;
        else
            flag = WOLFSSL_FATAL_ERROR;
    }

    wc_Sha512_256Free(&sha512);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_256FinalRaw (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
    defined(WOLFSSL_SHA512) &&  !defined(WOLFSSL_NOSHA512_256) && \
    !defined(WOLFSSL_NO_HASH_RAW)
    printf(testingFmt, "wc_Sha512_256FinalRaw()");
    flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1);
    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

}

static int test_wc_Sha512_256Free (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
    printf(testingFmt, "wc_Sha512_256Free()");
    wc_Sha512_256Free(NULL);

    printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}

static int test_wc_Sha512_256GetHash (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
    printf(testingFmt, "wc_Sha512_256GetHash()");
    flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256);
    printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}
static int test_wc_Sha512_256Copy (void)
{
    int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
    wc_Sha512 sha512;
    wc_Sha512 temp;

    printf(testingFmt, "wc_Sha512_256Copy()");

    /* Initialize */
    flag = wc_InitSha512_256(&sha512);
    if (flag == 0) {
        flag = wc_InitSha512_256(&temp);
    }
    if (flag == 0) {
        flag = wc_Sha512_256Copy(&sha512, &temp);
    }
    /*test bad arguements*/
     if (flag == 0) {
        if (wc_Sha512_256Copy(NULL, NULL) != BAD_FUNC_ARG)
            flag = WOLFSSL_FATAL_ERROR;
     }
     if (flag == 0) {
        if (wc_Sha512_256Copy(NULL, &temp) != BAD_FUNC_ARG)
            flag = WOLFSSL_FATAL_ERROR;
     }
     if (flag == 0) {
        if (wc_Sha512_256Copy(&sha512, NULL) != BAD_FUNC_ARG)
            flag = WOLFSSL_FATAL_ERROR;
    }

    wc_Sha512_256Free(&sha512);
    wc_Sha512_256Free(&temp);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
    return flag;

}



/*
 * Testing wc_InitSha384()
 */
static int test_wc_InitSha384 (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA384
    wc_Sha384 sha384;
    int ret;

    printf(testingFmt, "wc_InitSha384()");

    /* Test good arg. */
    ret = wc_InitSha384(&sha384);
    if (ret != 0) {
        flag = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitSha384(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha384Free(&sha384);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;
} /* END test_wc_InitSha384 */


/*
 * test wc_Sha384Update()
 */
static int test_wc_Sha384Update (void)
{

    int flag = 0;
#ifdef WOLFSSL_SHA384
    wc_Sha384 sha384;
    byte hash[WC_SHA384_DIGEST_SIZE];
    testVector a, b, c;
    int ret;

    ret = wc_InitSha384(&sha384);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_Sha384Update()");

    /* Input */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_Sha384Update(&sha384, NULL, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha384Update(&sha384, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha384Final(&sha384, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
                   "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
                   "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
                   "\xc8\x25\xa7";
        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha384Final(&sha384, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Pass in bad values. */
    if (!flag) {
        b.input = NULL;
        b.inLen = 0;

        ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_SHA384_DIGEST_SIZE;

        ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha384Free(&sha384);

    /* If not returned then the unit test passed test vectors. */
    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha384Update */

/*
 * Unit test function for wc_Sha384Final();
 */
static int test_wc_Sha384Final (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA384
    wc_Sha384 sha384;
    byte* hash_test[3];
    byte hash1[WC_SHA384_DIGEST_SIZE];
    byte hash2[2*WC_SHA384_DIGEST_SIZE];
    byte hash3[5*WC_SHA384_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitSha384(&sha384);
    if (ret) {
        flag = ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_Sha384Final()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Sha384Final(&sha384, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_Sha384Final(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha384Final(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha384Final(&sha384, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha384Free(&sha384);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Sha384Final */
/*
 * Unit test function for wc_Sha384GetFlags()
 */
static int test_wc_Sha384GetFlags (void)
{
    int flag = 0;
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha384 sha384;
    word32 flags = 0;

    printf(testingFmt, "wc_Sha384GetFlags()");

    /* Initialize */
    flag = wc_InitSha384(&sha384);
    if (flag == 0) {
        flag = wc_Sha384GetFlags(&sha384, &flags);
    }
    if (flag == 0) {
        if (flags & WC_HASH_FLAG_ISCOPY) {
            flag = 0;
        }
    }


    wc_Sha384Free(&sha384);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Sha384GetFlags */
/*
 * Unit test function for wc_Sha384FinalRaw()
 */
static int test_wc_Sha384FinalRaw (void)
{
    int flag = 0;
#if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
    !defined(WOLFSSL_NO_HASH_RAW)
    wc_Sha384 sha384;
    byte* hash_test[3];
    byte hash1[WC_SHA384_DIGEST_SIZE];
    byte hash2[2*WC_SHA384_DIGEST_SIZE];
    byte hash3[5*WC_SHA384_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitSha384(&sha384);
    if (ret != 0) {
        flag =  ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_Sha384FinalRaw()");

    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Sha384FinalRaw(&sha384, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag ) {
        ret = wc_Sha384FinalRaw(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha384FinalRaw(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha384FinalRaw(&sha384, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha384Free(&sha384);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha384FinalRaw */
/*
 * Unit test function for wc_Sha384Free()
 */
static int test_wc_Sha384Free (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA384
    printf(testingFmt, "wc_Sha384Free()");
    wc_Sha384Free(NULL);


    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha384Free */
/*
 * Unit test function for wc_Sha384GetHash()
 */
static int test_wc_Sha384GetHash (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA384
    wc_Sha384 sha384;
    byte hash1[WC_SHA384_DIGEST_SIZE];

    printf(testingFmt, "wc_Sha384GetHash()");

    /* Initialize */
    flag = wc_InitSha384(&sha384);

    if (flag == 0) {
        flag = wc_Sha384GetHash(&sha384, hash1);
    }
    /*test bad arguements*/
     if (flag == 0) {
        flag = wc_Sha384GetHash(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha384GetHash(NULL, hash1);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha384GetHash(&sha384, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }

    wc_Sha384Free(&sha384);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha384GetHash */
/*
 * Unit test function for wc_Sha384Copy()
 */
static int test_wc_Sha384Copy (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA384
    wc_Sha384 sha384;
    wc_Sha384 temp;

    printf(testingFmt, "wc_Sha384Copy()");

    /* Initialize */
    flag = wc_InitSha384(&sha384);
    if (flag == 0) {
        flag = wc_InitSha384(&temp);
    }
    if (flag == 0) {
        flag = wc_Sha384Copy(&sha384, &temp);
    }
    /*test bad arguements*/
     if (flag == 0) {
        flag = wc_Sha384Copy(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha384Copy(NULL, &temp);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha384Copy(&sha384, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }

    wc_Sha384Free(&sha384);
    wc_Sha384Free(&temp);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha384Copy */

/*
 * Testing wc_InitSha224();
 */
static int test_wc_InitSha224 (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA224
    wc_Sha224 sha224;
    int ret;

    printf(testingFmt, "wc_InitSha224()");

    /* Test good arg. */
    ret = wc_InitSha224(&sha224);
    if (ret != 0) {
        flag = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitSha224(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha224Free(&sha224);
    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_InitSha224 */

/*
 * Unit test on wc_Sha224Update
 */
static int test_wc_Sha224Update (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA224
    wc_Sha224 sha224;
    byte hash[WC_SHA224_DIGEST_SIZE];
    testVector a, b, c;
    int ret;

    ret = wc_InitSha224(&sha224);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_Sha224Update()");

    /* Input. */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_Sha224Update(&sha224, NULL, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha224Update(&sha224, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }

        ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha224Final(&sha224, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
                    "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_Sha224Final(&sha224, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Pass  in bad values. */
    if (!flag) {
        b.input = NULL;
        b.inLen = 0;

        ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = WC_SHA224_DIGEST_SIZE;

        ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha224Free(&sha224);

    /* If not returned then the unit test passed test vectors. */
    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha224Update */

/*
 * Unit test for wc_Sha224Final();
 */
static int test_wc_Sha224Final (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA224
    wc_Sha224 sha224;
    byte* hash_test[3];
    byte hash1[WC_SHA224_DIGEST_SIZE];
    byte hash2[2*WC_SHA224_DIGEST_SIZE];
    byte hash3[5*WC_SHA224_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitSha224(&sha224);
    if (ret) {
        flag = ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_sha224Final()");
    /* Testing oversized buffers. */
    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_Sha224Final(&sha224, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_Sha224Final(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha224Final(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_Sha224Final(&sha224, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_Sha224Free(&sha224);

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;
} /* END test_wc_Sha224Final */

/*
 * Unit test function for wc_Sha224SetFlags()
 */
static int test_wc_Sha224SetFlags (void)
{
    int flag = 0;
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha224 sha224;
    word32 flags = 0;

    printf(testingFmt, "wc_Sha224SetFlags()");

    /* Initialize */
    flag = wc_InitSha224(&sha224);
    if (flag == 0) {
        flag = wc_Sha224SetFlags(&sha224, flags);
    }
    if (flag == 0) {
        if (flags & WC_HASH_FLAG_ISCOPY) {
            flag = 0;
        }
    }

    wc_Sha224Free(&sha224);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Sha224SetFlags */

/*
 * Unit test function for wc_Sha224GetFlags()
 */
static int test_wc_Sha224GetFlags (void)
{
    int flag = 0;
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha224 sha224;
    word32 flags = 0;

    printf(testingFmt, "wc_Sha224GetFlags()");

    /* Initialize */
    flag = wc_InitSha224(&sha224);
    if (flag == 0) {
        flag = wc_Sha224GetFlags(&sha224, &flags);
    }
    if (flag == 0) {
        if (flags & WC_HASH_FLAG_ISCOPY) {
            flag = 0;
        }
    }


    wc_Sha224Free(&sha224);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Sha224GetFlags */
/*
 * Unit test function for wc_Sha224Free()
 */
static int test_wc_Sha224Free (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA224
    printf(testingFmt, "wc_Sha224Free()");
    wc_Sha224Free(NULL);


    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;

} /* END test_wc_Sha224Free */

/*
 * Unit test function for wc_Sha224GetHash()
 */
static int test_wc_Sha224GetHash (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA224
    wc_Sha224 sha224;
    byte hash1[WC_SHA224_DIGEST_SIZE];

    printf(testingFmt, "wc_Sha224GetHash()");

    /* Initialize */
    flag = wc_InitSha224(&sha224);

    if (flag == 0) {
        flag = wc_Sha224GetHash(&sha224, hash1);
    }
    /*test bad arguements*/
     if (flag == 0) {
        flag = wc_Sha224GetHash(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha224GetHash(NULL, hash1);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha224GetHash(&sha224, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }

    wc_Sha224Free(&sha224);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Sha224GetHash */

/*
 * Unit test function for wc_Sha224Copy()
 */
static int test_wc_Sha224Copy (void)
{
    int flag = 0;
#ifdef WOLFSSL_SHA224
    wc_Sha224 sha224;
    wc_Sha224 temp;

    printf(testingFmt, "wc_Sha224Copy()");

    /* Initialize */
    flag = wc_InitSha224(&sha224);
    if (flag == 0) {
        flag = wc_InitSha224(&temp);
    }
    if (flag == 0) {
        flag = wc_Sha224Copy(&sha224, &temp);
    }
    /*test bad arguements*/
     if (flag == 0) {
        flag = wc_Sha224Copy(NULL, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha224Copy(NULL, &temp);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
     }
     if (flag == 0) {
        flag = wc_Sha224Copy(&sha224, NULL);
        if (flag == BAD_FUNC_ARG) {
            flag = 0;
        }
    }


    wc_Sha224Free(&sha224);
    wc_Sha224Free(&temp);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Sha224Copy */


/*
 * Testing wc_InitRipeMd()
 */
static int test_wc_InitRipeMd (void)
{
    int flag = 0;
#ifdef WOLFSSL_RIPEMD
    RipeMd ripemd;
    int ret;

    printf(testingFmt, "wc_InitRipeMd()");

    /* Test good arg. */
    ret = wc_InitRipeMd(&ripemd);
    if (ret != 0) {
        flag = WOLFSSL_FATAL_ERROR;
    }

    /* Test bad arg. */
    if (!flag) {
        ret = wc_InitRipeMd(NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_InitRipeMd */

/*
 * Testing wc_RipeMdUpdate()
 */
static int test_wc_RipeMdUpdate (void)
{

    int flag = 0;
#ifdef WOLFSSL_RIPEMD
    RipeMd ripemd;
    byte hash[RIPEMD_DIGEST_SIZE];
    testVector a, b, c;
    int ret;

    ret = wc_InitRipeMd(&ripemd);
    if (ret != 0) {
        flag = ret;
    }

    printf(testingFmt, "wc_RipeMdUpdate()");

    /* Input */
    if (!flag) {
        a.input = "a";
        a.inLen = XSTRLEN(a.input);

        ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_RipeMdFinal(&ripemd, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Update input. */
    if (!flag) {
        a.input = "abc";
        a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
                   "\xb0\x87\xf1\x5a\x0b\xfc";
        a.inLen = XSTRLEN(a.input);
        a.outLen = XSTRLEN(a.output);

        ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_RipeMdFinal(&ripemd, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Pass in bad values. */
    if (!flag) {
        b.input = NULL;
        b.inLen = 0;

        ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        c.input = NULL;
        c.inLen = RIPEMD_DIGEST_SIZE;

        ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_RipeMdUdpate */

/*
 * Unit test function for wc_RipeMdFinal()
 */
static int test_wc_RipeMdFinal (void)
{
    int flag = 0;
#ifdef WOLFSSL_RIPEMD
    RipeMd ripemd;
    byte* hash_test[3];
    byte hash1[RIPEMD_DIGEST_SIZE];
    byte hash2[2*RIPEMD_DIGEST_SIZE];
    byte hash3[5*RIPEMD_DIGEST_SIZE];
    int times, i, ret;

    /* Initialize */
    ret = wc_InitRipeMd(&ripemd);
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        hash_test[0] = hash1;
        hash_test[1] = hash2;
        hash_test[2] = hash3;
    }

    times = sizeof(hash_test) / sizeof(byte*);

    /* Good test args. */
    printf(testingFmt, "wc_RipeMdFinal()");
    /* Testing oversized buffers. */
    for (i = 0; i < times; i++) {
        if (!flag) {
            ret = wc_RipeMdFinal(&ripemd, hash_test[i]);
            if (ret != 0) {
                flag = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_RipeMdFinal(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_RipeMdFinal(NULL, hash1);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_RipeMdFinal(&ripemd, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, flag == 0 ? passed : failed);
#endif
    return flag;
} /* END test_wc_RipeMdFinal */


/*
 * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
 * wc_InitSha3_512
 */
static int test_wc_InitSha3 (void)
{
    int             ret = 0;
#if defined(WOLFSSL_SHA3)
    wc_Sha3            sha3;

    (void)sha3;

    #if !defined(WOLFSSL_NOSHA3_224)
        printf(testingFmt, "wc_InitSha3_224()");

        ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);

        /* Test bad args. */
        if (ret == 0) {
            ret = wc_InitSha3_224(NULL, HEAP_HINT, devId);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        wc_Sha3_224_Free(&sha3);
        printf(resultFmt, ret == 0 ? passed : failed);
    #endif /* NOSHA3_224 */
    #if !defined(WOLFSSL_NOSHA3_256)
        if (ret == 0) {
            printf(testingFmt, "wc_InitSha3_256()");

            ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
            /* Test bad args. */
            if (ret == 0) {
                ret = wc_InitSha3_256(NULL, HEAP_HINT, devId);
                if (ret == BAD_FUNC_ARG) {
                    ret = 0;
                } else if (ret == 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }
            wc_Sha3_256_Free(&sha3);
            printf(resultFmt, ret == 0 ? passed : failed);
        } /* END sha3_256 */
    #endif /* NOSHA3_256 */
    #if !defined(WOLFSSL_NOSHA3_384)
        if (ret == 0) {
            printf(testingFmt, "wc_InitSha3_384()");

            ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
            /* Test bad args. */
            if (ret == 0) {
                ret = wc_InitSha3_384(NULL, HEAP_HINT, devId);
                if (ret == BAD_FUNC_ARG) {
                    ret = 0;
                } else if (ret == 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }
            wc_Sha3_384_Free(&sha3);
            printf(resultFmt, ret == 0 ? passed : failed);
        } /* END sha3_384 */
    #endif /* NOSHA3_384 */
    #if !defined(WOLFSSL_NOSHA3_512)
        if (ret == 0) {
            printf(testingFmt, "wc_InitSha3_512()");

            ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
            /* Test bad args. */
            if (ret == 0) {
                ret = wc_InitSha3_512(NULL, HEAP_HINT, devId);
                if (ret == BAD_FUNC_ARG) {
                    ret = 0;
                } else if (ret == 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }
            wc_Sha3_512_Free(&sha3);
            printf(resultFmt, ret == 0 ? passed : failed);
        } /* END sha3_512 */
    #endif /* NOSHA3_512 */
#endif
    return ret;

} /* END test_wc_InitSha3 */


/*
 * Testing wc_Sha3_Update()
 */
static int testing_wc_Sha3_Update (void)
{
    int         ret = 0;

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
   !defined(WOLFSSL_AFALG_XILINX)
    wc_Sha3        sha3;
    byte        msg[] = "Everybody's working for the weekend.";
    byte        msg2[] = "Everybody gets Friday off.";
    byte        msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
                        "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
                        "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
                        "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
                        "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
    word32      msglen = sizeof(msg) - 1;
    word32      msg2len = sizeof(msg2);
    word32      msgCmplen = sizeof(msgCmp);

    #if !defined(WOLFSSL_NOSHA3_224)
        printf(testingFmt, "wc_Sha3_224_Update()");

        ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
        if (ret != 0) {
            return ret;
        }

        ret = wc_Sha3_224_Update(&sha3, msg, msglen);
        if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        if (ret == 0) {
            ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
            if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        /* Pass bad args. */
        if (ret == 0) {
            ret = wc_Sha3_224_Update(NULL, msg2, msg2len);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_Sha3_224_Update(&sha3, NULL, 5);
            }
            if (ret == BAD_FUNC_ARG) {
                wc_Sha3_224_Free(&sha3);
                if (wc_InitSha3_224(&sha3, HEAP_HINT, devId)) {
                    return ret;
                }
                ret = wc_Sha3_224_Update(&sha3, NULL, 0);
                if (ret == 0) {
                    ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
                }
                if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }
        }
        wc_Sha3_224_Free(&sha3);

        printf(resultFmt, ret == 0 ? passed : failed);
    #endif /* SHA3_224 */

    #if !defined(WOLFSSL_NOSHA3_256)
        if (ret == 0) {
            printf(testingFmt, "wc_Sha3_256_Update()");

            ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
            if (ret != 0) {
                return ret;
            }
            ret = wc_Sha3_256_Update(&sha3, msg, msglen);
            if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
                ret = WOLFSSL_FATAL_ERROR;
            }
            if (ret == 0) {
                ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
                if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }
            /* Pass bad args. */
            if (ret == 0) {
                ret = wc_Sha3_256_Update(NULL, msg2, msg2len);
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_Sha3_256_Update(&sha3, NULL, 5);
                }
                if (ret == BAD_FUNC_ARG) {
                    wc_Sha3_256_Free(&sha3);
                    if (wc_InitSha3_256(&sha3, HEAP_HINT, devId)) {
                        return ret;
                    }
                    ret = wc_Sha3_256_Update(&sha3, NULL, 0);
                    if (ret == 0) {
                        ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
                    }
                    if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
                        ret = WOLFSSL_FATAL_ERROR;
                    }
                }
            }
            wc_Sha3_256_Free(&sha3);

            printf(resultFmt, ret == 0 ? passed : failed);
        }
    #endif /* SHA3_256 */

    #if !defined(WOLFSSL_NOSHA3_384)
        if (ret == 0) {
            printf(testingFmt, "wc_Sha3_384_Update()");

            ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
            if (ret != 0) {
                return ret;
            }
            ret = wc_Sha3_384_Update(&sha3, msg, msglen);
            if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
                ret = WOLFSSL_FATAL_ERROR;
            }
            if (ret == 0) {
                ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
                if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }
            /* Pass bad args. */
            if (ret == 0) {
                ret = wc_Sha3_384_Update(NULL, msg2, msg2len);
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_Sha3_384_Update(&sha3, NULL, 5);
                }
                if (ret == BAD_FUNC_ARG) {
                    wc_Sha3_384_Free(&sha3);
                    if (wc_InitSha3_384(&sha3, HEAP_HINT, devId)) {
                        return ret;
                    }
                    ret = wc_Sha3_384_Update(&sha3, NULL, 0);
                    if (ret == 0) {
                        ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
                    }
                    if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
                        ret = WOLFSSL_FATAL_ERROR;
                    }
                }
            }
            wc_Sha3_384_Free(&sha3);

            printf(resultFmt, ret == 0 ? passed : failed);
        }
    #endif /* SHA3_384 */

    #if !defined(WOLFSSL_NOSHA3_512)
        if (ret == 0) {
            printf(testingFmt, "wc_Sha3_512_Update()");

            ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
            if (ret != 0) {
                return ret;
            }
            ret = wc_Sha3_512_Update(&sha3, msg, msglen);
            if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
                ret = WOLFSSL_FATAL_ERROR;
            }
            if (ret == 0) {
                ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
                if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }
            /* Pass bad args. */
            if (ret == 0) {
                ret = wc_Sha3_512_Update(NULL, msg2, msg2len);
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_Sha3_512_Update(&sha3, NULL, 5);
                }
                if (ret == BAD_FUNC_ARG) {
                    wc_Sha3_512_Free(&sha3);
                    if (wc_InitSha3_512(&sha3, HEAP_HINT, devId)) {
                        return ret;
                    }
                    ret = wc_Sha3_512_Update(&sha3, NULL, 0);
                    if (ret == 0) {
                        ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
                    }
                    if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
                        ret = WOLFSSL_FATAL_ERROR;
                    }
                }
            }
            wc_Sha3_512_Free(&sha3);
            printf(resultFmt, ret == 0 ? passed : failed);
        }
    #endif /* SHA3_512 */
#endif /* WOLFSSL_SHA3 */
    return ret;

} /* END testing_wc_Sha3_Update */

/*
 *  Testing wc_Sha3_224_Final()
 */
static int test_wc_Sha3_224_Final (void)
{
    int         ret = 0;

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
    wc_Sha3        sha3;
    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
                         "nopnopq";
    const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
                         "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
                         "\x64\xea\xd0\xfc\xce\x33";
    byte        hash[WC_SHA3_224_DIGEST_SIZE];
    byte        hashRet[WC_SHA3_224_DIGEST_SIZE];

    /* Init stack variables. */
    XMEMSET(hash, 0, sizeof(hash));

    printf(testingFmt, "wc_Sha3_224_Final()");

    ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
    if (ret == 0) {
        ret = wc_Sha3_224_Final(&sha3, hash);
        if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_224_Final(NULL, hash);
        if (ret == 0) {
            ret = wc_Sha3_224_Final(&sha3, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    wc_Sha3_224_Free(&sha3);
    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_Sha3_224_GetHash()");

        ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
        if (ret != 0) {
            return ret;
        }

        /* Init stack variables. */
        XMEMSET(hash, 0, sizeof(hash));
        XMEMSET(hashRet, 0, sizeof(hashRet));

        ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
        if (ret == 0) {
            ret = wc_Sha3_224_GetHash(&sha3, hashRet);
        }

        if (ret == 0) {
            ret = wc_Sha3_224_Final(&sha3, hash);
            if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            /* Test bad args. */
            ret = wc_Sha3_224_GetHash(NULL, hashRet);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_Sha3_224_GetHash(&sha3, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }

        printf(resultFmt, ret == 0 ? passed : failed);
    }

    wc_Sha3_224_Free(&sha3);
#endif
    return ret;
} /* END test_wc_Sha3_224_Final */


/*
 *  Testing wc_Sha3_256_Final()
 */
static int test_wc_Sha3_256_Final (void)
{
    int         ret = 0;

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wc_Sha3        sha3;
    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
                         "nopnopq";
    const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
                        "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
                        "\xdd\x97\x49\x6d\x33\x76";
    byte        hash[WC_SHA3_256_DIGEST_SIZE];
    byte        hashRet[WC_SHA3_256_DIGEST_SIZE];

    /* Init stack variables. */
    XMEMSET(hash, 0, sizeof(hash));

    printf(testingFmt, "wc_Sha3_256_Final()");

    ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
    if (ret == 0) {
        ret = wc_Sha3_256_Final(&sha3, hash);
        if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_256_Final(NULL, hash);
        if (ret == 0) {
            ret = wc_Sha3_256_Final(&sha3, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    wc_Sha3_256_Free(&sha3);
    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_Sha3_256_GetHash()");

        ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
        if (ret != 0) {
            return ret;
        }
        /* Init stack variables. */
        XMEMSET(hash, 0, sizeof(hash));
        XMEMSET(hashRet, 0, sizeof(hashRet));

        ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
        if (ret == 0) {
            ret = wc_Sha3_256_GetHash(&sha3, hashRet);
        }
        if (ret == 0) {
            ret = wc_Sha3_256_Final(&sha3, hash);
            if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            /* Test bad args. */
            ret = wc_Sha3_256_GetHash(NULL, hashRet);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_Sha3_256_GetHash(&sha3, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }

        printf(resultFmt, ret == 0 ? passed : failed);
    }

    wc_Sha3_256_Free(&sha3);
#endif
    return ret;
} /* END test_wc_Sha3_256_Final */


/*
 *  Testing wc_Sha3_384_Final()
 */
static int test_wc_Sha3_384_Final (void)
{
    int         ret = 0;

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
    wc_Sha3        sha3;
    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
                         "nopnopq";
    const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
                         "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
                         "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
                         "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
    byte        hash[WC_SHA3_384_DIGEST_SIZE];
    byte        hashRet[WC_SHA3_384_DIGEST_SIZE];

    /* Init stack variables. */
    XMEMSET(hash, 0, sizeof(hash));

    printf(testingFmt, "wc_Sha3_384_Final()");

    ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
    if (ret == 0) {
        ret = wc_Sha3_384_Final(&sha3, hash);
        if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_384_Final(NULL, hash);
        if (ret == 0) {
            ret = wc_Sha3_384_Final(&sha3, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    wc_Sha3_384_Free(&sha3);
    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_Sha3_384_GetHash()");

        ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
        if (ret != 0) {
            return ret;
        }
        /* Init stack variables. */
        XMEMSET(hash, 0, sizeof(hash));
        XMEMSET(hashRet, 0, sizeof(hashRet));

        ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
        if (ret == 0) {
            ret = wc_Sha3_384_GetHash(&sha3, hashRet);
        }
        if (ret == 0) {
            ret = wc_Sha3_384_Final(&sha3, hash);
            if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            /* Test bad args. */
            ret = wc_Sha3_384_GetHash(NULL, hashRet);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_Sha3_384_GetHash(&sha3, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }

        printf(resultFmt, ret == 0 ? passed : failed);
    }

    wc_Sha3_384_Free(&sha3);
#endif
    return ret;
} /* END test_wc_Sha3_384_Final */



/*
 *  Testing wc_Sha3_512_Final()
 */
static int test_wc_Sha3_512_Final (void)
{
    int         ret = 0;

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
   !defined(WOLFSSL_NOSHA3_384)
    wc_Sha3        sha3;
    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
                         "nopnopq";
    const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
                         "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
                         "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
                         "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
                         "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
    byte        hash[WC_SHA3_512_DIGEST_SIZE];
    byte        hashRet[WC_SHA3_512_DIGEST_SIZE];

    /* Init stack variables. */
    XMEMSET(hash, 0, sizeof(hash));

    printf(testingFmt, "wc_Sha3_512_Final()");

    ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
    if (ret == 0) {
        ret = wc_Sha3_512_Final(&sha3, hash);
        if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_512_Final(NULL, hash);
        if (ret == 0) {
            ret = wc_Sha3_384_Final(&sha3, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    wc_Sha3_512_Free(&sha3);
    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_Sha3_512_GetHash()");

        ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
        if (ret != 0) {
            return ret;
        }
        /* Init stack variables. */
        XMEMSET(hash, 0, sizeof(hash));
        XMEMSET(hashRet, 0, sizeof(hashRet));

        ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
        if (ret == 0) {
            ret = wc_Sha3_512_GetHash(&sha3, hashRet);
        }
        if (ret == 0) {
            ret = wc_Sha3_512_Final(&sha3, hash);
            if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            /* Test bad args. */
            ret = wc_Sha3_512_GetHash(NULL, hashRet);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_Sha3_512_GetHash(&sha3, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }

        printf(resultFmt, ret == 0 ? passed : failed);
    }

    wc_Sha3_512_Free(&sha3);
#endif
    return ret;
} /* END test_wc_Sha3_512_Final */


/*
 *  Testing wc_Sha3_224_Copy()
 */
static int test_wc_Sha3_224_Copy (void)
{
    int         ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
    wc_Sha3        sha3, sha3Cpy;
    const char* msg = TEST_STRING;
    word32      msglen = (word32)TEST_STRING_SZ;
    byte        hash[WC_SHA3_224_DIGEST_SIZE];
    byte        hashCpy[WC_SHA3_224_DIGEST_SIZE];

    XMEMSET(hash, 0, sizeof(hash));
    XMEMSET(hashCpy, 0, sizeof(hashCpy));

    printf(testingFmt, "wc_Sha3_224_Copy()");

    ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, devId);
    if (ret != 0) {
    wc_Sha3_224_Free(&sha3);
    return ret;
    }

    ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen);

    if (ret == 0) {
        ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3);
        if (ret == 0) {
            ret = wc_Sha3_224_Final(&sha3, hash);
            if (ret == 0) {
                ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy);
            }
        }
        if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_224_Copy(NULL, &sha3);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Sha3_224_Copy(&sha3Cpy, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Sha3_224_Copy */



/*
 *  Testing wc_Sha3_256_Copy()
 */
static int test_wc_Sha3_256_Copy (void)
{
    int         ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
    wc_Sha3        sha3, sha3Cpy;
    const char* msg = TEST_STRING;
    word32      msglen = (word32)TEST_STRING_SZ;
    byte        hash[WC_SHA3_256_DIGEST_SIZE];
    byte        hashCpy[WC_SHA3_256_DIGEST_SIZE];

    XMEMSET(hash, 0, sizeof(hash));
    XMEMSET(hashCpy, 0, sizeof(hashCpy));

    printf(testingFmt, "wc_Sha3_256_Copy()");

    ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, devId);
    if (ret != 0) {
    wc_Sha3_256_Free(&sha3);
    return ret;
    }

    ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen);

    if (ret == 0) {
        ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3);
        if (ret == 0) {
            ret = wc_Sha3_256_Final(&sha3, hash);
            if (ret == 0) {
                ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy);
            }
        }
        if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_256_Copy(NULL, &sha3);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Sha3_256_Copy(&sha3Cpy, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Sha3_256_Copy */



/*
 *  Testing wc_Sha3_384_Copy()
 */
static int test_wc_Sha3_384_Copy (void)
{
    int         ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
    wc_Sha3        sha3, sha3Cpy;
    const char* msg = TEST_STRING;
    word32      msglen = (word32)TEST_STRING_SZ;
    byte        hash[WC_SHA3_384_DIGEST_SIZE];
    byte        hashCpy[WC_SHA3_384_DIGEST_SIZE];

    XMEMSET(hash, 0, sizeof(hash));
    XMEMSET(hashCpy, 0, sizeof(hashCpy));

    printf(testingFmt, "wc_Sha3_384_Copy()");

    ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, devId);
    if (ret != 0) {
    wc_Sha3_384_Free(&sha3);
    return ret;
    }

    ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen);

    if (ret == 0) {
        ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3);
        if (ret == 0) {
            ret = wc_Sha3_384_Final(&sha3, hash);
            if (ret == 0) {
                ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy);
            }
        }
        if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_384_Copy(NULL, &sha3);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Sha3_384_Copy(&sha3Cpy, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Sha3_384_Copy */


/*
 *  Testing wc_Sha3_512_Copy()
 */
static int test_wc_Sha3_512_Copy (void)
{
    int         ret = 0;

#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
    wc_Sha3        sha3, sha3Cpy;
    const char* msg = TEST_STRING;
    word32      msglen = (word32)TEST_STRING_SZ;
    byte        hash[WC_SHA3_512_DIGEST_SIZE];
    byte        hashCpy[WC_SHA3_512_DIGEST_SIZE];

    XMEMSET(hash, 0, sizeof(hash));
    XMEMSET(hashCpy, 0, sizeof(hashCpy));


    printf(testingFmt, "wc_Sha3_512_Copy()");

    ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, devId);
    if (ret != 0) {
    wc_Sha3_512_Free(&sha3);
    return ret;
    }

    ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen);

    if (ret == 0) {
        ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3);
        if (ret == 0) {
            ret = wc_Sha3_512_Final(&sha3, hash);
            if (ret == 0) {
                ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy);
            }
        }
        if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Sha3_512_Copy(NULL, &sha3);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Sha3_512_Copy(&sha3Cpy, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Sha3_512_Copy */
/*
 * Unit test function for wc_Sha3_GetFlags()
 */
static int test_wc_Sha3_GetFlags (void)
{
    int ret = 0;
#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
    wc_Sha3            sha3;
    word32             flags = 0;


    printf(testingFmt, "wc_Sha3_GetFlags()");

    /* Initialize */
    ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }
    if (ret == 0) {
        ret = wc_Sha3_GetFlags(&sha3, &flags);
    }
    if (ret == 0) {
        if (flags & WC_HASH_FLAG_ISCOPY) {
            ret = 0;
        }
    }
    wc_Sha3_224_Free(&sha3);
    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Sha3_GetFlags */




static int test_wc_InitShake256 (void)
{
    int             ret = 0;
#ifdef WOLFSSL_SHAKE256
    wc_Shake        shake;

    printf(testingFmt, "wc_InitShake256()");

    ret = wc_InitShake256(&shake, HEAP_HINT, devId);
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_InitShake256(NULL, HEAP_HINT, devId);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    wc_Shake256_Free(&shake);
    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;

} /* END test_wc_InitSha3 */


static int testing_wc_Shake256_Update (void)
{
    int         ret = 0;

#ifdef WOLFSSL_SHAKE256
    wc_Shake    shake;
    byte        msg[] = "Everybody's working for the weekend.";
    byte        msg2[] = "Everybody gets Friday off.";
    byte        msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
                        "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
                        "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
                        "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
                        "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
    word32      msglen = sizeof(msg) - 1;
    word32      msg2len = sizeof(msg2);
    word32      msgCmplen = sizeof(msgCmp);

    printf(testingFmt, "wc_Shake256_Update()");

    ret = wc_InitShake256(&shake, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }
    ret = wc_Shake256_Update(&shake, msg, msglen);
    if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (ret == 0) {
        ret = wc_Shake256_Update(&shake, msg2, msg2len);
        if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Pass bad args. */
    if (ret == 0) {
        ret = wc_Shake256_Update(NULL, msg2, msg2len);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Shake256_Update(&shake, NULL, 5);
        }
        if (ret == BAD_FUNC_ARG) {
            wc_Shake256_Free(&shake);
            if (wc_InitShake256(&shake, HEAP_HINT, devId)) {
                return ret;
            }
            ret = wc_Shake256_Update(&shake, NULL, 0);
            if (ret == 0) {
                ret = wc_Shake256_Update(&shake, msg2, msg2len);
            }
            if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }
    wc_Shake256_Free(&shake);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif /* WOLFSSL_SHAKE256 */

    return ret;

}

static int test_wc_Shake256_Final (void)
{
    int         ret = 0;

#ifdef WOLFSSL_SHAKE256
    wc_Shake    shake;
    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
                         "nopnopq";
    const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
                         "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
                         "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
                         "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
                         "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
                         "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
                         "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
                         "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
                         "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
    byte        hash[114];

    /* Init stack variables. */
    XMEMSET(hash, 0, sizeof(hash));

    printf(testingFmt, "wc_Shake256_Final()");

    ret = wc_InitShake256(&shake, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg));
    if (ret == 0) {
        ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash));
        if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash));
        if (ret == 0) {
            ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    wc_Shake256_Free(&shake);
    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}
/*
 *  Testing wc_Shake256_Copy()
 */
static int test_wc_Shake256_Copy (void)
{
    int         ret = 0;
#ifdef WOLFSSL_SHAKE256
    wc_Shake    shake, shakeCpy;
    const char* msg = TEST_STRING;
    word32      msglen = (word32)TEST_STRING_SZ;
    byte        hash[144];
    byte        hashCpy[144];
    word32      hashLen = sizeof(hash);
    word32      hashLenCpy = sizeof(hashCpy);

    XMEMSET(hash, 0, sizeof(hash));
    XMEMSET(hashCpy, 0, sizeof(hashCpy));

    printf(testingFmt, "wc_Shake256_Copy()");

    ret = wc_InitShake256(&shake, HEAP_HINT, devId);
    if (ret != 0) {
        return ret;
    }

    ret = wc_InitShake256(&shakeCpy, HEAP_HINT, devId);
    if (ret != 0) {
        wc_Shake256_Free(&shake);
        return ret;
    }

    ret = wc_Shake256_Update(&shake, (byte*)msg, msglen);

    if (ret == 0) {
        ret = wc_Shake256_Copy(&shakeCpy, &shake);
        if (ret == 0) {
            ret = wc_Shake256_Final(&shake, hash, hashLen);
            if (ret == 0) {
                ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy);
            }
        }
        if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Shake256_Copy(NULL, &shake);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Shake256_Copy(&shakeCpy, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    wc_Shake256_Free(&shake);
    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Shake256_Copy */
/*
 * Unit test function for wc_Shake256Hash()
 */
static int test_wc_Shake256Hash(void)
{
    int ret = 0;
#ifdef WOLFSSL_SHAKE256

    const byte data[] = { /* Hello World */
        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
        0x72,0x6c,0x64
    };
    word32      len = sizeof(data);
    byte        hash[144];
    word32      hashLen = sizeof(hash);

    printf(testingFmt, "wc_Shake256Hash()");

    ret = wc_Shake256Hash(data, len, hash, hashLen);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}  /* END test_wc_Shake256Hash */
/*
 * unit test for wc_IdeaSetKey()
 */
static int test_wc_IdeaSetKey (void)
{
    int ret = 0;
#ifdef HAVE_IDEA

    Idea        idea;
    const byte  key[] =
    {
        0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
        0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
    };
    int         flag = 0;

    printf(testingFmt, "wc_IdeaSetKey()");
    /*IV can be NULL, default value is 0*/
    ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
    if (ret == 0) {
        ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
    }
    /* Bad args. */
    if (ret == 0) {
        ret = wc_IdeaSetKey(NULL, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
        if (ret != BAD_FUNC_ARG) {
            flag = 1;
        }
        ret = wc_IdeaSetKey(&idea, NULL, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
        if (ret != BAD_FUNC_ARG) {
            flag = 1;
        }
        ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE - 1,
                                    NULL, IDEA_ENCRYPTION);
        if (ret != BAD_FUNC_ARG) {
            flag = 1;
        }
        ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, -1);
        if (ret != BAD_FUNC_ARG) {
            flag = 1;
        }
        if (flag == 1) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    } /* END Test Bad Args. */

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_IdeaSetKey */

/*
 * Unit test for wc_IdeaSetIV()
 */
static int test_wc_IdeaSetIV (void)
{
    int     ret = 0;
#ifdef HAVE_IDEA
    Idea    idea;

    printf(testingFmt, "wc_IdeaSetIV()");

    ret = wc_IdeaSetIV(&idea, NULL);
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_IdeaSetIV(NULL, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;

} /* END test_wc_IdeaSetIV */

/*
 * Unit test for wc_IdeaCipher()
 */
static int test_wc_IdeaCipher (void)
{
    int     ret = 0;
#ifdef HAVE_IDEA
    Idea        idea;
    const byte  key[] =
    {
        0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
        0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48
    };
    const byte  plain[] =
    {
        0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
    };
    byte    enc[sizeof(plain)];
    byte    dec[sizeof(enc)];

    printf(testingFmt, "wc_IdeaCipher()");

    ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
    if (ret == 0) {
        ret = wc_IdeaCipher(&idea, enc, plain);
        if (ret != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    if (ret == 0) {
        ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
        if (ret == 0) {
            ret = wc_IdeaCipher(&idea, dec, enc);
        }
        if (ret == 0) {
            ret = XMEMCMP(plain, dec, IDEA_BLOCK_SIZE);
        }
        if (ret != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Pass Bad Args. */
    if (ret == 0) {
        ret = wc_IdeaCipher(NULL, enc, dec);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_IdeaCipher(&idea, NULL, dec);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_IdeaCipher(&idea, enc, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_IdeaCipher */

/*
 * Unit test for functions wc_IdeaCbcEncrypt and wc_IdeaCbcDecrypt
 */
static int test_wc_IdeaCbcEncyptDecrypt (void)
{
    int         ret = 0;
#ifdef HAVE_IDEA
    Idea        idea;
    const byte  key[] =
    {
        0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
        0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
    };
    const char* message = "International Data Encryption Algorithm";
    byte        msg_enc[40];
    byte        msg_dec[40];

    printf(testingFmt, "wc_IdeaCbcEncrypt()");

    ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_ENCRYPTION);
    if (ret == 0) {
        ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
                                        (word32)XSTRLEN(message) + 1);
    }
    if (ret == 0) {
        ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_DECRYPTION);
    }
    if (ret == 0) {
        ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
                                            (word32)XSTRLEN(message) + 1);
        if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Test bad args. Enc */
    if (ret == 0) {
        ret = wc_IdeaCbcEncrypt(NULL, msg_enc, (byte*)message,
                                    (word32)XSTRLEN(message) + 1);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_IdeaCbcEncrypt(&idea, NULL, (byte*)message,
                                    (word32)XSTRLEN(message) + 1);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_IdeaCbcEncrypt(&idea, msg_enc, NULL,
                                    (word32)XSTRLEN(message) + 1);
        }
        if (ret != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    } /* END test bad args ENC  */

    /* Test bad args DEC */
    if (ret == 0) {
        ret = wc_IdeaCbcDecrypt(NULL, msg_dec, msg_enc,
                                    (word32)XSTRLEN(message) + 1);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_IdeaCbcDecrypt(&idea, NULL, msg_enc,
                                    (word32)XSTRLEN(message) + 1);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_IdeaCbcDecrypt(&idea, msg_dec, NULL,
                                    (word32)XSTRLEN(message) + 1);
        }
        if (ret != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_IdeaCbcEncryptDecrypt */


/*
 * Test function for wc_HmacSetKey
 */
static int test_wc_Md5HmacSetKey (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5)
    Hmac hmac;
    int ret,  times, itr;

    const char* keys[]=
    {
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
#ifndef HAVE_FIPS
        "Jefe", /* smaller than minimum FIPS key size */
#endif
        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
    };

    times = sizeof(keys) / sizeof(char*);
    flag = 0;

    printf(testingFmt, "wc_HmacSetKey() with MD5");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    for (itr = 0; itr < times; itr++) {
        ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
                            (word32)XSTRLEN(keys[itr]));
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Bad args. */
    if (!flag) {
        ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
                                        (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
                                        (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
        if (ret != HMAC_MIN_KEYLEN_E) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#else
        if (ret != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#endif
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Md5HmacSetKey */


/*
 * testing wc_HmacSetKey() on wc_Sha hash.
 */
static int test_wc_ShaHmacSetKey (void)
{

    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
    Hmac hmac;
    int ret, times, itr;

    const char* keys[]=
    {
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b",
#ifndef HAVE_FIPS
        "Jefe", /* smaller than minimum FIPS key size */
#endif
        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                "\xAA\xAA\xAA"
    };

    times = sizeof(keys) / sizeof(char*);
    flag = 0;

    printf(testingFmt, "wc_HmacSetKey() with SHA");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    for (itr = 0; itr < times; itr++) {
        ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
                                        (word32)XSTRLEN(keys[itr]));
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Bad args. */
    if (!flag) {
        ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
                                        (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
                                        (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
        if (ret != HMAC_MIN_KEYLEN_E) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#else
        if (ret != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#endif
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_ShaHmacSetKey() */

/*
 * testing wc_HmacSetKey() on Sha224 hash.
 */
static int test_wc_Sha224HmacSetKey (void)
{

    int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
    Hmac hmac;
    int ret, times, itr;

    const char* keys[]=
    {
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b",
#ifndef HAVE_FIPS
        "Jefe", /* smaller than minimum FIPS key size */
#endif
        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                "\xAA\xAA\xAA"
    };

    times = sizeof(keys) / sizeof(char*);
    flag = 0;

    printf(testingFmt, "wc_HmacSetKey() with SHA 224");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    for (itr = 0; itr < times; itr++) {
        ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
                                            (word32)XSTRLEN(keys[itr]));
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Bad args. */
    if (!flag) {
        ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
                                            (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
                                            (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
        if (ret != HMAC_MIN_KEYLEN_E) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#else
        if (ret != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#endif
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha224HmacSetKey() */

 /*
  * testing wc_HmacSetKey() on Sha256 hash
  */
static int test_wc_Sha256HmacSetKey (void)
{

    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
    Hmac hmac;
    int ret, times, itr;

    const char* keys[]=
    {
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b",
#ifndef HAVE_FIPS
        "Jefe", /* smaller than minimum FIPS key size */
#endif
        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                "\xAA\xAA\xAA"
    };

    times = sizeof(keys) / sizeof(char*);
    flag = 0;

    printf(testingFmt, "wc_HmacSetKey() with SHA256");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    for (itr = 0; itr < times; itr++) {
        ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
                                            (word32)XSTRLEN(keys[itr]));
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Bad args. */
    if (!flag) {
        ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
                                            (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
                                            (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
        if (ret != HMAC_MIN_KEYLEN_E) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#else
        if (ret != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#endif
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha256HmacSetKey() */


/*
 * testing wc_HmacSetKey on Sha384 hash.
 */
static int test_wc_Sha384HmacSetKey (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
    Hmac hmac;
    int ret, times, itr;

    const char* keys[]=
    {
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b",
#ifndef HAVE_FIPS
        "Jefe", /* smaller than minimum FIPS key size */
#endif
        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                "\xAA\xAA\xAA"
    };

    times = sizeof(keys) / sizeof(char*);
    flag = 0;

    printf(testingFmt, "wc_HmacSetKey() with SHA384");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    for (itr = 0; itr < times; itr++) {
        ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
                                            (word32)XSTRLEN(keys[itr]));
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Bad args. */
    if (!flag) {
        ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
                                            (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
                                            (word32)XSTRLEN(keys[0]));
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
        if (ret != HMAC_MIN_KEYLEN_E) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#else
        if (ret != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
#endif
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha384HmacSetKey() */


/*
 * testing wc_HmacUpdate on wc_Md5 hash.
 */
static int test_wc_Md5HmacUpdate (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5)
    Hmac hmac;
    testVector a, b;
    int ret;
#ifdef HAVE_FIPS
    const char* keys =
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
    const char* keys = "Jefe";
#endif

    a.input = "what do ya want for nothing?";
    a.inLen  = XSTRLEN(a.input);

    b.input = "Hi There";
    b.inLen = XSTRLEN(b.input);

    flag = 0;

    printf(testingFmt, "wc_HmacUpdate() with MD5");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }
    /* Update Hmac. */
    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Md5HmacUpdate */

/*
 * testing wc_HmacUpdate on SHA hash.
 */
static int test_wc_ShaHmacUpdate (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
    Hmac hmac;
    testVector a, b;
    int ret;
#ifdef HAVE_FIPS
    const char* keys =
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
    const char* keys = "Jefe";
#endif

    a.input = "what do ya want for nothing?";
    a.inLen  = XSTRLEN(a.input);

    b.input = "Hi There";
    b.inLen = XSTRLEN(b.input);

    flag = 0;

    printf(testingFmt, "wc_HmacUpdate() with SHA");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }
    /* Update Hmac. */
    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_ShaHmacUpdate */

/*
 * testing wc_HmacUpdate on SHA224 hash.
 */
static int test_wc_Sha224HmacUpdate (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
    Hmac hmac;
    testVector a, b;
    int ret;
#ifdef HAVE_FIPS
    const char* keys =
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
    const char* keys = "Jefe";
#endif

    a.input = "what do ya want for nothing?";
    a.inLen  = XSTRLEN(a.input);

    b.input = "Hi There";
    b.inLen = XSTRLEN(b.input);

    flag = 0;

    printf(testingFmt, "wc_HmacUpdate() with SHA224");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }
    /* Update Hmac. */
    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha224HmacUpdate */

/*
 * testing wc_HmacUpdate on SHA256 hash.
 */
static int test_wc_Sha256HmacUpdate (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
    Hmac hmac;
    testVector a, b;
    int ret;
#ifdef HAVE_FIPS
    const char* keys =
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
    const char* keys = "Jefe";
#endif

    a.input = "what do ya want for nothing?";
    a.inLen  = XSTRLEN(a.input);

    b.input = "Hi There";
    b.inLen = XSTRLEN(b.input);

    flag = 0;

    printf(testingFmt, "wc_HmacUpdate() with WC_SHA256");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }
    /* Update Hmac. */
    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha256HmacUpdate */

/*
 * testing wc_HmacUpdate on SHA384  hash.
 */
static int test_wc_Sha384HmacUpdate (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
    Hmac hmac;
    testVector a, b;
    int ret;
#ifdef HAVE_FIPS
    const char* keys =
        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
    const char* keys = "Jefe";
#endif

    a.input = "what do ya want for nothing?";
    a.inLen  = XSTRLEN(a.input);

    b.input = "Hi There";
    b.inLen = XSTRLEN(b.input);

    flag = 0;

    printf(testingFmt, "wc_HmacUpdate() with SHA384");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }
    /* Update Hmac. */
    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    /* Test bad args. */
    if (!flag) {
        ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
        if (ret != 0) {
            flag = ret;
        }
    }

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha384HmacUpdate */

/*
 * Testing wc_HmacFinal() with MD5
 */

static int test_wc_Md5HmacFinal (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5)
    Hmac hmac;
    byte hash[WC_MD5_DIGEST_SIZE];
    testVector a;
    int ret;
    const char* key;

    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
    a.input = "Hi There";
    a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
               "\x9d";
    a.inLen  = XSTRLEN(a.input);
    a.outLen = XSTRLEN(a.output);

    flag = 0;

    printf(testingFmt, "wc_HmacFinal() with MD5");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_HmacFinal(&hmac, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try bad parameters. */
    if (!flag) {
        ret = wc_HmacFinal(NULL, hash);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

#ifndef HAVE_FIPS
    if (!flag) {
        ret = wc_HmacFinal(&hmac, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_Md5HmacFinal */

/*
 * Testing wc_HmacFinal() with SHA
 */
static int test_wc_ShaHmacFinal (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
    Hmac hmac;
    byte hash[WC_SHA_DIGEST_SIZE];
    testVector a;
    int ret;
    const char* key;

    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b";
    a.input = "Hi There";
    a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
               "\x8e\xf1\x46\xbe\x00";
    a.inLen  = XSTRLEN(a.input);
    a.outLen = XSTRLEN(a.output);

    flag = 0;

    printf(testingFmt, "wc_HmacFinal() with SHA");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_HmacFinal(&hmac, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try bad parameters. */
    if (!flag) {
        ret = wc_HmacFinal(NULL, hash);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

#ifndef HAVE_FIPS
    if (!flag) {
        ret = wc_HmacFinal(&hmac, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;

} /* END test_wc_ShaHmacFinal */


/*
 * Testing wc_HmacFinal() with SHA224
 */
static int test_wc_Sha224HmacFinal (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
    Hmac hmac;
    byte hash[WC_SHA224_DIGEST_SIZE];
    testVector a;
    int ret;
    const char* key;

    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b";
    a.input = "Hi There";
    a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
               "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
    a.inLen  = XSTRLEN(a.input);
    a.outLen = XSTRLEN(a.output);

    flag = 0;

    printf(testingFmt, "wc_HmacFinal() with SHA224");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_HmacFinal(&hmac, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try bad parameters. */
    if (!flag) {
        ret = wc_HmacFinal(NULL, hash);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

#ifndef HAVE_FIPS
    if (!flag) {
        ret = wc_HmacFinal(&hmac, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha224HmacFinal */

/*
 * Testing wc_HmacFinal() with SHA256
 */
static int test_wc_Sha256HmacFinal (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
    Hmac hmac;
    byte hash[WC_SHA256_DIGEST_SIZE];
    testVector a;
    int ret;
    const char* key;

    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b";
    a.input = "Hi There";
    a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
               "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
               "\xcf\xf7";
    a.inLen  = XSTRLEN(a.input);
    a.outLen = XSTRLEN(a.output);

    flag = 0;

    printf(testingFmt, "wc_HmacFinal() with WC_SHA256");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_HmacFinal(&hmac, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try bad parameters. */
    if (!flag) {
        ret = wc_HmacFinal(NULL, hash);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

#ifndef HAVE_FIPS
    if (!flag) {
        ret = wc_HmacFinal(&hmac, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha256HmacFinal */

/*
 * Testing wc_HmacFinal() with SHA384
 */
static int test_wc_Sha384HmacFinal (void)
{
    int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
    Hmac hmac;
    byte hash[WC_SHA384_DIGEST_SIZE];
    testVector a;
    int ret;
    const char* key;

    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                                                                "\x0b\x0b\x0b";
    a.input = "Hi There";
    a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
               "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
               "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
               "\xfa\x9c\xb6";
    a.inLen  = XSTRLEN(a.input);
    a.outLen = XSTRLEN(a.output);

    flag = 0;

    printf(testingFmt, "wc_HmacFinal() with SHA384");

    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key));
    if (ret != 0) {
        flag = ret;
    }

    if (!flag) {
        ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        ret = wc_HmacFinal(&hmac, hash);
        if (ret != 0) {
            flag = ret;
        }
    }

    if (!flag) {
        if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Try bad parameters. */
    if (!flag) {
        ret = wc_HmacFinal(NULL, hash);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }
#ifndef HAVE_FIPS
    if (!flag) {
        ret = wc_HmacFinal(&hmac, NULL);
        if (ret != BAD_FUNC_ARG) {
            flag = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    wc_HmacFree(&hmac);

    printf(resultFmt, flag == 0 ? passed : failed);

#endif
    return flag;
} /* END test_wc_Sha384HmacFinal */



/*
 * Testing wc_InitCmac()
 */
static int test_wc_InitCmac (void)
{
    int         ret = 0;

#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
    Cmac        cmac1, cmac2, cmac3;
    /* AES 128 key. */
    byte        key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
                         "\x09\x10\x11\x12\x13\x14\x15\x16";
    /* AES 192 key. */
    byte        key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
                         "\x09\x01\x11\x12\x13\x14\x15\x16"
                         "\x01\x02\x03\x04\x05\x06\x07\x08";

    /* AES 256 key. */
    byte        key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
                         "\x09\x01\x11\x12\x13\x14\x15\x16"
                         "\x01\x02\x03\x04\x05\x06\x07\x08"
                         "\x09\x01\x11\x12\x13\x14\x15\x16";

    word32      key1Sz = (word32)sizeof(key1) - 1;
    word32      key2Sz = (word32)sizeof(key2) - 1;
    word32      key3Sz = (word32)sizeof(key3) - 1;
    int         type   = WC_CMAC_AES;

    printf(testingFmt, "wc_InitCmac()");

#ifdef WOLFSSL_AES_128
    ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL);
#endif
#ifdef WOLFSSL_AES_192
    if (ret == 0)
        ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL);
#endif
#ifdef WOLFSSL_AES_256
    if (ret == 0)
        ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL);
#endif

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_InitCmac(&cmac3, key3, 0, type, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    (void)key1;
    (void)key1Sz;
    (void)key2;
    (void)key2Sz;
    (void)cmac1;
    (void)cmac2;

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_InitCmac */


/*
 * Testing wc_CmacUpdate()
 */
static int test_wc_CmacUpdate (void)
{
    int         ret = 0;

#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
    Cmac        cmac;
    byte        key[] =
    {
        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
    };
    byte        in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
                       "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
                       "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
                       "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
                       "\xf4";

    word32      inSz  = (word32)sizeof(in) - 1;
    word32      keySz = (word32)sizeof(key);
    int         type  = WC_CMAC_AES;

    ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
    if (ret != 0) {
        return ret;
    }

    printf(testingFmt, "wc_CmacUpdate()");

    ret = wc_CmacUpdate(&cmac, in, inSz);

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_CmacUpdate(NULL, in, inSz);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_CmacUpdate(&cmac, NULL, 30);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_CmacUpdate */


/*
 * Testing wc_CmacFinal()
 */
static int test_wc_CmacFinal (void)
{
    int         ret = 0;

#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
    Cmac        cmac;
    byte        key[] =
    {
        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
    };
    byte        msg[] =
    {
        0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
        0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
        0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
        0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
        0xf4
    };
    /* Test vectors from CMACGenAES128.rsp from
     * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
     * Per RFC4493 truncation of lsb is possible.
     */
    byte        expMac[] =
    {
        0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
        0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
    };
    byte        mac[AES_BLOCK_SIZE];
    word32      msgSz    = (word32)sizeof(msg);
    word32      keySz    = (word32)sizeof(key);
    word32      macSz    = sizeof(mac);
    word32      badMacSz = 17;
    int         expMacSz = sizeof(expMac);
    int         type     = WC_CMAC_AES;

    XMEMSET(mac, 0, macSz);

    ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
    if (ret != 0) {
        return ret;
    }
    ret = wc_CmacUpdate(&cmac, msg, msgSz);

    printf(testingFmt, "wc_CmacFinal()");
    if (ret == 0) {
        ret = wc_CmacFinal(&cmac, mac, &macSz);
        if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        /* Pass in bad args. */
        if (ret == 0) {
            ret = wc_CmacFinal(NULL, mac, &macSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_CmacFinal(&cmac, NULL, &macSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_CmacFinal(&cmac, mac, &badMacSz);
                if (ret == BUFFER_E) {
                    ret = 0;
                }
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_CmacFinal */


/*
 * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
 */
static int test_wc_AesCmacGenerate (void)
{
    int         ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
    Cmac        cmac;
    byte        key[] =
    {
        0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
        0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
    };
    byte        msg[]    = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
                           "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
    byte        expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
                           "\x3d\x32\x65\x4c\x66\x23\xc5";
    byte        mac[AES_BLOCK_SIZE];
    word32      keySz    = sizeof(key);
    word32      macSz    = sizeof(mac);
    word32      msgSz    = sizeof(msg) - 1;
    word32      expMacSz = sizeof(expMac) - 1;
    int         type     = WC_CMAC_AES;

    XMEMSET(mac, 0, macSz);

    ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
    if (ret != 0) {
        return ret;
    }

    ret = wc_CmacUpdate(&cmac, msg, msgSz);
    if (ret != 0) {
        return ret;
    }

    printf(testingFmt, "wc_AesCmacGenerate()");

    ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);
    if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_AesCmacVerify()");

        ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz);
        /* Test bad args. */
        if (ret == 0) {
            ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }

        printf(resultFmt, ret == 0 ? passed : failed);
    }

#endif
    return ret;

} /* END test_wc_AesCmacGenerate */


/*
 * Testing streaming AES-GCM API.
 */
static int test_wc_AesGcmStream (void)
{
    int ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
    defined(WOLFSSL_AESGCM_STREAM)

    int i;
    WC_RNG rng[1];
    Aes aesEnc[1];
    Aes aesDec[1];
    byte tag[AES_BLOCK_SIZE];
    byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
    byte out[AES_BLOCK_SIZE * 3 + 2];
    byte plain[AES_BLOCK_SIZE * 3 + 2];
    byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
    byte key[AES_128_KEY_SIZE] = { 0, };
    byte iv[AES_IV_SIZE] = { 1, };
    byte ivOut[AES_IV_SIZE];
    static const byte expTagAAD1[AES_BLOCK_SIZE] = {
        0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
        0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
    };
    static const byte expTagPlain1[AES_BLOCK_SIZE] = {
        0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
        0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
    };
    static const byte expTag[AES_BLOCK_SIZE] = {
        0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
        0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
    };

    /* Create a random for generating IV/nonce. */
    AssertIntEQ(wc_InitRng(rng), 0);

    /* Initialize data structures. */
    AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
    AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);

    /* BadParameters to streaming init. */
    AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
                BAD_FUNC_ARG);

    /* Bad parameters to encrypt update. */
    AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
                BAD_FUNC_ARG);
    /* Bad parameters to decrypt update. */
    AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
                BAD_FUNC_ARG);

    /* Bad parameters to encrypt final. */
    AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
                BAD_FUNC_ARG);
    /* Bad parameters to decrypt final. */
    AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
                BAD_FUNC_ARG);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
                BAD_FUNC_ARG);

    /* Check calling final before setting key fails. */
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
    AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
    /* Check calling update before setting key else fails. */
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
                MISSING_KEY);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
                MISSING_KEY);

    /* Set key but not IV. */
    AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
    AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
    /* Check calling final before setting IV fails. */
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
    AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
    /* Check calling update before setting IV else fails. */
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
                MISSING_IV);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
                MISSING_IV);

    /* Set IV using fixed part IV and external IV APIs. */
    AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
                               rng), 0);
    AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
                                        GCM_NONCE_MID_SZ), 0);
    AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
    AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
    /* Encrypt and decrypt data. */
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
    AssertIntEQ(XMEMCMP(plain, in, 1), 0);
    /* Finalize and check tag matches. */
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);

    /* Set key and IV through streaming init API. */
    AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
    AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
    /* Encrypt/decrypt one block and AAD of one block. */
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
                                       AES_BLOCK_SIZE), 0);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
                                       AES_BLOCK_SIZE), 0);
    AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
    /* Finalize and check tag matches. */
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);

    /* Set key and IV through streaming init API. */
    AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
    AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
    /* No data to encrypt/decrypt one byte of AAD. */
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
    /* Finalize and check tag matches. */
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
    AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);

    /* Set key and IV through streaming init API. */
    AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
    AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
    /* Encrypt/decrypt one byte and no AAD. */
    AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
    AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
    AssertIntEQ(XMEMCMP(plain, in, 1), 0);
    /* Finalize and check tag matches. */
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
    AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);

    /* Set key and IV through streaming init API. */
    AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
    AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
    /* Encryption AES is one byte at a time */
    for (i = 0; i < (int)sizeof(aad); i++) {
        AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
            0);
    }
    for (i = 0; i < (int)sizeof(in); i++) {
        AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
                    0);
    }
    /* Decryption AES is two bytes at a time */
    for (i = 0; i < (int)sizeof(aad); i += 2) {
        AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
            0);
    }
    for (i = 0; i < (int)sizeof(aad); i += 2) {
        AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
                                           0), 0);
    }
    AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
    /* Finalize and check tag matches. */
    AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
    AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
    AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);

    /* Check streaming encryption can be decrypted with one shot. */
    AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
    AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
        AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
    AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);

    wc_AesFree(aesEnc);
    wc_AesFree(aesDec);
    wc_FreeRng(rng);

#endif
    return ret;

} /* END test_wc_AesGcmStream */


/*
 * unit test for wc_Des3_SetIV()
 */
static int test_wc_Des3_SetIV (void)
{
    int  ret = 0;
#ifndef NO_DES3
    Des3 des;
    const byte key[] =
    {
        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
    };

    const byte iv[] =
    {
        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
    };

    printf(testingFmt, "wc_Des3_SetIV()");

    ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    /* DES_ENCRYPTION or DES_DECRYPTION */
    ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);

    if (ret == 0) {
        if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
    /* Test explicitly wc_Des3_SetIV()  */
    if (ret == 0) {
        ret = wc_Des3_SetIV(NULL, iv);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_SetIV(&des, NULL);
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    wc_Des3Free(&des);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Des3_SetIV */

/*
 * unit test for wc_Des3_SetKey()
 */
static int test_wc_Des3_SetKey (void)
{
    int  ret = 0;
#ifndef NO_DES3
    Des3 des;
    const byte key[] =
    {
        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
    };

    const byte iv[] =
    {
        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
    };

    printf(testingFmt, "wc_Des3_SetKey()");

    ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    /* DES_ENCRYPTION or DES_DECRYPTION */
    ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
    if (ret == 0) {
        if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_SetKey(&des, key, iv, -1);
        }
        if (ret == BAD_FUNC_ARG) {
            /* Default case. Should return 0. */
            ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION);
        }
    } /* END if ret != 0 */

    wc_Des3Free(&des);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Des3_SetKey */


/*
 * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
 */
static int test_wc_Des3_CbcEncryptDecrypt (void)
{
    int ret = 0;
#ifndef NO_DES3
    Des3 des;
    byte cipher[24];
    byte plain[24];

    const byte key[] =
    {
        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
    };

    const byte iv[] =
    {
        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
    };

    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
    };

    printf(testingFmt, "wc_Des3_CbcEncrypt()");

    ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);

    if (ret == 0) {
        ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24);

        if (ret == 0) {
            ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION);
        }
        if (ret == 0) {
            ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24);
        }
    }

    if (ret == 0) {
        if (XMEMCMP(plain, vector, 24) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector));
        }
        if (ret != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    if (ret == 0) {
        ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24);
        }
        if (ret != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    wc_Des3Free(&des);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END wc_Des3_CbcEncrypt */

/*
 *  Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
 */
static int test_wc_Des3_CbcEncryptDecryptWithKey (void)
{
    int ret = 0;
#ifndef NO_DES3

    word32 vectorSz, cipherSz;
    byte cipher[24];
    byte plain[24];

    byte vector[] = /* Now is the time for all w/o trailing 0 */
    {
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
    };

    byte key[] =
    {
        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
    };

    byte iv[] =
    {
        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
    };


    vectorSz = sizeof(byte) * 24;
    cipherSz = sizeof(byte) * 24;

    printf(testingFmt, "wc_Des3_CbcEncryptWithKey()");

    ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv);
    if (ret == 0) {
        ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv);
        if (ret == 0) {
            if (XMEMCMP(plain, vector, 24) !=  0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* pass in bad args. */
    if (ret == 0) {
        ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz,
                                                                    key, NULL);
        } else {
            /* Return code catch. */
            ret = WOLFSSL_FAILURE;
        }
    }

    if (ret == 0) {
        ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL);
        } else {
            ret = WOLFSSL_FAILURE;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Des3_CbcEncryptDecryptWithKey */
/*
 *  Unit test for wc_Des3_EcbEncrypt
 */
static int test_wc_Des3_EcbEncrypt (void)
{
    int ret = 0;
#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)

    Des3    des;
    byte    cipher[24];
    word32  cipherSz = sizeof(cipher);

    const byte key[] =
    {
        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
    };

    const byte iv[] =
    {
        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
    };

    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
    };

    printf(testingFmt, "wc_Des3_EcbEncrypt()");

    ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
    if (ret != 0) {
        return ret;
    }
    if (ret == 0 ) {
        ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
    }
    /* Bad Cases */
    if (ret == 0) {
        ret = wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_Des3_EcbEncrypt(&des, cipher, vector, 0);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_Des3_EcbEncrypt(NULL, 0, NULL, 0);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    /* Good Cases */
    if (ret == 0) {
        ret = wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz);
    }
    wc_Des3Free(&des);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Des3_EcbEncrypt */

/*
 * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
 */
static int test_wc_Chacha_SetKey (void)
{
    int         ret = 0;
#ifdef HAVE_CHACHA
    ChaCha      ctx;
    const byte  key[] =
    {
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
    };
    byte        cipher[128];

    printf(testingFmt, "wc_Chacha_SetKey()");

    ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Chacha_SetKey(&ctx, key, 18);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);
    if (ret != 0) {
        return ret;
    }

    printf(testingFmt, "wc_Chacha_SetIV");
    ret = wc_Chacha_SetIV(&ctx, cipher, 0);
    if (ret == 0) {
    /* Test bad args. */
        ret = wc_Chacha_SetIV(NULL, cipher, 0);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FAILURE;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Chacha_SetKey */

/*
 * unit test for wc_Poly1305SetKey()
 */
static int test_wc_Poly1305SetKey(void)
{
    int ret = 0;

#ifdef HAVE_POLY1305
    Poly1305      ctx;
    const byte  key[] =
    {
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
    };

    printf(testingFmt, "wc_Poly1305_SetKey()");

    ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
        if(ret == BAD_FUNC_ARG) {
            ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte)));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Poly1305SetKey(&ctx, key, 18);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Poly1305_SetKey() */

/*
 * Testing wc_Chacha_Process()
 */
static int test_wc_Chacha_Process (void)
{
    int         ret = 0;
#ifdef HAVE_CHACHA
    ChaCha      enc, dec;
    byte        cipher[128];
    byte        plain[128];
    const byte  key[] =
    {
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
    };
    const char* input = "Everybody gets Friday off.";
    word32      keySz = sizeof(key)/sizeof(byte);
    unsigned long int inlen = XSTRLEN(input);

    /*Initialize stack varialbes.*/
    XMEMSET(cipher, 0, 128);
    XMEMSET(plain, 0, 128);

    printf(testingFmt, "wc_Chacha_Process()");

    ret = wc_Chacha_SetKey(&enc, key, keySz);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_SetKey(&dec, key, keySz);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_SetIV(&enc, cipher, 0);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_SetIV(&dec, cipher, 0);
    AssertIntEQ(ret, 0);

    ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen);
    AssertIntEQ(ret, 0);
    ret = XMEMCMP(input, plain, (int)inlen);
    AssertIntEQ(ret, 0);

#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
    /* test checking and using leftovers, currently just in C code */
    ret = wc_Chacha_SetIV(&enc, cipher, 0);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_SetIV(&dec, cipher, 0);
    AssertIntEQ(ret, 0);

    ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_Process(&enc, cipher + (inlen - 2),
            (byte*)input + (inlen - 2), 2);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2);
    AssertIntEQ(ret, 0);
    ret = wc_Chacha_Process(&dec, cipher + (inlen - 2),
            (byte*)input + (inlen - 2), 2);
    AssertIntEQ(ret, 0);
    ret = XMEMCMP(input, plain, (int)inlen);
    AssertIntEQ(ret, 0);

    /* check edge cases with counter increment */
    {
        /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
        const byte expected[] = {
            0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
            0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
            0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
            0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
            0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
            0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
            0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
            0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
            0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
            0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
            0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
            0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
            0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
            0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
            0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
            0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
            0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
            0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
            0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
            0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
            0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
            0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
            0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
            0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
            0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
            0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
            0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
            0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
            0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
            0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
            0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
            0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
        };
        const byte iv2[] = {
            0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
            0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
        };
        byte input2[256];
        int i;

        for (i = 0; i < 256; i++)
            input2[i] = i;

        ret = wc_Chacha_SetIV(&enc, iv2, 0);
        AssertIntEQ(ret, 0);

        ret = wc_Chacha_Process(&enc, cipher, input2, 64);
        AssertIntEQ(ret, 0);
        AssertIntEQ(XMEMCMP(expected, cipher, 64), 0);

        ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128);
        AssertIntEQ(ret, 0);
        AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);

        /* partial */
        ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32);
        AssertIntEQ(ret, 0);
        AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);

        ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32);
        AssertIntEQ(ret, 0);
        AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
    }
#endif

    /* Test bad args. */
    ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen);
    AssertIntEQ(ret, BAD_FUNC_ARG);
    if (ret == BAD_FUNC_ARG) {
        ret = 0;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Chacha_Process */

/*
 * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
 */
static int test_wc_ChaCha20Poly1305_aead (void)
{
    int   ret = 0;
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
    const byte  key[] = {
        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
    };

    const byte  plaintext[] = {
        0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
        0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
        0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
        0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
        0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
        0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
        0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
        0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
        0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
        0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
        0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
        0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
        0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
        0x74, 0x2e
    };

    const byte  iv[] = {
        0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
        0x44, 0x45, 0x46, 0x47
    };

    const byte  aad[] = { /* additional data */
        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
        0xc4, 0xc5, 0xc6, 0xc7
    };
    const byte  cipher[] = { /* expected output from operation */
        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
        0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
        0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
        0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
        0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
        0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
        0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
        0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
        0x61, 0x16
    };
    const byte  authTag[] = { /* expected output from operation */
        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
    };
    byte        generatedCiphertext[272];
    byte        generatedPlaintext[272];
    byte        generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];

    /* Initialize stack variables. */
    XMEMSET(generatedCiphertext, 0, 272);
    XMEMSET(generatedPlaintext, 0, 272);

    /* Test Encrypt */
    printf(testingFmt, "wc_ChaCha20Poly1305_Encrypt()");

    ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext,
                sizeof(plaintext), generatedCiphertext, generatedAuthTag);
    AssertIntEQ(ret, 0);
    ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte));
    AssertIntEQ(ret, 0);

    /* Test bad args. */
    ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext,
                    sizeof(plaintext), generatedCiphertext, generatedAuthTag);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
                                        plaintext, sizeof(plaintext),
                                        generatedCiphertext, generatedAuthTag);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
                    sizeof(plaintext), generatedCiphertext, generatedAuthTag);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
                    plaintext, 0, generatedCiphertext, generatedAuthTag);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
                    plaintext, sizeof(plaintext), NULL, generatedAuthTag);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
                    plaintext, sizeof(plaintext), generatedCiphertext, NULL);
    if (ret == BAD_FUNC_ARG) {
        ret = 0;
    }
    printf(resultFmt, ret == 0 ? passed : failed);
    if (ret != 0) {
        return ret;
    }

    printf(testingFmt, "wc_ChaCha20Poly1305_Decrypt()");
    ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
                            sizeof(cipher), authTag, generatedPlaintext);
    AssertIntEQ(ret, 0);
    ret = XMEMCMP(generatedPlaintext, plaintext,
                                        sizeof(plaintext)/sizeof(byte));
    AssertIntEQ(ret, 0);

    /* Test bad args. */
    ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
                                sizeof(cipher), authTag, generatedPlaintext);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
                        cipher, sizeof(cipher), authTag, generatedPlaintext);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
                                sizeof(cipher), authTag, generatedPlaintext);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
                                    sizeof(cipher), NULL, generatedPlaintext);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
                                                sizeof(cipher), authTag, NULL);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
                                                0, authTag, generatedPlaintext);
    AssertIntEQ(ret,  BAD_FUNC_ARG);
    if (ret == BAD_FUNC_ARG) {
        ret = 0;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */


/*
 * Testing function for wc_Rc2SetKey().
 */
static int test_wc_Rc2SetKey(void)
{
    int     ret = 0;
#ifdef WC_RC2
    Rc2     rc2;
    byte    key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
    byte    iv[]    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };

    printf(testingFmt, "wc_Rc2SetKey()");

    /* valid key and IV */
    ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
                       iv, 40);
    if (ret == 0) {
        /* valid key, no IV */
        ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
                           NULL, 40);
    }

    /* bad arguments  */
    if (ret == 0) {
        /* null Rc2 struct */
        ret = wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
                           iv, 40);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null key */
        ret = wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
                           iv, 40);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* key size == 0 */
        ret = wc_Rc2SetKey(&rc2, key40, 0, iv, 40);
        if (ret == WC_KEY_SIZE_E) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* key size > 128 */
        ret = wc_Rc2SetKey(&rc2, key40, 129, iv, 40);
        if (ret == WC_KEY_SIZE_E) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* effective bits == 0 */
        ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
                           iv, 0);
        if (ret == WC_KEY_SIZE_E) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* effective bits > 1024 */
        ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
                           iv, 1025);
        if (ret == WC_KEY_SIZE_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Rc2SetKey */

/*
 * Testing function for wc_Rc2SetIV().
 */
static int test_wc_Rc2SetIV(void)
{
    int     ret = 0;
#ifdef WC_RC2
    Rc2     rc2;
    byte    iv[]    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };

    printf(testingFmt, "wc_Rc2SetIV()");

    /* valid IV */
    ret = wc_Rc2SetIV(&rc2, iv);
    if (ret == 0) {
        /* valid NULL IV */
        ret = wc_Rc2SetIV(&rc2, NULL);
    }

    /* bad arguments */
    if (ret == 0) {
        ret = wc_Rc2SetIV(NULL, iv);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Rc2SetKey */

/*
 * Testing function for wc_Rc2EcbEncrypt().
 */
static int test_wc_Rc2EcbEncryptDecrypt(void)
{
    int     ret = 0;
#ifdef WC_RC2
    Rc2     rc2;
    int effectiveKeyBits = 63;

    byte cipher[RC2_BLOCK_SIZE];
    byte plain[RC2_BLOCK_SIZE];

    byte key[]    = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    byte input[]  = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };

    printf(testingFmt, "wc_Rc2EcbEncryptDecrypt()");

    XMEMSET(cipher, 0, sizeof(cipher));
    XMEMSET(plain, 0, sizeof(plain));

    ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
                       NULL, effectiveKeyBits);
    if (ret == 0) {
        ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE);
        if (ret != 0 || XMEMCMP(cipher, output, RC2_BLOCK_SIZE) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }

        if (ret == 0) {
            ret = wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE);
            if (ret != 0 || XMEMCMP(plain, input, RC2_BLOCK_SIZE) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Rc2EcbEncrypt bad arguments */
    if (ret == 0) {
        /* null Rc2 struct */
        ret = wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null out buffer */
        ret = wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null input buffer */
        ret = wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* output buffer sz != RC2_BLOCK_SIZE (8) */
        ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, 7);
        if (ret == BUFFER_E) {
            ret = 0;
        }
    }

    /* Rc2EcbDecrypt bad arguments */
    if (ret == 0) {
        /* null Rc2 struct */
        ret = wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null out buffer */
        ret = wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null input buffer */
        ret = wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* output buffer sz != RC2_BLOCK_SIZE (8) */
        ret = wc_Rc2EcbDecrypt(&rc2, plain, output, 7);
        if (ret == BUFFER_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Rc2SetKey */

/*
 * Testing function for wc_Rc2CbcEncrypt().
 */
static int test_wc_Rc2CbcEncryptDecrypt(void)
{
    int     ret = 0;
#ifdef WC_RC2
    Rc2     rc2;
    int effectiveKeyBits = 63;

    byte cipher[RC2_BLOCK_SIZE*2];
    byte plain[RC2_BLOCK_SIZE*2];

    /* vector taken from test.c */
    byte key[]    = {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
    };
    byte iv[] = {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
    };
    byte input[]  = {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
    };
    byte output[] = {
        0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
        0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
    };

    printf(testingFmt, "wc_Rc2CbcEncryptDecrypt()");

    XMEMSET(cipher, 0, sizeof(cipher));
    XMEMSET(plain, 0, sizeof(plain));

    ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
                       iv, effectiveKeyBits);
    if (ret == 0) {
        ret = wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input));
        if (ret != 0 || XMEMCMP(cipher, output, sizeof(output)) != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            /* reset IV for decrypt */
            ret = wc_Rc2SetIV(&rc2, iv);
        }

        if (ret == 0) {
            ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher));
            if (ret != 0 || XMEMCMP(plain, input, sizeof(input)) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Rc2CbcEncrypt bad arguments */
    if (ret == 0) {
        /* null Rc2 struct */
        ret = wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input));
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null out buffer */
        ret = wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input));
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null input buffer */
        ret = wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input));
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    /* Rc2CbcDecrypt bad arguments */
    if (ret == 0) {
        /* in size is 0 */
        ret = wc_Rc2CbcDecrypt(&rc2, plain, output, 0);
        if (ret != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (ret == 0) {
        /* null Rc2 struct */
        ret = wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output));
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null out buffer */
        ret = wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output));
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        /* null input buffer */
        ret = wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output));
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_Rc2SetKey */


/*
 * Testing function for wc_AesSetIV
 */
static int test_wc_AesSetIV (void)
{
    int     ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_128)
    Aes     aes;
    byte    key16[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
    byte    iv1[]    = "1234567890abcdef";
    byte    iv2[]    = "0987654321fedcba";

    printf(testingFmt, "wc_AesSetIV()");

    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
                                                     iv1, AES_ENCRYPTION);
    if(ret == 0) {
        ret = wc_AesSetIV(&aes, iv2);
    }
    /* Test bad args. */
    if(ret == 0) {
        ret = wc_AesSetIV(NULL, iv1);
        if(ret == BAD_FUNC_ARG) {
            /* NULL iv should return 0. */
            ret = wc_AesSetIV(&aes, NULL);
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_AesFree(&aes);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* test_wc_AesSetIV */


/*
 * Testing function for wc_AesSetKey().
 */
static int test_wc_AesSetKey (void)
{
    int     ret = 0;
#ifndef NO_AES
    Aes     aes;
    byte    key16[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
#ifdef WOLFSSL_AES_192
    byte    key24[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
    };
#endif
#ifdef WOLFSSL_AES_256
    byte    key32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
#endif
    byte    badKey16[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
    };
    byte    iv[]    = "1234567890abcdef";

    printf(testingFmt, "wc_AesSetKey()");

    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

#ifdef WOLFSSL_AES_128
    ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
                                                        iv, AES_ENCRYPTION);
#endif
#ifdef WOLFSSL_AES_192
    if (ret == 0) {
        ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte),
                                                           iv, AES_ENCRYPTION);
    }
#endif
#ifdef WOLFSSL_AES_256
    if (ret == 0) {
        ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte),
                                                           iv, AES_ENCRYPTION);
    }
#endif

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte),
                                                           iv, AES_ENCRYPTION);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_AesSetKey(&aes, badKey16,
                                    (word32) sizeof(badKey16) / sizeof(byte),
                                                         iv, AES_ENCRYPTION);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_AesFree(&aes);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_AesSetKey */



/*
 * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
 * and wc_AesCbcDecryptWithKey()
 */
static int test_wc_AesCbcEncryptDecrypt (void)
{
    int     ret = 0;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
    defined(WOLFSSL_AES_256)
    Aes     aes;
    byte    key32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
    byte    vector[] = /* Now is the time for all good men w/o trailing 0 */
    {
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
        0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
    };
    byte    iv[]    = "1234567890abcdef";
    byte    enc[sizeof(vector)];
    byte    dec[sizeof(vector)];
    int     cbcE    =   WOLFSSL_FATAL_ERROR;
    int     cbcD    =   WOLFSSL_FATAL_ERROR;
    int     cbcDWK  =   WOLFSSL_FATAL_ERROR;
    byte    dec2[sizeof(vector)];

    /* Init stack variables. */
    XMEMSET(enc, 0, sizeof(enc));
    XMEMSET(dec, 0, sizeof(vector));
    XMEMSET(dec2, 0, sizeof(vector));

    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
    if (ret == 0) {
        ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector));
        if (ret == 0) {
            /* Re init for decrypt and set flag. */
            cbcE = 0;
            wc_AesFree(&aes);
            ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2,
                                                    iv, AES_DECRYPTION);
        }
        if (ret == 0) {
            ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector));
            if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            } else {
                /* Set flag. */
                cbcD = 0;
            }
        }
    }
    /* If encrypt succeeds but cbc decrypt fails, we can still test. */
    if (ret == 0 || cbcE == 0) {
        ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
                                     key32, sizeof(key32)/sizeof(byte), iv);
        if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) {
            cbcDWK = 0;
        }
    }

    printf(testingFmt, "wc_AesCbcEncrypt()");
    /* Pass in bad args */
    if (cbcE == 0) {
        cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector));
        if (cbcE == BAD_FUNC_ARG) {
            cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector));
        }
        if (cbcE == BAD_FUNC_ARG) {
            cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector));
        }
        if (cbcE == BAD_FUNC_ARG) {
            cbcE = 0;
        } else {
            cbcE = WOLFSSL_FATAL_ERROR;
        }
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
        if (cbcE == 0) {
            cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1);
        }
        if (cbcE == BAD_LENGTH_E) {
            cbcE = 0;
        } else {
            cbcE = WOLFSSL_FATAL_ERROR;
        }
#endif
    }
    if (cbcE == 0) {
    #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
        (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
        printf("Zero length inputs not supported with AESNI in FIPS mode (v2),"
               " skip test");
    #else
        /* Test passing in size of 0  */
        XMEMSET(enc, 0, sizeof(enc));
        cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0);
        if (cbcE == 0) {
            /* Check enc was not modified */
            int i;
            for (i = 0; i < (int)sizeof(enc); i++)
                cbcE |= enc[i];
        }
    #endif
    }
    printf(resultFmt, cbcE == 0 ? passed : failed);
    if (cbcE != 0) {
        wc_AesFree(&aes);
        return cbcE;
    }

    printf(testingFmt, "wc_AesCbcDecrypt()");
    if (cbcD == 0) {
        cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE);
        if (cbcD == BAD_FUNC_ARG) {
            cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE);
        }
        if (cbcD == BAD_FUNC_ARG) {
            cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE);
        }
        if (cbcD == BAD_FUNC_ARG) {
            cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
        }
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
        if (cbcD == BAD_LENGTH_E) {
            cbcD = 0;
        } else {
            cbcD = WOLFSSL_FATAL_ERROR;
        }
#else
        if (cbcD == BAD_FUNC_ARG) {
            cbcD = 0;
        } else {
            cbcD = WOLFSSL_FATAL_ERROR;
        }
#endif
    }
    if (cbcD == 0) {
        /* Test passing in size of 0  */
        XMEMSET(dec, 0, sizeof(dec));
        cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0);
        if (cbcD == 0) {
            /* Check dec was not modified */
            int i;
            for (i = 0; i < (int)sizeof(dec); i++)
                cbcD |= dec[i];
        }
    }
    printf(resultFmt, cbcD == 0 ? passed : failed);
    if (cbcD != 0) {
        wc_AesFree(&aes);
        return cbcD;
    }

    printf(testingFmt, "wc_AesCbcDecryptWithKey()");
    if (cbcDWK == 0) {
        cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
                                     key32, sizeof(key32)/sizeof(byte), iv);
        if (cbcDWK == BAD_FUNC_ARG) {
            cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
                                     key32, sizeof(key32)/sizeof(byte), iv);
        }
        if (cbcDWK == BAD_FUNC_ARG) {
            cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
                                     NULL, sizeof(key32)/sizeof(byte), iv);
        }
        if (cbcDWK == BAD_FUNC_ARG) {
            cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
                                     key32, sizeof(key32)/sizeof(byte), NULL);
        }
        if (cbcDWK == BAD_FUNC_ARG) {
            cbcDWK = 0;
        } else {
            cbcDWK = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_AesFree(&aes);

    printf(resultFmt, cbcDWK == 0 ? passed : failed);

    if (cbcDWK != 0) {
        return cbcDWK;
    }
#endif
    return ret;
} /* END test_wc_AesCbcEncryptDecrypt */

/*
 * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
 */
static int test_wc_AesCtrEncryptDecrypt (void)
{
    int     ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
    Aes     aesEnc, aesDec;
    byte    key32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
    byte    vector[] = /* Now is the time for all w/o trailing 0 */
    {
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
    };
    byte    iv[]    = "1234567890abcdef";
    byte    enc[AES_BLOCK_SIZE * 2];
    byte    dec[AES_BLOCK_SIZE * 2];

    /* Init stack variables. */
    XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
    XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);

    printf(testingFmt, "wc_AesCtrEncrypt()");

    ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;
    ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID);
    if (ret != 0) {
        wc_AesFree(&aesEnc);
        return ret;
    }

    ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2,
                                                    iv, AES_ENCRYPTION);
    if (ret == 0) {
        ret = wc_AesCtrEncrypt(&aesEnc, enc, vector,
                                            sizeof(vector)/sizeof(byte));
        if (ret == 0) {
            /* Decrypt with wc_AesCtrEncrypt() */
            ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2,
                                                    iv, AES_ENCRYPTION);
        }
        if (ret == 0) {
            ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte));
            if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte));
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_AesFree(&aesEnc);
    wc_AesFree(&aesDec);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_AesCtrEncryptDecrypt */

/*
 * test function for wc_AesGcmSetKey()
 */
static int test_wc_AesGcmSetKey (void)
{
    int     ret = 0;
#if  !defined(NO_AES) && defined(HAVE_AESGCM)

    Aes     aes;
#ifdef WOLFSSL_AES_128
    byte    key16[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
#endif
#ifdef WOLFSSL_AES_192
    byte    key24[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
    };
#endif
#ifdef WOLFSSL_AES_256
    byte    key32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
#endif
    byte    badKey16[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
    };
    byte    badKey24[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
    };
    byte   badKey32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
    };

    printf(testingFmt, "wc_AesGcmSetKey()");

    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

#ifdef WOLFSSL_AES_128
    ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte));
#endif
#ifdef WOLFSSL_AES_192
    if (ret == 0) {
        ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte));
    }
#endif
#ifdef WOLFSSL_AES_256
    if (ret == 0) {
        ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
    }
#endif

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte));
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_AesFree(&aes);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_AesGcmSetKey */

/*
 * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
 */
static int test_wc_AesGcmEncryptDecrypt (void)
{
    int     ret = 0;
    /* WOLFSSL_AFALG requires 12 byte IV */
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
    !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)

    Aes     aes;
    byte    key32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
    byte    vector[] = /* Now is the time for all w/o trailing 0 */
    {
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
    };
    const byte a[] =
    {
        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
        0xab, 0xad, 0xda, 0xd2
    };
    byte    iv[]   = "1234567890a";
    byte    longIV[]  = "1234567890abcdefghij";
    byte    enc[sizeof(vector)];
    byte    resultT[AES_BLOCK_SIZE];
    byte    dec[sizeof(vector)];
    int     gcmD     =   WOLFSSL_FATAL_ERROR;
    int     gcmE     =   WOLFSSL_FATAL_ERROR;

    /* Init stack variables. */
    XMEMSET(enc, 0, sizeof(vector));
    XMEMSET(dec, 0, sizeof(vector));
    XMEMSET(resultT, 0, AES_BLOCK_SIZE);

    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
    if (ret == 0) {
        gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
                                        iv, sizeof(iv)/sizeof(byte), resultT,
                                        sizeof(resultT), a, sizeof(a));
    }
    if (gcmE == 0) { /* If encrypt fails, no decrypt. */
        gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
                                        iv, sizeof(iv)/sizeof(byte), resultT,
                                        sizeof(resultT), a, sizeof(a));
        if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) !=  0)) {
            gcmD = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(testingFmt, "wc_AesGcmEncrypt()");
    /*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
    if (gcmE == 0) {
        gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector),
                        iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT),
                        a, sizeof(a));
        if (gcmE == BAD_FUNC_ARG) {
            gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
                    sizeof(vector), iv, sizeof(iv)/sizeof(byte),
                    resultT, sizeof(resultT) + 1, a, sizeof(a));
        }
        if (gcmE == BAD_FUNC_ARG) {
            gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
                    sizeof(vector), iv, sizeof(iv)/sizeof(byte),
                    resultT, sizeof(resultT) - 5, a, sizeof(a));
        }

#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
        (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
        defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
        /* FIPS does not check the lower bound of ivSz */
#else
        if (gcmE == BAD_FUNC_ARG) {
            gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
                    sizeof(vector), iv, 0,
                    resultT, sizeof(resultT), a, sizeof(a));
        }
#endif
        if (gcmE == BAD_FUNC_ARG) {
            gcmE = 0;
        } else {
            gcmE = WOLFSSL_FATAL_ERROR;
        }
    }

    /* This case is now considered good. Long IVs are now allowed.
     * Except for the original FIPS release, it still has an upper
     * bound on the IV length. */
#if (!defined(HAVE_FIPS) || \
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
    !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
    if (gcmE == 0) {
        gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
                        sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
                        a, sizeof(a));
    }
#else
    (void)longIV;
#endif /* Old FIPS */
    /* END wc_AesGcmEncrypt */

    printf(resultFmt, gcmE == 0 ? passed : failed);
    if (gcmE != 0) {
        wc_AesFree(&aes);
        return gcmE;
    }

    #ifdef HAVE_AES_DECRYPT
        printf(testingFmt, "wc_AesGcmDecrypt()");

        if (gcmD == 0) {
            gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
                                   iv, sizeof(iv)/sizeof(byte), resultT,
                                   sizeof(resultT), a, sizeof(a));
            if (gcmD == BAD_FUNC_ARG) {
                gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
                                   iv, sizeof(iv)/sizeof(byte), resultT,
                                   sizeof(resultT), a, sizeof(a));
            }
            if (gcmD == BAD_FUNC_ARG) {
                gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
                                   iv, sizeof(iv)/sizeof(byte), resultT,
                                   sizeof(resultT), a, sizeof(a));
            }
            if (gcmD == BAD_FUNC_ARG) {
                gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
                                   NULL, sizeof(iv)/sizeof(byte), resultT,
                                   sizeof(resultT), a, sizeof(a));
            }
            if (gcmD == BAD_FUNC_ARG) {
                gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
                                   iv, sizeof(iv)/sizeof(byte), NULL,
                                   sizeof(resultT), a, sizeof(a));
            }
            if (gcmD == BAD_FUNC_ARG) {
                gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
                                   iv, sizeof(iv)/sizeof(byte), resultT,
                                   sizeof(resultT) + 1, a, sizeof(a));
            }
        #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
                (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
                !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
                /* FIPS does not check the lower bound of ivSz */
        #else
            if (gcmD == BAD_FUNC_ARG) {
                gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
                                   iv, 0, resultT,
                                   sizeof(resultT), a, sizeof(a));
            }
        #endif
            if (gcmD == BAD_FUNC_ARG) {
                gcmD = 0;
            } else {
                gcmD = WOLFSSL_FATAL_ERROR;
            }
        } /* END wc_AesGcmDecrypt */

        printf(resultFmt, gcmD == 0 ? passed : failed);
    #endif /* HAVE_AES_DECRYPT */

    wc_AesFree(&aes);
#endif

    return ret;

} /* END test_wc_AesGcmEncryptDecrypt */

/*
 * unit test for wc_GmacSetKey()
 */
static int test_wc_GmacSetKey (void)
{
    int     ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
    Gmac    gmac;
    byte    key16[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
#ifdef WOLFSSL_AES_192
    byte    key24[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
    };
#endif
#ifdef WOLFSSL_AES_256
    byte    key32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
#endif
    byte    badKey16[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
    };
    byte    badKey24[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
    };
    byte    badKey32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };

    printf(testingFmt, "wc_GmacSetKey()");

    ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

#ifdef WOLFSSL_AES_128
    ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte));
#endif
#ifdef WOLFSSL_AES_192
    if (ret == 0) {
        ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
    }
#endif
#ifdef WOLFSSL_AES_256
    if (ret == 0) {
        ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
    }
#endif

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte));
        if (ret == BAD_FUNC_ARG) {
            ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte));
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_AesFree(&gmac.aes);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_GmacSetKey */

/*
 * unit test for wc_GmacUpdate
 */
static int test_wc_GmacUpdate (void)
{
    int     ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
    Gmac    gmac;
#ifdef WOLFSSL_AES_128
    const byte key16[] =
    {
        0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
        0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
    };
#endif
#ifdef WOLFSSL_AES_192
    byte    key24[] =
    {
        0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
        0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
        0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
    };
#endif
#ifdef WOLFSSL_AES_256
   byte    key32[] =
    {
        0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
        0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
        0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
        0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
    };
#endif
#ifdef WOLFSSL_AES_128
    const byte authIn[] =
    {
        0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
        0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
    };
#endif
#ifdef WOLFSSL_AES_192
    const byte authIn2[] =
    {
       0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
       0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
    };
#endif
    const byte authIn3[] =
    {
        0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
        0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
    };
#ifdef WOLFSSL_AES_128
    const byte tag1[] = /* Known. */
    {
        0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
        0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
    };
#endif
#ifdef WOLFSSL_AES_192
    const byte tag2[] = /* Known */
    {
        0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
        0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
    };
#endif
    const byte tag3[] = /* Known */
    {
        0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
        0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
    };
#ifdef WOLFSSL_AES_128
    const byte iv[] =
    {
        0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
        0xe2, 0x8c, 0x8f, 0x16
    };
#endif
#ifdef WOLFSSL_AES_192
    const byte iv2[] =
    {
        0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
        0x7e, 0x1a, 0x6f, 0xbc
    };
#endif
    const byte iv3[] =
    {
        0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
        0xc3, 0xfb, 0x6c, 0x8a
    };
    byte    tagOut[16];
    byte    tagOut2[24];
    byte    tagOut3[32];

    /* Init stack variables. */
    XMEMSET(tagOut, 0, sizeof(tagOut));
    XMEMSET(tagOut2, 0, sizeof(tagOut2));
    XMEMSET(tagOut3, 0, sizeof(tagOut3));

    printf(testingFmt, "wc_GmacUpdate()");

    ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

#ifdef WOLFSSL_AES_128
    ret = wc_GmacSetKey(&gmac, key16, sizeof(key16));
    if (ret == 0) {
        ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
                                                    tagOut, sizeof(tag1));
        if (ret == 0) {
            ret = XMEMCMP(tag1, tagOut, sizeof(tag1));
        }
    }
#endif

#ifdef WOLFSSL_AES_192
    if (ret == 0) {
        XMEMSET(&gmac, 0, sizeof(Gmac));
        ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
    }
    if (ret == 0) {
        ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2,
                            sizeof(authIn2), tagOut2, sizeof(tag2));
    }
    if (ret == 0) {
        ret = XMEMCMP(tagOut2, tag2, sizeof(tag2));
    }
#endif

#ifdef WOLFSSL_AES_256
    if (ret == 0) {
        XMEMSET(&gmac, 0, sizeof(Gmac));
        ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
    }
    if (ret == 0) {
        ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
                            sizeof(authIn3), tagOut3, sizeof(tag3));
    }
    if (ret == 0) {
        ret = XMEMCMP(tag3, tagOut3, sizeof(tag3));
    }
#endif

    /*Pass bad args. */
    if (ret == 0) {
        ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3,
                                sizeof(authIn3), tagOut3, sizeof(tag3));
        if (ret == BAD_FUNC_ARG) {
            ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
                                sizeof(authIn3), tagOut3, sizeof(tag3) - 5);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
                                sizeof(authIn3), tagOut3, sizeof(tag3) + 1);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    wc_AesFree(&gmac.aes);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_GmacUpdate */


/*
 * testing wc_CamelliaSetKey
 */
static int test_wc_CamelliaSetKey (void)
{
    int ret = 0;
#ifdef HAVE_CAMELLIA
    Camellia camellia;
    /*128-bit key*/
    static const byte key16[] =
    {
        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
    };
    /* 192-bit key */
    static const byte key24[] =
    {
        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
    };
    /* 256-bit key */
    static const byte key32[] =
    {
        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
    };
    static const byte iv[] =
    {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
    };

    printf(testingFmt, "wc_CamelliaSetKey()");

    ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv);
    if (ret == 0) {
        ret = wc_CamelliaSetKey(&camellia, key16,
                                        (word32)sizeof(key16), NULL);
        if (ret == 0) {
            ret = wc_CamelliaSetKey(&camellia, key24,
                                        (word32)sizeof(key24), iv);
        }
        if (ret == 0) {
            ret = wc_CamelliaSetKey(&camellia, key24,
                                        (word32)sizeof(key24), NULL);
        }
        if (ret == 0) {
            ret = wc_CamelliaSetKey(&camellia, key32,
                                        (word32)sizeof(key32), iv);
        }
        if (ret == 0) {
            ret = wc_CamelliaSetKey(&camellia, key32,
                                        (word32)sizeof(key32), NULL);
        }
    }
    /* Bad args. */
    if (ret == 0) {
        ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv);
        if (ret != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    } /* END bad args. */


#endif
    return ret;

} /* END test_wc_CammeliaSetKey */

/*
 * Testing wc_CamelliaSetIV()
 */
static int test_wc_CamelliaSetIV (void)
{
    int ret = 0;
#ifdef HAVE_CAMELLIA
    Camellia    camellia;
    static const byte iv[] =
    {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
    };

    printf(testingFmt, "wc_CamelliaSetIV()");

    ret = wc_CamelliaSetIV(&camellia, iv);
    if (ret == 0) {
        ret = wc_CamelliaSetIV(&camellia, NULL);
    }
    /* Bad args. */
    if (ret == 0) {
        ret = wc_CamelliaSetIV(NULL, NULL);
        if (ret != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /*END test_wc_CamelliaSetIV*/

/*
 * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
 */
static int test_wc_CamelliaEncryptDecryptDirect (void)
{
    int     ret = 0;
#ifdef HAVE_CAMELLIA
    Camellia camellia;
    static const byte key24[] =
    {
        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
    };
    static const byte iv[] =
    {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
    };
    static const byte plainT[] =
    {
        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
    };
    byte    enc[sizeof(plainT)];
    byte    dec[sizeof(enc)];
    int     camE = WOLFSSL_FATAL_ERROR;
    int     camD = WOLFSSL_FATAL_ERROR;

    /*Init stack variables.*/
    XMEMSET(enc, 0, 16);
    XMEMSET(enc, 0, 16);

    ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv);
    if (ret == 0) {
        ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT);
        if (ret == 0) {
            ret = wc_CamelliaDecryptDirect(&camellia, dec, enc);
            if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }
    printf(testingFmt, "wc_CamelliaEncryptDirect()");
    /* Pass bad args. */
    if (ret == 0) {
        camE = wc_CamelliaEncryptDirect(NULL, enc, plainT);
        if (camE == BAD_FUNC_ARG) {
            camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT);
        }
        if (camE == BAD_FUNC_ARG) {
            camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL);
        }
        if (camE == BAD_FUNC_ARG) {
            camE = 0;
        } else {
            camE = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, camE == 0 ? passed : failed);
    if (camE != 0) {
        return camE;
    }

    printf(testingFmt, "wc_CamelliaDecryptDirect()");

    if (ret == 0) {
        camD = wc_CamelliaDecryptDirect(NULL, dec, enc);
        if (camD == BAD_FUNC_ARG) {
            camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc);
        }
        if (camD == BAD_FUNC_ARG) {
            camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL);
        }
        if (camD == BAD_FUNC_ARG) {
            camD = 0;
        } else {
            camD = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, camD == 0 ? passed : failed);
    if (camD != 0) {
        return camD;
    }

#endif
    return ret;

} /* END test-wc_CamelliaEncryptDecryptDirect */

/*
 * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
 */
static int test_wc_CamelliaCbcEncryptDecrypt (void)
{
    int     ret = 0;
#ifdef HAVE_CAMELLIA
    Camellia camellia;
    static const byte key24[] =
    {
        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
    };
    static const byte plainT[] =
    {
        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
    };
    byte    enc[CAMELLIA_BLOCK_SIZE];
    byte    dec[CAMELLIA_BLOCK_SIZE];
    int     camCbcE = WOLFSSL_FATAL_ERROR;
    int     camCbcD = WOLFSSL_FATAL_ERROR;

    /* Init stack variables. */
    XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
    XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);

    ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
    if (ret == 0) {
        ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE);
        if (ret != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    if (ret == 0) {
        ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
        if (ret == 0) {
            ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE);
            if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(testingFmt, "wc_CamelliaCbcEncrypt");
    /* Pass in bad args. */
    if (ret == 0) {
        camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE);
        if (camCbcE == BAD_FUNC_ARG) {
            camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
                                                    CAMELLIA_BLOCK_SIZE);
        }
        if (camCbcE == BAD_FUNC_ARG) {
            camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
                                                    CAMELLIA_BLOCK_SIZE);
        }
        if (camCbcE == BAD_FUNC_ARG) {
            camCbcE = 0;
        } else {
            camCbcE = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, camCbcE == 0 ? passed : failed);
    if (camCbcE != 0) {
        return camCbcE;
    }

    printf(testingFmt, "wc_CamelliaCbcDecrypt()");

    if (ret == 0) {
        camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE);
        if (camCbcD == BAD_FUNC_ARG) {
            camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
                                                    CAMELLIA_BLOCK_SIZE);
        }
        if (camCbcD == BAD_FUNC_ARG) {
            camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
                                                    CAMELLIA_BLOCK_SIZE);
        }
        if (camCbcD == BAD_FUNC_ARG) {
            camCbcD = 0;
        } else {
            camCbcD = WOLFSSL_FATAL_ERROR;
        }
    } /* END bad args. */

    printf(resultFmt, camCbcD == 0 ? passed : failed);
    if (camCbcD != 0) {
        return camCbcD;
    }

#endif
    return ret;

} /* END test_wc_CamelliaCbcEncryptDecrypt */

/*
 * Testing wc_RabbitSetKey()
 */
static int test_wc_RabbitSetKey (void)
{
    int     ret = 0;
#ifndef NO_RABBIT
    Rabbit  rabbit;
    const char* key =  "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
                        "\xFE\x36\x3D\x2E\x29\x13\x28\x91";
    const char* iv =   "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";

    printf(testingFmt, "wc_RabbitSetKey()");

    ret = wc_RabbitSetKey(&rabbit, (byte*)key, (byte*)iv);

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_RabbitSetKey(NULL, (byte*)key, (byte*)iv);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RabbitSetKey(&rabbit, NULL, (byte*)iv);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RabbitSetKey(&rabbit, (byte*)key, NULL);
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RabbitSetKey */

/*
 * Test wc_RabbitProcess()
 */
static int test_wc_RabbitProcess (void)
{
    int     ret = 0;
#if !defined(NO_RABBIT) && !defined(BIG_ENDIAN_ORDER)
    Rabbit  enc, dec;
    byte    cipher[25];
    byte    plain[25];
    const char* key     =  "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
                            "\xFE\x36\x3D\x2E\x29\x13\x28\x91";
    const char* iv      =   "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";
    const char* input   =   TEST_STRING;
    unsigned long int inlen = (unsigned long int)TEST_STRING_SZ;

    /* Initialize stack variables. */
    XMEMSET(cipher, 0, sizeof(cipher));
    XMEMSET(plain, 0, sizeof(plain));

    printf(testingFmt, "wc_RabbitProcess()");

    ret = wc_RabbitSetKey(&enc, (byte*)key, (byte*)iv);
    if (ret == 0) {
        ret = wc_RabbitSetKey(&dec, (byte*)key, (byte*)iv);
    }
    if (ret == 0) {
       ret = wc_RabbitProcess(&enc, cipher, (byte*)input, (word32)inlen);
    }
    if (ret == 0) {
        ret = wc_RabbitProcess(&dec, plain, cipher, (word32)inlen);
        if (ret != 0 || XMEMCMP(input, plain, inlen)) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_RabbitProcess(NULL, plain, cipher, (word32)inlen);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RabbitProcess(&dec, NULL, cipher, (word32)inlen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RabbitProcess(&dec, plain, NULL, (word32)inlen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RabbitProcess */





/*
 * Testing wc_Arc4SetKey()
 */
static int test_wc_Arc4SetKey (void)
{
    int ret = 0;
#ifndef NO_RC4
    Arc4 arc;
    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
    int keyLen = 8;

    printf(testingFmt, "wc_Arch4SetKey()");

    ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen);
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
        if (ret == BAD_FUNC_ARG)
            ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
        if (ret == BAD_FUNC_ARG)
            ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
        if (ret == BAD_FUNC_ARG)
            ret = WOLFSSL_ERROR_NONE;
        else
            ret = WOLFSSL_FATAL_ERROR;
    } /* END test bad args. */

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_Arc4SetKey */

/*
 * Testing wc_Arc4Process for ENC/DEC.
 */
static int test_wc_Arc4Process (void)
{
    int ret = 0;
#ifndef NO_RC4
    Arc4 enc, dec;
    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
    int keyLen = 8;
    const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
    byte cipher[8];
    byte plain[8];

    /* Init stack variables */
    XMEMSET(cipher, 0, sizeof(cipher));
    XMEMSET(plain, 0, sizeof(plain));

    /* Use for async. */
    ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID);
    if (ret == 0) {
        ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID);
    }

    printf(testingFmt, "wc_Arc4Process()");

    if (ret == 0) {
        ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen);
    }
    if (ret == 0) {
        ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen);
    }
    if (ret == 0) {
        ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen);
    }
    if (ret == 0) {
        ret = wc_Arc4Process(&dec, plain, cipher, keyLen);
        if (ret != 0 || XMEMCMP(plain, input, keyLen)) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    /* Bad args. */
    if (ret == 0) {
        ret = wc_Arc4Process(NULL, plain, cipher, keyLen);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Arc4Process(&dec, NULL, cipher, keyLen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Arc4Process(&dec, plain, NULL, keyLen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_Arc4Free(&enc);
    wc_Arc4Free(&dec);

#endif
    return ret;

}/* END test_wc_Arc4Process */


/*
 * Testing wc_Init RsaKey()
 */
static int test_wc_InitRsaKey (void)
{
    int     ret = 0;
#ifndef NO_RSA
    RsaKey  key;

    printf(testingFmt, "wc_InitRsaKey()");

    ret = wc_InitRsaKey(&key, NULL);

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_InitRsaKey(NULL, NULL);
        #ifndef HAVE_USER_RSA
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
        #else
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
        #endif
            ret = WOLFSSL_FATAL_ERROR;
        }
    } /* end if */

    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_InitRsaKey */


/*
 * Testing wc_RsaPrivateKeyDecode()
 */
static int test_wc_RsaPrivateKeyDecode (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
        || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
    RsaKey  key;
    byte*   tmp;
    word32  idx = 0;
    int     bytes = 0;

    printf(testingFmt, "wc_RsaPrivateKeyDecode()");

    tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmp == NULL) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (ret == 0) {
        ret = wc_InitRsaKey(&key, NULL);
    }
    if (ret == 0) {
        #ifdef USE_CERT_BUFFERS_1024
            XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
            bytes = sizeof_client_key_der_1024;
        #else
            XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
            bytes = sizeof_client_key_der_2048;
        #endif /* Use cert buffers. */

        ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
    }
    #ifndef HAVE_USER_RSA
        /* Test bad args. */
        if (ret == 0) {
            ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #else
        /* Test bad args. User RSA. */
        if (ret == 0) {
            ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif

    if (tmp != NULL) {
        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaPrivateKeyDecode */

/*
 * Testing wc_RsaPublicKeyDecode()
 */
static int test_wc_RsaPublicKeyDecode (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
        || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
    RsaKey  keyPub;
    byte*   tmp;
    word32  idx = 0;
    int     bytes = 0;
    word32  keySz = 0;
    word32  tstKeySz = 0;

    tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmp == NULL) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (ret == 0) {
        ret = wc_InitRsaKey(&keyPub, NULL);
    }
    if (ret == 0) {
        #ifdef USE_CERT_BUFFERS_1024
            XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
            bytes = sizeof_client_keypub_der_1024;
            keySz = 1024;
        #else
            XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
            bytes = sizeof_client_keypub_der_2048;
            keySz = 2048;
        #endif

        printf(testingFmt, "wc_RsaPublicKeyDecode()");

        ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes);
    }
    #ifndef HAVE_USER_RSA
        /* Pass in bad args. */
        if (ret == 0) {
            ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #else
        /* Pass in bad args. */
        if (ret == 0) {
            ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif

    if (wc_FreeRsaKey(&keyPub) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    if (ret == 0) {
        /* Test for getting modulus key size */
        idx = 0;
        ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
            &tstKeySz, NULL, NULL);
        ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
    }

    if (tmp != NULL) {
        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }

    printf(resultFmt, ret == 0 ? passed : failed);


#endif
    return ret;

}  /* END test_wc_RsaPublicKeyDecode */

/*
 * Testing wc_RsaPublicKeyDecodeRaw()
 */
static int test_wc_RsaPublicKeyDecodeRaw (void)
{
    int         ret = 0;
#if !defined(NO_RSA)
    RsaKey      key;
    const byte  n = 0x23;
    const byte  e = 0x03;
    int         nSz = sizeof(n);
    int         eSz = sizeof(e);

    printf(testingFmt, "wc_RsaPublicKeyDecodeRaw()");

    ret = wc_InitRsaKey(&key, NULL);
    if (ret == 0) {
        ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key);
    }
#ifndef HAVE_USER_RSA
    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#else
    /* Pass in bad args. User RSA. */
    if (ret == 0) {
        ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
        if (ret == USER_CRYPTO_ERROR) {
            ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
        }
        if (ret == USER_CRYPTO_ERROR) {
            ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
        }
        if (ret == USER_CRYPTO_ERROR) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaPublicKeyDecodeRaw */


#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
    /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
     * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
     * trying until it gets a probable prime. */
    #ifdef HAVE_FIPS
        static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
        {
            int ret;

            for (;;) {
                ret = wc_MakeRsaKey(key, size, e, rng);
                if (ret != PRIME_GEN_E) break;
                printf("MakeRsaKey couldn't find prime; trying again.\n");
            }

            return ret;
        }
        #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
    #else
        #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
    #endif
#endif


/*
 * Testing wc_MakeRsaKey()
 */
static int test_wc_MakeRsaKey (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)

    RsaKey  genKey;
    WC_RNG  rng;
    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int     bits = 1024;
    #else
    int     bits = 2048;
    #endif

    printf(testingFmt, "wc_MakeRsaKey()");

    ret = wc_InitRsaKey(&genKey, NULL);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
        if (ret == 0) {
            ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
            if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }
    #ifndef HAVE_USER_RSA
        /* Test bad args. */
        if (ret == 0) {
            ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
            if (ret == BAD_FUNC_ARG) {
                ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                /* e < 3 */
                ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
            }
            if (ret == BAD_FUNC_ARG) {
                /* e & 1 == 0 */
                ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #else
        /* Test bad args. */
        if (ret == 0) {
            ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
            if (ret == USER_CRYPTO_ERROR) {
                ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
            }
            if (ret == USER_CRYPTO_ERROR) {
                /* e < 3 */
                ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
            }
            if (ret == USER_CRYPTO_ERROR) {
                /* e & 1 == 0 */
                ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif

    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_MakeRsaKey */

/*
 * Test the bounds checking on the cipher text versus the key modulus.
 * 1. Make a new RSA key.
 * 2. Set c to 1.
 * 3. Decrypt c into k. (error)
 * 4. Copy the key modulus to c and sub 1 from the copy.
 * 5. Decrypt c into k. (error)
 * Valid bounds test cases are covered by all the other RSA tests.
 */
static int test_RsaDecryptBoundsCheck(void)
{
    int ret = 0;
#if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
    (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
    defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
    RsaKey key;
    byte flatC[256];
    word32 flatCSz;
    byte out[256];
    word32 outSz = sizeof(out);
    WC_RNG rng;

    printf(testingFmt, "RSA decrypt bounds check");
    XMEMSET(&rng, 0, sizeof(rng));

    ret = wc_InitRng(&rng);

    if (ret == 0)
        ret = wc_InitRsaKey(&key, NULL);

    if (ret == 0) {
        const byte* derKey;
        word32 derKeySz;
        word32 idx = 0;

        #ifdef USE_CERT_BUFFERS_1024
            derKey = server_key_der_1024;
            derKeySz = (word32)sizeof_server_key_der_1024;
            flatCSz = 128;
        #else
            derKey = server_key_der_2048;
            derKeySz = (word32)sizeof_server_key_der_2048;
            flatCSz = 256;
        #endif

        ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz);
    }

    if (ret == 0) {
        XMEMSET(flatC, 0, flatCSz);
        flatC[flatCSz-1] = 1;

        ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
                           RSA_PRIVATE_DECRYPT, &rng);
    }
    if (ret == RSA_OUT_OF_RANGE_E) {
        mp_int c;
        mp_init_copy(&c, &key.n);
        mp_sub_d(&c, 1, &c);
        mp_to_unsigned_bin(&c, flatC);
        ret = wc_RsaDirect(flatC, sizeof(flatC), out, &outSz, &key,
                           RSA_PRIVATE_DECRYPT, NULL);
        mp_clear(&c);
    }
    if (ret == RSA_OUT_OF_RANGE_E)
        ret = 0;

    if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0)
        ret = WOLFSSL_FATAL_ERROR;

    printf(resultFmt, ret == 0 ? passed : failed);


#endif
    return ret;

} /* END test_wc_RsaDecryptBoundsCheck */

/*
 * Testing wc_SetKeyUsage()
 */
static int test_wc_SetKeyUsage (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
    Cert    myCert;

    ret = wc_InitCert(&myCert);

    printf(testingFmt, "wc_SetKeyUsage()");
    if (ret == 0) {
        ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement");
        if (ret == 0) {
            ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation");
        }
        if (ret == 0) {
            ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly");
        }
        if (ret == 0) {
            ret = wc_SetKeyUsage(&myCert, "decipherOnly");
        }
        if (ret == 0) {
            ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign");
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_SetKeyUsage(NULL, "decipherOnly");
        if (ret == BAD_FUNC_ARG) {
            ret = wc_SetKeyUsage(&myCert, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_SetKeyUsage(&myCert, "");
        }
        if (ret == KEYUSAGE_E) {
            ret = wc_SetKeyUsage(&myCert, ",");
        }
        if (ret == KEYUSAGE_E) {
            ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign");
        }
        if (ret == KEYUSAGE_E) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END  test_wc_SetKeyUsage */
/*
 * Testing wc_CheckProbablePrime()
 */
static int test_wc_CheckProbablePrime (void)
{
    int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
 !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)

#define CHECK_PROBABLE_PRIME_KEY_BITS 2048

    RsaKey              key;
    WC_RNG              rng;
    byte                e[3];
    word32              eSz = (word32)sizeof(e);
    byte                n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
    word32              nSz = (word32)sizeof(n);
    byte                d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
    word32              dSz = (word32)sizeof(d);
    byte                p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
    word32              pSz = (word32)sizeof(p);
    byte                q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
    word32              qSz = (word32)sizeof(q);
    int                 nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
    int*                isPrime;
    int                 test[5];
    isPrime = test;


    printf(testingFmt, "wc_CheckProbablePrime()");


    ret = wc_InitRsaKey(&key, NULL);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = wc_RsaSetRNG(&key, &rng);
    }
    if (ret == 0) {
        ret = wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, WC_RSA_EXPONENT, &rng);
    }
    if (ret == 0) {
        PRIVATE_KEY_UNLOCK();
        ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz,
                                p, &pSz, q, &qSz);
        PRIVATE_KEY_LOCK();
    }
    /* Bad cases */
    if (ret == 0) {
        ret = wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz,
                                     nlen, isPrime);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_CheckProbablePrime(p, 0, q, qSz, e, eSz,
                                     nlen, isPrime);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz,
                                     nlen, isPrime);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_CheckProbablePrime(p, pSz, q, 0, e, eSz,
                                     nlen, isPrime);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz,
                                     nlen, isPrime);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, 0,
                                     nlen, isPrime);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0,
                                     nlen, isPrime);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    /* Good case */
    if (ret == 0) {
        ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz,
                                     nlen, isPrime);
    }
    wc_FreeRsaKey(&key);
    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);

#undef CHECK_PROBABLE_PRIME_KEY_BITS

#endif

    return ret;
} /* END  test_wc_CheckProbablePrime */
/*
 * Testing wc_RsaPSS_Verify()
 */
static int test_wc_RsaPSS_Verify (void)
{
    int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
 !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
    RsaKey              key;
    WC_RNG              rng;
    int                 sz = 256;
    byte*               pt;
    const char*         szMessage = "This is the string to be signed";
    unsigned char       pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
    unsigned char       pDecrypted[2048/8];
    word32              outLen = sizeof(pDecrypted);
    pt = pDecrypted;

    printf(testingFmt, "wc_RsaPSS_Verify()");

    ret = wc_InitRsaKey(&key, NULL);

    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = wc_RsaSetRNG(&key, &rng);
    }
    if (ret == 0) {
            ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
    }

    if (ret == 0) {
        ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
                pSignature, sizeof(pSignature),
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
        if (ret > 0 ){
            sz = ret;
            ret = 0;
        }
    }
    /* Bad cases */
    if (ret == 0) {
        ret = wc_RsaPSS_Verify(NULL, sz, pt, outLen,
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_Verify(pSignature, sz, NULL, outLen,
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    /* Good case */
    if (ret == 0) {
        ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret > 0) {
                ret = 0;
            }
    }
    wc_FreeRsaKey(&key);
    wc_FreeRng(&rng);
    printf(resultFmt, ret == 0 ? passed : failed);
#endif

    return ret;
} /* END  test_wc_RsaPSS_Verify */
/*
 * Testing wc_RsaPSS_VerifyCheck()
 */
static int test_wc_RsaPSS_VerifyCheck (void)
{
    int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
 !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
    RsaKey              key;
    WC_RNG              rng;
    int                 sz = 256; /* 2048/8 */
    byte*               pt;
    byte                digest[32];
    word32              digestSz;
    unsigned char       pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
    word32              pSignatureSz = sizeof(pSignature);
    unsigned char       pDecrypted[2048/8];
    word32              outLen = sizeof(pDecrypted);
    pt = pDecrypted;

    printf(testingFmt, "wc_RsaPSS_VerifyCheck()");

    XMEMSET(digest, 0, sizeof(digest));
    XMEMSET(pSignature, 0, sizeof(pSignature));

    ret = wc_InitRsaKey(&key, NULL);

    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = wc_RsaSetRNG(&key, &rng);
    }
    if (ret == 0) {
            ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
    }
    if (ret == 0) {
        digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
        ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);

    }

    if (ret == 0) {
        ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
        if (ret > 0 ){
            sz = ret;
            ret = 0;
        }
    }
    /* Bad cases */
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }

    /* Good case */
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret > 0) {
                ret = 0;
            }
    }
    wc_FreeRsaKey(&key);
    wc_FreeRng(&rng);
    printf(resultFmt, ret == 0 ? passed : failed);
#endif

    return ret;
} /* END  test_wc_RsaPSS_VerifyCheck */
/*
 * Testing wc_RsaPSS_VerifyCheckInline()
 */
static int test_wc_RsaPSS_VerifyCheckInline (void)
{
    int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
 !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
    RsaKey              key;
    WC_RNG              rng;
    int                 sz = 256;
    byte*               pt;
    byte                digest[32];
    word32              digestSz;
    unsigned char       pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
    unsigned char       pDecrypted[2048/8];
    pt = pDecrypted;


    printf(testingFmt, "wc_RsaPSS_VerifyCheckInline()");

    ret = wc_InitRsaKey(&key, NULL);

    XMEMSET(digest, 0, sizeof(digest));
    XMEMSET(pSignature, 0, sizeof(pSignature));

    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = wc_RsaSetRNG(&key, &rng);
    }
    if (ret == 0) {
            ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
    }
    if (ret == 0) {
        digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
        ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);

    }

    if (ret == 0) {
        ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
                WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
        if (ret > 0 ){
            sz = ret;
            ret = 0;
        }
    }
    /* Bad Cases */
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
                digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
    }
    /* Good case */
    if (ret == 0) {
        ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
                digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
            if (ret > 0) {
                ret = 0;
            }
    }
    wc_FreeRsaKey(&key);
    wc_FreeRng(&rng);
    printf(resultFmt, ret == 0 ? passed : failed);
#endif

    return ret;
} /* END  test_wc_RsaPSS_VerifyCheckInline */

#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
static void sample_mutex_cb (int flag, int type, const char* file, int line)
{
    (void)flag;
    (void)type;
    (void)file;
    (void)line;
}
#endif
/*
 * Testing wc_LockMutex_ex
 */
static int test_wc_LockMutex_ex (void)
{
    int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
    int flag = CRYPTO_LOCK;
    int type = 0;
    const char* file = "./test-LockMutex_ex.txt";
    int line = 0;

    printf(testingFmt, "wc_LockMutex_ex()");

    /*without SetMutexCb*/
    ret = wc_LockMutex_ex(flag, type, file, line);
    if (ret ==  BAD_STATE_E) {
        ret = 0;
    }
    /*with SetMutexCb*/
    if (ret == 0) {
        ret = wc_SetMutexCb(sample_mutex_cb);
        if (ret == 0) {
             ret = wc_LockMutex_ex(flag, type, file, line);
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}/*End test_wc_LockMutex_ex*/
/*
 * Testing wc_SetMutexCb
 */
static int test_wc_SetMutexCb (void)
{
    int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)

    printf(testingFmt, "wc_SetMutexCb()");

    ret = wc_SetMutexCb(sample_mutex_cb);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/*End test_wc_SetMutexCb*/

/*
 * Testing wc_RsaKeyToDer()
 */
static int test_wc_RsaKeyToDer (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
    RsaKey  genKey;
    WC_RNG  rng;
    byte*   der;
    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int     bits = 1024;
    word32  derSz = 611;
    /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
       + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
    #else
    int     bits = 2048;
    word32  derSz = 1196;
    /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
       + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
    #endif
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&genKey, 0, sizeof(genKey));

    der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (der == NULL) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    /* Init structures. */
    if (ret == 0) {
        ret = wc_InitRsaKey(&genKey, NULL);
    }
        if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    /* Make key. */
    if (ret == 0) {
        ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
        if (ret != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(testingFmt, "wc_RsaKeyToDer()");

    if (ret == 0) {
        ret = wc_RsaKeyToDer(&genKey, der, derSz);
        if (ret > 0) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    #ifndef HAVE_USER_RSA
        /* Pass good/bad args. */
        if (ret == 0) {
            ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
            if (ret == BAD_FUNC_ARG) {
                /* Get just the output length */
                ret = wc_RsaKeyToDer(&genKey, NULL, 0);
            }
            if (ret > 0) {
                /* Try Public Key. */
                genKey.type = 0;
                ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #else
        /* Pass good/bad args. */
        if (ret == 0) {
            ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
            if (ret == USER_CRYPTO_ERROR) {
                /* Get just the output length */
                ret = wc_RsaKeyToDer(&genKey, NULL, 0);
            }
            if (ret > 0) {
                /* Try Public Key. */
                genKey.type = 0;
                ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif

    if (der != NULL) {
        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
    if (wc_FreeRsaKey(&genKey) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
} /* END test_wc_RsaKeyToDer */

/*
 *  Testing wc_RsaKeyToPublicDer()
 */
static int test_wc_RsaKeyToPublicDer (void)
{
    int         ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
    RsaKey      key;
    WC_RNG      rng;
    byte*       der;
    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int         bits = 1024;
    word32      derLen = 162;
    #else
    int         bits = 2048;
    word32      derLen = 294;
    #endif

    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (der == NULL) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (ret == 0) {
        ret = wc_InitRsaKey(&key, NULL);
    }
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
    }

    printf(testingFmt, "wc_RsaKeyToPublicDer()");

    if (ret == 0) {
        /* test getting size only */
        ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
        if (ret >= 0)
            ret = 0;
    }
    if (ret == 0) {
        ret = wc_RsaKeyToPublicDer(&key, der, derLen);
        if (ret >= 0) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (ret == 0) {
        /* test getting size only */
        ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0);
        if (ret >= 0)
            ret = 0;
    }
    if (ret == 0) {
        ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0);
        if (ret >= 0) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    #ifndef HAVE_USER_RSA
        /* Pass in bad args. */
        if (ret == 0) {
            ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaKeyToPublicDer(&key, der, -1);
            }
            if (ret == BUFFER_E || ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #else
        /* Pass in bad args. */
        if (ret == 0) {
            ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaKeyToPublicDer(&key, der, -1);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif

    if (der != NULL) {
        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaKeyToPublicDer */

/*
 *  Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
 */
static int test_wc_RsaPublicEncryptDecrypt (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
    RsaKey  key;
    WC_RNG  rng;
    const char inStr[] = TEST_STRING;
    const word32 plainLen = (word32)TEST_STRING_SZ;
    const word32 inLen = (word32)TEST_STRING_SZ;
    int          bits = TEST_RSA_BITS;
    const word32 cipherLen = TEST_RSA_BYTES;
    word32 cipherLenResult = cipherLen;

    DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
    DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
    DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);

#ifdef DECLARE_VAR_IS_HEAP_ALLOC
    if (in == NULL || plain == NULL || cipher == NULL) {
        printf("test_wc_RsaPublicEncryptDecrypt malloc failed\n");
        return MEMORY_E;
}
#endif
    XMEMCPY(in, inStr, inLen);

    ret = wc_InitRsaKey(&key, NULL);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
    }
    /* Encrypt. */
    printf(testingFmt, "wc_RsaPublicEncrypt()");

    if (ret == 0) {
        ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng);
        if (ret >= 0) {
            cipherLenResult = ret;
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Pass bad args. */
   /* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/
    printf(resultFmt, ret == 0 ? passed : failed);
    if (ret != 0) {
        return ret;
    }

    /* Decrypt */
    printf(testingFmt, "wc_RsaPrivateDecrypt()");
    #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
        /* Bind rng */
        if (ret == 0) {
            ret = wc_RsaSetRNG(&key, &rng);
        }
    #endif
    if (ret == 0) {
        ret = wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, &key);
    }
    if (ret >= 0) {
        ret = XMEMCMP(plain, inStr, plainLen);
    }

    /* Pass in bad args. */
   /* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/

    FREE_VAR(in, NULL);
    FREE_VAR(plain, NULL);
    FREE_VAR(cipher, NULL);
    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaPublicEncryptDecrypt */

/*
 * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
 */
static int test_wc_RsaPublicEncryptDecrypt_ex (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
        && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
        && !defined(NO_SHA)
    RsaKey  key;
    WC_RNG  rng;
    const char inStr[] = TEST_STRING;
    const word32 inLen = (word32)TEST_STRING_SZ;
    const word32 plainSz = (word32)TEST_STRING_SZ;
    byte*   res = NULL;
    int     idx = 0;
    int          bits = TEST_RSA_BITS;
    const word32 cipherSz = TEST_RSA_BYTES;

    DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
    DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
    DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);

#ifdef DECLARE_VAR_IS_HEAP_ALLOC
    if (in == NULL || plain == NULL || cipher == NULL) {
        printf("test_wc_RsaPublicEncryptDecrypt_exmalloc failed\n");
        return MEMORY_E;
    }
#endif
    XMEMCPY(in, inStr, inLen);

    /* Initialize stack structures. */
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
    }
    /* Encrypt */
    printf(testingFmt, "wc_RsaPublicEncrypt_ex()");
    if (ret == 0) {
        ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
        if (ret >= 0) {
            idx = ret;
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /*Pass bad args.*/
   /* Tests RsaPublicEncryptEx again. No need duplicate. */
    printf(resultFmt, ret == 0 ? passed : failed);
    if (ret != 0) {
        return ret;
    }

#ifndef WOLFSSL_RSA_PUBLIC_ONLY
    /* Decrypt */
    printf(testingFmt, "wc_RsaPrivateDecrypt_ex()");
    #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
        if (ret == 0) {
            ret = wc_RsaSetRNG(&key, &rng);
        }
    #endif
    if (ret == 0) {
        ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
                plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
                WC_MGF1SHA1, NULL, 0);
    }
    if (ret >= 0) {
        if (!XMEMCMP(plain, inStr, plainSz)) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /*Pass bad args.*/
   /* Tests RsaPrivateDecryptEx() again. No need duplicate. */
    printf(resultFmt, ret == 0 ? passed : failed);
    if (ret != 0) {
        return ret;
    }

    printf(testingFmt, "wc_RsaPrivateDecryptInline_ex()");
    if (ret == 0) {
        ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
                &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
                WC_MGF1SHA1, NULL, 0);

        if (ret >= 0) {
            if (!XMEMCMP(inStr, res, plainSz)) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }
#endif

    FREE_VAR(in, NULL);
    FREE_VAR(plain, NULL);
    FREE_VAR(cipher, NULL);
    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaPublicEncryptDecrypt_ex */

/*
 * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
 */
static int test_wc_RsaSSL_SignVerify (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
    RsaKey  key;
    WC_RNG  rng;
    const char inStr[] = TEST_STRING;
    const word32 plainSz = (word32)TEST_STRING_SZ;
    const word32 inLen = (word32)TEST_STRING_SZ;
    word32  idx = 0;
    int          bits = TEST_RSA_BITS;
    const word32 outSz = TEST_RSA_BYTES;

    DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
    DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
    DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);

#ifdef DECLARE_VAR_IS_HEAP_ALLOC
    if (in == NULL || out == NULL || plain == NULL) {
        printf("test_wc_RsaSSL_SignVerify failed\n");
        return MEMORY_E;
    }
#endif
    XMEMCPY(in, inStr, inLen);

    ret = wc_InitRsaKey(&key, NULL);

    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }

    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
    }
    /* Sign. */
    printf(testingFmt, "wc_RsaSSL_Sign()");

    if (ret == 0) {
        ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng);
        if (ret == (int)outSz) {
            idx = ret;
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#ifndef HAVE_USER_RSA
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#else
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
        if (ret == USER_CRYPTO_ERROR) {
            ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
        }
        if (ret == USER_CRYPTO_ERROR) {
            ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
        }
        if (ret == USER_CRYPTO_ERROR) {
           ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
        }
        if (ret == USER_CRYPTO_ERROR) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#endif
    printf(resultFmt, ret == 0 ? passed : failed);
    if (ret != 0) {
        return ret;
    }

    /* Verify. */
    printf(testingFmt, "wc_RsaSSL_Verify()");

    if (ret == 0) {
        ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
        if (ret == (int)inLen) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    #ifndef HAVE_USER_RSA
        /* Pass bad args. */
         if (ret == 0) {
                ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
            }
            if (ret == BAD_FUNC_ARG) {
               ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #else
        /* Pass bad args. */
         if (ret == 0) {
                ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
            }
            if (ret == USER_CRYPTO_ERROR) {
               ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif

    FREE_VAR(in, NULL);
    FREE_VAR(out, NULL);
    FREE_VAR(plain, NULL);
    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaSSL_SignVerify */

/*
 * Testing wc_RsaEncryptSize()
 */
static int test_wc_RsaEncryptSize (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
    RsaKey  key;
    WC_RNG  rng;

    ret = wc_InitRsaKey(&key, NULL);

    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }

    printf(testingFmt, "wc_RsaEncryptSize()");
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng);
        if (ret == 0) {
            ret = wc_RsaEncryptSize(&key);
        }
        if (ret == 128) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    } else {
        ret = 0;
    }
#endif

    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng);
        if (ret == 0) {
            ret = wc_RsaEncryptSize(&key);
        }
        if (ret == 256) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Pass in bad arg. */
    if (ret == 0) {
        ret = wc_RsaEncryptSize(NULL);
        #ifndef HAVE_USER_RSA
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        #endif
    }

    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaEncryptSize*/

/*
 * Testing wc_RsaFlattenPublicKey()
 */
static int test_wc_RsaFlattenPublicKey (void)
{
    int     ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
    RsaKey  key;
    WC_RNG  rng;
    byte    e[256];
    byte    n[256];
    word32  eSz = sizeof(e);
    word32  nSz = sizeof(n);
    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
    int         bits = 1024;
    #else
    int         bits = 2048;
    #endif

    ret = wc_InitRsaKey(&key, NULL);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }

    if (ret == 0) {
        ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
        if (ret >= 0) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(testingFmt, "wc_RsaFlattenPublicKey()");

    if (ret == 0) {
        ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
    }
    #ifndef HAVE_USER_RSA
        /* Pass bad args. */
        if (ret == 0) {
            ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #else
        /* Pass bad args. */
        if (ret == 0) {
            ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
            }
            if (ret == USER_CRYPTO_ERROR) {
                ret = 0;
            } else {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif
    if (wc_FreeRsaKey(&key) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (wc_FreeRng(&rng) || ret != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_RsaFlattenPublicKey */



/*
 * unit test for wc_AesCcmSetKey
 */
static int test_wc_AesCcmSetKey (void)
{
    int ret = 0;
#ifdef HAVE_AESCCM
    Aes aes;
    const byte  key16[] =
    {
        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
    };
    const byte  key24[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
    };
    const byte  key32[] =
    {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };

    printf(testingFmt, "wc_AesCcmSetKey()");

    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

#ifdef WOLFSSL_AES_128
    ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
#endif
#ifdef WOLFSSL_AES_192
    if (ret == 0) {
        ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24));
    }
#endif
#ifdef WOLFSSL_AES_256
    if (ret == 0) {
        ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32));
    }
#endif

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1);
        }
        if (ret != BAD_FUNC_ARG) {
            ret = WOLFSSL_FATAL_ERROR;
        } else {
            ret = 0;
        }
    }

    wc_AesFree(&aes);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_AesCcmSetKey */

/*
 * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
 */
static int test_wc_AesCcmEncryptDecrypt (void)
{
    int ret = 0;
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
    Aes aes;
    const byte  key16[] =
    {
        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
    };
    /* plaintext */
    const byte plainT[] =
    {
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
    };
    /* nonce */
    const byte iv[] =
    {
        0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
        0xa1, 0xa2, 0xa3, 0xa4, 0xa5
    };
    const byte c[] =  /* cipher text. */
    {
        0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
        0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
        0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
    };
    const byte t[] =  /* Auth tag */
    {
        0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
    };
    const byte authIn[] =
    {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
    };
    byte cipherOut[sizeof(plainT)];
    byte authTag[sizeof(t)];
    int ccmE = WOLFSSL_FATAL_ERROR;
    #ifdef HAVE_AES_DECRYPT
        int ccmD = WOLFSSL_FATAL_ERROR;
        byte plainOut[sizeof(cipherOut)];
    #endif

    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
    if (ret != 0)
        return ret;

    ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
    if (ret == 0) {
        ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
                                    iv, sizeof(iv), authTag, sizeof(authTag),
                                    authIn , sizeof(authIn));
        if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) ||
                XMEMCMP(t, authTag, sizeof(t))) {
            ccmE = WOLFSSL_FATAL_ERROR;
            ret = WOLFSSL_FATAL_ERROR;
        }
        #ifdef HAVE_AES_DECRYPT
            if (ret == 0) {
                ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
                                        sizeof(plainOut), iv, sizeof(iv),
                                        authTag, sizeof(authTag),
                                        authIn, sizeof(authIn));
                if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) {
                    ccmD = WOLFSSL_FATAL_ERROR;
                }
            }
        #endif
    }

    printf(testingFmt, "wc_AesCcmEncrypt()");

    /* Pass in bad args. Encrypt*/
    if (ret == 0 && ccmE == 0) {
        ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
                                    iv, sizeof(iv), authTag, sizeof(authTag),
                                    authIn , sizeof(authIn));
        if (ccmE == BAD_FUNC_ARG) {
            ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
                                    iv, sizeof(iv), authTag, sizeof(authTag),
                                    authIn , sizeof(authIn));
        }
        if (ccmE == BAD_FUNC_ARG) {
            ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
                                    iv, sizeof(iv), authTag, sizeof(authTag),
                                    authIn , sizeof(authIn));
        }
        if (ccmE == BAD_FUNC_ARG) {
            ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
                                    NULL, sizeof(iv), authTag, sizeof(authTag),
                                    authIn , sizeof(authIn));
        }
        if (ccmE == BAD_FUNC_ARG) {
            ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
                                    iv, sizeof(iv), NULL, sizeof(authTag),
                                    authIn , sizeof(authIn));
        }
        if (ccmE == BAD_FUNC_ARG) {
            ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
                                    iv, sizeof(iv) + 1, authTag, sizeof(authTag),
                                    authIn , sizeof(authIn));
        }
        if (ccmE == BAD_FUNC_ARG) {
            ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
                                    iv, sizeof(iv) - 7, authTag, sizeof(authTag),
                                    authIn , sizeof(authIn));
        }

        if (ccmE != BAD_FUNC_ARG) {
            ccmE = WOLFSSL_FATAL_ERROR;
        } else {
            ccmE = 0;
        }
    } /* End Encrypt */

    printf(resultFmt, ccmE == 0 ? passed : failed);
    if (ccmE != 0) {
        wc_AesFree(&aes);
        return ccmE;
    }
    #ifdef HAVE_AES_DECRYPT
        printf(testingFmt, "wc_AesCcmDecrypt()");

        /* Pass in bad args. Decrypt*/
        if (ret == 0 && ccmD == 0) {
            ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
                                        iv, sizeof(iv), authTag, sizeof(authTag),
                                        authIn, sizeof(authIn));
            if (ccmD == BAD_FUNC_ARG) {
                ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
                                        iv, sizeof(iv), authTag, sizeof(authTag),
                                        authIn, sizeof(authIn));
            }
            if (ccmD == BAD_FUNC_ARG) {
                ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
                                        iv, sizeof(iv), authTag, sizeof(authTag),
                                        authIn, sizeof(authIn));
            }
            if (ccmD == BAD_FUNC_ARG) {
                ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
                                        sizeof(plainOut), NULL, sizeof(iv),
                                        authTag, sizeof(authTag),
                                        authIn, sizeof(authIn));
            }
            if (ccmD == BAD_FUNC_ARG) {
                ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
                                        sizeof(plainOut), iv, sizeof(iv), NULL,
                                        sizeof(authTag), authIn, sizeof(authIn));
            }
            if (ccmD == BAD_FUNC_ARG) {
                ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
                                        sizeof(plainOut), iv, sizeof(iv) + 1,
                                        authTag, sizeof(authTag),
                                        authIn, sizeof(authIn));
            }
            if (ccmD == BAD_FUNC_ARG) {
                ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
                                        sizeof(plainOut), iv, sizeof(iv) - 7,
                                        authTag, sizeof(authTag),
                                        authIn, sizeof(authIn));
            }
            if (ccmD != BAD_FUNC_ARG) {
                ccmD = WOLFSSL_FATAL_ERROR;
            } else {
                ccmD = 0;
            }
        } /* END Decrypt */

        printf(resultFmt, ccmD == 0 ? passed : failed);
        if (ccmD != 0) {
            return ccmD;
        }
    #endif

    wc_AesFree(&aes);

#endif  /* HAVE_AESCCM */

    return ret;

} /* END test_wc_AesCcmEncryptDecrypt */



/*
 * Test wc_Hc128_SetKey()
 */
static int test_wc_Hc128_SetKey (void)
{
    int ret = 0;
#ifdef HAVE_HC128
    HC128 ctx;
    const char* key = "\x80\x00\x00\x00\x00\x00\x00\x00"
                      "\x00\x00\x00\x00\x00\x00\x00\x00";
    const char* iv =  "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
                      "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";

    printf(testingFmt, "wc_Hc128_SetKey()");
        ret = wc_Hc128_SetKey(&ctx, (byte*)key, (byte*)iv);
        /* Test bad args. */
        if (ret == 0) {
            ret = wc_Hc128_SetKey(NULL, (byte*)key, (byte*)iv);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_Hc128_SetKey(&ctx, NULL, (byte*)iv);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_Hc128_SetKey(&ctx, (byte*)key, NULL);
            }
        }

    printf(resultFmt, ret == 0 ? passed : failed);


#endif
    return ret;

} /* END test_wc_Hc128_SetKey */

/*
 * Testing wc_Hc128_Process()
 */
static int test_wc_Hc128_Process (void)
{
    int ret = 0;
#ifdef HAVE_HC128
    HC128 enc;
    HC128 dec;
    const char* key =  "\x0F\x62\xB5\x08\x5B\xAE\x01\x54"
                       "\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC";
    const char* input = "Encrypt Hc128, and then Decrypt.";
    size_t inlen = XSTRLEN(input) + 1; /* Add null terminator */
    byte cipher[inlen];
    byte plain[inlen];

    printf(testingFmt, "wc_Hc128_Process()");
    ret = wc_Hc128_SetKey(&enc, (byte*)key, NULL);
    if (ret == 0) {
        ret = wc_Hc128_SetKey(&dec, (byte*)key, NULL);
    }
    if (ret == 0) {
        ret = wc_Hc128_Process(&enc, cipher, (byte*)input, (word32)inlen);
        if (ret == 0) {
            ret = wc_Hc128_Process(&dec, plain, cipher, (word32)inlen);
        }
    }

    /* Bad args. */
    if (ret == 0) {
        ret = wc_Hc128_Process(NULL, plain, cipher, (word32)inlen);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Hc128_Process(&dec, NULL, cipher, (word32)inlen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_Hc128_Process(&dec, plain, NULL, (word32)inlen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

   #endif
    return ret;

} /* END test_wc_Hc128_Process */


/*
 * Testing wc_InitDsaKey()
 */
static int test_wc_InitDsaKey (void)
{
    int     ret = 0;

#ifndef NO_DSA
    DsaKey  key;

    printf(testingFmt, "wc_InitDsaKey()");

    ret = wc_InitDsaKey(&key);

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_InitDsaKey(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&key);

#endif
    return ret;

} /* END test_wc_InitDsaKey */

/*
 * Testing wc_DsaSign() and wc_DsaVerify()
 */
static int test_wc_DsaSignVerify (void)
{
    int     ret = 0;
#if !defined(NO_DSA)
    DsaKey  key;
    WC_RNG  rng;
    wc_Sha  sha;
    byte    signature[DSA_SIG_SIZE];
    byte    hash[WC_SHA_DIGEST_SIZE];
    word32  idx = 0;
    word32  bytes;
    int      answer;
#ifdef USE_CERT_BUFFERS_1024
    byte    tmp[ONEK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
    bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
    bytes = sizeof_dsa_key_der_2048;
#else
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
    if (fp == XBADFILE) {
        return WOLFSSL_BAD_FILE;
    }
    bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
    XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */

    ret = wc_InitSha(&sha);
    if (ret == 0) {
        ret = wc_ShaUpdate(&sha, tmp, bytes);
        if (ret == 0) {
            ret = wc_ShaFinal(&sha, hash);
        }
        if (ret == 0) {
            ret = wc_InitDsaKey(&key);
        }
        if (ret == 0) {
            ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
        }
        if (ret == 0) {
            ret = wc_InitRng(&rng);
        }
    }

    printf(testingFmt, "wc_DsaSign()");
    /* Sign. */
    if (ret == 0) {
        ret = wc_DsaSign(hash, signature, &key, &rng);
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_DsaSign(NULL, signature, &key, &rng);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaSign(hash, NULL, &key, &rng);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaSign(hash, signature, NULL, &rng);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaSign(hash, signature, &key, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret != 0) {
        return ret;
    }

    /* Verify. */
    printf(testingFmt, "wc_DsaVerify()");

    ret = wc_DsaVerify(hash, signature, &key, &answer);
    if (ret != 0 || answer != 1) {
        ret = WOLFSSL_FATAL_ERROR;
    } else {
        ret = 0;
    }

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_DsaVerify(NULL, signature, &key, &answer);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaVerify(hash, NULL, &key, &answer);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaVerify(hash, signature, NULL, &answer);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaVerify(hash, signature, &key, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

#if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
    /* hard set q to 0 and test fail case */
    mp_free(&key.q);
    mp_init(&key.q);
    AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);

    mp_set_int(&key.q, 1);
    AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
#endif

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&key);
    wc_ShaFree(&sha);

#endif
    return ret;

} /* END test_wc_DsaSign */

/*
 * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
 */
static int test_wc_DsaPublicPrivateKeyDecode (void)
{
    int     ret = 0;

#if !defined(NO_DSA)
    DsaKey  key;
    word32  bytes;
    word32  idx  = 0;
    int     priv = WOLFSSL_FATAL_ERROR;
    int     pub  = WOLFSSL_FATAL_ERROR;

#ifdef USE_CERT_BUFFERS_1024
    byte    tmp[ONEK_BUF];
    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
    bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
    byte    tmp[TWOK_BUF];
    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
    bytes = sizeof_dsa_key_der_2048;
#else
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
    if (fp == XBADFILE)
    {
        return WOLFSSL_BAD_FILE;
    }
    bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
    XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */

    ret = wc_InitDsaKey(&key);

    printf(testingFmt, "wc_DsaPrivateKeyDecode()");
    if (ret == 0) {
        priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);

        /* Test bad args. */
        if (priv == 0) {
            priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes);
            if (priv == BAD_FUNC_ARG) {
                priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes);
            }
            if (priv == BAD_FUNC_ARG) {
                priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes);
            }
            if (priv == BAD_FUNC_ARG) {
                priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
            }
            if (priv == ASN_PARSE_E) {
                priv = 0;
            } else {
                priv = WOLFSSL_FATAL_ERROR;
            }
        }

        wc_FreeDsaKey(&key);
        ret = wc_InitDsaKey(&key);
    }

    printf(resultFmt, priv == 0 ? passed : failed);

    printf(testingFmt, "wc_DsaPublicKeyDecode()");
    if (ret == 0) {
        idx = 0; /* Reset */
        pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
        /* Test bad args. */
        if (pub == 0) {
            pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes);
            if (pub == BAD_FUNC_ARG) {
                pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes);
            }
            if (pub == BAD_FUNC_ARG) {
                pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes);
            }
            if (pub == BAD_FUNC_ARG) {
                pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
            }
            if (pub == ASN_PARSE_E) {
                pub = 0;
            } else {
                pub = WOLFSSL_FATAL_ERROR;
            }
        }

    } /* END Public Key */

    printf(resultFmt, pub == 0 ? passed : failed);

    wc_FreeDsaKey(&key);

#endif
    return ret;

} /* END test_wc_DsaPublicPrivateKeyDecode */


/*
 * Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
 */
static int test_wc_MakeDsaKey (void)
{
    int     ret = 0;

#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
    DsaKey  genKey;
    WC_RNG  rng;
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&genKey, 0, sizeof(genKey));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_InitDsaKey(&genKey);
    }

    printf(testingFmt, "wc_MakeDsaParameters()");
    if (ret == 0) {
        ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    printf(testingFmt, "wc_MakeDsaKey()");

    if (ret == 0) {
        ret = wc_MakeDsaKey(&rng, &genKey);
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_MakeDsaKey(NULL, &genKey);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_MakeDsaKey(&rng, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FAILURE;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&genKey);
#endif
    return ret;
} /* END test_wc_MakeDsaKey */

/*
 * Testing wc_DsaKeyToDer()
 */
static int test_wc_DsaKeyToDer (void)
{
    int     ret = 0;

#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
    DsaKey  genKey;
    WC_RNG  rng;
    word32  bytes;
    word32  idx = 0;

#ifdef USE_CERT_BUFFERS_1024
    byte    tmp[ONEK_BUF];
    byte    der[ONEK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMSET(der, 0, sizeof(der));
    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
    bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
    byte    tmp[TWOK_BUF];
    byte    der[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMSET(der, 0, sizeof(der));
    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
    bytes = sizeof_dsa_key_der_2048;
#else
    byte    tmp[TWOK_BUF];
    byte    der[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMSET(der, 0, sizeof(der));
    XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
    if (fp == XBADFILE) {
        return WOLFSSL_BAD_FILE;
    }
    bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
    XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&genKey, 0, sizeof(genKey));
#endif
    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_InitDsaKey(&genKey);
    }
    if (ret == 0) {
        ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey);
        if (ret == 0) {
            wc_FreeDsaKey(&genKey);
            ret = wc_InitDsaKey(&genKey);
        }
    }
    if (ret == 0) {
        ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes);
    }

    printf(testingFmt, "wc_DsaKeyToDer()");

    if (ret == 0) {
        ret = wc_DsaKeyToDer(&genKey, der, bytes);
        if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) {
            ret = 0;
        }
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&genKey);

#endif

    return ret;

} /* END test_wc_DsaKeyToDer */

/*
 *  Testing wc_DsaKeyToPublicDer()
 *  (indirectly testing setDsaPublicKey())
 */
static int test_wc_DsaKeyToPublicDer(void)
{
    int         ret = 0;
#ifndef HAVE_SELFTEST
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
    DsaKey  genKey;
    WC_RNG  rng;
    byte*   der;
    word32  sz;

    printf(testingFmt, "wc_DsaKeyToPublicDer()");

    der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (der == NULL) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    if (ret == 0) {
        ret = wc_InitDsaKey(&genKey);
    }
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
    }
    if (ret == 0) {
        ret = wc_MakeDsaKey(&rng, &genKey);
    }

    if (ret == 0) {
        ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
        if (ret >= 0) {
            sz = ret;
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    if (ret == 0) {
        word32 idx = 0;
        ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    XFREE(der,NULL,DYNAMIC_TYPE_TMP_BUFFER);
    wc_FreeDsaKey(&genKey);
#endif /* !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) */
#endif /* HAVE_SELFTEST */
    return ret;

} /* END test_wc_DsaKeyToPublicDer */

/*
 * Testing wc_DsaImportParamsRaw()
 */
static int test_wc_DsaImportParamsRaw (void)
{
    int     ret = 0;

#if !defined(NO_DSA)
    DsaKey  key;

    /* [mod = L=1024, N=160], from CAVP KeyPair */
    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
                    "47123188f8dc551054ee162b634d60f097f719076640e209"
                    "80a0093113a8bd73";
    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
                    "76341a7e7d9";

    /* invalid p and q parameters */
    const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
    const char* invalidQ = "96c5390a";

    printf(testingFmt, "wc_DsaImportParamsRaw()");

    ret = wc_InitDsaKey(&key);
    if (ret == 0) {
        ret = wc_DsaImportParamsRaw(&key, p, q, g);
    }

    /* test bad args */
    if (ret == 0) {
        /* null key struct */
        ret = wc_DsaImportParamsRaw(NULL, p, q, g);
        if (ret == BAD_FUNC_ARG) {
            /* null param pointers */
            ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL);
        }

        if (ret == BAD_FUNC_ARG) {
            /* illegal p length */
            ret = wc_DsaImportParamsRaw(&key, invalidP, q, g);
        }

        if (ret == BAD_FUNC_ARG) {
            /* illegal q length */
            ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g);
            if (ret == BAD_FUNC_ARG)
                ret = 0;
        }

    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&key);

#endif

    return ret;

} /* END test_wc_DsaImportParamsRaw */

/*
 * Testing wc_DsaImportParamsRawCheck()
 */
static int test_wc_DsaImportParamsRawCheck (void)
{
    int     ret = 0;

#if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
    DsaKey  key;
    int     trusted = 0;
    /* [mod = L=1024, N=160], from CAVP KeyPair */
    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
                    "47123188f8dc551054ee162b634d60f097f719076640e209"
                    "80a0093113a8bd73";
    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
                    "76341a7e7d9";

    /* invalid p and q parameters */
    const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
    const char* invalidQ = "96c5390a";

    printf(testingFmt, "wc_DsaImportParamsRawCheck()");

    ret = wc_InitDsaKey(&key);
    if (ret == 0) {
        ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL);
    }

    /* test bad args */
    if (ret == 0) {
        /* null key struct */
        ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL);
        if (ret == BAD_FUNC_ARG) {
            /* null param pointers */
            ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL);
        }

        if (ret == BAD_FUNC_ARG) {
            /* illegal p length */
            ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL);
        }

        if (ret == BAD_FUNC_ARG) {
            /* illegal q length */
            ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL);
            if (ret == BAD_FUNC_ARG)
                ret = 0;
        }

    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&key);

#endif

    return ret;

} /* END test_wc_DsaImportParamsRawCheck */

/*
 * Testing wc_DsaExportParamsRaw()
 */
static int test_wc_DsaExportParamsRaw (void)
{
    int     ret = 0;

#if !defined(NO_DSA)
    DsaKey  key;

    /* [mod = L=1024, N=160], from CAVP KeyPair */
    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
                    "47123188f8dc551054ee162b634d60f097f719076640e209"
                    "80a0093113a8bd73";
    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
                    "76341a7e7d9";

    const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
                           "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
                           "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
                           "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
                           "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
                           "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
                           "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
                           "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
                           "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
                           "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
                           "\x80\xa0\x09\x31\x13\xa8\xbd\x73";
    const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
                           "\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
    const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
                           "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
                           "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
                           "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
                           "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
                           "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
                           "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
                           "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
                           "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
                           "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
                           "\x17\xfc\x07\x63\x41\xa7\xe7\xd9";

    byte pOut[MAX_DSA_PARAM_SIZE];
    byte qOut[MAX_DSA_PARAM_SIZE];
    byte gOut[MAX_DSA_PARAM_SIZE];
    word32 pOutSz, qOutSz, gOutSz;

    printf(testingFmt, "wc_DsaExportParamsRaw()");

    ret = wc_InitDsaKey(&key);
    if (ret == 0) {
        /* first test using imported raw parameters, for expected */
        ret = wc_DsaImportParamsRaw(&key, p, q, g);
    }

    if (ret == 0) {
        pOutSz = sizeof(pOut);
        qOutSz = sizeof(qOut);
        gOutSz = sizeof(gOut);
        ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
                                    gOut, &gOutSz);
    }

    if (ret == 0) {
        /* validate exported parameters are correct */
        if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) ||
            (XMEMCMP(qOut, qCompare, qOutSz) != 0) ||
            (XMEMCMP(gOut, gCompare, gOutSz) != 0) ) {
            ret = -1;
        }
    }

    /* test bad args */
    if (ret == 0) {
        /* null key struct */
        ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz,
                                    gOut, &gOutSz);

        if (ret == BAD_FUNC_ARG) {
            /* null output pointers */
            ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz,
                                        NULL, &gOutSz);
        }

        if (ret == LENGTH_ONLY_E) {
            /* null output size pointers */
            ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL,
                                        gOut, NULL);
        }

        if (ret == BAD_FUNC_ARG) {
            /* p output buffer size too small */
            pOutSz = 1;
            ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
                                        gOut, &gOutSz);
            pOutSz = sizeof(pOut);
        }

        if (ret == BUFFER_E) {
            /* q output buffer size too small */
            qOutSz = 1;
            ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
                                        gOut, &gOutSz);
            qOutSz = sizeof(qOut);
        }

        if (ret == BUFFER_E) {
            /* g output buffer size too small */
            gOutSz = 1;
            ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
                                        gOut, &gOutSz);
            if (ret == BUFFER_E)
                ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&key);

#endif

    return ret;

} /* END test_wc_DsaExportParamsRaw */

/*
 * Testing wc_DsaExportKeyRaw()
 */
static int test_wc_DsaExportKeyRaw (void)
{
    int     ret = 0;

#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
    DsaKey  key;
    WC_RNG  rng;

    byte xOut[MAX_DSA_PARAM_SIZE];
    byte yOut[MAX_DSA_PARAM_SIZE];
    word32 xOutSz, yOutSz;

    printf(testingFmt, "wc_DsaExportKeyRaw()");
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_InitDsaKey(&key);
    }

    if (ret == 0) {
        ret = wc_MakeDsaParameters(&rng, 1024, &key);

        if (ret == 0)  {
            ret = wc_MakeDsaKey(&rng, &key);
        }
    }

    /* try successful export */
    if (ret == 0) {
        xOutSz = sizeof(xOut);
        yOutSz = sizeof(yOut);
        ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
    }

    /* test bad args */
    if (ret == 0) {
        /* null key struct */
        ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz);

        if (ret == BAD_FUNC_ARG) {
            /* null output pointers */
            ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz);
        }

        if (ret == LENGTH_ONLY_E) {
            /* null output size pointers */
            ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL);
        }

        if (ret == BAD_FUNC_ARG) {
            /* x output buffer size too small */
            xOutSz = 1;
            ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
            xOutSz = sizeof(xOut);
        }

        if (ret == BUFFER_E) {
            /* y output buffer size too small */
            yOutSz = 1;
            ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);

            if (ret == BUFFER_E)
                ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeDsaKey(&key);
    wc_FreeRng(&rng);

#endif

    return ret;

} /* END test_wc_DsaExportParamsRaw */


/*
 * Testing wc_ed25519_make_key().
 */
static int test_wc_ed25519_make_key (void)
{
    int ret = 0;

#if defined(HAVE_ED25519)
    ed25519_key     key;
    WC_RNG          rng;

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ed25519_init(&key);
    }
    printf(testingFmt, "wc_ed25519_make_key()");
    if (ret == 0) {
        ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }


    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed25519_free(&key);

#endif
    return ret;

} /* END test_wc_ed25519_make_key */


/*
 * Testing wc_ed25519_init()
 */
static int test_wc_ed25519_init (void)
{
    int             ret = 0;

#if defined(HAVE_ED25519)

    ed25519_key    key;

    printf(testingFmt, "wc_ed25519_init()");

    ret = wc_ed25519_init(&key);

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ed25519_init(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ed25519_free(&key);

#endif
    return ret;

} /* END test_wc_ed25519_init */

/*
 * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
 */
static int test_wc_ed25519_sign_msg (void)
{
    int             ret = 0;

#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
    WC_RNG          rng;
    ed25519_key     key;
    byte            msg[] = "Everybody gets Friday off.\n";
    byte            sig[ED25519_SIG_SIZE];
    word32          msglen = sizeof(msg);
    word32          siglen = sizeof(sig);
    word32          badSigLen = sizeof(sig) - 1;
#ifdef HAVE_ED25519_VERIFY
    int             verify_ok = 0; /*1 = Verify success.*/
#endif

    /* Initialize stack variables. */
    XMEMSET(sig, 0, siglen);

    /* Initialize key. */
    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ed25519_init(&key);
        if (ret == 0) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
        }
    }

    printf(testingFmt, "wc_ed25519_sign_msg()");

    if (ret == 0) {
        ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key);
    }
    /* Test bad args. */
    if (ret == 0 && siglen == ED25519_SIG_SIZE) {
        ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key);
        }
        if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) {
            badSigLen -= 1;
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    } /* END sign */

    printf(resultFmt, ret == 0 ? passed : failed);
    #ifdef HAVE_ED25519_VERIFY
        printf(testingFmt, "wc_ed25519_verify_msg()");

        if (ret == 0) {

            ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key);
            if (ret == 0  && verify_ok == 1) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }

            /* Test bad args. */
            if (ret == 0) {
                AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg,
                                                  msglen, &verify_ok, &key),
                                                  BAD_FUNC_ARG);
                AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg,
                                                  msglen, &verify_ok, &key),
                                                  BAD_FUNC_ARG);

                ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
                                                                        &key);
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen,
                                                                &verify_ok, &key);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
                                                                  NULL, &key);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
                                                                &verify_ok, NULL);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen,
                                                                &verify_ok, &key);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = 0;
                } else if (ret == 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }

        } /* END verify. */

        printf(resultFmt, ret == 0 ? passed : failed);
    #endif /* Verify. */

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed25519_free(&key);

#endif
    return ret;

} /* END test_wc_ed25519_sign_msg */

/*
 * Testing wc_ed25519_import_public()
 */
static int test_wc_ed25519_import_public (void)
{
    int             ret = 0;

#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
    WC_RNG          rng;
    ed25519_key     pubKey;
    const byte      in[] = "Ed25519PublicKeyUnitTest......\n";
    word32          inlen = sizeof(in);


    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ed25519_init(&pubKey);
        if (ret == 0) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey);
        }
    }
    printf(testingFmt, "wc_ed25519_import_public()");

    if (ret == 0) {
        ret = wc_ed25519_import_public(in, inlen, &pubKey);

        if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }

        /* Test bad args. */
        if (ret == 0) {
            ret = wc_ed25519_import_public(NULL, inlen, &pubKey);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_import_public(in, inlen, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_import_public(in, inlen - 1, &pubKey);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed25519_free(&pubKey);

#endif
    return ret;

} /* END wc_ed25519_import_public */

/*
 * Testing wc_ed25519_import_private_key()
 */
static int test_wc_ed25519_import_private_key (void)
{
    int         ret = 0;

#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
    WC_RNG      rng;
    ed25519_key key;
    const byte  privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
    const byte  pubKey[] = "Ed25519PublicKeyUnitTest......\n";
    word32      privKeySz = sizeof(privKey);
    word32      pubKeySz = sizeof(pubKey);
#ifdef HAVE_ED25519_KEY_EXPORT
    byte        bothKeys[sizeof(privKey) + sizeof(pubKey)];
    word32      bothKeysSz = sizeof(bothKeys);
#endif

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }
    ret = wc_ed25519_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }
    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);

    printf(testingFmt, "wc_ed25519_import_private_key()");

    if (ret == 0) {
        ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
                                                            pubKeySz, &key);
        if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
                                || XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

#ifdef HAVE_ED25519_KEY_EXPORT
    if (ret == 0)
        ret = wc_ed25519_export_private(&key, bothKeys, &bothKeysSz);

    if (ret == 0) {
        ret = wc_ed25519_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key);
        if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
                                || XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
                                                                        &key);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
                                                                pubKeySz, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
                                                                pubKeySz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
                                                                pubKeySz, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
                                                            pubKeySz - 1, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
                                                            0, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed25519_free(&key);

#endif
    return ret;

} /* END test_wc_ed25519_import_private_key */

/*
 * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
 */
static int test_wc_ed25519_export (void)
{
    int             ret = 0;

#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
    WC_RNG          rng;
    ed25519_key     key;
    byte            priv[ED25519_PRV_KEY_SIZE];
    byte            pub[ED25519_PUB_KEY_SIZE];
    word32          privSz = sizeof(priv);
    word32          pubSz = sizeof(pub);

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }

    ret = wc_ed25519_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }

    if (ret == 0) {
        ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
    }

    printf(testingFmt, "wc_ed25519_export_public()");

    if (ret == 0) {
        ret = wc_ed25519_export_public(&key, pub, &pubSz);
        if (ret == 0 && (pubSz != ED25519_KEY_SIZE
                                        || XMEMCMP(key.p, pub, pubSz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        if (ret == 0) {
            ret = wc_ed25519_export_public(NULL, pub, &pubSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_public(&key, NULL, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_public(&key, pub, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    printf(testingFmt, "wc_ed25519_export_private_only()");

    if (ret == 0) {
        ret = wc_ed25519_export_private_only(&key, priv, &privSz);
        if (ret == 0 && (privSz != ED25519_KEY_SIZE
                                        || XMEMCMP(key.k, priv, privSz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        if (ret == 0) {
            ret = wc_ed25519_export_private_only(NULL, priv, &privSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_private_only(&key, NULL, &privSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_private_only(&key, priv, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed25519_free(&key);

#endif
    return ret;

} /* END test_wc_ed25519_export */

/*
 *  Testing wc_ed25519_size()
 */
static int test_wc_ed25519_size (void)
{
    int             ret = 0;
#if defined(HAVE_ED25519)
    WC_RNG          rng;
    ed25519_key     key;

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }
    ret = wc_ed25519_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }

    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        wc_ed25519_free(&key);
        return ret;
    }

    printf(testingFmt, "wc_ed25519_size()");
    ret = wc_ed25519_size(&key);
    /* Test bad args. */
    if (ret == ED25519_KEY_SIZE) {
        ret = wc_ed25519_size(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_ed25519_sig_size()");

        ret = wc_ed25519_sig_size(&key);
        if (ret == ED25519_SIG_SIZE) {
            ret = 0;
        }
        /* Test bad args. */
        if (ret == 0) {
            ret = wc_ed25519_sig_size(NULL);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }

        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed25519_sig_size() */

    if (ret == 0) {
        printf(testingFmt, "wc_ed25519_pub_size");
        ret = wc_ed25519_pub_size(&key);
        if (ret == ED25519_PUB_KEY_SIZE) {
            ret = 0;
        }
        if (ret == 0) {
            ret = wc_ed25519_pub_size(NULL);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed25519_pub_size */

    if (ret == 0) {
        printf(testingFmt, "wc_ed25519_priv_size");
        ret = wc_ed25519_priv_size(&key);
        if (ret == ED25519_PRV_KEY_SIZE) {
            ret = 0;
        }
        if (ret == 0) {
            ret = wc_ed25519_priv_size(NULL);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed25519_pub_size */

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed25519_free(&key);

#endif
    return ret;

} /* END test_wc_ed25519_size */

/*
 * Testing wc_ed25519_export_private() and wc_ed25519_export_key()
 */
static int test_wc_ed25519_exportKey (void)
{
    int             ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
    WC_RNG          rng;
    ed25519_key     key;
    byte            priv[ED25519_PRV_KEY_SIZE];
    byte            pub[ED25519_PUB_KEY_SIZE];
    byte            privOnly[ED25519_PRV_KEY_SIZE];
    word32          privSz      = sizeof(priv);
    word32          pubSz       = sizeof(pub);
    word32          privOnlySz  = sizeof(privOnly);

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }
    ret = wc_ed25519_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }

    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        wc_ed25519_free(&key);
        return ret;
    }

    printf(testingFmt, "wc_ed25519_export_private()");

    ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz);
    if (ret == 0) {
        ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_export_private(&key, NULL, &privOnlySz);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed25519_export_private(&key, privOnly, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_ed25519_export_key()");

        ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz);
        if (ret == 0) {
            ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed25519_export_key() */

    /* Cross check output. */
    if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed25519_free(&key);

#endif
    return ret;

} /* END test_wc_ed25519_exportKey */

/*
 * Testing wc_Ed25519PublicKeyToDer
 */
static int test_wc_Ed25519PublicKeyToDer (void)
{
    int ret = 0;

#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
    int tmp;
    ed25519_key key;
    byte derBuf[1024];

    printf(testingFmt, "wc_Ed25519PublicKeyToDer()");

    /* Test bad args */
    tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0);
    if (tmp != BAD_FUNC_ARG) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    if (ret == 0) {
        wc_ed25519_init(&key);
        tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0);
        if (tmp != BUFFER_E) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        wc_ed25519_free(&key);
    }

    /*  Test good args */
    if (ret == 0) {
        WC_RNG          rng;
        ret = wc_InitRng(&rng);
        if (ret != 0) {
            return ret;
        }
        ret = wc_ed25519_init(&key);
        if (ret != 0) {
            wc_FreeRng(&rng);
            return ret;
        }

        ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
        if (ret != 0) {
            wc_FreeRng(&rng);
            wc_ed25519_free(&key);
            return ret;
        }

        tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1);
        if (tmp <= 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }

        wc_FreeRng(&rng);
        wc_ed25519_free(&key);
    }
    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;

} /* END testing wc_Ed25519PublicKeyToDer */

/*
 * Testing wc_curve25519_init and wc_curve25519_free.
 */
static int test_wc_curve25519_init (void)
{
    int ret = 0;

#if defined(HAVE_CURVE25519)

    curve25519_key  key;

    printf(testingFmt, "wc_curve25519_init()");
    ret = wc_curve25519_init(&key);

    /* Test bad args for wc_curve25519_init */
    if (ret == 0) {
        ret = wc_curve25519_init(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    /*  Test good args for wc_curve_25519_free */
    wc_curve25519_free(&key);

    wc_curve25519_free(NULL);

#endif
    return ret;

} /* END test_wc_curve25519_init and wc_curve_25519_free*/
/*
 * Testing test_wc_curve25519_size.
 */
static int test_wc_curve25519_size (void)
{
    int ret = 0;

#if defined(HAVE_CURVE25519)

    curve25519_key  key;

    printf(testingFmt, "wc_curve25519_size()");

    ret = wc_curve25519_init(&key);

    /*  Test good args for wc_curve25519_size */
    if (ret == 0) {
        ret = wc_curve25519_size(&key);
    }

    /* Test bad args for wc_curve25519_size */
    if (ret != 0) {
        ret = wc_curve25519_size(NULL);
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&key);
#endif
    return ret;

} /* END test_wc_curve25519_size*/

/*
 * Testing test_wc_curve25519_export_key_raw().
 */
static int test_wc_curve25519_export_key_raw (void)
{

#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)

    curve25519_key  key;
    WC_RNG          rng;

    byte            privateKey[CURVE25519_KEYSIZE];
    byte            publicKey[CURVE25519_KEYSIZE];
    word32          prvkSz;
    word32          pubkSz;

    byte            prik[CURVE25519_KEYSIZE];
    byte            pubk[CURVE25519_KEYSIZE];
    word32          prksz;
    word32          pbksz;

    printf(testingFmt, "wc_curve25519_export_key_raw()");


    if(0 != wc_InitRng(&rng)){
        printf(testingFmt, "failed due to wc_InitRng");
        fflush( stdout );
        return  1;
    }

    if(0 != wc_curve25519_init(&key)){
        printf(testingFmt, "failed due to wc_curve25519_init");
        fflush( stdout );
        wc_FreeRng(&rng);
        return  1;
    }

    if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
        printf(testingFmt, "failed due to wc_curve25519_make_key");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    /*
        bad-argument-test cases
        target function sould return BAD_FUNC_ARG
    */
    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
            NULL , privateKey, &prvkSz, publicKey, &pubkSz)){

        printf(testingFmt,"failed at bad-arg-case-1.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
            &key , NULL, &prvkSz, publicKey, &pubkSz)){

        printf(testingFmt,"failed at bad-arg-case-2.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
            &key , privateKey, NULL, publicKey, &pubkSz)){

        printf(testingFmt,"failed at bad-arg-case-3.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    /* prvkSz = CURVE25519_KEYSIZE; */
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
            &key , privateKey, &prvkSz, NULL, &pubkSz)){

        printf(testingFmt,"failed at bad-arg-case-4.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
            &key , privateKey, &prvkSz, publicKey, NULL )){

        printf(testingFmt,"failed at bad-arg-case-5.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    /*
        cross-testing
    */
    prksz = CURVE25519_KEYSIZE;

    if( 0 != wc_curve25519_export_private_raw(&key, prik, &prksz)){

        printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    pbksz = CURVE25519_KEYSIZE;

    if(0 != wc_curve25519_export_public(&key, pubk, &pbksz)){

        printf(testingFmt,"failed due to wc_curve25519_export_public");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    prvkSz = CURVE25519_KEYSIZE;
    /* pubkSz = CURVE25519_KEYSIZE; */

    if(0 != wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
                                                     publicKey,  &pubkSz)){

        printf(testingFmt,"failed due to wc_curve25519_export_key_raw");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    if((prksz  == CURVE25519_KEYSIZE) &&
       (pbksz  == CURVE25519_KEYSIZE) &&
       (prvkSz == CURVE25519_KEYSIZE) &&
       (pubkSz == CURVE25519_KEYSIZE)){

        if( 0 == XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) &&
            0 == XMEMCMP(publicKey,  pubk, CURVE25519_KEYSIZE)){

            printf(resultFmt,passed);
            fflush( stdout );
            wc_curve25519_free(&key);
            wc_FreeRng(&rng);
            return  0;

        }
        else{

            printf(testingFmt,"failed due to key-contents-inconsistency.");
            fflush( stdout );
            wc_curve25519_free(&key);
            wc_FreeRng(&rng);
            return  1;
        }
    }
    else{

        printf(testingFmt,"failed due to bad-key-size.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

#endif
    fflush( stdout );

    return 0;
} /* end of test_wc_curve25519_export_key_raw */

/*
 * Testing test_wc_curve25519_export_key_raw_ex().
 */
static int test_wc_curve25519_export_key_raw_ex (void)
{

#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)

    curve25519_key  key;
    WC_RNG          rng;

    byte            privateKey[CURVE25519_KEYSIZE];
    byte            publicKey[CURVE25519_KEYSIZE];
    word32          prvkSz;
    word32          pubkSz;

    byte            prik[CURVE25519_KEYSIZE];
    byte            pubk[CURVE25519_KEYSIZE];
    word32          prksz;
    word32          pbksz;

    printf(testingFmt, "wc_curve25519_export_key_raw_ex()");

    if(0 != wc_InitRng(&rng)){
        printf(testingFmt, "failed due to wc_InitRng");
        fflush( stdout );
        return  1;
    }

    if(0 != wc_curve25519_init(&key)){
        printf(testingFmt, "failed due to wc_curve25519_init");
        fflush( stdout );
        wc_FreeRng(&rng);
        return  1;
    }

    if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
        printf(testingFmt, "failed due to wc_curve25519_make_key");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    /*
        bad-argument-test cases
        target function sould return BAD_FUNC_ARG
    */
    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey,
                     &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-1.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL,
                    &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-2.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey,
                            NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-3.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    /* prvkSz = CURVE25519_KEYSIZE; */
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
     &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-4.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
     &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-5.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    prvkSz = CURVE25519_KEYSIZE;
    /* pubkSz = CURVE25519_KEYSIZE; */

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey,
     &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-6.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL, &prvkSz,
            publicKey, &pubkSz, EC25519_BIG_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-7.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
                              NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-8.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    /* prvkSz = CURVE25519_KEYSIZE; */
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
    &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-9.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
     &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)){

        printf(testingFmt,"failed at bad-arg-case-10.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    /* illegal value for endien */

    prvkSz = CURVE25519_KEYSIZE;
    /* pubkSz = CURVE25519_KEYSIZE; */

    if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
     &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10 )){

        printf(testingFmt,"failed at bad-arg-case-11.");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    /*
        cross-testing
    */
    prksz = CURVE25519_KEYSIZE;

    if(0 != wc_curve25519_export_private_raw( &key, prik, &prksz )){

        printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    pbksz = CURVE25519_KEYSIZE;

    if(0 != wc_curve25519_export_public( &key, pubk, &pbksz )){

        printf(testingFmt,"failed due to wc_curve25519_export_public");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;

    }

    prvkSz = CURVE25519_KEYSIZE;
    /* pubkSz = CURVE25519_KEYSIZE; */

    if(0 != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
                    publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {

        printf(testingFmt,"failed due to wc_curve25519_export_key_raw_ex");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    if( prksz  == CURVE25519_KEYSIZE &&
        pbksz  == CURVE25519_KEYSIZE &&
        prvkSz == CURVE25519_KEYSIZE &&
        pubkSz == CURVE25519_KEYSIZE ){

        if( 0 == XMEMCMP( privateKey, prik, CURVE25519_KEYSIZE ) &&
            0 == XMEMCMP( publicKey,  pubk, CURVE25519_KEYSIZE )){

            if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
                &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){

                if( prvkSz == CURVE25519_KEYSIZE &&
                    pubkSz == CURVE25519_KEYSIZE ){

                    ;   /* proceed to the next test */
                }
                else{

                    printf(testingFmt,"failed due to key-size-inconsistency");
                    fflush( stdout );
                    wc_curve25519_free(&key);
                    wc_FreeRng(&rng);
                    return  1;
                }
            }
            else{

                printf(testingFmt,
                            "failed due to wc_curve25519_export_key_raw_ex");
                fflush( stdout );
                wc_curve25519_free(&key);
                wc_FreeRng(&rng);
                return  1;

            }
        }
        else{

            printf(testingFmt,"failed due to key-contents-inconsistency");
            fflush( stdout );
            wc_curve25519_free(&key);
            wc_FreeRng(&rng);
            return  1;

        }
    }
    else{

        printf(testingFmt,"failed due to bad-key-size");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

    /*
        try once with another endian
    */

    prvkSz = CURVE25519_KEYSIZE;
    pubkSz = CURVE25519_KEYSIZE;

    if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
    &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){

        if( prvkSz == CURVE25519_KEYSIZE &&
            pubkSz == CURVE25519_KEYSIZE ){

                /* no more test*/
                printf(resultFmt, passed );
                fflush( stdout );
                wc_curve25519_free(&key);
                wc_FreeRng(&rng);
                return 0;
        }
        else{

            printf(testingFmt,"failed due to key-size-inconsistency");
            fflush( stdout );
            wc_curve25519_free(&key);
            wc_FreeRng(&rng);
            return  1;
        }
    }
    else{

        printf(testingFmt,
                   "failed due to wc_curve25519_export_key_raw_ex(BIGENDIAN)");
        fflush( stdout );
        wc_curve25519_free(&key);
        wc_FreeRng(&rng);
        return  1;
    }

#else
    return 0;
#endif
} /* end of test_wc_curve25519_export_key_raw_ex */
/*
 * Testing wc_curve25519_make_key
 */
static int test_wc_curve25519_make_key (void)
{
    int ret = 0;
#if defined(HAVE_CURVE25519)
    WC_RNG          rng;
    curve25519_key  key;
    int             keysize;


    printf(testingFmt, "wc_curve25519_make_key()");

    ret = wc_curve25519_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
        if (ret == 0) {
            keysize = wc_curve25519_size(&key);
            if (keysize != CURVE25519_KEYSIZE) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            ret = wc_curve25519_make_key(&rng, keysize, &key);
        }
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve25519_make_key(NULL, 0, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_make_key(&rng, keysize, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_make_key(NULL, keysize, &key);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_make_key(&rng, 0, &key);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;
} /*END test_wc_curve25519_make_key*/
/*
 * Testing wc_curve25519_shared_secret_ex
 */
static int test_wc_curve25519_shared_secret_ex(void)
{
    int ret = 0;
#if defined(HAVE_CURVE25519)
    WC_RNG          rng;
    curve25519_key  private_key, public_key;
    byte            out[CURVE25519_KEYSIZE];
    word32          outLen = sizeof(out);
    int             endian = EC25519_BIG_ENDIAN;

    printf(testingFmt, "wc_curve25519_shared_secret_ex()");

    ret = wc_curve25519_init(&private_key);
    if (ret == 0) {
        ret = wc_curve25519_init(&public_key);
    }
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {
        ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
    }
    if (ret == 0) {
        ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key);
    }
    if (ret == 0) {
        ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
                                              &outLen, endian);
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL,
                                              0, endian);
        if (ret == 0) {
            ret = -1;
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out,
                                             &outLen, endian);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out,
                                              &outLen, endian);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
                                              &outLen, endian);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
                                              NULL, endian);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
    /*curve25519.c is checking for public_key size less than or equal to 0x7f,
     *increasing to 0x8f checks for error being returned*/
        public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
        ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
                                              &outLen, endian);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == ECC_BAD_ARG_E) {
           ret = 0;
        }
    }

    outLen = outLen - 2;
    if (ret == 0) {
        ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
                                              &outLen, endian);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }


    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&private_key);
    wc_curve25519_free(&public_key);
    wc_FreeRng(&rng);
#endif
    return ret;
} /*END test_wc_curve25519_shared_secret_ex*/
/*
 * Testing wc_curve25519_make_pub
 */
static int test_wc_curve25519_make_pub(void)
{
    int ret = 0;
#ifdef HAVE_CURVE25519
    WC_RNG          rng;
    curve25519_key  key;
    byte            out[CURVE25519_KEYSIZE];

    printf(testingFmt, "wc_curve25519_make_pub()");

    ret = wc_curve25519_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
        if (ret == 0) {
            ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
        }
    }
    if (ret == 0) {
      ret = wc_curve25519_make_pub((int)sizeof(out), out, (int)sizeof(key.k), key.k);
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k, (int)sizeof out, out);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), NULL);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof(key.k), key.k);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof(key.k), key.k);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        /* verify clamping test */
        key.k[0] |= ~248;
        ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
        key.k[0] &= 248;
    }
    /* repeat the expected-to-succeed test. */
    if (ret == 0) {
      ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;
} /*END test_wc_curve25519_make_pub */
/*
 * Testing test_wc_curve25519_export_public_ex
 */
static int test_wc_curve25519_export_public_ex (void)
{
    int ret = 0;
#if defined(HAVE_CURVE25519)

    WC_RNG          rng;
    curve25519_key  key;
    byte            out[CURVE25519_KEYSIZE];
    word32          outLen = sizeof(out);
    int             endian = EC25519_BIG_ENDIAN;

    printf(testingFmt, "wc_curve25519_export_public_ex()");

    ret = wc_curve25519_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
        if (ret == 0) {
            ret = wc_curve25519_export_public(&key, out, &outLen);
            }
        if (ret == 0) {
            ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
        }
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_export_public_ex(&key, out, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    outLen = outLen - 2;
    if (ret == 0) {
        ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;

} /*END test_wc_curve25519_export_public_ex*/
/*
 * Testing test_wc_curve25519_import_private_raw_ex
 */
static int test_wc_curve25519_import_private_raw_ex (void)
{
    int ret = 0;
#if defined(HAVE_CURVE25519)
    WC_RNG          rng;
    curve25519_key  key;
    byte            priv[CURVE25519_KEYSIZE];
    byte            pub[CURVE25519_KEYSIZE];
    word32          privSz = sizeof(priv);
    word32          pubSz = sizeof(pub);
    int             endian = EC25519_BIG_ENDIAN;


    printf(testingFmt, "wc_curve25519_import_private_raw_ex()");

    ret = wc_curve25519_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
        if (ret == 0) {
            ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian);
        }
        if (ret == 0) {
            ret = wc_curve25519_export_public(&key, pub, &pubSz);
        }
        if (ret == 0) {
            ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
                                                     &key, endian);
        }
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
                                                   endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
                                                 &key, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
                                                 &key, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
                                                 NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
                                                 &key, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
                                                 &key, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
                                                 &key, EC25519_LITTLE_ENDIAN);

    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&key);
    wc_FreeRng(&rng);

#endif
    return ret;
} /*END test_wc_curve25519_import_private_raw_ex*/
/*
 * Testing test_wc_curve25519_import_private
 */
static int test_wc_curve25519_import_private (void)
{
    int ret = 0;
#if defined(HAVE_CURVE25519)

    curve25519_key     key;
    WC_RNG             rng;
    byte               priv[CURVE25519_KEYSIZE];
    word32             privSz = sizeof(priv);

    printf(testingFmt, "wc_curve25519_import_private()");

    ret = wc_curve25519_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
        if (ret == 0) {
            ret = wc_curve25519_export_private_raw(&key, priv, &privSz);
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_import_private(priv, privSz, &key);
    }
    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;

} /*END test_wc_curve25519_import*/
/*
 * Testing test_wc_curve25519_export_private_raw_ex
 */
static int test_wc_curve25519_export_private_raw_ex (void)
{

    int ret = 0;
#if defined(HAVE_CURVE25519)
    curve25519_key  key;
    byte            out[CURVE25519_KEYSIZE];
    word32          outLen = sizeof(out);
    int             endian = EC25519_BIG_ENDIAN;

    printf(testingFmt, "wc_curve25519_export_private_raw_ex()");

    ret = wc_curve25519_init(&key);
    if (ret == 0) {
        ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen,
                                                 EC25519_LITTLE_ENDIAN);
    }
    outLen = outLen - 2;
    if (ret == 0) {
        ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve25519_free(&key);
#endif
    return ret;

}/*END test_wc_curve25519_export_private_raw_ex*/

/*
 * Testing wc_ed448_make_key().
 */
static int test_wc_ed448_make_key (void)
{
    int ret = 0;

#if defined(HAVE_ED448)
    ed448_key     key;
    WC_RNG        rng;

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ed448_init(&key);
    }
    printf(testingFmt, "wc_ed448_make_key()");
    if (ret == 0) {
        ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }


    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed448_free(&key);

#endif
    return ret;

} /* END test_wc_ed448_make_key */


/*
 * Testing wc_ed448_init()
 */
static int test_wc_ed448_init (void)
{
    int             ret = 0;

#if defined(HAVE_ED448)

    ed448_key    key;

    printf(testingFmt, "wc_ed448_init()");

    ret = wc_ed448_init(&key);

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ed448_init(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ed448_free(&key);

#endif
    return ret;

} /* END test_wc_ed448_init */

/*
 * Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
 */
static int test_wc_ed448_sign_msg (void)
{
    int           ret = 0;

#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
    WC_RNG        rng;
    ed448_key     key;
    byte          msg[] = "Everybody gets Friday off.\n";
    byte          sig[ED448_SIG_SIZE];
    word32        msglen = sizeof(msg);
    word32        siglen = sizeof(sig);
    word32        badSigLen = sizeof(sig) - 1;
#ifdef HAVE_ED448_VERIFY
    int           verify_ok = 0; /*1 = Verify success.*/
#endif

    /* Initialize stack variables. */
    XMEMSET(sig, 0, siglen);

    /* Initialize key. */
    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ed448_init(&key);
        if (ret == 0) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
        }
    }

    printf(testingFmt, "wc_ed448_sign_msg()");

    if (ret == 0) {
        ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0);
    }
    /* Test bad args. */
    if (ret == 0 && siglen == ED448_SIG_SIZE) {
        ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key,
                                    NULL, 0);
        }
        if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) {
            badSigLen -= 1;
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    } /* END sign */

    printf(resultFmt, ret == 0 ? passed : failed);
    #ifdef HAVE_ED448_VERIFY
        printf(testingFmt, "wc_ed448_verify_msg()");

        if (ret == 0) {

            ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
                                      &key, NULL, 0);
            if (ret == 0  && verify_ok == 1) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }

            /* Test bad args. */
            if (ret == 0) {
                AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg,
                                                  msglen, &verify_ok, &key,
                                                  NULL, 0),
                                                  BAD_FUNC_ARG);
                AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg,
                                                  msglen, &verify_ok, &key,
                                                  NULL, 0),
                                                  BAD_FUNC_ARG);

                ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
                                          &key, NULL, 0);
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen,
                                              &verify_ok, &key, NULL, 0);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
                                              NULL, &key, NULL, 0);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
                                              &verify_ok, NULL, NULL, 0);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen,
                                              &verify_ok, &key, NULL, 0);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = 0;
                } else if (ret == 0) {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            }

        } /* END verify. */

        printf(resultFmt, ret == 0 ? passed : failed);
    #endif /* Verify. */

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed448_free(&key);

#endif
    return ret;

} /* END test_wc_ed448_sign_msg */

/*
 * Testing wc_ed448_import_public()
 */
static int test_wc_ed448_import_public (void)
{
    int             ret = 0;

#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
    WC_RNG          rng;
    ed448_key     pubKey;
    const byte      in[] =
                    "Ed448PublicKeyUnitTest.................................\n";
    word32          inlen = sizeof(in);


    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ed448_init(&pubKey);
        if (ret == 0) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey);
        }
    }
    printf(testingFmt, "wc_ed448_import_public()");

    if (ret == 0) {
        ret = wc_ed448_import_public(in, inlen, &pubKey);

        if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }

        /* Test bad args. */
        if (ret == 0) {
            ret = wc_ed448_import_public(NULL, inlen, &pubKey);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_import_public(in, inlen, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_import_public(in, inlen - 1, &pubKey);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed448_free(&pubKey);

#endif
    return ret;

} /* END wc_ed448_import_public */

/*
 * Testing wc_ed448_import_private_key()
 */
static int test_wc_ed448_import_private_key (void)
{
    int         ret = 0;

#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
    WC_RNG      rng;
    ed448_key   key;
    const byte  privKey[] =
                    "Ed448PrivateKeyUnitTest................................\n";
    const byte  pubKey[] =
                    "Ed448PublicKeyUnitTest.................................\n";
    word32      privKeySz = sizeof(privKey);
    word32      pubKeySz = sizeof(pubKey);
#ifdef HAVE_ED448_KEY_EXPORT
    byte        bothKeys[sizeof(privKey) + sizeof(pubKey)];
    word32      bothKeysSz = sizeof(bothKeys);
#endif

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }
    ret = wc_ed448_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }
    ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);

    printf(testingFmt, "wc_ed448_import_private_key()");

    if (ret == 0) {
        ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz,
                                                                          &key);
        if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
                                      XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

#ifdef HAVE_ED448_KEY_EXPORT
    if (ret == 0)
        ret = wc_ed448_export_private(&key, bothKeys, &bothKeysSz);

    if (ret == 0) {
        ret = wc_ed448_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key);
        if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
                                      XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
#endif

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
                                                                          &key);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
                                                                pubKeySz, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
                                                                pubKeySz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
                                                                pubKeySz, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
                                                            pubKeySz - 1, &key);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
                                                            0, &key);
        }

        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed448_free(&key);

#endif
    return ret;

} /* END test_wc_ed448_import_private_key */

/*
 * Testing wc_ed448_export_public() and wc_ed448_export_private_only()
 */
static int test_wc_ed448_export (void)
{
    int             ret = 0;

#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
    WC_RNG          rng;
    ed448_key       key;
    byte            priv[ED448_PRV_KEY_SIZE];
    byte            pub[ED448_PUB_KEY_SIZE];
    word32          privSz = sizeof(priv);
    word32          pubSz = sizeof(pub);

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }

    ret = wc_ed448_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }

    if (ret == 0) {
        ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
    }

    printf(testingFmt, "wc_ed448_export_public()");

    if (ret == 0) {
        ret = wc_ed448_export_public(&key, pub, &pubSz);
        if (ret == 0 && (pubSz != ED448_KEY_SIZE ||
                                             XMEMCMP(key.p, pub, pubSz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        if (ret == 0) {
            ret = wc_ed448_export_public(NULL, pub, &pubSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_public(&key, NULL, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_public(&key, pub, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    printf(testingFmt, "wc_ed448_export_private_only()");

    if (ret == 0) {
        ret = wc_ed448_export_private_only(&key, priv, &privSz);
        if (ret == 0 && (privSz != ED448_KEY_SIZE ||
                                           XMEMCMP(key.k, priv, privSz) != 0)) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        if (ret == 0) {
            ret = wc_ed448_export_private_only(NULL, priv, &privSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_private_only(&key, NULL, &privSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_private_only(&key, priv, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed448_free(&key);

#endif
    return ret;

} /* END test_wc_ed448_export */

/*
 *  Testing wc_ed448_size()
 */
static int test_wc_ed448_size (void)
{
    int             ret = 0;
#if defined(HAVE_ED448)
    WC_RNG          rng;
    ed448_key       key;

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }
    ret = wc_ed448_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }

    ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        wc_ed448_free(&key);
        return ret;
    }

    printf(testingFmt, "wc_ed448_size()");
    ret = wc_ed448_size(&key);
    /* Test bad args. */
    if (ret == ED448_KEY_SIZE) {
        ret = wc_ed448_size(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_ed448_sig_size()");

        ret = wc_ed448_sig_size(&key);
        if (ret == ED448_SIG_SIZE) {
            ret = 0;
        }
        /* Test bad args. */
        if (ret == 0) {
            ret = wc_ed448_sig_size(NULL);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }

        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed448_sig_size() */

    if (ret == 0) {
        printf(testingFmt, "wc_ed448_pub_size");
        ret = wc_ed448_pub_size(&key);
        if (ret == ED448_PUB_KEY_SIZE) {
            ret = 0;
        }
        if (ret == 0) {
            ret = wc_ed448_pub_size(NULL);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed448_pub_size */

    if (ret == 0) {
        printf(testingFmt, "wc_ed448_priv_size");
        ret = wc_ed448_priv_size(&key);
        if (ret == ED448_PRV_KEY_SIZE) {
            ret = 0;
        }
        if (ret == 0) {
            ret = wc_ed448_priv_size(NULL);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed448_pub_size */

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed448_free(&key);

#endif
    return ret;

} /* END test_wc_ed448_size */

/*
 * Testing wc_ed448_export_private() and wc_ed448_export_key()
 */
static int test_wc_ed448_exportKey (void)
{
    int             ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
    WC_RNG          rng;
    ed448_key       key;
    byte            priv[ED448_PRV_KEY_SIZE];
    byte            pub[ED448_PUB_KEY_SIZE];
    byte            privOnly[ED448_PRV_KEY_SIZE];
    word32          privSz      = sizeof(priv);
    word32          pubSz       = sizeof(pub);
    word32          privOnlySz  = sizeof(privOnly);

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        return ret;
    }
    ret = wc_ed448_init(&key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        return ret;
    }

    ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
    if (ret != 0) {
        wc_FreeRng(&rng);
        wc_ed448_free(&key);
        return ret;
    }

    printf(testingFmt, "wc_ed448_export_private()");

    ret = wc_ed448_export_private(&key, privOnly, &privOnlySz);
    if (ret == 0) {
        ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_export_private(&key, NULL, &privOnlySz);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ed448_export_private(&key, privOnly, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (ret == 0) {
        printf(testingFmt, "wc_ed448_export_key()");

        ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz);
        if (ret == 0) {
            ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        printf(resultFmt, ret == 0 ? passed : failed);
    } /* END wc_ed448_export_key() */

    /* Cross check output. */
    if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ed448_free(&key);

#endif
    return ret;

} /* END test_wc_ed448_exportKey */

/*
 * Testing wc_Ed448PublicKeyToDer
 */
static int test_wc_Ed448PublicKeyToDer (void)
{
    int ret = 0;

#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
    int       tmp;
    ed448_key key;
    byte      derBuf[1024];

    printf(testingFmt, "wc_Ed448PublicKeyToDer()");

    /* Test bad args */
    tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0);
    if (tmp != BAD_FUNC_ARG) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    if (ret == 0) {
        wc_ed448_init(&key);
        tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0);
        if (tmp != BUFFER_E) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        wc_ed448_free(&key);
    }

    /*  Test good args */
    if (ret == 0) {
        WC_RNG          rng;
        ret = wc_InitRng(&rng);
        if (ret != 0) {
            return ret;
        }
        ret = wc_ed448_init(&key);
        if (ret != 0) {
            wc_FreeRng(&rng);
            return ret;
        }

        ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
        if (ret != 0) {
            wc_FreeRng(&rng);
            wc_ed448_free(&key);
            return ret;
        }

        tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1);
        if (tmp <= 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }

        wc_FreeRng(&rng);
        wc_ed448_free(&key);
    }
    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;

} /* END testing wc_Ed448PublicKeyToDer */

/*
 * Testing wc_curve448_init and wc_curve448_free.
 */
static int test_wc_curve448_init (void)
{
    int ret = 0;

#if defined(HAVE_CURVE448)

    curve448_key  key;

    printf(testingFmt, "wc_curve448_init()");
    ret = wc_curve448_init(&key);

    /* Test bad args for wc_curve448_init */
    if (ret == 0) {
        ret = wc_curve448_init(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    /*  Test good args for wc_curve_448_free */
    wc_curve448_free(&key);

    wc_curve448_free(NULL);

#endif
    return ret;

} /* END test_wc_curve448_init and wc_curve_448_free*/

/*
 * Testing wc_curve448_make_key
 */
static int test_wc_curve448_make_key (void)
{
    int ret = 0;
#if defined(HAVE_CURVE448)
    WC_RNG           rng;
    curve448_key  key;
    int           keysize;


    printf(testingFmt, "wc_curve448_make_key()");

    ret = wc_curve448_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
        if (ret == 0) {
            keysize = wc_curve448_size(&key);
            if (keysize != CURVE448_KEY_SIZE) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            ret = wc_curve448_make_key(&rng, keysize, &key);
        }
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve448_make_key(NULL, 0, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_make_key(&rng, keysize, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_make_key(NULL, keysize, &key);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_make_key(&rng, 0, &key);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }

    if (wc_FreeRng(&rng) != 0 && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&key);
#endif
    return ret;
} /*END test_wc_curve448_make_key*/
/*
 * Testing test_wc_curve448_shared_secret_ex
 */
static int test_wc_curve448_shared_secret_ex (void)
{
    int ret = 0;
#if defined(HAVE_CURVE448)
    WC_RNG        rng;
    curve448_key  private_key, public_key;
    byte          out[CURVE448_KEY_SIZE];
    word32        outLen = sizeof(out);
    int           endian = EC448_BIG_ENDIAN;

    printf(testingFmt, "wc_curve448_shared_secret_ex()");

    ret = wc_curve448_init(&private_key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
        if (ret == 0) {
            ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key);
        }
    }
    if (ret == 0) {
        ret = wc_curve448_init(&public_key);
    }
    if (ret == 0) {
        if (ret == 0) {
            ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key);
        }
    }

    if (ret == 0) {
        ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
                                            &outLen, endian);
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL,
                                            0, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_shared_secret_ex(NULL, &public_key, out,
                                            &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_shared_secret_ex(&private_key, NULL, out,
                                            &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
                                            &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
        if (ret == 0) {
        ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
                                            NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    outLen = outLen - 2;
    if (ret == 0) {
        ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
                                            &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&private_key);
    wc_curve448_free(&public_key);
    wc_FreeRng(&rng);
#endif
    return ret;
} /*END test_wc_curve448_shared_secret_ex*/
/*
 * Testing test_wc_curve448_export_public_ex
 */
static int test_wc_curve448_export_public_ex (void)
{
    int ret = 0;
#if defined(HAVE_CURVE448)

    WC_RNG        rng;
    curve448_key  key;
    byte          out[CURVE448_KEY_SIZE];
    word32        outLen = sizeof(out);
    int           endian = EC448_BIG_ENDIAN;

    printf(testingFmt, "wc_curve448_export_public_ex()");

    ret = wc_curve448_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
        if (ret == 0){
            ret = wc_curve448_export_public(&key, out, &outLen);
            }
        if (ret == 0) {
            ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
        }
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_export_public_ex(&key, out, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    outLen = outLen - 2;
    if (ret == 0) {
        ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;

} /*END test_wc_curve448_export_public_ex*/
/*
 * Testing test_wc_curve448_export_private_raw_ex
 */
static int test_wc_curve448_export_private_raw_ex (void)
{

    int ret = 0;
#if defined(HAVE_CURVE448)
    curve448_key  key;
    byte          out[CURVE448_KEY_SIZE];
    word32        outLen = sizeof(out);
    int           endian = EC448_BIG_ENDIAN;

    printf(testingFmt, "wc_curve448_export_private_raw_ex()");

    ret = wc_curve448_init(&key);
    if (ret == 0) {
        ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_export_private_raw_ex(&key, out, &outLen,
                                                 EC448_LITTLE_ENDIAN);
    }
    outLen = outLen - 2;
    if (ret == 0) {
        ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&key);
#endif
    return ret;

}/*END test_wc_curve448_export_private_raw_ex*/
/*
 * Testing test_wc_curve448_import_private_raw_ex
 */
static int test_wc_curve448_import_private_raw_ex (void)
{
    int ret = 0;
#if defined(HAVE_CURVE448)
    WC_RNG             rng;
    curve448_key    key;
    byte            priv[CURVE448_KEY_SIZE];
    byte            pub[CURVE448_KEY_SIZE];
    word32          privSz = sizeof(priv);
    word32          pubSz = sizeof(pub);
    int             endian = EC448_BIG_ENDIAN;

    printf(testingFmt, "wc_curve448_import_private_raw_ex()");

    ret = wc_curve448_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
        if (ret == 0){
            ret = wc_curve448_export_private_raw(&key, priv, &privSz);
        }
        if (ret == 0){
            ret = wc_curve448_export_public(&key, pub, &pubSz);
            }
        if (ret == 0) {
            ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
                                                     &key, endian);
        }
    }
    /*test bad cases*/
    if (ret == 0) {
        ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
                                                 &key, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
                                                 &key, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
                                                 NULL, endian);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
                                                 &key, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
                                                 &key, endian);
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
                                                 &key, EC448_LITTLE_ENDIAN);

    }

    if (wc_FreeRng(&rng) != 0 && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&key);

#endif
    return ret;
} /*END test_wc_curve448_import_private_raw_ex*/
/*
 * Testing test_curve448_export_key_raw
 */
static int test_wc_curve448_export_key_raw (void)
{
    int ret = 0;
#if defined(HAVE_CURVE448)
    WC_RNG          rng;
    curve448_key    key;
    byte            priv[CURVE448_KEY_SIZE];
    byte            pub[CURVE448_KEY_SIZE];
    word32          privSz = sizeof(priv);
    word32          pubSz = sizeof(pub);

    printf(testingFmt, "wc_curve448_export_key_raw()");

    ret = wc_curve448_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
        if (ret == 0) {
            ret = wc_curve448_export_private_raw(&key, priv, &privSz);
        }
        if (ret == 0) {
            ret = wc_curve448_export_public(&key, pub, &pubSz);
            }
        if (ret == 0) {
            ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz);
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;

}/*END test_wc_curve448_import_private_raw_ex*/


/*
 * Testing test_wc_curve448_import_private
 */
static int test_wc_curve448_import_private (void)
{
    int ret = 0;
#if defined(HAVE_CURVE448)

    curve448_key       key;
    WC_RNG             rng;
    byte               priv[CURVE448_KEY_SIZE];
    word32             privSz = sizeof(priv);

    printf(testingFmt, "wc_curve448_import_private()");

    ret = wc_curve448_init(&key);
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }
    if (ret == 0) {

        ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
        if (ret == 0) {
            ret = wc_curve448_export_private_raw(&key, priv, &privSz);
        }
    }
    if (ret == 0) {
        ret = wc_curve448_import_private(priv, privSz, &key);
    }
    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;

} /*END test_wc_curve448_import*/
/*
 * Testing test_wc_curve448_size.
 */
static int test_wc_curve448_size (void)
{
    int ret = 0;

#if defined(HAVE_CURVE448)

    curve448_key  key;

    printf(testingFmt, "wc_curve448_size()");

    ret = wc_curve448_init(&key);

    /*  Test good args for wc_curve448_size */
    if (ret == 0) {
        ret = wc_curve448_size(&key);
    }

    /* Test bad args for wc_curve448_size */
    if (ret != 0) {
        ret = wc_curve448_size(NULL);
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    wc_curve448_free(&key);
#endif
    return ret;

} /* END test_wc_curve448_size*/

/*
 * Testing wc_ecc_make_key.
 */
static int test_wc_ecc_make_key (void)
{
    int     ret = 0;

#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
    WC_RNG rng;
    ecc_key key;

    printf(testingFmt, "wc_ecc_make_key()");

    ret = wc_InitRng(&rng);
    if (ret != 0)
        return ret;

    ret = wc_ecc_init(&key);
    if (ret == 0) {
        ret = wc_ecc_make_key(&rng, KEY14, &key);

        /* Pass in bad args. */
        if (ret == 0) {
            ret = wc_ecc_make_key(NULL, KEY14, &key);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ecc_make_key(&rng, KEY14, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        wc_ecc_free(&key);
    }

    if (wc_FreeRng(&rng) != 0 && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

    printf(resultFmt, ret == 0 ? passed : failed);
#endif

    return ret;

} /* END test_wc_ecc_make_key */


/*
 * Testing wc_ecc_init()
 */
static int test_wc_ecc_init (void)
{
    int         ret = 0;

#ifdef HAVE_ECC
    ecc_key     key;

    printf(testingFmt, "wc_ecc_init()");

    ret = wc_ecc_init(&key);
    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_ecc_init(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ecc_free(&key);

#endif
    return ret;

} /* END test_wc_ecc_init */

/*
 * Testing wc_ecc_check_key()
 */
static int test_wc_ecc_check_key (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
    WC_RNG      rng;
    ecc_key     key;

    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY14, &key);
        }
    }

    printf(testingFmt, "wc_ecc_check_key()");

    if (ret == 0) {
        ret = wc_ecc_check_key(&key);
    }

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_ecc_check_key(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END test_wc_ecc_check_key */

/*
 * Testing wc_ecc_get_generator()
 */
static int test_wc_ecc_get_generator(void)
{
    int         ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
    !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
    ecc_point* pt;

    printf(testingFmt, "wc_ecc_new_point()");

    pt = wc_ecc_new_point();
    if (!pt) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(testingFmt, "wc_ecc_get_generator()");

    if (ret == 0) {
        ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1));
    }

    /* Test bad args. */
    if (ret == MP_OKAY) {
        /* Returns Zero for bad arg. */
        ret = wc_ecc_get_generator(pt, -1);
        if (ret != MP_OKAY)
            wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1));
        if (ret != MP_OKAY)
            wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves
                                             * increase this number */
        if (ret != MP_OKAY)
            wc_ecc_get_generator(NULL, -1);
        ret = ret == MP_OKAY ? WOLFSSL_FATAL_ERROR : 0;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ecc_del_point(pt);
#endif
    return ret;
} /* END test_wc_ecc_get_generator */

/*
 * Testing wc_ecc_size()
 */
static int test_wc_ecc_size (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
    WC_RNG      rng;
    ecc_key     key;

    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY14, &key);
        }
    }

    printf(testingFmt, "wc_ecc_size()");

    if (ret == 0) {
        ret = wc_ecc_size(&key);
        if (ret == KEY14) {
            ret = 0;
        } else if (ret == 0){
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        /* Returns Zero for bad arg. */
        ret = wc_ecc_size(NULL);
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);

#endif
    return ret;
} /* END test_wc_ecc_size */

static void test_wc_ecc_params(void)
{
    /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
        It was added after certifications */
#if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
    const ecc_set_type* ecc_set;
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
    /* Test for SECP256R1 curve */
    int curve_id = ECC_SECP256R1;
    int curve_idx = wc_ecc_get_curve_idx(curve_id);
    AssertIntNE(curve_idx, ECC_CURVE_INVALID);
    ecc_set = wc_ecc_get_curve_params(curve_idx);
    AssertNotNull(ecc_set);
    AssertIntEQ(ecc_set->id, curve_id);
#endif
    /* Test case when SECP256R1 is not enabled */
    /* Test that we get curve params for index 0 */
    ecc_set = wc_ecc_get_curve_params(0);
    AssertNotNull(ecc_set);
#endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
}

/*
 * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
 */
static int test_wc_ecc_signVerify_hash (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
    WC_RNG      rng;
    ecc_key     key;
    int         signH = WOLFSSL_FATAL_ERROR;
    #ifdef HAVE_ECC_VERIFY
        int     verifyH = WOLFSSL_FATAL_ERROR;
        int     verify  = 0;
    #endif
    word32      siglen = ECC_BUFSIZE;
    byte        sig[ECC_BUFSIZE];
    byte        adjustedSig[ECC_BUFSIZE+1];
    byte        digest[] = TEST_STRING;
    word32      digestlen = (word32)TEST_STRING_SZ;

    /* Init stack var */
    XMEMSET(sig, 0, siglen);
    XMEMSET(&key, 0, sizeof(key));
    XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);

    /* Init structs. */
    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY14, &key);
        }
    }

    printf(testingFmt, "wc_ecc_sign_hash()");

    if (ret == 0) {
        ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key);
    }

    /* Check bad args. */
    if (ret == 0) {
        signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key);
        if (signH == ECC_BAD_ARG_E) {
            signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen,
                                                                &rng, &key);
        }
        if (signH == ECC_BAD_ARG_E) {
            signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL,
                                                                &rng, &key);
        }
        if (signH == ECC_BAD_ARG_E) {
            signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
                                                                NULL, &key);
        }
        if (signH == ECC_BAD_ARG_E) {
            signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
                                                                &rng, NULL);
        }
        if (signH == ECC_BAD_ARG_E) {
            signH = 0;
        } else if (ret == 0) {
            signH = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, signH == 0 ? passed : failed);

    #ifdef HAVE_ECC_VERIFY
        printf(testingFmt, "wc_ecc_verify_hash()");

        ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key);
        if (verify != 1 && ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }

        /* test check on length of signature passed in */
        XMEMCPY(adjustedSig, sig, siglen);
        adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
#ifndef NO_STRICT_ECDSA_LEN
        AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
                    &verify, &key), 0);
#else
        /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
         * is allowed */
        AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
                    &verify, &key), 0);
#endif

        /* Test bad args. */
        if (ret == 0) {
            verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
                                                            &verify, &key);
            if (verifyH == ECC_BAD_ARG_E) {
                verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen,
                                                            &verify, &key);
            }
            if (verifyH == ECC_BAD_ARG_E) {
                verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
                                                                NULL, &key);
            }
            if (verifyH == ECC_BAD_ARG_E) {
                verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
                                                            &verify, NULL);
            }
            if (verifyH == ECC_BAD_ARG_E) {
                verifyH = 0;
            } else if (ret == 0) {
                verifyH = WOLFSSL_FATAL_ERROR;
            }
        }

        printf(resultFmt, verifyH == 0 ? passed : failed);

    #endif /* HAVE_ECC_VERIFY */

        if (wc_FreeRng(&rng) && ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        wc_ecc_free(&key);

    #ifdef FP_ECC
        wc_ecc_fp_free();
    #endif

#endif
    return ret;

} /*  END test_wc_ecc_sign_hash */


/*
 * Testing wc_ecc_shared_secret()
 */
static int test_wc_ecc_shared_secret (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
    ecc_key     key, pubKey;
    WC_RNG      rng;
    byte        out[KEY32];
    int         keySz = sizeof(out);
    word32      outlen = (word32)sizeof(out);

#if defined(HAVE_ECC) && !defined(NO_ECC256)
    const char* qx =
        "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
    const char* qy =
        "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
    const char* d  =
        "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
    const char* curveName = "SECP256R1";
    const byte expected_shared_secret[] =
        {
            0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75,
            0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a,
            0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf,
            0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06
        };
#endif

    /* Initialize variables. */
    XMEMSET(out, 0, keySz);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));
    XMEMSET(&pubKey, 0, sizeof(pubKey));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_init(&pubKey);
        }
    }

#if defined(HAVE_ECC) && !defined(NO_ECC256)
    if (ret == 0) {
        ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
    }
    if (ret == 0) {
        ret = wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName);
    }
#else
    if (ret == 0) {
        ret = wc_ecc_make_key(&rng, keySz, &key);
    }
    if (ret == 0) {
        ret = wc_ecc_make_key(&rng, keySz, &pubKey);
    }
#endif

#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
    !defined(HAVE_SELFTEST)
    if (ret == 0) {
        ret = wc_ecc_set_rng(&key, &rng);
    }
#endif

    printf(testingFmt, "wc_ecc_shared_secret()");
    if (ret == 0) {
        ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);

#if defined(HAVE_ECC) && !defined(NO_ECC256)
        if (ret == 0) {
            if (0 != XMEMCMP(out, expected_shared_secret, outlen)) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
#endif

        /* Test bad args. */
        if (ret == 0) {
            ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ecc_shared_secret(&key, NULL, out, &outlen);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL);
            }
            if (ret == BAD_FUNC_ARG) {
                /* Invalid length */
                outlen = 1;
                ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
            }

            if (ret == BUFFER_E) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);
    wc_ecc_free(&pubKey);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END tests_wc_ecc_shared_secret */

/*
 * testint wc_ecc_export_x963()
 */
static int test_wc_ecc_export_x963 (void)
{
    int     ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
    ecc_key key;
    WC_RNG  rng;
    byte    out[ECC_ASN963_MAX_BUF_SZ];
    word32  outlen = sizeof(out);

    /* Initialize variables. */
    XMEMSET(out, 0, outlen);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY20, &key);
        }
    }
    printf(testingFmt, "wc_ecc_export_x963()");

    if (ret == 0) {
        ret = wc_ecc_export_x963(&key, out, &outlen);
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_export_x963(NULL, out, &outlen);
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_export_x963(&key, NULL, &outlen);
        }
        if (ret == LENGTH_ONLY_E) {
            ret = wc_ecc_export_x963(&key, out, NULL);
        }
        if (ret == ECC_BAD_ARG_E) {
            key.idx = -4;
            ret = wc_ecc_export_x963(&key, out, &outlen);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END test_wc_ecc_export_x963 */

/*
 * Testing wc_ecc_export_x963_ex()
 * compile with --enable-compkey will use compression.
 */
static int test_wc_ecc_export_x963_ex (void)
{
    int     ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
    ecc_key key;
    WC_RNG  rng;
    byte    out[ECC_ASN963_MAX_BUF_SZ];
    word32  outlen = sizeof(out);
    #ifdef HAVE_COMP_KEY
        word32  badOutLen = 5;
    #endif

    /* Init stack variables. */
    XMEMSET(out, 0, outlen);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY64, &key);
        }
    }

    printf(testingFmt, "wc_ecc_export_x963_ex()");

    #ifdef HAVE_COMP_KEY
        if (ret == 0) {
            ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
        }
    #else
        if (ret == 0) {
            ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
        }
    #endif

    /* Test bad args. */
    #ifdef HAVE_COMP_KEY
    if (ret == 0) {
        ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP);
        }
        if (ret == BUFFER_E) {
            key.idx = -4;
            ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    #else
        if (ret == 0) {
            ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP);
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP);
            }
            if (ret == BAD_FUNC_ARG) {
                ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1);
            }
            if (ret == NOT_COMPILED_IN) {
                ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP);
            }
            if (ret == BAD_FUNC_ARG) {
                key.idx = -4;
                ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
            }
            if (ret == ECC_BAD_ARG_E) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    #endif

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END test_wc_ecc_export_x963_ex */

/*
 * testing wc_ecc_import_x963()
 */
static int test_wc_ecc_import_x963 (void)
{
    int     ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
    defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
    ecc_key pubKey, key;
    WC_RNG  rng;
    byte    x963[ECC_ASN963_MAX_BUF_SZ];
    word32  x963Len = (word32)sizeof(x963);

    /* Init stack variables. */
    XMEMSET(x963, 0, x963Len);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));
    XMEMSET(&pubKey, 0, sizeof(pubKey));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&pubKey);
        if (ret == 0) {
            ret = wc_ecc_init(&key);
        }
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY24, &key);
        }
        if (ret == 0) {
            PRIVATE_KEY_UNLOCK();
            ret = wc_ecc_export_x963(&key, x963, &x963Len);
            PRIVATE_KEY_LOCK();
        }
    }

    printf(testingFmt, "wc_ecc_import_x963()");
    if (ret == 0) {
        ret = wc_ecc_import_x963(x963, x963Len, &pubKey);
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_import_x963(NULL, x963Len, &pubKey);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_x963(x963, x963Len, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);
    wc_ecc_free(&pubKey);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END wc_ecc_import_x963 */

/*
 * testing wc_ecc_import_private_key()
 */
static int ecc_import_private_key (void)
{
    int     ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
    defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
    ecc_key key, keyImp;
    WC_RNG  rng;
    byte    privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
    byte    x963Key[ECC_ASN963_MAX_BUF_SZ];
    word32  privKeySz = (word32)sizeof(privKey);
    word32  x963KeySz = (word32)sizeof(x963Key);

    /* Init stack variables. */
    XMEMSET(privKey, 0, privKeySz);
    XMEMSET(x963Key, 0, x963KeySz);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));
    XMEMSET(&keyImp, 0, sizeof(keyImp));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_init(&keyImp);
        }
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY48, &key);
        }
        if (ret == 0) {
            PRIVATE_KEY_UNLOCK();
            ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz);
            PRIVATE_KEY_LOCK();
        }
        if (ret == 0) {
            ret = wc_ecc_export_private_only(&key, privKey, &privKeySz);
        }
    }

    printf(testingFmt, "wc_ecc_import_private_key()");

    if (ret == 0) {
        ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
                                                x963KeySz, &keyImp);
    }
    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
                                                x963KeySz, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key,
                                                x963KeySz, &keyImp);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);
    wc_ecc_free(&keyImp);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END wc_ecc_import_private_key */


/*
 * Testing wc_ecc_export_private_only()
 */
static int test_wc_ecc_export_private_only (void)
{
    int     ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
    ecc_key key;
    WC_RNG  rng;
    byte    out[ECC_PRIV_KEY_BUF];
    word32  outlen = sizeof(out);

    /* Init stack variables. */
    XMEMSET(out, 0, outlen);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY32, &key);
        }
    }
    printf(testingFmt, "wc_ecc_export_private_only()");

    if (ret == 0) {
        ret = wc_ecc_export_private_only(&key, out, &outlen);
    }
    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_ecc_export_private_only(NULL, out, &outlen);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_export_private_only(&key, NULL, &outlen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_export_private_only(&key, out, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END test_wc_ecc_export_private_only */


/*
 * Testing wc_ecc_rs_to_sig()
 */
static int test_wc_ecc_rs_to_sig (void)
{

    int           ret = 0;

#if defined(HAVE_ECC) && !defined(NO_ASN)
    /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
    const char*   R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
    const char*   S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
    const char*   zeroStr = "0";
    byte          sig[ECC_MAX_SIG_SIZE];
    word32        siglen = (word32)sizeof(sig);
    /*R and S max size is the order of curve. 2^192.*/
    int           keySz = KEY24;
    byte          r[KEY24];
    byte          s[KEY24];
    word32        rlen = (word32)sizeof(r);
    word32        slen = (word32)sizeof(s);

    /* Init stack variables. */
    XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
    XMEMSET(r, 0, keySz);
    XMEMSET(s, 0, keySz);

    printf(testingFmt, "wc_ecc_rs_to_sig()");

    ret = wc_ecc_rs_to_sig(R, S, sig, &siglen);
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen);
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_rs_to_sig(R, S, sig, NULL);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen);
        }
        if (ret == MP_ZERO_E) {
            ret = wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen);
        }
        if (ret == MP_ZERO_E) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    printf(testingFmt, "wc_ecc_sig_to_rs()");
    if (ret == 0) {
        ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen);
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;

} /* END test_wc_ecc_rs_to_sig */

static int test_wc_ecc_import_raw(void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && !defined(NO_ECC256)
    ecc_key     key;
    const char* qx =
              "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
    const char* qy =
              "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
    const char* d  =
             "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
    const char* curveName = "SECP256R1";
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
    const char* kNullStr = "";
#endif

    ret = wc_ecc_init(&key);

    printf(testingFmt, "wc_ecc_import_raw()");

    if (ret == 0) {
        ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_raw(&key, qx, qy, d, NULL);
        }
    #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
        if (ret == BAD_FUNC_ARG) {
        #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
            wc_ecc_free(&key);
        #endif
            ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName);
            if (ret == ECC_INF_E)
                ret = BAD_FUNC_ARG; /* This is expected by other tests */
        }
    #endif
    #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
        if (ret == BAD_FUNC_ARG) {
        #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
            wc_ecc_free(&key);
        #endif
            ret = wc_ecc_import_raw(&key, "0", qy, d, curveName);
        }
        if (ret == BAD_FUNC_ARG) {
        #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
            wc_ecc_free(&key);
        #endif
            ret = wc_ecc_import_raw(&key, qx, "0", d, curveName);
        }
    #endif
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ecc_free(&key);

#endif

    return ret;

} /* END test_wc_ecc_import_raw */

static int test_wc_ecc_import_unsigned(void)
{
    int         ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
    ecc_key     key;
    const byte  qx[] = {
        0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
        0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
        0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
        0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
    };
    const byte  qy[] = {
        0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
        0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
        0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
        0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
    };
    const byte  d[] = {
        0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
        0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
        0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
        0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
    };
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
    const byte nullBytes[32] = {0};
#endif
    int curveId = ECC_SECP256R1;

    ret = wc_ecc_init(&key);

    printf(testingFmt, "wc_ecc_import_unsigned()");

    if (ret == 0) {
        ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
            curveId);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
            curveId);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
                curveId);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
                curveId);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
                ECC_CURVE_INVALID);
        }
    #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
                (byte*)nullBytes, (byte*)nullBytes, curveId);
        }
    #endif
        if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ecc_free(&key);

#endif

    return ret;

} /* END test_wc_ecc_import_unsigned */


/*
 * Testing wc_ecc_sig_size()
 */
static int test_wc_ecc_sig_size (void)
{
   int         ret = 0;

#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
    ecc_key     key;
    WC_RNG      rng;
    int         keySz = KEY16;

    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));
    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, keySz, &key);
        }
    }

    printf(testingFmt, "wc_ecc_sig_size()");

    if (ret == 0) {
        ret = wc_ecc_sig_size(&key);
        if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);

#endif
    return ret;

} /* END test_wc_ecc_sig_size */

/*
 * Testing wc_ecc_ctx_new()
 */
static int test_wc_ecc_ctx_new (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
    WC_RNG      rng;
    ecEncCtx*   cli = NULL;
    ecEncCtx*   srv = NULL;

    ret = wc_InitRng(&rng);

    printf(testingFmt, "wc_ecc_ctx_new()");
    if (ret == 0) {
        cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
        srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
    }
    if (ret == 0 && (cli == NULL || srv == NULL)) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    wc_ecc_ctx_free(cli);
    wc_ecc_ctx_free(srv);

    /* Test bad args. */
    if (ret == 0) {
        /* wc_ecc_ctx_new_ex() will free if returned NULL. */
        cli = wc_ecc_ctx_new(0, &rng);
        if (cli != NULL) {
            ret = WOLFSSL_FATAL_ERROR;
        }
        cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL);
        if (cli != NULL) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_ctx_free(cli);

#endif
    return ret;

} /* END test_wc_ecc_ctx_new */

/*
 * Tesing wc_ecc_reset()
 */
static int test_wc_ecc_ctx_reset (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
    ecEncCtx*   ctx = NULL;
    WC_RNG      rng;

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(testingFmt, "wc_ecc_ctx_reset()");

    if (ret == 0) {
        ret = wc_ecc_ctx_reset(ctx, &rng);
    }

    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_ecc_ctx_reset(NULL, &rng);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_ctx_reset(ctx, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_ctx_free(ctx);

#endif
    return ret;

} /* END test_wc_ecc_ctx_reset */

/*
 * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
 */
static int test_wc_ecc_ctx_set_peer_salt (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
    WC_RNG          rng;
    ecEncCtx*       cliCtx      = NULL;
    ecEncCtx*       servCtx     = NULL;
    const byte*     cliSalt     = NULL;
    const byte*     servSalt    = NULL;

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) ||
           ( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(testingFmt, "wc_ecc_ctx_get_own_salt()");

    /* Test bad args. */
    if (ret == 0) {
        cliSalt  = wc_ecc_ctx_get_own_salt(NULL);
        if (cliSalt != NULL) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (ret == 0) {
        cliSalt  = wc_ecc_ctx_get_own_salt(cliCtx);
        servSalt = wc_ecc_ctx_get_own_salt(servCtx);
        if (cliSalt == NULL || servSalt == NULL) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    printf(testingFmt, "wc_ecc_ctx_set_peer_salt()");

    if (ret == 0) {
        ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_ctx_free(cliCtx);
    wc_ecc_ctx_free(servCtx);

#endif
    return ret;

} /* END test_wc_ecc_ctx_set_peer_salt */

/*
 * Testing wc_ecc_ctx_set_info()
 */
static int test_wc_ecc_ctx_set_info (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
    ecEncCtx*   ctx = NULL;
    WC_RNG      rng;
    const char* optInfo = "Optional Test Info.";
    int         optInfoSz = (int)XSTRLEN(optInfo);
    const char* badOptInfo = NULL;

    ret = wc_InitRng(&rng);
    if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(testingFmt, "wc_ecc_ctx_set_info()");

    if (ret == 0) {
        ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_ctx_free(ctx);

#endif
    return ret;

} /* END test_wc_ecc_ctx_set_info */

/*
 * Testing wc_ecc_encrypt() and wc_ecc_decrypt()
 */
static int test_wc_ecc_encryptDecrypt (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
    defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
    ecc_key     srvKey, cliKey, tmpKey;
    WC_RNG      rng;
    const char* msg   = "EccBlock Size 16";
    word32      msgSz = (word32)XSTRLEN(msg);
#ifdef WOLFSSL_ECIES_OLD
    byte        out[XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
#else
    byte        out[KEY20 * 2 + 1 + XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
#endif
    word32      outSz = (word32)sizeof(out);
    byte        plain[XSTRLEN(msg) + 1];
    word32      plainSz = (word32)sizeof(plain);
    int         keySz = KEY20;

    /* Init stack variables. */
    XMEMSET(out, 0, outSz);
    XMEMSET(plain, 0, plainSz);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&srvKey, 0, sizeof(srvKey));
    XMEMSET(&cliKey, 0, sizeof(cliKey));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&cliKey);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, keySz, &cliKey);
        }
        if (ret == 0) {
            ret = wc_ecc_init(&srvKey);
        }
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, keySz, &srvKey);
        }
        if (ret == 0) {
            ret = wc_ecc_init(&tmpKey);
        }
    }

#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
    !defined(HAVE_SELFTEST)
    if (ret == 0) {
        ret = wc_ecc_set_rng(&srvKey, &rng);
    }
    if (ret == 0) {
        ret = wc_ecc_set_rng(&cliKey, &rng);
    }
#endif

    printf(testingFmt, "wc_ecc_encrypt()");

    if (ret == 0) {
        ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
                                                            &outSz, NULL);
    }
    if (ret == 0) {
        ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out,
                                                            &outSz, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out,
                                                            &outSz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out,
                                                            &outSz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
                                                            &outSz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
                                                            NULL, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    printf(testingFmt, "wc_ecc_decrypt()");

#ifdef WOLFSSL_ECIES_OLD
    if (ret == 0) {
        tmpKey.dp = cliKey.dp;
        ret = wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey);
    }
#endif

    if (ret == 0) {
        ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain,
                                                        &plainSz, NULL);
    }
    if (ret == 0) {
        ret = wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain,
                                                        &plainSz, NULL);
    #ifdef WOLFSSL_ECIES_OLD
        /* NULL parameter allowed in new implementations - public key comes from
         * the message. */
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain,
                                                        &plainSz, NULL);
        }
    #endif
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain,
                                                        &plainSz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL,
                                                        &plainSz, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz,
                                                        plain, NULL, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (XMEMCMP(msg, plain, msgSz) != 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&tmpKey);
    wc_ecc_free(&cliKey);
    wc_ecc_free(&srvKey);

#endif
    return ret;

} /* END test_wc_ecc_encryptDecrypt */

/*
 * Testing wc_ecc_del_point() and wc_ecc_new_point()
 */
static int test_wc_ecc_del_point (void)
{
    int         ret = 0;

#if defined(HAVE_ECC)
    ecc_point*   pt;

    printf(testingFmt, "wc_ecc_new_point()");

    pt = wc_ecc_new_point();
    if (!pt) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ecc_del_point(pt);

#endif
    return ret;

} /* END test_wc_ecc_del_point */

/*
 * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
 * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
 * and wc_ecc_cmp_point()
 */
static int test_wc_ecc_pointFns (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
    !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
    !defined(WOLFSSL_ATECC608A)
    ecc_key     key;
    WC_RNG      rng;
    ecc_point*  point = NULL;
    ecc_point*  cpypt = NULL;
    int         idx = 0;
    int         keySz = KEY32;
    byte        der[DER_SZ(KEY32)];
    word32      derlenChk = 0;
    word32      derSz = DER_SZ(KEY32);

    /* Init stack variables. */
    XMEMSET(der, 0, derSz);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, keySz, &key);
        }
    }

    if (ret == 0) {
        point = wc_ecc_new_point();
        if (!point) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    if (ret == 0) {
        cpypt = wc_ecc_new_point();
        if (!cpypt) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    /* Export */
    printf(testingFmt, "wc_ecc_export_point_der()");
    if (ret == 0) {
        ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
                                                       NULL, &derlenChk);
        /* Check length value. */
        if (derSz == derlenChk && ret == LENGTH_ONLY_E) {
            ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
                                                           der, &derSz);
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz);
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
                                                                der, NULL);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    /* Import */
    printf(testingFmt, "wc_ecc_import_point_der()");

    if (ret == 0) {
        ret = wc_ecc_import_point_der(der, derSz, idx, point);
        /* Condition double checks wc_ecc_cmp_point().  */
        if (ret == 0 && XMEMCMP(&key.pubkey, point, sizeof(key.pubkey))) {
            ret = wc_ecc_cmp_point(&key.pubkey, point);
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_import_point_der(NULL, derSz, idx, point);
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_import_point_der(der, derSz, idx, NULL);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_import_point_der(der, derSz, -1, point);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_import_point_der(der, derSz + 1, idx, point);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);

    /* Copy */
    printf(testingFmt, "wc_ecc_copy_point()");

    if (ret == 0) {
        ret = wc_ecc_copy_point(point, cpypt);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_copy_point(NULL, cpypt);
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_copy_point(point, NULL);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    printf(testingFmt, "wc_ecc_cmp_point()");
    /* Compare point */
    if (ret == 0) {
        ret = wc_ecc_cmp_point(point, cpypt);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_cmp_point(NULL, cpypt);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_cmp_point(point, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);

    printf(testingFmt, "wc_ecc_point_is_at_infinity()");
    /* At infinity if return == 1, otherwise return == 0. */
    if (ret == 0) {
        ret = wc_ecc_point_is_at_infinity(point);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_point_is_at_infinity(NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#ifdef USE_ECC_B_PARAM
    printf(testingFmt, "wc_ecc_point_is_on_curve()");
    /* On curve if ret == 0 */
    if (ret == 0) {
        ret = wc_ecc_point_is_on_curve(point, idx);
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_point_is_on_curve(NULL, idx);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_point_is_on_curve(point, 1000);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(resultFmt, ret == 0 ? passed : failed);
#endif /* USE_ECC_B_PARAM */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */

    /* Free */
    wc_ecc_del_point(point);
    wc_ecc_del_point(cpypt);
    wc_ecc_free(&key);
    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }

#endif
    return ret;

} /* END test_wc_ecc_pointFns */


/*
 * Testing wc_ecc_sahred_secret_ssh()
 */
static int test_wc_ecc_shared_secret_ssh (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
    !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
    !defined(WOLFSSL_ATECC608A)
    ecc_key     key, key2;
    WC_RNG      rng;
    int         keySz = KEY32;
    int         key2Sz = KEY24;
    byte        secret[KEY32];
    word32      secretLen = keySz;

    /* Init stack variables. */
    XMEMSET(secret, 0, secretLen);
    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));
    XMEMSET(&key2, 0, sizeof(key2));
    /* Make keys */
    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, keySz, &key);
        }
        if (wc_FreeRng(&rng) && ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    if (ret == 0) {
        ret = wc_InitRng(&rng);
        if (ret == 0) {
            ret = wc_ecc_init(&key2);
        }
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, key2Sz, &key2);
        }
    }

    printf(testingFmt, "ecc_shared_secret_ssh()");

#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
    !defined(HAVE_SELFTEST)
    if (ret == 0) {
        ret = wc_ecc_set_rng(&key, &rng);
    }
#endif

    if (ret == 0) {
        ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
    }
    /* Pass in bad args. */
    if (ret == 0) {
        ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen);
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen);
        }
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL);
        }
        if (ret == BAD_FUNC_ARG) {
            key.type = ECC_PUBLICKEY;
            ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
            if (ret == ECC_BAD_ARG_E) {
                ret = 0;
            } else if (ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);
    wc_ecc_free(&key2);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;

} /* END test_wc_ecc_shared_secret_ssh */

/*
 * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
 */
static int test_wc_ecc_verify_hash_ex (void)
{
    int             ret = 0;

#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
     && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
    !defined(WOLFSSL_ATECC608A)
    ecc_key         key;
    WC_RNG          rng;
    mp_int          r;
    mp_int          s;
    unsigned char   hash[] = "Everyone gets Friday off.EccSig";
    unsigned char   iHash[] = "Everyone gets Friday off.......";
    unsigned char   shortHash[] = TEST_STRING;
    word32          hashlen = sizeof(hash);
    word32          iHashLen = sizeof(iHash);
    word32          shortHashLen = sizeof(shortHash);
    int             keySz = KEY32;
    int             sig = WOLFSSL_FATAL_ERROR;
    int             ver = WOLFSSL_FATAL_ERROR;
    int             verify_ok = 0;

    /* Initialize r and s. */
    ret = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL);
    if (ret != MP_OKAY) {
        return MP_INIT_E;
    }

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, keySz, &key);
        }
    }
    if (ret == 0) {
        ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s);
        if (ret == 0) {
            /* verify_ok should be 1. */
            ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key);
            if (verify_ok != 1 && ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            /* verify_ok should be 0 */
            ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen,
                                                    &verify_ok, &key);
            if (verify_ok != 0 && ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
        if (ret == 0) {
            /* verify_ok should be 0. */
            ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
                                                            &verify_ok, &key);
            if (verify_ok != 0 && ret == 0) {
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
    }

    printf(testingFmt, "wc_ecc_sign_hash_ex()");
    /* Test bad args. */
    if (ret == 0) {
        if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s)
                                                == ECC_BAD_ARG_E) {
            sig = 0;
        }
        if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s)
                                                            != ECC_BAD_ARG_E) {
            sig = WOLFSSL_FATAL_ERROR;
        }
        if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s)
                                                            != ECC_BAD_ARG_E) {
            sig = WOLFSSL_FATAL_ERROR;
        }
        if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s)
                                                            != ECC_BAD_ARG_E) {
            sig = WOLFSSL_FATAL_ERROR;
        }
        if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL)
                                                            != ECC_BAD_ARG_E) {
            sig = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(resultFmt, sig == 0 ? passed : failed);
    printf(testingFmt, "wc_ecc_verify_hash_ex()");
    /* Test bad args. */
    if (ret == 0) {
        if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key)
                                                            == ECC_BAD_ARG_E) {
            ver = 0;
        }
        if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
                                                &verify_ok, &key) != ECC_BAD_ARG_E) {
            ver = WOLFSSL_FATAL_ERROR;
        }
        if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
                                                       &key) != ECC_BAD_ARG_E) {
            ver = WOLFSSL_FATAL_ERROR;
        }
        if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
                                                NULL, &key) != ECC_BAD_ARG_E) {
            ver = WOLFSSL_FATAL_ERROR;
        }
        if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
                                                &verify_ok, NULL) != ECC_BAD_ARG_E) {
            ver = WOLFSSL_FATAL_ERROR;
        }
    }
    printf(resultFmt, ver == 0 ? passed : failed);

    wc_ecc_free(&key);
    mp_free(&r);
    mp_free(&s);
    if (wc_FreeRng(&rng)) {
        return WOLFSSL_FATAL_ERROR;
    }
    if (ret == 0 && (sig != 0 || ver != 0)) {
        ret = WOLFSSL_FATAL_ERROR;
    }
#endif
    return ret;

} /* END test_wc_ecc_verify_hash_ex */

/*
 * Testing wc_ecc_mulmod()
 */

static int test_wc_ecc_mulmod (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
    !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
      defined(WOLFSSL_VALIDATE_ECC_IMPORT))
    ecc_key     key1, key2, key3;
    WC_RNG      rng;

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key1);
        if (ret == 0) {
            ret = wc_ecc_init(&key2);
        }
        if (ret == 0) {
            ret = wc_ecc_init(&key3);
        }
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY32, &key1);
        }
        wc_FreeRng(&rng);
    }
    if (ret == 0) {
        ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af,
                                                                 ECC_SECP256R1);
        if (ret == 0) {
            ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
                                        key1.dp->prime, ECC_SECP256R1);
        }
    }

    printf(testingFmt, "wc_ecc_mulmod()");
    if (ret == 0) {
        ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k,
                                                            &key3.k, 1);
    }

    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k,
                                                            &key3.k, 1);
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k,
                                                            &key3.k, 1);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k,
                                                            &key3.k, 1);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey,
                                                            &key2.k, NULL, 1);
        }
        if (ret == ECC_BAD_ARG_E) {
            ret = 0;
        } else if (ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_ecc_free(&key1);
    wc_ecc_free(&key2);
    wc_ecc_free(&key3);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
    return ret;


} /* END test_wc_ecc_mulmod */

/*
 * Testing wc_ecc_is_valid_idx()
 */
static int test_wc_ecc_is_valid_idx (void)
{
    int         ret = 0;

#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
    ecc_key     key;
    WC_RNG      rng;
    int         iVal = -2;
    int         iVal2 = 3000;

    XMEMSET(&rng, 0, sizeof(rng));
    XMEMSET(&key, 0, sizeof(key));

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, 32, &key);
        }
    }

    printf(testingFmt, "wc_ecc_is_valid_idx()");
    if (ret == 0) {
        ret = wc_ecc_is_valid_idx(key.idx);
        if (ret == 1) {
            ret = 0;
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */
        if (ret == 0) {
            ret = wc_ecc_is_valid_idx(iVal2);
        }
        if (ret != 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    if (wc_FreeRng(&rng) && ret == 0) {
        ret = WOLFSSL_FATAL_ERROR;
    }
    wc_ecc_free(&key);
#ifdef FP_ECC
    wc_ecc_fp_free();
#endif

#endif
    return ret;


} /* END test_wc_ecc_is_valid_idx */
/*
 * Testing wc_ecc_get_curve_id_from_oid()
 */
static int test_wc_ecc_get_curve_id_from_oid (void)
{
    int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
    !defined(HAVE_FIPS)
    const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
    word32 len = sizeof(oid);

    printf(testingFmt, "wc_ecc_get_curve_id_from_oid()");

    /* Bad Cases */
    ret = wc_ecc_get_curve_id_from_oid(NULL, len);
    if (ret == BAD_FUNC_ARG) {
        ret = 0;
    }
    if (ret == 0) {
        ret = wc_ecc_get_curve_id_from_oid(oid, 0);
        if (ret == ECC_CURVE_INVALID) {
            ret = 0;
        }
    }
    /* Good Case */
    if (ret == 0) {
        ret = wc_ecc_get_curve_id_from_oid(oid, len);
        if (ret == 7) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}/* END test_wc_ecc_get_curve_id_from_oid */
/*
 * Testing wc_ecc_sig_size_calc()
 */
static int test_wc_ecc_sig_size_calc (void)
{
    int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
    ecc_key     key;
    WC_RNG      rng;
    int         sz = 0;

    printf(testingFmt, "wc_ecc_sig_size_calc()");

    ret = wc_InitRng(&rng);
    if (ret == 0) {
        ret = wc_ecc_init(&key);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, 16, &key);
        }
        sz = key.dp->size;
    }
    if (ret == 0) {
        ret = wc_ecc_sig_size_calc(sz);
        if (ret > 0) {
            ret = 0;
        }
    }
     printf(resultFmt, ret == 0 ? passed : failed);
    wc_ecc_free(&key);
    wc_FreeRng(&rng);
#endif
    return ret;
} /* END test_wc_ecc_sig_size_calc */
/*
 * Testing ToTraditional
 */
static int test_ToTraditional (void)
{
    int ret = 0;
#if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \
    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL))

    XFILE   f;
    byte    input[TWOK_BUF];
    word32  sz;

    printf(testingFmt, "ToTraditional()");

    f = XFOPEN("./certs/server-keyPkcs8.der", "rb");
    AssertTrue((f != XBADFILE));
    sz = (word32)XFREAD(input, 1, sizeof(input), f);
    XFCLOSE(f);

    /* Good case */
    ret = ToTraditional(input, sz);
    if (ret > 0) {
        ret = 0;
    }
    /* Bad cases */
    if (ret == 0) {
        ret = ToTraditional(NULL, 0);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = ToTraditional(NULL, sz);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = ToTraditional(input, 0);
        if (ret == ASN_PARSE_E || ret == BUFFER_E) {
            ret = 0;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_ToTraditional*/

/*
 * Testing wc_EccPrivateKeyToDer
 */
static int test_wc_EccPrivateKeyToDer (void)
{
    int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)

    byte            output[ONEK_BUF];
    ecc_key         eccKey;
    WC_RNG          rng;
    word32          inLen;
    printf(testingFmt, "wc_EccPrivateKeyToDer()");

    ret = wc_InitRng(&rng);

    if (ret == 0) {
        ret = wc_ecc_init(&eccKey);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
        }
        inLen = (word32)sizeof(output);
        /* Bad Cases */
        if (ret == 0) {
            ret = wc_EccPrivateKeyToDer(NULL, NULL, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_EccPrivateKeyToDer(NULL, output, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen);
            if (ret == LENGTH_ONLY_E) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_EccPrivateKeyToDer(&eccKey, output, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        /*Good Case */
        if (ret == 0) {
            ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen);
            if (ret > 0) {
                ret = 0;
            }
        }
        wc_ecc_free(&eccKey);
    }
    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_wc_EccPrivateKeyToDer*/

/*
 * Testing wc_DhPublicKeyDecode
 */
static int test_wc_DhPublicKeyDecode(void)
{
    int ret = 0;
    word32 inOutIdx;

#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
    DhKey  key;
    AssertIntEQ(wc_InitDhKey(&key), 0);
    printf(testingFmt, "wc_DhPublicKeyDecode()");

    AssertIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0),
                                                        BAD_FUNC_ARG);
    AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
                                                        BAD_FUNC_ARG);
    AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
                                                        BAD_FUNC_ARG);
    inOutIdx = 0;
    AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
                                                        BAD_FUNC_ARG);
    inOutIdx = 0;
    AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
                                                        BAD_FUNC_ARG);
    inOutIdx = 0;
    AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
                                            sizeof_dh_pub_key_der_2048), 0);
    AssertTrue(key.p.used != 0 && key.g.used != 0 && key.q.used == 0 &&
              key.pub.used != 0 && key.priv.used == 0);

    wc_FreeDhKey(&key);
    printf(resultFmt, passed);

#endif
    (void)inOutIdx;
    return ret;
}

/*
 * Testing wc_Ed25519KeyToDer
 */
static int test_wc_Ed25519KeyToDer (void)
{
    int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))

    byte            output[ONEK_BUF];
    ed25519_key     ed25519Key;
    WC_RNG          rng;
    word32          inLen;

    printf(testingFmt, "wc_Ed25519KeyToDer()");

    ret = wc_InitRng(&rng);

    if (ret == 0) {
        ret = wc_ed25519_init(&ed25519Key);
        if (ret == 0) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
        }
        inLen = (word32)sizeof(output);

        /* Bad Cases */
        if (ret == 0) {
            ret = wc_Ed25519KeyToDer(NULL, NULL, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed25519KeyToDer(NULL, output, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        /* Good Case */
        if (ret == 0) {
            ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen);
            if (ret > 0) {
                ret = 0;
            }
        }
        wc_ed25519_free(&ed25519Key);
    }
    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_wc_Ed25519KeyToDer*/
/*
 * Testing wc_Ed25519PrivateKeyToDer
 */
static int test_wc_Ed25519PrivateKeyToDer (void)
{
    int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))

    byte            output[ONEK_BUF];
    ed25519_key     ed25519PrivKey;
    WC_RNG          rng;
    word32          inLen;

    printf(testingFmt, "wc_Ed25519PrivateKeyToDer()");

    ret = wc_InitRng(&rng);


    if (ret == 0) {
        ret = wc_ed25519_init(&ed25519PrivKey);
        if (ret == 0) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey);
        }
        inLen = (word32)sizeof(output);

        /* Bad Cases */
        if (ret == 0) {
            ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        /* Good Case */
        if (ret == 0) {
            ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen);
            if (ret > 0) {
                ret = 0;
            }
        }
        wc_ed25519_free(&ed25519PrivKey);
    }
    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_wc_Ed25519PrivateKeyToDer*/
/*
 * Testing wc_Ed448KeyToDer
 */
static int test_wc_Ed448KeyToDer (void)
{
    int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))

    byte            output[ONEK_BUF];
    ed448_key       ed448Key;
    WC_RNG          rng;
    word32          inLen;

    printf(testingFmt, "wc_Ed448KeyToDer()");

    ret = wc_InitRng(&rng);

    if (ret == 0) {
        ret = wc_ed448_init(&ed448Key);
        if (ret == 0) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
        }
        inLen = sizeof(output);

        /* Bad Cases */
        if (ret == 0) {
            ret = wc_Ed448KeyToDer(NULL, NULL, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed448KeyToDer(NULL, output, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed448KeyToDer(&ed448Key, output, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        /* Good Case */
        if (ret == 0) {
            ret = wc_Ed448KeyToDer(&ed448Key, output, inLen);
            if (ret > 0) {
                ret = 0;
            }
        }
        wc_ed448_free(&ed448Key);
    }
    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_wc_Ed448KeyToDer*/
/*
 * Testing wc_Ed448PrivateKeyToDer
 */
static int test_wc_Ed448PrivateKeyToDer (void)
{
    int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))

    byte            output[ONEK_BUF];
    ed448_key       ed448PrivKey;
    WC_RNG          rng;
    word32          inLen;

    printf(testingFmt, "wc_Ed448PrivateKeyToDer()");

    ret = wc_InitRng(&rng);

    if (ret == 0) {
        ret = wc_ed448_init(&ed448PrivKey);
        if (ret == 0) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey);
        }
        inLen = sizeof(output);

        /* Bad Cases */
        if (ret == 0) {
            ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        /* Good case */
        if (ret == 0) {
            ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen);
            if (ret > 0) {
                ret = 0;
            }
        }
        wc_ed448_free(&ed448PrivKey);
    }
    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_wc_Ed448PrivateKeyToDer*/
/*
 * Testing wc_SetSubjectBuffer
 */
static int test_wc_SetSubjectBuffer (void)
{
    int ret = 0;
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
    Cert    cert;
    FILE*   file;
    byte*   der;
    word32  derSz;

    printf(testingFmt, "wc_SetSubjectBuffer()");

    derSz = FOURK_BUF;
    der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    if (der == NULL) {
        ret = -1;
    }
    if (ret == 0) {
        file = XFOPEN("./certs/ca-cert.der", "rb");
        if (file != NULL) {
            derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
            XFCLOSE(file);
        }
        else {
            ret = -1;
        }
    }
    if (ret == 0) {
        ret = wc_InitCert(&cert);
    }

    if (ret == 0) {
        ret = wc_SetSubjectBuffer(&cert, der, derSz);
    }

    if (ret == 0) {
        ret = wc_SetSubjectBuffer(NULL, der, derSz);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_wc_SetSubjectBuffer*/

/*
 * Testing wc_SetSubjectKeyIdFromPublicKey_ex
 */
static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
{
    int ret = 0;
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
    WC_RNG          rng;
    Cert            cert;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
    ed25519_key     ed25519Key;
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA)
    RsaKey          rsaKey;
    int             bits = 2048;
#endif
#if defined(HAVE_ECC)
    ecc_key         eccKey;
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
    ed448_key       ed448Key;
#endif

    printf(testingFmt, "wc_SetSubjectKeyIdFromPublicKey_ex()");

#ifndef HAVE_FIPS
    ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
    ret = wc_InitRng(&rng);
#endif

    wc_InitCert(&cert);
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
    if (ret == 0) { /*ED25519*/
        ret = wc_ed25519_init(&ed25519Key);
        if (ret == 0) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
        }
        if (ret == 0) {
            ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
                                                  &ed25519Key);
        }
        wc_ed25519_free(&ed25519Key);
    }
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
    if (ret == 0) { /*RSA*/
        ret = wc_InitRsaKey(&rsaKey, NULL);
        if (ret == 0) {
            MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
        }
        if (ret == 0) {
            ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
        }
        wc_FreeRsaKey(&rsaKey);
    }
#endif
#if defined(HAVE_ECC)
    if (ret == 0) { /*ECC*/
        ret = wc_ecc_init(&eccKey);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
        }
        if (ret == 0) {
            ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
        }
        wc_ecc_free(&eccKey);
    }
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
    if (ret == 0) { /*ED448*/
        ret = wc_ed448_init(&ed448Key);
        if (ret == 0) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
        }
        if (ret == 0) {
            ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
                                                  &ed448Key);
        }
        wc_ed448_free(&ed448Key);
    }
#endif

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeRng(&rng);
#endif
    return ret;
}/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/
/*
 * Testing wc_SetAuthKeyIdFromPublicKey_ex
 */
static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
{
    int ret = 0;
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
    WC_RNG          rng;
    Cert            cert;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
    ed25519_key     ed25519Key;
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA)
    RsaKey          rsaKey;
    int             bits = 2048;
#endif
#if defined(HAVE_ECC)
    ecc_key         eccKey;
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
    ed448_key       ed448Key;
#endif

    printf(testingFmt, "wc_SetAuthKeyIdFromPublicKey_ex()");

#ifndef HAVE_FIPS
    ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
    ret = wc_InitRng(&rng);
#endif

    wc_InitCert(&cert);
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
    if (ret == 0) { /*ED25519*/
        ret = wc_ed25519_init(&ed25519Key);
        if (ret == 0) {
            ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
        }
        if (ret == 0) {
            ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
                                                  &ed25519Key);
        }
        wc_ed25519_free(&ed25519Key);
    }
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
    if (ret == 0) { /*RSA*/
        ret = wc_InitRsaKey(&rsaKey, NULL);
        if (ret == 0) {
            MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
        }
        if (ret == 0) {
            ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
        }
        wc_FreeRsaKey(&rsaKey);
    }
#endif
#if defined(HAVE_ECC)
    if (ret == 0) { /*ECC*/
        ret = wc_ecc_init(&eccKey);
        if (ret == 0) {
            ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
        }
        if (ret == 0) {
            ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
        }
        wc_ecc_free(&eccKey);
    }
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
    if (ret == 0) { /*ED448*/
        ret = wc_ed448_init(&ed448Key);
        if (ret == 0) {
            ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
        }
        if (ret == 0) {
            ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
                                                  &ed448Key);
        }
        wc_ed448_free(&ed448Key);
    }
#endif

    printf(resultFmt, ret == 0 ? passed : failed);

    wc_FreeRng(&rng);
#endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/
    return ret;
}/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
/*
 * Testing wc_PKCS7_New()
 */
static void test_wc_PKCS7_New (void)
{
#if defined(HAVE_PKCS7)
    PKCS7*      pkcs7;
    void*       heap = NULL;

    printf(testingFmt, "wc_PKCS7_New()");

    pkcs7 = wc_PKCS7_New(heap, devId);
    AssertNotNull(pkcs7);

    printf(resultFmt, passed);
    wc_PKCS7_Free(pkcs7);
#endif
} /* END test-wc_PKCS7_New */

/*
 * Testing wc_PKCS7_Init()
 */
static void test_wc_PKCS7_Init (void)
{
#if defined(HAVE_PKCS7)
    PKCS7*      pkcs7;
    void*       heap = NULL;

    printf(testingFmt, "wc_PKCS7_Init()");

    pkcs7 = wc_PKCS7_New(heap, devId);
    AssertNotNull(pkcs7);

    AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);

    /* Pass in bad args. */
    AssertIntEQ(wc_PKCS7_Init(NULL, heap, devId), BAD_FUNC_ARG);

    printf(resultFmt, passed);
    wc_PKCS7_Free(pkcs7);
#endif
} /* END test-wc_PKCS7_Init */


/*
 * Testing wc_PKCS7_InitWithCert()
 */
static void test_wc_PKCS7_InitWithCert (void)
{
#if defined(HAVE_PKCS7)
    PKCS7*       pkcs7;

#ifndef NO_RSA
    #if defined(USE_CERT_BUFFERS_2048)
        unsigned char    cert[sizeof(client_cert_der_2048)];
        int              certSz = (int)sizeof(cert);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
    #elif defined(USE_CERT_BUFFERS_1024)
        unsigned char    cert[sizeof(client_cert_der_1024)];
        int              certSz = (int)sizeof(cert);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
    #else
        unsigned char   cert[ONEK_BUF];
        XFILE           fp;
        int             certSz;
        fp = XFOPEN("./certs/1024/client-cert.der", "rb");
        AssertTrue(fp != XBADFILE);

        certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
        XFCLOSE(fp);
    #endif
#elif defined(HAVE_ECC)
    #if defined(USE_CERT_BUFFERS_256)
        unsigned char    cert[sizeof(cliecc_cert_der_256)];
        int              certSz = (int)sizeof(cert);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
    #else
        unsigned char   cert[ONEK_BUF];
        XFILE           fp;
        int             certSz;
        fp = XFOPEN("./certs/client-ecc-cert.der", "rb");

        AssertTrue(fp != XBADFILE);

        certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), fp);
        XFCLOSE(fp);
    #endif
#else
        #error PKCS7 requires ECC or RSA
#endif

#ifdef HAVE_ECC
    /* bad test case from ZD 11011, malformed cert gives bad ECC key */
    unsigned char certWithInvalidEccKey[] = {
        0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
        0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
        0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
        0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
        0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
        0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
        0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
        0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
        0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
        0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
        0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
        0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
        0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
        0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
        0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
        0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
        0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
        0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
        0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
        0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
        0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
        0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
        0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
        0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
        0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
        0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
        0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
        0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
        0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
        0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
        0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
        0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
        0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
        0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
        0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
        0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
        0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
        0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
        0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
        0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
        0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
        0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
        0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
        0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
        0x08, 0xA8, 0xB4};
#endif
    printf(testingFmt, "wc_PKCS7_InitWithCert()");

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    /* If initialization is not successful, it's free'd in init func. */
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);

    wc_PKCS7_Free(pkcs7);
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));

    /* Valid initialization usage. */
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);

    /* Pass in bad args. No need free for null checks, free at end.*/
    AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
                                                           BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
                                                      BAD_FUNC_ARG);

#ifdef HAVE_ECC
    AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
                                     sizeof(certWithInvalidEccKey)), 0);
#endif

    printf(resultFmt, passed);

    wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_InitWithCert */


/*
 * Testing wc_PKCS7_EncodeData()
 */
static void test_wc_PKCS7_EncodeData (void)
{
#if defined(HAVE_PKCS7)
    PKCS7*      pkcs7;
    byte        output[FOURK_BUF];
    byte        data[] = "My encoded DER cert.";

#ifndef NO_RSA
    #if defined(USE_CERT_BUFFERS_2048)
        unsigned char cert[sizeof(client_cert_der_2048)];
        unsigned char key[sizeof(client_key_der_2048)];
        int certSz = (int)sizeof(cert);
        int keySz = (int)sizeof(key);
        XMEMSET(cert, 0, certSz);
        XMEMSET(key, 0, keySz);
        XMEMCPY(cert, client_cert_der_2048, certSz);
        XMEMCPY(key, client_key_der_2048, keySz);

    #elif defined(USE_CERT_BUFFERS_1024)
        unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
        unsigned char key[sizeof_client_key_der_1024];
        int certSz = (int)sizeof(cert);
        int keySz = (int)sizeof(key);
        XMEMSET(cert, 0, certSz);
        XMEMSET(key, 0, keySz);
        XMEMCPY(cert, client_cert_der_1024, certSz);
        XMEMCPY(key, client_key_der_1024, keySz);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz;
        int             keySz;

        fp = XFOPEN("./certs/1024/client-cert.der", "rb");
        AssertTrue(fp != XBADFILE);
        certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/1024/client-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
        XFCLOSE(fp);
    #endif
#elif defined(HAVE_ECC)
    #if defined(USE_CERT_BUFFERS_256)
        unsigned char    cert[sizeof(cliecc_cert_der_256)];
        unsigned char    key[sizeof(ecc_clikey_der_256)];
        int              certSz = (int)sizeof(cert);
        int              keySz = (int)sizeof(key);
        XMEMSET(cert, 0, certSz);
        XMEMSET(key, 0, keySz);
        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz, keySz;

        fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
        AssertTrue(fp != XBADFILE);
        certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/client-ecc-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
        XFCLOSE(fp);
    #endif
#endif

    XMEMSET(output, 0, sizeof(output));

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);

    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);

    printf(testingFmt, "wc_PKCS7_EncodeData()");

    pkcs7->content = data;
    pkcs7->contentSz = sizeof(data);
    pkcs7->privateKey = key;
    pkcs7->privateKeySz = keySz;
    AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);

    /* Test bad args. */
    AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
                                                            BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
                                                            BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);

    printf(resultFmt, passed);

    wc_PKCS7_Free(pkcs7);
#endif
}  /* END test_wc_PKCS7_EncodeData */


#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
    !defined(NO_RSA) && !defined(NO_SHA256)
/* RSA sign raw digest callback */
static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
                              byte* out, word32 outSz, byte* privateKey,
                              word32 privateKeySz, int devid, int hashOID)
{
    /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
    byte digInfoEncoding[] = {
        0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
        0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
        0x00, 0x04, 0x20
    };

    int ret;
    byte digestInfo[ONEK_BUF];
    byte sig[FOURK_BUF];
    word32 digestInfoSz = 0;
    word32 idx = 0;
    RsaKey rsa;

    /* SHA-256 required only for this example callback due to above
     * digInfoEncoding[] */
    if (pkcs7 == NULL || digest == NULL || out == NULL ||
        (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
        (hashOID != SHA256h)) {
        return -1;
    }

    /* build DigestInfo */
    XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
    digestInfoSz += sizeof(digInfoEncoding);
    XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
    digestInfoSz += digestSz;

    /* set up RSA key */
    ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
    if (ret != 0) {
        return ret;
    }

    ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);

    /* sign DigestInfo */
    if (ret == 0) {
        ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
                             &rsa, pkcs7->rng);
        if (ret > 0) {
            if (ret > (int)outSz) {
                /* output buffer too small */
                ret = -1;
            } else {
                /* success, ret holds sig size */
                XMEMCPY(out, sig, ret);
            }
        }
    }

    wc_FreeRsaKey(&rsa);

    return ret;
}
#endif


/*
 * Testing wc_PKCS7_EncodeSignedData()
 */
static void test_wc_PKCS7_EncodeSignedData(void)
{
#if defined(HAVE_PKCS7)
    PKCS7*      pkcs7;
    WC_RNG      rng;
    byte        output[FOURK_BUF];
    byte        badOut[1];
    word32      outputSz = (word32)sizeof(output);
    word32      badOutSz = 0;
    byte        data[] = "Test data to encode.";

#ifndef NO_RSA
    #if defined(USE_CERT_BUFFERS_2048)
        byte        key[sizeof(client_key_der_2048)];
        byte        cert[sizeof(client_cert_der_2048)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_2048, keySz);
        XMEMCPY(cert, client_cert_der_2048, certSz);
    #elif defined(USE_CERT_BUFFERS_1024)
        byte        key[sizeof_client_key_der_1024];
        byte        cert[sizeof(sizeof_client_cert_der_1024)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_1024, keySz);
        XMEMCPY(cert, client_cert_der_1024, certSz);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz;
        int             keySz;

        fp = XFOPEN("./certs/1024/client-cert.der", "rb");
        AssertTrue(fp != XBADFILE);
        certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/1024/client-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
        XFCLOSE(fp);
    #endif
#elif defined(HAVE_ECC)
    #if defined(USE_CERT_BUFFERS_256)
        unsigned char    cert[sizeof(cliecc_cert_der_256)];
        unsigned char    key[sizeof(ecc_clikey_der_256)];
        int              certSz = (int)sizeof(cert);
        int              keySz = (int)sizeof(key);
        XMEMSET(cert, 0, certSz);
        XMEMSET(key, 0, keySz);
        XMEMCPY(cert, cliecc_cert_der_256, certSz);
        XMEMCPY(key, ecc_clikey_der_256, keySz);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz, keySz;

        fp = XOPEN("./certs/client-ecc-cert.der", "rb");
        AssertTrue(fp != XBADFILE);
        certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/client-ecc-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, ONEK_BUF, fp);
        XFCLOSE(fp);
    #endif
#endif

    XMEMSET(output, 0, outputSz);
    AssertIntEQ(wc_InitRng(&rng), 0);

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);

    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);

    printf(testingFmt, "wc_PKCS7_EncodeSignedData()");

    pkcs7->content = data;
    pkcs7->contentSz = (word32)sizeof(data);
    pkcs7->privateKey = key;
    pkcs7->privateKeySz = (word32)sizeof(key);
    pkcs7->encryptOID = RSAk;
    pkcs7->hashOID = SHAh;
    pkcs7->rng = &rng;

    AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);

    wc_PKCS7_Free(pkcs7);
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);

    /* Pass in bad args. */
    AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
                                badOutSz), BAD_FUNC_ARG);
    pkcs7->hashOID = 0; /* bad hashOID */
    AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG);

#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
    !defined(NO_RSA) && !defined(NO_SHA256)
    /* test RSA sign raw digest callback, if using RSA and compiled in.
     * Example callback assumes SHA-256, so only run test if compiled in. */
    wc_PKCS7_Free(pkcs7);
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);

    pkcs7->content = data;
    pkcs7->contentSz = (word32)sizeof(data);
    pkcs7->privateKey = key;
    pkcs7->privateKeySz = (word32)sizeof(key);
    pkcs7->encryptOID = RSAk;
    pkcs7->hashOID = SHA256h;
    pkcs7->rng = &rng;

    AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);

    AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
#endif

    printf(resultFmt, passed);

    wc_PKCS7_Free(pkcs7);
    wc_FreeRng(&rng);

#endif
} /* END test_wc_PKCS7_EncodeSignedData */


/*
 * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
 */
static void test_wc_PKCS7_EncodeSignedData_ex(void)
{
#if defined(HAVE_PKCS7)
    int         ret, i;
    PKCS7*      pkcs7;
    WC_RNG      rng;
    byte        outputHead[FOURK_BUF/2];
    byte        outputFoot[FOURK_BUF/2];
    word32      outputHeadSz = (word32)sizeof(outputHead);
    word32      outputFootSz = (word32)sizeof(outputFoot);
    byte        data[FOURK_BUF];
    wc_HashAlg  hash;
    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
    byte        hashBuf[WC_MAX_DIGEST_SIZE];
    word32      hashSz = wc_HashGetDigestSize(hashType);

#ifndef NO_RSA
    #if defined(USE_CERT_BUFFERS_2048)
        byte        key[sizeof(client_key_der_2048)];
        byte        cert[sizeof(client_cert_der_2048)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_2048, keySz);
        XMEMCPY(cert, client_cert_der_2048, certSz);
    #elif defined(USE_CERT_BUFFERS_1024)
        byte        key[sizeof_client_key_der_1024];
        byte        cert[sizeof(sizeof_client_cert_der_1024)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_1024, keySz);
        XMEMCPY(cert, client_cert_der_1024, certSz);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz;
        int             keySz;

        fp = XFOPEN("./certs/1024/client-cert.der", "rb");
        AssertTrue((fp != XBADFILE));
        certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/1024/client-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
        XFCLOSE(fp);
    #endif
#elif defined(HAVE_ECC)
    #if defined(USE_CERT_BUFFERS_256)
        unsigned char    cert[sizeof(cliecc_cert_der_256)];
        unsigned char    key[sizeof(ecc_clikey_der_256)];
        int              certSz = (int)sizeof(cert);
        int              keySz = (int)sizeof(key);
        XMEMSET(cert, 0, certSz);
        XMEMSET(key, 0, keySz);
        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz, keySz;

        fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
        AssertTrue(fp != XBADFILE);
        certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/client-ecc-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
        XFCLOSE(fp);
    #endif
#endif

    /* initialize large data with sequence */
    for (i=0; i<(int)sizeof(data); i++)
        data[i] = i & 0xff;

    XMEMSET(outputHead, 0, outputHeadSz);
    XMEMSET(outputFoot, 0, outputFootSz);
    AssertIntEQ(wc_InitRng(&rng), 0);

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);

    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);

    printf(testingFmt, "wc_PKCS7_EncodeSignedData()");

    pkcs7->content = NULL; /* not used for ex */
    pkcs7->contentSz = (word32)sizeof(data);
    pkcs7->privateKey = key;
    pkcs7->privateKeySz = (word32)sizeof(key);
    pkcs7->encryptOID = RSAk;
    pkcs7->hashOID = SHAh;
    pkcs7->rng = &rng;

    /* calculate hash for content */
    ret = wc_HashInit(&hash, hashType);
    if (ret == 0) {
        ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
        if (ret == 0) {
            ret = wc_HashFinal(&hash, hashType, hashBuf);
        }
        wc_HashFree(&hash, hashType);
    }
    AssertIntEQ(ret, 0);

    /* Perform PKCS7 sign using hash directly */
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
    AssertIntGT(outputHeadSz, 0);
    AssertIntGT(outputFootSz, 0);

    wc_PKCS7_Free(pkcs7);
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);

    /* required parameter even on verify when using _ex */
    pkcs7->contentSz = (word32)sizeof(data);
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, outputHeadSz, outputFoot, outputFootSz), 0);

    wc_PKCS7_Free(pkcs7);

    /* assembly complete PKCS7 sign and use normal verify */
    {
        byte* output = (byte*)XMALLOC(outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
        word32 outputSz = 0;
        AssertNotNull(output);
        XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
        outputSz += outputHeadSz;
        XMEMCPY(&output[outputSz], data, sizeof(data));
        outputSz += sizeof(data);
        XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
        outputSz += outputFootSz;

        AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
        AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
        AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
        XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    }

    /* Pass in bad args. */
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
    pkcs7->hashOID = 0; /* bad hashOID */
    AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);

    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);

    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
        outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
#else
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
        outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
#endif
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
    /* can pass in 0 buffer length with streaming API */
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
#else
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
#else
    AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
        outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E);
#endif

    printf(resultFmt, passed);

    wc_PKCS7_Free(pkcs7);
    wc_FreeRng(&rng);

#endif
} /* END test_wc_PKCS7_EncodeSignedData_ex */


#if defined(HAVE_PKCS7)
static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
                                 byte* data, word32 dataSz,
                                 int withAttribs, int detachedSig)
{
    PKCS7*      pkcs7;
    WC_RNG      rng;

    static byte messageTypeOid[] =
               { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                 0x09, 0x02 };
    static byte messageType[] = { 0x13, 2, '1', '9' };

    PKCS7Attrib attribs[] =
    {
        { messageTypeOid, sizeof(messageTypeOid), messageType,
                                       sizeof(messageType) }
    };

#ifndef NO_RSA
    #if defined(USE_CERT_BUFFERS_2048)
        byte        key[sizeof(client_key_der_2048)];
        byte        cert[sizeof(client_cert_der_2048)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_2048, keySz);
        XMEMCPY(cert, client_cert_der_2048, certSz);
    #elif defined(USE_CERT_BUFFERS_1024)
        byte        key[sizeof_client_key_der_1024];
        byte        cert[sizeof(sizeof_client_cert_der_1024)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_1024, keySz);
        XMEMCPY(cert, client_cert_der_1024, certSz);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        FILE*           fp;
        int             certSz;
        int             keySz;

        fp = fopen("./certs/1024/client-cert.der", "rb");
        AssertNotNull(fp);
        certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
        fclose(fp);

        fp = fopen("./certs/1024/client-key.der", "rb");
        AssertNotNull(fp);
        keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
        fclose(fp);
    #endif
#elif defined(HAVE_ECC)
    #if defined(USE_CERT_BUFFERS_256)
        unsigned char    cert[sizeof(cliecc_cert_der_256)];
        unsigned char    key[sizeof(ecc_clikey_der_256)];
        int              certSz = (int)sizeof(cert);
        int              keySz = (int)sizeof(key);
        XMEMSET(cert, 0, certSz);
        XMEMSET(key, 0, keySz);
        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        FILE*           fp;
        int             certSz, keySz;

        fp = fopen("./certs/client-ecc-cert.der", "rb");
        AssertNotNull(fp);
        certSz = fread(cert, 1, sizeof_cliecc_cert_der_256, fp);
        fclose(fp);

        fp = fopen("./certs/client-ecc-key.der", "rb");
        AssertNotNull(fp);
        keySz = fread(key, 1, sizeof_ecc_clikey_der_256, fp);
        fclose(fp);
    #endif
#endif

    XMEMSET(output, 0, outputSz);
    AssertIntEQ(wc_InitRng(&rng), 0);

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);

    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);

    printf(testingFmt, "wc_PKCS7_VerifySignedData()");

    pkcs7->content = data;
    pkcs7->contentSz = dataSz;
    pkcs7->privateKey = key;
    pkcs7->privateKeySz = (word32)sizeof(key);
    pkcs7->encryptOID = RSAk;
    pkcs7->hashOID = SHAh;
    pkcs7->rng = &rng;
    if (withAttribs) {
        /* include a signed attribute */
        pkcs7->signedAttribs   = attribs;
        pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
    }

    if (detachedSig) {
        AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
    }

    AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
    wc_PKCS7_Free(pkcs7);
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    if (detachedSig) {
        pkcs7->content = data;
        pkcs7->contentSz = dataSz;
    }
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);

    wc_PKCS7_Free(pkcs7);
    wc_FreeRng(&rng);

    return outputSz;
}
#endif

/*
 * Testing wc_PKCS_VerifySignedData()
 */
static void test_wc_PKCS7_VerifySignedData(void)
{
#if defined(HAVE_PKCS7)
    PKCS7* pkcs7;
    byte   output[FOURK_BUF];
    word32 outputSz = sizeof(output);
    byte   data[] = "Test data to encode.";
    byte   badOut[1];
    word32 badOutSz = 0;
    byte   badContent[] = "This is different content than was signed";

    AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
                                                  (word32)sizeof(data),
                                                  0, 0)), 0);

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);

    /* Test bad args. */
    AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
    /* can pass in 0 buffer length with streaming API */
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
                                badOutSz), WC_PKCS7_WANT_READ_E);
#else
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
                                badOutSz), BAD_FUNC_ARG);
#endif

    wc_PKCS7_Free(pkcs7);

    /* Invalid content should error, use detached signature so we can
     * easily change content */
    AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
                                                  (word32)sizeof(data),
                                                  1, 1)), 0);
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    pkcs7->content = badContent;
    pkcs7->contentSz = sizeof(badContent);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E);
    wc_PKCS7_Free(pkcs7);

    /* Test success case with detached signature and valid content */
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    pkcs7->content = data;
    pkcs7->contentSz = sizeof(data);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
    wc_PKCS7_Free(pkcs7);

    printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_VerifySignedData() */


#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
    !defined(NO_AES_256)
static const byte defKey[] = {
    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
static byte aesHandle[32]; /* simulated hardware key handle */

/* return 0 on success */
static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
        byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
        byte* in, int inSz, byte* out, void* usrCtx)
{
    int ret;
    Aes aes;

    if (usrCtx == NULL) {
        /* no simulated handle passed in */
        return -1;
    }

    switch (encryptOID) {
        case AES256CBCb:
            if (ivSz  != AES_BLOCK_SIZE)
                return BAD_FUNC_ARG;
            break;

        default:
            WOLFSSL_MSG("Unsupported content cipher type for test");
            return ALGO_ID_E;
    };

    /* simulate using handle to get key */
    ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
    if (ret == 0) {
        ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
        if (ret == 0)
            ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
        wc_AesFree(&aes);
    }

    (void)aad;
    (void)aadSz;
    (void)authTag;
    (void)authTagSz;
    (void)pkcs7;
    return ret;
}


/* returns key size on success */
static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
        word32 keyIdSz, byte* orginKey, word32 orginKeySz,
        byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
{
    int ret = -1;

    if (out == NULL)
        return BAD_FUNC_ARG;

    if (keyId[0] != 0x00) {
        return -1;
    }

    if (type != (int)PKCS7_KEKRI) {
        return -1;
    }

    switch (keyWrapAlgo) {
        case AES256_WRAP:
            /* simulate setting a handle for later decryption but use key
             * as handle in the test case here */
            ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
                                      aesHandle, sizeof(aesHandle), NULL);
            if (ret < 0)
                return ret;

            ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
            if (ret < 0)
                return ret;

            /* return key size on success */
            return sizeof(defKey);

        default:
            WOLFSSL_MSG("Unsupported key wrap algorithm in example");
            return BAD_KEYWRAP_ALG_E;
    };

    (void)cekSz;
    (void)cek;
    (void)outSz;
    (void)keyIdSz;
    (void)direction;
    (void)orginKey; /* used with KAKRI */
    (void)orginKeySz;
    return ret;
}
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */


/*
 * Testing wc_PKCS7_EncodeEnvelopedData()
 */
static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{
#if defined(HAVE_PKCS7)
    PKCS7*      pkcs7;
#ifdef ECC_TIMING_RESISTANT
    WC_RNG      rng;
#endif
    word32      tempWrd32   = 0;
    byte*       tmpBytePtr = NULL;
    const char  input[] = "Test data to encode.";
    int         i;
    int         testSz = 0;
    #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
        !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))

        byte*   rsaCert     = NULL;
        byte*   rsaPrivKey  = NULL;
        word32  rsaCertSz;
        word32  rsaPrivKeySz;
        #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
                                           !defined(USE_CERT_BUFFERS_2048) )
            static const char* rsaClientCert = "./certs/client-cert.der";
            static const char* rsaClientKey = "./certs/client-key.der";
            rsaCertSz = (word32)sizeof(rsaClientCert);
            rsaPrivKeySz = (word32)sizeof(rsaClientKey);
        #endif
    #endif
    #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
        !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))

        byte*   eccCert     = NULL;
        byte*   eccPrivKey  = NULL;
        word32  eccCertSz;
        word32  eccPrivKeySz;
        #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
            static const char* eccClientCert = "./certs/client-ecc-cert.der";
            static const char* eccClientKey = "./certs/ecc-client-key.der";
        #endif
    #endif
    /* Generic buffer size. */
    byte    output[ONEK_BUF];
    byte    decoded[sizeof(input)/sizeof(char)];
    int     decodedSz = 0;
#ifndef NO_FILESYSTEM
    XFILE certFile;
    XFILE keyFile;
#endif

#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
    !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
    /* RSA certs and keys. */
    #if defined(USE_CERT_BUFFERS_1024)
        /* Allocate buffer space. */
        AssertNotNull(rsaCert =
                (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
        /* Init buffer. */
        rsaCertSz = (word32)sizeof_client_cert_der_1024;
        XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
        AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
                                DYNAMIC_TYPE_TMP_BUFFER));
        rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
        XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);

    #elif defined(USE_CERT_BUFFERS_2048)
        /* Allocate buffer */
        AssertNotNull(rsaCert =
                (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
        /* Init buffer. */
        rsaCertSz = (word32)sizeof_client_cert_der_2048;
        XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
        AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
                                DYNAMIC_TYPE_TMP_BUFFER));
        rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
        XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);

    #else
        /* File system. */
        certFile = XFOPEN(rsaClientCert, "rb");
        AssertTrue(certFile != XBADFILE);
        rsaCertSz = (word32)FOURK_BUF;
        AssertNotNull(rsaCert =
                (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
        rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile);
        XFCLOSE(certFile);
        keyFile = XFOPEN(rsaClientKey, "rb");
        AssertTrue(keyFile != XBADFILE);
        AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
                                DYNAMIC_TYPE_TMP_BUFFER));
        rsaPrivKeySz = (word32)FOURK_BUF;
        rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile);
        XFCLOSE(keyFile);
    #endif /* USE_CERT_BUFFERS */
#endif /* NO_RSA */

/* ECC */
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
    !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))

    #ifdef USE_CERT_BUFFERS_256
        AssertNotNull(eccCert =
                (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
        /* Init buffer. */
        eccCertSz = (word32)sizeof_cliecc_cert_der_256;
        XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
        AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
                                DYNAMIC_TYPE_TMP_BUFFER));
        eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
        XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
    #else /* File system. */
        certFile = XFOPEN(eccClientCert, "rb");
        AssertTrue(certFile != XBADFILE);
        eccCertSz = (word32)FOURK_BUF;
        AssertNotNull(eccCert =
                (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
        eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile);
        XFCLOSE(certFile);
        keyFile = XFOPEN(eccClientKey, "rb");
        AssertTrue(keyFile != XBADFILE);
        eccPrivKeySz = (word32)FOURK_BUF;
        AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
                                DYNAMIC_TYPE_TMP_BUFFER));
        eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile);
        XFCLOSE(keyFile);
    #endif /* USE_CERT_BUFFERS_256 */
#endif /* END HAVE_ECC */

    /* Silence. */
    (void)keyFile;
    (void)certFile;

    const pkcs7EnvelopedVector testVectors[] = {
    /* DATA is a global variable defined in the makefile. */
#if !defined(NO_RSA)
    #ifndef NO_DES3
        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
            rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
    #endif /* NO_DES3 */
    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
        #ifndef NO_AES_128
        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
        #endif
        #ifndef NO_AES_192
        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
        #endif
        #ifndef NO_AES_256
        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
        #endif
    #endif /* NO_AES && HAVE_AES_CBC */

#endif /* NO_RSA */
#if defined(HAVE_ECC)
    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
        #if !defined(NO_SHA) && !defined(NO_AES_128)
            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
                AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
                eccCertSz, eccPrivKey, eccPrivKeySz},
        #endif
        #if !defined(NO_SHA256) && !defined(NO_AES_256)
            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
                AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert,
                eccCertSz, eccPrivKey, eccPrivKeySz},
        #endif
        #if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
                AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
                eccCertSz, eccPrivKey, eccPrivKeySz},
        #endif
    #endif /* NO_AES && HAVE_AES_CBC*/
#endif /* END HAVE_ECC */
    }; /* END pkcs7EnvelopedVector */

#ifdef ECC_TIMING_RESISTANT
    AssertIntEQ(wc_InitRng(&rng), 0);
#endif

    printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()");

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);

    testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
    for (i = 0; i < testSz; i++) {
        AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
                                    (word32)(testVectors + i)->certSz), 0);
#ifdef ECC_TIMING_RESISTANT
        pkcs7->rng = &rng;
#endif

        pkcs7->content       = (byte*)(testVectors + i)->content;
        pkcs7->contentSz     = (testVectors + i)->contentSz;
        pkcs7->contentOID    = (testVectors + i)->contentOID;
        pkcs7->encryptOID    = (testVectors + i)->encryptOID;
        pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
        pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
        pkcs7->privateKey    = (testVectors + i)->privateKey;
        pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;

        AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
                            (word32)sizeof(output)), 0);

        decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
                (word32)sizeof(output), decoded, (word32)sizeof(decoded));
        AssertIntGE(decodedSz, 0);
        /* Verify the size of each buffer. */
        AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
        /* Don't free the last time through the loop. */
        if (i < testSz - 1 ){
            wc_PKCS7_Free(pkcs7);
            AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
        }
    }  /* END test loop. */

    /* Test bad args. */
    AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
                    (word32)sizeof(output)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
                    (word32)sizeof(output)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
    printf(resultFmt, passed);

    /* Decode.  */
    printf(testingFmt, "wc_PKCS7_DecodeEnvelopedData()");

    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
        (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
        (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
        (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
        (word32)sizeof(decoded)), BAD_FUNC_ARG);
    /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
    /* only a failure for KARI test cases */
    tempWrd32 = pkcs7->singleCertSz;
    pkcs7->singleCertSz = 0;
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
        (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
    pkcs7->singleCertSz = tempWrd32;

    tmpBytePtr = pkcs7->singleCert;
    pkcs7->singleCert = NULL;
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
        (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
    pkcs7->singleCert = tmpBytePtr;
#endif
    tempWrd32 = pkcs7->privateKeySz;
    pkcs7->privateKeySz = 0;

    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
        (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
    pkcs7->privateKeySz = tempWrd32;

    tmpBytePtr = pkcs7->privateKey;
    pkcs7->privateKey = NULL;
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
        (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
    pkcs7->privateKey = tmpBytePtr;

    wc_PKCS7_Free(pkcs7);

#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
    /* test of decrypt callback with KEKRI enveloped data */
    {
        int envelopedSz;
        const byte keyId[] = { 0x00 };

        AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
        pkcs7->content      = (byte*)input;
        pkcs7->contentSz    = (word32)(sizeof(input)/sizeof(char));
        pkcs7->contentOID   = DATA;
        pkcs7->encryptOID   = AES256CBCb;
        AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
                    (byte*)defKey, sizeof(defKey), (byte*)keyId,
                    sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
        AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
        AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
                        (word32)sizeof(output))), 0);
        wc_PKCS7_Free(pkcs7);

        /* decode envelopedData */
        AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
        AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
        AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
        AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
                        envelopedSz, decoded, sizeof(decoded))), 0);
        wc_PKCS7_Free(pkcs7);
    }
#endif /* !NO_AES && !NO_AES_256 */


    printf(resultFmt, passed);
#ifndef NO_RSA
    if (rsaCert) {
        XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    }
    if (rsaPrivKey) {
        XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif /*NO_RSA */
#ifdef HAVE_ECC
    if (eccCert) {
        XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    }
    if (eccPrivKey) {
        XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    }
#endif /* HAVE_ECC */

#ifdef ECC_TIMING_RESISTANT
    wc_FreeRng(&rng);
#endif

#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3)
    {
        byte   out[7];
        byte   *cms;
        word32 cmsSz;
        XFILE  cmsFile;

        XMEMSET(out, 0, sizeof(out));
        AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
        cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb");
        AssertTrue(cmsFile != XBADFILE);
        cmsSz = (word32)FOURK_BUF;
        AssertNotNull(cms =
                (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
        cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile);
        XFCLOSE(cmsFile);

        AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
                    sizeof_client_cert_der_2048), 0);
        pkcs7->privateKey   = (byte*)client_key_der_2048;
        pkcs7->privateKeySz = sizeof_client_key_der_2048;
        AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
                    sizeof(out)), 0);
        XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
        AssertIntEQ(XMEMCMP(out, "test", 4), 0);
        wc_PKCS7_Free(pkcs7);
    }
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */
#endif /* HAVE_PKCS7 */
} /* END test_wc_PKCS7_EncodeEnvelopedData() */


/*
 * Testing wc_PKCS7_EncodeEncryptedData()
 */
static void test_wc_PKCS7_EncodeEncryptedData (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
    PKCS7*      pkcs7 = NULL;
    byte*       tmpBytePtr = NULL;
    byte        encrypted[TWOK_BUF];
    byte        decoded[TWOK_BUF];
    word32      tmpWrd32 = 0;
    int         tmpInt = 0;
    int         decodedSz;
    int         encryptedSz;
    int         testSz;
    int         i;

    const byte data[] = { /* Hello World */
        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
        0x72,0x6c,0x64
    };

    #ifndef NO_DES3
        byte desKey[] = {
            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
        };
        byte des3Key[] = {
            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
            0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
            0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
        };
    #endif

    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
        #ifndef NO_AES_128
        byte aes128Key[] = {
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
        };
        #endif
        #ifndef NO_AES_192
        byte aes192Key[] = {
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
        };
        #endif
        #ifndef NO_AES_256
        byte aes256Key[] = {
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
        };
        #endif
    #endif /* !NO_AES && HAVE_AES_CBC */
    const pkcs7EncryptedVector testVectors[] =
    {
    #ifndef NO_DES3
        {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},

        {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
    #endif /* !NO_DES3 */
    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
        #ifndef NO_AES_128
        {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
         sizeof(aes128Key)},
        #endif

        #ifndef NO_AES_192
        {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
         sizeof(aes192Key)},
        #endif

        #ifndef NO_AES_256
        {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
         sizeof(aes256Key)},
        #endif

    #endif /* !NO_AES && HAVE_AES_CBC */
    };

    testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);

    for (i = 0; i < testSz; i++) {
        AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
        AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
        pkcs7->content              = (byte*)testVectors[i].content;
        pkcs7->contentSz            = testVectors[i].contentSz;
        pkcs7->contentOID           = testVectors[i].contentOID;
        pkcs7->encryptOID           = testVectors[i].encryptOID;
        pkcs7->encryptionKey        = testVectors[i].encryptionKey;
        pkcs7->encryptionKeySz      = testVectors[i].encryptionKeySz;
        pkcs7->heap                 = HEAP_HINT;

        /* encode encryptedData */
        encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                                                   sizeof(encrypted));
        AssertIntGT(encryptedSz, 0);

        /* Decode encryptedData */
        decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
                                                    decoded, sizeof(decoded));

        AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
        /* Keep values for last itr. */
        if (i < testSz - 1) {
            wc_PKCS7_Free(pkcs7);
        }
    }
    if (pkcs7 == NULL || testSz == 0) {
        AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
        AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
    }

    printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
                     sizeof(encrypted)),BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
                     sizeof(encrypted)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                     0), BAD_FUNC_ARG);
    /* Testing the struct. */
    tmpBytePtr = pkcs7->content;
    pkcs7->content = NULL;
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                             sizeof(encrypted)), BAD_FUNC_ARG);
    pkcs7->content = tmpBytePtr;
    tmpWrd32 = pkcs7->contentSz;
    pkcs7->contentSz = 0;
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                             sizeof(encrypted)), BAD_FUNC_ARG);
    pkcs7->contentSz = tmpWrd32;
    tmpInt = pkcs7->encryptOID;
    pkcs7->encryptOID = 0;
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                             sizeof(encrypted)), BAD_FUNC_ARG);
    pkcs7->encryptOID = tmpInt;
    tmpBytePtr = pkcs7->encryptionKey;
    pkcs7->encryptionKey = NULL;
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                             sizeof(encrypted)), BAD_FUNC_ARG);
    pkcs7->encryptionKey = tmpBytePtr;
    tmpWrd32 = pkcs7->encryptionKeySz;
    pkcs7->encryptionKeySz = 0;
    AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                             sizeof(encrypted)), BAD_FUNC_ARG);
    pkcs7->encryptionKeySz = tmpWrd32;

    printf(resultFmt, passed);

    printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");

    AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
                decoded, sizeof(decoded)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
                decoded, sizeof(decoded)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
                decoded, sizeof(decoded)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
                NULL, sizeof(decoded)), BAD_FUNC_ARG);
    AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
                decoded, 0), BAD_FUNC_ARG);
    /* Test struct fields */

    tmpBytePtr = pkcs7->encryptionKey;
    pkcs7->encryptionKey = NULL;
    AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
                                   decoded, sizeof(decoded)), BAD_FUNC_ARG);
    pkcs7->encryptionKey = tmpBytePtr;
    pkcs7->encryptionKeySz = 0;
    AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
                                   decoded, sizeof(decoded)), BAD_FUNC_ARG);

    printf(resultFmt, passed);
    wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_EncodeEncryptedData() */

/*
 * Testing wc_PKCS7_Degenerate()
 */
static void test_wc_PKCS7_Degenerate(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
    PKCS7* pkcs7;
    char   fName[] = "./certs/test-degenerate.p7b";
    XFILE  f;
    byte   der[4096];
    word32 derSz;
    int    ret;

    printf(testingFmt, "wc_PKCS7_Degenerate()");

    AssertNotNull(f = XFOPEN(fName, "rb"));
    AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
    derSz = (word32)ret;
    XFCLOSE(f);

    /* test degenerate success */
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
    AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
    wc_PKCS7_Free(pkcs7);

    /* test with turning off degenerate cases */
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E);
    wc_PKCS7_Free(pkcs7);

    printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_Degenerate() */

#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
    defined(ASN_BER_TO_DER) && !defined(NO_DES3)
static byte berContent[] = {
    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
    0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
    0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
    0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
    0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
    0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
    0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
    0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
    0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
    0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
    0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
    0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
    0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
    0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
    0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
    0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
    0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
    0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
    0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
    0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
    0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
    0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
    0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
    0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
    0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
    0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
    0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
    0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
    0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
    0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
    0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
    0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
    0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
    0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
    0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
    0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
    0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
    0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
    0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
    0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
    0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
    0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
    0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
    0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
    0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
    0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
    0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
    0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
    0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
    0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
    0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
    0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
    0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
    0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
    0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
    0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
    0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
    0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
    0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
    0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
    0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
    0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
    0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
    0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
    0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
    0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
    0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
    0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
    0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
    0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
    0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
    0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
    0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
    0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
    0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
    0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
    0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
    0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
    0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
    0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
    0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
    0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
    0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
    0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
    0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
    0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
    0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
    0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
    0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
    0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
    0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
    0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
    0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
    0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
    0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
    0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
    0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
    0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
    0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
    0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
    0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
    0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
    0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
    0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
    0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
    0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
    0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
    0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
    0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
    0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
    0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
    0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
    0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
    0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
    0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
    0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
    0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
    0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
    0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
    0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
    0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
    0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
    0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
    0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
    0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
    0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
    0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
    0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
    0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
    0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
    0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
    0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
    0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
    0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
    0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
    0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
    0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
    0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
    0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
    0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
    0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
    0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
    0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
    0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
    0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
    0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
    0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
    0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
    0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
    0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
    0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
    0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
    0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
    0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
    0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
    0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
    0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
    0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
    0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
    0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
    0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
    0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
    0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
    0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
    0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
    0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
    0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
    0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
    0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
    0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
    0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
    0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
    0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
    0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
    0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
    0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
    0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
    0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
    0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
    0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
    0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
    0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
    0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
    0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00
};
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */

/*
 * Testing wc_PKCS7_BER()
 */
static void test_wc_PKCS7_BER(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
    defined(ASN_BER_TO_DER)
    PKCS7* pkcs7;
    char   fName[] = "./certs/test-ber-exp02-05-2022.p7b";
    XFILE  f;
    byte   der[4096];
#ifndef NO_DES3
    byte   decoded[2048];
#endif
    word32 derSz;
    int    ret;

    printf(testingFmt, "wc_PKCS7_BER()");

    AssertNotNull(f = XFOPEN(fName, "rb"));
    AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
    derSz = (word32)ret;
    XFCLOSE(f);

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
    AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
    wc_PKCS7_Free(pkcs7);

#ifndef NO_DES3
    /* decode BER content */
    AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb"));
    AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
    derSz = (word32)ret;
    XFCLOSE(f);
    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
#ifndef NO_RSA
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#else
    AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#endif

    AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb"));
    AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
    derSz = (word32)ret;
    XFCLOSE(f);
    pkcs7->privateKey   = der;
    pkcs7->privateKeySz = derSz;
#ifndef NO_RSA
#ifdef WOLFSSL_SP_MATH
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
        sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
#else
    AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
        sizeof(berContent), decoded, sizeof(decoded)), 0);
#endif
#else
    AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
        sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
#endif
    wc_PKCS7_Free(pkcs7);
#endif /* !NO_DES3 */

    printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_BER() */

static void test_PKCS7_signed_enveloped(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
    !defined(NO_FILESYSTEM)
    XFILE  f;
    PKCS7* pkcs7;
#ifdef HAVE_AES_CBC
    PKCS7* inner;
#endif
    void*  pt;
    WC_RNG rng;
    unsigned char key[FOURK_BUF/2];
    unsigned char cert[FOURK_BUF/2];
    unsigned char env[FOURK_BUF];
    int envSz  = FOURK_BUF;
    int keySz;
    int certSz;

    unsigned char sig[FOURK_BUF * 2];
    int sigSz = FOURK_BUF * 2;
#ifdef HAVE_AES_CBC
    unsigned char decoded[FOURK_BUF];
    int decodedSz = FOURK_BUF;
#endif

    printf(testingFmt, "PKCS7_signed_enveloped");

    /* load cert */
    AssertNotNull(f = XFOPEN(cliCertDerFile, "rb"));
    AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
    XFCLOSE(f);

    /* load key */
    AssertNotNull(f = XFOPEN(cliKeyFile, "rb"));
    AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
    XFCLOSE(f);
    keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL);

    /* sign cert for envelope */
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_InitRng(&rng), 0);
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
    pkcs7->content    = cert;
    pkcs7->contentSz  = certSz;
    pkcs7->contentOID = DATA;
    pkcs7->privateKey   = key;
    pkcs7->privateKeySz = keySz;
    pkcs7->encryptOID   = RSAk;
    pkcs7->hashOID      = SHA256h;
    pkcs7->rng          = &rng;
    AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
    wc_PKCS7_Free(pkcs7);
    wc_FreeRng(&rng);

#ifdef HAVE_AES_CBC
    /* create envelope */
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
    pkcs7->content   = sig;
    pkcs7->contentSz = sigSz;
    pkcs7->contentOID = DATA;
    pkcs7->encryptOID = AES256CBCb;
    pkcs7->privateKey   = key;
    pkcs7->privateKeySz = keySz;
    AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
    wc_PKCS7_Free(pkcs7);
#endif

    /* create bad signed enveloped data */
    sigSz = FOURK_BUF * 2;
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_InitRng(&rng), 0);
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
    pkcs7->content    = env;
    pkcs7->contentSz  = envSz;
    pkcs7->contentOID = DATA;
    pkcs7->privateKey   = key;
    pkcs7->privateKeySz = keySz;
    pkcs7->encryptOID   = RSAk;
    pkcs7->hashOID      = SHA256h;
    pkcs7->rng = &rng;

    /* Set no certs in bundle for this test. Hang on to the pointer though to
     * free it later. */
    pt = (void*)pkcs7->certList;
    pkcs7->certList = NULL; /* no certs in bundle */
    AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
    pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */
    wc_PKCS7_Free(pkcs7);

    /* check verify fails */
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
            PKCS7_SIGNEEDS_CHECK);

    /* try verifying the signature manually */
    {
        RsaKey rKey;
        word32 idx = 0;
        byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
            WC_MAX_DIGEST_SIZE];
        int  digestSz;

        AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
        AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
        digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz,
                    digest, sizeof(digest), &rKey);
        AssertIntGT(digestSz, 0);
        AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz);
        AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
        AssertIntEQ(wc_FreeRsaKey(&rKey), 0);
        /* verify was success */
    }

    wc_PKCS7_Free(pkcs7);

    /* initializing the PKCS7 struct with the signing certificate should pass */
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
    wc_PKCS7_Free(pkcs7);

    /* create valid degenerate bundle */
    sigSz = FOURK_BUF * 2;
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    pkcs7->content    = env;
    pkcs7->contentSz  = envSz;
    pkcs7->contentOID = DATA;
    pkcs7->privateKey   = key;
    pkcs7->privateKeySz = keySz;
    pkcs7->encryptOID   = RSAk;
    pkcs7->hashOID      = SHA256h;
    pkcs7->rng = &rng;
    AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
    AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
    wc_PKCS7_Free(pkcs7);
    wc_FreeRng(&rng);

    /* check verify */
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
    AssertNotNull(pkcs7->content);

#ifdef HAVE_AES_CBC
    /* check decode */
    AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
    inner->privateKey   = key;
    inner->privateKeySz = keySz;
    AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
                   pkcs7->contentSz, decoded, decodedSz)), 0);
    wc_PKCS7_Free(inner);
#endif
    wc_PKCS7_Free(pkcs7);

#ifdef HAVE_AES_CBC
    /* check cert set */
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
    AssertNotNull(pkcs7->singleCert);
    AssertIntNE(pkcs7->singleCertSz, 0);
    wc_PKCS7_Free(pkcs7);
#endif

    printf(resultFmt, passed);

#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
}
static void test_wc_PKCS7_NoDefaultSignedAttribs (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
    && !defined(NO_AES)
    PKCS7*      pkcs7;
    void*       heap = NULL;

    printf(testingFmt, "wc_PKCS7_NoDefaultSignedAttribs()");

    pkcs7 = wc_PKCS7_New(heap, devId);
    AssertNotNull(pkcs7);
    AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);

    AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);

    AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);

    wc_PKCS7_Free(pkcs7);

    printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_SetOriEncryptCtx (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
    && !defined(NO_AES)
    PKCS7*      pkcs7;
    void*       heap = NULL;
    WOLFSSL_CTX* ctx;
    ctx = NULL;

    printf(testingFmt, "wc_PKCS7_SetOriEncryptCtx()");

    pkcs7 = wc_PKCS7_New(heap, devId);
    AssertNotNull(pkcs7);
    AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);

    AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);

    AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);

    wc_PKCS7_Free(pkcs7);

    printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_SetOriDecryptCtx (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
    && !defined(NO_AES)
    PKCS7*      pkcs7;
    void*       heap = NULL;
    WOLFSSL_CTX* ctx;
    ctx = NULL;

    printf(testingFmt, "wc_PKCS7_SetOriDecryptCtx()");

    pkcs7 = wc_PKCS7_New(heap, devId);
    AssertNotNull(pkcs7);
    AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);

    AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);

    AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);

    wc_PKCS7_Free(pkcs7);
    printf(resultFmt, passed);
#endif
}

static void test_wc_PKCS7_DecodeCompressedData(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
    && !defined(NO_AES) && defined(HAVE_LIBZ)
    PKCS7* pkcs7;
    void*  heap = NULL;
    byte   out[4096];
    byte   *decompressed;
    int    outSz, decompressedSz;

    const char* cert = "./certs/client-cert.pem";
    byte*  cert_buf = NULL;
    size_t cert_sz = 0;

    printf(testingFmt, "wc_PKCS7_DecodeCompressedData()");

    AssertIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
    AssertNotNull((decompressed =
                (byte*)XMALLOC(cert_sz, heap, DYNAMIC_TYPE_TMP_BUFFER)));
    decompressedSz = (int)cert_sz;
    AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));

    pkcs7->content    = (byte*)cert_buf;
    pkcs7->contentSz  = (word32)cert_sz;
    pkcs7->contentOID = DATA;

    AssertIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
                    sizeof(out))), 0);
    wc_PKCS7_Free(pkcs7);

    /* compressed key should be smaller than when started */
    AssertIntLT(outSz, cert_sz);

    /* test decompression */
    AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
    AssertIntEQ(pkcs7->contentOID, 0);

    /* fail case with out buffer too small */
    AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
                decompressed, outSz), 0);

    /* success case */
    AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
                decompressed, decompressedSz), cert_sz);
    AssertIntEQ(pkcs7->contentOID, DATA);
    AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
    decompressed = NULL;

    /* test decompression function with different 'max' inputs */
    outSz = sizeof(out);
    AssertIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
            0);
    AssertIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
            out, outSz, 0, heap), 0);
    AssertNull(decompressed);
    AssertIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
            out, outSz, 0, heap), 0);
    AssertNotNull(decompressed);
    AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
    decompressed = NULL;

    AssertIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
            out, outSz, 0, heap), 0);
    AssertNotNull(decompressed);
    AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);

    if (cert_buf)
        free(cert_buf);
    wc_PKCS7_Free(pkcs7);

    printf(resultFmt, passed);
#endif
}

static void test_wc_i2d_PKCS12(void)
{
#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
    && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
    && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
    WC_PKCS12* pkcs12 = NULL;
    unsigned char der[FOURK_BUF * 2];
    unsigned char* pt;
    int derSz;
    unsigned char out[FOURK_BUF * 2];
    int outSz = FOURK_BUF * 2;

    const char p12_f[] = "./certs/test-servercert.p12";
    XFILE f;

    printf(testingFmt, "wc_i2d_PKCS12");

    f =  XFOPEN(p12_f, "rb");
    AssertNotNull(f);
    derSz = (int)XFREAD(der, 1, sizeof(der), f);
    AssertIntGT(derSz, 0);
    XFCLOSE(f);

    AssertNotNull(pkcs12 = wc_PKCS12_new());
    AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
    AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
    AssertIntEQ(outSz, derSz);

    outSz = derSz - 1;
    pt = out;
    AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);

    outSz = derSz;
    AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
    AssertIntEQ((pt == out), 0);

    pt = NULL;
    AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
    XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
    wc_PKCS12_free(pkcs12);

    printf(resultFmt, passed);

#endif
}


/* Testing wc_SignatureGetSize() for signature type ECC */
static int test_wc_SignatureGetSize_ecc(void)
{
    int ret = 0;
    #ifndef NO_SIG_WRAPPER
    #if defined(HAVE_ECC) && !defined(NO_ECC256)
        enum wc_SignatureType sig_type;
        word32 key_len;

        /* Initialize ECC Key */
        ecc_key ecc;
        const char* qx =
            "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
        const char* qy =
            "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
        const char* d =
            "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";

        ret = wc_ecc_init(&ecc);
        if (ret == 0) {
            ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
        }
        printf(testingFmt, "wc_SigntureGetSize_ecc()");
        if (ret == 0) {
            /* Input for signature type ECC */
            sig_type = WC_SIGNATURE_TYPE_ECC;
            key_len = sizeof(ecc_key);
            ret = wc_SignatureGetSize(sig_type, &ecc, key_len);

            /* Test bad args */
            if (ret > 0) {
                sig_type = (enum wc_SignatureType) 100;
                ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
                if (ret == BAD_FUNC_ARG) {
                    sig_type = WC_SIGNATURE_TYPE_ECC;
                    ret = wc_SignatureGetSize(sig_type, NULL, key_len);
                }
                if (ret >= 0) {
                    key_len = (word32) 0;
                    ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = SIG_TYPE_E;
                }
            }
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
        wc_ecc_free(&ecc);
    #else
        ret = SIG_TYPE_E;
    #endif

    if (ret == SIG_TYPE_E) {
        ret = 0;
    }
    else {
        ret = WOLFSSL_FATAL_ERROR;
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    #endif /* NO_SIG_WRAPPER */
    return ret;
}/* END test_wc_SignatureGetSize_ecc() */

/* Testing wc_SignatureGetSize() for signature type rsa */
static int test_wc_SignatureGetSize_rsa(void)
{
    int ret = 0;
    #ifndef NO_SIG_WRAPPER
    #ifndef NO_RSA
        enum wc_SignatureType sig_type;
        word32 key_len;
        word32 idx = 0;

        /* Initialize RSA Key */
        RsaKey rsa_key;
        byte* tmp = NULL;
        size_t bytes;

        #ifdef USE_CERT_BUFFERS_1024
            bytes = (size_t)sizeof_client_key_der_1024;
            if (bytes < (size_t)sizeof_client_key_der_1024)
                bytes = (size_t)sizeof_client_cert_der_1024;
        #elif defined(USE_CERT_BUFFERS_2048)
            bytes = (size_t)sizeof_client_key_der_2048;
            if (bytes < (size_t)sizeof_client_cert_der_2048)
                bytes = (size_t)sizeof_client_cert_der_2048;
        #else
            bytes = FOURK_BUF;
        #endif

        tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
        if (tmp != NULL) {
            #ifdef USE_CERT_BUFFERS_1024
                XMEMCPY(tmp, client_key_der_1024,
                    (size_t)sizeof_client_key_der_1024);
            #elif defined(USE_CERT_BUFFERS_2048)
                XMEMCPY(tmp, client_key_der_2048,
                    (size_t)sizeof_client_key_der_2048);
            #elif !defined(NO_FILESYSTEM)
                file = XFOPEN(clientKey, "rb");
                if (file != XBADFILE) {
                    bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file);
                    XFCLOSE(file);
                }
                else {
                    ret = WOLFSSL_FATAL_ERROR;
                }
            #else
                ret = WOLFSSL_FATAL_ERROR;
            #endif
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }

        if (ret == 0) {
            ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId);
        }
        if (ret == 0) {
            ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes);
        }

        printf(testingFmt, "wc_SigntureGetSize_rsa()");
        if (ret == 0) {
            /* Input for signature type RSA */
            sig_type = WC_SIGNATURE_TYPE_RSA;
            key_len = sizeof(RsaKey);
            ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);

            /* Test bad args */
            if (ret > 0) {
                sig_type = (enum wc_SignatureType) 100;
                ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
                if (ret == BAD_FUNC_ARG) {
                    sig_type = WC_SIGNATURE_TYPE_RSA;
                    ret = wc_SignatureGetSize(sig_type, NULL, key_len);
                }
            #ifndef HAVE_USER_RSA
                if (ret == BAD_FUNC_ARG) {
            #else
                if (ret == 0) {
            #endif
                    key_len = (word32)0;
                    ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
                }
                if (ret == BAD_FUNC_ARG) {
                    ret = SIG_TYPE_E;
                }
            }
        } else {
            ret = WOLFSSL_FATAL_ERROR;
        }
        wc_FreeRsaKey(&rsa_key);
        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    #else
        ret = SIG_TYPE_E;
    #endif

    if (ret == SIG_TYPE_E) {
        ret = 0;
    }else {
        ret = WOLFSSL_FATAL_ERROR;
    }

   printf(resultFmt, ret == 0 ? passed : failed);
   #endif /* NO_SIG_WRAPPER */
   return ret;
}/* END test_wc_SignatureGetSize_rsa(void) */

/*----------------------------------------------------------------------------*
 | hash.h Tests
 *----------------------------------------------------------------------------*/

static int test_wc_HashInit(void)
{
    int ret = 0, i;  /* 0 indicates tests passed, 1 indicates failure */

    wc_HashAlg hash;

    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
    enum wc_HashType enumArray[] = {
    #ifndef NO_MD5
            WC_HASH_TYPE_MD5,
    #endif
    #ifndef NO_SHA
            WC_HASH_TYPE_SHA,
    #endif
    #ifndef WOLFSSL_SHA224
            WC_HASH_TYPE_SHA224,
    #endif
    #ifndef NO_SHA256
            WC_HASH_TYPE_SHA256,
    #endif
    #ifndef WOLFSSL_SHA384
            WC_HASH_TYPE_SHA384,
    #endif
    #ifndef WOLFSSL_SHA512
            WC_HASH_TYPE_SHA512,
    #endif
    };
    /* dynamically finds the length */
    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));

    /* For loop to test various arguments... */
    for (i = 0; i < enumlen; i++) {
        /* check for bad args */
        if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) {
            ret = 1;
            break;
        }
        wc_HashFree(&hash, enumArray[i]);

        /* check for null ptr */
        if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) {
            ret = 1;
            break;
        }

    }  /* end of for loop */

    printf(testingFmt, "wc_HashInit()");
    if (ret==0) {  /* all tests have passed */
        printf(resultFmt, passed);
    }
    else {  /* a test has failed */
        printf(resultFmt, failed);
    }
    return ret;
}  /* end of test_wc_HashInit */
/*
 * Unit test function for wc_HashSetFlags()
 */
static int test_wc_HashSetFlags(void)
{
    int ret = 0;
#ifdef WOLFSSL_HASH_FLAGS
    wc_HashAlg hash;
    word32 flags = 0;
    int i, j;
    printf(testingFmt, "wc_HashSetFlags()");


    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
    enum wc_HashType enumArray[] = {
    #ifndef NO_MD5
            WC_HASH_TYPE_MD5,
    #endif
    #ifndef NO_SHA
            WC_HASH_TYPE_SHA,
    #endif
    #ifdef WOLFSSL_SHA224
            WC_HASH_TYPE_SHA224,
    #endif
    #ifndef NO_SHA256
            WC_HASH_TYPE_SHA256,
    #endif
    #ifdef WOLFSSL_SHA384
            WC_HASH_TYPE_SHA384,
    #endif
    #ifdef WOLFSSL_SHA512
            WC_HASH_TYPE_SHA512,
    #endif
    #ifdef WOLFSSL_SHA3
            WC_HASH_TYPE_SHA3_224,
    #endif
    };
    enum wc_HashType notSupported[] = {
              WC_HASH_TYPE_MD5_SHA,
              WC_HASH_TYPE_MD2,
              WC_HASH_TYPE_MD4,
              WC_HASH_TYPE_BLAKE2B,
              WC_HASH_TYPE_BLAKE2S,
              WC_HASH_TYPE_NONE,
     };

    /* dynamically finds the length */
    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));

    /* For loop to test various arguments... */
    for (i = 0; i < enumlen; i++) {
        ret = wc_HashInit(&hash, enumArray[i]);
        if (ret == 0) {
            ret = wc_HashSetFlags(&hash, enumArray[i], flags);
        }
        if (ret == 0) {
            if (flags & WC_HASH_FLAG_ISCOPY) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_HashSetFlags(NULL, enumArray[i], flags);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }

        wc_HashFree(&hash, enumArray[i]);

    }
    /* For loop to test not supported cases */
    int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
    for (j = 0; ret == 0 && j < notSupportedLen; j++){
        ret = wc_HashInit(&hash, notSupported[j]);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == BAD_FUNC_ARG){
            ret = wc_HashSetFlags(&hash, notSupported[j], flags);
            if (ret == 0) {
                ret = -1;
            }
            else if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_HashFree(&hash, notSupported[j]);
            if (ret == 0) {
                ret = -1;
            }
            else if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}  /* END test_wc_HashSetFlags */
/*
 * Unit test function for wc_HashGetFlags()
 */
static int test_wc_HashGetFlags(void)
{
    int ret = 0;
#ifdef WOLFSSL_HASH_FLAGS
    wc_HashAlg hash;
    word32 flags = 0;
    int i, j;
    printf(testingFmt, "wc_HashGetFlags()");


    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
    enum wc_HashType enumArray[] = {
    #ifndef NO_MD5
            WC_HASH_TYPE_MD5,
    #endif
    #ifndef NO_SHA
            WC_HASH_TYPE_SHA,
    #endif
    #ifdef WOLFSSL_SHA224
            WC_HASH_TYPE_SHA224,
    #endif
    #ifndef NO_SHA256
            WC_HASH_TYPE_SHA256,
    #endif
    #ifdef WOLFSSL_SHA384
            WC_HASH_TYPE_SHA384,
    #endif
    #ifdef WOLFSSL_SHA512
            WC_HASH_TYPE_SHA512,
    #endif
    #ifdef WOLFSSL_SHA3
            WC_HASH_TYPE_SHA3_224,
    #endif
    };
    enum wc_HashType notSupported[] = {
              WC_HASH_TYPE_MD5_SHA,
              WC_HASH_TYPE_MD2,
              WC_HASH_TYPE_MD4,
              WC_HASH_TYPE_BLAKE2B,
              WC_HASH_TYPE_BLAKE2S,
              WC_HASH_TYPE_NONE,
    };
    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));

    /* For loop to test various arguments... */
    for (i = 0; i < enumlen; i++) {
        ret = wc_HashInit(&hash, enumArray[i]);
        if (ret == 0) {
            ret = wc_HashGetFlags(&hash, enumArray[i], &flags);
        }
        if (ret == 0) {
            if (flags & WC_HASH_FLAG_ISCOPY) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_HashGetFlags(NULL, enumArray[i], &flags);
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        wc_HashFree(&hash, enumArray[i]);
        if (ret != 0) {
            break;
        }
    }
    /* For loop to test not supported cases */
    int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
    for (j = 0; ret == 0 && j < notSupportedLen; j++){
        ret = wc_HashInit(&hash, notSupported[j]);
        if (ret == 0) {
            ret = -1;
        }
        else if (ret == BAD_FUNC_ARG){
            ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
            if (ret == 0) {
                ret = -1;
            }
            else if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
        if (ret == 0) {
            ret = wc_HashFree(&hash, notSupported[j]);
            if (ret == 0) {
                ret = -1;
            }
            if (ret == BAD_FUNC_ARG) {
                ret = 0;
            }
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}  /* END test_wc_HashGetFlags */

/*----------------------------------------------------------------------------*
 | Compatibility Tests
 *----------------------------------------------------------------------------*/

static void test_wolfSSL_lhash(void)
{
#ifdef OPENSSL_ALL
    const char testStr[] = "Like a true nature's child\n"
                           "We were born\n"
                           "Born to be wild";

    printf(testingFmt, "wolfSSL_LH_strhash()");

    AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_NAME(void)
{
    #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
        !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
        && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \
        (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
         defined(OPENSSL_EXTRA))
    X509* x509;
    const unsigned char* c;
    unsigned char buf[4096];
    int bytes;
    XFILE f;
    const X509_NAME* a;
    const X509_NAME* b;
    X509_NAME* d2i_name = NULL;
    int sz;
    unsigned char* tmp;
    char file[] = "./certs/ca-cert.der";
#ifndef OPENSSL_EXTRA_X509_SMALL
    byte empty[] = { /* CN=empty emailAddress= */
        0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03,
        0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70,
        0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09,
        0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
        0x01, 0x16, 0x00
    };
#endif

    printf(testingFmt, "wolfSSL_X509_NAME()");

#ifndef OPENSSL_EXTRA_X509_SMALL
    /* test compile of deprecated function, returns 0 */
    AssertIntEQ(CRYPTO_thread_id(), 0);
#endif

    AssertNotNull(a = X509_NAME_new());
    X509_NAME_free((X509_NAME*)a);

    f = XFOPEN(file, "rb");
    AssertTrue(f != XBADFILE);
    bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    c = buf;
    AssertNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));

    /* test cmp function */
    AssertNotNull(a = X509_get_issuer_name(x509));
    AssertNotNull(b = X509_get_subject_name(x509));

#ifndef OPENSSL_EXTRA_X509_SMALL
    AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
#endif

    tmp = buf;
    AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
    if (sz > 0 && tmp == buf) {
        printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);           \
        printf(" Expected pointer to be incremented\n");
        abort();
    }

#ifndef OPENSSL_EXTRA_X509_SMALL
    tmp = buf;
    AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
#endif

    /* retry but with the function creating a buffer */
    tmp = NULL;
    AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
    XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);


    AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
#ifndef OPENSSL_EXTRA_X509_SMALL
    AssertIntEQ(X509_NAME_cmp(a, b), 0);
#endif
    X509_NAME_free((X509_NAME*)b);
    X509_NAME_free(d2i_name);
    X509_free(x509);

#ifndef OPENSSL_EXTRA_X509_SMALL
    /* test with an empty domain component */
    tmp = empty;
    sz  = sizeof(empty);
    AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
    AssertIntEQ(X509_NAME_entry_count(d2i_name), 2);

    /* size of empty emailAddress will be 0 */
    tmp = buf;
    AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress,
                (char*)tmp, sizeof(buf)), 0);

    /* should contain no organization name */
    tmp = buf;
    AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName,
                (char*)tmp, sizeof(buf)), -1);
    X509_NAME_free(d2i_name);
#endif

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
}

static void test_wolfSSL_X509_NAME_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) \
    && !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
    BIO* bio;
    X509* x509 = NULL;

    printf(testingFmt, "wolfSSL_X509_NAME_hash");

    AssertNotNull(bio = BIO_new(BIO_s_file()));
    AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
    AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
    AssertIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0xF6CF410E);
    AssertIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0x677DD39A);

    X509_free(x509);
    BIO_free(bio);
    printf(resultFmt, passed);
#endif
}

#ifndef NO_BIO
static void test_wolfSSL_X509_INFO(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
    STACK_OF(X509_INFO) *info_stack;
    X509_INFO *info;
    BIO *cert;
    int i;
    /* PEM in hex format to avoid null terminator */
    byte data[] = {
        0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47,
        0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d,
        0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d,
        0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d,
        0x2d, 0x2d, 0x2d
    };
    /* PEM in hex format to avoid null terminator */
    byte data2[] = {
        0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72,
        0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d,
        0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50,
        0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d,
        0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71,
        0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d,
        0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
    };

    printf(testingFmt, "wolfSSL_X509_INFO");

    AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
    AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
    for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
        AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
        AssertNotNull(info->x509);
        AssertNull(info->crl);
    }
    sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
    BIO_free(cert);

    AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
    AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
    sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
    BIO_free(cert);

    /* This case should fail due to invalid input. */
    AssertNotNull(cert = BIO_new(BIO_s_mem()));
    AssertIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data));
    AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
    sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
    BIO_free(cert);
    AssertNotNull(cert = BIO_new(BIO_s_mem()));
    AssertIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2));
    AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
    sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
    BIO_free(cert);

    printf(resultFmt, passed);
#endif
}
#endif

static void test_wolfSSL_X509_subject_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
    && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))

    X509* x509;
    X509_NAME* subjectName = NULL;
    unsigned long ret = 0;

    printf(testingFmt, "wolfSSL_X509_subject_name_hash()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                SSL_FILETYPE_PEM));

    AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
    ret = X509_subject_name_hash(x509);
    AssertIntNE(ret, 0);

    X509_free(x509);
    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_X509_issuer_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
    && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))

    X509* x509;
    X509_NAME* issuertName = NULL;
    unsigned long ret = 0;

    printf(testingFmt, "wolfSSL_X509_issuer_name_hash()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                SSL_FILETYPE_PEM));

    AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
    ret = X509_issuer_name_hash(x509);
    AssertIntNE(ret, 0);

    X509_free(x509);
    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_X509_check_host(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
    && !defined(NO_SHA) && !defined(NO_RSA)

    X509* x509;
    const char altName[] = "example.com";

    printf(testingFmt, "wolfSSL_X509_check_host()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                SSL_FILETYPE_PEM));

    AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
            WOLFSSL_SUCCESS);

    AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
            WOLFSSL_FAILURE);

    X509_free(x509);

    AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
            WOLFSSL_FAILURE);

    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_X509_check_email(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
    X509* x509;
    const char goodEmail[] = "info@wolfssl.com";
    const char badEmail[] = "disinfo@wolfssl.com";

    printf(testingFmt, "wolfSSL_X509_check_email()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                SSL_FILETYPE_PEM));

    /* Should fail on non-matching email address */
    AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
            WOLFSSL_FAILURE);
    /* Should succeed on matching email address */
    AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
            WOLFSSL_SUCCESS);
    /* Should compute length internally when not provided */
    AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0),
            WOLFSSL_SUCCESS);
    /* Should fail when email address is NULL */
    AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
            WOLFSSL_FAILURE);

    X509_free(x509);

    /* Should fail when x509 is NULL */
    AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
            WOLFSSL_FAILURE);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
}

static void test_wolfSSL_DES(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
    const_DES_cblock myDes;
    DES_cblock iv;
    DES_key_schedule key;
    word32 i;
    DES_LONG dl;
    unsigned char msg[] = "hello wolfssl";

    printf(testingFmt, "wolfSSL_DES()");

    DES_check_key(1);
    DES_set_key(&myDes, &key);

    /* check, check of odd parity */
    XMEMSET(myDes, 4, sizeof(const_DES_cblock));  myDes[0] = 6; /*set even parity*/
    XMEMSET(key, 5, sizeof(DES_key_schedule));
    AssertIntEQ(DES_set_key_checked(&myDes, &key), -1);
    AssertIntNE(key[0], myDes[0]); /* should not have copied over key */

    /* set odd parity for success case */
    DES_set_odd_parity(&myDes);
    AssertIntEQ(DES_check_key_parity(&myDes), 1);
    printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]);
    AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
    for (i = 0; i < sizeof(DES_key_schedule); i++) {
        AssertIntEQ(key[i], myDes[i]);
    }
    AssertIntEQ(DES_is_weak_key(&myDes), 0);

    /* check weak key */
    XMEMSET(myDes, 1, sizeof(const_DES_cblock));
    XMEMSET(key, 5, sizeof(DES_key_schedule));
    AssertIntEQ(DES_set_key_checked(&myDes, &key), -2);
    AssertIntNE(key[0], myDes[0]); /* should not have copied over key */

    /* now do unchecked copy of a weak key over */
    DES_set_key_unchecked(&myDes, &key);
    /* compare arrays, should be the same */
    for (i = 0; i < sizeof(DES_key_schedule); i++) {
        AssertIntEQ(key[i], myDes[i]);
    }
    AssertIntEQ(DES_is_weak_key(&myDes), 1);

    /* check DES_key_sched API */
    XMEMSET(key, 1, sizeof(DES_key_schedule));
    AssertIntEQ(DES_key_sched(&myDes, NULL), 0);
    AssertIntEQ(DES_key_sched(NULL, &key),   0);
    AssertIntEQ(DES_key_sched(&myDes, &key), 0);
    /* compare arrays, should be the same */
    for (i = 0; i < sizeof(DES_key_schedule); i++) {
        AssertIntEQ(key[i], myDes[i]);
    }

    /* DES_cbc_cksum should return the last 4 of the last 8 bytes after
     * DES_cbc_encrypt on the input */
    XMEMSET(iv, 0, sizeof(DES_cblock));
    XMEMSET(myDes, 5, sizeof(DES_key_schedule));
    AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
    AssertIntEQ(dl, 480052723);

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
}

static void test_wc_PemToDer(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
    int ret;
    DerBuffer* pDer = NULL;
    const char* ca_cert = "./certs/server-cert.pem";
    byte* cert_buf = NULL;
    size_t cert_sz = 0;
    int eccKey = 0;
    EncryptedInfo info;

    printf(testingFmt, "wc_PemToDer()");

    XMEMSET(&info, 0, sizeof(info));

    ret = load_file(ca_cert, &cert_buf, &cert_sz);
    if (ret == 0) {
        ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE,
            &pDer, NULL, &info, &eccKey);
        AssertIntEQ(ret, 0);

        wc_FreeDer(&pDer);
    }

    if (cert_buf)
        free(cert_buf);

#ifdef HAVE_ECC
    {
        const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
        byte key_buf[256] = {0};

        /* Test fail of loading a key with cert type */
        AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
        key_buf[0] = '\n';
        XMEMCPY(key_buf + 1, cert_buf, cert_sz);
        AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
            &pDer, NULL, &info, &eccKey)), 0);

    #ifdef OPENSSL_EXTRA
        AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
            &pDer, NULL, &info, &eccKey)), 0);
    #endif
        wc_FreeDer(&pDer);
        if (cert_buf)
            free(cert_buf);
    }
#endif
    printf(resultFmt, passed);
#endif
}

static void test_wc_AllocDer(void)
{
#if !defined(NO_CERTS)
    int ret;
    DerBuffer* pDer = NULL;
    word32 testSize = 1024;

    printf(testingFmt, "wc_AllocDer()");

    ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT);
    AssertIntEQ(ret, 0);
    AssertNotNull(pDer);
    wc_FreeDer(&pDer);
    printf(resultFmt, passed);
#endif
}

static void test_wc_CertPemToDer(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
    int ret;
    const char* ca_cert = "./certs/ca-cert.pem";
    byte* cert_buf = NULL;
    size_t cert_sz = 0, cert_dersz = 0;
    byte* cert_der = NULL;

    printf(testingFmt, "wc_CertPemToDer()");

    ret = load_file(ca_cert, &cert_buf, &cert_sz);
    if (ret == 0) {
        cert_dersz = cert_sz; /* DER will be smaller than PEM */
        cert_der = (byte*)malloc(cert_dersz);
        if (cert_der) {
            ret = wc_CertPemToDer(cert_buf, (int)cert_sz,
                cert_der, (int)cert_dersz, CERT_TYPE);
            AssertIntGE(ret, 0);
        }
    }

    if (cert_der)
        free(cert_der);
    if (cert_buf)
        free(cert_buf);
#endif
}

static void test_wc_PubKeyPemToDer(void)
{
#ifdef WOLFSSL_PEM_TO_DER
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
    int ret;
    const char* key = "./certs/ecc-client-keyPub.pem";
    byte* cert_buf = NULL;
    size_t cert_sz = 0, cert_dersz = 0;
    byte* cert_der = NULL;

    printf(testingFmt, "wc_PubKeyPemToDer()");


    ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
        cert_der, (int)cert_dersz);
    AssertIntGE(ret, BAD_FUNC_ARG);

    ret = load_file(key, &cert_buf, &cert_sz);
    if (ret == 0) {
        cert_dersz = cert_sz; /* DER will be smaller than PEM */
        cert_der = (byte*)malloc(cert_dersz);
        if (cert_der) {
            ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
                cert_der, (int)cert_dersz);
            AssertIntGE(ret, 0);
        }
    }

    if (cert_der)
        free(cert_der);
    if (cert_buf)
        free(cert_buf);
#endif
#endif
}

static void test_wc_PemPubKeyToDer(void)
{
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
    int ret;
    const char* key = "./certs/ecc-client-keyPub.pem";
    size_t cert_dersz = 1024;
    byte* cert_der = (byte*)malloc(cert_dersz);

    printf(testingFmt, "wc_PemPubKeyToDer()");

    ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz);
    AssertIntGE(ret, BAD_FUNC_ARG);

    if (cert_der) {
        ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz);
        AssertIntGE(ret, 0);

        free(cert_der);
    }
#endif
}


static void test_wolfSSL_certs(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
    !defined(NO_RSA)
    X509*  x509ext;
#ifdef OPENSSL_ALL
    X509*  x509;
    WOLFSSL_X509_EXTENSION* ext;
    ASN1_OBJECT* obj;
#endif
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
    STACK_OF(ASN1_OBJECT)* sk;
    ASN1_STRING* asn1_str;
    AUTHORITY_KEYID* akey;
    BASIC_CONSTRAINTS* bc;
    int crit;

    printf(testingFmt, "wolfSSL_certs()");

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
    #endif
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
    #endif
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif

    #ifdef HAVE_PK_CALLBACKS
    AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
    #endif /* HAVE_PK_CALLBACKS */

    /* create and use x509 */
#ifdef OPENSSL_ALL
    x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);
#endif
    x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509ext);
    AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    /* with loading in a new cert the check on private key should now fail */
    AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif


    #if defined(USE_CERT_BUFFERS_2048)
        AssertIntEQ(SSL_use_certificate_ASN1(ssl,
                                  (unsigned char*)server_cert_der_2048,
                                  sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
    #endif

    #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
    /************* Get Digest of Certificate ******************/
    {
        byte   digest[64]; /* max digest size */
        word32 digestSz;

        XMEMSET(digest, 0, sizeof(digest));
        AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
                    WOLFSSL_SUCCESS);
        AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
                    WOLFSSL_SUCCESS);

        AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
                    WOLFSSL_FAILURE);
    }
    #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */

    /* test and checkout X509 extensions */
    bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
            &crit, NULL);
    AssertNotNull(bc);
    AssertIntEQ(crit, 0);

#ifdef OPENSSL_ALL
    ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
    AssertNotNull(ext);
    X509_EXTENSION_free(ext);

    AssertNotNull(ext = X509_EXTENSION_new());
    X509_EXTENSION_set_critical(ext, 1);
    AssertNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
    AssertIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
    ASN1_OBJECT_free(obj);
    X509_EXTENSION_free(ext);

    AssertNotNull(ext = X509_EXTENSION_new());
    X509_EXTENSION_set_critical(ext, 0);
    AssertIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
    asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
            NULL);
    AssertIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
    ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
                                 * and X509_get_ext_d2i has created new */
    X509_EXTENSION_free(ext);

#endif
    BASIC_CONSTRAINTS_free(bc);

    asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
    AssertNotNull(asn1_str);
    AssertIntEQ(crit, 1);
    AssertIntEQ(asn1_str->type, NID_key_usage);
#ifdef OPENSSL_ALL
    ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str);
    AssertNotNull(ext);
    X509_EXTENSION_free(ext);
#endif
    ASN1_STRING_free(asn1_str);

#ifdef OPENSSL_ALL
    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
            &crit, NULL);
    AssertNotNull(sk);
    ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk);
    AssertNotNull(ext);
    X509_EXTENSION_free(ext);
    sk_ASN1_OBJECT_pop_free(sk, NULL);
#else
    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
            &crit, NULL);
    AssertNull(sk);
#endif

    akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
            NID_authority_key_identifier, &crit, NULL);
    AssertNotNull(akey);
#ifdef OPENSSL_ALL
    ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey);
    AssertNotNull(ext);
    X509_EXTENSION_free(ext);
#endif
    wolfSSL_AUTHORITY_KEYID_free(akey);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
            NID_private_key_usage_period, &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name,
            &crit, NULL);
    /* AssertNotNull(sk); no alt names set */
    sk_GENERAL_NAME_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit,
            NULL);
    /* AssertNotNull(sk); no auth info set */
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
            NID_certificate_policies, &crit, NULL);
    #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
        AssertNull(sk);
    #else
        /* AssertNotNull(sk); no cert policy set */
    #endif
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy,
            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit,
            NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    sk_ASN1_OBJECT_free(sk);

    /* test invalid cases */
    crit = 0;
    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL);
    AssertNull(sk);
    AssertIntEQ(crit, -1);
    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
            NULL, NULL);
    AssertNull(sk);

    AssertIntEQ(SSL_get_hit(ssl), 0);
#ifdef OPENSSL_ALL
    X509_free(x509);
#endif
    X509_free(x509ext);
    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_CERTS */
}

static void test_wolfSSL_X509_check_private_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
        defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
    X509*  x509;
    EVP_PKEY* pkey = NULL;
    const byte* key;

    printf(testingFmt, "wolfSSL_X509_check_private_key()");

    /* Check with correct key */
    AssertNotNull((x509 = X509_load_certificate_file(cliCertFile,
                                                     SSL_FILETYPE_PEM)));
    key = client_key_der_2048;
    AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
                &key, (long)sizeof_client_key_der_2048));
    AssertIntEQ(X509_check_private_key(x509, pkey), 1);
    EVP_PKEY_free(pkey);
    pkey = NULL;

    /* Check with wrong key */
    key = server_key_der_2048;
    AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
                &key, (long)sizeof_server_key_der_2048));
    AssertIntEQ(X509_check_private_key(x509, pkey), 0);

    /* test for incorrect parameter */
    AssertIntEQ(X509_check_private_key(NULL, pkey), 0);
    AssertIntEQ(X509_check_private_key(x509, NULL), 0);
    AssertIntEQ(X509_check_private_key(NULL, NULL), 0);

    EVP_PKEY_free(pkey);
    X509_free(x509);
    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_ASN1_TIME_print(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \
        && (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
            defined(WOLFSSL_HAPROXY)) && defined(USE_CERT_BUFFERS_2048)
    BIO*  bio;
    X509*  x509;
    const unsigned char* der = client_cert_der_2048;
    ASN1_TIME* t;
    unsigned char buf[25];

    printf(testingFmt, "wolfSSL_ASN1_TIME_print()");

    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
                sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
    AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1);
    AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
    AssertIntEQ(XMEMCMP(buf, "Feb 10 19:49:52 2021 GMT", sizeof(buf) - 1), 0);

    /* create a bad time and test results */
    AssertNotNull(t = X509_get_notAfter(x509));
    AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS);
    t->data[8] = 0;
    t->data[3]  = 0;
    AssertIntNE(ASN1_TIME_print(bio, t), 1);
    AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
    AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
    AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_FAILURE);

    BIO_free(bio);
    X509_free(x509);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_ASN1_UTCTIME_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
    BIO*  bio;
    ASN1_UTCTIME* utc = NULL;
    unsigned char buf[25];
    const char* validDate   = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */
    const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */

    printf(testingFmt, "ASN1_UTCTIME_print()");

    /* NULL parameter check */
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
    BIO_free(bio);

    /* Valid date */
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
                                                           DYNAMIC_TYPE_ASN1));
    utc->type = ASN_UTC_TIME;
    utc->length = ASN_UTC_TIME_SIZE;
    XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
    AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
    AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
    AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);

    XMEMSET(buf, 0, sizeof(buf));
    BIO_free(bio);

    /* Invalid format */
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    utc->type = ASN_UTC_TIME;
    utc->length = ASN_UTC_TIME_SIZE;
    XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
    AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
    AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
    AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);

    XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
    BIO_free(bio);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
}

static void test_wolfSSL_ASN1_TIME_diff(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
    ASN1_TIME* fromTime;
    ASN1_TIME* toTime;
    int daysDiff;
    int secsDiff;

    printf(testingFmt, "test_wolfSSL_ASN1_TIME_diff");

    AssertNotNull((fromTime = ASN1_TIME_new()));
    /* Feb 22, 2003, 21:15:15 */
    AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
    AssertNotNull((toTime = ASN1_TIME_new()));
    /* Dec 19, 2010, 18:10:11 */
    AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
    AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);

    AssertIntEQ(daysDiff, 2856);
    AssertIntEQ(secsDiff, 75296);

    ASN1_TIME_free(fromTime);
    ASN1_TIME_free(toTime);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
{
    #if defined(OPENSSL_EXTRA)
    WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime;
    unsigned char nullstr[32];

    printf(testingFmt, "test_wolfSSL_ASN1_GENERALIZEDTIME_free");

    XMEMSET(nullstr, 0, 32);
    asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
                    sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
                    DYNAMIC_TYPE_TMP_BUFFER);
    if (asn1_gtime) {
        XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);

        wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
        AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));

        XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }

    printf(resultFmt, passed);
    #endif /* OPENSSL_EXTRA */
}


static void test_wolfSSL_private_keys(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM)
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
    EVP_PKEY* pkey = NULL;

    printf(testingFmt, "wolfSSL_private_keys()");

    OpenSSL_add_all_digests();
    OpenSSL_add_all_algorithms();

#ifndef NO_RSA
    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
    /* Have to load a cert before you can check the private key against that
     * certificates public key! */
    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
    #endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
    #endif
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif

#ifdef USE_CERT_BUFFERS_2048
    {
    const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
    unsigned char buf[FOURK_BUF];
    word32 bufSz;

    AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
                (unsigned char*)client_key_der_2048,
                sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    /* Should mismatch now that a different private key loaded */
    AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif

    AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
                (unsigned char*)server_key,
                sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    /* After loading back in DER format of original key, should match */
    AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif

    /* test loading private key to the WOLFSSL_CTX */
    AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
                (unsigned char*)client_key_der_2048,
                sizeof_client_key_der_2048), WOLFSSL_SUCCESS);

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    /* Should mismatch now that a different private key loaded */
    AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
    #endif

    AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
                (unsigned char*)server_key,
                sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    /* After loading back in DER format of original key, should match */
    AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
    #endif

    /* pkey not set yet, expecting to fail */
    AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);

    /* set PKEY and test again */
    AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
                &server_key, (long)sizeof_server_key_der_2048));
    AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);

    /* reuse PKEY structure and test
     * this should be checked with a memory management sanity checker */
    AssertFalse(server_key == (const unsigned char*)server_key_der_2048);
    server_key = (const unsigned char*)server_key_der_2048;
    AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
                &server_key, (long)sizeof_server_key_der_2048));
    AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);

    /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
    bufSz = FOURK_BUF;
    AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
                    (byte*)server_key_der_2048, sizeof_server_key_der_2048,
                    RSAk, NULL, 0)), 0);
    server_key = (const unsigned char*)buf;
    AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
                (long)bufSz));
    }
#endif


    EVP_PKEY_free(pkey);
    SSL_free(ssl); /* frees x509 also since loaded into ssl */
    SSL_CTX_free(ctx);
#endif /* end of RSA private key match tests */


#ifdef HAVE_ECC
    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif
    SSL_free(ssl);


    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif

    SSL_free(ssl);
    SSL_CTX_free(ctx);
#endif /* end of ECC private key match tests */

#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif
    SSL_free(ssl);


    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif

    SSL_free(ssl);
    SSL_CTX_free(ctx);
#endif /* end of Ed25519 private key match tests */

#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif
    SSL_free(ssl);


    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile,
                                                         WOLFSSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
    AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
    #endif

    SSL_free(ssl);
    SSL_CTX_free(ctx);
#endif /* end of Ed448 private key match tests */

    EVP_cleanup();

    /* test existence of no-op macros in wolfssl/openssl/ssl.h */
    CONF_modules_free();
    ENGINE_cleanup();
    CONF_modules_unload();

    (void)ssl;
    (void)ctx;
    (void)pkey;

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}

static void test_wolfSSL_PEM_read_PrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
    && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
    XFILE file;
    const char* fname = "./certs/server-key.pem";
    EVP_PKEY* pkey;
    RSA* rsa;
    WOLFSSL_EVP_PKEY_CTX* ctx;
    unsigned char* sig;
    size_t sigLen;
    const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
    size_t tbsLen = sizeof(tbs);

    printf(testingFmt, "test_wolfSSL_PEM_read_PrivateKey()");

    /* Check error case. */
    AssertNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL));

    /* Read in an RSA key. */
    file = XFOPEN(fname, "rb");
    AssertTrue(file != XBADFILE);
    AssertNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
    XFCLOSE(file);

    /* Make sure the key is usable by signing some data with it. */
    AssertNotNull(rsa = EVP_PKEY_get0_RSA(pkey));
    AssertIntGT((sigLen = RSA_size(rsa)), 0);
    AssertNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT,
        DYNAMIC_TYPE_TMP_BUFFER));
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
    AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen),
        WOLFSSL_SUCCESS);

    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_PEM_PrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)

#ifndef NO_BIO
    BIO*      bio = NULL;
#endif
    EVP_PKEY* pkey  = NULL;
    const unsigned char* server_key = (const unsigned char*)server_key_der_2048;

#ifndef NO_BIO

    /* test creating new EVP_PKEY with bad arg */
    AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));

    /* test loading RSA key using BIO */
#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
    {
        XFILE file;
        const char* fname = "./certs/server-key.pem";
        const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";

        size_t sz;
        byte* buf;
        EVP_PKEY* pkey2;
        EVP_PKEY* pkey3;
        RSA* rsa_key = NULL;

        file = XFOPEN(fname, "rb");
        AssertTrue((file != XBADFILE));
        AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
        sz = XFTELL(file);
        XREWIND(file);
        AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
        if (buf) {
            AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
        }
        XFCLOSE(file);

        /* Test using BIO new mem and loading PEM private key */
        bio = BIO_new_mem_buf(buf, (int)sz);
        AssertNotNull(bio);
        AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
        BIO_free(bio);
        bio = NULL;
        AssertNotNull(pkey2 = EVP_PKEY_new());
        pkey2->type = EVP_PKEY_RSA;
        /* Test parameter copy */
        AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
        EVP_PKEY_free(pkey2);
        EVP_PKEY_free(pkey);
        pkey  = NULL;

        /* Qt unit test case : rsa pkcs8 key */
        file = XFOPEN(fname_rsa_p8, "rb");
        AssertTrue((file != XBADFILE));
        AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
        sz = XFTELL(file);
        XREWIND(file);
        AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
        if (buf)
            AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
        XFCLOSE(file);

        AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
        AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
        BIO_free(bio);
        bio = NULL;
        AssertNotNull(pkey3 = EVP_PKEY_new());

        AssertNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey));
        AssertIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS);

        #ifdef WOLFSSL_ERROR_CODE_OPENSSL
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
        #else
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
        #endif

        RSA_free(rsa_key);
        EVP_PKEY_free(pkey3);
        EVP_PKEY_free(pkey);
        pkey  = NULL;
    }
#endif

    /* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
    {
        XFILE file;
        const char* fname = "./certs/ecc-key.pem";
        const char* fname_ecc_p8  = "./certs/ecc-keyPkcs8.pem";

        size_t sz;
        byte* buf;
        EVP_PKEY* pkey2;
        EVP_PKEY* pkey3;
        EC_KEY*   ec_key;
        int nid = 0;

        file = XFOPEN(fname, "rb");
        AssertTrue((file != XBADFILE));
        AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
        sz = XFTELL(file);
        XREWIND(file);
        AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
        if (buf)
            AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
        XFCLOSE(file);

        /* Test using BIO new mem and loading PEM private key */
        AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
        AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
        BIO_free(bio);
        bio = NULL;
        AssertNotNull(pkey2 = EVP_PKEY_new());
        AssertNotNull(pkey3 = EVP_PKEY_new());
        pkey2->type = EVP_PKEY_EC;
        /* Test parameter copy */
        AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
        /* Qt unit test case 1*/
        AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
        AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
        #ifdef WOLFSSL_ERROR_CODE_OPENSSL
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
        #else
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
        #endif
        /* Test default digest */
        AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
        AssertIntEQ(nid, NID_sha256);
        EC_KEY_free(ec_key);
        EVP_PKEY_free(pkey3);
        EVP_PKEY_free(pkey2);
        EVP_PKEY_free(pkey);
        pkey  = NULL;

        /* Qt unit test case ec pkcs8 key */
        file = XFOPEN(fname_ecc_p8, "rb");
        AssertTrue((file != XBADFILE));
        AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
        sz = XFTELL(file);
        XREWIND(file);
        AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
        if (buf)
            AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
        XFCLOSE(file);

        AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
        AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
        BIO_free(bio);
        bio = NULL;
        AssertNotNull(pkey3 = EVP_PKEY_new());
        /* Qt unit test case */
        AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
        AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
        #ifdef WOLFSSL_ERROR_CODE_OPENSSL
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
        #else
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
        #endif
        EC_KEY_free(ec_key);
        EVP_PKEY_free(pkey3);
        EVP_PKEY_free(pkey);
        pkey  = NULL;
    }
#endif

#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
    {
        #define BIO_PEM_TEST_CHAR 'a'
        EVP_PKEY* pkey2 = NULL;
        unsigned char extra[10];
        int i;
        BIO* pub_bio = NULL;

        printf(testingFmt, "wolfSSL_PEM_PrivateKey()");

        XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));

        AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
        AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
        AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
        AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);

        AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
                &server_key, (long)sizeof_server_key_der_2048));
        AssertNull(pkey);

        AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
                &server_key, (long)sizeof_server_key_der_2048));
        AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
                WOLFSSL_SUCCESS);
        AssertIntGT(BIO_pending(bio), 0);
        AssertIntEQ(BIO_pending(bio), 1679);
        /* Check if the pubkey API writes only the public key */
#ifdef WOLFSSL_KEY_GEN
        AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
        AssertIntGT(BIO_pending(pub_bio), 0);
        /* Previously both the private key and the pubkey calls would write
         * out the private key and the PEM header was the only difference.
         * The public PEM should be significantly shorter than the
         * private key versison. */
        AssertIntEQ(BIO_pending(pub_bio), 451);
#endif


        /* test creating new EVP_PKEY with good args */
        AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
        if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
            AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);

        /* test of reuse of EVP_PKEY */
        AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
        AssertIntEQ(BIO_pending(bio), 0);
        AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
                SSL_SUCCESS);
        AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
        AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
        AssertNotNull(pkey);
        if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
            AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
        }
        AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
        AssertIntEQ(BIO_read(bio, extra, 10), 10);
        for (i = 0; i < 10; i++) {
            AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
        }

        BIO_free(pub_bio);
        BIO_free(bio);
        bio = NULL;
        EVP_PKEY_free(pkey);
        pkey  = NULL;
        EVP_PKEY_free(pkey2);
    }
    #endif

    /* key is DES encrypted */
    #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
    !defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5) && \
    defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA)
    {
        XFILE f;
        wc_pem_password_cb* passwd_cb;
        void* passwd_cb_userdata;
        SSL_CTX* ctx;
        char passwd[] = "bad password";

    #ifndef WOLFSSL_NO_TLS12
        #ifndef NO_WOLFSSL_SERVER
        AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
        #else
        AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
        #endif
    #else
        #ifndef NO_WOLFSSL_SERVER
        AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
        #else
        AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
        #endif
    #endif

        AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
        SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
        AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx));
        AssertNull(passwd_cb_userdata =
            SSL_CTX_get_default_passwd_cb_userdata(ctx));

        /* fail case with password call back */
        AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
                    (void*)passwd));
        BIO_free(bio);
        AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
        AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
                    (void*)passwd));
        BIO_free(bio);

        f = XFOPEN("./certs/server-keyEnc.pem", "rb");
        AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE));

        /* use callback that works */
        AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
                (void*)"yassl123"));

        AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);

        EVP_PKEY_free(pkey);
        pkey  = NULL;
        BIO_free(bio);
        bio = NULL;
        SSL_CTX_free(ctx);
    }
    #endif /* !defined(NO_DES3) */

#endif /* !NO_BIO */

    #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
    {
        unsigned char buf[2048];
        size_t bytes;
        XFILE f;
        SSL_CTX* ctx;

    #ifndef WOLFSSL_NO_TLS12
        #ifndef NO_WOLFSSL_SERVER
        AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
        #else
        AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
        #endif
    #else
        #ifndef NO_WOLFSSL_SERVER
        AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
        #else
        AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
        #endif
    #endif

        f = XFOPEN("./certs/ecc-key.der", "rb");
        AssertTrue((f != XBADFILE));
        bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f);
        XFCLOSE(f);

        server_key = buf;
        pkey = NULL;
        AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
        AssertNull(pkey);
        AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
        AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);

        EVP_PKEY_free(pkey);
        pkey = NULL;
        SSL_CTX_free(ctx);
    }
    #endif

    printf(resultFmt, passed);

#ifndef NO_BIO
    (void)bio;
#endif
    (void)pkey;
    (void)server_key;

#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */
}

#ifndef NO_BIO
static void test_wolfSSL_PEM_bio_RSAKey(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
    defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
    RSA* rsa = NULL;
    BIO* bio = NULL;

    printf(testingFmt, "wolfSSL_PEM_bio_RSAKey");

    /* PrivateKey */
    AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
    AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL)));
    AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
    AssertIntEQ(RSA_size(rsa), 256);
    AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
                                            NULL), WOLFSSL_FAILURE);
    BIO_free(bio);
    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
    AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \
                                            NULL), WOLFSSL_SUCCESS);
    BIO_free(bio);
    RSA_free(rsa);

    /* PUBKEY */
    AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb"));
    AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
    AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
    AssertIntEQ(RSA_size(rsa), 256);
    AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
    BIO_free(bio);
    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
    AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS);
    BIO_free(bio);
    RSA_free(rsa);

    /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */
    AssertNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb"));
    AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
    BIO_free(bio);
    RSA_free(rsa);

    #ifdef HAVE_ECC
    /* ensure that non-rsa keys do not work */
    AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
    AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
    AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
    BIO_free(bio);
    RSA_free(rsa);
    #endif /* HAVE_ECC */

    printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
         (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
         !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
}

static void test_wolfSSL_PEM_RSAPrivateKey(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    RSA* rsa = NULL;
    RSA* rsa_dup = NULL;
    BIO* bio = NULL;

    printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()");

    AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
    AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
    AssertIntEQ(RSA_size(rsa), 256);

#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
    AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa));
    AssertPtrNE(rsa_dup, rsa);
#endif

    /* test if valgrind complains about unreleased memory */
    RSA_up_ref(rsa);
    RSA_free(rsa);

    BIO_free(bio);
    RSA_free(rsa);
    RSA_free(rsa_dup);

#ifdef HAVE_ECC
    AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
    AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));

    BIO_free(bio);
#endif /* HAVE_ECC */

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}

static void test_wolfSSL_PEM_bio_DSAKey(void)
{
#ifndef HAVE_SELFTEST
#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \
    defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA)
    DSA* dsa = NULL;
    BIO* bio = NULL;

    printf(testingFmt, "wolfSSL_PEM_bio_DSAKey");

    /* PrivateKey */
    AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb"));
    AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL)));
    AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
    AssertIntEQ(BN_num_bytes(dsa->g), 128);
    AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL),
            WOLFSSL_FAILURE);
    BIO_free(bio);
    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
    AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL),
            WOLFSSL_SUCCESS);
    BIO_free(bio);
    DSA_free(dsa);

    /* PUBKEY */
    AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb"));
    AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
    AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
    AssertIntEQ(BN_num_bytes(dsa->g), 128);
    AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
    BIO_free(bio);
    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
    AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS);
    BIO_free(bio);
    DSA_free(dsa);

    #ifdef HAVE_ECC
    /* ensure that non-dsa keys do not work */
    AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
    AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
    AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
    BIO_free(bio);
    DSA_free(dsa);
    #endif /* HAVE_ECC */

    printf(resultFmt, passed);
#endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \
         !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \
         !defined(NO_FILESYSTEM) && !defined(NO_DSA) */
#endif /* HAVE_SELFTEST */
}

static void test_wolfSSL_PEM_bio_ECKey(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
    defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
    EC_KEY* ec = NULL;
    BIO* bio = NULL;

    printf(testingFmt, "wolfSSL_PEM_bio_ECKey");

    /* PrivateKey */
    AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
    AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL)));
    AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
    AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
    AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
                                           NULL),WOLFSSL_FAILURE);
    BIO_free(bio);
    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
    AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \
                                           NULL), WOLFSSL_SUCCESS);
    BIO_free(bio);
    EC_KEY_free(ec);

    /* PUBKEY */
    AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
    AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL)));
    AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
    AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
    AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
    BIO_free(bio);
    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
    AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS);
    BIO_free(bio);
    EC_KEY_free(ec);

    #ifndef NO_RSA
    /* ensure that non-ec keys do not work */
    AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */
    AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
    AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
    BIO_free(bio);
    EC_KEY_free(ec);
    #endif /* HAVE_ECC */

    printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}

static void test_wolfSSL_PEM_PUBKEY(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
    BIO*      bio = NULL;
    EVP_PKEY* pkey  = NULL;

    /* test creating new EVP_PKEY with bad arg */
    AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL)));

    /* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
    {
        XFILE file;
        const char* fname = "./certs/ecc-client-keyPub.pem";
        size_t sz;
        byte* buf;

        EVP_PKEY* pkey2;
        EC_KEY*   ec_key;

        file = XFOPEN(fname, "rb");
        AssertTrue((file != XBADFILE));
        XFSEEK(file, 0, XSEEK_END);
        sz = XFTELL(file);
        XREWIND(file);
        AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
        if (buf)
            AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
        XFCLOSE(file);

        /* Test using BIO new mem and loading PEM private key */
        AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
        AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
        BIO_free(bio);
        bio = NULL;

        /* Qt unit test case*/
        AssertNotNull(pkey2 = EVP_PKEY_new());
        AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
        AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS);
        #ifdef WOLFSSL_ERROR_CODE_OPENSSL
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */);
        #else
        AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0);
        #endif

        EC_KEY_free(ec_key);
        EVP_PKEY_free(pkey2);
        EVP_PKEY_free(pkey);
        pkey  = NULL;
    }
#endif

    (void)bio;
    (void)pkey;
#endif
}

#endif /* !NO_BIO */

static void test_DSA_do_sign_verify(void)
{
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
    !defined(NO_DSA)
    unsigned char digest[WC_SHA_DIGEST_SIZE];
    DSA_SIG* sig;
    DSA* dsa;
    word32  bytes;
    byte sigBin[DSA_SIG_SIZE];
    int dsacheck;

#ifdef USE_CERT_BUFFERS_1024
    byte    tmp[ONEK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
    bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
    bytes = sizeof_dsa_key_der_2048;
#else
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
    if (fp == XBADFILE) {
        return WOLFSSL_BAD_FILE;
    }
    bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
    XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */

    printf(testingFmt, "DSA_do_sign_verify()");
    XMEMSET(digest, 202, sizeof(digest));

    AssertNotNull(dsa = DSA_new());
    AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);

    AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
    AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);

    AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
    AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);

    DSA_SIG_free(sig);
    DSA_free(dsa);
#endif
#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
}

static void test_wolfSSL_tmp_dh(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
    !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
    byte buff[6000];
    char file[] = "./certs/dsaparams.pem";
    XFILE f;
    int  bytes;
    DSA* dsa;
    DH*  dh;
#if defined(WOLFSSL_DH_EXTRA) && \
    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
    DH*  dh2;
#endif
    BIO*     bio;
    SSL*     ssl;
    SSL_CTX* ctx;

    printf(testingFmt, "wolfSSL_tmp_dh()");

    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    f = XFOPEN(file, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);

    bio = BIO_new_mem_buf((void*)buff, bytes);
    AssertNotNull(bio);

    dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
    AssertNotNull(dsa);

    dh = wolfSSL_DSA_dup_DH(dsa);
    AssertNotNull(dh);
#if defined(WOLFSSL_DH_EXTRA) && \
    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
    AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
#endif

    AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
    #ifndef NO_WOLFSSL_SERVER
    AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
    #else
    AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
    #endif

    BIO_free(bio);
    DSA_free(dsa);
    DH_free(dh);
#if defined(WOLFSSL_DH_EXTRA) && \
    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
    DH_free(dh2);
#endif
    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_ctrl(void)
{
#if defined (OPENSSL_EXTRA) && !defined(NO_BIO)
    byte buff[6000];
    BIO* bio;
    int  bytes;
    BUF_MEM* ptr = NULL;

    printf(testingFmt, "wolfSSL_crtl()");

    bytes = sizeof(buff);
    bio = BIO_new_mem_buf((void*)buff, bytes);
    AssertNotNull(bio);
    AssertNotNull(BIO_s_socket());

    AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS);

    /* needs tested after stubs filled out @TODO
        SSL_ctrl
        SSL_CTX_ctrl
    */

    BIO_free(bio);
    printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */
}


static void test_wolfSSL_EVP_PKEY_new_mac_key(void)
{
#ifdef OPENSSL_EXTRA
    static const unsigned char pw[] = "password";
    static const int pwSz = sizeof(pw) - 1;
    size_t checkPwSz = 0;
    const unsigned char* checkPw = NULL;
    WOLFSSL_EVP_PKEY* key = NULL;

    printf(testingFmt, "wolfSSL_EVP_PKEY_new_mac_key()");

    AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz));
    AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz));

    AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz));
    if (key) {
        AssertIntEQ(key->type, EVP_PKEY_HMAC);
        AssertIntEQ(key->save_type, EVP_PKEY_HMAC);
        AssertIntEQ(key->pkey_sz, pwSz);
        AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0);
    }
    AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz));
    AssertIntEQ((int)checkPwSz, pwSz);
    if (checkPw) {
        AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0);
    }
    wolfSSL_EVP_PKEY_free(key);

    AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0));
    if (key) {
        AssertIntEQ(key->pkey_sz, 0);
    }
    checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
    (void)checkPw;
    AssertIntEQ((int)checkPwSz, 0);
    wolfSSL_EVP_PKEY_free(key);

    AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0));
    if (key) {
        AssertIntEQ(key->pkey_sz, 0);
    }
    checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
    (void)checkPw;
    AssertIntEQ((int)checkPwSz, 0);
    wolfSSL_EVP_PKEY_free(key);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_EVP_Digest(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)


    const char* in = "abc";
    int   inLen = (int)XSTRLEN(in);
    byte  out[WC_SHA256_DIGEST_SIZE];
    unsigned int outLen;
    const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
               "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
               "\x15\xAD";
    printf(testingFmt, "wolfSSL_EVP_Digest()");

    AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1);
    AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE);
    AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0);

    printf(resultFmt, passed);

#endif /* OPEN_EXTRA && ! NO_SHA256 */
}

static void test_wolfSSL_EVP_Digest_all(void)
{
#ifdef OPENSSL_EXTRA
    const char* digests[] = {
#ifndef NO_MD5
        "MD5",
#endif
#ifndef NO_SHA
        "SHA",
#endif
#ifdef WOLFSSL_SHA224
        "SHA224",
#endif
#ifndef NO_SHA256
        "SHA256",
#endif
#ifdef WOLFSSL_SHA384
        "SHA384",
#endif
#ifdef WOLFSSL_SHA512
        "SHA512",
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
        "SHA512_224",
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
        "SHA512_256",
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
        "SHA3_224",
#endif
#ifndef WOLFSSL_NOSHA3_256
        "SHA3_256",
#endif
        "SHA3_384",
#ifndef WOLFSSL_NOSHA3_512
        "SHA3_512",
#endif
#endif /* WOLFSSL_SHA3 */
        NULL
    };
    const char** d;
    const unsigned char in[] = "abc";
    int   inLen = XSTR_SIZEOF(in);
    byte  out[WC_MAX_DIGEST_SIZE];
    unsigned int outLen;

    printf(testingFmt, "wolfSSL_EVP_Digest_all");

    for (d = digests; *d != NULL; d++) {
        AssertIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1);
        AssertIntGT(outLen, 0);
        AssertIntEQ(EVP_MD_size(*d), outLen);
    }

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_EVP_MD_size(void)
{
#ifdef OPENSSL_EXTRA

    WOLFSSL_EVP_MD_CTX mdCtx;

    printf(testingFmt, "wolfSSL_EVP_MD_size()");

#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifndef WOLFSSL_NOSHA3_256
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#ifndef WOLFSSL_NOSHA3_512
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#endif /* WOLFSSL_SHA3 */

#ifndef NO_SHA256
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

#endif

#ifndef NO_MD5
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

#endif

#ifdef WOLFSSL_SHA224
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

#endif

#ifdef WOLFSSL_SHA384
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

#endif

#ifdef WOLFSSL_SHA512
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

#endif

#ifndef NO_SHA
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
    /* error case */
    wolfSSL_EVP_MD_CTX_init(&mdCtx);

    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
    /* Cleanup is valid on uninit'ed struct */
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    printf(resultFmt, passed);

#endif /* OPENSSL_EXTRA */
}

static void test_wolfSSL_EVP_MD_pkey_type(void)
{
#ifdef OPENSSL_EXTRA
    const WOLFSSL_EVP_MD* md;

    printf(testingFmt, "test_wolfSSL_EVP_MD_pkey_type()");

#ifndef NO_MD5
    AssertNotNull(md = EVP_md5());
    AssertIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption);
#endif
#ifndef NO_SHA
    AssertNotNull(md = EVP_sha1());
    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption);
#endif
#ifdef WOLFSSL_SHA224
    AssertNotNull(md = EVP_sha224());
    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption);
#endif
    AssertNotNull(md = EVP_sha256());
    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption);
#ifdef WOLFSSL_SHA384
    AssertNotNull(md = EVP_sha384());
    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption);
#endif
#ifdef WOLFSSL_SHA512
    AssertNotNull(md = EVP_sha512());
    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption);
#endif

    printf(resultFmt, passed);
#endif
}

#ifdef OPENSSL_EXTRA
static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey,
        size_t testKeySz, const char* testData, size_t testDataSz,
        const byte* testResult, size_t testResultSz)
{
    unsigned char check[WC_MAX_DIGEST_SIZE];
    size_t checkSz = -1;
    WOLFSSL_EVP_PKEY* key;
    WOLFSSL_EVP_MD_CTX mdCtx;

    printf(testingFmt, "wolfSSL_EVP_MD_hmac_signing()");
    AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
                                                      testKey, (int)testKeySz));
    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
                                                  (unsigned int)testDataSz), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
    AssertIntEQ((int)checkSz, (int)testResultSz);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ((int)checkSz,(int)testResultSz);
    AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
                                                  (unsigned int)testDataSz), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);

    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
    AssertIntEQ((int)checkSz, (int)testResultSz);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ((int)checkSz,(int)testResultSz);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
                                              (unsigned int)testDataSz - 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ((int)checkSz,(int)testResultSz);
    AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);

    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
                                              (unsigned int)testDataSz - 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);

    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_PKEY_free(key);
}
#endif

static void test_wolfSSL_EVP_MD_hmac_signing(void)
{
#ifdef OPENSSL_EXTRA
    static const unsigned char testKey[] =
    {
        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
        0x0b, 0x0b, 0x0b, 0x0b
    };
    static const char testData[] = "Hi There";
#ifdef WOLFSSL_SHA224
    static const unsigned char testResultSha224[] =
    {
        0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
        0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
        0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
        0x53, 0x68, 0x4b, 0x22
    };
#endif
#ifndef NO_SHA256
    static const unsigned char testResultSha256[] =
    {
        0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
        0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
        0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
        0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
    };
#endif
#ifdef WOLFSSL_SHA384
    static const unsigned char testResultSha384[] =
    {
        0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
        0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
        0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
        0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
        0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
        0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
    };
#endif
#ifdef WOLFSSL_SHA512
    static const unsigned char testResultSha512[] =
    {
        0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
        0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
        0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
        0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
        0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
        0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
        0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
        0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
    };
#endif
#ifdef WOLFSSL_SHA3
    #ifndef WOLFSSL_NOSHA3_224
    static const unsigned char testResultSha3_224[] =
    {
        0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70,
        0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d,
        0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a,
        0xf3, 0xc8, 0x60, 0xf7
    };
    #endif
    #ifndef WOLFSSL_NOSHA3_256
    static const unsigned char testResultSha3_256[] =
    {
        0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96,
        0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51,
        0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd,
        0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb
    };
    #endif
    #ifndef WOLFSSL_NOSHA3_384
    static const unsigned char testResultSha3_384[] =
    {
        0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a,
        0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61,
        0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e,
        0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a,
        0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e,
        0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd
    };
    #endif
    #ifndef WOLFSSL_NOSHA3_512
    static const unsigned char testResultSha3_512[] =
    {
        0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5,
        0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac,
        0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53,
        0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba,
        0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f,
        0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2,
        0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05,
        0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e
    };
    #endif
#endif

#ifndef NO_SHA256
    test_hmac_signing(wolfSSL_EVP_sha256(), testKey, sizeof(testKey), testData,
        XSTRLEN(testData), testResultSha256, sizeof(testResultSha256));
#endif
#ifdef WOLFSSL_SHA224
    test_hmac_signing(wolfSSL_EVP_sha224(), testKey, sizeof(testKey), testData,
        XSTRLEN(testData), testResultSha224, sizeof(testResultSha224));
#endif
#ifdef WOLFSSL_SHA384
    test_hmac_signing(wolfSSL_EVP_sha384(), testKey, sizeof(testKey), testData,
        XSTRLEN(testData), testResultSha384, sizeof(testResultSha384));
#endif
#ifdef WOLFSSL_SHA512
    test_hmac_signing(wolfSSL_EVP_sha512(), testKey, sizeof(testKey), testData,
        XSTRLEN(testData), testResultSha512, sizeof(testResultSha512));
#endif
#ifdef WOLFSSL_SHA3
    #ifndef WOLFSSL_NOSHA3_224
    test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, sizeof(testKey),
        testData, XSTRLEN(testData), testResultSha3_224,
        sizeof(testResultSha3_224));
    #endif
    #ifndef WOLFSSL_NOSHA3_256
    test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, sizeof(testKey),
        testData, XSTRLEN(testData), testResultSha3_256,
        sizeof(testResultSha3_256));
    #endif
    #ifndef WOLFSSL_NOSHA3_384
    test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, sizeof(testKey),
        testData, XSTRLEN(testData), testResultSha3_384,
        sizeof(testResultSha3_384));
    #endif
    #ifndef WOLFSSL_NOSHA3_512
    test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, sizeof(testKey),
        testData, XSTRLEN(testData), testResultSha3_512,
        sizeof(testResultSha3_512));
    #endif
#endif

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}


static void test_wolfSSL_EVP_MD_rsa_signing(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
                                                  defined(USE_CERT_BUFFERS_2048)
    WOLFSSL_EVP_PKEY* privKey;
    WOLFSSL_EVP_PKEY* pubKey;
    WOLFSSL_EVP_PKEY_CTX* keyCtx;
    const char testData[] = "Hi There";
    WOLFSSL_EVP_MD_CTX mdCtx;
    size_t checkSz = -1;
    int sz = 2048 / 8;
    const unsigned char* cp;
    const unsigned char* p;
    unsigned char check[2048/8];
    size_t i;
    int paddings[] = {
            RSA_PKCS1_PADDING,
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
            RSA_PKCS1_PSS_PADDING,
#endif
    };


    printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()");

    cp = client_key_der_2048;
    AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp,
                                                  sizeof_client_key_der_2048)));
    p = client_keypub_der_2048;
    AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
                                               sizeof_client_keypub_der_2048)));

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                             NULL, privKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
                                          (unsigned int)XSTRLEN(testData)), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
    AssertIntEQ((int)checkSz, sz);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ((int)checkSz,sz);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                              NULL, pubKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
                                               (unsigned int)XSTRLEN(testData)),
                1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                             NULL, privKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
    AssertIntEQ((int)checkSz, sz);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ((int)checkSz, sz);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
                                      (unsigned int)XSTRLEN(testData) - 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ((int)checkSz, sz);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                              NULL, pubKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
                                           (unsigned int)XSTRLEN(testData) - 4),
                1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    /* Check all signing padding types */
    for (i = 0; i < sizeof(paddings)/sizeof(int); i++) {
        wolfSSL_EVP_MD_CTX_init(&mdCtx);
        AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx,
                wolfSSL_EVP_sha256(), NULL, privKey), 1);
        AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
                paddings[i]), 1);
        AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
                (unsigned int)XSTRLEN(testData)), 1);
        AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
        AssertIntEQ((int)checkSz, sz);
        AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
        AssertIntEQ((int)checkSz,sz);
        AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

        wolfSSL_EVP_MD_CTX_init(&mdCtx);
        AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx,
                wolfSSL_EVP_sha256(), NULL, pubKey), 1);
        AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
                paddings[i]), 1);
        AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
                (unsigned int)XSTRLEN(testData)), 1);
        AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
        AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
    }

    wolfSSL_EVP_PKEY_free(pubKey);
    wolfSSL_EVP_PKEY_free(privKey);

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_EVP_MD_ecc_signing(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
    WOLFSSL_EVP_PKEY* privKey;
    WOLFSSL_EVP_PKEY* pubKey;
    const char testData[] = "Hi There";
    WOLFSSL_EVP_MD_CTX mdCtx;
    size_t checkSz = -1;
    const unsigned char* cp;
    const unsigned char* p;
    unsigned char check[2048/8];

    printf(testingFmt, "wolfSSL_EVP_MD_ecc_signing()");

    cp = ecc_clikey_der_256;
    privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
                                                   sizeof_ecc_clikey_der_256);
    AssertNotNull(privKey);
    p = ecc_clikeypub_der_256;
    AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
                                                sizeof_ecc_clikeypub_der_256)));

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                             NULL, privKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
                                          (unsigned int)XSTRLEN(testData)), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                              NULL, pubKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
                                               (unsigned int)XSTRLEN(testData)),
                1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                             NULL, privKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
                                      (unsigned int)XSTRLEN(testData) - 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                              NULL, pubKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
                                           (unsigned int)XSTRLEN(testData) - 4),
                1);
    AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_PKEY_free(pubKey);
    wolfSSL_EVP_PKEY_free(privKey);

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_CTX_add_extra_chain_cert(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
    char caFile[] = "./certs/client-ca.pem";
    char clientFile[] = "./certs/client-cert.pem";
    SSL_CTX* ctx;
    X509* x509;
    BIO *bio = NULL;
    X509 *cert = NULL;
    X509 *ca;
    STACK_OF(X509) *chain = NULL;
    STACK_OF(X509) *chain2 = NULL;

    printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()");

    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif

    x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);
    AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);

    x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);

    #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
    /* additional test of getting EVP_PKEY key size from X509
     * Do not run with user RSA because wolfSSL_RSA_size is not currently
     * allowed with user RSA */
    {
        EVP_PKEY* pkey;
        #if defined(HAVE_ECC)
        X509* ecX509;
        #endif /* HAVE_ECC */

        AssertNotNull(pkey = X509_get_pubkey(x509));
        /* current RSA key is 2048 bit (256 bytes) */
        AssertIntEQ(EVP_PKEY_size(pkey), 256);

        EVP_PKEY_free(pkey);

        #if defined(HAVE_ECC)
        #if defined(USE_CERT_BUFFERS_256)
        AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
                    cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
                    SSL_FILETYPE_ASN1));
        #else
        AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile,
                    SSL_FILETYPE_PEM));
        #endif
        pkey = X509_get_pubkey(ecX509);
        AssertNotNull(pkey);
        /* current ECC key is 256 bit (32 bytes) */
        AssertIntEQ(EVP_PKEY_size(pkey), 32);

        X509_free(ecX509);
        EVP_PKEY_free(pkey);
        #endif /* HAVE_ECC */
    }
#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */

    AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);

#ifdef WOLFSSL_ENCRYPTED_KEYS
    AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
    AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
#endif
    SSL_CTX_free(ctx);

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
    /* Test haproxy use case */
    AssertNotNull(bio = BIO_new_file(svrCertFile, "r"));
    /* Read Certificate */
    AssertNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
    AssertNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL));
    AssertNotNull(chain = sk_X509_new_null());
    AssertIntEQ(sk_X509_push(chain, ca), 1);
    AssertNotNull(chain2 = X509_chain_up_ref(chain));
    AssertNotNull(ca = sk_X509_shift(chain2));
    AssertIntEQ(SSL_CTX_use_certificate(ctx, cert), 1);
    AssertIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1);

    BIO_free(bio);
    X509_free(cert);
    sk_X509_pop_free(chain, X509_free);
    sk_X509_pop_free(chain2, X509_free);
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */
}


#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
static void test_wolfSSL_ERR_peek_last_error_line(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
       !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
       defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE)
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
#ifndef SINGLE_THREADED
    THREAD_TYPE serverThread;
#endif
    callback_functions client_cb;
    callback_functions server_cb;
    int         line = 0;
    int         flag = ERR_TXT_STRING;
    const char* file = NULL;
    const char* data = NULL;

    printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()");

    /* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();
    InitTcpReady(&ready);

    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));
    client_cb.method  = wolfTLSv1_1_client_method;
    server_cb.method  = wolfTLSv1_2_server_method;

    server_args.signal    = &ready;
    server_args.callbacks = &server_cb;
    client_args.signal    = &ready;
    client_args.callbacks = &client_cb;

#ifndef SINGLE_THREADED
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);
#endif

    FreeTcpReady(&ready);

    AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0);
    AssertNotNull(data);

    /* check clearing error state */
    ERR_remove_state(0);
    AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0);
    ERR_peek_last_error_line(NULL, &line);
    AssertIntEQ(line, 0);
    ERR_peek_last_error_line(&file, NULL);
    AssertNull(file);

    /* retry connection to fill error queue */
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();
    InitTcpReady(&ready);

    client_cb.method  = wolfTLSv1_1_client_method;
    server_cb.method  = wolfTLSv1_2_server_method;

    server_args.signal    = &ready;
    server_args.callbacks = &server_cb;
    client_args.signal    = &ready;
    client_args.callbacks = &client_cb;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    FreeTcpReady(&ready);

    /* check that error code was stored */
    AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0);
    ERR_peek_last_error_line(NULL, &line);
    AssertIntNE(line, 0);
    ERR_peek_last_error_line(&file, NULL);
    AssertNotNull(file);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    printf(resultFmt, passed);

    printf("\nTesting error print out\n");
    ERR_print_errors_fp(stdout);
    printf("Done testing print out\n\n");
    fflush(stdout);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
}
#endif

#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA)
static int verify_cb(int ok, X509_STORE_CTX *ctx)
{
    (void) ok;
    (void) ctx;
    printf("ENTER verify_cb\n");
    return SSL_SUCCESS;
}
#endif

static void test_wolfSSL_X509_Name_canon(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
     defined(WOLFSSL_CERT_GEN) && \
    (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA)

    const long ex_hash1 = 0x0fdb2da4;
    const long ex_hash2 = 0x9f3e8c9e;
    X509_NAME *name = NULL;
    X509 *x509 = NULL;
    FILE* file = NULL;
    unsigned long hash = 0;
    byte digest[WC_MAX_DIGEST_SIZE] = {0};
    byte  *pbuf = NULL;
    word32 len = 0;
    (void) ex_hash2;
    printf(testingFmt, "test_wolfSSL_X509_Name_canon()");

    file = XFOPEN(caCertFile, "rb");
    AssertNotNull(file);
    AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
    AssertNotNull(name = X509_get_issuer_name(x509));

    AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
    AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);

    hash = (((unsigned long)digest[3] << 24) |
            ((unsigned long)digest[2] << 16) |
            ((unsigned long)digest[1] <<  8) |
            ((unsigned long)digest[0]));
    AssertIntEQ(hash, ex_hash1);

    XFCLOSE(file);
    X509_free(x509);
    XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
    pbuf = NULL;

    file = XFOPEN(cliCertFile, "rb");
    AssertNotNull(file);
    AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
    AssertNotNull(name = X509_get_issuer_name(x509));

    AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
    AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);

    hash = (((unsigned long)digest[3] << 24) |
            ((unsigned long)digest[2] << 16) |
            ((unsigned long)digest[1] <<  8) |
            ((unsigned long)digest[0]));

    AssertIntEQ(hash, ex_hash2);

    XFCLOSE(file);
    X509_free(x509);
    XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);

    printf(resultFmt, passed);

#endif

}

static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
    const int  MAX_DIR = 4;
    const char paths[][32] = {
                             "./certs/ed25519",
                             "./certs/ecc",
                             "./certs/crl",
                             "./certs/",
                            };

    char CertCrl_path[MAX_FILENAME_SZ];
    char *p;
    X509_STORE* str;
    X509_LOOKUP* lookup;
    WOLFSSL_STACK* sk = NULL;
    int len, total_len, i;

    (void) sk;

    printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()");

    XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ);

    /* illegal string */
    AssertNotNull((str = wolfSSL_X509_STORE_new()));
    AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
    AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
                                    SSL_FILETYPE_PEM,NULL), 0);

    /* free store */
    X509_STORE_free(str);

    /* short folder string */
    AssertNotNull((str = wolfSSL_X509_STORE_new()));
    AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
    AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./",
                                    SSL_FILETYPE_PEM,NULL), 1);
    #if defined(WOLFSSL_INT_H)
    /* only available when including internal.h */
    AssertNotNull(sk = lookup->dirs->dir_entry);
    #endif
    /* free store */
    X509_STORE_free(str);

    /* typical function check */
    p = &CertCrl_path[0];
    total_len = 0;

    for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
        len = (int)XSTRLEN((const char*)&paths[i]);
        total_len += len;
        XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
        p += len;
        if (i != 0) *(p++) = SEPARATOR_CHAR;
    }

    AssertNotNull((str = wolfSSL_X509_STORE_new()));
    AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
    AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path,
                                    SSL_FILETYPE_PEM,NULL), 1);
    #if defined(WOLFSSL_INT_H)
    /* only available when including internal.h */
    AssertNotNull(sk = lookup->dirs->dir_entry);
    #endif

    X509_STORE_free(str);

    printf(resultFmt, passed);
#endif

}

static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
    defined(WOLFSSL_SIGNER_DER_CERT)

    X509_STORE_CTX* ctx;
    X509_STORE* str;
    X509_LOOKUP* lookup;

    X509* cert1;
    X509* x509Ca;
    X509* x509Svr;
    X509* issuer;

    WOLFSSL_STACK* sk = NULL;
    X509_NAME* caName;
    X509_NAME* issuerName;

    FILE* file1 = NULL;
    int i, cert_count, cmp;

    char der[] = "certs/ca-cert.der";

#ifdef HAVE_CRL
    char pem[][100] = {
        "./certs/crl/crl.pem",
        "./certs/crl/crl2.pem",
        "./certs/crl/caEccCrl.pem",
        "./certs/crl/eccCliCRL.pem",
        "./certs/crl/eccSrvCRL.pem",
        ""
    };
#endif
    printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_file()");
    AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));

    AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
    fclose(file1);

    AssertNotNull(ctx = X509_STORE_CTX_new());
    AssertNotNull((str = wolfSSL_X509_STORE_new()));
    AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
    AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
                                    SSL_FILETYPE_PEM,NULL), 1);
    AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
    AssertIntEQ((cert_count = sk_X509_num(sk)), 1);

    /* check if CA cert is loaded into the store */
    for (i = 0; i < cert_count; i++) {
        x509Ca = sk_X509_value(sk, i);
        AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
    }

    AssertNotNull((x509Svr =
            wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));

    AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);

    AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
    issuer = X509_STORE_CTX_get0_current_issuer(ctx);
    AssertNotNull(issuer);

    caName = X509_get_subject_name(x509Ca);
    AssertNotNull(caName);
    issuerName = X509_get_subject_name(issuer);
    AssertNotNull(issuerName);
    cmp = X509_NAME_cmp(caName, issuerName);
    AssertIntEQ(cmp, 0);

    /* load der format */
    X509_free(issuer);
    X509_STORE_CTX_free(ctx);
    X509_STORE_free(str);
    sk_X509_pop_free(sk, NULL);
    X509_free(x509Svr);

    AssertNotNull((str = wolfSSL_X509_STORE_new()));
    AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
    AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der,
                                    SSL_FILETYPE_ASN1,NULL), 1);
    AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
    AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
    /* check if CA cert is loaded into the store */
    for (i = 0; i < cert_count; i++) {
        x509Ca = sk_X509_value(sk, i);
        AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
    }

    X509_STORE_free(str);
    sk_X509_pop_free(sk, NULL);
    X509_free(cert1);

#ifdef HAVE_CRL
    AssertNotNull(str = wolfSSL_X509_STORE_new());
    AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
    AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
                                                    SSL_FILETYPE_PEM,NULL), 1);
    AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD,
                                "certs/server-revoked-cert.pem",
                                 SSL_FILETYPE_PEM,NULL), 1);
    if (str) {
        AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile,
                    WOLFSSL_FILETYPE_PEM), 1);
        /* since store hasn't yet known the revoked cert*/
        AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
                    "certs/server-revoked-cert.pem",
                    WOLFSSL_FILETYPE_PEM), 1);
    }
    for (i = 0; pem[i][0] != '\0'; i++)
    {
        AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i],
                                        SSL_FILETYPE_PEM, NULL), 1);
    }

    if (str) {
        /* since store knows crl list */
        AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
                    "certs/server-revoked-cert.pem",
                    WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
    }

    AssertIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
    X509_STORE_free(str);

#endif


    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup()");

    X509_STORE_CTX_cleanup(NULL);
    X509_STORE_CTX_trusted_stack(NULL, NULL);
    AssertTrue(1);   /* to confirm previous call gives no harm */
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
    #ifdef WOLFSSL_SIGNER_DER_CERT
    int cmp;
    #endif
    X509_STORE_CTX* ctx;
    X509_STORE* str;
    X509* x509Ca;
    X509* x509Svr;
    X509* issuer;
    X509_NAME* caName;
    X509_NAME* issuerName;

    printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_current_issuer()");

    AssertNotNull(ctx = X509_STORE_CTX_new());
    AssertNotNull((str = wolfSSL_X509_STORE_new()));
    AssertNotNull((x509Ca =
            wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
    AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
    AssertNotNull((x509Svr =
            wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));

    AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);

    AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
    issuer = X509_STORE_CTX_get0_current_issuer(ctx);
    AssertNotNull(issuer);

    caName = X509_get_subject_name(x509Ca);
    AssertNotNull(caName);
    issuerName = X509_get_subject_name(issuer);
    #ifdef WOLFSSL_SIGNER_DER_CERT
        AssertNotNull(issuerName);
        cmp = X509_NAME_cmp(caName, issuerName);
        AssertIntEQ(cmp, 0);
    #else
        AssertNotNull(issuerName);
    #endif

    X509_free(issuer);
    X509_STORE_CTX_free(ctx);
    X509_free(x509Svr);
    X509_STORE_free(str);
    X509_free(x509Ca);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_PKCS7_certs(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
    STACK_OF(X509)* sk = NULL;
    STACK_OF(X509_INFO)* info_sk = NULL;
    PKCS7 *p7 = NULL;
    BIO* bio;
    const byte* p = NULL;
    int buflen = 0;
    int i;

    printf(testingFmt, "wolfSSL_PKCS7_certs()");

    /* Test twice. Once with d2i and once without to test
     * that everything is free'd correctly. */
    for (i = 0; i < 2; i++) {
        AssertNotNull(p7 = PKCS7_new());
        p7->version = 1;
        p7->hashOID = SHAh;
        AssertNotNull(bio = BIO_new(BIO_s_file()));
        AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
        AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
        AssertIntEQ(sk_X509_INFO_num(info_sk), 2);
        AssertNotNull(sk = sk_X509_new_null());
        while (sk_X509_INFO_num(info_sk)) {
            X509_INFO* info;
            AssertNotNull(info = sk_X509_INFO_shift(info_sk));
            AssertIntEQ(sk_X509_push(sk, info->x509), 1);
            info->x509 = NULL;
            X509_INFO_free(info);
        }
        sk_X509_INFO_free(info_sk);
        BIO_free(bio);
        bio = BIO_new(BIO_s_mem());
        AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
        AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);

        if (i == 0) {
            PKCS7_free(p7);
            AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
            /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */
            ((WOLFSSL_PKCS7*)p7)->certs = NULL;
            /* PKCS7_free free's the certs */
            AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
        }

        BIO_free(bio);
        PKCS7_free(p7);
    }

    printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
         !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
}

static void test_wolfSSL_X509_STORE_CTX(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA)

    X509_STORE_CTX* ctx;
    X509_STORE* str;
    X509* x509;
#ifdef OPENSSL_ALL
    X509* x5092;
    STACK_OF(X509) *sk, *sk2, *sk3;
#endif

    printf(testingFmt, "wolfSSL_X509_STORE_CTX()");
    AssertNotNull(ctx = X509_STORE_CTX_new());
    AssertNotNull((str = wolfSSL_X509_STORE_new()));
    AssertNotNull((x509 =
                wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
    AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
#ifdef OPENSSL_ALL
    /* sk_X509_new only in OPENSSL_ALL */
    sk = sk_X509_new();
    AssertNotNull(sk);
    AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
#else
    AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
#endif
    AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
    X509_STORE_CTX_set_error(ctx, -5);
    X509_STORE_CTX_set_error(NULL, -5);

    X509_STORE_CTX_free(ctx);
#ifdef OPENSSL_ALL
    sk_X509_pop_free(sk, NULL);
#endif
    X509_STORE_free(str);
    X509_free(x509);

    AssertNotNull(ctx = X509_STORE_CTX_new());
    X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
    X509_STORE_CTX_free(ctx);

#ifdef OPENSSL_ALL
    /* test X509_STORE_CTX_get(1)_chain */
    AssertNotNull((x509 = X509_load_certificate_file(svrCertFile,
                                                     SSL_FILETYPE_PEM)));
    AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile,
                                                     SSL_FILETYPE_PEM)));
    AssertNotNull((sk = sk_X509_new()));
    AssertIntEQ(sk_X509_push(sk, x509), 1);
    AssertNotNull((str = X509_STORE_new()));
    AssertNotNull((ctx = X509_STORE_CTX_new()));
    AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
    AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
    AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
    AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
    AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
    AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
    AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
    X509_STORE_CTX_free(ctx);
    X509_STORE_free(str);
    /* CTX certs not freed yet */
    X509_free(x5092);
    sk_X509_pop_free(sk, NULL);
    /* sk3 is dup so free here */
    sk_X509_pop_free(sk3, NULL);
#endif

    /* test X509_STORE_CTX_get/set_ex_data */
    {
        int i = 0, tmpData = 5;
        void* tmpDataRet;
        AssertNotNull(ctx = X509_STORE_CTX_new());
    #ifdef HAVE_EX_DATA
        for (i = 0; i < MAX_EX_DATA; i++) {
            AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
                        WOLFSSL_SUCCESS);
            tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
            AssertNotNull(tmpDataRet);
            AssertIntEQ(tmpData, *(int*)tmpDataRet);
        }
    #else
        AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
                    WOLFSSL_FAILURE);
        tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
        AssertNull(tmpDataRet);
    #endif
        X509_STORE_CTX_free(ctx);
    }

    /* test X509_STORE_get/set_ex_data */
    {
        int i = 0, tmpData = 99;
        void* tmpDataRet;
        AssertNotNull(str = X509_STORE_new());
    #ifdef HAVE_EX_DATA
        for (i = 0; i < MAX_EX_DATA; i++) {
            AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
                        WOLFSSL_SUCCESS);
            tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
            AssertNotNull(tmpDataRet);
            AssertIntEQ(tmpData, *(int*)tmpDataRet);
        }
    #else
        AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
                    WOLFSSL_FAILURE);
        tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
        AssertNull(tmpDataRet);
    #endif
        X509_STORE_free(str);
    }

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}

static void test_wolfSSL_X509_STORE_set_flags(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA)

    X509_STORE* store;
    X509* x509;

    printf(testingFmt, "wolfSSL_X509_STORE_set_flags()");
    AssertNotNull((store = wolfSSL_X509_STORE_new()));
    AssertNotNull((x509 =
                wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)));
    AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);

#ifdef HAVE_CRL
    AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS);
#else
    AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
        NOT_COMPILED_IN);
#endif

    wolfSSL_X509_free(x509);
    wolfSSL_X509_STORE_free(store);

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}

static void test_wolfSSL_X509_LOOKUP_load_file(void)
{
    #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
       (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
    WOLFSSL_X509_STORE*  store;
    WOLFSSL_X509_LOOKUP* lookup;

    printf(testingFmt, "wolfSSL_X509_LOOKUP_load_file()");

    AssertNotNull(store = wolfSSL_X509_STORE_new());
    AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
    AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem",
                                              X509_FILETYPE_PEM), 1);
    AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
                                                         X509_FILETYPE_PEM), 1);

    if (store) {
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
                    WOLFSSL_FILETYPE_PEM), 1);
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
                    WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
    }
    AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
                                              X509_FILETYPE_PEM), 1);
    if (store) {
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
                    WOLFSSL_FILETYPE_PEM), 1);
    }

    wolfSSL_X509_STORE_free(store);

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}

static void test_wolfSSL_X509_STORE_CTX_set_time(void)
{
    #if defined(OPENSSL_EXTRA)
    WOLFSSL_X509_STORE_CTX*  ctx;
    time_t c_time;

    printf(testingFmt, "wolfSSL_X509_set_time()");
    AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
    c_time = 365*24*60*60;
    wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
    AssertTrue(
      (ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME);
    AssertTrue(ctx->param->check_time == c_time);
    wolfSSL_X509_STORE_CTX_free(ctx);

    printf(resultFmt, passed);
    #endif /* OPENSSL_EXTRA */
}

static void test_wolfSSL_CTX_get0_set1_param(void)
{
#if defined(OPENSSL_EXTRA)
    int ret;
    SSL_CTX* ctx;
    WOLFSSL_X509_VERIFY_PARAM* pParam;
    WOLFSSL_X509_VERIFY_PARAM* pvpm;
    char testIPv4[] = "127.0.0.1";
    char testhostName[] = "foo.hoge.com";

    printf(testingFmt, "wolfSSL_CTX_get0_set1_param()");

    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif

    AssertNull(SSL_CTX_get0_param(NULL));
    AssertNotNull(pParam = SSL_CTX_get0_param(ctx));

    pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
                sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL);
    AssertNotNull(pvpm);
    XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));

    wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName,
                                        (int)XSTRLEN(testhostName));
    wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4);
    wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01);

    ret = SSL_CTX_set1_param(ctx, pvpm);
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName,
                                         (int)XSTRLEN(testhostName)));
    AssertIntEQ(0x01, pParam->hostFlags);
    AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));

    /* test for incorrect patameter */
    AssertIntEQ(1,SSL_CTX_set1_param(ctx, NULL));
    AssertIntEQ(1,SSL_CTX_set1_param(NULL, pvpm));
    AssertIntEQ(1,SSL_CTX_set1_param(NULL, NULL));

    SSL_CTX_free(ctx);

    XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}

static void test_wolfSSL_get0_param(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
    SSL_CTX* ctx;
    SSL*     ssl;
    WOLFSSL_X509_VERIFY_PARAM* pParam;

    printf(testingFmt, "wolfSSL_get0_param()");

    #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    #else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    #endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    pParam = SSL_get0_param(ssl);

    (void)pParam;

    SSL_free(ssl);
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}

static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
{
#if defined(OPENSSL_EXTRA)
    const char host[] = "www.example.com";
    WOLFSSL_X509_VERIFY_PARAM* pParam;

    printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()");

    AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
                           sizeof(WOLFSSL_X509_VERIFY_PARAM),
                           HEAP_HINT, DYNAMIC_TYPE_OPENSSL));

    XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));

    X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));

    AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);

    XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));

    AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);

    XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}

static void test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
{
#if defined(OPENSSL_EXTRA)
    unsigned char buf[16] = {0};
    WOLFSSL_X509_VERIFY_PARAM* param;

    printf(testingFmt, "test_wolfSSL_X509_VERIFY_PARAM_set1_ip()");

    AssertNotNull(param = X509_VERIFY_PARAM_new());

    /* test 127.0.0.1 */
    buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
    AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
    AssertIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0);

    /* test 2001:db8:3333:4444:5555:6666:7777:8888 */
    buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
    buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68;
    buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102;
    buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136;
    AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
    AssertIntEQ(XSTRNCMP(param->ipasc,
        "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0);

    /* test 2001:db8:: */
    buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
    buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
    buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
    buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0;
    AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
    AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0);

    /* test ::1234:5678 */
    buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0;
    buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
    buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
    buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
    AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
    AssertIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0);


    /* test 2001:db8::1234:5678 */
    buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
    buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
    buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
    buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
    AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
    AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678",
                                                sizeof(param->ipasc)), 0);

    /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/
    /*      2001:db8:1::ab9:c0a8:102 */
    buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
    buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0;
    buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185;
    buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2;
    AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
    AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102",
                                                sizeof(param->ipasc)), 0);

    XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}

static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
{
    #if defined(OPENSSL_EXTRA)
    X509_STORE* store;
    X509_STORE_CTX* ctx;
    X509_STORE_CTX* ctx_no_init;

    printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_store()");
    AssertNotNull((store = X509_STORE_new()));
    AssertNotNull(ctx = X509_STORE_CTX_new());
    AssertNotNull(ctx_no_init = X509_STORE_CTX_new());
    AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);

    AssertNull(X509_STORE_CTX_get0_store(NULL));
    /* should return NULL if ctx has not bee initialized */
    AssertNull(X509_STORE_CTX_get0_store(ctx_no_init));
    AssertNotNull(X509_STORE_CTX_get0_store(ctx));

    wolfSSL_X509_STORE_CTX_free(ctx);
    wolfSSL_X509_STORE_CTX_free(ctx_no_init);
    X509_STORE_free(store);

    printf(resultFmt, passed);
    #endif /* OPENSSL_EXTRA */
}

static void test_wolfSSL_CTX_set_client_CA_list(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    X509_NAME* name = NULL;
    STACK_OF(X509_NAME)* names = NULL;
    STACK_OF(X509_NAME)* ca_list = NULL;
    int i, names_len;

    printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
    /* Send two X501 names in cert request */
    names = SSL_load_client_CA_file(cliCertFile);
    AssertNotNull(names);
    ca_list = SSL_load_client_CA_file(caCertFile);
    AssertNotNull(ca_list);
    AssertIntEQ(sk_X509_NAME_push(names, sk_X509_NAME_value(ca_list, 0)), 1);
    SSL_CTX_set_client_CA_list(ctx, names);
    /* This should only free the stack structure */
    sk_X509_NAME_free(ca_list);
    AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
    AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));

    AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
    for (i=0; i<names_len; i++) {
        AssertNotNull(name = sk_X509_NAME_value(names, i));
        AssertIntEQ(sk_X509_NAME_find(names, name), i);
    }

    /* Needed to be able to create ssl object */
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertNotNull(ssl = wolfSSL_new(ctx));
    /* load again as old names are responsibility of ctx to free*/
    names = SSL_load_client_CA_file(cliCertFile);
    AssertNotNull(names);
    SSL_set_client_CA_list(ssl, names);
    AssertNotNull(ca_list = SSL_get_client_CA_list(ssl));
    AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));

    AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
    for (i=0; i<names_len; i++) {
        AssertNotNull(name = sk_X509_NAME_value(names, i));
        AssertIntEQ(sk_X509_NAME_find(names, name), i);
    }

    printf(resultFmt, passed);

#if !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
    {
        tcp_ready ready;
        func_args server_args;
        callback_functions server_cb;
        THREAD_TYPE serverThread;
        WOLFSSL* ssl_client;
        WOLFSSL_CTX* ctx_client;
        SOCKET_T sockfd = 0;

        printf(testingFmt, "wolfSSL_get_client_CA_list() with handshake");

        StartTCP();
        InitTcpReady(&ready);

        XMEMSET(&server_args, 0, sizeof(func_args));
        XMEMSET(&server_cb, 0, sizeof(callback_functions));

        server_args.signal    = &ready;
        server_args.callbacks = &server_cb;

        /* we are responsible for free'ing WOLFSSL_CTX */
        server_cb.ctx = ctx;
        server_cb.isSharedCtx = 1;

        AssertIntEQ(WOLFSSL_SUCCESS,
                wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));

        start_thread(test_server_nofail, &server_args, &serverThread);
        wait_tcp_ready(&server_args);

        tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
        AssertNotNull(ctx_client = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
        AssertIntEQ(WOLFSSL_SUCCESS,
                wolfSSL_CTX_load_verify_locations(ctx_client, caCertFile, 0));
        AssertIntEQ(WOLFSSL_SUCCESS,
              wolfSSL_CTX_use_certificate_file(ctx_client, cliCertFile, SSL_FILETYPE_PEM));
        AssertIntEQ(WOLFSSL_SUCCESS,
                wolfSSL_CTX_use_PrivateKey_file(ctx_client, cliKeyFile, SSL_FILETYPE_PEM));

        AssertNotNull(ssl_client = wolfSSL_new(ctx_client));
        AssertIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS);

        AssertNotNull(ca_list = SSL_get_client_CA_list(ssl_client));
        /* We are expecting two cert names to be sent */
        AssertIntEQ(sk_X509_NAME_num(ca_list), 2);

        AssertNotNull(names = SSL_CTX_get_client_CA_list(ctx));
        for (i=0; i<sk_X509_NAME_num(ca_list); i++) {
            AssertNotNull(name = sk_X509_NAME_value(ca_list, i));
            AssertIntGE(sk_X509_NAME_find(names, name), 0);
        }

        wolfSSL_shutdown(ssl_client);
        wolfSSL_free(ssl_client);
        wolfSSL_CTX_free(ctx_client);

        join_thread(serverThread);
        FreeTcpReady(&ready);

        printf(resultFmt, passed);
    }
#endif

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */
}

static void test_wolfSSL_CTX_add_client_CA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
    !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX* ctx;
    WOLFSSL_X509* x509;
    WOLFSSL_X509* x509_a;
    STACK_OF(X509_NAME)* ca_list;
    int ret = 0;

    printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    /* Add client cert */
    x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
    AssertNotNull(x509);
    ret = SSL_CTX_add_client_CA(ctx, x509);
    AssertIntEQ(ret, SSL_SUCCESS);
    AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
    /* Add another client cert */
    AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
                                                        SSL_FILETYPE_PEM));
    AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);

   /* test for incorrect parameter */
    AssertIntEQ(SSL_CTX_add_client_CA(NULL, x509), 0);
    AssertIntEQ(SSL_CTX_add_client_CA(ctx, NULL), 0);
    AssertIntEQ(SSL_CTX_add_client_CA(NULL, NULL), 0);

    X509_free(x509);
    X509_free(x509_a);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA  && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
static THREAD_RETURN WOLFSSL_THREAD server_task(void* args)
{
    callback_functions* callbacks = ((func_args*)args)->callbacks;
    WOLFSSL_CTX* ctx       = wolfSSL_CTX_new(callbacks->method());
    WOLFSSL*  ssl   = NULL;
    SOCKET_T  sfd   = 0;
    SOCKET_T  cfd   = 0;
    word16    port;
    char      msg[] = "I hear you fa shizzle!";
    int       len   = (int) XSTRLEN(msg);
    char      input[1024];
    int       idx;
    int       ret, err = 0;

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    ((func_args*)args)->return_code = TEST_FAIL;
    port = ((func_args*)args)->signal->port;

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
            WOLFSSL_FILETYPE_PEM));

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                 WOLFSSL_FILETYPE_PEM));

    if (callbacks->ctx_ready)
        callbacks->ctx_ready(ctx);

    ssl = wolfSSL_new(ctx);
    tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL);
    CloseSocket(sfd);
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));

    if (callbacks->ssl_ready)
        callbacks->ssl_ready(ssl);

    do {
        err = 0; /* Reset error */
        ret = wolfSSL_accept(ssl);
        if (ret != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
        }
    } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);

    if (ret != WOLFSSL_SUCCESS) {
        char buff[WOLFSSL_MAX_ERROR_SZ];
        printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
    }
    else {
        if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
            input[idx] = 0;
            printf("Client message: %s\n", input);
        }

        AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
#ifdef WOLFSSL_TIRTOS
        Task_yield();
#endif
        ((func_args*)args)->return_code = TEST_SUCCESS;
    }

    if (callbacks->on_result)
        callbacks->on_result(ssl);

    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(cfd);

#ifdef WOLFSSL_TIRTOS
    fdCloseSession(Task_self());
#endif
#ifndef WOLFSSL_TIRTOS
    return 0;
#endif
}

static void keyLog_callback(const WOLFSSL* ssl, const char* line )
{

    AssertNotNull(ssl);
    AssertNotNull(line);

    XFILE fp;
    const byte  lf = '\n';
    fp = XFOPEN("./MyKeyLog.txt", "a");
    XFWRITE( line, 1, strlen(line),fp);
    XFWRITE( (void*)&lf,1,1,fp);
    XFCLOSE(fp);

}
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
static void test_wolfSSL_CTX_set_keylog_callback(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
    SSL_CTX* ctx;

    printf( testingFmt, "wolfSSL_CTX_set_keylog_callback()");
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
    SSL_CTX_free(ctx);
    SSL_CTX_set_keylog_callback(NULL, NULL);
    printf(resultFmt, passed);

#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_CTX_get_keylog_callback(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
    SSL_CTX* ctx;

    printf( testingFmt, "wolfSSL_CTX_get_keylog_callback()");
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
    AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
    SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
    AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback);
    SSL_CTX_set_keylog_callback(ctx, NULL );
    AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);

#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_Tls12_Key_Logging_test(void)
{
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
 /* This test is intended for checking whether keylog callback is called
  * in client during TLS handshake between the client and a server.
  */

    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;
    callback_functions server_cbf;
    callback_functions client_cbf;
    SOCKET_T sockfd = 0;
    WOLFSSL_CTX* ctx;
    WOLFSSL*     ssl;
    XFILE fp;
    char msg[64] = "hello wolfssl!";
    char reply[1024];
    int  msgSz = (int)XSTRLEN(msg);

    printf(testingFmt, "wolfSSL_Tls12_Key_Logging_test()");

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    InitTcpReady(&ready);
    ready.port = 22222;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    XMEMSET(&client_cbf, 0, sizeof(callback_functions));
    server_cbf.method     = wolfTLSv1_2_server_method;

    server_args.callbacks = &server_cbf;
    server_args.signal    = &ready;

    /* clean up keylog file */
    fp = XFOPEN("./MyKeyLog.txt", "w");
    XFCLOSE(fp);

    /* start server task */
    start_thread(server_task, &server_args, &serverThread);
    wait_tcp_ready(&server_args);


    /* run as a TLS1.2 client */
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));

    tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);

    /* set keylog callback */
    wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);

    /* get connected the server task */
    AssertNotNull(ssl = wolfSSL_new(ctx));
    AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);


    AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
    AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(sockfd);
    join_thread(serverThread);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    /* check if the keylog file exists */

    char  buff[300] = {0};
    int  found = 0;

    fp = XFOPEN("./MyKeyLog.txt", "r");

    AssertNotNull(fp);

    while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
        if(0 == strncmp(buff,"CLIENT_RANDOM ",
                    sizeof("CLIENT_RANDOM ")-1)) {
            found = 1;
            break;
        }
    }
    XFCLOSE(fp);
    /* a log starting with "CLIENT_RANDOM " should exit in the file */
    AssertNotNull( found );
    printf(resultFmt, passed);

#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_Tls13_Key_Logging_test(void)
{
 #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \
    defined(HAVE_SECRET_CALLBACK)
 /* This test is intended for checking whether keylog callback is called
  * in client during TLS handshake between the client and a server.
  */

    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;
    callback_functions server_cbf;
    callback_functions client_cbf;
    SOCKET_T sockfd = 0;
    WOLFSSL_CTX* ctx;
    WOLFSSL*     ssl;
    XFILE fp;
    char msg[64] = "hello wolfssl!";
    char reply[1024];
    int  msgSz = (int)XSTRLEN(msg);

    printf(testingFmt, "wolfSSL_Tls13_Key_Logging_test()");

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    InitTcpReady(&ready);
    ready.port = 22222;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    XMEMSET(&client_cbf, 0, sizeof(callback_functions));
    server_cbf.method     = wolfTLSv1_3_server_method;  /* TLS1.3 */

    server_args.callbacks = &server_cbf;
    server_args.signal    = &ready;

    /* clean up keylog file */
    fp = XFOPEN("./MyKeyLog.txt", "w");
    XFCLOSE(fp);

    /* start server task */
    start_thread(server_task, &server_args, &serverThread);
    wait_tcp_ready(&server_args);


    /* run as a TLS1.2 client */
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));

    tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);

    /* set keylog callback */
    wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);

    /* get connected the server task */
    AssertNotNull(ssl = wolfSSL_new(ctx));
    AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
    AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);

    join_thread(serverThread);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    /* check if the keylog file exists */

    char  buff[300] = {0};
    int  found[4]   = {0};

    fp = XFOPEN("./MyKeyLog.txt", "r");

    AssertNotNull(fp);

    while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
        if(0 == strncmp(buff,"CLIENT_HANDSHAKE_TRAFFIC_SECRET ",
                    sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
            found[0] = 1;
            continue;
        }
        else if(0 == strncmp(buff,"SERVER_HANDSHAKE_TRAFFIC_SECRET ",
                    sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
            found[1] = 1;
            continue;
        }
        else if(0 == strncmp(buff,"CLIENT_TRAFFIC_SECRET_0 ",
                    sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) {
            found[2] = 1;
            continue;
        }
        else if(0 == strncmp(buff,"SERVER_TRAFFIC_SECRET_0 ",
                    sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) {
            found[3] = 1;
            continue;
        }
    }
    XFCLOSE(fp);
    int numfnd = 0;
    for( uint i = 0; i < 4; i++) {
        if( found[i] != 0)
            numfnd++;
    }
    AssertIntEQ( numfnd,4 );

    printf(resultFmt, passed);

#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */
}

#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
static void post_auth_version_cb(WOLFSSL* ssl)
{
    /* do handshake and then test version error */
    AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
    AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
    AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
#if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
    /* check was added to error queue */
    AssertIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);

    /* check the string matches expected string */
    AssertStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
            "WRONG_SSL_VERSION");
#endif
}

static void post_auth_cb(WOLFSSL* ssl)
{
    /* do handshake and then test version error */
    AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
    AssertStrEQ("TLSv1.3", wolfSSL_get_version(ssl));
    AssertNull(wolfSSL_get_peer_certificate(ssl));
    AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS);
}

static void set_post_auth_cb(WOLFSSL* ssl)
{
    if (!wolfSSL_is_server(ssl)) {
        AssertIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0);
    }
    else {
        wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL);
    }
}
#endif

static void test_wolfSSL_Tls13_postauth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    callback_functions server_cbf;
    callback_functions client_cbf;
    THREAD_TYPE serverThread;

    printf(testingFmt, "wolfSSL_Tls13_postauth()");
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;

    /* test version failure doing post auth with TLS 1.2 connection */
    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    XMEMSET(&client_cbf, 0, sizeof(callback_functions));
    server_cbf.method = wolfTLSv1_2_server_method;
    server_cbf.ssl_ready = set_post_auth_cb;
    client_cbf.ssl_ready = set_post_auth_cb;
    server_cbf.on_result = post_auth_version_cb;
    server_args.callbacks = &server_cbf;
    client_args.callbacks = &client_cbf;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    /* tests on post auth with TLS 1.3 */
    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    XMEMSET(&client_cbf, 0, sizeof(callback_functions));
    server_cbf.method = wolfTLSv1_3_server_method;
    server_cbf.ssl_ready = set_post_auth_cb;
    client_cbf.ssl_ready = set_post_auth_cb;
    server_cbf.on_result = post_auth_cb;
    server_args.callbacks = &server_cbf;
    client_args.callbacks = &client_cbf;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    FreeTcpReady(&ready);
    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_X509_NID(void)
{
    #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
    !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
    int   sigType;
    int   nameSz;

    X509*  cert;
    EVP_PKEY*  pubKeyTmp;
    X509_NAME* name;

    char commonName[80];
    char countryName[80];
    char localityName[80];
    char stateName[80];
    char orgName[80];
    char orgUnit[80];

    printf(testingFmt, "wolfSSL_X509_NID()");
    /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */

    /* convert cert from DER to internal WOLFSSL_X509 struct */
    AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
            sizeof_client_cert_der_2048));

    /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */

    /* extract PUBLIC KEY from cert */
    AssertNotNull(pubKeyTmp = X509_get_pubkey(cert));

    /* extract signatureType */
    AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);

    /* extract subjectName info */
    AssertNotNull(name = X509_get_subject_name(cert));
    AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
                                           NULL, 0)), 0);
    AssertIntEQ(nameSz, 15);
    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
                                           commonName, sizeof(commonName))), 0);
    AssertIntEQ(nameSz, 15);
    AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
                                            commonName, 9)), 0);
    AssertIntEQ(nameSz, 8);
    AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);

    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
                                         countryName, sizeof(countryName))), 0);
    AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);

    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
                                       localityName, sizeof(localityName))), 0);
    AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);

    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
                                            stateName, sizeof(stateName))), 0);
    AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);

    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
                                            orgName, sizeof(orgName))), 0);
    AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);

    AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
                                            orgUnit, sizeof(orgUnit))), 0);
    AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);

    EVP_PKEY_free(pubKeyTmp);
    X509_free(cert);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_CTX_set_srp_username(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
    && !defined(NO_SHA256) && !defined(WC_NO_RNG)
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    const char *username = "TESTUSER";
    const char *password = "TESTPASSWORD";
    int r;

    printf(testingFmt, "wolfSSL_CTX_set_srp_username()");

    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
    r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
    AssertIntEQ(r,SSL_SUCCESS);
    wolfSSL_CTX_free(ctx);

    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
    r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
    AssertIntEQ(r,SSL_SUCCESS);
    r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
    AssertIntEQ(r,SSL_SUCCESS);

    AssertNotNull(ssl = SSL_new(ctx));
    AssertNotNull(SSL_get_srp_username(ssl));
    AssertStrEQ(SSL_get_srp_username(ssl), username);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
       /* && !NO_SHA256 && !WC_NO_RNG */
}

static void test_wolfSSL_CTX_set_srp_password(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
    && !defined(NO_SHA256) && !defined(WC_NO_RNG)
    WOLFSSL_CTX* ctx;
    const char *username = "TESTUSER";
    const char *password = "TESTPASSWORD";
    int r;

    printf(testingFmt, "wolfSSL_CTX_set_srp_password()");
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
    r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
    AssertIntEQ(r,SSL_SUCCESS);
    wolfSSL_CTX_free(ctx);

    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
    r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
    AssertIntEQ(r,SSL_SUCCESS);
    r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
    AssertIntEQ(r,SSL_SUCCESS);
    wolfSSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
       /* && !NO_SHA256 && !WC_NO_RNG */
}

static void test_wolfSSL_X509_STORE(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
    X509_STORE *store;

    #ifdef HAVE_CRL
    X509_STORE_CTX *storeCtx;
    X509_CRL *crl;
    X509 *ca, *cert;
    const char crlPem[] = "./certs/crl/crl.revoked";
    const char srvCert[] = "./certs/server-revoked-cert.pem";
    const char caCert[] = "./certs/ca-cert.pem";
    XFILE fp;

    printf(testingFmt, "test_wolfSSL_X509_STORE");
    AssertNotNull(store = (X509_STORE *)X509_STORE_new());
    AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
                           SSL_FILETYPE_PEM)));
    AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
    AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
                    SSL_FILETYPE_PEM)));
    AssertNotNull((storeCtx = X509_STORE_CTX_new()));
    AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
    AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
    X509_STORE_free(store);
    X509_STORE_CTX_free(storeCtx);
    X509_free(cert);
    X509_free(ca);

    /* should fail to verify now after adding in CRL */
    AssertNotNull(store = (X509_STORE *)X509_STORE_new());
    AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
                           SSL_FILETYPE_PEM)));
    AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
    fp = XFOPEN(crlPem, "rb");
    AssertTrue((fp != XBADFILE));
    AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
                NULL, NULL));
    XFCLOSE(fp);
    AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
    AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
    AssertNotNull((storeCtx = X509_STORE_CTX_new()));
    AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
                    SSL_FILETYPE_PEM)));
    AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
    AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
    AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
    X509_CRL_free(crl);
    X509_STORE_free(store);
    X509_STORE_CTX_free(storeCtx);
    X509_free(cert);
    X509_free(ca);
    #endif /* HAVE_CRL */



    #ifndef WOLFCRYPT_ONLY
    {
        SSL_CTX* ctx;
        SSL* ssl;
        int i;
        for (i = 0; i < 2; i++) {
        #ifndef NO_WOLFSSL_SERVER
            AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
        #else
            AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
        #endif
            AssertNotNull(store = (X509_STORE *)X509_STORE_new());
            SSL_CTX_set_cert_store(ctx, store);
            AssertNotNull(store = (X509_STORE *)X509_STORE_new());
            SSL_CTX_set_cert_store(ctx, store);
            AssertNotNull(store = (X509_STORE *)X509_STORE_new());
            AssertIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile,
                    SSL_FILETYPE_PEM), SSL_SUCCESS);
            AssertIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                    SSL_FILETYPE_PEM), SSL_SUCCESS);
            AssertNotNull(ssl = SSL_new(ctx));
            if (i == 0) {
                AssertIntEQ(SSL_set0_verify_cert_store(ssl, store), SSL_SUCCESS);
            }
            else {
                AssertIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS);
                X509_STORE_free(store);
            }
            SSL_free(ssl);
            SSL_CTX_free(ctx);
        }
    }
    #endif
    printf(resultFmt, passed);
#endif
    return;
}

static void test_wolfSSL_X509_STORE_load_locations(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
    SSL_CTX *ctx;
    X509_STORE *store;

    const char ca_file[] = "./certs/ca-cert.pem";
    const char client_pem_file[] = "./certs/client-cert.pem";
    const char client_der_file[] = "./certs/client-cert.der";
    const char ecc_file[] = "./certs/ecc-key.pem";
    const char certs_path[] = "./certs/";
    const char bad_path[] = "./bad-path/";
#ifdef HAVE_CRL
    const char crl_path[] = "./certs/crl/";
    const char crl_file[] = "./certs/crl/crl.pem";
#endif

    printf(testingFmt, "wolfSSL_X509_STORE_load_locations");

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
    AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
    AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS);

    /* Test bad arguments */
    AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE);

#ifdef HAVE_CRL
    /* Test with CRL */
    AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS);
#endif

    /* Test with CA */
    AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS);

    /* Test with client_cert and certs path */
    AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS);

#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
    /* Clear nodes */
    ERR_clear_error();
#endif

    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}

static void test_X509_STORE_get0_objects(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
    X509_STORE *store;
    X509_STORE *store_cpy;
    SSL_CTX *ctx;
    X509_OBJECT *obj;
    STACK_OF(X509_OBJECT) *objs;
    int i;

    printf(testingFmt, "wolfSSL_X509_STORE_get0_objects");

    /* Setup store */
#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
    AssertNotNull(store_cpy = X509_STORE_new());
    AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
    AssertIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), WOLFSSL_SUCCESS);
#ifdef HAVE_CRL
    AssertIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), WOLFSSL_SUCCESS);
#endif
    /* Store ready */

    /* Similar to HaProxy ssl_set_cert_crl_file use case */
    AssertNotNull(objs = X509_STORE_get0_objects(store));
#ifdef HAVE_CRL
#ifdef WOLFSSL_SIGNER_DER_CERT
    AssertIntEQ(sk_X509_OBJECT_num(objs), 4);
#else
    AssertIntEQ(sk_X509_OBJECT_num(objs), 1);
#endif
#else
#ifdef WOLFSSL_SIGNER_DER_CERT
    AssertIntEQ(sk_X509_OBJECT_num(objs), 3);
#else
    AssertIntEQ(sk_X509_OBJECT_num(objs), 0);
#endif
#endif
    for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
        obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
        switch (X509_OBJECT_get_type(obj)) {
        case X509_LU_X509:
            AssertNotNull(X509_OBJECT_get0_X509(obj));
            AssertIntEQ(X509_STORE_add_cert(store_cpy,
                    X509_OBJECT_get0_X509(obj)), WOLFSSL_SUCCESS);
            break;
        case X509_LU_CRL:
#ifdef HAVE_CRL
            AssertNotNull(X509_OBJECT_get0_X509_CRL(obj));
            AssertIntEQ(X509_STORE_add_crl(store_cpy,
                    X509_OBJECT_get0_X509_CRL(obj)), WOLFSSL_SUCCESS);
            break;
#endif
        case X509_LU_NONE:
        default:
            Fail(("X509_OBJECT_get_type should return x509 or crl "
                    "(when built with crl support)"),
                    ("Unrecognized X509_OBJECT type or none"));
        }
    }

    X509_STORE_free(store_cpy);
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_BN(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
    BIGNUM* a;
    BIGNUM* b;
    BIGNUM* c;
    BIGNUM* d;
    ASN1_INTEGER* ai;

    printf(testingFmt, "wolfSSL_BN()");

    AssertNotNull(b = BN_new());
    AssertNotNull(c = BN_new());
    AssertNotNull(d = BN_new());

    ai = ASN1_INTEGER_new();
    AssertNotNull(ai);
    /* at the moment hard setting since no set function */
    ai->data[0] = 0x02; /* tag for ASN_INTEGER */
    ai->data[1] = 0x01; /* length of integer */
    ai->data[2] = 0x03;

    AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL));
    ASN1_INTEGER_free(ai);

    AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
    AssertIntEQ(BN_set_word(c, 5), SSL_SUCCESS);

    /* a + 3 = */
    AssertIntEQ(BN_add_word(NULL, 3), WOLFSSL_FAILURE);
    AssertIntEQ(BN_add_word(a, 3), WOLFSSL_SUCCESS);

    /* check result 3 + 3*/
    AssertIntEQ(BN_get_word(a), 6);
    /* set a back to 3 */
    AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);

    /* a - 3 = */
    AssertIntEQ(BN_sub_word(NULL, 3), WOLFSSL_FAILURE);
    AssertIntEQ(BN_sub_word(a, 3), WOLFSSL_SUCCESS);

    /* check result 3 - 3*/
    AssertIntEQ(BN_get_word(a), 0);
    /* set a back to 3 */
    AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);

    /* a^b mod c = */
    AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS);

    /* check result 3^2 mod 5 */
    AssertIntEQ(BN_get_word(d), 4);

    /* a*b = */
    AssertIntEQ(BN_mul(d, NULL, b, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(BN_mul(d, a, b, NULL), WOLFSSL_SUCCESS);

    /* check result 3*2 */
    AssertIntEQ(BN_get_word(d), 6);

    /* c/b = */
    AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS);

    /* check result 5/2 */
    AssertIntEQ(BN_get_word(d), 2); /* check quotient */
    AssertIntEQ(BN_get_word(a), 1); /* check remainder */
    /* set a back to 3 */
    AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);

    /* a*b mod c = */
    AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
    AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);

    /* check result 3*2 mod 5 */
    AssertIntEQ(BN_get_word(d), 1);

    AssertIntEQ(BN_set_word(a, 16), SSL_SUCCESS);
    AssertIntEQ(BN_set_word(b, 24), SSL_SUCCESS);

#ifdef WOLFSSL_KEY_GEN
    /* gcd of a and b */
    AssertIntEQ(BN_gcd(d, NULL, b, NULL), SSL_FAILURE);
    AssertIntEQ(BN_gcd(d, a, b, NULL), SSL_SUCCESS);

    /* check result gcd(16, 24) */
    AssertIntEQ(BN_get_word(d), 8);
#endif /* WOLFSSL_KEY_GEN */

    /* set b back to 2 */
    AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);

    /* BN_mod_inverse test */
    BIGNUM *r = BN_new();
    BIGNUM *val = BN_mod_inverse(r,b,c,NULL);
    AssertIntEQ((int)(BN_get_word(r) & 0x03), 3);
    BN_free(val);

#if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
                                               defined(WOLFSSL_SP_INT_NEGATIVE))
    AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
    AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
    AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
    AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE);
    AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
    {
    char* ret;
    AssertNotNull(ret = BN_bn2dec(c));
    AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
    XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
    }
#endif
    AssertIntEQ(BN_get_word(c), 4);
#endif

    BN_free(a);
    BN_free(b);
    BN_free(c);
    BN_clear_free(d);

    /* check that converting NULL and the null string returns an error */
    a = NULL;
    AssertIntLE(BN_hex2bn(&a, NULL), 0);
    AssertIntLE(BN_hex2bn(&a, ""), 0);
    AssertNull(a);

    /* check that getting a string and a bin of the same number are equal,
     * and that the comparison works EQ, LT and GT */
    AssertIntGT(BN_hex2bn(&a, "03"), 0);
    AssertNotNull(b = BN_new());
    AssertIntEQ(BN_set_word(b, 3), SSL_SUCCESS);
    AssertNotNull(c = BN_new());
    AssertIntEQ(BN_set_word(c, 4), SSL_SUCCESS);
    AssertIntEQ(BN_cmp(a, b), 0);
    AssertIntLT(BN_cmp(a, c), 0);
    AssertIntGT(BN_cmp(c, b), 0);

    AssertIntEQ(BN_set_word(a, 0), 1);
    AssertIntEQ(BN_is_zero(a), 1);
    AssertIntEQ(BN_set_bit(a, 0x45), 1);
    AssertIntEQ(BN_is_zero(a), 0);
    AssertIntEQ(BN_is_bit_set(a, 0x45), 1);
    AssertIntEQ(BN_clear_bit(a, 0x45), 1);
    AssertIntEQ(BN_is_bit_set(a, 0x45), 0);
    AssertIntEQ(BN_is_zero(a), 1);

    BN_free(a);
    BN_free(b);
    BN_free(c);

    #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
    {
        BIGNUM *ap;
        BIGNUM bv;
        BIGNUM cv;
        BIGNUM dv;

        AssertNotNull(ap = BN_new());
        BN_init(&bv);
        BN_init(&cv);
        BN_init(&dv);

        AssertIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
        AssertIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
        AssertIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);

        /* a^b mod c = */
        AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
        AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);

        /* check result  3^2 mod 5 */
        AssertIntEQ(BN_get_word(&dv), 4);

        /* a*b mod c = */
        AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
        AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);

        /* check result  3*2 mod 5 */
        AssertIntEQ(BN_get_word(&dv), 1);

        BN_free(ap);
    }
    #endif

#ifdef WOLFSSL_KEY_GEN
    AssertNotNull(a = BN_new());
    AssertIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL),
        SSL_SUCCESS);
    AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), SSL_SUCCESS);
    BN_free(a);
#endif

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
}

#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
#define TEST_ARG 0x1234
static void msg_cb(int write_p, int version, int content_type,
                   const void *buf, size_t len, SSL *ssl, void *arg)
{
    (void)write_p;
    (void)version;
    (void)content_type;
    (void)buf;
    (void)len;
    (void)ssl;

    AssertTrue(arg == (void*)TEST_ARG);
}
#endif

#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
     !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
     !defined(NO_WOLFSSL_SERVER)
#ifndef SINGLE_THREADED
#if defined(SESSION_CERTS)
#include "wolfssl/internal.h"
#endif
static int msgCb(SSL_CTX *ctx, SSL *ssl)
{
    (void) ctx;
    (void) ssl;
    #if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
        STACK_OF(X509)* sk;
        X509* x509;
        int i, num;
        BIO* bio;
    #endif
    printf("\n===== msgcb called ====\n");
    #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
    AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
    AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
    AssertNotNull(SSL_get0_verified_chain(ssl));
    #endif

    #if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
    bio = BIO_new(BIO_s_file());
    BIO_set_fp(bio, stdout, BIO_NOCLOSE);
    sk = SSL_get_peer_cert_chain(ssl);
    AssertNotNull(sk);
    if (!sk) {
        BIO_free(bio);
        return SSL_FAILURE;
    }
    num = sk_X509_num(sk);
    AssertTrue(num > 0);
    for (i = 0; i < num; i++) {
        x509 = sk_X509_value(sk,i);
        AssertNotNull(x509);
        if (!x509)
            break;
        printf("Certificate at index [%d] = :\n",i);
        X509_print(bio,x509);
        printf("\n\n");
    }
    BIO_free(bio);
    #endif
    return SSL_SUCCESS;
}
#endif
#endif

static void test_wolfSSL_msgCb(void)
{
  #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
     !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
     !defined(NO_WOLFSSL_SERVER)

    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    #ifndef SINGLE_THREADED
    THREAD_TYPE serverThread;
    #endif
    callback_functions client_cb;
    callback_functions server_cb;

    printf(testingFmt, "test_wolfSSL_msgCb");

/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();
    InitTcpReady(&ready);

    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));
#ifndef WOLFSSL_NO_TLS12
    client_cb.method  = wolfTLSv1_2_client_method;
    server_cb.method  = wolfTLSv1_2_server_method;
#else
    client_cb.method  = wolfTLSv1_3_client_method;
    server_cb.method  = wolfTLSv1_3_server_method;
#endif

    server_args.signal    = &ready;
    server_args.callbacks = &server_cb;
    client_args.signal    = &ready;
    client_args.callbacks = &client_cb;
    client_args.return_code = TEST_FAIL;

#ifndef SINGLE_THREADED
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, msgCb);
    join_thread(serverThread);
#endif

    FreeTcpReady(&ready);

#ifndef SINGLE_THREADED
    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);
#endif

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_either_side(void)
{
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
    !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)

    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    #ifndef SINGLE_THREADED
    THREAD_TYPE serverThread;
    #endif
    callback_functions client_cb;
    callback_functions server_cb;

    printf(testingFmt, "test_wolfSSL_either_side");

/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();
    InitTcpReady(&ready);

    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));

    /* Use different CTX for client and server */
    client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
    AssertNotNull(client_cb.ctx);
    server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
    AssertNotNull(server_cb.ctx);
    /* we are responsible for free'ing WOLFSSL_CTX */
    server_cb.isSharedCtx = client_cb.isSharedCtx = 1;

    server_args.signal    = &ready;
    server_args.callbacks = &server_cb;
    client_args.signal    = &ready;
    client_args.callbacks = &client_cb;
    client_args.return_code = TEST_FAIL;

#ifndef SINGLE_THREADED
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);
#endif

    wolfSSL_CTX_free(client_cb.ctx);
    wolfSSL_CTX_free(server_cb.ctx);
    FreeTcpReady(&ready);

#ifndef SINGLE_THREADED
    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);
#endif

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_DTLS_either_side(void)
{
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
    !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
    defined(WOLFSSL_DTLS)

    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    #ifndef SINGLE_THREADED
    THREAD_TYPE serverThread;
    #endif
    callback_functions client_cb;
    callback_functions server_cb;

    printf(testingFmt, "test_wolfSSL_DTLS_either_side");

/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    StartTCP();
    InitTcpReady(&ready);

    XMEMSET(&client_cb, 0, sizeof(callback_functions));
    XMEMSET(&server_cb, 0, sizeof(callback_functions));

    /* Use different CTX for client and server */
    client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
    AssertNotNull(client_cb.ctx);
    server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
    AssertNotNull(server_cb.ctx);
    /* we are responsible for free'ing WOLFSSL_CTX */
    server_cb.isSharedCtx = client_cb.isSharedCtx = 1;

    server_args.signal    = &ready;
    server_args.callbacks = &server_cb;
    client_args.signal    = &ready;
    client_args.callbacks = &client_cb;
    client_args.return_code = TEST_FAIL;

#ifndef SINGLE_THREADED
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);
#endif

    wolfSSL_CTX_free(client_cb.ctx);
    wolfSSL_CTX_free(server_cb.ctx);
    FreeTcpReady(&ready);

#ifndef SINGLE_THREADED
    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);
#endif

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    printf(resultFmt, passed);
#endif
}

static void test_generate_cookie(void)
{
#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO)
    SSL_CTX* ctx;
    SSL* ssl;
    byte    buf[FOURK_BUF] = {0};

    printf(testingFmt, "test_generate_cookie");

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method()));
    AssertNotNull(ssl = SSL_new(ctx));

    /* Test unconnected */
    AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);

    wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);

    wolfSSL_SetCookieCtx(ssl, ctx);

    AssertNotNull(wolfSSL_GetCookieCtx(ssl));

    AssertNull(wolfSSL_GetCookieCtx(NULL));

    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_set_options(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    SSL*     ssl;
    SSL_CTX* ctx;
    char appData[] = "extra msg";

    unsigned char protos[] = {
        7, 't', 'l', 's', '/', '1', '.', '2',
        8, 'h', 't', 't', 'p', '/', '1', '.', '1'
    };
    unsigned int len = sizeof(protos);

    void *arg = (void *)TEST_ARG;

    printf(testingFmt, "wolfSSL_set_options()");

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));

    AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
    AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);

    AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE |
                                                              SSL_OP_NO_SSLv2)), 0);
    AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) &
                                 SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
    AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) &
                                           SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
    AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) &
                                   SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
    AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) &
                                               SSL_OP_NO_COMPRESSION));

    SSL_CTX_free(ctx);

#ifndef NO_WOLFSSL_SERVER
    ctx = SSL_CTX_new(wolfSSLv23_server_method());
    AssertNotNull(ctx);
#else
    ctx = SSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
#endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_set_msg_callback(ctx, msg_cb) == SSL_SUCCESS);

    AssertNotNull(ssl = SSL_new(ctx));
#ifdef HAVE_EX_DATA
    AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_SUCCESS);
    AssertNotNull(SSL_get_app_data((const WOLFSSL*)ssl));
    if (ssl) {
        AssertIntEQ(XMEMCMP(SSL_get_app_data((const WOLFSSL*)ssl),
                    appData, sizeof(appData)), 0);
    }
#else
    AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_FAILURE);
    AssertNull(SSL_get_app_data((const WOLFSSL*)ssl));
#endif

    AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
    AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1);

    AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE |
                                                          WOLFSSL_OP_NO_SSLv2)), 0);
    AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) &
                             SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
    AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) &
                                       SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
    AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
                               SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
    AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
                                       SSL_OP_NO_COMPRESSION));

    AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS);
    SSL_set_msg_callback_arg(ssl, arg);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
    AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == 0);
#else
    AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS);
#endif

#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
    defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)

#if defined(HAVE_ALPN) && !defined(NO_BIO)

#ifdef WOLFSSL_ERROR_CODE_OPENSSL
    AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == 0);
#else
    AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == SSL_SUCCESS);
#endif

#endif /* HAVE_ALPN && !NO_BIO */
#endif

    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
         !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}

static void test_wolfSSL_sk_SSL_CIPHER(void)
{
    #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    SSL*     ssl;
    SSL_CTX* ctx;
    STACK_OF(SSL_CIPHER) *sk, *dup;

    printf(testingFmt, "wolfSSL_sk_SSL_CIPHER_*()");

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));
    AssertNotNull(sk = SSL_get_ciphers(ssl));
    AssertNotNull(dup = sk_SSL_CIPHER_dup(sk));
    AssertIntGT(sk_SSL_CIPHER_num(sk), 0);
    AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dup));

    /* error case because connection has not been established yet */
    AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1);
    sk_SSL_CIPHER_free(dup);

    /* sk is pointer to internal struct that should be free'd in SSL_free */
    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}

static void test_wolfSSL_set1_curves_list(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_RSA)
    SSL*     ssl = NULL;
    SSL_CTX* ctx = NULL;

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
               SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);

    AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);

    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_set1_sigalgs_list(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
    SSL*     ssl;
    SSL_CTX* ctx;

#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
               SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));

    AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);

    AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);

#ifndef NO_RSA
    #ifndef NO_SHA256
        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
                    WOLFSSL_FAILURE);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
                    WOLFSSL_FAILURE);

        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
                    WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
                    WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
                    WOLFSSL_FAILURE);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
                    WOLFSSL_FAILURE);
        #ifdef WC_RSA_PSS
            AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
                        WOLFSSL_SUCCESS);
            AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"),
                        WOLFSSL_SUCCESS);
            AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"),
                        WOLFSSL_SUCCESS);
            AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"),
                        WOLFSSL_SUCCESS);
        #endif
        #ifdef WOLFSSL_SHA512
            AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
                       "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
            AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
                       "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
        #elif defined(WOLFSSL_SHA384)
            AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
                       "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
            AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
                       "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
        #endif
        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
                    WOLFSSL_FAILURE);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
                    WOLFSSL_FAILURE);

        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
                    WOLFSSL_FAILURE);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
                    WOLFSSL_FAILURE);
    #endif
#endif
#ifdef HAVE_ECC
    #ifndef NO_SHA256
        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"),
                    WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"), WOLFSSL_SUCCESS);
        #ifdef WOLFSSL_SHA512
            AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
                       "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
            AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
                       "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
        #elif defined(WOLFSSL_SHA384)
            AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
                       "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
            AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
                       "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
        #endif
    #endif
#endif
#ifdef HAVE_ED25519
    AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_ED448
    AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS);
#endif
#ifndef NO_DSA
    #ifndef NO_SHA256
        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"),
                    WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"),
                    WOLFSSL_SUCCESS);
    #endif
    #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
                                                defined(WOLFSSL_ALLOW_TLS_SHA1))
        AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"),
                    WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"),
                    WOLFSSL_SUCCESS);
    #endif
#endif

    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
    #endif
}

/* Testing  wolfSSL_set_tlsext_status_type function.
 * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
 */
static void test_wolfSSL_set_tlsext_status_type(void){
    #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
    !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
    SSL*     ssl;
    SSL_CTX* ctx;

    printf(testingFmt, "wolfSSL_set_tlsext_status_type()");

    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));
    AssertIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp),
            SSL_SUCCESS);
    AssertIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp);
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    #endif  /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
}

#ifndef NO_BIO

static void test_wolfSSL_PEM_read_bio(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    byte buff[6000];
    XFILE f;
    int  bytes;
    X509* x509;
    BIO*  bio = NULL;
    BUF_MEM* buf;

    printf(testingFmt, "wolfSSL_PEM_read_bio()");

    f = XFOPEN(cliCertFile, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
    XFCLOSE(f);

    AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
    AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
    AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
    AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1);
    AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1);
    AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1);
    AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf));

    BIO_free(bio);
    BUF_MEM_free(buf);
    X509_free(x509);

    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}


#if defined(OPENSSL_EXTRA)
static long bioCallback(BIO *bio, int cmd, const char* argp, int argi,
                 long argl, long ret)
{
    (void)bio;
    (void)cmd;
    (void)argp;
    (void)argi;
    (void)argl;
    return ret;
}
#endif


static void test_wolfSSL_BIO(void)
{
    #if defined(OPENSSL_EXTRA)
    const unsigned char* p;
    byte buff[20];
    BIO* bio1;
    BIO* bio2;
    BIO* bio3;
    char* bufPt;
    int i;

    printf(testingFmt, "wolfSSL_BIO()");

    for (i = 0; i < 20; i++) {
        buff[i] = i;
    }
    /* test BIO_free with NULL */
    AssertIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);

    /* Creating and testing type BIO_s_bio */
    AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
    AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
    AssertNotNull(bio3 = BIO_new(BIO_s_bio()));

    /* read/write before set up */
    AssertIntEQ(BIO_read(bio1, buff, 2),  WOLFSSL_BIO_UNSET);
    AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);

    AssertIntEQ(BIO_set_nbio(bio1, 1), 1);
    AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
    AssertIntEQ(BIO_set_write_buf_size(bio2, 8),  WOLFSSL_SUCCESS);
    AssertIntEQ(BIO_make_bio_pair(bio1, bio2),    WOLFSSL_SUCCESS);

    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
    XMEMCPY(bufPt, buff, 10);
    AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10);
    /* write buffer full */
    AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
    AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
    AssertIntEQ((int)BIO_ctrl_pending(bio1), 0);

    /* write the other direction with pair */
    AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
    XMEMCPY(bufPt, buff, 8);
    AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);

    /* try read */
    AssertIntEQ((int)BIO_ctrl_pending(bio1), 8);
    AssertIntEQ((int)BIO_ctrl_pending(bio2), 20);

    /* try read using ctrl function */
    AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
    AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
    AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
    AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);

    AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
    for (i = 0; i < 20; i++) {
        AssertIntEQ((int)bufPt[i], i);
    }
    AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
    AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
    for (i = 0; i < 8; i++) {
        AssertIntEQ((int)bufPt[i], i);
    }
    AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
    AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1);

    /* new pair */
    AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
    BIO_free(bio2); /* free bio2 and automatically remove from pair */
    AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
    AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
    AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);

    /* test wrap around... */
    AssertIntEQ(BIO_reset(bio1), 0);
    AssertIntEQ(BIO_reset(bio3), 0);

    /* fill write buffer, read only small amount then write again */
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
    XMEMCPY(bufPt, buff, 20);
    AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
    for (i = 0; i < 4; i++) {
        AssertIntEQ(bufPt[i], i);
    }

    /* try writing over read index */
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4);
    XMEMSET(bufPt, 0, 4);
    AssertIntEQ((int)BIO_ctrl_pending(bio3), 20);

    /* read and write 0 bytes */
    AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0);

    /* should read only to end of write buffer then need to read again */
    AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
    for (i = 0; i < 16; i++) {
        AssertIntEQ(bufPt[i], buff[4 + i]);
    }

    AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
    AssertIntEQ(BIO_nread0(bio3, &bufPt), 4);
    for (i = 0; i < 4; i++) {
        AssertIntEQ(bufPt[i], 0);
    }

    /* read index should not have advanced with nread0 */
    AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4);
    for (i = 0; i < 4; i++) {
        AssertIntEQ(bufPt[i], 0);
    }

    /* write and fill up buffer checking reset of index state */
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
    XMEMCPY(bufPt, buff, 20);

    /* test reset on data in bio1 write buffer */
    AssertIntEQ(BIO_reset(bio1), 0);
    AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
    AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
    AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
    AssertNotNull(p);
    XMEMCPY(bufPt, buff, 20);
    AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
    for (i = 0; i < 6; i++) {
        AssertIntEQ(bufPt[i], i);
    }

    /* test case of writing twice with offset read index */
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3);
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
    AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
    AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1);
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1);
    AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);

    BIO_free(bio1);
    BIO_free(bio3);

    #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
    {
        BIO* bioA = NULL;
        BIO* bioB = NULL;
        AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
        AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
        BIO_free(bioA);
        bioA = NULL;
        BIO_free(bioB);
        bioB = NULL;
    }
    #endif /* OPENSSL_ALL || WOLFSSL_ASIO */

    /* BIOs with file pointers */
    #if !defined(NO_FILESYSTEM)
    {
        XFILE f1;
        XFILE f2;
        BIO*  f_bio1;
        BIO*  f_bio2;
        unsigned char cert[300];
        char testFile[] = "tests/bio_write_test.txt";
        char msg[]      = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n";

        AssertNotNull(f_bio1 = BIO_new(BIO_s_file()));
        AssertNotNull(f_bio2 = BIO_new(BIO_s_file()));

        AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
        AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1),   0);

        f1 = XFOPEN(svrCertFile, "rwb");
        AssertTrue((f1 != XBADFILE));
        AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
        AssertIntEQ(BIO_write_filename(f_bio2, testFile),
                WOLFSSL_SUCCESS);

        AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
        AssertIntEQ(BIO_tell(f_bio1),sizeof(cert));
        AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg));
        AssertIntEQ(BIO_tell(f_bio2),sizeof(msg));
        AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert));
        AssertIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));

        AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
        AssertIntEQ(BIO_reset(f_bio2), 0);
        AssertIntEQ(BIO_tell(NULL),-1);
        AssertIntEQ(BIO_tell(f_bio2),0);
        AssertIntEQ(BIO_seek(f_bio2, 4), 0);
        AssertIntEQ(BIO_tell(f_bio2),4);

        BIO_free(f_bio1);
        BIO_free(f_bio2);

        AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
        AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
        AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
        BIO_free(f_bio1);

    }
    #endif /* !defined(NO_FILESYSTEM) */

    /* BIO info callback */
    {
        const char* testArg = "test";
        BIO* cb_bio;
        AssertNotNull(cb_bio = BIO_new(BIO_s_mem()));

        BIO_set_callback(cb_bio, bioCallback);
        AssertNotNull(BIO_get_callback(cb_bio));
        BIO_set_callback(cb_bio, NULL);
        AssertNull(BIO_get_callback(cb_bio));

        BIO_set_callback_arg(cb_bio, (char*)testArg);
        AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg);
        AssertNull(BIO_get_callback_arg(NULL));

        BIO_free(cb_bio);
    }

    /* BIO_vfree */
    AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
    BIO_vfree(NULL);
    BIO_vfree(bio1);

    printf(resultFmt, passed);
    #endif
}

#endif /* !NO_BIO */


static void test_wolfSSL_ASN1_STRING(void)
{
    #if defined(OPENSSL_EXTRA)
    ASN1_STRING* str = NULL;
    const char data[] = "hello wolfSSL";

    printf(testingFmt, "wolfSSL_ASN1_STRING()");

    AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
    AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
    AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
    AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
    AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0);

    ASN1_STRING_free(str);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_ASN1_BIT_STRING(void)
{
#ifdef OPENSSL_ALL
    ASN1_BIT_STRING* str;

    printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()");
    AssertNotNull(str = ASN1_BIT_STRING_new());

    AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
    AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
    AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);

    ASN1_BIT_STRING_free(str);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_a2i_ASN1_INTEGER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
    BIO *bio, *out;
    ASN1_INTEGER* ai;
    char buf[] = "123456\n12345\n112345678912345678901234567890\n";
    char tmp[1024];
    int  tmpSz;

    const char expected1[] = "123456";
    const char expected2[] = "112345678912345678901234567890";

    printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()");

    AssertNotNull(bio = BIO_new_mem_buf(buf, -1));
    AssertNotNull(out = BIO_new(BIO_s_mem()));
    AssertNotNull(ai = ASN1_INTEGER_new());

    /* read first line */
    AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
    AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
    XMEMSET(tmp, 0, 1024);
    tmpSz = BIO_read(out, tmp, 1024);
    AssertIntEQ(tmpSz, 6);
    AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);

    /* fail on second line (not % 2) */
    AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);

    /* read 3rd long line */
    AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
    AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
    XMEMSET(tmp, 0, 1024);
    tmpSz = BIO_read(out, tmp, 1024);
    AssertIntEQ(tmpSz, 30);
    AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);

    BIO_free(out);
    BIO_free(bio);
    ASN1_INTEGER_free(ai);

    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_a2i_IPADDRESS(void)
{
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO)
    const unsigned char* data;
    int dataSz = 0;
    ASN1_OCTET_STRING *st;

    const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1};
    const unsigned char ipv6_exp[] = {
        0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77
    };
    const unsigned char ipv6_home[] = {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
    };
    printf(testingFmt, "test_wolfSSL_a2i_IPADDRESS()");

    AssertNull(st = a2i_IPADDRESS("127.0.0.1bad"));
    AssertNotNull(st = a2i_IPADDRESS("127.0.0.1"));
    data   = ASN1_STRING_get0_data(st);
    dataSz = ASN1_STRING_length(st);
    AssertIntEQ(dataSz, WOLFSSL_IP4_ADDR_LEN);
    AssertIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0);
    ASN1_STRING_free(st);

    AssertNotNull(st = a2i_IPADDRESS("::1"));
    data   = ASN1_STRING_get0_data(st);
    dataSz = ASN1_STRING_length(st);
    AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
    AssertIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0);
    ASN1_STRING_free(st);

    AssertNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777"));
    data   = ASN1_STRING_get0_data(st);
    dataSz = ASN1_STRING_length(st);
    AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
    AssertIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0);
    ASN1_STRING_free(st);

    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_DES_ecb_encrypt(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
    WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
    WOLFSSL_DES_key_schedule key;

    printf(testingFmt, "wolfSSL_DES_ecb_encrypt()");

    XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
    XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
    XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
    XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
    XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
    XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
    XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));

    /* Encrypt messages */
    wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
    wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);

    /* Decrypt messages */
    int ret1 = 0;
    int ret2 = 0;
    wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
    ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
    AssertIntEQ(ret1,0);
    wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
    ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
    AssertIntEQ(ret2,0);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_ASN1_TIME_adj(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
&& !defined(USER_TIME) && !defined(TIME_OVERRIDES)

    const int year = 365*24*60*60;
    const int day  = 24*60*60;
    const int hour = 60*60;
    const int mini = 60;
    const byte asn_utc_time = ASN_UTC_TIME;
#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
    const byte asn_gen_time = ASN_GENERALIZED_TIME;
#endif
    WOLFSSL_ASN1_TIME *asn_time, *s;
    int offset_day;
    long offset_sec;
    char date_str[CTC_DATE_SIZE + 1];
    time_t t;

    printf(testingFmt, "wolfSSL_ASN1_TIME_adj()");

    AssertNotNull(s = wolfSSL_ASN1_TIME_new());
    /* UTC notation test */
    /* 2000/2/15 20:30:00 */
    t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
    offset_day = 7;
    offset_sec = 45 * mini;
    /* offset_sec = -45 * min;*/
    AssertNotNull(asn_time =
            wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
    AssertTrue(asn_time->type == asn_utc_time);
    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
    date_str[CTC_DATE_SIZE] = '\0';
    AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));

    /* negative offset */
    offset_sec = -45 * mini;
    asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
    AssertTrue(asn_time->type == asn_utc_time);
    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
    date_str[CTC_DATE_SIZE] = '\0';
    AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));

    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
    XMEMSET(date_str, 0, sizeof(date_str));

    /* Generalized time will overflow time_t if not long */
#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
    s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
                                    DYNAMIC_TYPE_OPENSSL);
    /* GeneralizedTime notation test */
    /* 2055/03/01 09:00:00 */
    t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
        offset_day = 12;
        offset_sec = 10 * mini;
    asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
    AssertTrue(asn_time->type == asn_gen_time);
    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
    date_str[CTC_DATE_SIZE] = '\0';
    AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));

    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
    XMEMSET(date_str, 0, sizeof(date_str));
#endif /* !TIME_T_NOT_64BIT && !NO_64BIT */

    /* if WOLFSSL_ASN1_TIME struct is not allocated */
    s = NULL;

    t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
    offset_day = 7;
    offset_sec = 45 * mini;
    asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
    AssertTrue(asn_time->type == asn_utc_time);
    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
    date_str[CTC_DATE_SIZE] = '\0';
    AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
    XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);

    asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
    AssertTrue(asn_time->type == asn_utc_time);
    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
    date_str[CTC_DATE_SIZE] = '\0';
    AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
    XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_ASN1_TIME_to_tm(void)
{
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \
    && !defined(NO_ASN_TIME)
    ASN1_TIME asnTime;
    struct tm tm;

    printf(testingFmt, "wolfSSL_ASN1_TIME_to_tm()");

    XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
    AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
    AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);

    AssertIntEQ(tm.tm_sec, 15);
    AssertIntEQ(tm.tm_min, 15);
    AssertIntEQ(tm.tm_hour, 21);
    AssertIntEQ(tm.tm_mday, 22);
    AssertIntEQ(tm.tm_mon, 1);
    AssertIntEQ(tm.tm_year, 100);
    AssertIntEQ(tm.tm_isdst, 0);
#ifdef XMKTIME
    AssertIntEQ(tm.tm_wday, 2);
    AssertIntEQ(tm.tm_yday, 52);
#endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_cmp_time(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
&& !defined(USER_TIME) && !defined(TIME_OVERRIDES)
    WOLFSSL_ASN1_TIME asn_time;
    time_t t;

    printf(testingFmt, "wolfSSL_X509_cmp_time()");

    AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
    XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
    AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));

    AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
    AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_time_adj(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
    !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
    defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
    !defined(NO_ASN_TIME)
    X509*  x509;
    time_t t, not_before, not_after;

    printf(testingFmt, "wolfSSL_X509_time_adj()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
        client_cert_der_2048, sizeof_client_cert_der_2048,
        WOLFSSL_FILETYPE_ASN1));

    t = 0;
    not_before = XTIME(0);
    not_after = XTIME(0) + (60 * 24 * 30); /* 30 days after */
    AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
    AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
    /* Check X509_gmtime_adj, too. */
    AssertNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after));

    X509_free(x509);

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_X509(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\
    && !defined(NO_RSA)
    X509* x509;
#ifndef NO_BIO
    BIO*  bio;
    X509_STORE_CTX* ctx;
    X509_STORE* store;
#endif

    char der[] = "certs/ca-cert.der";
    XFILE fp;

    printf(testingFmt, "wolfSSL_X509()");

    AssertNotNull(x509 = X509_new());
    X509_free(x509);

#ifndef NO_BIO
    x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);

    AssertNotNull(bio = BIO_new(BIO_s_mem()));

#ifdef WOLFSSL_CERT_GEN
    AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
#endif

    AssertNotNull(ctx = X509_STORE_CTX_new());

    AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);

    AssertNotNull(store = X509_STORE_new());
    AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
    AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
    AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);


    X509_STORE_CTX_free(ctx);
    X509_STORE_free(store);
    X509_free(x509);
    BIO_free(bio);
#endif

    /** d2i_X509_fp test **/
    fp = XFOPEN(der, "rb");
    AssertTrue((fp != XBADFILE));
    AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
    AssertNotNull(x509);
    X509_free(x509);
    XFCLOSE(fp);
    fp = XFOPEN(der, "rb");
    AssertTrue((fp != XBADFILE));
    AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
    AssertNotNull(x509);
    X509_free(x509);
    XFCLOSE(fp);

    /* X509_up_ref test */
    AssertIntEQ(X509_up_ref(NULL), 0);
    AssertNotNull(x509 = X509_new());   /* refCount = 1 */
    AssertIntEQ(X509_up_ref(x509), 1);  /* refCount = 2 */
    AssertIntEQ(X509_up_ref(x509), 1);  /* refCount = 3 */
    X509_free(x509); /* refCount = 2 */
    X509_free(x509); /* refCount = 1 */
    X509_free(x509); /* refCount = 0, free */

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_X509_get_ext_count(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
    !defined(NO_RSA)
    int ret = 0;
    WOLFSSL_X509* x509;
    const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
    FILE* f;

    printf(testingFmt, "wolfSSL_X509_get_ext_count()");

    /* NULL parameter check */
    AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
                                                             SSL_FILETYPE_PEM));
    AssertIntEQ(X509_get_ext_count(x509), 5);
    wolfSSL_X509_free(x509);

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile,
                                                             SSL_FILETYPE_PEM));
    AssertIntEQ(X509_get_ext_count(x509), 5);
    wolfSSL_X509_free(x509);

    AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
    fclose(f);

    printf(testingFmt, "wolfSSL_X509_get_ext_count() valid input");
    AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
    printf(resultFmt, ret == 4 ? passed : failed);

    printf(testingFmt, "wolfSSL_X509_get_ext_count() NULL argument");
    AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
    printf(resultFmt, ret == WOLFSSL_FAILURE ? passed : failed);

    wolfSSL_X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_sign2(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
    defined(WOLFSSL_CERT_EXT) && \
    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))

    WOLFSSL_X509 *x509, *ca;
    const unsigned char *der;
    const unsigned char *pt;
    WOLFSSL_EVP_PKEY  *priv;
    WOLFSSL_X509_NAME *name;
    WOLFSSL_ASN1_TIME *notBefore, *notAfter;
    int derSz;

    const int year = 365*24*60*60;
    const int day  = 24*60*60;
    const int hour = 60*60;
    const int mini = 60;
    time_t t;

    const unsigned char expected[] = {
#ifdef WOLFSSL_AKID_NAME
        0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01,
        0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
        0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
        0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
        0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
        0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
        0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
        0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
        0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
        0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
        0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
        0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
        0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
        0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
        0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
        0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
        0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
        0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
        0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
        0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
        0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
        0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
        0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
        0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
        0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
        0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
        0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
        0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
        0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
        0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
        0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
        0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
        0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
        0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
        0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
        0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
        0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
        0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
        0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
        0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
        0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
        0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
        0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
        0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
        0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
        0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
        0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
        0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
        0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
        0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
        0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
        0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
        0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
        0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
        0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x44, 0x30, 0x82, 0x01,
        0x40, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
        0x01, 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15,
        0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
        0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06,
        0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66,
        0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
        0xd7, 0x85, 0x65, 0xc0, 0x30, 0x81, 0xd3, 0x06, 0x03, 0x55, 0x1d, 0x23,
        0x04, 0x81, 0xcb, 0x30, 0x81, 0xc8, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66,
        0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
        0xd7, 0x85, 0x65, 0xc0, 0xa1, 0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81,
        0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
        0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
        0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
        0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
        0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34,
        0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10,
        0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d,
        0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
        0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73,
        0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
        0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
        0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d,
        0x96, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30,
        0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06,
        0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06,
        0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
        0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x2e, 0xd1, 0xec, 0xbc, 0x99, 0xfe,
        0x50, 0x38, 0x47, 0x47, 0x88, 0x51, 0xcf, 0xe4, 0x88, 0x76, 0xdf, 0x89,
        0x8f, 0xea, 0x91, 0xbc, 0xd6, 0xc6, 0x91, 0xc9, 0xcc, 0x33, 0x77, 0x5d,
        0xdd, 0x4b, 0xc9, 0xf6, 0x10, 0x54, 0xe2, 0x04, 0x89, 0x51, 0xdb, 0xe1,
        0x00, 0x0c, 0x61, 0x03, 0x26, 0x86, 0x35, 0xac, 0x96, 0x23, 0x9d, 0xef,
        0xd9, 0x95, 0xe4, 0xb4, 0x83, 0x9e, 0x0f, 0x47, 0x30, 0x08, 0x96, 0x28,
        0x7f, 0x2d, 0xe3, 0x23, 0x30, 0x3b, 0xb0, 0x46, 0xe8, 0x21, 0x78, 0xb4,
        0xc0, 0xbc, 0x9f, 0x60, 0x02, 0xd4, 0x16, 0x2d, 0xe5, 0x5a, 0x00, 0x65,
        0x15, 0x95, 0x81, 0x93, 0x80, 0x06, 0x3e, 0xf7, 0xdf, 0x0c, 0x2b, 0x3f,
        0x14, 0xfc, 0xc3, 0x79, 0xfd, 0x59, 0x5c, 0xa7, 0xc3, 0xe0, 0xa8, 0xd4,
        0x53, 0x4f, 0x13, 0x0a, 0xa3, 0xfe, 0x1d, 0x63, 0x4e, 0x84, 0xb2, 0x98,
        0x19, 0x06, 0xe0, 0x60, 0x3a, 0xc9, 0x49, 0x73, 0x00, 0xe3, 0x72, 0x2f,
        0x68, 0x27, 0x9f, 0x14, 0x18, 0xb7, 0x57, 0xb9, 0x1d, 0xa8, 0xb3, 0x05,
        0x6c, 0xf5, 0x4b, 0x0e, 0xac, 0x26, 0x7a, 0xfe, 0xc1, 0xab, 0x1f, 0x27,
        0xf1, 0x1e, 0x21, 0x33, 0x31, 0xb6, 0x43, 0xb0, 0xf8, 0x74, 0x69, 0x6a,
        0xb1, 0x9b, 0xcb, 0xe4, 0xd3, 0xa2, 0x8e, 0x8a, 0x55, 0xef, 0x81, 0xf3,
        0x4a, 0x44, 0x90, 0x4d, 0x08, 0xb8, 0x31, 0x90, 0x1a, 0x82, 0x52, 0x56,
        0xeb, 0xf0, 0x50, 0x5b, 0x9f, 0x87, 0x98, 0x54, 0xfe, 0x6a, 0x60, 0x41,
        0x16, 0xdb, 0xdc, 0xff, 0x89, 0x4c, 0x98, 0x00, 0xb1, 0x87, 0x6c, 0xe7,
        0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14,
        0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab,
        0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0
#else
        0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01,
        0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
        0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
        0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
        0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
        0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
        0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
        0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
        0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
        0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
        0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
        0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
        0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
        0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
        0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
        0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
        0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
        0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
        0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
        0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
        0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
        0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
        0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
        0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
        0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
        0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
        0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
        0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
        0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
        0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
        0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
        0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
        0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
        0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
        0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
        0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
        0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
        0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
        0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
        0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
        0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
        0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
        0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
        0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
        0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
        0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
        0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
        0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
        0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
        0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
        0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
        0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
        0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
        0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
        0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30,
        0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
        0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13,
        0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
        0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55,
        0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68,
        0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85,
        0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
        0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e,
        0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30,
        0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
        0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
        0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
        0x01, 0x00, 0x98, 0x2a, 0x3d, 0x94, 0x37, 0xae, 0xd6, 0x28, 0x12, 0xed,
        0x6d, 0x95, 0xc9, 0x05, 0x89, 0x4b, 0x5c, 0x5e, 0x88, 0xed, 0x9e, 0x14,
        0x89, 0x79, 0x65, 0x7b, 0x5c, 0xdb, 0xcd, 0x21, 0xc5, 0xfc, 0x7a, 0x05,
        0xd2, 0x33, 0x54, 0xa1, 0x1b, 0xb2, 0xc6, 0xd8, 0x3e, 0x88, 0x7d, 0x58,
        0xfd, 0xd0, 0xca, 0x71, 0x58, 0xd5, 0x37, 0x81, 0xe0, 0xef, 0x65, 0xfc,
        0x1b, 0xf1, 0x5d, 0xdd, 0x26, 0x68, 0x12, 0xfb, 0x12, 0x24, 0xd5, 0x45,
        0x4f, 0x41, 0xad, 0xee, 0x3f, 0x16, 0x40, 0xb2, 0x59, 0xe6, 0x5b, 0x76,
        0xe7, 0x47, 0x11, 0xa4, 0xe1, 0x2f, 0x0d, 0xe8, 0x13, 0x13, 0x49, 0xb0,
        0x01, 0x11, 0x15, 0xb5, 0xb3, 0x93, 0x4f, 0x28, 0xdc, 0xd0, 0x30, 0x03,
        0x48, 0x02, 0x95, 0x2d, 0xd9, 0x26, 0x87, 0x1f, 0x19, 0xa1, 0x03, 0x5c,
        0x7c, 0xde, 0x54, 0xd4, 0x98, 0x85, 0x34, 0xcc, 0x54, 0xf1, 0x24, 0x43,
        0xa6, 0x87, 0xfa, 0xb6, 0x62, 0xee, 0xa3, 0x4a, 0xb3, 0xce, 0x1c, 0x2e,
        0xbf, 0x94, 0xef, 0x4c, 0x75, 0x75, 0x55, 0x1d, 0xc9, 0xc2, 0xe4, 0xe5,
        0x24, 0xb2, 0x0a, 0x93, 0xf0, 0xff, 0x2e, 0x43, 0x99, 0xad, 0x4e, 0x83,
        0x11, 0x52, 0xf4, 0xb9, 0x92, 0x30, 0xe1, 0x02, 0x2f, 0xa5, 0xf2, 0x21,
        0xb1, 0xf4, 0xe9, 0x57, 0xbd, 0xba, 0x17, 0x56, 0xd7, 0x31, 0xcb, 0x63,
        0xa3, 0xd5, 0xcf, 0xc9, 0xd9, 0xa6, 0x4f, 0x51, 0x6c, 0x52, 0x4c, 0x53,
        0x88, 0x9a, 0x2e, 0xb9, 0x72, 0x02, 0x6e, 0x1b, 0x21, 0x93, 0xa1, 0x88,
        0x1b, 0x35, 0x0e, 0x9e, 0x2b, 0x63, 0x81, 0xba, 0xb4, 0x6b, 0x28, 0x01,
        0x56, 0xe1, 0x0e, 0x13, 0x73, 0xf6, 0xd6, 0xa0, 0xd2, 0xfd, 0xc9, 0x4d,
        0xbd, 0xa8, 0xa9, 0x22, 0x9e, 0xc7, 0x13, 0x76, 0x5a, 0x9c, 0xd3, 0x9a,
        0xf4, 0x0c, 0x52, 0xe6, 0x47, 0xcb
#endif
    };

    printf(testingFmt, "wolfSSL_X509_sign2");

    pt = ca_key_der_2048;
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
                                                sizeof_ca_key_der_2048));

    pt = client_cert_der_2048;
    AssertNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt,
                sizeof_client_cert_der_2048));

    pt = ca_cert_der_2048;
    AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048));
    AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
    AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
    AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
    AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
    AssertIntEQ(notAfter->length, 13);

    AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
    AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter));

    wolfSSL_X509_sign(x509, priv, EVP_sha256());
    AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));

    AssertIntEQ(derSz, sizeof(expected));
    AssertIntEQ(XMEMCMP(der, expected, derSz), 0);

    wolfSSL_X509_free(ca);
    wolfSSL_X509_free(x509);
    wolfSSL_EVP_PKEY_free(priv);
    wolfSSL_ASN1_TIME_free(notBefore);
    wolfSSL_ASN1_TIME_free(notAfter);
    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_X509_sign(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
    int ret;
    char *cn;
    word32 cnSz;
    X509_NAME *name;
    X509 *x509, *ca;
    DecodedCert dCert;
    EVP_PKEY *pub;
    EVP_PKEY *priv;
    EVP_MD_CTX *mctx;
#if defined(USE_CERT_BUFFERS_1024)
    const unsigned char* rsaPriv = client_key_der_1024;
    const unsigned char* rsaPub = client_keypub_der_1024;
    const unsigned char* certIssuer = client_cert_der_1024;
    long clientKeySz = (long)sizeof_client_key_der_1024;
    long clientPubKeySz = (long)sizeof_client_keypub_der_1024;
    long certIssuerSz = (long)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
    const unsigned char* rsaPriv = client_key_der_2048;
    const unsigned char* rsaPub = client_keypub_der_2048;
    const unsigned char* certIssuer = client_cert_der_2048;
    long clientKeySz = (long)sizeof_client_key_der_2048;
    long clientPubKeySz = (long)sizeof_client_keypub_der_2048;
    long certIssuerSz = (long)sizeof_client_cert_der_2048;
#endif
    byte sn[16];
    int snSz = sizeof(sn);

    printf(testingFmt, "wolfSSL_X509_sign");

    /* Set X509_NAME fields */
    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
                                       (byte*)"US", 2, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                             (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                     (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS);

    /* Get private and public keys */
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
                                                                  clientKeySz));
    AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
    AssertNotNull(x509 = X509_new());
    /* Set version 3 */
    AssertIntNE(X509_set_version(x509, 2L), 0);
    /* Set subject name, add pubkey, and sign certificate */
    AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
    X509_NAME_free(name);
    AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
#ifdef WOLFSSL_ALT_NAMES
    /* Add some subject alt names */
    AssertIntNE(wolfSSL_X509_add_altname(NULL,
                "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_add_altname(x509,
                NULL, ASN_DNS_TYPE), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_add_altname(x509,
                "sphygmomanometer",
                ASN_DNS_TYPE), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_add_altname(x509,
                "supercalifragilisticexpialidocious",
                ASN_DNS_TYPE), SSL_SUCCESS);
    AssertIntEQ(wolfSSL_X509_add_altname(x509,
                "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
                ASN_DNS_TYPE), SSL_SUCCESS);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
    {
        unsigned char ip4_type[] = {127,128,0,255};
        unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
                                    0xff, 0xee, 0x99, 0x88,
                                    0x77, 0x66, 0x55, 0x44,
                                    0x00, 0x33, 0x22, 0x11};
        AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type,
                sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS);
        AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type,
                sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
    }
#endif
#endif /* WOLFSSL_ALT_NAMES */

    /* test valid sign case */
    ret = X509_sign(x509, priv, EVP_sha256());

    /* test valid X509_sign_ctx case */
    AssertNotNull(mctx = EVP_MD_CTX_new());
    AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
    AssertIntGT(X509_sign_ctx(x509, mctx), 0);

#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
    AssertIntEQ(X509_get_ext_count(x509), 1);
#endif
#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
    AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
    AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
#endif

    AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz),
                WOLFSSL_SUCCESS);
    DEBUG_WRITE_CERT_X509(x509, "signed.der");

    /* Variation in size depends on ASN.1 encoding when MSB is set */
#ifndef WOLFSSL_ALT_NAMES
    /* Valid case - size should be 798-797 with 16 byte serial number */
    AssertTrue((ret == 781 + snSz) || (ret == 782 + snSz));
#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
    /* Valid case - size should be 955-956 with 16 byte serial number */
    AssertTrue((ret == 939 + snSz) || (ret == 940 + snSz));
#else
    /* Valid case - size should be 926-927 with 16 byte serial number */
    AssertTrue((ret == 910 + snSz) || (ret == 911 + snSz));
#endif
    /* check that issuer name is as expected after signature */
    InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
    AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);

    AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
    AssertNotNull(name = X509_get_subject_name(ca));
    cnSz = X509_NAME_get_sz(name);
    AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
    AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
    AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
    XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);

#ifdef WOLFSSL_MULTI_ATTRIB
    /* test adding multiple OU's to the signer */
    AssertNotNull(name = X509_get_subject_name(ca));
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
                                       (byte*)"OU1", 3, -1, 0), SSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
                                       (byte*)"OU2", 3, -1, 0), SSL_SUCCESS);
    AssertIntGT(X509_sign(ca, priv, EVP_sha256()), 0);
#endif

    AssertNotNull(name = X509_get_subject_name(ca));
    AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS);

    AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
    AssertNotNull(name = X509_get_issuer_name(x509));
    cnSz = X509_NAME_get_sz(name);
    AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
    AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
    /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */
    AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer)));
    XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);

    FreeDecodedCert(&dCert);

    /* Test invalid parameters */
    AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
    AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
    AssertIntEQ(X509_sign(x509, priv, NULL), 0);

    AssertIntEQ(X509_sign_ctx(NULL, mctx), 0);
    EVP_MD_CTX_free(mctx);
    AssertNotNull(mctx = EVP_MD_CTX_new());
    AssertIntEQ(X509_sign_ctx(x509, mctx), 0);
    AssertIntEQ(X509_sign_ctx(x509, NULL), 0);

    /* test invalid version number */
#if defined(OPENSSL_ALL)
    AssertIntNE(X509_set_version(x509, 6L), 0);
    AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);

    /* uses ParseCert which fails on bad version number */
    AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
#endif

    EVP_MD_CTX_free(mctx);
    EVP_PKEY_free(priv);
    EVP_PKEY_free(pub);
    X509_free(x509);
    X509_free(ca);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_get0_tbs_sigalg(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
    X509* x509 = NULL;
    const X509_ALGOR* alg;
    printf(testingFmt, "wolfSSL_X509_get0_tbs_sigalg");

    AssertNotNull(x509 = X509_new());

    AssertNull(alg = X509_get0_tbs_sigalg(NULL));
    AssertNotNull(alg = X509_get0_tbs_sigalg(x509));

    X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_ALGOR_get0(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
    !defined(NO_SHA256) && !defined(NO_RSA)
    X509* x509 = NULL;
    const ASN1_OBJECT* obj = NULL;
    const X509_ALGOR* alg;
    int pptype = 0;
    const void *ppval = NULL;
    printf(testingFmt, "wolfSSL_X509_ALGOR_get0");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                                                             SSL_FILETYPE_PEM));
    AssertNotNull(alg = X509_get0_tbs_sigalg(x509));

    /* Invalid case */
    X509_ALGOR_get0(&obj, NULL, NULL, NULL);
    AssertNull(obj);

    /* Valid case */
    X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
    AssertNotNull(obj);
    AssertNull(ppval);
    AssertIntNE(pptype, 0);
    /* Make sure NID of X509_ALGOR is Sha256 with RSA */
    AssertIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);

    X509_free(x509);

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_X509_VERIFY_PARAM(void)
{
#if defined(OPENSSL_EXTRA)
    X509_VERIFY_PARAM *paramTo;
    X509_VERIFY_PARAM *paramFrom;
    int ret;
    char testIPv4[] = "127.0.0.1";
    char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
    char testhostName1[] = "foo.hoge.com";
    char testhostName2[] = "foobar.hoge.com";

    printf(testingFmt, "wolfSSL_X509()");

    paramTo = X509_VERIFY_PARAM_new();
    AssertNotNull(paramTo);
    XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM ));

    paramFrom = X509_VERIFY_PARAM_new();
    AssertNotNull(paramFrom);
    XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM ));

    ret = X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1,
                                         (int)XSTRLEN(testhostName1));
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1,
                                        (int)XSTRLEN(testhostName1)));

    X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);

    X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01);
    AssertIntEQ(0x01, paramFrom->hostFlags);

    ret = X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4);
    AssertIntEQ(0, ret);

    ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4);
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));

    ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL);
    AssertIntEQ(1, ret);

    ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6);
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));

    /* null pointer */
    ret = X509_VERIFY_PARAM_set1(NULL, paramFrom);
    AssertIntEQ(WOLFSSL_FAILURE, ret);
    /* in the case of "from" null, returns success */
    ret = X509_VERIFY_PARAM_set1(paramTo, NULL);
    AssertIntEQ(WOLFSSL_SUCCESS, ret);

    ret = X509_VERIFY_PARAM_set1(NULL, NULL);
    AssertIntEQ(WOLFSSL_FAILURE, ret);

    /* inherit flags test : VPARAM_DEFAULT */
    ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
                                    (int)XSTRLEN(testhostName1)));
    AssertIntEQ(0x01, paramTo->hostFlags);
    AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));

    /* inherit flags test : VPARAM OVERWRITE */
    X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
                                    (int)XSTRLEN(testhostName2));
    X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
    X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);

    paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE;

    ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
                                        (int)XSTRLEN(testhostName1)));
    AssertIntEQ(0x01, paramTo->hostFlags);
    AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));

    /* inherit flags test : VPARAM_RESET_FLAGS */
    X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
                                      (int)XSTRLEN(testhostName2));
    X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
    X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10);

    paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS;

    ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
                                        (int)XSTRLEN(testhostName1)));
    AssertIntEQ(0x01, paramTo->hostFlags);
    AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));

    /* inherit flags test : VPARAM_LOCKED */
    X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
                                    (int)XSTRLEN(testhostName2));
    X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
    X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);

    paramTo->inherit_flags = X509_VP_FLAG_LOCKED;

    ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
    AssertIntEQ(1, ret);
    AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2,
                                    (int)XSTRLEN(testhostName2)));
    AssertIntEQ(0x00, paramTo->hostFlags);
    AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));

    /* test for incorrect parameters */
    ret = X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL );
    AssertIntEQ(0, ret);

    ret = X509_VERIFY_PARAM_set_flags(NULL, 0 );
    AssertIntEQ(0, ret);

    /* inherit flags test : VPARAM_ONCE, not testable yet */

    ret = X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
    AssertIntEQ(1, ret);

    ret = X509_VERIFY_PARAM_get_flags(paramTo);
    AssertIntEQ(X509_V_FLAG_CRL_CHECK_ALL, ret);

    ret = X509_VERIFY_PARAM_clear_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
    AssertIntEQ(1, ret);

    ret = X509_VERIFY_PARAM_get_flags(paramTo);
    AssertIntEQ(0, ret);

    X509_VERIFY_PARAM_free(paramTo);
    X509_VERIFY_PARAM_free(paramFrom);
    X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_X509_get_X509_PUBKEY(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
    X509* x509 = NULL;
    X509_PUBKEY* pubKey;
    printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");

    AssertNotNull(x509 = X509_new());

    AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL));
    AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509));

    X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_PUBKEY_RSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
    !defined(NO_SHA256) && !defined(NO_RSA)
    X509* x509 = NULL;
    ASN1_OBJECT* obj = NULL;
    const ASN1_OBJECT* pa_oid = NULL;
    X509_PUBKEY* pubKey;
    X509_PUBKEY* pubKey2;
    EVP_PKEY* evpKey;

    const unsigned char *pk;
    int ppklen, pptype;
    X509_ALGOR *pa;
    const void *pval;

    printf(testingFmt, "wolfSSL_X509_PUBKEY_RSA");

    AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
                                                    SSL_FILETYPE_PEM));

    AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
    AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
    AssertNotNull(pk);
    AssertNotNull(pa);
    AssertNotNull(pubKey);
    AssertIntGT(ppklen, 0);

    AssertIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);

    AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
    AssertNotNull(pubKey2 = X509_PUBKEY_new());
    AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
    AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
    AssertNotNull(pk);
    AssertNotNull(pa);
    AssertIntGT(ppklen, 0);
    X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
    AssertNotNull(pa_oid);
    AssertNull(pval);
    AssertIntEQ(pptype, V_ASN1_NULL);
    AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);

    X509_PUBKEY_free(pubKey2);
    X509_free(x509);
    EVP_PKEY_free(evpKey);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_PUBKEY_EC(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC)
    X509* x509 = NULL;
    ASN1_OBJECT* obj = NULL;
    ASN1_OBJECT* poid;
    const ASN1_OBJECT* pa_oid = NULL;
    X509_PUBKEY* pubKey;
    X509_PUBKEY* pubKey2;
    EVP_PKEY* evpKey;

    const unsigned char *pk;
    int ppklen, pptype;
    X509_ALGOR *pa;
    const void *pval;
    char buf[50];

    printf(testingFmt, "wolfSSL_X509_PUBKEY_EC");

    AssertNotNull(x509 = X509_load_certificate_file(cliEccCertFile,
                                                    SSL_FILETYPE_PEM));
    AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
    AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
    AssertNotNull(pubKey2 = X509_PUBKEY_new());
    AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
    AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
    AssertNotNull(pk);
    AssertNotNull(pa);
    AssertIntGT(ppklen, 0);
    X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
    AssertNotNull(pa_oid);
    AssertNotNull(pval);
    AssertIntEQ(pptype, V_ASN1_OBJECT);
    AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC);
    poid = (ASN1_OBJECT *)pval;
    AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0);
    AssertIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1);

    X509_PUBKEY_free(pubKey2);
    X509_free(x509);
    EVP_PKEY_free(evpKey);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_PUBKEY_DSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA)
    word32  bytes;
#ifdef USE_CERT_BUFFERS_1024
    byte    tmp[ONEK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
    bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
    bytes = sizeof_dsa_key_der_2048;
#else
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
    if (fp == XBADFILE) {
        return WOLFSSL_BAD_FILE;
    }
    bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
    XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
    const unsigned char* dsaKeyDer = tmp;

    ASN1_OBJECT* obj = NULL;
    ASN1_STRING* str;
    const ASN1_OBJECT* pa_oid = NULL;
    X509_PUBKEY* pubKey = NULL;
    EVP_PKEY* evpKey = NULL;

    const unsigned char *pk;
    int ppklen, pptype;
    X509_ALGOR *pa;
    const void *pval;

    printf(testingFmt, "wolfSSL_X509_PUBKEY_DSA");

    /* Initialize pkey with der format dsa key */
    AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes));

    AssertNotNull(pubKey = X509_PUBKEY_new());
    AssertIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1);
    AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
    AssertNotNull(pk);
    AssertNotNull(pa);
    AssertIntGT(ppklen, 0);
    X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
    AssertNotNull(pa_oid);
    AssertNotNull(pval);
    AssertIntEQ(pptype, V_ASN1_SEQUENCE);
    AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA);
    str = (ASN1_STRING *)pval;
#ifdef USE_CERT_BUFFERS_1024
    AssertIntEQ(ASN1_STRING_length(str), 291);
#else
    AssertIntEQ(ASN1_STRING_length(str), 549);
#endif /* END USE_CERT_BUFFERS_1024 */

    X509_PUBKEY_free(pubKey);
    EVP_PKEY_free(evpKey);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_RAND(void)
{
    #if defined(OPENSSL_EXTRA)
    byte seed[16];

    printf(testingFmt, "wolfSSL_RAND()");

    RAND_seed(seed, sizeof(seed));
    AssertIntEQ(RAND_poll(), 1);
    RAND_cleanup();

    AssertIntEQ(RAND_egd(NULL), -1);
#ifndef NO_FILESYSTEM
    {
        char fname[100];

        AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1)));
        AssertIntEQ(RAND_write_file(NULL), 0);
    }
#endif

    printf(resultFmt, passed);
    #endif
}


static void test_wolfSSL_BUF(void)
{
    #if defined(OPENSSL_EXTRA)
    BUF_MEM* buf;
    AssertNotNull(buf = BUF_MEM_new());
    AssertIntEQ(BUF_MEM_grow(buf, 10), 10);
    AssertIntEQ(BUF_MEM_grow(buf, -1), 0);
    BUF_MEM_free(buf);
    #endif /* OPENSSL_EXTRA */
}

#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
static int stub_rand_seed(const void *buf, int num)
{
    (void)buf;
    (void)num;

    return 123;
}

static int stub_rand_bytes(unsigned char *buf, int num)
{
    (void)buf;
    (void)num;

    return 456;
}

static byte* was_stub_rand_cleanup_called(void)
{
    static byte was_called = 0;

    return &was_called;
}

static void stub_rand_cleanup(void)
{
    byte* was_called = was_stub_rand_cleanup_called();

    *was_called = 1;

    return;
}

static byte* was_stub_rand_add_called(void)
{
    static byte was_called = 0;

    return &was_called;
}

static int stub_rand_add(const void *buf, int num, double entropy)
{
    byte* was_called = was_stub_rand_add_called();

    (void)buf;
    (void)num;
    (void)entropy;

    *was_called = 1;

    return 0;
}

static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
{
    (void)buf;
    (void)num;

    return 9876;
}

static int stub_rand_status(void)
{
    return 5432;
}
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */

static void test_wolfSSL_RAND_set_rand_method(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
    RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
    unsigned char* buf = NULL;
    int num = 0;
    double entropy = 0;
    byte* was_cleanup_called = was_stub_rand_cleanup_called();
    byte* was_add_called = was_stub_rand_add_called();

    printf(testingFmt, "wolfSSL_RAND_set_rand_method()");

    buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
                                               DYNAMIC_TYPE_TMP_BUFFER);

    AssertIntNE(wolfSSL_RAND_status(), 5432);
    AssertIntEQ(*was_cleanup_called, 0);
    RAND_cleanup();
    AssertIntEQ(*was_cleanup_called, 0);


    rand_methods.seed = &stub_rand_seed;
    rand_methods.bytes = &stub_rand_bytes;
    rand_methods.cleanup = &stub_rand_cleanup;
    rand_methods.add = &stub_rand_add;
    rand_methods.pseudorand = &stub_rand_pseudo_bytes;
    rand_methods.status = &stub_rand_status;

    AssertIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
    AssertIntEQ(RAND_seed(buf, num), 123);
    AssertIntEQ(RAND_bytes(buf, num), 456);
    AssertIntEQ(RAND_pseudo_bytes(buf, num), 9876);
    AssertIntEQ(RAND_status(), 5432);

    AssertIntEQ(*was_add_called, 0);
    /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */
    RAND_add(buf, num, entropy);
    AssertIntEQ(*was_add_called, 1);
    was_add_called = 0;
    AssertIntEQ(*was_cleanup_called, 0);
    RAND_cleanup();
    AssertIntEQ(*was_cleanup_called, 1);
    *was_cleanup_called = 0;


    AssertIntEQ(RAND_set_rand_method(NULL), WOLFSSL_SUCCESS);
    AssertIntNE(RAND_status(), 5432);
    AssertIntEQ(*was_cleanup_called, 0);
    RAND_cleanup();
    AssertIntEQ(*was_cleanup_called, 0);

    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
}

static void test_wolfSSL_RAND_bytes(void)
{
    #if defined(OPENSSL_EXTRA)
    const int size1 = RNG_MAX_BLOCK_LEN;        /* in bytes */
    const int size2 = RNG_MAX_BLOCK_LEN + 1;    /* in bytes */
    const int size3 = RNG_MAX_BLOCK_LEN * 2;    /* in bytes */
    const int size4 = RNG_MAX_BLOCK_LEN * 4;    /* in bytes */
    int  max_bufsize;
    byte *my_buf;

    printf(testingFmt, "test_wolfSSL_RAND_bytes()");
    /* sanity check */
    AssertIntEQ(RAND_bytes(NULL, 16), 0);
    AssertIntEQ(RAND_bytes(NULL, 0), 0);

    max_bufsize = size4;

    my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
                                                     DYNAMIC_TYPE_TMP_BUFFER);

    AssertIntEQ(RAND_bytes(my_buf, 0), 1);
    AssertIntEQ(RAND_bytes(my_buf, -1), 0);

    AssertNotNull(my_buf);
    XMEMSET(my_buf, 0, max_bufsize);
    AssertIntEQ(RAND_bytes(my_buf, size1), 1);
    AssertIntEQ(RAND_bytes(my_buf, size2), 1);
    AssertIntEQ(RAND_bytes(my_buf, size3), 1);
    AssertIntEQ(RAND_bytes(my_buf, size4), 1);

    XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    printf(resultFmt, passed);

    #endif
}

static void test_wolfSSL_BN_rand(void)
{
    #if defined(OPENSSL_EXTRA)
    BIGNUM* bn;

    printf(testingFmt, "wolfSSL_BN_rand()");

    AssertNotNull(bn = BN_new());
    AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS);
    BN_free(bn);

    AssertNotNull(bn = BN_new());
    AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS);
    BN_free(bn);

    AssertNotNull(bn = BN_new());
    AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
    BN_free(bn);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_pseudo_rand(void)
{
    #if defined(OPENSSL_EXTRA)
    BIGNUM* bn;
    unsigned char bin[8];
    int i;

    printf(testingFmt, "wolfSSL_pseudo_rand()");

    /* BN_pseudo_rand returns 1 on success 0 on failure
     * int BN_pseudo_rand(BIGNUM* bn, int bits, int top, int bottom) */
    for (i = 0; i < 10; i++) {
        AssertNotNull(bn = BN_new());
        AssertIntEQ(BN_pseudo_rand(bn, 8, 0, 0), SSL_SUCCESS);
        AssertIntGT(BN_bn2bin(bn, bin),0);
        AssertIntEQ((bin[0] & 0x80), 0x80); /* top bit should be set */
        BN_free(bn);
    }

    for (i = 0; i < 10; i++) {
        AssertNotNull(bn = BN_new());
        AssertIntEQ(BN_pseudo_rand(bn, 8, 1, 1), SSL_SUCCESS);
        AssertIntGT(BN_bn2bin(bn, bin),0);
        AssertIntEQ((bin[0] & 0xc1), 0xc1); /* top bit should be set */
        BN_free(bn);
    }

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_PKCS8_Compat(void)
{
    #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
    #ifndef NO_BIO
    PKCS8_PRIV_KEY_INFO* pt;
    BIO* bio;
    XFILE f;
    int bytes;
    char pkcs8_buffer[512];
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
    EVP_PKEY *pkey = NULL;
#endif

    printf(testingFmt, "wolfSSL_pkcs8()");

    /* file from wolfssl/certs/ directory */
    f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb");
    AssertTrue(f != XBADFILE);
    AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0);
    XFCLOSE(f);
    AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
    AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));

#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
    AssertNotNull(pkey = EVP_PKCS82PKEY(pt));
    AssertIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);

    /* gets PKCS8 pointer to pkey */
    AssertNotNull(EVP_PKEY2PKCS8(pkey));

    EVP_PKEY_free(pkey);
#endif

    BIO_free(bio);
    PKCS8_PRIV_KEY_INFO_free(pt);

    printf(resultFmt, passed);
    #endif
    #endif
}

static void test_wolfSSL_PKCS8_d2i(void)
{
#if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
    /* This test ends up using HMAC as a part of PBKDF2, and HMAC
     * requires a 12 byte password in FIPS mode. This test ends up
     * trying to use an 8 byte password. */

#ifndef NO_FILESYSTEM
    unsigned char pkcs8_buffer[2048];
    const unsigned char* p;
    int bytes;
    XFILE file;
    WOLFSSL_EVP_PKEY* pkey = NULL;
#ifndef NO_BIO
    BIO* bio;
    #if defined(OPENSSL_ALL) && \
            ((!defined(NO_RSA) && !defined(NO_DES3)) || \
               defined(HAVE_ECC)) && \
        !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
    WOLFSSL_EVP_PKEY* evpPkey = NULL;
    #endif
#endif
#ifndef NO_RSA
    const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
    const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
    #ifndef NO_DES3
    const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
    #endif
#endif /* NO_RSA */
#ifdef HAVE_ECC
    const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
    const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
    #ifndef NO_DES3
    const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
    #endif
#endif /* HAVE_ECC */
#endif /* !NO_FILESYSTEM */

#if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC))
#ifndef NO_RSA
    #ifdef USE_CERT_BUFFERS_1024
    const unsigned char* rsa = (unsigned char*)server_key_der_1024;
    int rsaSz = sizeof_server_key_der_1024;
    #else
    const unsigned char* rsa = (unsigned char*)server_key_der_2048;
    int rsaSz = sizeof_server_key_der_2048;
    #endif
#endif
#ifdef HAVE_ECC
    const unsigned char* ec = (unsigned char*)ecc_key_der_256;
    int ecSz = sizeof_ecc_key_der_256;
#endif
#endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */


#ifndef NO_FILESYSTEM
   (void)pkcs8_buffer;
   (void)p;
   (void)bytes;
   (void)file;
#ifndef NO_BIO
   (void)bio;
#endif
#endif

#ifdef OPENSSL_ALL
#ifndef NO_RSA
    /* Try to auto-detect normal RSA private key */
    AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
    EVP_PKEY_free(pkey);
#endif
#ifdef HAVE_ECC
    /* Try to auto-detect normal EC private key */
    AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
    EVP_PKEY_free(pkey);
#endif
#endif /* OPENSSL_ALL */

#ifndef NO_FILESYSTEM
#ifndef NO_RSA
    /* Get DER encoded RSA PKCS#8 data. */
    file = XFOPEN(rsaDerPkcs8File, "rb");
    AssertTrue(file != XBADFILE);
    XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
    AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
                                                                     file)), 0);
    XFCLOSE(file);

    p = pkcs8_buffer;
#ifdef OPENSSL_ALL
    /* Try to decode - auto-detect key type. */
    AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
    AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes));
#endif

    /* Get PEM encoded RSA PKCS#8 data. */
    file = XFOPEN(rsaPemPkcs8File, "rb");
    AssertTrue(file != XBADFILE);
    AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
                                                                     file)), 0);
    XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
    !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    /* Write PKCS#8 PEM to BIO. */
    AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
                                                                  NULL), bytes);
    /* Compare file and written data */
    AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
    AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
    BIO_free(bio);
#ifndef NO_DES3
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    /* Write Encrypted PKCS#8 PEM to BIO. */
    bytes = 1834;
    AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
                          NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
    AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
                                                            (void*)"yassl123"));
    EVP_PKEY_free(evpPkey);
    BIO_free(bio);
#endif /* !NO_DES3 */
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
    EVP_PKEY_free(pkey);

    /* PKCS#8 encrypted RSA key */
#ifndef NO_DES3
    file = XFOPEN(rsaDerPkcs8EncFile, "rb");
    AssertTrue(file != XBADFILE);
    XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
    AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
                                                                     file)), 0);
    XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
    !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
    AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
    AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
                                                            (void*)"yassl123"));
    EVP_PKEY_free(pkey);
    BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* NO_RSA */

#ifdef HAVE_ECC
    /* PKCS#8 encode EC key */
    file = XFOPEN(ecDerPkcs8File, "rb");
    AssertTrue(file != XBADFILE);
    XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
    AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
                                                                     file)), 0);
    XFCLOSE(file);

    p = pkcs8_buffer;
#ifdef OPENSSL_ALL
    /* Try to decode - auto-detect key type. */
    AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
    AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes));
#endif

    /* Get PEM encoded RSA PKCS#8 data. */
    file = XFOPEN(ecPemPkcs8File, "rb");
    AssertTrue(file != XBADFILE);
    XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
    AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
                                                                     file)), 0);
    XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
    !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
    defined(HAVE_AES_CBC)
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    /* Write PKCS#8 PEM to BIO. */
    AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
                                                                  NULL), bytes);
    /* Compare file and written data */
    AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
    AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
    BIO_free(bio);
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    /* Write Encrypted PKCS#8 PEM to BIO. */
    bytes = 379;
    AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
                          NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
    AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
                                                            (void*)"yassl123"));
    EVP_PKEY_free(evpPkey);
    BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
    EVP_PKEY_free(pkey);

    /* PKCS#8 encrypted EC key */
#ifndef NO_DES3
    file = XFOPEN(ecDerPkcs8EncFile, "rb");
    AssertTrue(file != XBADFILE);
    XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
    AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
                                                                     file)), 0);
    XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
    !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
    AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
    AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
                                                            (void*)"yassl123"));
    EVP_PKEY_free(pkey);
    BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* HAVE_ECC */

#endif /* !NO_FILESYSTEM */

    printf(resultFmt, passed);
#endif /* HAVE_FIPS && OPENSSL_EXTRA */
}

#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
    defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
#define LOGGING_THREADS 5
#define ERROR_COUNT 10
static volatile int loggingThreadsReady;
static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
{
    const char* file;
    int line;
    int err;
    int errorCount = 0;
    int i;

    (void)args;

    while (!loggingThreadsReady);
    for (i = 0; i < ERROR_COUNT; i++)
        ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);

    while ((err = ERR_get_error_line(&file, &line))) {
        AssertIntEQ(err, 990 + errorCount);
        errorCount++;
    }
    AssertIntEQ(errorCount, ERROR_COUNT);

    /* test max queue behavior, trying to add an arbitrary 3 errors over */
    errorCount = 0;
    for (i = 0; i < ERROR_QUEUE_MAX + 3; i++)
        ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);

    while ((err = ERR_get_error_line(&file, &line))) {
        AssertIntEQ(err, 990 + errorCount);
        errorCount++;
    }

    /* test that the 3 errors over the max were dropped */
    AssertIntEQ(errorCount, ERROR_QUEUE_MAX);

    return 0;
}
#endif

static void test_error_queue_per_thread(void)
{
#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
    defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
    THREAD_TYPE loggingThreads[LOGGING_THREADS];
    int i;

    printf(testingFmt, "error_queue_per_thread()");

    ERR_clear_error(); /* clear out any error nodes */

    loggingThreadsReady = 0;
    for (i = 0; i < LOGGING_THREADS; i++)
        start_thread(test_logging, NULL, &loggingThreads[i]);
    loggingThreadsReady = 1;
    for (i = 0; i < LOGGING_THREADS; i++)
        join_thread(loggingThreads[i]);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_ERR_put_error(void)
{
    #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
        defined(DEBUG_WOLFSSL)
    const char* file;
    int line;

    printf(testingFmt, "wolfSSL_ERR_put_error()");


    ERR_clear_error(); /* clear out any error nodes */
    ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
    AssertIntEQ(ERR_get_error_line(&file, &line), 0);
    ERR_put_error(0,SYS_F_BIND, 1, "this file", 1);
    AssertIntEQ(ERR_get_error_line(&file, &line), 1);
    ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2);
    AssertIntEQ(ERR_get_error_line(&file, &line), 2);
    ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3);
    AssertIntEQ(ERR_get_error_line(&file, &line), 3);
    ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4);
    AssertIntEQ(ERR_get_error_line(&file, &line), 4);
    ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5);
    AssertIntEQ(ERR_get_error_line(&file, &line), 5);
    ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6);
    AssertIntEQ(ERR_get_error_line(&file, &line), 6);
    ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7);
    AssertIntEQ(ERR_get_error_line(&file, &line), 7);
    ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8);
    AssertIntEQ(ERR_get_error_line(&file, &line), 8);
    ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9);
    AssertIntEQ(ERR_get_error_line(&file, &line), 9);
    ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10);
    AssertIntEQ(ERR_get_error_line(&file, &line), 10);
    ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11);
    AssertIntEQ(ERR_get_error_line(&file, &line), 11);
    ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12);
    AssertIntEQ(ERR_get_error_line(&file, &line), 12);
    ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13);
    AssertIntEQ(ERR_get_error_line(&file, &line), 13);
    ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14);
    AssertIntEQ(ERR_get_error_line(&file, &line), 14);
    ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15);
    AssertIntEQ(ERR_get_error_line(&file, &line), 15);

#ifdef WOLFSSL_PYTHON
    ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG,
            "this file", 100);
    AssertIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line),
            (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
    AssertIntEQ(line, 100);
    AssertIntEQ(wolfSSL_ERR_peek_error(),
            (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
    AssertIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG);
#endif

    /* try reading past end of error queue */
    file = NULL;
    AssertIntEQ(ERR_get_error_line(&file, &line), 0);
    AssertNull(file);
    AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);

    PEMerr(4,4);
    AssertIntEQ(ERR_get_error(), 4);
    /* Empty and free up all error nodes */
    ERR_clear_error();

    /* Verify all nodes are cleared */
    ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
    ERR_clear_error();
    AssertIntEQ(ERR_get_error_line(&file, &line), 0);

    printf(resultFmt, passed);
    #endif
}


#ifndef NO_BIO

static void test_wolfSSL_ERR_print_errors(void)
{
    #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
        defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS)
    BIO* bio;
    char buf[1024];

    printf(testingFmt, "wolfSSL_ERR_print_errors()");


    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    ERR_clear_error(); /* clear out any error nodes */
    ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
    /* Choosing -299 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */
    ERR_put_error(0,SYS_F_BIND, -299, "asn.c", 100);

    ERR_print_errors(bio);
    AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
    AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
                buf, 55), 0);
    AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
    AssertIntEQ(XSTRNCMP("error:299:wolfSSL library:unknown error number:asn.c:100",
                buf, 56), 0);
    AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1);
    AssertIntEQ(buf[0], '\0');
    AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);

    BIO_free(bio);
    printf(resultFmt, passed);
    #endif
}

#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
    defined(DEBUG_WOLFSSL)
static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
{
    wolfSSL_BIO_write((BIO*)u, str, (int)len);
    return 0;
}
#endif

static void test_wolfSSL_ERR_print_errors_cb(void)
{
    #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
        defined(DEBUG_WOLFSSL)
    BIO* bio;
    char buf[1024];

    printf(testingFmt, "wolfSSL_ERR_print_errors_cb()");

    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    ERR_clear_error(); /* clear out any error nodes */
    ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
    ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);

    ERR_print_errors_cb(test_wolfSSL_error_cb, bio);
    AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108);
    AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c",
                buf, 53), 0);
    AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c",
                buf + 53, 55), 0);
    AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);

    BIO_free(bio);
    printf(resultFmt, passed);
    #endif
}
/*
 * Testing WOLFSSL_ERROR_MSG
 */
static int test_WOLFSSL_ERROR_MSG (void)
{
    int ret = 0;
#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
    const char* msg = TEST_STRING;

    printf(testingFmt, "WOLFSSL_ERROR_MSG()");

    WOLFSSL_ERROR_MSG(msg);

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}/*End test_WOLFSSL_ERROR_MSG*/
/*
 * Testing wc_ERR_remove_state
 */
static int test_wc_ERR_remove_state (void)
{
    int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)

    printf(testingFmt, "wc_ERR_remove_state()");

    wc_ERR_remove_state();

    printf(resultFmt, ret == 0 ? passed : failed);

#endif
    return ret;
}/*End test_wc_ERR_remove_state*/
/*
 * Testing wc_ERR_print_errors_fp
 */
static int test_wc_ERR_print_errors_fp (void)
{
    int ret = 0;
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \
    (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM))
    long sz;

    printf(testingFmt, "wc_ERR_print_errors_fp()");

    WOLFSSL_ERROR(BAD_FUNC_ARG);
    XFILE fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar");
    wc_ERR_print_errors_fp(fp);
#if defined(DEBUG_WOLFSSL)
    AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0);
    sz = XFTELL(fp);
    #ifdef NO_ERROR_QUEUE
    /* File should be empty when NO_ERROR_QUEUE is defined */
    if (sz != 0) {
        ret = BAD_FUNC_ARG;
    }
    #else
    if (sz == 0) {
        ret = BAD_FUNC_ARG;
    }
    #endif
#endif
    printf(resultFmt, ret == 0 ? passed : failed);
    XFCLOSE(fp);
    (void)sz;
#endif
    return ret;
}/*End test_wc_ERR_print_errors_fp*/
#ifdef DEBUG_WOLFSSL
static void Logging_cb(const int logLevel, const char *const logMessage)
{
    (void)logLevel;
    (void)logMessage;
}
#endif
/*
 * Testing wolfSSL_GetLoggingCb
 */
static int test_wolfSSL_GetLoggingCb (void)
{
    int ret = 0;
    printf(testingFmt, "wolfSSL_GetLoggingCb()");
#ifdef DEBUG_WOLFSSL

    /* Testing without wolfSSL_SetLoggingCb() */
    if (ret == 0) {
        if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */
            ret = 0;
        }
        if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */
            ret = -1;
        }
    }
    /* Testing with wolfSSL_SetLoggingCb() */
    if (ret == 0) {
        ret = wolfSSL_SetLoggingCb(Logging_cb);
        if (ret == 0){
            if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */
                ret = -1;
            }
            if (ret == 0) {
                if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */
                    ret = 0;
                }
            }

            /* reset logging callback */
            wolfSSL_SetLoggingCb(NULL);
        }
    }
#endif
    if (ret == 0) {
        if (wolfSSL_GetLoggingCb() != NULL) {
            ret = -1;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);

    return ret;
}/*End test_wolfSSL_GetLoggingCb*/

#endif /* !NO_BIO */

#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
    defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
static void test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
{
    static const unsigned char key[] = "simple test key";
    HMAC_CTX* hmac;
    ENGINE* e = NULL;
    unsigned char hash[WC_MAX_DIGEST_SIZE];
    unsigned int len;

    AssertNotNull(hmac = HMAC_CTX_new());
    HMAC_CTX_init(hmac);
    AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e),
                SSL_SUCCESS);

    /* re-using test key as data to hash */
    AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
    AssertIntEQ(len, md_len);
    AssertIntEQ(HMAC_size(hmac), md_len);
    AssertStrEQ(HMAC_CTX_get_md(hmac), md);

    HMAC_cleanup(hmac);
    HMAC_CTX_free(hmac);

    len = 0;
    AssertNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
    AssertIntEQ(len, md_len);
}
#endif

static void test_wolfSSL_HMAC(void)
{
#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
    defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
    printf(testingFmt, "wolfSSL_HMAC()");

    #ifndef NO_SHA256
        test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE);
    #endif
    #ifdef WOLFSSL_SHA224
        test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE);
    #endif
    #ifdef WOLFSSL_SHA384
        test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE);
    #endif
    #ifdef WOLFSSL_SHA512
        test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE);
    #endif
    #ifdef WOLFSSL_SHA3
        #ifndef WOLFSSL_NOSHA3_224
            test_openssl_hmac(EVP_sha3_224(), (int)WC_SHA3_224_DIGEST_SIZE);
        #endif
        #ifndef WOLFSSL_NOSHA3_256
            test_openssl_hmac(EVP_sha3_256(), (int)WC_SHA3_256_DIGEST_SIZE);
        #endif
        #ifndef WOLFSSL_NOSHA3_384
            test_openssl_hmac(EVP_sha3_384(), (int)WC_SHA3_384_DIGEST_SIZE);
        #endif
        #ifndef WOLFSSL_NOSHA3_512
            test_openssl_hmac(EVP_sha3_512(), (int)WC_SHA3_512_DIGEST_SIZE);
        #endif
    #endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_CMAC(void)
{
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_AES_DIRECT)
    int i;
    byte key[AES_128_KEY_SIZE];
    CMAC_CTX* cmacCtx = NULL;
    byte out[AES_BLOCK_SIZE];
    size_t outLen = AES_BLOCK_SIZE;

    printf(testingFmt, "test_wolfSSL_CMAC()");

    for (i=0; i < AES_128_KEY_SIZE; ++i) {
        key[i] = i;
    }
    AssertNotNull(cmacCtx = CMAC_CTX_new());
    /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
    AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
    AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
        NULL), SSL_SUCCESS);
    /* re-using test key as data to hash */
    AssertIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), SSL_SUCCESS);
    AssertIntEQ(CMAC_Update(cmacCtx, NULL, 0), SSL_SUCCESS);
    AssertIntEQ(CMAC_Final(cmacCtx, out, &outLen), SSL_SUCCESS);
    AssertIntEQ(outLen, AES_BLOCK_SIZE);
    CMAC_CTX_free(cmacCtx);

    printf(resultFmt, passed);
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
}


static void test_wolfSSL_OBJ(void)
{
/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
 * mode
 */
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
    !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
    defined(WOLFSSL_CERT_GEN)
    ASN1_OBJECT *obj = NULL;
    char buf[50];

    XFILE fp;
    X509 *x509 = NULL;
    X509_NAME *x509Name;
    X509_NAME_ENTRY *x509NameEntry;
    ASN1_OBJECT *asn1Name = NULL;
    int numNames;
    BIO *bio = NULL;
    int nid;
    int i, j;
    const char *f[] = {
        #ifndef NO_RSA
        "./certs/ca-cert.der",
        #endif
        #ifdef HAVE_ECC
        "./certs/ca-ecc-cert.der",
        "./certs/ca-ecc384-cert.der",
        #endif
        NULL};
    ASN1_OBJECT *field_name_obj = NULL;
    int lastpos = -1;
    int tmp = -1;
    ASN1_STRING *asn1 = NULL;
    unsigned char *buf_dyn = NULL;

    printf(testingFmt, "wolfSSL_OBJ()");

    AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
    AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
    AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy);
    AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
    AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
    ASN1_OBJECT_free(obj);

    AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
    AssertIntEQ(OBJ_obj2nid(obj), NID_sha256);
    AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22);
#ifdef WOLFSSL_CERT_EXT
    AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
#endif
    AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
    ASN1_OBJECT_free(obj);

    for (i = 0; f[i] != NULL; i++)
    {
        AssertTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE);
        AssertNotNull(x509 = d2i_X509_fp(fp, NULL));
        XFCLOSE(fp);
        AssertNotNull(x509Name = X509_get_issuer_name(x509));
        AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);

        /* Get the Common Name by using OBJ_txt2obj */
        AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
        do
        {
            lastpos = tmp;
            tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
        } while (tmp > -1);
        AssertIntNE(lastpos, -1);
        ASN1_OBJECT_free(field_name_obj);
        AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
        AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
        AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
        /*
         * All Common Names should be www.wolfssl.com
         * This makes testing easier as we can test for the expected value.
         */
        AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
        OPENSSL_free(buf_dyn);
        bio = BIO_new(BIO_s_mem());
        AssertTrue(bio != NULL);
        for (j = 0; j < numNames; j++)
        {
            AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
            AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
            AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
        }
        BIO_free(bio);
        X509_free(x509);

    }

#ifdef HAVE_PKCS12
    {
        PKCS12 *p12;
        int boolRet;
        EVP_PKEY *pkey = NULL;
        const char *p12_f[] = {
            #if !defined(NO_DES3) && !defined(NO_RSA)
            "./certs/test-servercert.p12",
            #endif
            NULL};

        for (i = 0; p12_f[i] != NULL; i++)
        {
            AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
            AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
            XFCLOSE(fp);
            AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
                                               &pkey, &x509, NULL)) > 0);
            wc_PKCS12_free(p12);
            EVP_PKEY_free(pkey);
            x509Name = X509_get_issuer_name(x509);
            AssertNotNull(x509Name);
            AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
            AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
            for (j = 0; j < numNames; j++)
            {
                AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
                AssertNotNull(asn1Name =
                        X509_NAME_ENTRY_get_object(x509NameEntry));
                AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
            }
            BIO_free(bio);
            X509_free(x509);
        }
    }
#endif /* HAVE_PKCS12 */

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_i2a_ASN1_OBJECT(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
    ASN1_OBJECT *obj = NULL;
    BIO *bio = NULL;

    AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
    AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);

    AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
    AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);

    AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);

    BIO_free(bio);
    ASN1_OBJECT_free(obj);
#endif
}

static void test_wolfSSL_OBJ_cmp(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
    ASN1_OBJECT *obj = NULL;
    ASN1_OBJECT *obj2 = NULL;

    printf(testingFmt, "wolfSSL_OBJ_cmp()");

    AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
    AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256));

    AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
    AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
    AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
    AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
    AssertIntEQ(OBJ_cmp(obj, obj), 0);
    AssertIntEQ(OBJ_cmp(obj2, obj2), 0);

    ASN1_OBJECT_free(obj);
    ASN1_OBJECT_free(obj2);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OBJ_txt2nid(void)
{
#if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD)
    int i;
    static const struct {
        const char* sn;
        const char* ln;
        const char* oid;
        int nid;
    } testVals[] = {
        { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature },
        { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7",
                                                             NID_id_on_dnsSRV },
        { "msUPN", "Microsoft User Principal Name",
                                         "1.3.6.1.4.1.311.20.2.3", NID_ms_upn },
        { NULL, NULL, NULL, NID_undef }
    };

    printf(testingFmt, "wolfSSL_OBJ_txt2nid()");

    /* Invalid cases */
    AssertIntEQ(OBJ_txt2nid(NULL), NID_undef);
    AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef);

    /* Valid cases */
    for (i = 0; testVals[i].sn != NULL; i++) {
        AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid);
        AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid);
        AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid);
    }

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OBJ_txt2obj(void)
{
#if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \
        defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
    int i;
    char buf[50];
    ASN1_OBJECT* obj;
    static const struct {
        const char* oidStr;
        const char* sn;
        const char* ln;
    } objs_list[] = {
    #if defined(WOLFSSL_APACHE_HTTPD)
        { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" },
        { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" },
    #endif
        { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"},
        { NULL, NULL, NULL }
    };

    printf(testingFmt, "wolfSSL_OBJ_txt2obj()");

    AssertNull(obj = OBJ_txt2obj("Bad name", 0));
    AssertNull(obj = OBJ_txt2obj(NULL, 0));

    for (i = 0; objs_list[i].oidStr != NULL; i++) {
        /* Test numerical value of oid (oidStr) */
        AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1));
        /* Convert object back to text to confirm oid is correct */
        wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
        AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
        ASN1_OBJECT_free(obj);
        XMEMSET(buf, 0, sizeof(buf));

        /* Test short name (sn) */
        AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1));
        AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0));
        /* Convert object back to text to confirm oid is correct */
        wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
        AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
        ASN1_OBJECT_free(obj);
        XMEMSET(buf, 0, sizeof(buf));

        /* Test long name (ln) - should fail when no_name = 1 */
        AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1));
        AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0));
        /* Convert object back to text to confirm oid is correct */
        wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
        AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
        ASN1_OBJECT_free(obj);
        XMEMSET(buf, 0, sizeof(buf));
    }

    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_i2t_ASN1_OBJECT(void)
{
#if defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)

    char buf[50] = {0};
    ASN1_OBJECT* obj;
    const char* oid = "2.5.29.19";
    const char* ln  = "X509v3 Basic Constraints";

    printf(testingFmt, "test_wolfSSL_i2t_ASN1_OBJECT()");

    obj = NULL;
    AssertIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), WOLFSSL_FAILURE);
    AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), WOLFSSL_FAILURE);
    AssertIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), WOLFSSL_FAILURE);

    AssertNotNull(obj = OBJ_txt2obj(oid, 0));
    XMEMSET(buf, 0, sizeof(buf));
    AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln));
    AssertIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0);
    ASN1_OBJECT_free(obj);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
}

static void test_wolfSSL_PEM_write_bio_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
    /* This test contains the hard coded expected
     * lengths. Update if necessary */

    BIO* input;
    BIO* output;
    X509* x509 = NULL;
    int expectedLen;

    printf(testingFmt, "wolfSSL_PEM_write_bio_X509()");

    AssertNotNull(input = BIO_new_file(
            "certs/test/cert-ext-multiple.pem", "rb"));
    AssertIntEQ(wolfSSL_BIO_get_len(input), 2000);

    AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));

    AssertNotNull(PEM_read_bio_X509(input, &x509, NULL, NULL));

    AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);

#ifdef WOLFSSL_ALT_NAMES
    /* Here we copy the validity struct from the original */
    expectedLen = 2000;
#else
    /* Only difference is that we generate the validity in generalized
     * time. Generating UTCTime vs Generalized time should be fixed in
     * the future */
    expectedLen = 2004;
#endif
    AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);

    /* Reset output buffer */
    BIO_free(output);
    AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));

    /* Test forcing the AKID to be generated just from KeyIdentifier */
    if (x509->authKeyIdSrc != NULL) {
        XMEMMOVE(x509->authKeyIdSrc, x509->authKeyId, x509->authKeyIdSz);
        x509->authKeyId = x509->authKeyIdSrc;
        x509->authKeyIdSrc = NULL;
        x509->authKeyIdSrcSz = 0;
    }

    AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);

    /* Check that we generate a smaller output since the AKID will
     * only contain the KeyIdentifier without any additional
     * information */

#ifdef WOLFSSL_ALT_NAMES
    /* Here we copy the validity struct from the original */
    expectedLen = 1688;
#else
    /* UTCTime vs Generalized time */
    expectedLen = 1692;
#endif
    AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);

    X509_free(x509);
    BIO_free(input);
    BIO_free(output);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_NAME_ENTRY(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
    !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
    X509*      x509;
#ifndef NO_BIO
    BIO*       bio;
#endif
    X509_NAME* nm;
    X509_NAME_ENTRY* entry;
    unsigned char cn[] = "another name to add";

    printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()");

    AssertNotNull(x509 =
            wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
#ifndef NO_BIO
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
#endif

#ifdef WOLFSSL_CERT_REQ
    {
        X509_REQ* req;
#ifndef NO_BIO
        BIO*      bReq;
#endif

        AssertNotNull(req =
            wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
#ifndef NO_BIO
        AssertNotNull(bReq = BIO_new(BIO_s_mem()));
        AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);

        BIO_free(bReq);
#endif
        X509_free(req);
    }
#endif

    AssertNotNull(nm = X509_get_subject_name(x509));

    /* Test add entry */
    AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName,
                0x0c, cn, (int)sizeof(cn)));
    AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);

#ifdef WOLFSSL_CERT_EXT
    AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
                                           (byte*)"support@wolfssl.com", 19, -1,
                                           1), WOLFSSL_SUCCESS);
#endif
    X509_NAME_ENTRY_free(entry);

#ifdef WOLFSSL_CERT_REQ
    {
        unsigned char srv_pkcs9p[] = "Server";
        char* subject;
        AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
            MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);

        subject = X509_NAME_oneline(nm, 0, 0);
    #ifdef DEBUG_WOLFSSL
        printf("\n\t%s\n", subject);
    #endif
        XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
    }
#endif

    /* Test add entry by text */
    AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
                0x0c, cn, (int)sizeof(cn)));
    #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
    || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
    AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
                V_ASN1_UTF8STRING, cn, (int)sizeof(cn)));
    #endif
    AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
    X509_NAME_ENTRY_free(entry);

    /* Test add entry by NID */
    AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
                                       cn, -1, -1, 0), SSL_SUCCESS);

#ifndef NO_BIO
    BIO_free(bio);
#endif
    X509_free(x509); /* free's nm */

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_X509_set_name(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
    X509* x509;
    X509_NAME* name;

    printf(testingFmt, "wolfSSL_X509_set_name()");

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                                           (byte*)"wolfssl.com", 11, 0, 1),
                WOLFSSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                                           (byte*)"support@wolfssl.com", 19, -1,
                                           1), WOLFSSL_SUCCESS);
    AssertNotNull(x509 = X509_new());

    AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
    AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);

    AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
    AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);

    X509_free(x509);
    X509_NAME_free(name);

    printf(resultFmt, passed);
#endif /* OPENSSL_ALL && !NO_CERTS */
}

static void test_wolfSSL_X509_set_notAfter(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
    && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
    !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
    !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO)
    /* Generalized time will overflow time_t if not long */

    X509* x;
    BIO*  bio;
    ASN1_TIME *asn_time, *time_check;
    const int year = 365*24*60*60;
    const int day  = 24*60*60;
    const int hour = 60*60;
    const int mini = 60;
    int offset_day;
    unsigned char buf[25];
    time_t t;

    printf(testingFmt, "wolfSSL_X509_set_notAfter()");
    /*
     * Setup asn_time. APACHE HTTPD uses time(NULL)
     */
    t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
    offset_day = 7;
    /*
     * Free these.
     */
    asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
    AssertNotNull(asn_time);
    AssertNotNull(x = X509_new());
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    /*
     * Tests
     */
    AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time));
    /* time_check is simply (ANS1_TIME*)x->notAfter */
    AssertNotNull(time_check = X509_get_notAfter(x));
    /* ANS1_TIME_check validates by checking if argument can be parsed */
    AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
    /* Convert to human readable format and compare to intended date */
    AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
    AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
    AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
    /*
     * Cleanup
     */
    XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
    X509_free(x);
    BIO_free(bio);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_set_notBefore(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
    && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
    !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)

    X509* x;
    BIO*  bio;
    ASN1_TIME *asn_time, *time_check;
    const int year = 365*24*60*60;
    const int day  = 24*60*60;
    const int hour = 60*60;
    const int mini = 60;
    int offset_day;
    unsigned char buf[25];
    time_t t;

    printf(testingFmt, "wolfSSL_X509_set_notBefore()");
    /*
     * Setup asn_time. APACHE HTTPD uses time(NULL)
     */
    t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
    offset_day = 7;

    /*
     * Free these.
     */
    asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
    AssertNotNull(asn_time);
    AssertNotNull(x = X509_new());
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);

    /*
     * Main Tests
     */
    AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time));
    /* time_check == (ANS1_TIME*)x->notBefore */
    AssertNotNull(time_check = X509_get_notBefore(x));
    /* ANS1_TIME_check validates by checking if argument can be parsed */
    AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
    /* Convert to human readable format and compare to intended date */
    AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
    AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
    AssertIntEQ(XMEMCMP(buf, "May  8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
    /*
     * Cleanup
     */
    XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
    X509_free(x);
    BIO_free(bio);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_set_version(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
    !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
    X509* x509;
    long v = 2L;
    long maxInt = INT_MAX;

    AssertNotNull(x509 = X509_new());
    /* These should pass. */
    AssertTrue(wolfSSL_X509_set_version(x509, v));
    AssertIntEQ(v, wolfSSL_X509_get_version(x509));
    /* Fail Case: When v(long) is greater than x509->version(int). */
    v = maxInt+1;
    AssertFalse(wolfSSL_X509_set_version(x509, v));
    /* Cleanup */
    X509_free(x509);
    printf(resultFmt, passed);
#endif
}

#ifndef NO_BIO

static void test_wolfSSL_BIO_gets(void)
{
    #if defined(OPENSSL_EXTRA)
    BIO* bio;
    BIO* bio2;
    char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
    char emp[] = "";
    char bio_buffer[20];
    int bufferSz = 20;

    printf(testingFmt, "wolfSSL_BIO_gets()");

    /* try with bad args */
    AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));

    /* try with real msg */
    AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
    XMEMSET(bio_buffer, 0, bufferSz);
    AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
    AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
    AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
    AssertFalse(bio2 != BIO_next(bio));

    /* make buffer filled with no terminating characters */
    XMEMSET(bio_buffer, 1, bufferSz);

    /* BIO_gets reads a line of data */
    AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
    AssertStrEQ(bio_buffer, "hello wolfSSL\n");
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
    AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);

    /* check not null terminated string */
    BIO_free(bio);
    msg[0] = 0x33;
    msg[1] = 0x33;
    msg[2] = 0x33;
    AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
    AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
    AssertIntEQ(bio_buffer[0], msg[0]);
    AssertIntEQ(bio_buffer[1], msg[1]);
    AssertIntNE(bio_buffer[2], msg[2]);

    BIO_free(bio);
    msg[3]    = 0x33;
    bio_buffer[3] = 0x33;
    AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
    AssertIntEQ(bio_buffer[0], msg[0]);
    AssertIntEQ(bio_buffer[1], msg[1]);
    AssertIntEQ(bio_buffer[2], msg[2]);
    AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */

    /* check reading an empty string */
    BIO_free(bio);
    AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
    AssertStrEQ(emp, bio_buffer);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */

    /* check error cases */
    BIO_free(bio);
    AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */

#if !defined(NO_FILESYSTEM)
    {
        BIO*  f_bio;
        XFILE f;
        AssertNotNull(f_bio = BIO_new(BIO_s_file()));
        AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);

        f = XFOPEN(svrCertFile, "rb");
        AssertTrue((f != XBADFILE));
        AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
        AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);

        BIO_free(f_bio);
    }
#endif /* NO_FILESYSTEM */

    BIO_free(bio);
    BIO_free(bio2);

    /* try with type BIO */
    XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
            sizeof(msg));
    AssertNotNull(bio = BIO_new(BIO_s_bio()));
    AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
    AssertNotNull(bio2 = BIO_new(BIO_s_bio()));

    AssertIntEQ(BIO_set_write_buf_size(bio, 10),           SSL_SUCCESS);
    AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
    AssertIntEQ(BIO_make_bio_pair(bio, bio2),              SSL_SUCCESS);

    AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
    AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
    AssertStrEQ(bio_buffer, "hello wolfSSL\n");
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
    AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);

    BIO_free(bio);
    BIO_free(bio2);

    /* check reading an empty string */
    AssertNotNull(bio = BIO_new(BIO_s_bio()));
    AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
    AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
    AssertStrEQ(emp, bio_buffer);

    BIO_free(bio);

    printf(resultFmt, passed);
    #endif
}


static void test_wolfSSL_BIO_puts(void)
{
    #if defined(OPENSSL_EXTRA)
    BIO* bio;
    char input[] = "hello\0world\n.....ok\n\0";
    char output[128];

    printf(testingFmt, "wolfSSL_BIO_puts()");

    XMEMSET(output, 0, sizeof(output));
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(BIO_puts(bio, input), 5);
    AssertIntEQ(BIO_pending(bio), 5);
    AssertIntEQ(BIO_puts(bio, input + 6), 14);
    AssertIntEQ(BIO_pending(bio), 19);
    AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
    AssertStrEQ(output, "helloworld\n");
    AssertIntEQ(BIO_pending(bio), 8);
    AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
    AssertStrEQ(output, ".....ok\n");
    AssertIntEQ(BIO_pending(bio), 0);
    AssertIntEQ(BIO_puts(bio, ""), -1);

    BIO_free(bio);
    printf(resultFmt, passed);
    #endif
}

#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
    defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
    (void)ssl;
    (void)buf;
    (void)sz;
    (void)ctx;
    return WOLFSSL_CBIO_ERR_WANT_READ;
}
#endif

static void test_wolfSSL_BIO_should_retry(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
    defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
    tcp_ready ready;
    func_args server_args;
    THREAD_TYPE serverThread;
    SOCKET_T sockfd = 0;
    WOLFSSL_CTX* ctx;
    WOLFSSL*     ssl;
    char msg[64] = "hello wolfssl!";
    char reply[1024];
    int  msgSz = (int)XSTRLEN(msg);
    int  ret;
    BIO* bio;

    printf(testingFmt, "wolfSSL_BIO_should_retry()");

    XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);


    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
    AssertIntEQ(WOLFSSL_SUCCESS,
          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
    tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);

    /* force retry */
    ssl = wolfSSL_new(ctx);
    AssertNotNull(ssl);
    AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
    wolfSSL_SSLSetIORecv(ssl, forceWantRead);

    AssertNotNull(bio = BIO_new(BIO_f_ssl()));
    BIO_set_ssl(bio, ssl, BIO_CLOSE);

    AssertIntLE(BIO_write(bio, msg, msgSz), 0);
    AssertIntNE(BIO_should_retry(bio), 0);


    /* now perform successful connection */
    wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
    AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz);
    BIO_read(bio, reply, sizeof(reply));
    ret = wolfSSL_get_error(ssl, -1);
    if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
        AssertIntNE(BIO_should_retry(bio), 0);
    }
    else {
        AssertIntEQ(BIO_should_retry(bio), 0);
    }
    AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
                XSTRLEN("I hear you fa shizzle!")), 0);
    BIO_free(bio);
    wolfSSL_CTX_free(ctx);

    join_thread(serverThread);
    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_BIO_connect(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
    tcp_ready ready;
    func_args server_args;
    THREAD_TYPE serverThread;
    BIO *tcpBio;
    BIO *sslBio;
    SSL_CTX* ctx;
    SSL *ssl;
    SSL *sslPtr;
    char msg[] = "hello wolfssl!";
    char reply[30];
    char buff[10] = {0};

    printf(testingFmt, "wolfSSL_BIO_new_connect()");

    /* Setup server */
    XMEMSET(&server_args, 0, sizeof(func_args));
    StartTCP();
    InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif
    server_args.signal = &ready;
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);

    /* Start the test proper */
    /* Setup the TCP BIO */
    AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
    AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
    /* Setup the SSL object */
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
    AssertIntEQ(WOLFSSL_SUCCESS,
          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertIntEQ(WOLFSSL_SUCCESS,
            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
    AssertNotNull(ssl = SSL_new(ctx));
    SSL_set_connect_state(ssl);
    /* Setup the SSL BIO */
    AssertNotNull(sslBio = BIO_new(BIO_f_ssl()));
    AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
    /* Verify that BIO_get_ssl works. */
    AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
    AssertPtrEq(ssl, sslPtr);
    /* Link BIO's so that sslBio uses tcpBio for IO */
    AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio);
    /* Do TCP connect */
    AssertIntEQ(BIO_do_connect(sslBio), 1);
    /* Do TLS handshake */
    AssertIntEQ(BIO_do_handshake(sslBio), 1);
    /* Test writing */
    AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
    /* Expect length of default wolfSSL reply */
    AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);

    /* Clean it all up */
    BIO_free_all(sslBio);
    /* Server clean up */
    join_thread(serverThread);
    FreeTcpReady(&ready);

    /* Run the same test, but use BIO_new_ssl_connect and set the IP and port
     * after. */
    XMEMSET(&server_args, 0, sizeof(func_args));
    StartTCP();
    InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif
    server_args.signal = &ready;
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);

    AssertNotNull(sslBio = BIO_new_ssl_connect(ctx));
    AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
    AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1);
    AssertIntEQ(BIO_do_connect(sslBio), 1);
    AssertIntEQ(BIO_do_handshake(sslBio), 1);
    AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
    AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
    /* Attempt to close the TLS connection gracefully. */
    BIO_ssl_shutdown(sslBio);

    BIO_free_all(sslBio);
    join_thread(serverThread);
    FreeTcpReady(&ready);

    SSL_CTX_free(ctx);

#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

    printf(resultFmt, passed);
#endif
}

#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
{
    BIO* clientBio;
    SSL* sslClient;
    SSL_CTX* ctx;
    char connectAddr[20]; /* IP + port */;

    (void)args;

    AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
    AssertNotNull(clientBio = BIO_new_connect(connectAddr));
    AssertIntEQ(BIO_do_connect(clientBio), 1);
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
    AssertNotNull(sslClient = SSL_new(ctx));
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
    SSL_set_bio(sslClient, clientBio, clientBio);
    AssertIntEQ(SSL_connect(sslClient), 1);

    SSL_free(sslClient);
    SSL_CTX_free(ctx);

#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

    return 0;
}
#endif

static void test_wolfSSL_BIO_accept(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)

    BIO* serverBindBio;
    BIO* serverAcceptBio;
    SSL* sslServer;
    SSL_CTX* ctx;
    func_args args;
    THREAD_TYPE thread;
    char port[10]; /* 10 bytes should be enough to store the string
                    * representation of the port */

    printf(testingFmt, "wolfSSL_BIO_new_accept()");

    AssertIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
    AssertNotNull(serverBindBio = BIO_new_accept(port));

    /* First BIO_do_accept binds the port */
    AssertIntEQ(BIO_do_accept(serverBindBio), 1);

    XMEMSET(&args, 0, sizeof(func_args));
    start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);

    AssertIntEQ(BIO_do_accept(serverBindBio), 1);
    /* Let's plug it into SSL to test */
    AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
    AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
    AssertNotNull(sslServer = SSL_new(ctx));
    AssertNotNull(serverAcceptBio = BIO_pop(serverBindBio));
    SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
    AssertIntEQ(SSL_accept(sslServer), 1);

    join_thread(thread);

    BIO_free(serverBindBio);
    SSL_free(sslServer);
    SSL_CTX_free(ctx);

#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
    wc_ecc_fp_free();  /* free per thread cache */
#endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_BIO_write(void)
{
    #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
    BIO* bio;
    BIO* bio64;
    BIO* ptr;
    int  sz;
    char msg[] = "conversion test";
    char out[40];
    char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
    void* bufPtr = NULL;
    BUF_MEM* buf = NULL;

    printf(testingFmt, "wolfSSL_BIO_write()");

    AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
    AssertNotNull(bio   = BIO_push(bio64, BIO_new(BIO_s_mem())));

    /* now should convert to base64 then write to memory */
    AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
    BIO_flush(bio);

    /* test BIO chain */
    AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
    AssertNotNull(buf);
    AssertIntEQ(buf->length, 25);
    AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
    AssertPtrEq(buf->data, bufPtr);

    AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
    sz = sizeof(out);
    XMEMSET(out, 0, sz);
    AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25);
    AssertIntEQ(XMEMCMP(out, expected, sz), 0);

    /* write then read should return the same message */
    AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
    sz = sizeof(out);
    XMEMSET(out, 0, sz);
    AssertIntEQ(BIO_read(bio, out, sz), 16);
    AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);

    /* now try encoding with no line ending */
    BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
    #ifdef HAVE_EX_DATA
    BIO_set_ex_data(bio64, 0, (void*) "data");
    AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
    #endif
    AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
    BIO_flush(bio);
    sz = sizeof(out);
    XMEMSET(out, 0, sz);
    AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24);
    AssertIntEQ(XMEMCMP(out, expected, sz), 0);

    BIO_free_all(bio); /* frees bio64 also */

    /* test with more than one bio64 in list */
    AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
    AssertNotNull(bio   = BIO_push(BIO_new(BIO_f_base64()), bio64));
    AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem())));

    /* now should convert to base64 when stored and then decode with read */
    AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
    BIO_flush(bio);
    sz = sizeof(out);
    XMEMSET(out, 0, sz);
    AssertIntEQ((sz = BIO_read(bio, out, sz)), 16);
    AssertIntEQ(XMEMCMP(out, msg, sz), 0);
    BIO_clear_flags(bio64, ~0);
    BIO_set_retry_read(bio);
    BIO_free_all(bio); /* frees bio64s also */

    printf(resultFmt, passed);
    #endif
}


static void test_wolfSSL_BIO_printf(void)
{
    #if defined(OPENSSL_ALL)
    BIO* bio;
    int  sz = 7;
    char msg[] = "TLS 1.3 for the world";
    char out[60];
    char expected[] = "TLS 1.3 for the world : sz = 7";

    printf(testingFmt, "wolfSSL_BIO_printf()");

    XMEMSET(out, 0, sizeof(out));
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
    AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
    AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30);
    AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
    BIO_free(bio);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_BIO_f_md(void)
{
    #if defined(OPENSSL_ALL) && !defined(NO_SHA256)
    BIO *bio, *mem;
    char msg[] = "message to hash";
    char out[60];
    EVP_MD_CTX* ctx;
    const unsigned char testKey[] =
    {
        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
        0x0b, 0x0b, 0x0b, 0x0b
    };
    const char testData[] = "Hi There";
    const unsigned char testResult[] =
    {
        0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
        0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
        0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
        0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
    };
    const unsigned char expectedHash[] =
    {
       0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
       0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
       0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
       0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
    };
    const unsigned char emptyHash[] =
    {
        0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
        0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
        0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
        0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
    };
    unsigned char check[sizeof(testResult) + 1];
    size_t checkSz = -1;
    EVP_PKEY* key;

    printf(testingFmt, "wolfSSL_BIO_f_md()");

    XMEMSET(out, 0, sizeof(out));
    AssertNotNull(bio = BIO_new(BIO_f_md()));
    AssertNotNull(mem = BIO_new(BIO_s_mem()));

    AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
    AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);

    /* should not be able to write/read yet since just digest wrapper and no
     * data is passing through the bio */
    AssertIntEQ(BIO_write(bio, msg, 0), 0);
    AssertIntEQ(BIO_pending(bio), 0);
    AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0);
    AssertIntEQ(BIO_gets(bio, out, 3), 0);
    AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
    AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0);
    BIO_reset(bio);

    /* append BIO mem to bio in order to read/write */
    AssertNotNull(bio = BIO_push(bio, mem));

    XMEMSET(out, 0, sizeof(out));
    AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
    AssertIntEQ(BIO_pending(bio), 16);

    /* this just reads the message and does not hash it (gets calls final) */
    AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16);
    AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);

    /* create a message digest using BIO */
    XMEMSET(out, 0, sizeof(out));
    AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
    AssertIntEQ(BIO_pending(mem), 16);
    AssertIntEQ(BIO_pending(bio), 16);
    AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
    AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0);
    BIO_free(bio);
    BIO_free(mem);

    /* test with HMAC */
    XMEMSET(out, 0, sizeof(out));
    AssertNotNull(bio = BIO_new(BIO_f_md()));
    AssertNotNull(mem = BIO_new(BIO_s_mem()));
    BIO_get_md_ctx(bio, &ctx);
    AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
                                             testKey, (int)sizeof(testKey)));
    EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
    AssertNotNull(bio = BIO_push(bio, mem));
    BIO_write(bio, testData, (int)strlen(testData));
    EVP_DigestSignFinal(ctx, NULL, &checkSz);
    EVP_DigestSignFinal(ctx, check, &checkSz);

    AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);

    EVP_PKEY_free(key);
    BIO_free(bio);
    BIO_free(mem);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_BIO_up_ref(void)
{
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
    BIO* bio;
    printf(testingFmt, "wolfSSL_BIO_up_ref()");

    AssertNotNull(bio = BIO_new(BIO_f_md()));
    AssertIntEQ(BIO_up_ref(NULL), 0);
    AssertIntEQ(BIO_up_ref(bio), 1);
    BIO_free(bio);
    AssertIntEQ(BIO_up_ref(bio), 1);
    BIO_free(bio);
    BIO_free(bio);

    printf(resultFmt, "passed");
#endif
}

#endif /* !NO_BIO */

#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)

/* test that the callback arg is correct */
static int certCbArg = 0;

static int clientCertCb(WOLFSSL* ssl, void* arg)
{
    if (ssl == NULL || arg != &certCbArg)
        return 0;
    if (wolfSSL_use_certificate_file(ssl, cliCertFile,
            WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
        return 0;
    if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
            WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
        return 0;
    return 1;
}

static void clientCertSetupCb(WOLFSSL_CTX* ctx)
{
    SSL_CTX_set_cert_cb(ctx, clientCertCb, &certCbArg);
}

/**
 * This is only done because test_client_nofail has no way to stop
 * certificate and key loading
 */
static void clientCertClearCb(WOLFSSL* ssl)
{
    /* Clear the loaded certs to force the callbacks to set them up */
    SSL_certs_clear(ssl);
}

static int serverCertCb(WOLFSSL* ssl, void* arg)
{
    if (ssl == NULL || arg != &certCbArg)
        return 0;
    if (wolfSSL_use_certificate_file(ssl, svrCertFile,
            WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
        return 0;
    if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
            WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
        return 0;
    return 1;
}

static void serverCertSetupCb(WOLFSSL_CTX* ctx)
{
    SSL_CTX_set_cert_cb(ctx, serverCertCb, &certCbArg);
}

/**
 * This is only done because test_server_nofail has no way to stop
 * certificate and key loading
 */
static void serverCertClearCb(WOLFSSL* ssl)
{
    /* Clear the loaded certs to force the callbacks to set them up */
    SSL_certs_clear(ssl);
}

#endif

static void test_wolfSSL_cert_cb(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)

    callback_functions func_cb_client;
    callback_functions func_cb_server;
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
    XMEMSET(&func_cb_server, 0, sizeof(callback_functions));

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    client_args.callbacks = &func_cb_client;
    server_args.callbacks = &func_cb_server;
    func_cb_client.ctx_ready = clientCertSetupCb;
    func_cb_client.ssl_ready = clientCertClearCb;
    func_cb_server.ctx_ready = serverCertSetupCb;
    func_cb_server.ssl_ready = serverCertClearCb;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

#endif
}

static void test_wolfSSL_SESSION(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)

    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
    WOLFSSL_SESSION* sess;
    WOLFSSL_SESSION* sess_copy;
    unsigned char* sessDer = NULL;
    unsigned char* ptr     = NULL;
#ifdef OPENSSL_EXTRA
    const unsigned char context[] = "user app context";
    unsigned int contextSz = (unsigned int)sizeof(context);
#endif
    int ret, err, sockfd, sz;
    tcp_ready ready;
    func_args server_args;
    THREAD_TYPE serverThread;
    char msg[80];
    const char* sendGET = "GET";

    printf(testingFmt, "wolfSSL_SESSION()");
    /* TLS v1.3 requires session tickets */
    /* CHACHA and POLY1305 required for myTicketEncCb */
#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
    !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
            defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif

    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
#ifdef WOLFSSL_ENCRYPTED_KEYS
    wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#ifdef HAVE_SESSION_TICKET
    /* Use session tickets, for ticket tests below */
    AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS);
#endif

    XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);

    /* client connection */
    ssl = wolfSSL_new(ctx);
    tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
    AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), SSL_SUCCESS);

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_connect(ssl);
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    AssertIntEQ(ret, WOLFSSL_SUCCESS);

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    AssertIntEQ(ret, (int)XSTRLEN(sendGET));

    #ifdef WOLFSSL_ASYNC_CRYPT
    err = 0; /* Reset error */
    #endif
    do {
    #ifdef WOLFSSL_ASYNC_CRYPT
        if (err == WC_PENDING_E) {
            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
            if (ret < 0) { break; } else if (ret == 0) { continue; }
        }
    #endif
        ret = wolfSSL_read(ssl, msg, sizeof(msg));
        err = wolfSSL_get_error(ssl, 0);
    } while (err == WC_PENDING_E);
    AssertIntEQ(ret, 23);

    sess = wolfSSL_get_session(ssl);

    #if defined(OPENSSL_EXTRA)
    AssertIntEQ(SSL_SESSION_is_resumable(NULL), 0);
    AssertIntEQ(SSL_SESSION_is_resumable(sess), 1);
    #else
    AssertIntEQ(wolfSSL_SESSION_is_resumable(NULL), 0);
    AssertIntEQ(wolfSSL_SESSION_is_resumable(sess), 1);
    #endif

    AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0);
    AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0);
    #ifdef HAVE_SESSION_TICKET
    AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1);
    AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess),
                SESSION_TICKET_HINT_DEFAULT);
    #else
    AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
    #endif

    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);

    join_thread(serverThread);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
    {
        X509 *x509;
        char buf[30];
        int  bufSz;

        AssertNotNull(x509 = SSL_SESSION_get0_peer(sess));
        AssertIntGT((bufSz = X509_NAME_get_text_by_NID(
                    X509_get_subject_name(x509), NID_organizationalUnitName,
                    buf, sizeof(buf))), 0);
        AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/
        if (bufSz == 7) {
            AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0);
        }
        if (bufSz == 16) {
            AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0);
        }
    }
#endif

    AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
    wolfSSL_SESSION_free(sess_copy);

    /* get session from DER and update the timeout */
    AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
    AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
    wolfSSL_SESSION_free(sess);
    ptr = sessDer;
    AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz));
    AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL,
                (const unsigned char**)&ptr, sz));
    XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL);
    AssertIntGT(wolfSSL_SESSION_get_time(sess), 0);
    AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);

    /* successful set session test */
    AssertNotNull(ssl = wolfSSL_new(ctx));
    AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_SUCCESS);

#ifdef HAVE_SESSION_TICKET
    /* Test set/get session ticket */
    {
        const char* ticket = "This is a session ticket";
        char buf[64] = {0};
        word32 bufSz = (word32)sizeof(buf);

        AssertIntEQ(SSL_SUCCESS,
            wolfSSL_set_SessionTicket(ssl, (byte *)ticket, (word32)XSTRLEN(ticket)));
        AssertIntEQ(SSL_SUCCESS,
            wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
        AssertStrEQ(ticket, buf);
    }
#endif

#ifdef OPENSSL_EXTRA

    /* session timeout case */
    /* make the session to be expired */
    AssertIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS);
    XSLEEP_MS(1200);

    /* SSL_set_session should reject specified session but return success
     * if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility.
     */
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
    AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
#else
    AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
#endif
    AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);

    /* fail case with miss match session context IDs (use compatibility API) */
    AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
            SSL_SUCCESS);
    AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
    wolfSSL_free(ssl);
    AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
            SSL_FAILURE);
    AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
            SSL_SUCCESS);
    AssertNotNull(ssl = wolfSSL_new(ctx));
    AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
#endif
    wolfSSL_free(ssl);

    SSL_SESSION_free(sess);
    wolfSSL_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_ticket_keys(void)
{
#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
    !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX* ctx;
    byte keys[WOLFSSL_TICKET_KEYS_SZ];

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
                WOLFSSL_FAILURE);

    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
                WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
                WOLFSSL_FAILURE);

    AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
                WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
                WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
#endif
}

#ifndef NO_BIO

static void test_wolfSSL_d2i_PUBKEY(void)
{
    #if defined(OPENSSL_EXTRA)
    BIO*  bio;
    EVP_PKEY* pkey;

    printf(testingFmt, "wolfSSL_d2i_PUBKEY()");

    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertNull(d2i_PUBKEY_bio(NULL, NULL));

#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
    /* RSA PUBKEY test */
    AssertIntGT(BIO_write(bio, client_keypub_der_2048,
                sizeof_client_keypub_der_2048), 0);
    AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
    EVP_PKEY_free(pkey);
#endif

#if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC)
    /* ECC PUBKEY test */
    AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256,
                sizeof_ecc_clikeypub_der_256), 0);
    AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
    EVP_PKEY_free(pkey);
#endif

#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA)
    /* DSA PUBKEY test */
    AssertIntGT(BIO_write(bio, dsa_pub_key_der_2048,
                sizeof_dsa_pub_key_der_2048), 0);
    AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
    EVP_PKEY_free(pkey);
#endif

#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
            (HAVE_FIPS_VERSION > 2))
    /* DH PUBKEY test */
    AssertIntGT(BIO_write(bio, dh_pub_key_der_2048,
                sizeof_dh_pub_key_der_2048), 0);
    AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
    EVP_PKEY_free(pkey);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /*  USE_CERT_BUFFERS_2048 && !NO_DH &&  && OPENSSL_EXTRA */

    BIO_free(bio);

    (void)pkey;
    printf(resultFmt, passed);
    #endif
}

#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static void test_wolfSSL_d2i_PrivateKeys_bio(void)
{
    BIO*      bio = NULL;
    EVP_PKEY* pkey  = NULL;
#ifndef NO_RSA
#endif
    WOLFSSL_CTX* ctx;

#if defined(WOLFSSL_KEY_GEN)
    unsigned char buff[4096];
    unsigned char* bufPtr = buff;
#endif

    printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()");

    /* test creating new EVP_PKEY with bad arg */
    AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));

    /* test loading RSA key using BIO */
#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
    {
        XFILE file;
        const char* fname = "./certs/server-key.der";
        size_t sz;
        byte* buf;

        file = XFOPEN(fname, "rb");
        AssertTrue((file != XBADFILE));
        AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
        sz = XFTELL(file);
        XREWIND(file);
        AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
        AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
        XFCLOSE(file);

        /* Test using BIO new mem and loading DER private key */
        AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
        AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
        XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
        BIO_free(bio);
        bio = NULL;
        EVP_PKEY_free(pkey);
        pkey  = NULL;
    }
#endif

    /* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
    {
        XFILE file;
        const char* fname = "./certs/ecc-key.der";
        size_t sz;
        byte* buf;

        file = XFOPEN(fname, "rb");
        AssertTrue((file != XBADFILE));
        AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
        sz = XFTELL(file);
        XREWIND(file);
        AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
        AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
        XFCLOSE(file);

        /* Test using BIO new mem and loading DER private key */
        AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
        AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
        XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
        BIO_free(bio);
        bio = NULL;
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }
#endif

    AssertNotNull(bio = BIO_new(BIO_s_mem()));
#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif

#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
    {
        RSA* rsa = NULL;
        /* Tests bad parameters */
        AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));

        /* RSA not set yet, expecting to fail*/
        AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);

#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
        /* set RSA using bio*/
        AssertIntGT(BIO_write(bio, client_key_der_2048,
                    sizeof_client_key_der_2048), 0);
        AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));

        AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);

        /*i2d RSAprivate key tests */
        AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
        AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
        AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
                                               sizeof_client_key_der_2048);
        bufPtr = NULL;
        AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
                                               sizeof_client_key_der_2048);
        AssertNotNull(bufPtr);
        XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
        RSA_free(rsa);
    }
#endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
    SSL_CTX_free(ctx);
    ctx = NULL;
    BIO_free(bio);
    bio = NULL;
    printf(resultFmt, passed);
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */

#endif /* !NO_BIO */


static void test_wolfSSL_sk_GENERAL_NAME(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_RSA)
    X509* x509;
    GENERAL_NAME* gn;
    unsigned char buf[4096];
    const unsigned char* bufPt;
    int bytes, i;
    XFILE f;
    STACK_OF(GENERAL_NAME)* sk;

    printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");

    f = XFOPEN(cliCertDerFileExt, "rb");
    AssertTrue((f != XBADFILE));
    AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
    XFCLOSE(f);

    bufPt = buf;
    AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));

    AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
                NID_subject_alt_name, NULL, NULL));

    AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
    for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
        AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));

        switch (gn->type) {
        case GEN_DNS:
            printf("found type GEN_DNS\n");
            break;
        case GEN_EMAIL:
            printf("found type GEN_EMAIL\n");
            break;
        case GEN_URI:
            printf("found type GEN_URI\n");
            break;
        }
    }
    X509_free(x509);
    sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_GENERAL_NAME_print(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO)

    X509* x509;
    GENERAL_NAME* gn;
    unsigned char buf[4096];
    const unsigned char* bufPt;
    int bytes;
    XFILE f;
    STACK_OF(GENERAL_NAME)* sk;
    BIO* out;
    unsigned char outbuf[128];

    X509_EXTENSION* ext;
    AUTHORITY_INFO_ACCESS* aia;
    ACCESS_DESCRIPTION* ad;

    const unsigned char v4Addr[] = {192,168,53,1};
    const unsigned char v6Addr[] =
                            {0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
                             0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77};
    const unsigned char email[]  =
                             {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
                              'f', 's', 's', 'l', '.', 'c', 'o', 'm'};

    const char* dnsStr   = "DNS:example.com";
    const char* uriStr   = "URI:http://127.0.0.1:22220";
    const char* v4addStr = "IP Address:192.168.53.1";
    const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
    const char* emailStr = "email:info@wolfssl.com";
    const char* othrStr  = "othername:<unsupported>";
    const char* x400Str  = "X400Name:<unsupported>";
    const char* ediStr   = "EdiPartyName:<unsupported>";


    printf(testingFmt, "test_wolfSSL_GENERAL_NAME_print()");

    /* BIO to output */
    AssertNotNull(out = BIO_new(BIO_s_mem()));

    /* test for NULL param */
    gn = NULL;

    AssertIntEQ(GENERAL_NAME_print(NULL, NULL), 0);
    AssertIntEQ(GENERAL_NAME_print(NULL, gn), 0);
    AssertIntEQ(GENERAL_NAME_print(out, NULL), 0);


    /* test for GEN_DNS */
    f = XFOPEN(cliCertDerFileExt, "rb");
    AssertTrue((f != XBADFILE));
    AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
    XFCLOSE(f);

    bufPt = buf;
    AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
    AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
                NID_subject_alt_name, NULL, NULL));

    AssertNotNull(gn = sk_GENERAL_NAME_value(sk, 0));
    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);

    XMEMSET(outbuf,0,sizeof(outbuf));
    BIO_read(out, outbuf, sizeof(outbuf));
    AssertIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);

    sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
    X509_free(x509);

    /* test for GEN_URI */

    f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb");
    AssertTrue((f != XBADFILE));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
    XFCLOSE(f);

    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 4));
    aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
    AssertNotNull(aia);
    ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0);

    gn = ad->location;
    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);

    XMEMSET(outbuf,0,sizeof(outbuf));
    AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
    AssertIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0);

    wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
    aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
    AssertNotNull(aia);
    AUTHORITY_INFO_ACCESS_pop_free(aia, NULL);
    X509_free(x509);

    /* test for GEN_IPADD */

    /* ip v4 address */
    AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
    gn->type = GEN_IPADD;
    gn->d.iPAddress->length = sizeof(v4Addr);
    AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr,
                                                        sizeof(v4Addr)), 1);

    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
    XMEMSET(outbuf,0,sizeof(outbuf));
    AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
    AssertIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);

    GENERAL_NAME_free(gn);

    /* ip v6 address */

    AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
    gn->type = GEN_IPADD;
    gn->d.iPAddress->length = sizeof(v6Addr);
    AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr,
                                                        sizeof(v6Addr)), 1);

    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
    XMEMSET(outbuf,0,sizeof(outbuf));
    AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
    AssertIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);

    GENERAL_NAME_free(gn);

    /* test for GEN_EMAIL */

    AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
    gn->type = GEN_EMAIL;
    gn->d.rfc822Name->length = sizeof(email);
    AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email,
                                                        sizeof(email)), 1);

    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
    XMEMSET(outbuf,0,sizeof(outbuf));
    AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
    AssertIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);

    GENERAL_NAME_free(gn);

    /* test for  GEN_OTHERNAME */

    AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
    gn->type = GEN_OTHERNAME;

    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
    XMEMSET(outbuf,0,sizeof(outbuf));
    AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
    AssertIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0);

    GENERAL_NAME_free(gn);

    /* test for  GEN_X400 */

    AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
    gn->type = GEN_X400;

    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
    XMEMSET(outbuf,0,sizeof(outbuf));
    AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
    AssertIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0);

    GENERAL_NAME_free(gn);

    /* test for GEN_EDIPARTY */

    AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
    gn->type = GEN_EDIPARTY;

    AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
    XMEMSET(outbuf,0,sizeof(outbuf));
    AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
    AssertIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0);

    GENERAL_NAME_free(gn);

    BIO_free(out);

    printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}

static void test_wolfSSL_sk_DIST_POINT(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
    !defined(NO_RSA)
    X509* x509;
    unsigned char buf[4096];
    const unsigned char* bufPt;
    int bytes, i, j;
    XFILE f;
    DIST_POINT* dp;
    GENERAL_NAME* gn;
    ASN1_IA5STRING* uri;
    STACK_OF(DIST_POINT)* dps;
    STACK_OF(GENERAL_NAME)* gns;
    const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der";

    printf(testingFmt, "wolfSSL_sk_DIST_POINT()");

    f = XFOPEN(cliCertDerCrlDistPoint, "rb");
    AssertTrue((f != XBADFILE));
    AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
    XFCLOSE(f);

    bufPt = buf;
    AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));

    AssertNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509,
                NID_crl_distribution_points, NULL, NULL));

    AssertIntEQ(sk_DIST_POINT_num(dps), 1);
    for (i = 0; i < sk_DIST_POINT_num(dps); i++) {
        AssertNotNull(dp = sk_DIST_POINT_value(dps, i));

        gns = dp->distpoint->name.fullname;
        AssertNotNull(gns);
        AssertIntEQ(sk_GENERAL_NAME_num(gns), 1);

        for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) {
            gn = sk_GENERAL_NAME_value(gns, j);
            AssertIntEQ(gn->type, GEN_URI);
            AssertNotNull(uri = gn->d.uniformResourceIdentifier);
            AssertNotNull(uri->data);
            AssertIntGT(uri->length, 0);
        }
    }

    X509_free(x509);
    CRL_DIST_POINTS_free(dps);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_MD4(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
    MD4_CTX md4;
    unsigned char out[16]; /* MD4_DIGEST_SIZE */
    const char* msg  = "12345678901234567890123456789012345678901234567890123456"
                       "789012345678901234567890";
    const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
                       "\xcc\x05\x36";
    int msgSz        = (int)XSTRLEN(msg);

    printf(testingFmt, "wolfSSL_MD4()");

    XMEMSET(out, 0, sizeof(out));
    MD4_Init(&md4);
    MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
    MD4_Final(out, &md4);
    AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0);

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_RSA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
    defined(WOLFSSL_KEY_GEN)
    RSA* rsa;
    const BIGNUM *n;
    const BIGNUM *e;
    const BIGNUM *d;
    const BIGNUM *p;
    const BIGNUM *q;
    const BIGNUM *dmp1;
    const BIGNUM *dmq1;
    const BIGNUM *iqmp;

    printf(testingFmt, "wolfSSL_RSA()");

    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
    AssertIntEQ(RSA_size(rsa), 256);

#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \
    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
    (HAVE_FIPS_VERSION >= 2))) && !defined(HAVE_SELFTEST) && \
    !defined(HAVE_INTEL_QA) && !defined(WOLFSSL_NO_RSA_KEY_CHECK)
    AssertIntEQ(RSA_check_key(rsa), WOLFSSL_SUCCESS);
#endif

    /* sanity check */
    AssertIntEQ(RSA_bits(NULL), 0);

    /* key */
    AssertIntEQ(RSA_bits(rsa), 2048);
    RSA_get0_key(rsa, &n, &e, &d);
    AssertPtrEq(rsa->n, n);
    AssertPtrEq(rsa->e, e);
    AssertPtrEq(rsa->d, d);
    AssertNotNull(n = BN_new());
    AssertNotNull(e = BN_new());
    AssertNotNull(d = BN_new());
    AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
    AssertPtrEq(rsa->n, n);
    AssertPtrEq(rsa->e, e);
    AssertPtrEq(rsa->d, d);

    /* crt_params */
    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
    AssertPtrEq(rsa->dmp1, dmp1);
    AssertPtrEq(rsa->dmq1, dmq1);
    AssertPtrEq(rsa->iqmp, iqmp);
    AssertNotNull(dmp1 = BN_new());
    AssertNotNull(dmq1 = BN_new());
    AssertNotNull(iqmp = BN_new());
    AssertIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1, (BIGNUM*)iqmp), 1);
    AssertPtrEq(rsa->dmp1, dmp1);
    AssertPtrEq(rsa->dmq1, dmq1);
    AssertPtrEq(rsa->iqmp, iqmp);

    /* factors */
    RSA_get0_factors(rsa, &p, &q);
    AssertPtrEq(rsa->p, p);
    AssertPtrEq(rsa->q, q);
    AssertNotNull(p = BN_new());
    AssertNotNull(q = BN_new());
    AssertIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1);
    AssertPtrEq(rsa->p, p);
    AssertPtrEq(rsa->q, q);

    AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
    AssertIntEQ(RSA_bits(rsa), 21);
    RSA_free(rsa);

#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
    AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
    AssertIntEQ(RSA_size(rsa), 384);
    AssertIntEQ(RSA_bits(rsa), 3072);
    RSA_free(rsa);
#endif

    /* remove for now with odd key size until adjusting rsa key size check with
       wc_MakeRsaKey()
    AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
    RSA_free(rsa);
    */

    AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
    AssertNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
    AssertNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
    AssertNull(RSA_generate_key(2048, 0, NULL, NULL));


#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
    {
        byte buff[FOURK_BUF];
        byte der[FOURK_BUF];
        const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";

        XFILE f;
        int bytes;

        /* test loading encrypted RSA private pem w/o password */
        f = XFOPEN(PrivKeyPemFile, "rb");
        AssertTrue((f != XBADFILE));
        bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
        XFCLOSE(f);
        XMEMSET(der, 0, sizeof(der));
        /* test that error value is returned with no password */
        AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
    }
#endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_RSA_DER(void)
{
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
    !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)

    RSA *rsa;
    int i;
    unsigned char *buff = NULL;

    struct tbl_s
    {
        const unsigned char *der;
        int sz;
    } tbl[] = {

#ifdef USE_CERT_BUFFERS_1024
        {client_key_der_1024, sizeof_client_key_der_1024},
        {server_key_der_1024, sizeof_server_key_der_1024},
#endif
#ifdef USE_CERT_BUFFERS_2048
        {client_key_der_2048, sizeof_client_key_der_2048},
        {server_key_der_2048, sizeof_server_key_der_2048},
#endif
        {NULL, 0}
    };

    /* Public Key DER */
    struct tbl_s pub[] = {
#ifdef USE_CERT_BUFFERS_1024
        {client_keypub_der_1024, sizeof_client_keypub_der_1024},
#endif
#ifdef USE_CERT_BUFFERS_2048
        {client_keypub_der_2048, sizeof_client_keypub_der_2048},
#endif
        {NULL, 0}
    };

    printf(testingFmt, "test_wolfSSL_RSA_DER()");

    for (i = 0; tbl[i].der != NULL; i++)
    {
        AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz));
        AssertNotNull(rsa);
        RSA_free(rsa);
    }
    for (i = 0; tbl[i].der != NULL; i++)
    {
        AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz));
        AssertNotNull(rsa);
        RSA_free(rsa);
    }

    for (i = 0; pub[i].der != NULL; i++)
    {
        AssertNotNull(d2i_RSAPublicKey(&rsa, &pub[i].der, pub[i].sz));
        AssertNotNull(rsa);
        AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
        buff = NULL;
        AssertIntEQ(i2d_RSAPublicKey(rsa, &buff), pub[i].sz);
        AssertNotNull(buff);
        AssertIntEQ(0, memcmp((void *)buff, (void *)pub[i].der, pub[i].sz));
        XFREE((void *)buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
        RSA_free(rsa);
    }

    printf(resultFmt, passed);

#endif
}

static void test_wolfSSL_RSA_get0_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
    RSA *rsa = NULL;
    const BIGNUM* n = NULL;
    const BIGNUM* e = NULL;
    const BIGNUM* d = NULL;

    const unsigned char* der;
    int derSz;

#ifdef USE_CERT_BUFFERS_1024
    der = client_key_der_1024;
    derSz = sizeof_client_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
    der = client_key_der_2048;
    derSz = sizeof_client_key_der_2048;
#else
    der = NULL;
    derSz = 0;
#endif

    printf(testingFmt, "test_wolfSSL_RSA_get0_key()");

    if (der != NULL) {
        RSA_get0_key(NULL, NULL, NULL, NULL);
        RSA_get0_key(rsa, NULL, NULL, NULL);
        RSA_get0_key(NULL, &n, &e, &d);
        AssertNull(n);
        AssertNull(e);
        AssertNull(d);

        AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
        AssertNotNull(rsa);

        RSA_get0_key(rsa, NULL, NULL, NULL);
        RSA_get0_key(rsa, &n, NULL, NULL);
        AssertNotNull(n);
        RSA_get0_key(rsa, NULL, &e, NULL);
        AssertNotNull(e);
        RSA_get0_key(rsa, NULL, NULL, &d);
        AssertNotNull(d);
        RSA_get0_key(rsa, &n, &e, &d);
        AssertNotNull(n);
        AssertNotNull(e);
        AssertNotNull(d);

        RSA_free(rsa);
    }
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_RSA_meth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
    RSA *rsa;
    RSA_METHOD *rsa_meth;

    printf(testingFmt, "test_wolfSSL_RSA_meth");

#ifdef WOLFSSL_KEY_GEN
    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
    RSA_free(rsa);
#else
    AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif

    AssertNotNull(rsa_meth =
            RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));

#ifndef NO_WOLFSSL_STUB
    AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
    AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
    AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
    AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
    AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
    AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
    AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
#endif

    AssertNotNull(rsa = RSA_new());
    AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
    AssertPtrEq(RSA_get_method(rsa), rsa_meth);
    AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
    AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
    AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | RSA_METHOD_FLAG_NO_CHECK);
    RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
    AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
    AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);

    /* rsa_meth is freed here */
    RSA_free(rsa);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_verify_mode(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;

    printf(testingFmt, "test_wolfSSL_verify()");
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);

    AssertNotNull(ssl = SSL_new(ctx));
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
    SSL_free(ssl);

    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
    AssertNotNull(ssl = SSL_new(ctx));
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);

    wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
    AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER);
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);

    SSL_free(ssl);

    wolfSSL_CTX_set_verify(ctx,
                  WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
    AssertNotNull(ssl = SSL_new(ctx));
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
    AssertIntEQ(SSL_get_verify_mode(ssl),
                WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);

    wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
    AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
                WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);

    wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);

    wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT);

    wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0);
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK);

#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
    wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0);
    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE);
#endif

    AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
                WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);

    SSL_free(ssl);

    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_verify_depth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
    long         depth;

    printf(testingFmt, "test_wolfSSL_verify_depth()");
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);

    AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
    AssertNotNull(ssl = SSL_new(ctx));
    AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx));
    SSL_free(ssl);

    SSL_CTX_set_verify_depth(ctx, -1);
    AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx));

    SSL_CTX_set_verify_depth(ctx, 2);
    AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx));
    AssertNotNull(ssl = SSL_new(ctx));
    AssertIntEQ(2, SSL_get_verify_depth(ssl));

    SSL_free(ssl);
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}

#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
/* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
 * buffer of 64 bytes.
 *
 * returns the size of the digest buffer on success and a negative value on
 * failure.
 */
static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest)
{
    HMAC_CTX ctx1;
    HMAC_CTX ctx2;

    unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
                          "\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
    unsigned char long_key[] =
        "0123456789012345678901234567890123456789"
        "0123456789012345678901234567890123456789"
        "0123456789012345678901234567890123456789"
        "0123456789012345678901234567890123456789";

    unsigned char msg[] = "message to hash";
    unsigned int  digestSz = 64;
    int keySz = sizeof(key);
    int long_keySz = sizeof(long_key);
    int msgSz = sizeof(msg);

    unsigned char digest2[64];
    unsigned int digestSz2 = 64;

    HMAC_CTX_init(&ctx1);

    AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);

    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx1);

    AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx2);

    AssertIntEQ(digestSz, digestSz2);
    AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);

    /* test HMAC_Init with NULL key */

    /* init after copy */
    printf("test HMAC_Init with NULL key (0)\n");
    HMAC_CTX_init(&ctx1);
    AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);

    AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx1);

    AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx2);

    AssertIntEQ(digestSz, digestSz2);
    AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);

    /* long key */
    printf("test HMAC_Init with NULL key (1)\n");
    HMAC_CTX_init(&ctx1);
    AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);

    AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx1);

    AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx2);

    AssertIntEQ(digestSz, digestSz2);
    AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);

    /* init before copy */
    printf("test HMAC_Init with NULL key (2)\n");
    HMAC_CTX_init(&ctx1);
    AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
    AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);

    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx1);

    AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
    AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
    HMAC_CTX_cleanup(&ctx2);

    AssertIntEQ(digestSz, digestSz2);
    AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);

    return digestSz;
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */

static void test_wolfSSL_HMAC_CTX(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
    unsigned char digest[64];
    int digestSz;

    printf(testingFmt, "wolfSSL_HMAC_CTX()");

    #ifndef NO_SHA
    AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20);
    AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
                          "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
    #endif /* !NO_SHA */
    #ifdef WOLFSSL_SHA224
    AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28);
    AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
                          "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
                          "\x02\x0E", digest, digestSz), 0);

    #endif /* WOLFSSL_SHA224 */
    #ifndef NO_SHA256
    AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32);
    AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
                          "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
                          "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);

    #endif /* !NO_SHA256 */

    #ifdef WOLFSSL_SHA384
    AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48);
    AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
                          "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
                          "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
                          "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
                          digest, digestSz), 0);
    #endif /* WOLFSSL_SHA384 */
    #ifdef WOLFSSL_SHA512
    AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64);
    AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
                          "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
                          "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
                          "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
                          "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
                          digest, digestSz), 0);
    #endif /* WOLFSSL_SHA512 */

    #ifndef NO_MD5
    AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16);
    AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
                          "\xE4\x98\xDD", digest, digestSz), 0);
    #endif /* !NO_MD5 */

    printf(resultFmt, passed);
#endif
}

#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
static void sslMsgCb(int w, int version, int type, const void* buf,
        size_t sz, SSL* ssl, void* arg)
{
    int i;
    unsigned char* pt = (unsigned char*)buf;

    printf("%s %d bytes of version %d , type %d : ", (w)?"Writing":"Reading",
            (int)sz, version, type);
    for (i = 0; i < (int)sz; i++) printf("%02X", pt[i]);
    printf("\n");
    (void)ssl;
    (void)arg;
}
#endif /* OPENSSL_EXTRA */

static void test_wolfSSL_msg_callback(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;

    printf(testingFmt, "wolfSSL_msg_callback()");
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
                SSL_FILETYPE_PEM));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
                SSL_FILETYPE_PEM));
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
                SSL_SUCCESS);

    AssertNotNull(ssl = SSL_new(ctx));
    AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
    AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
    AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);

    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_SHA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
    printf(testingFmt, "wolfSSL_SHA()");

    #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES)
    {
        const unsigned char in[] = "abc";
        unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
                                    "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
        unsigned char out[WC_SHA_DIGEST_SIZE];

        XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
        AssertNotNull(SHA1(in, XSTRLEN((char*)in), out));
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);

        /* SHA interface test */
        XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);

        AssertNull(SHA(NULL, XSTRLEN((char*)in), out));
        AssertNotNull(SHA(in, 0, out));
        AssertNotNull(SHA(in, XSTRLEN((char*)in), NULL));
        AssertNotNull(SHA(NULL, 0, out));
        AssertNotNull(SHA(NULL, 0, NULL));

        AssertNotNull(SHA(in, XSTRLEN((char*)in), out));
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
    }
    #endif

    #if !defined(NO_SHA256)
    {
        const unsigned char in[] = "abc";
        unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
            "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
            "\x15\xAD";
        unsigned char out[WC_SHA256_DIGEST_SIZE];

        XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
        AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
#else
        AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
#endif
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
    }
    #endif

    #if defined(WOLFSSL_SHA384)
    {
        const unsigned char in[] = "abc";
        unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
            "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
            "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
            "\xc8\x25\xa7";
        unsigned char out[WC_SHA384_DIGEST_SIZE];

        XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
        AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
#else
        AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
#endif
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
    }
    #endif

    #if defined(WOLFSSL_SHA512)
    {
        const unsigned char in[] = "abc";
        unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
           "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
            "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
            "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
            "\xa5\x4c\xa4\x9f";
        unsigned char out[WC_SHA512_DIGEST_SIZE];

        XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
        AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
#else
        AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
#endif
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
    }
    #endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_DH_1536_prime(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
    BIGNUM* bn;
    unsigned char bits[200];
    int sz = 192; /* known binary size */
    const byte expected[] = {
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
        0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
        0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
        0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
        0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
        0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
        0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
        0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
        0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
        0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
        0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
        0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
        0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
        0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
        0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
        0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
        0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
        0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
        0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
        0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
        0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
        0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
        0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
    };

    printf(testingFmt, "wolfSSL_DH_1536_prime()");
    bn = get_rfc3526_prime_1536(NULL);
    AssertNotNull(bn);
    AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
    AssertIntEQ(0, XMEMCMP(expected, bits, sz));

    BN_free(bn);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_PEM_write_DHparams(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
    !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
    DH* dh;
    BIO* bio;
    XFILE fp;
    byte pem[2048];
    int  pemSz;
    const char expected[] =
"-----BEGIN DH PARAMETERS-----\n\
MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n\
v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n\
nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n\
joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n\
wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n\
tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\
-----END DH PARAMETERS-----\n";
    printf(testingFmt, "wolfSSL_PEM_write_DHparams()");

    AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
    AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
    XFCLOSE(fp);

    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz);
    AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
    BIO_free(bio);

    AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
    AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
    AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
    XFCLOSE(fp);
    DH_free(dh);

    /* check results */
    XMEMSET(pem, 0, sizeof(pem));
    AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb"));
    AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
    AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0);
    XFCLOSE(fp);

    printf(resultFmt, passed);
#endif
}

/* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
    (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
static void binary_dump(void *ptr, int size)
{
    #ifdef WOLFSSL_EVP_PRINT
    int i = 0;
    unsigned char *p = (unsigned char *) ptr;

    printf("{");
    while((p != NULL) && (i < size)) {
            if((i % 8) == 0) {
                    printf("\n");
                    printf("    ");
            }
            printf("0x%02x, ", p[i]);
            i++;
    }
    printf("\n};\n");
    #else
    (void) ptr;
    (void) size;
    #endif
}

static int last_val = 0x0f;

static int check_result(unsigned char *data, int len)
{
    int i;

    for( ; len; ) {
            last_val = (last_val + 1) % 16;
            for(i = 0; i < 16; len--, i++, data++)
                    if(*data != last_val) {
                            return -1;
                    }
    }
    return 0;
}

static int r_offset;
static int w_offset;

static void init_offset(void)
{
    r_offset = 0;
    w_offset = 0;
}
static void get_record(unsigned char *data, unsigned char *buf, int len)
{
    XMEMCPY(buf, data+r_offset, len);
    r_offset += len;
}

static void set_record(unsigned char *data, unsigned char *buf, int len)
{
    XMEMCPY(data+w_offset, buf, len);
    w_offset += len;
}

static void set_plain(unsigned char *plain, int rec)
{
    int i, j;
    unsigned char *p = plain;

    #define BLOCKSZ 16

    for(i=0; i<(rec/BLOCKSZ); i++){
        for(j=0; j<BLOCKSZ; j++)
            *p++ = (i % 16);
    }
}
#endif

static int test_wolfSSL_EVP_Cipher_extra(void)
{

#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
    (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))

    /* aes128-cbc, keylen=16, ivlen=16 */
    byte aes128_cbc_key[] = {
        0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
        0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
    };

    byte aes128_cbc_iv[] = {
        0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
        0x99, 0x00, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
    };

    /* teset data size table */
    int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
    int test_drive2[] = {8, 3, 8, 512, 0};
    int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};

    int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
    int test_drive_len[100];

    int ret = 0;
    EVP_CIPHER_CTX *evp = NULL;

    int ilen = 0;
    int klen = 0;
    int i, j;

    const EVP_CIPHER *type;
    byte *iv;
    byte *key;
    int ivlen;
    int keylen;

    #define RECORDS 16
    #define BUFFSZ  512
    byte plain [BUFFSZ * RECORDS];
    byte cipher[BUFFSZ * RECORDS];

    byte inb[BUFFSZ];
    byte outb[BUFFSZ+16];
    int outl, inl;

    iv = aes128_cbc_iv;
    ivlen = sizeof(aes128_cbc_iv);
    key = aes128_cbc_key;
    keylen = sizeof(aes128_cbc_key);
    type = EVP_aes_128_cbc();

    set_plain(plain, BUFFSZ * RECORDS);

    SSL_library_init();

    AssertNotNull(evp = EVP_CIPHER_CTX_new());
    AssertIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);

    klen = EVP_CIPHER_CTX_key_length(evp);
    if (klen > 0 && keylen != klen) {
        AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0);
    }
    ilen = EVP_CIPHER_CTX_iv_length(evp);
    if (ilen > 0 && ivlen != ilen) {
        AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0);
    }

    AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);

    for (j = 0; j<RECORDS; j++)
    {
        inl = BUFFSZ;
        get_record(plain, inb, inl);
        AssertIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, inb, inl)), 0);
        set_record(cipher, outb, outl);
    }

    for (i = 0; test_drive[i]; i++) {

    AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
        init_offset();
        test_drive_len[i] = 0;

        for (j = 0; test_drive[i][j]; j++)
        {
            inl = test_drive[i][j];
            test_drive_len[i] += inl;

            get_record(plain, inb, inl);
        AssertIntNE((ret = EVP_EncryptUpdate(evp, outb, &outl, inb, inl)), 0);
            /* output to cipher buffer, so that following Dec test can detect
               if any error */
            set_record(cipher, outb, outl);
        }

        EVP_CipherFinal(evp, outb, &outl);

        if(outl > 0)
            set_record(cipher, outb, outl);
    }

    for (i = 0; test_drive[i]; i++) {

            last_val = 0x0f;

        AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0);

        init_offset();

        for (j = 0; test_drive[i][j]; j++){
            inl = test_drive[i][j];
            get_record(cipher, inb, inl);

            AssertIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), 0);

            binary_dump(outb, outl);
            AssertIntEQ((ret = check_result(outb, outl)), 0);
            AssertFalse(outl > ((inl/16+1)*16) && outl > 16);
        }

        ret = EVP_CipherFinal(evp, outb, &outl);
        binary_dump(outb, outl);

        ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) ||
                 (((test_drive_len[i] % 16) == 0) && (ret == 1));
        AssertTrue(ret);
    }

    EVP_CIPHER_CTX_free(evp);

#endif /* test_EVP_Cipher */

    return 0;
}

static void test_wolfSSL_PEM_read_DHparams(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO) && \
    !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
    DH* dh;
    XFILE fp;
    unsigned char derOut[300];
    unsigned char* derOutBuf = derOut;
    int derOutSz = 0;

    unsigned char derExpected[300];
    int derExpectedSz = 0;

    printf(testingFmt, "wolfSSL_PEM_read_DHparams()");

    XMEMSET(derOut, 0, sizeof(derOut));
    XMEMSET(derExpected, 0, sizeof(derExpected));

    /* open DH param file, read into DH struct */
    AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));

    /* bad args */
    AssertNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL));
    AssertNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL));

    /* good args */
    AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
    XFCLOSE(fp);

    /* read in certs/dh2048.der for comparison against exported params */
    fp = XFOPEN("./certs/dh2048.der", "rb");
    AssertTrue(fp != XBADFILE);
    derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected), fp);
    XFCLOSE(fp);

    /* export DH back to DER and compare */
    derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
    AssertIntEQ(derOutSz, derExpectedSz);
    AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);

    /* Test parsing with X9.42 header */
    fp = XFOPEN("./certs/x942dh2048.pem", "rb");
    AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
    XFCLOSE(fp);

    DH_free(dh);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_AES_ecb_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB)
    AES_KEY aes;
    const byte msg[] =
    {
      0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
      0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
    };

    const byte verify[] =
    {
        0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
        0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
    };

    const byte key[] =
    {
      0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
      0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
      0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
      0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
    };


    byte out[AES_BLOCK_SIZE];

    printf(testingFmt, "wolfSSL_AES_ecb_encrypt()");

    AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
    XMEMSET(out, 0, AES_BLOCK_SIZE);
    AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
    AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);

#ifdef HAVE_AES_DECRYPT
    AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
    XMEMSET(out, 0, AES_BLOCK_SIZE);
    AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
    AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
#endif

    /* test bad arguments */
    AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
    AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
    AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_MD5(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
    byte input1[] = "";
    byte input2[] = "message digest";
    byte hash[WC_MD5_DIGEST_SIZE];
    unsigned char output1[] =
        "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
    unsigned char output2[] =
        "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
    WOLFSSL_MD5_CTX md5;

    printf(testingFmt, "wolfSSL_MD5()");

    XMEMSET(&md5, 0, sizeof(md5));

    /* Test cases for illegal parameters */
    AssertIntEQ(MD5_Init(NULL), 0);
    AssertIntEQ(MD5_Init(&md5), 1);
    AssertIntEQ(MD5_Update(NULL, input1, 0), 0);
    AssertIntEQ(MD5_Update(NULL, NULL, 0), 0);
    AssertIntEQ(MD5_Update(&md5, NULL, 1), 0);
    AssertIntEQ(MD5_Final(NULL, &md5), 0);
    AssertIntEQ(MD5_Final(hash, NULL), 0);
    AssertIntEQ(MD5_Final(NULL, NULL), 0);

    /* Init MD5 CTX */
    AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
    AssertIntEQ(wolfSSL_MD5_Update(&md5, input1,
                                        XSTRLEN((const char*)&input1)), 1);
    AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
    AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);

    /* Init MD5 CTX */
    AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
    AssertIntEQ(wolfSSL_MD5_Update(&md5, input2,
                                    (int)XSTRLEN((const char*)input2)), 1);
    AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
    AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
#if !defined(NO_OLD_NAMES) && \
  (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
    AssertPtrNE(MD5(NULL, 1, (byte*)&hash), &hash);
    AssertPtrEq(MD5(input1, 0, (byte*)&hash), &hash);
    AssertPtrNE(MD5(input1, 1, NULL), NULL);
    AssertPtrNE(MD5(NULL, 0, NULL), NULL);

    AssertPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), &hash);
    AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);

    AssertPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), &hash);
    AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
    {
        byte data[] = "Data to be hashed.";
        XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE);

        AssertNotNull(MD5(data, sizeof(data), NULL));
        AssertNotNull(MD5(data, sizeof(data), hash));
        AssertNotNull(MD5(NULL, 0, hash));
        AssertNull(MD5(NULL, sizeof(data), hash));
    }
#endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_MD5_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
    byte input1[] = "";
    byte input2[] = "abc";
    byte local[WC_MD5_BLOCK_SIZE];
    word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
    unsigned char output1[] =
        "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91";
    unsigned char output2[] =
        "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc";
#else
    unsigned char output1[] =
        "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
    unsigned char output2[] =
        "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
#endif

    MD5_CTX md5;

    printf(testingFmt, "wolfSSL_MD5_Transform()");

    XMEMSET(&md5, 0, sizeof(md5));
    XMEMSET(&local, 0, sizeof(local));

    /* sanity check */
    AssertIntEQ(MD5_Transform(NULL, NULL), 0);
    AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
    AssertIntEQ(MD5_Transform(&md5, NULL), 0);
    AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
    AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
    AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG);

    /* Init MD5 CTX */
    AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
    /* Do Transform*/
    sLen = (word32)XSTRLEN((char*)input1);
    XMEMCPY(local, input1, sLen);
    AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);

    AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1,
                                                    WC_MD5_DIGEST_SIZE), 0);

    /* Init MD5 CTX */
    AssertIntEQ(MD5_Init(&md5), 1);
    sLen = (word32)XSTRLEN((char*)input2);
    XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
    XMEMCPY(local, input2, sLen);
    AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2,
                                                    WC_MD5_DIGEST_SIZE), 0);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_SHA224(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
    unsigned char input[] =
        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
    unsigned char output[] =
         "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
         "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
    size_t inLen;
    byte hash[WC_SHA224_DIGEST_SIZE];

    printf(testingFmt, "wolfSSL_SHA224()");
    inLen  = XSTRLEN((char*)input);

    XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);

    AssertNull(SHA224(NULL, inLen, hash));
    AssertNotNull(SHA224(input, 0, hash));
    AssertNotNull(SHA224(input, inLen, NULL));
    AssertNotNull(SHA224(NULL, 0, hash));
    AssertNotNull(SHA224(NULL, 0, NULL));

    AssertNotNull(SHA224(input, inLen, hash));
    AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
    byte input1[] = "";
    byte input2[] = "abc";
    byte local[WC_SHA_BLOCK_SIZE];
    word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
    unsigned char output1[] =
        "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68"
        "\x09\xf7\x3a\x93";
    unsigned char output2[] =
        "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0"
        "\x7c\x6e\x08\xb8";
#else
    unsigned char output1[] =
        "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
        "\x93\x3a\xf7\x09";
    unsigned char output2[] =
        "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
        "\xb8\x08\x6e\x7c";
#endif

    SHA_CTX sha;
    SHA_CTX sha1;

    printf(testingFmt, "wolfSSL_SHA_Transform()");

    XMEMSET(&sha, 0, sizeof(sha));
    XMEMSET(&local, 0, sizeof(local));

    /* sanity check */
    AssertIntEQ(SHA_Transform(NULL, NULL), 0);
    AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
    AssertIntEQ(SHA_Transform(&sha, NULL), 0);
    AssertIntEQ(SHA1_Transform(NULL, NULL), 0);
    AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
    AssertIntEQ(SHA1_Transform(&sha, NULL), 0);
    AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
    AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
    AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG);

    /* Init SHA CTX */
    AssertIntEQ(SHA_Init(&sha), 1);
    /* Do Transform*/
    sLen = (word32)XSTRLEN((char*)input1);
    XMEMCPY(local, input1, sLen);
    AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1,
                                                        WC_SHA_DIGEST_SIZE), 0);
    AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */

    /* Init SHA CTX */
    AssertIntEQ(SHA_Init(&sha), 1);
    sLen = (word32)XSTRLEN((char*)input2);
    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
    XMEMCPY(local, input2, sLen);
    AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2,
                                                        WC_SHA_DIGEST_SIZE), 0);
    AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */

    /* SHA1 */
    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
    /* Init SHA CTX */
    AssertIntEQ(SHA1_Init(&sha1), 1);
    /* Do Transform*/
    sLen = (word32)XSTRLEN((char*)input1);
    XMEMCPY(local, input1, sLen);
    AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output1,
                                                        WC_SHA_DIGEST_SIZE), 0);
    AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */

    /* Init SHA CTX */
    AssertIntEQ(SHA1_Init(&sha1), 1);
    sLen = (word32)XSTRLEN((char*)input2);
    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
    XMEMCPY(local, input2, sLen);
    AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output2,
                                                        WC_SHA_DIGEST_SIZE), 0);
    AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */

    printf(resultFmt, passed);
#endif
#endif
}

static void test_wolfSSL_SHA256_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
        !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH)
    byte input1[] = "";
    byte input2[] = "abc";
    byte local[WC_SHA256_BLOCK_SIZE];
    word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
    unsigned char output1[] =
        "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca"
        "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8";
    unsigned char output2[] =
        "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8"
        "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35";
#else
    unsigned char output1[] =
        "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
        "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
    unsigned char output2[] =
        "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
        "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
#endif
    SHA256_CTX sha256;

    printf(testingFmt, "wolfSSL_SHA256_Transform()");

    XMEMSET(&sha256, 0, sizeof(sha256));
    XMEMSET(&local, 0, sizeof(local));

    /* sanity check */
    AssertIntEQ(SHA256_Transform(NULL, NULL), 0);
    AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
    AssertIntEQ(SHA256_Transform(&sha256, NULL), 0);
    AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
    AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
    AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG);

    /* Init SHA256 CTX */
    AssertIntEQ(SHA256_Init(&sha256), 1);
    /* Do Transform*/
    sLen = (word32)XSTRLEN((char*)input1);
    XMEMCPY(local, input1, sLen);
    AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1,
                                                    WC_SHA256_DIGEST_SIZE), 0);
    AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */

    /* Init SHA256 CTX */
    AssertIntEQ(SHA256_Init(&sha256), 1);
    sLen = (word32)XSTRLEN((char*)input2);
    XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
    XMEMCPY(local, input2, sLen);
    AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2,
                                                    WC_SHA256_DIGEST_SIZE), 0);
    AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */

    printf(resultFmt, passed);
#endif
#endif
}

static void test_wolfSSL_SHA256(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
    defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
    unsigned char input[] =
        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
    unsigned char output[] =
        "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
        "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
        "\x06\xC1";
    size_t inLen;
    byte hash[WC_SHA256_DIGEST_SIZE];

    printf(testingFmt, "wolfSSL_SHA256()");
    inLen  = XSTRLEN((char*)input);

    XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
    AssertNotNull(SHA256(input, inLen, hash));
    AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_SHA512_Transform(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
    byte input1[] = "";
    byte input2[] = "abc";
    byte local[WC_SHA512_BLOCK_SIZE];
    word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
    unsigned char output1[] =
        "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70"
        "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0"
        "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0"
        "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee";
   unsigned char output2[] =
        "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21"
        "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab"
        "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98"
        "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0";
#else
    unsigned char output1[] =
        "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
        "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
        "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
        "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
   unsigned char output2[] =
        "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
        "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
        "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
        "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
#endif
    SHA512_CTX sha512;

    printf(testingFmt, "wolfSSL_SHA512_Transform()");

    XMEMSET(&sha512, 0, sizeof(sha512));
    XMEMSET(&local, 0, sizeof(local));

    /* sanity check */
    AssertIntEQ(SHA512_Transform(NULL, NULL), 0);
    AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
    AssertIntEQ(SHA512_Transform(&sha512, NULL), 0);
    AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
    AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
    AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG);

    /* Init SHA512 CTX */
    AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1);

    /* Do Transform*/
    sLen = (word32)XSTRLEN((char*)input1);
    XMEMCPY(local, input1, sLen);
    AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1,
                                                    WC_SHA512_DIGEST_SIZE), 0);
    AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */

    /* Init SHA512 CTX */
    AssertIntEQ(SHA512_Init(&sha512), 1);
    sLen = (word32)XSTRLEN((char*)input2);
    XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
    XMEMCPY(local, input2, sLen);
    AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
    AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2,
                                                    WC_SHA512_DIGEST_SIZE), 0);
    AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */

    (void)input1;
    printf(resultFmt, passed);
#endif
#endif
}

static void test_wolfSSL_X509_get_serialNumber(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
    ASN1_INTEGER* a;
    BIGNUM* bn;
    X509*   x509;
    char *serialHex;
    byte serial[3];
    int  serialSz;

    printf(testingFmt, "wolfSSL_X509_get_serialNumber()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
                                                      SSL_FILETYPE_PEM));
    AssertNotNull(a = X509_get_serialNumber(x509));

    /* check on value of ASN1 Integer */
    AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));


    /* test setting serial number and then retrieving it */
    AssertNotNull(a = ASN1_INTEGER_new());
    ASN1_INTEGER_set(a, 3);
    AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
    serialSz = sizeof(serial);
    AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
            WOLFSSL_SUCCESS);
    AssertIntEQ(serialSz, 1);
    AssertIntEQ(serial[0], 3);
    ASN1_INTEGER_free(a);

    /* test setting serial number with 0's in it */
    serial[0] = 0x01;
    serial[1] = 0x00;
    serial[2] = 0x02;

    AssertNotNull(a = wolfSSL_ASN1_INTEGER_new());
    a->data[0] = ASN_INTEGER;
    a->data[1] = sizeof(serial);
    XMEMCPY(&a->data[2], serial, sizeof(serial));
    a->length = sizeof(serial) + 2;
    AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);

    XMEMSET(serial, 0, sizeof(serial));
    serialSz = sizeof(serial);
    AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
            WOLFSSL_SUCCESS);
    AssertIntEQ(serialSz, 3);
    AssertIntEQ(serial[0], 0x01);
    AssertIntEQ(serial[1], 0x00);
    AssertIntEQ(serial[2], 0x02);
    ASN1_INTEGER_free(a);

    X509_free(x509); /* free's a */

    AssertNotNull(serialHex = BN_bn2hex(bn));
#ifndef WC_DISABLE_RADIX_ZERO_PAD
    AssertStrEQ(serialHex, "01");
#else
    AssertStrEQ(serialHex, "1");
#endif
    OPENSSL_free(serialHex);

    AssertIntEQ(BN_get_word(bn), 1);

    BN_free(bn);

    /* hard test free'ing with dynamic buffer to make sure there is no leaks */
    a = ASN1_INTEGER_new();
    if (a) {
        AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
                    DYNAMIC_TYPE_OPENSSL));
        a->isDynamic = 1;
        ASN1_INTEGER_free(a);
    }

    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_OpenSSL_add_all_algorithms(void){
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "wolfSSL_OpenSSL_add_all_algorithms()");

    AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OPENSSL_hexstr2buf(void)
{
#if defined(OPENSSL_EXTRA)
    #define MAX_HEXSTR_BUFSZ 9
    #define NUM_CASES        5
    struct Output {
        const unsigned char buffer[MAX_HEXSTR_BUFSZ];
        long ret;
    };
    int i;
    int j;

    const char* inputs[NUM_CASES] = {
        "aabcd1357e",
        "01:12:23:34:a5:b6:c7:d8:e9",
        ":01:02",
        "012",
        ":ab:ac:d"
    };
    struct Output expectedOutputs[NUM_CASES] = {
        {{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5},
        {{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9},
        {{0x01, 0x02}, 2},
        {{0x00}, 0},
        {{0x00}, 0}
    };
    long len = 0;
    unsigned char* returnedBuf = NULL;

    printf(testingFmt, "test_wolfSSL_OPENSSL_hexstr2buf()");

    for (i = 0; i < NUM_CASES; ++i) {
        returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);

        if (returnedBuf == NULL) {
            AssertIntEQ(expectedOutputs[i].ret, 0);
            continue;
        }

        AssertIntEQ(expectedOutputs[i].ret, len);

        for (j = 0; j < len; ++j) {
            AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]);
        }
        OPENSSL_free(returnedBuf);
    }

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_ASN1_STRING_print_ex(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
#ifndef NO_BIO
    ASN1_STRING* asn_str;
    const char data[] = "Hello wolfSSL!";
    ASN1_STRING* esc_str;
    const char esc_data[] = "a+;<>";
    BIO *bio;
    unsigned long flags;
    int p_len;
    unsigned char rbuf[255];

    printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()");

    /* setup */
    XMEMSET(rbuf, 0, 255);
    bio = BIO_new(BIO_s_mem());
    BIO_set_write_buf_size(bio,255);

    asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
    ASN1_STRING_set(asn_str, (const void*)data, sizeof(data));
    esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
    ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data));

    /* no flags */
    XMEMSET(rbuf, 0, 255);
    flags = 0;
    p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
    AssertIntEQ(p_len, 15);
    BIO_read(bio, (void*)rbuf, 15);
    AssertStrEQ((char*)rbuf, "Hello wolfSSL!");

    /* RFC2253 Escape */
    XMEMSET(rbuf, 0, 255);
    flags = ASN1_STRFLGS_ESC_2253;
    p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags);
    AssertIntEQ(p_len, 9);
    BIO_read(bio, (void*)rbuf, 9);
    AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>");

    /* Show type */
    XMEMSET(rbuf, 0, 255);
    flags = ASN1_STRFLGS_SHOW_TYPE;
    p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
    AssertIntEQ(p_len, 28);
    BIO_read(bio, (void*)rbuf, 28);
    AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");

    /* Dump All */
    XMEMSET(rbuf, 0, 255);
    flags = ASN1_STRFLGS_DUMP_ALL;
    p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
    AssertIntEQ(p_len, 31);
    BIO_read(bio, (void*)rbuf, 31);
    AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");

    /* Dump Der */
    XMEMSET(rbuf, 0, 255);
    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
    p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
    AssertIntEQ(p_len, 35);
    BIO_read(bio, (void*)rbuf, 35);
    AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");

    /* Dump All + Show type */
    XMEMSET(rbuf, 0, 255);
    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
    p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
    AssertIntEQ(p_len, 44);
    BIO_read(bio, (void*)rbuf, 44);
    AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");

    BIO_free(bio);
    ASN1_STRING_free(asn_str);
    ASN1_STRING_free(esc_str);

    printf(resultFmt, passed);
#endif /* !NO_BIO */
#endif
}

static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
    WOLFSSL_ASN1_TIME *t;
    WOLFSSL_ASN1_TIME *out;
    WOLFSSL_ASN1_TIME *gtime;
    int tlen = 0;
    unsigned char *data;

    printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()");

    /* UTC Time test */
    AssertNotNull(t = wolfSSL_ASN1_TIME_new());
    XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
    AssertNotNull(out = wolfSSL_ASN1_TIME_new());
    t->type = ASN_UTC_TIME;
    t->length = ASN_UTC_TIME_SIZE;
    XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);

    tlen = wolfSSL_ASN1_TIME_get_length(t);
    AssertIntEQ(tlen, ASN_UTC_TIME_SIZE);
    data = wolfSSL_ASN1_TIME_get_data(t);
    AssertStrEQ((char*)data, "050727123456Z");
    gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
    AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
    AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
    AssertStrEQ((char*)gtime->data, "20050727123456Z");

    /* Generalized Time test */
    XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
    XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE);
    XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE);
    t->type = ASN_GENERALIZED_TIME;
    t->length = ASN_GENERALIZED_TIME_SIZE;
    XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);

    tlen = wolfSSL_ASN1_TIME_get_length(t);
    AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE);
    data = wolfSSL_ASN1_TIME_get_data(t);
    AssertStrEQ((char*)data, "20050727123456Z");
    gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
    AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
    AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
    AssertStrEQ((char*)gtime->data, "20050727123456Z");
    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    /* Null parameter test */
    XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
    gtime = NULL;
    out = NULL;
    t->type = ASN_UTC_TIME;
    t->length = ASN_UTC_TIME_SIZE;
    XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
    AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
    AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
    AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
    AssertStrEQ((char*)gtime->data, "20050727123456Z");

    XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_CA_num(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
    defined(HAVE_ECC) && !defined(NO_RSA)
    WOLFSSL_X509_STORE *store;
    WOLFSSL_X509 *x509_1, *x509_2;
    int ca_num = 0;

    printf(testingFmt, "wolfSSL_X509_CA_num()");

    store = wolfSSL_X509_STORE_new();
    x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
    wolfSSL_X509_STORE_add_cert(store, x509_1);
    ca_num = wolfSSL_X509_CA_num(store);
    AssertIntEQ(ca_num, 1);

    x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM);
    wolfSSL_X509_STORE_add_cert(store, x509_2);
    ca_num = wolfSSL_X509_CA_num(store);
    AssertIntEQ(ca_num, 2);

    wolfSSL_X509_free(x509_1);
    wolfSSL_X509_free(x509_2);
    wolfSSL_X509_STORE_free(store);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_check_ca(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
    WOLFSSL_X509 *x509;

    printf(testingFmt, "wolfSSL_X509_check_ca()");

    x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
    AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
    wolfSSL_X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_check_ip_asc(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
    WOLFSSL_X509 *x509;

    printf(testingFmt, "wolfSSL_X509_check_ip_asc()");

    x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
#if 0
    /* TODO: add cert gen for testing positive case */
    AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
#endif
    AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
    AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
    wolfSSL_X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_DC_cert(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \
    defined(WOLFSSL_CERT_EXT)
    Cert    cert;
    RsaKey  key;
    WC_RNG  rng;
    byte    der[FOURK_BUF];
    int     certSz;
    int     ret, idx;
    const byte  mySerial[8] = {1,2,3,4,5,6,7,8};
    const unsigned char* pt;

    X509*   x509;
    X509_NAME* x509name;
    X509_NAME_ENTRY* entry;
    ASN1_STRING* entryValue;

    CertName name;
    printf(testingFmt, "wolfSSL Certs with DC");

    XMEMSET(&name, 0, sizeof(CertName));

    /* set up cert name */
    XMEMCPY(name.country, "US", sizeof("US"));
    name.countryEnc = CTC_PRINTABLE;
    XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
    name.stateEnc = CTC_UTF8;
    XMEMCPY(name.locality, "Portland", sizeof("Portland"));
    name.localityEnc = CTC_UTF8;
    XMEMCPY(name.sur, "Test", sizeof("Test"));
    name.surEnc = CTC_UTF8;
    XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
    name.orgEnc = CTC_UTF8;
    XMEMCPY(name.unit, "Development", sizeof("Development"));
    name.unitEnc = CTC_UTF8;
    XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
    name.commonNameEnc = CTC_UTF8;
    XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
    name.serialDevEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_MULTI_ATTRIB
    #if CTC_MAX_ATTRIB > 2
    {
        NameAttrib* n;
        n = &name.name[0];
        n->id   = ASN_DOMAIN_COMPONENT;
        n->type = CTC_UTF8;
        n->sz   = sizeof("com");
        XMEMCPY(n->value, "com", sizeof("com"));

        n = &name.name[1];
        n->id   = ASN_DOMAIN_COMPONENT;
        n->type = CTC_UTF8;
        n->sz   = sizeof("wolfssl");
        XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
    }
    #endif
#endif /* WOLFSSL_MULTI_ATTRIB */

    AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
#ifndef HAVE_FIPS
    AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, devId), 0);
#else
    AssertIntEQ(wc_InitRng(&rng), 0);
#endif
    AssertIntEQ(wc_MakeRsaKey(&key, 2048, 3, &rng), 0);


    XMEMSET(&cert, 0 , sizeof(Cert));
    AssertIntEQ(wc_InitCert(&cert), 0);

    XMEMCPY(&cert.subject, &name, sizeof(CertName));
    XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
    cert.serialSz = (int)sizeof(mySerial);
    cert.isCA     = 1;
#ifndef NO_SHA256
    cert.sigType = CTC_SHA256wRSA;
#else
    cert.sigType = CTC_SHAwRSA;
#endif

    /* add SKID from the Public Key */
    AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);

    /* add AKID from the Public Key */
    AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);

    ret = 0;
    do {
#if defined(WOLFSSL_ASYNC_CRYPT)
        ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
        if (ret >= 0) {
            ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
        }
    } while (ret == WC_PENDING_E);
    AssertIntGT(ret, 0);
    certSz = ret;

    /* der holds a certificate with DC's now check X509 parsing of it */
    pt = der;
    AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
    AssertNotNull(x509name = X509_get_subject_name(x509));
#ifdef WOLFSSL_MULTI_ATTRIB
    AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
                    -1)), 5);
    AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
                    idx)), 6);
    AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
                    idx)), -1);
#endif /* WOLFSSL_MULTI_ATTRIB */

    /* compare DN at index 0 */
    AssertNotNull(entry = X509_NAME_get_entry(x509name, 0));
    AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
    AssertIntEQ(ASN1_STRING_length(entryValue), 2);
    AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US");

#ifdef WOLFSSL_MULTI_ATTRIB
    /* get first and second DC and compare result */
    AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
                    -1)), 5);
    AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
    AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
    AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com");

    AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
                   idx)), 6);
    AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
    AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
    AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
#endif /* WOLFSSL_MULTI_ATTRIB */

    /* try invalid index locations for regression test and sanity check */
    AssertNull(entry = X509_NAME_get_entry(x509name, 11));
    AssertNull(entry = X509_NAME_get_entry(x509name, 20));

    (void)idx;
    X509_free(x509);
    wc_FreeRsaKey(&key);
    wc_FreeRng(&rng);
    printf(resultFmt, passed);
#endif
}


static void test_wolfSSL_X509_get_version(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    WOLFSSL_X509 *x509;

    printf(testingFmt, "wolfSSL_X509_get_version()");

    x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);
    AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2);
    wolfSSL_X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_DES_ncbc(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
    const_DES_cblock myDes;
    DES_cblock iv = {1};
    DES_key_schedule key = {0};
    unsigned char msg[] = "hello wolfssl";
    unsigned char out[DES_BLOCK_SIZE * 2] = {0};
    unsigned char pln[DES_BLOCK_SIZE * 2] = {0};

    unsigned char exp[]  = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
    unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};

    printf(testingFmt, "wolfSSL_DES_ncbc()");

    /* partial block test */
    DES_set_key(&key, &myDes);
    DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
    AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
    AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);

    DES_set_key(&key, &myDes);
    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
    *((byte*)&iv) = 1;
    DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
    AssertIntEQ(XMEMCMP(msg, pln, 3), 0);
    AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);

    /* full block test */
    DES_set_key(&key, &myDes);
    XMEMSET(pln, 0, DES_BLOCK_SIZE);
    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
    *((byte*)&iv) = 1;
    DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
    AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
    AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);

    DES_set_key(&key, &myDes);
    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
    *((byte*)&iv) = 1;
    DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
    AssertIntEQ(XMEMCMP(msg, pln, 8), 0);
    AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_AES_cbc_encrypt(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA)
    AES_KEY aes;
    AES_KEY* aesN = NULL;
    size_t len = 0;
    size_t lenB = 0;
    int keySz0 = 0;
    int keySzN = -1;
    byte out[AES_BLOCK_SIZE] = {0};
    byte* outN = NULL;
    const int enc1 = AES_ENCRYPT;
    const int enc2 = AES_DECRYPT;

    /* Test vectors retrieved from:
     *   <begin URL>
     *       https://csrc.nist.gov/
     *       CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
     *       documents/aes/KAT_AES.zip
     *   </end URL>
     */
    const byte* pt128N  = NULL;
    byte* key128N       = NULL;
    byte* iv128N        = NULL;
    byte iv128tmp[AES_BLOCK_SIZE] = {0};

    const byte pt128[]  = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };

    const byte ct128[]  = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
                            0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };

    const byte iv128[]  = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };

    byte key128[]       = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
                            0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };


    len = sizeof(pt128);

    #define STRESS_T(a, b, c, d, e, f, g, h, i) \
            wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
            AssertIntNE(XMEMCMP(b, g, h), i)

    #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)

    printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()");
    STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
    STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0);

    wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1);
    AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
    wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1);
    AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);

    STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
    printf(resultFmt, "Stress Tests: passed");

    printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key");
    AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
    AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
    AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
    AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
    printf(resultFmt, "Stress Tests: passed");

    printf(testingFmt, "Stressing wolfSSL_AES_set_decrypt_key");
    AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
    AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
    AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
    AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
    printf(resultFmt, "Stress Tests: passed");

  #ifdef WOLFSSL_AES_128

    printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit");
    XMEMSET(out, 0, AES_BLOCK_SIZE);
    RESET_IV(iv128tmp, iv128);

    AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
    wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1);
    AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
    printf(resultFmt, "passed");

    #ifdef HAVE_AES_DECRYPT

    printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode");
    XMEMSET(out, 0, AES_BLOCK_SIZE);
    RESET_IV(iv128tmp, iv128);
    len = sizeof(ct128);

    AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
    wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2);
    AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
    printf(resultFmt, "passed");

    #endif

  #endif /* WOLFSSL_AES_128 */
  #ifdef WOLFSSL_AES_192
    /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
     * Appendix F.2.3  */

    byte iv192tmp[AES_BLOCK_SIZE] = {0};

    const byte pt192[]  = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
                            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };

    const byte ct192[]  = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
                            0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };

    const byte iv192[]  = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
                            0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };

    byte key192[]       = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
                            0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
                            0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };

    len = sizeof(pt192);

    printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit");
    XMEMSET(out, 0, AES_BLOCK_SIZE);
    RESET_IV(iv192tmp, iv192);

    AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
    wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1);
    AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
    printf(resultFmt, "passed");

    #ifdef HAVE_AES_DECRYPT

    printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode");
    len = sizeof(ct192);
    RESET_IV(iv192tmp, iv192);
    XMEMSET(out, 0, AES_BLOCK_SIZE);

    AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
    wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2);
    AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
    printf(resultFmt, "passed");

    #endif
  #endif /* WOLFSSL_AES_192 */
  #ifdef WOLFSSL_AES_256
    /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
     * Appendix F.2.5  */
    byte iv256tmp[AES_BLOCK_SIZE] = {0};

    const byte pt256[]  = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
                            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };

    const byte ct256[]  = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
                            0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };

    const byte iv256[]  = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
                            0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };

    byte key256[]       = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
                            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
                            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
                            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };


    len = sizeof(pt256);

    printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit");
    XMEMSET(out, 0, AES_BLOCK_SIZE);
    RESET_IV(iv256tmp, iv256);

    AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
    wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1);
    AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
    printf(resultFmt, "passed");

    #ifdef HAVE_AES_DECRYPT

    printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode");
    len = sizeof(ct256);
    RESET_IV(iv256tmp, iv256);
    XMEMSET(out, 0, AES_BLOCK_SIZE);

    AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
    wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2);
    AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
    printf(resultFmt, "passed");

    #endif

    #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
    byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
    byte wrapPlain[sizeof(key256)] = { 0 };
    byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
    printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit NULL iv");
    AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
    AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
            15), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
            sizeof(key256)), sizeof(wrapCipher));
    printf(resultFmt, "passed");
    printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit NULL iv");
    AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
    AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
            23), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
            sizeof(wrapCipher)), sizeof(wrapPlain));
    AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
    printf(resultFmt, "passed");
    XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
    XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
    printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit custom iv");
    AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
    AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
            sizeof(key256)), sizeof(wrapCipher));
    printf(resultFmt, "passed");
    printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit custom iv");
    AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
    AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
            sizeof(wrapCipher)), sizeof(wrapPlain));
    AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
    printf(resultFmt, "passed");
    #endif /* HAVE_AES_KEYWRAP */
  #endif /* WOLFSSL_AES_256 */
#endif
}

#if defined(OPENSSL_ALL)
#if !defined(NO_ASN)
static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
{
#if !defined(NO_RSA)
    WOLFSSL_X509* x509;
    WOLFSSL_X509_NAME* subject;
    WOLFSSL_X509_NAME_ENTRY* e;
    WOLFSSL_ASN1_STRING* a;
    FILE* file;
    int idx = 0;
    char targetOutput[16] = "www.wolfssl.com";
    unsigned char* actual_output;
    int len = 0;
    int result = 0;

    AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
    fclose(file);

    printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName");
    AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509));
    AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
                    NID_commonName, -1)), 5);
    AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
    AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
    AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
    result = strncmp((const char*)actual_output, targetOutput, len);
    AssertIntEQ(result, 0);
    printf(resultFmt, result == 0 ? passed : failed);

    printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, valid): ");
    AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)),
            WOLFSSL_FATAL_ERROR);
    printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);

    printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(valid, NULL): ");
    AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)),
            WOLFSSL_FATAL_ERROR);
    printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);

    printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL): ");
    AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)),
            WOLFSSL_FATAL_ERROR);
    printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);

    wolfSSL_X509_free(x509);
    XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}

static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
{
    ASN1_STRING* asn1str_test;
    ASN1_STRING* asn1str_answer;
    /* Each character is encoded using 4 bytes */
    char input[] = {
            0, 0, 0, 'T',
            0, 0, 0, 'e',
            0, 0, 0, 's',
            0, 0, 0, 't',
    };
    char output[] = "Test";

    printf(testingFmt, "test_wolfSSL_ASN1_UNIVERSALSTRING_to_string()");

    AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
    AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
    AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);

    AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
    AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);

    AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);

    ASN1_STRING_free(asn1str_test);
    ASN1_STRING_free(asn1str_answer);

    printf(resultFmt, "passed");
}
#endif /* !defined(NO_ASN) */

static void test_wolfSSL_sk_CIPHER_description(void)
{
#if !defined(NO_RSA)
    const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
    int i,j,k;
    int numCiphers = 0;
    const SSL_METHOD *method = NULL;
    const SSL_CIPHER *cipher = NULL;
    STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    char buf[256];
    char test_str[9] = "0000000";
    const char badStr[] = "unknown";
    const char certPath[] = "./certs/client-cert.pem";
    XMEMSET(buf, 0, sizeof(buf));

    printf(testingFmt, "wolfSSL_sk_CIPHER_description");

    AssertNotNull(method = TLSv1_2_client_method());
    AssertNotNull(ctx = SSL_CTX_new(method));

    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
    SSL_CTX_set_verify_depth(ctx, 4);

    SSL_CTX_set_options(ctx, flags);
    AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
                WOLFSSL_SUCCESS);

    AssertNotNull(ssl = SSL_new(ctx));
    /* SSL_get_ciphers returns a stack of all configured ciphers
     * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description
     */
    AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));

    /* loop through the amount of supportedCiphers */
    numCiphers = sk_num(supportedCiphers);
    for (i = 0; i < numCiphers; ++i) {

        /* sk_value increments "sk->data.cipher->cipherOffset".
         * wolfSSL_sk_CIPHER_description sets the description for
         * the cipher based on the provided offset.
         */

        if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
            SSL_CIPHER_description(cipher, buf, sizeof(buf));
        }

        /* Search cipher description string for "unknown" descriptor */
        for (j = 0; j < (int)XSTRLEN(buf); j++) {
            k = 0;
            while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) {
                test_str[k] = badStr[k];
                j++;
                k++;
            }
        }
        /* Fail if test_str == badStr == "unknown" */
        AssertStrNE(test_str,badStr);
    }
    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_get_ciphers_compat(void)
{
#if !defined(NO_RSA)
    const SSL_METHOD *method = NULL;
    const char certPath[] = "./certs/client-cert.pem";
    STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
    SSL_CTX *ctx = NULL;
    WOLFSSL *ssl = NULL;
    const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;

    printf(testingFmt, "wolfSSL_get_ciphers_compat");
    method = SSLv23_client_method();
    AssertNotNull(method);
    ctx = SSL_CTX_new(method);
    AssertNotNull(ctx);

    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
    SSL_CTX_set_verify_depth(ctx, 4);

    SSL_CTX_set_options(ctx, flags);
    AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
                WOLFSSL_SUCCESS);

    AssertNotNull(ssl = SSL_new(ctx));

    /* Test Bad NULL input */
    AssertNull(supportedCiphers = SSL_get_ciphers(NULL));
    /* Test for Good input */
    AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
    /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is
     * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */

    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_PUBKEY_get(void)
{
    WOLFSSL_X509_PUBKEY pubkey;
    WOLFSSL_X509_PUBKEY* key;
    WOLFSSL_EVP_PKEY evpkey ;
    WOLFSSL_EVP_PKEY* evpPkey;
    WOLFSSL_EVP_PKEY* retEvpPkey;

    XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
    XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));

    key = &pubkey;
    evpPkey = &evpkey;

    evpPkey->type = WOLFSSL_SUCCESS;
    key->pkey = evpPkey;

    printf(testingFmt, "wolfSSL_X509_PUBKEY_get()");
    AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
    AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS);

    AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL));

    key->pkey = NULL;
    AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
    printf(resultFmt,retEvpPkey == NULL ? passed : failed);
}

static void test_wolfSSL_d2i_DHparams(void)
{
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    FILE* f = NULL;
    unsigned char buf[4096];
    const unsigned char* pt = buf;
#ifdef HAVE_FFDHE_2048
    const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
    const char* params2 = "./certs/dh3072.der";
#endif
    long len = 0;
    WOLFSSL_DH* dh = NULL;
    XMEMSET(buf, 0, sizeof(buf));

    /* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
    printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit");
    f = XFOPEN(params1, "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    /* Valid case */
    AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
    AssertNotNull(dh->p);
    AssertNotNull(dh->g);
    AssertTrue(pt != buf);
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
    AssertIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), WOLFSSL_SUCCESS);
#endif
    AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);

    /* Invalid cases */
    AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
    AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
    AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));

    DH_free(dh);
    printf(resultFmt, passed);

    *buf = 0;
    pt = buf;
#endif /* HAVE_FFDHE_2048 */

    /* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
    printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit");
    f = XFOPEN(params2, "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    /* Valid case */
    AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
    AssertNotNull(dh->p);
    AssertNotNull(dh->g);
    AssertTrue(pt != buf);
    AssertIntEQ(DH_generate_key(dh), 1);

    /* Invalid cases */
    AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
    AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));

    DH_free(dh);
    printf(resultFmt, passed);
#endif /* HAVE_FFDHE_3072 */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !NO_DH */
}

static void test_wolfSSL_i2d_DHparams(void)
{
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    FILE* f;
    unsigned char buf[4096];
    const unsigned char* pt = buf;
    unsigned char* pt2 = buf;
#ifdef HAVE_FFDHE_2048
    const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
    const char* params2 = "./certs/dh3072.der";
#endif
    long len;
    WOLFSSL_DH* dh;

    /* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
    printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit");
    f = XFOPEN(params1, "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    /* Valid case */
    AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
    AssertTrue(pt != buf);
    AssertIntEQ(DH_generate_key(dh), 1);
    AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);

    /* Invalid case */
    AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);

    /* Return length only */
    AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);

    DH_free(dh);
    printf(resultFmt, passed);

    *buf = 0;
    pt = buf;
    pt2 = buf;
#endif

    /* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
    printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit");
    f = XFOPEN(params2, "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    /* Valid case */
    AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
    AssertTrue(pt != buf);
    AssertIntEQ(DH_generate_key(dh), 1);
    AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);

    /* Invalid case */
    AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);

    /* Return length only */
    AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);

    DH_free(dh);
    printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif
}

static void test_wolfSSL_EC_KEY_dup(void)
{
#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \
    defined(OPENSSL_EXTRA_X509_SMALL))

    WOLFSSL_EC_KEY* ecKey;
    WOLFSSL_EC_KEY* dupKey;
    ecc_key* srcKey;
    ecc_key* destKey;

    printf(testingFmt, "wolfSSL_EC_KEY_dup()");

    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);

    /* Valid cases */
    AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
    AssertIntEQ(EC_KEY_check_key(dupKey), 1);

    /* Compare pubkey */
    srcKey = (ecc_key*)ecKey->internal;
    destKey = (ecc_key*)dupKey->internal;
    AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);

    /* compare EC_GROUP */
    AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);

    /* compare EC_POINT */
    AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
                dupKey->pub_key, NULL), MP_EQ);

    /* compare BIGNUM */
    AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
    wolfSSL_EC_KEY_free(dupKey);

    /* Invalid cases */
    /* NULL key */
    AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
    /* NULL ecc_key */
    wc_ecc_free((ecc_key*)ecKey->internal);
    XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
    ecKey->internal = NULL; /* Set ecc_key to NULL */
    AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
    wolfSSL_EC_KEY_free(ecKey);
    wolfSSL_EC_KEY_free(dupKey);

    /* NULL Group */
    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    wolfSSL_EC_GROUP_free(ecKey->group);
    ecKey->group = NULL; /* Set group to NULL */
    AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
    wolfSSL_EC_KEY_free(ecKey);
    wolfSSL_EC_KEY_free(dupKey);

    /* NULL public key */
    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
    ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
    AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));

    wolfSSL_EC_POINT_free(ecKey->pub_key);
    ecKey->pub_key = NULL; /* Set pub_key to NULL */
    AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
    wolfSSL_EC_KEY_free(ecKey);
    wolfSSL_EC_KEY_free(dupKey);

    /* NULL private key */
    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);

    wolfSSL_BN_free(ecKey->priv_key);
    ecKey->priv_key = NULL; /* Set priv_key to NULL */
    AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));

    wolfSSL_EC_KEY_free(ecKey);
    wolfSSL_EC_KEY_free(dupKey);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
{
#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
    DSA       *dsa  = NULL;
    DSA       *setDsa  = NULL;
    EVP_PKEY  *pkey = NULL;
    EVP_PKEY  *set1Pkey = NULL;

    SHA_CTX sha;
    byte    signature[DSA_SIG_SIZE];
    byte    hash[WC_SHA_DIGEST_SIZE];
    word32  bytes;
    int     answer;
#ifdef USE_CERT_BUFFERS_1024
    const unsigned char* dsaKeyDer = dsa_key_der1024;
    int dsaKeySz  = sizeof_dsa_key_der_1024;
    byte    tmp[ONEK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
    bytes = dsa_key_der_sz;
#elif defined(USE_CERT_BUFFERS_2048)
    const unsigned char* dsaKeyDer = dsa_key_der_2048;
    int dsaKeySz  = sizeof_dsa_key_der_2048;
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
    bytes = dsaKeySz;
#else
    const unsigned char* dsaKeyDer = dsa_key_der_2048;
    int dsaKeySz  = sizeof_dsa_key_der_2048;
    byte    tmp[TWOK_BUF];
    XMEMSET(tmp, 0, sizeof(tmp));
    XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
    XFILE fp = XOPEN("./certs/dsa2048.der", "rb");
    if (fp == XBADFILE) {
        return WOLFSSL_BAD_FILE;
    }
    bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
    XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */

    printf(testingFmt,
           "wolfSSL_EVP_PKEY_set1_DSA and wolfSSL_EVP_PKEY_get1_DSA");

    /* Create hash to later Sign and Verify */
    AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS);
    AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS);
    AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);

    /* Initialize pkey with der format dsa key */
    AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
                &dsaKeyDer ,(long)dsaKeySz));

    /* Test wolfSSL_EVP_PKEY_get1_DSA */
    /* Should Fail: NULL argument */
    AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
    AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
    /* Should Pass: Initialized pkey argument */
    AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
    AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));

    AssertIntEQ(DSA_bits(dsa), 2048);

    /* Sign */
    AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
    /* Verify. */
    AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer),
                WOLFSSL_SUCCESS);

    /* Test wolfSSL_EVP_PKEY_set1_DSA */
    /* Should Fail: set1Pkey not initialized */
    AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);

    /* Initialize set1Pkey */
    set1Pkey = EVP_PKEY_new();

    /* Should Fail Verify: setDsa not initialized from set1Pkey */
    AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
                WOLFSSL_SUCCESS);

    /* Should Pass: set dsa into set1Pkey */
    AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
    printf(resultFmt, passed);

    DSA_free(dsa);
    DSA_free(setDsa);
    EVP_PKEY_free(pkey);
    EVP_PKEY_free(set1Pkey);
#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
} /* END test_EVP_PKEY_set1_get1_DSA */

static void test_wolfSSL_DSA_SIG(void)
{
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
    !defined(HAVE_FIPS)
    DSA          *dsa  = NULL;
    DSA          *dsa2 = NULL;
    DSA_SIG      *sig  = NULL;
    const BIGNUM *p    = NULL;
    const BIGNUM *q    = NULL;
    const BIGNUM *g    = NULL;
    const BIGNUM *pub  = NULL;
    const BIGNUM *priv = NULL;
    const byte digest[WC_SHA_DIGEST_SIZE] = {0};

    printf(testingFmt, "wolfSSL_DSA_SIG");

    AssertNotNull(dsa = DSA_generate_parameters(2048,
            NULL, 0, NULL, NULL, NULL, NULL));
    DSA_free(dsa);
    AssertNotNull(dsa = DSA_new());
    AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048,
            NULL, 0, NULL, NULL, NULL), 1);
    AssertIntEQ(DSA_generate_key(dsa), 1);
    DSA_get0_pqg(dsa, &p, &q, &g);
    DSA_get0_key(dsa, &pub, &priv);
    AssertNotNull(p    = BN_dup(p));
    AssertNotNull(q    = BN_dup(q));
    AssertNotNull(g    = BN_dup(g));
    AssertNotNull(pub  = BN_dup(pub));
    AssertNotNull(priv = BN_dup(priv));

    AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
    AssertNotNull(dsa2 = DSA_new());
    AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1);
    AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1);
    AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);

    printf(resultFmt, passed);

    DSA_free(dsa);
    DSA_free(dsa2);
    DSA_SIG_free(sig);
#endif
}

static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
{
#ifdef HAVE_ECC
    WOLFSSL_EC_KEY  *ecKey  = NULL;
    WOLFSSL_EC_KEY  *ecGet1  = NULL;
    EVP_PKEY  *pkey = NULL;

    printf(testingFmt,
           "wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY");
    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());

    /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
    /* Should fail since ecKey is empty */
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);

    /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
    AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL));
    AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey));

    wolfSSL_EC_KEY_free(ecKey);
    wolfSSL_EC_KEY_free(ecGet1);
    EVP_PKEY_free(pkey);

    /* PASSED */
    printf(resultFmt, passed);
#endif /* HAVE_ECC */
} /* END test_EVP_PKEY_set1_get1_EC_KEY */

static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
    DH       *dh    = NULL;
    DH       *setDh = NULL;
    EVP_PKEY *pkey  = NULL;

    FILE* f = NULL;
    unsigned char buf[4096];
    const unsigned char* pt = buf;
    const char* dh2048 = "./certs/dh2048.der";
    long len = 0;
    int code = -1;

    printf(testingFmt,"wolfSSL_EVP_PKEY_set1_DH and wolfSSL_EVP_PKEY_get1_DH");

    XMEMSET(buf, 0, sizeof(buf));

    f = XFOPEN(dh2048, "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    /* Load dh2048.der into DH with internal format */
    AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len));

    AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS);
    AssertIntEQ(code, 0);
    code = -1;

    pkey = wolfSSL_EVP_PKEY_new();

    /* Set DH into PKEY */
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);

    /* Get DH from PKEY */
    AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey));

    AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS);
    AssertIntEQ(code, 0);

    EVP_PKEY_free(pkey);
    DH_free(setDh);
    DH_free(dh);
    printf(resultFmt, passed);
#endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
} /* END test_EVP_PKEY_set1_get1_DH */

static void test_wolfSSL_CTX_ctrl(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    char caFile[] = "./certs/client-ca.pem";
    char clientFile[] = "./certs/client-cert.pem";
    SSL_CTX* ctx;
    X509* x509 = NULL;
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
    byte buf[6000];
    char file[] = "./certs/dsaparams.pem";
    XFILE f;
    int  bytes;
    BIO* bio;
    DSA* dsa;
    DH*  dh;
#endif
#ifdef HAVE_ECC
    WOLFSSL_EC_KEY* ecKey;
#endif
    printf(testingFmt, "wolfSSL_CTX_ctrl");

    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));

    x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);
    AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);

    x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);

#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
    /* Initialize DH */
    f = XFOPEN(file, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    bio = BIO_new_mem_buf((void*)buf, bytes);
    AssertNotNull(bio);

    dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
    AssertNotNull(dsa);

    dh = wolfSSL_DSA_dup_DH(dsa);
    AssertNotNull(dh);
#endif
#ifdef HAVE_ECC
    /* Initialize WOLFSSL_EC_KEY */
    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1);
#endif

#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
    /* additional test of getting EVP_PKEY key size from X509
     * Do not run with user RSA because wolfSSL_RSA_size is not currently
     * allowed with user RSA */
    {
        EVP_PKEY* pkey;
#if defined(HAVE_ECC)
        X509* ecX509;
#endif /* HAVE_ECC */

        AssertNotNull(pkey = X509_get_pubkey(x509));
        /* current RSA key is 2048 bit (256 bytes) */
        AssertIntEQ(EVP_PKEY_size(pkey), 256);

        EVP_PKEY_free(pkey);

#if defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
        AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
                      cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
                      SSL_FILETYPE_ASN1));
#else
        AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
                      cliEccCertFile, SSL_FILETYPE_PEM));
#endif
        AssertNotNull(pkey = X509_get_pubkey(ecX509));
        /* current ECC key is 256 bit (32 bytes) */
        AssertIntEQ(EVP_PKEY_size(pkey), 32);

        X509_free(ecX509);
        EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
    }
#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */

    /* Tests should fail with passed in NULL pointer */
    AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL),
                SSL_FAILURE);
#if !defined(NO_DH) && !defined(NO_DSA)
    AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL),
                SSL_FAILURE);
#endif
#ifdef HAVE_ECC
    AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL),
                SSL_FAILURE);
#endif

    /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
     * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert
     */
    AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509),
                SSL_SUCCESS);

    /* Test with SSL_CTRL_OPTIONS
     * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options
     */
    AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL)
               == SSL_OP_NO_TLSv1);
    AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);

    /* Test with SSL_CTRL_SET_TMP_DH
     * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh
     */
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
    AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh),
                SSL_SUCCESS);
#endif

    /* Test with SSL_CTRL_SET_TMP_ECDH
     * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh
     */
#ifdef HAVE_ECC
    AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey),
                SSL_SUCCESS);
#endif

#ifdef WOLFSSL_ENCRYPTED_KEYS
    AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
    AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
#endif

     /* Test for min/max proto */
     #ifndef WOLFSSL_NO_TLS12
     AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
                                           0, NULL), SSL_SUCCESS);
     AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
                                           TLS1_2_VERSION, NULL), SSL_SUCCESS);
     AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);

     #endif
     #ifdef WOLFSSL_TLS13
     AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
                                           0, NULL), SSL_SUCCESS);

     AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
                                           TLS1_3_VERSION, NULL), SSL_SUCCESS);
     AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION);
     #ifndef WOLFSSL_NO_TLS12
     AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
                                           TLS1_2_VERSION, NULL), SSL_SUCCESS);
     AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION);
     #endif
     #endif
    /* Cleanup and Pass */
#if !defined(NO_DH) && !defined(NO_DSA)
#ifndef NO_BIO
    BIO_free(bio);
    DSA_free(dsa);
    DH_free(dh);
#endif
#endif
#ifdef HAVE_ECC
    wolfSSL_EC_KEY_free(ecKey);
#endif
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
          !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}

static void test_wolfSSL_DH_check(void)
{
#if !defined(NO_DH) && !defined(NO_DSA)
#ifndef NO_BIO
    byte buf[6000];
    char file[] = "./certs/dsaparams.pem";
    XFILE f;
    int  bytes;
    BIO* bio;
    DSA* dsa;
    DH*  dh = NULL;
    WOLFSSL_BIGNUM* pTmp = NULL;
    WOLFSSL_BIGNUM* gTmp = NULL;
    int codes = -1;

    printf(testingFmt, "wolfSSL_DH_check");

    /* Initialize DH */
    f = XFOPEN(file, "rb");
    AssertTrue((f != XBADFILE));
    bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    bio = BIO_new_mem_buf((void*)buf, bytes);
    AssertNotNull(bio);

    dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
    AssertNotNull(dsa);

    dh = wolfSSL_DSA_dup_DH(dsa);
    AssertNotNull(dh);

    /* Test assumed to be valid dh.
     * Should return WOLFSSL_SUCCESS
     * codes should be 0
     * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
     */
    AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_SUCCESS);
    AssertIntEQ(codes, 0);

    /* Test NULL dh: expected BAD_FUNC_ARG */
    AssertIntEQ(wolfSSL_DH_check(NULL, &codes), WOLFSSL_FAILURE);

    /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
    pTmp = dh->p;
    dh->p  = NULL;
    AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
    AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME);
    /* set dh->p back to normal so it wont fail on next tests */
    dh->p = pTmp;
    pTmp = NULL;

    /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
    gTmp = dh->g;
    dh->g = NULL;
    AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
    AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
    dh->g = gTmp;
    gTmp = NULL;

    /* Cleanup and Pass Test */
    BIO_free(bio);
    DSA_free(dsa);
    DH_free(dh);
    printf(resultFmt, passed);
#endif
#endif /* !NO_DH  && !NO_DSA */
}

static void test_wolfSSL_EVP_PKEY_assign(void)
{
#if defined(OPENSSL_ALL)
    int type;
    WOLFSSL_EVP_PKEY* pkey;
#ifndef NO_RSA
    WOLFSSL_RSA* rsa;
#endif
#ifndef NO_DSA
    WOLFSSL_DSA* dsa;
#endif
#ifdef HAVE_ECC
    WOLFSSL_EC_KEY* ecKey;
#endif

    (void)pkey;

    printf(testingFmt, "wolfSSL_EVP_PKEY_assign");
#ifndef NO_RSA
    type = EVP_PKEY_RSA;
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertNotNull(rsa = wolfSSL_RSA_new());
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa),  WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa),    WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa),  WOLFSSL_SUCCESS);
    wolfSSL_EVP_PKEY_free(pkey);
#endif /* NO_RSA */

#ifndef NO_DSA
    type = EVP_PKEY_DSA;
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertNotNull(dsa = wolfSSL_DSA_new());
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa),  WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa),    WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa),  WOLFSSL_SUCCESS);
    wolfSSL_EVP_PKEY_free(pkey);
#endif /* NO_DSA */

#ifdef HAVE_ECC
    type = EVP_PKEY_EC;
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL),  WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey),   WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey),   WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
    wolfSSL_EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */

    (void)type;

    printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_EVP_PKEY_base_id(void)
{
#if defined(OPENSSL_ALL)
    WOLFSSL_EVP_PKEY* pkey;

    printf(testingFmt, "wolfSSL_EVP_PKEY_base_id");

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());

    AssertIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef);

    AssertIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA);

    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_id(void)
{
#if defined(OPENSSL_ALL)
    WOLFSSL_EVP_PKEY* pkey;

    printf(testingFmt, "wolfSSL_EVP_PKEY_id");

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());

    AssertIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0);

    AssertIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA);

    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_keygen(void)
{
#if defined(OPENSSL_ALL)
    WOLFSSL_EVP_PKEY*   pkey;
    EVP_PKEY_CTX        *ctx;

    printf(testingFmt, "wolfSSL_EVP_PKEY_keygen");

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));

    /* Bad cases */
    AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);

    /* Good case */
    AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);


    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_keygen_init(void)
{
#if defined(OPENSSL_ALL)
    WOLFSSL_EVP_PKEY*   pkey;
    EVP_PKEY_CTX        *ctx;

    printf(testingFmt, "wolfSSL_EVP_PKEY_keygen_init");

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));

    AssertIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);


    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_missing_parameters(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
    WOLFSSL_EVP_PKEY* pkey;

    printf(testingFmt, "wolfSSL_EVP_PKEY_missing_parameters");

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());

    AssertIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0);

    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void)
{
#if defined(OPENSSL_ALL)
    WOLFSSL_EVP_PKEY*   pkey;
    EVP_PKEY_CTX        *ctx;
    int                 bits = 2048;


    printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits");

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));

    AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits),
                WOLFSSL_SUCCESS);


    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_EVP_CIPHER_CTX_iv_length(void)
{
#if defined(OPENSSL_ALL)

    /* This is large enough to be used for all key sizes */
    byte key[AES_256_KEY_SIZE] = {0};
    byte iv[AES_BLOCK_SIZE] = {0};
    int i, enumlen;
    EVP_CIPHER_CTX *ctx;
    const EVP_CIPHER *init;

    int enumArray[] = {

    #ifdef HAVE_AES_CBC
         NID_aes_128_cbc,
    #endif
    #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
    #ifdef HAVE_AESGCM
         NID_aes_128_gcm,
    #endif
    #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
    #ifdef WOLFSSL_AES_COUNTER
         NID_aes_128_ctr,
    #endif
    #ifndef NO_DES3
         NID_des_cbc,
         NID_des_ede3_cbc,
    #endif
    #ifdef HAVE_IDEA
         NID_idea_cbc,
    #endif
    };
    int iv_lengths[] = {

    #ifdef HAVE_AES_CBC
         AES_BLOCK_SIZE,
    #endif
    #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
    #ifdef HAVE_AESGCM
         GCM_NONCE_MID_SZ,
    #endif
    #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
    #ifdef WOLFSSL_AES_COUNTER
         AES_BLOCK_SIZE,
    #endif
    #ifndef NO_DES3
         DES_BLOCK_SIZE,
         DES_BLOCK_SIZE,
    #endif
    #ifdef HAVE_IDEA
         IDEA_BLOCK_SIZE,
    #endif
    };


    printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_iv_length");
    enumlen = (sizeof(enumArray)/sizeof(int));
    for(i = 0; i < enumlen; i++)
    {
        ctx = EVP_CIPHER_CTX_new();
        init = wolfSSL_EVP_get_cipherbynid(enumArray[i]);

        wolfSSL_EVP_CIPHER_CTX_init(ctx);
        AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

        AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]);

        EVP_CIPHER_CTX_free(ctx);
    }

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3)
    byte key[AES_256_KEY_SIZE] = {0};
    byte iv[AES_BLOCK_SIZE] = {0};
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    const EVP_CIPHER *init = EVP_des_ede3_cbc();

    printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_key_length");


    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), 24);

    EVP_CIPHER_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_set_key_length(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3)
    byte key[AES_256_KEY_SIZE] = {0};
    byte iv[AES_BLOCK_SIZE] = {0};
    int keylen;
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    const EVP_CIPHER *init = EVP_des_ede3_cbc();

    printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_key_length");



    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    keylen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);

    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen),
                 WOLFSSL_SUCCESS);

    EVP_CIPHER_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(NO_DES3)
    byte key[DES3_KEY_SIZE] = {0};
    byte iv[DES_BLOCK_SIZE] = {0};
    int ivLen, keyLen;
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    const EVP_CIPHER *init = EVP_des_ede3_cbc();

    printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_iv");

    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
    keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);

    /* Bad cases */
    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), WOLFSSL_FAILURE);

    /* Good case */
    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);


    EVP_CIPHER_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_CTX_new_id(void)
{
#if defined(OPENSSL_ALL)
    WOLFSSL_ENGINE* e = NULL;
    int id = 0;
    EVP_PKEY_CTX *ctx;

    printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_new_id");

    AssertNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e));

    EVP_PKEY_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_rc4(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RC4)

    printf(testingFmt, "wolfSSL_EVP_rc4");

    AssertNotNull(wolfSSL_EVP_rc4());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_enc_null(void)
{
#if defined(OPENSSL_ALL)

    printf(testingFmt, "wolfSSL_EVP_enc_null");

    AssertNotNull(wolfSSL_EVP_enc_null());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_rc2_cbc(void)
{
#if defined(OPENSSL_ALL) && defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)

    printf(testingFmt, "wolfSSL_EVP_rc2_cbc");

    AssertNull(wolfSSL_EVP_rc2_cbc());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_mdc2(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)

    printf(testingFmt, "wolfSSL_EVP_mdc2");

    AssertNull(wolfSSL_EVP_mdc2());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_md4(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_MD4)

    printf(testingFmt, "wolfSSL_EVP_md4");

    AssertNotNull(wolfSSL_EVP_md4());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_aes_256_gcm(void)
{
#if defined(OPENSSL_ALL)

    printf(testingFmt, "wolfSSL_EVP_aes_256_gcm");

    AssertNotNull(wolfSSL_EVP_aes_256_gcm());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_aes_192_gcm(void)
{
#if defined(OPENSSL_ALL)

    printf(testingFmt, "wolfSSL_EVP_aes_192_gcm");

    AssertNotNull(wolfSSL_EVP_aes_192_gcm());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_ripemd160(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)

    printf(testingFmt, "wolfSSL_EVP_ripemd160");

    AssertNull(wolfSSL_EVP_ripemd160());

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_get_digestbynid(void)
{
#if defined(OPENSSL_ALL)

    printf(testingFmt, "wolfSSL_EVP_get_digestbynid");

#ifndef NO_MD5
    AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
#endif
    AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
    AssertNull(wolfSSL_EVP_get_digestbynid(0));

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_MD_nid(void)
{
#if defined(OPENSSL_ALL)

    printf(testingFmt, "wolfSSL_EVP_MD_nid");

#ifndef NO_MD5
    AssertIntEQ(EVP_MD_nid(EVP_md5()), NID_md5);
#endif
#ifndef NO_SHA
    AssertIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1);
#endif
#ifndef NO_SHA256
    AssertIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256);
#endif
    AssertIntEQ(EVP_MD_nid(NULL), NID_undef);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_get0_EC_KEY(void)
{
#if defined(HAVE_ECC) && defined(OPENSSL_ALL)
    WOLFSSL_EVP_PKEY*   pkey;

    printf(testingFmt, "wolfSSL_EVP_PKEY_get0_EC_KEY");

    AssertNotNull(pkey = EVP_PKEY_new());
    AssertNull(EVP_PKEY_get0_EC_KEY(pkey));
    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_X_STATE(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4)

    byte key[DES3_KEY_SIZE] = {0};
    byte iv[DES_IV_SIZE] = {0};
    EVP_CIPHER_CTX *ctx;
    const EVP_CIPHER *init;

    printf(testingFmt, "wolfSSL_EVP_X_STATE");

    /* Bad test cases */
    ctx = EVP_CIPHER_CTX_new();
    init = EVP_des_ede3_cbc();

    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    AssertNull(wolfSSL_EVP_X_STATE(NULL));
    AssertNull(wolfSSL_EVP_X_STATE(ctx));
    EVP_CIPHER_CTX_free(ctx);

    /* Good test case */
    ctx = EVP_CIPHER_CTX_new();
    init = wolfSSL_EVP_rc4();

    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    AssertNotNull(wolfSSL_EVP_X_STATE(ctx));
    EVP_CIPHER_CTX_free(ctx);


    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_X_STATE_LEN(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4)

    byte key[DES3_KEY_SIZE] = {0};
    byte iv[DES_IV_SIZE] = {0};
    EVP_CIPHER_CTX *ctx;
    const EVP_CIPHER *init;

    printf(testingFmt, "wolfSSL_EVP_X_STATE_LEN");

    /* Bad test cases */
    ctx = EVP_CIPHER_CTX_new();
    init = EVP_des_ede3_cbc();

    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0);
    AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0);
    EVP_CIPHER_CTX_free(ctx);

    /* Good test case */
    ctx = EVP_CIPHER_CTX_new();
    init = wolfSSL_EVP_rc4();

    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4));
    EVP_CIPHER_CTX_free(ctx);



    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_EVP_CIPHER_block_size(void)
{
#if defined(OPENSSL_ALL)

#ifdef HAVE_AES_CBC
    #ifdef WOLFSSL_AES_128
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE);
    #endif
    #ifdef WOLFSSL_AES_192
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE);
    #endif
    #ifdef WOLFSSL_AES_256
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE);
    #endif
#endif

#ifdef HAVE_AES_GCM
    #ifdef WOLFSSL_AES_128
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1);
    #endif
    #ifdef WOLFSSL_AES_192
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1);
    #endif
    #ifdef WOLFSSL_AES_256
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1);
    #endif
#endif

#ifdef WOLFSSL_AES_COUNTER
    #ifdef WOLFSSL_AES_128
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1);
    #endif
    #ifdef WOLFSSL_AES_192
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1);
    #endif
    #ifdef WOLFSSL_AES_256
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1);
    #endif
#endif

#ifdef HAVE_AES_ECB
    #ifdef WOLFSSL_AES_128
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE);
    #endif
    #ifdef WOLFSSL_AES_192
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE);
    #endif
    #ifdef WOLFSSL_AES_256
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE);
    #endif
#endif

#ifdef WOLFSSL_AES_OFB
    #ifdef WOLFSSL_AES_128
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1);
    #endif
    #ifdef WOLFSSL_AES_192
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1);
    #endif
    #ifdef WOLFSSL_AES_256
    AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1);
    #endif
#endif

#ifndef NO_RC4
    AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1);
#endif

#endif /* OPENSSL_ALL */
}

static void test_wolfSSL_EVP_CIPHER_iv_length(void)
{
#if defined(OPENSSL_ALL)
    int i, enumlen;


    int enumArray[] = {
    #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
    #ifdef WOLFSSL_AES_128
        NID_aes_128_cbc,
    #endif
    #ifdef WOLFSSL_AES_192
        NID_aes_192_cbc,
    #endif
    #ifdef WOLFSSL_AES_256
        NID_aes_256_cbc,
    #endif
    #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
    #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
    #ifdef HAVE_AESGCM
        #ifdef WOLFSSL_AES_128
            NID_aes_128_gcm,
        #endif
        #ifdef WOLFSSL_AES_192
            NID_aes_192_gcm,
        #endif
        #ifdef WOLFSSL_AES_256
            NID_aes_256_gcm,
        #endif
    #endif /* HAVE_AESGCM */
    #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
    #ifdef WOLFSSL_AES_COUNTER
    #ifdef WOLFSSL_AES_128
         NID_aes_128_ctr,
    #endif
    #ifdef WOLFSSL_AES_192
        NID_aes_192_ctr,
    #endif
    #ifdef WOLFSSL_AES_256
        NID_aes_256_ctr,
    #endif
    #endif
    #ifndef NO_DES3
         NID_des_cbc,
         NID_des_ede3_cbc,
    #endif
    #ifdef HAVE_IDEA
         NID_idea_cbc,
    #endif
    };

    int iv_lengths[] = {
    #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
    #ifdef WOLFSSL_AES_128
            AES_BLOCK_SIZE,
    #endif
    #ifdef WOLFSSL_AES_192
            AES_BLOCK_SIZE,
    #endif
    #ifdef WOLFSSL_AES_256
            AES_BLOCK_SIZE,
    #endif
    #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
    #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
    #ifdef HAVE_AESGCM
        #ifdef WOLFSSL_AES_128
            GCM_NONCE_MID_SZ,
        #endif
        #ifdef WOLFSSL_AES_192
            GCM_NONCE_MID_SZ,
        #endif
        #ifdef WOLFSSL_AES_256
            GCM_NONCE_MID_SZ,
        #endif
    #endif /* HAVE_AESGCM */
    #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
    #ifdef WOLFSSL_AES_COUNTER
    #ifdef WOLFSSL_AES_128
            AES_BLOCK_SIZE,
    #endif
    #ifdef WOLFSSL_AES_192
            AES_BLOCK_SIZE,
    #endif
    #ifdef WOLFSSL_AES_256
            AES_BLOCK_SIZE,
    #endif
    #endif
    #ifndef NO_DES3
            DES_BLOCK_SIZE,
            DES_BLOCK_SIZE,
    #endif
    #ifdef HAVE_IDEA
            IDEA_BLOCK_SIZE,
    #endif
    };

    printf(testingFmt, "wolfSSL_EVP_CIPHER_iv_length");
    enumlen = (sizeof(enumArray)/sizeof(int));
    for(i = 0; i < enumlen; i++)
    {
        const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]);
        AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
    }

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_SignInit_ex(void)
{
#if defined(OPENSSL_ALL)
    WOLFSSL_EVP_MD_CTX  mdCtx;
    WOLFSSL_ENGINE*     e = 0;
    const               EVP_MD* md;
                        md = "SHA256";

    printf(testingFmt, "wolfSSL_EVP_SignInit_ex");

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_DigestFinal_ex(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_SHA256)
    WOLFSSL_EVP_MD_CTX  mdCtx;
    unsigned int        s = 0;
    unsigned char       md[WC_SHA256_DIGEST_SIZE];
    unsigned char       md2[WC_SHA256_DIGEST_SIZE];


    printf(testingFmt, "wolfSSL_EVP_DigestFinal_ex");


    /* Bad Case */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

#else

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);

#endif

    /* Good Case */
    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);


    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_assign_DH(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DH) && \
 !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
    FILE*                   f = NULL;
    unsigned char           buf[4096];
    const unsigned char*    pt = buf;
    const char*             params1 = "./certs/dh2048.der";
    long                    len = 0;
    WOLFSSL_DH*             dh = NULL;
    WOLFSSL_EVP_PKEY*       pkey;
    XMEMSET(buf, 0, sizeof(buf));


    f = XFOPEN(params1, "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);


    printf(testingFmt, "wolfSSL_EVP_PKEY_assign_DH");

    AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
    AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());

    /* Bad cases */
    AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);

    /* Good case */
    AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);


    EVP_PKEY_free(pkey);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_QT_EVP_PKEY_CTX_free(void)
{
#if defined(OPENSSL_EXTRA)
    EVP_PKEY*       pkey;
    EVP_PKEY_CTX*   ctx;

    printf(testingFmt, "test_wolfSSL_QT_EVP_PKEY_CTX_free");

    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));

    #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
        /* void */
        EVP_PKEY_CTX_free(ctx);
        AssertTrue(1);
    #else
        /* int */
        AssertIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS);
    #endif

    EVP_PKEY_free(pkey);
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_param_check(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)

    DH       *dh    = NULL;
    DH       *setDh = NULL;
    EVP_PKEY *pkey  = NULL;
    EVP_PKEY_CTX*   ctx = NULL;

    FILE* f = NULL;
    unsigned char buf[512];
    const unsigned char* pt = buf;
    const char* dh2048 = "./certs/dh2048.der";
    long len = 0;
    int code = -1;

    printf(testingFmt, "test_wolfSSL_EVP_PKEY_param_check");

    XMEMSET(buf, 0, sizeof(buf));

    f = XFOPEN(dh2048, "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    /* Load dh2048.der into DH with internal format */
    AssertNotNull(setDh = d2i_DHparams(NULL, &pt, len));
    AssertIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS);
    AssertIntEQ(code, 0);
    code = -1;

    pkey = wolfSSL_EVP_PKEY_new();
    /* Set DH into PKEY */
    AssertIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
    /* create ctx from pkey */
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
    AssertIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */);

    /*                    */
    /* TO DO invlaid case */
    /*                    */

    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(pkey);
    DH_free(setDh);
    DH_free(dh);

    printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_EVP_BytesToKey(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_AES) && defined(HAVE_AES_CBC)
    byte                key[AES_BLOCK_SIZE] = {0};
    byte                iv[AES_BLOCK_SIZE] = {0};
    int                 sz = 5;
    int                 count = 0;
    const               EVP_MD* md;
                        md = "SHA256";
    const EVP_CIPHER    *type;
    const unsigned char *salt = (unsigned char *)"salt1234";
    const byte data[] = {
        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
        0x72,0x6c,0x64
    };

    type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);

    printf(testingFmt, "EVP_BytesToKey");

    /* Bad cases */
    AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
                 0);
    AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
                16);
    md = "2";
    AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
                 WOLFSSL_FAILURE);

    /* Good case */
    md = "SHA256";
    AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
                 16);

    printf(resultFmt, passed);
#endif
}
static void test_IncCtr(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(HAVE_FIPS)
    byte key[AES_128_KEY_SIZE] = {0};
    byte iv[GCM_NONCE_MID_SZ] = {0};
    int type = EVP_CTRL_GCM_IV_GEN;
    int arg = 0;
    void *ptr = NULL;

    printf(testingFmt, "IncCtr");

    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    const EVP_CIPHER *init = EVP_aes_128_gcm();

    AssertNotNull(ctx);
    wolfSSL_EVP_CIPHER_CTX_init(ctx);
    AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);

    AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_ctrl(ctx, type, arg, ptr), WOLFSSL_SUCCESS);

    EVP_CIPHER_CTX_free(ctx);
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OBJ_ln(void)
{
    const int nid_set[] = {
            NID_commonName,
            NID_serialNumber,
            NID_countryName,
            NID_localityName,
            NID_stateOrProvinceName,
            NID_organizationName,
            NID_organizationalUnitName,
            NID_domainComponent,
            NID_businessCategory,
            NID_jurisdictionCountryName,
            NID_jurisdictionStateOrProvinceName,
            NID_emailAddress
    };
    const char* ln_set[] = {
            "commonName",
            "serialNumber",
            "countryName",
            "localityName",
            "stateOrProvinceName",
            "organizationName",
            "organizationalUnitName",
            "domainComponent",
            "businessCategory",
            "jurisdictionCountryName",
            "jurisdictionStateOrProvinceName",
            "emailAddress",
    };
    size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);

    printf(testingFmt, "wolfSSL_OBJ_ln");

    AssertIntEQ(OBJ_ln2nid(NULL), NID_undef);

#ifdef HAVE_ECC
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    {
        size_t nCurves = 27;
        EC_builtin_curve r[nCurves];
        nCurves = EC_get_builtin_curves(r,nCurves);

        for (i = 0; i < nCurves; i++) {
            /* skip ECC_CURVE_INVALID */
            if (r[i].nid != ECC_CURVE_INVALID) {
                AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
                AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment);
            }
        }
    }
#endif
#endif

    for (i = 0; i < maxIdx; i++) {
        AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]);
        AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]);
    }

    printf(resultFmt, passed);
}

static void test_wolfSSL_OBJ_sn(void)
{
    int i = 0, maxIdx = 7;
    const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName,
                           NID_stateOrProvinceName,NID_organizationName,
                           NID_organizationalUnitName,NID_emailAddress};
    const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
    const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
                                WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
                                WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
                                WOLFSSL_EMAIL_ADDR};

    printf(testingFmt, "wolfSSL_OBJ_sn");

    AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
    for (i = 0; i < maxIdx; i++) {
        AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
        AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
    }

    printf(resultFmt, passed);
}

#if !defined(NO_BIO)
static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
{
    return lh_strhash(s[3]);
}

static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
{
    return XSTRCMP(a[3], b[3]);
}
#endif

static void test_wolfSSL_TXT_DB(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
    BIO *bio;
    TXT_DB *db = NULL;
    const int columns = 6;
    const char *fields[6] = {
        "V",
        "320926161116Z",
        "",
        "12BD",
        "unknown",
        "/CN=rsa doe",
    };
    char** fields_copy;

    printf(testingFmt, "wolfSSL_TXT_DB");

    /* Test read */
    AssertNotNull(bio = BIO_new(BIO_s_file()));
    AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
    AssertNotNull(db = TXT_DB_read(bio, columns));
    AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
            DYNAMIC_TYPE_OPENSSL));
    XMEMCPY(fields_copy, fields, sizeof(fields));
    AssertIntEQ(TXT_DB_insert(db, fields_copy), 1);
    BIO_free(bio);

    /* Test write */
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(TXT_DB_write(bio, db), 1484);
    BIO_free(bio);

    /* Test index */
    AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
            (wolf_sk_compare_cb)TXT_DB_cmp), 1);
    AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
    fields[3] = "12DA";
    AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
    fields[3] = "FFFF";
    AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
    fields[3] = "";
    AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));

    TXT_DB_free(db);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_NCONF(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
    const char* confFile = "./tests/NCONF_test.cnf";
    CONF* conf = NULL;
    long eline = 0;
    long num = 0;

    printf(testingFmt, "wolfSSL_NCONF");

    AssertNotNull(conf = NCONF_new(NULL));

    AssertIntEQ(NCONF_load(conf, confFile, &eline), 1);
    AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
    AssertIntEQ(num, 1234);
    AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
    AssertIntEQ(num, 4321);
    AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
    AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
            "./test-dir/file1");
    AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"),
            "./test-dir/file1:./test-dir/file2:./section1:file2");

    NCONF_free(conf);

    printf(resultFmt, passed);
#endif
}
#endif /* OPENSSL_ALL */

static void test_wolfSSL_EC_KEY_set_group(void)
{
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
    defined(OPENSSL_EXTRA)
    EC_KEY   *key    = NULL;
    EC_GROUP *group  = NULL;
    const EC_GROUP *group2 = NULL;

    printf(testingFmt, "wolfSSL_EC_KEY_dup()");

    AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
    AssertNotNull(key = EC_KEY_new());
    AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
    AssertNotNull(group2 = EC_KEY_get0_group(key));
    AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);

    EC_GROUP_free(group);
    EC_KEY_free(key);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509V3_EXT_get(void) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
    FILE* f;
    int numOfExt =0;
    int extNid = 0;
    int i = 0;
    WOLFSSL_X509* x509;
    WOLFSSL_X509_EXTENSION* ext;
    const WOLFSSL_v3_ext_method* method;

    AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
    fclose(f);

    printf(testingFmt, "wolfSSL_X509V3_EXT_get() return struct and nid test");
    AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
    for (i = 0; i < numOfExt; i++) {
        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
        AssertIntNE((extNid = ext->obj->nid), NID_undef);
        AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
        AssertIntEQ(method->ext_nid, extNid);
    }
    printf(resultFmt, "passed");

    printf(testingFmt, "wolfSSL_X509V3_EXT_get() NULL argument test");
    AssertNull(method = wolfSSL_X509V3_EXT_get(NULL));
    printf(resultFmt, "passed");

    wolfSSL_X509_free(x509);
#endif
}

static void test_wolfSSL_X509V3_EXT_nconf(void)
{
#if defined (OPENSSL_ALL)
    const char *ext_names[] = {
        "subjectKeyIdentifier",
        "authorityKeyIdentifier",
        "subjectAltName",
        "keyUsage",
    };
    size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names);
    int ext_nids[] = {
        NID_subject_key_identifier,
        NID_authority_key_identifier,
        NID_subject_alt_name,
        NID_key_usage,
    };
    size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids);
    const char *ext_values[] = {
        "hash",
        "hash",
        "DNS:example.com, IP:127.0.0.1",
        "digitalSignature,keyEncipherment,dataEncipherment",
    };
    size_t i;

    printf(testingFmt, "wolfSSL_X509V3_EXT_nconf()");

    for (i = 0; i < ext_names_count; i++) {
        X509_EXTENSION* ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i],
                ext_values[i]);
        AssertNotNull(ext);
        X509_EXTENSION_free(ext);
    }

    for (i = 0; i < ext_nids_count; i++) {
        X509_EXTENSION* ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i],
                ext_values[i]);
        AssertNotNull(ext);
        X509_EXTENSION_free(ext);
    }

    printf(resultFmt, "passed");
#endif
}

static void test_wolfSSL_X509V3_EXT(void) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
    FILE* f;
    int numOfExt = 0, nid = 0, i = 0, expected, actual;
    char* str;
    unsigned char* data;
    const WOLFSSL_v3_ext_method* method;
    WOLFSSL_X509* x509;
    WOLFSSL_X509_EXTENSION* ext;
    WOLFSSL_X509_EXTENSION* ext2;
    WOLFSSL_ASN1_OBJECT *obj, *adObj;
    WOLFSSL_ASN1_STRING* asn1str;
    WOLFSSL_AUTHORITY_KEYID* aKeyId;
    WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
    WOLFSSL_BASIC_CONSTRAINTS* bc;
    WOLFSSL_ACCESS_DESCRIPTION* ad;
    WOLFSSL_GENERAL_NAME* gn;

    printf(testingFmt, "wolfSSL_X509V3_EXT_d2i()");

    /* Check NULL argument */
    AssertNull(wolfSSL_X509V3_EXT_d2i(NULL));

    /* Using OCSP cert with X509V3 extensions */
    AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
    fclose(f);

    AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);

    /* Basic Constraints */
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
    AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
    AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
    AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));

    AssertIntEQ(bc->ca, 1);
    AssertNull(bc->pathlen);
    wolfSSL_BASIC_CONSTRAINTS_free(bc);
    i++;

    /* Subject Key Identifier */
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
    AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
    AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);

    AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
    AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
                                                asn1str));
    X509_EXTENSION_free(ext2);
    AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
    AssertNotNull(method->i2s);
    AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
    wolfSSL_ASN1_STRING_free(asn1str);
    actual = strcmp(str,
                 "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
    AssertIntEQ(actual, 0);
    XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    i++;

    /* Authority Key Identifier */
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
    AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
    AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);

    AssertNotNull(aKeyId =
                         (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext));
    AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
    AssertNotNull(asn1str = aKeyId->keyid);
    AssertNotNull(str =
              wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str));
    actual = strcmp(str,
                 "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
    AssertIntEQ(actual, 0);
    XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    wolfSSL_AUTHORITY_KEYID_free(aKeyId);
    i++;

    /* Key Usage */
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
    AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
    AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);

    AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
    #if defined(WOLFSSL_QT)
    AssertNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
    #else
    AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
    #endif
    expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
#ifdef BIG_ENDIAN_ORDER
    actual = data[1];
#else
    actual = data[0];
#endif
    AssertIntEQ(actual, expected);
    wolfSSL_ASN1_STRING_free(asn1str);
#if 1
    i++;

    /* Authority Info Access */
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
    AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
    AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
    AssertNotNull(aia =
                   (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext));
#if defined(WOLFSSL_QT)
    AssertIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
#else
    AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
#endif
    /* URI entry is an ACCESS_DESCRIPTION type */
#if defined(WOLFSSL_QT)
    AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0));
#else
    AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0));
#endif
    AssertNotNull(adObj = ad->method);
    /* Make sure nid is OCSP */
    AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP);

    /* GENERAL_NAME stores URI as an ASN1_STRING */
    AssertNotNull(gn = ad->location);
    AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
    AssertNotNull(asn1str = gn->d.uniformResourceIdentifier);
    AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
    #if defined(WOLFSSL_QT)
    str = (char*)ASN1_STRING_get0_data(asn1str);
    #else
    str = (char*)wolfSSL_ASN1_STRING_data(asn1str);
    #endif
    actual = strcmp(str, "http://127.0.0.1:22220");
    AssertIntEQ(actual, 0);

    wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
#else
    (void) aia; (void) ad; (void) adObj; (void) gn;
#endif
    wolfSSL_X509_free(x509);
    printf(resultFmt, "passed");
#endif
}

static void test_wolfSSL_X509_get_extension_flags(void)
{
#ifdef OPENSSL_ALL
    XFILE f;
    X509* x509;
    unsigned int extFlags;
    unsigned int keyUsageFlags;
    unsigned int extKeyUsageFlags;

    printf(testingFmt, "test_wolfSSL_X509_get_extension_flags");

    /* client-int-cert.pem has the following extension flags. */
    extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
    /* and the following key usage flags. */
    keyUsageFlags = KU_DIGITAL_SIGNATURE
                  | KU_NON_REPUDIATION
                  | KU_KEY_ENCIPHERMENT;
    /* and the following extended key usage flags. */
    extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME;

    f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb");
    AssertTrue(f != XBADFILE);
    AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
    XFCLOSE(f);
    AssertIntEQ(X509_get_extension_flags(x509), extFlags);
    AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
    AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags);
    X509_free(x509);

    /* client-cert-ext.pem has the following extension flags. */
    extFlags = EXFLAG_KUSAGE;
    /* and the following key usage flags. */
    keyUsageFlags = KU_DIGITAL_SIGNATURE
                  | KU_KEY_CERT_SIGN
                  | KU_CRL_SIGN;

    AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb"));
    AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
    XFCLOSE(f);
    AssertIntEQ(X509_get_extension_flags(x509), extFlags);
    AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
    X509_free(x509);

    printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}

static void test_wolfSSL_X509_get_ext(void){
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
    int ret = 0;
    FILE* f;
    WOLFSSL_X509* x509;
    WOLFSSL_X509_EXTENSION* foundExtension;

    AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
    fclose(f);
    AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);

    printf(testingFmt, "wolfSSL_X509_get_ext() valid input");
    AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
    printf(resultFmt, "passed");

    printf(testingFmt, "wolfSSL_X509_get_ext() valid x509, idx out of bounds");
    AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
    AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
    printf(resultFmt, "passed");

    printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, idx out of bounds");
    AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
    AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
    printf(resultFmt, "passed");

    printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, valid idx");
    AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
    printf(resultFmt, "passed");

    wolfSSL_X509_free(x509);
#endif
}

static void test_wolfSSL_X509_get_ext_by_NID(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
    int rc;
    FILE* f;
    WOLFSSL_X509* x509;

    AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
    fclose(f);

    rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
    AssertIntGE(rc, 0);

    /* Start search from last location (should fail) */
    rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc);
    AssertIntGE(rc, -1);

    rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2);
    AssertIntGE(rc, -1);

    rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1);
    AssertIntEQ(rc, -1);

    rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1);
    AssertIntEQ(rc, -1);

    wolfSSL_X509_free(x509);
#endif
}

static void test_wolfSSL_X509_get_ext_subj_alt_name(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
    int rc;
    XFILE f;
    WOLFSSL_X509* x509;
    WOLFSSL_X509_EXTENSION* ext;
    WOLFSSL_ASN1_STRING* sanString;
    byte* sanDer;

    const byte expectedDer[] = {
        0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
        0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01};

    printf(testingFmt, "test_wolfSSL_X509_get_ext_subj_alt_name");

    f = XFOPEN("./certs/server-cert.pem", "rb");
    AssertTrue(f != XBADFILE);
    AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
    fclose(f);

    rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1);
    AssertIntNE(rc, -1);
    AssertNotNull(ext = X509_get_ext(x509, rc));
    AssertNotNull(sanString = X509_EXTENSION_get_data(ext));
    AssertIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer));
    AssertNotNull(sanDer = ASN1_STRING_data(sanString));
    AssertIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0);

    X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_EXTENSION_new(void)
{
#if defined (OPENSSL_ALL)
    WOLFSSL_X509_EXTENSION* ext;

    AssertNotNull(ext = wolfSSL_X509_EXTENSION_new());
    AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
    ext->obj->nid = WOLFSSL_SUCCESS;
    AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid);

    wolfSSL_X509_EXTENSION_free(ext);
#endif
}

static void test_wolfSSL_X509_EXTENSION_get_object(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
    WOLFSSL_X509* x509;
    WOLFSSL_X509_EXTENSION* ext;
    WOLFSSL_ASN1_OBJECT* o;
    FILE* file;
    int nid = 0;

    AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
    fclose(file);

    printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() testing ext idx 0");
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
    AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
    AssertIntEQ(o->nid, 128);
    nid = o->nid;
    printf(resultFmt, nid == 128 ? passed : failed);

    printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() NULL argument");
    AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
    printf(resultFmt, passed);

    wolfSSL_X509_free(x509);
#endif
}

static void test_wolfSSL_X509_EXTENSION_get_data(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
    WOLFSSL_X509* x509;
    WOLFSSL_X509_EXTENSION* ext;
    WOLFSSL_ASN1_STRING* str;
    FILE* file;

    printf(testingFmt, "wolfSSL_X509_EXTENSION_get_data");

    AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
    fclose(file);
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));

    AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
    printf(resultFmt, passed);

    wolfSSL_X509_free(x509);
#endif
}

static void test_wolfSSL_X509_EXTENSION_get_critical(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
    WOLFSSL_X509* x509;
    WOLFSSL_X509_EXTENSION* ext;
    FILE* file;
    int crit;

    printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical");

    AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
    fclose(file);
    AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));

    crit = wolfSSL_X509_EXTENSION_get_critical(ext);
    AssertIntEQ(crit, 0);
    printf(resultFmt, passed);

    wolfSSL_X509_free(x509);
#endif
}

static void test_wolfSSL_X509V3_EXT_print(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \
    !defined(NO_RSA)
    printf(testingFmt, "wolfSSL_X509V3_EXT_print");

    {
        FILE* f;
        WOLFSSL_X509* x509;
        X509_EXTENSION * ext = NULL;
        int loc;
        BIO *bio = NULL;

        AssertNotNull(f = fopen(svrCertFile, "rb"));
        AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
        fclose(f);

        AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));

        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
        AssertIntGT(loc, -1);
        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);

        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
        AssertIntGT(loc, -1);
        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);

        loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
        AssertIntGT(loc, -1);
        AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
        AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);

        wolfSSL_BIO_free(bio);
        wolfSSL_X509_free(x509);
    }

    {
        X509 *x509;
        BIO *bio;
        X509_EXTENSION *ext;
        unsigned int i;
        unsigned int idx;
        /* Some NIDs to test with */
        int nids[] = {
                /* NID_key_usage, currently X509_get_ext returns this as a bit
                 * string, which messes up X509V3_EXT_print */
                /* NID_ext_key_usage, */
                NID_subject_alt_name,
        };
        int* n;

        AssertNotNull(bio = BIO_new_fp(stdout, BIO_NOCLOSE));

        AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
            WOLFSSL_FILETYPE_PEM));

        printf("\nPrinting extension values:\n");

        for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
            /* X509_get_ext_by_NID should return 3 for now. If that changes then
             * update the index */
            AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
            AssertNotNull(ext = X509_get_ext(x509, idx));
            AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
            printf("\n");
        }

        BIO_free(bio);
        X509_free(x509);
    }
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_cmp(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
    FILE* file1;
    FILE* file2;
    WOLFSSL_X509* cert1;
    WOLFSSL_X509* cert2;
    int ret = 0;

    AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb"));
    AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb"));

    AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
    AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
    fclose(file1);
    fclose(file2);

    printf(testingFmt, "wolfSSL_X509_cmp() testing matching certs");
    ret = wolfSSL_X509_cmp(cert1, cert1);
    AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
    printf(resultFmt, ret == 0 ? passed : failed);

    printf(testingFmt, "wolfSSL_X509_cmp() testing mismatched certs");
    ret = wolfSSL_X509_cmp(cert1, cert2);
    AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
    printf(resultFmt, ret == -1 ? passed : failed);

    printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, valid args");
    ret = wolfSSL_X509_cmp(NULL, cert2);
    AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
    printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);

    printf(testingFmt, "wolfSSL_X509_cmp() testing valid, NULL args");
    ret = wolfSSL_X509_cmp(cert1, NULL);
    AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
    printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);

    printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, NULL args");
    ret = wolfSSL_X509_cmp(NULL, NULL);
    AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
    printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);

    wolfSSL_X509_free(cert1);
    wolfSSL_X509_free(cert2);
#endif
}

static void test_wolfSSL_PKEY_up_ref(void)
{
#if defined(OPENSSL_ALL)
    EVP_PKEY* pkey;
    printf(testingFmt, "wolfSSL_PKEY_up_ref()");

    pkey = EVP_PKEY_new();
    AssertIntEQ(EVP_PKEY_up_ref(NULL), 0);
    AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
    EVP_PKEY_free(pkey);
    AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
    EVP_PKEY_free(pkey);
    EVP_PKEY_free(pkey);

    printf(resultFmt, "passed");
#endif
}

static void test_wolfSSL_d2i_and_i2d_PublicKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
    EVP_PKEY* pkey;
    const unsigned char* p;
    unsigned char* der = NULL;
    int derLen;

    printf(testingFmt, "test_wolfSSL_d2i_and_i2d_PublicKey()");

    p = client_keypub_der_2048;
    /* Check that key can be successfully decoded. */
    AssertNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p,
        sizeof_client_keypub_der_2048));
    /* Check that key can be successfully encoded. */
    AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
    /* Ensure that the encoded version matches the original. */
    AssertIntEQ(derLen, sizeof_client_keypub_der_2048);
    AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0);

    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
    EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_d2i_and_i2d_DSAparams(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DSA)
    DSA* dsa;
    char file[] = "./certs/dsaparams.der";
    XFILE f;
    int derInLen;
    byte* derIn;
    int derOutLen;
    byte* derOut = NULL;

    printf(testingFmt, "test_wolfSSL_d2i_and_i2d_DSAparams()");

    f = XFOPEN(file, "rb");
    AssertTrue(f != XBADFILE);
    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
    derInLen = (int)XFTELL(f);
    XREWIND(f);
    AssertNotNull(derIn = (byte*)XMALLOC(derInLen, HEAP_HINT,
        DYNAMIC_TYPE_TMP_BUFFER));
    AssertIntEQ(XFREAD(derIn, 1, derInLen, f), derInLen);
    XFCLOSE(f);

    /* Check that params can be successfully decoded. */
    AssertNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&derIn, derInLen));
    /* Check that params can be successfully encoded. */
    AssertIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0);
    /* Ensure that the encoded version matches the original. */
    AssertIntEQ(derInLen, derOutLen);
    AssertIntEQ(XMEMCMP(derIn, derOut, derInLen), 0);

    XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
    DSA_free(dsa);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_i2d_PrivateKey(void)
{
#if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED)

    printf(testingFmt, "wolfSSL_i2d_PrivateKey()");
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
    {
        EVP_PKEY* pkey;
        const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
        unsigned char buf[FOURK_BUF];
        unsigned char* pt = NULL;
        int bufSz;

        AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
                    (long)sizeof_server_key_der_2048));
        AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193);
        pt = buf;
        AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193);
        AssertIntNE((pt - buf), 0);
        AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0);
        EVP_PKEY_free(pkey);
    }
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
    {
        EVP_PKEY* pkey;
        const unsigned char* client_key =
            (const unsigned char*)ecc_clikey_der_256;
        unsigned char buf[FOURK_BUF];
        unsigned char* pt = NULL;
        int bufSz;

        AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
                                                   sizeof_ecc_clikey_der_256)));
        AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121);
        pt = buf;
        AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121);
        AssertIntNE((pt - buf), 0);
        AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0);
        EVP_PKEY_free(pkey);
    }
#endif

    printf(resultFmt, "passed");
#endif
}

static void test_wolfSSL_OCSP_id_get0_info(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    X509* cert;
    X509* issuer;
    OCSP_CERTID* id;
    OCSP_CERTID* id2;

    ASN1_STRING* name = NULL;
    ASN1_OBJECT* pmd  = NULL;
    ASN1_STRING* keyHash = NULL;
    ASN1_INTEGER* serial = NULL;
    ASN1_INTEGER* x509Int;

    printf(testingFmt, "wolfSSL_OCSP_id_get0_info()");

    AssertNotNull(cert =
            wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM));
    AssertNotNull(issuer =
            wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));

    id = OCSP_cert_to_id(NULL, cert, issuer);
    AssertNotNull(id);
    id2 = OCSP_cert_to_id(NULL, cert, issuer);
    AssertNotNull(id2);

    AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0);
    AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1);

    /* name, pmd, keyHash not supported yet, expect failure if not NULL */
    AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0);
    AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0);
    AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0);

    AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1);
    AssertNotNull(serial);

    /* compare serial number to one in cert, should be equal */
    x509Int = X509_get_serialNumber(cert);
    AssertNotNull(x509Int);
    AssertIntEQ(x509Int->length, serial->length);
    AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);

    /* test OCSP_id_cmp */
    AssertIntNE(OCSP_id_cmp(NULL, NULL), 0);
    AssertIntNE(OCSP_id_cmp(id, NULL), 0);
    AssertIntNE(OCSP_id_cmp(NULL, id2), 0);
    AssertIntEQ(OCSP_id_cmp(id, id2), 0);
    id->issuerHash[0] = ~id->issuerHash[0];
    AssertIntNE(OCSP_id_cmp(id, id2), 0);

    OCSP_CERTID_free(id);
    OCSP_CERTID_free(id2);
    X509_free(cert); /* free's x509Int */
    X509_free(issuer);

    printf(resultFmt, "passed");
#endif
}

static void test_wolfSSL_i2d_OCSP_CERTID(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
    WOLFSSL_OCSP_CERTID certId;
    byte* targetBuffer;
    byte* beginTargetBuffer;
    /* OCSP CertID bytes taken from PCAP */
    byte rawCertId[] = {
        0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
        0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
        0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
        0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
        0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
        0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
        0xcf, 0xbc, 0x91
    };
    int ret, i;

    printf(testingFmt, "wolfSSL_i2d_OCSP_CERTID()");

    XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
    certId.rawCertId = rawCertId;
    certId.rawCertIdSize = sizeof(rawCertId);
    targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, DYNAMIC_TYPE_TMP_BUFFER);

    beginTargetBuffer = targetBuffer;
    ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
    /* If target buffer is not null, function increments targetBuffer to point
       just past the end of the encoded data. */
    AssertPtrEq(targetBuffer, (beginTargetBuffer + sizeof(rawCertId)));
    /* Function returns the size of the encoded data. */
    AssertIntEQ(ret, sizeof(rawCertId));
    for (i = 0; i < ret; ++i)
    {
        AssertIntEQ(beginTargetBuffer[i], rawCertId[i]);
    }

    XFREE(beginTargetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    targetBuffer = NULL;
    ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
    /* If target buffer is null, function allocates memory for a buffer and
       copies the encoded data into it. targetBuffer then points to the start of
       this newly allocate buffer. */
    AssertIntEQ(ret, sizeof(rawCertId));
    for (i = 0; i < ret; ++i)
    {
        AssertIntEQ(targetBuffer[i], rawCertId[i]);
    }

    XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OCSP_id_cmp(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
    OCSP_CERTID id1;
    OCSP_CERTID id2;
    printf(testingFmt, "wolfSSL_OCSP_id_cmp()");

    XMEMSET(&id1, 0, sizeof(id1));
    XMEMSET(&id2, 0, sizeof(id2));
    AssertIntEQ(OCSP_id_cmp(&id1, &id2), 0);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
    WOLFSSL_OCSP_SINGLERESP single;
    const WOLFSSL_OCSP_CERTID* certId;

    XMEMSET(&single, 0, sizeof(single));
    certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single);

    printf(testingFmt, "wolfSSL_OCSP_SINGLERESP_get0_id()");

    AssertPtrEq(&single, certId);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OCSP_single_get0_status(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
    WOLFSSL_OCSP_SINGLERESP single;
    CertStatus certStatus;
    WOLFSSL_ASN1_TIME* thisDate;
    WOLFSSL_ASN1_TIME* nextDate;
    int ret, i;

    printf(testingFmt, "wolfSSL_OCSP_single_get0_status()");

    XMEMSET(&single,     0, sizeof(WOLFSSL_OCSP_SINGLERESP));
    XMEMSET(&certStatus, 0, sizeof(CertStatus));

    /* Fill the date fields with some dummy data. */
    for (i = 0; i < CTC_DATE_SIZE; ++i) {
        certStatus.thisDateParsed.data[i] = i;
        certStatus.nextDateParsed.data[i] = i;
    }
    certStatus.status = CERT_GOOD;
    single.status = &certStatus;

    ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate,
                                          &nextDate);
    AssertIntEQ(ret, CERT_GOOD);
    AssertPtrEq(thisDate, &certStatus.thisDateParsed);
    AssertPtrEq(nextDate, &certStatus.nextDateParsed);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OCSP_resp_count(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
    WOLFSSL_OCSP_BASICRESP basicResp;
    WOLFSSL_OCSP_SINGLERESP singleRespOne;
    WOLFSSL_OCSP_SINGLERESP singleRespTwo;
    int count;

    printf(testingFmt, "wolfSSL_OCSP_resp_count()");

    XMEMSET(&basicResp,     0, sizeof(WOLFSSL_OCSP_BASICRESP));
    XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
    XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));

    count = wolfSSL_OCSP_resp_count(&basicResp);
    AssertIntEQ(count, 0);

    basicResp.single = &singleRespOne;
    count = wolfSSL_OCSP_resp_count(&basicResp);
    AssertIntEQ(count, 1);

    singleRespOne.next = &singleRespTwo;
    count = wolfSSL_OCSP_resp_count(&basicResp);
    AssertIntEQ(count, 2);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_OCSP_resp_get0(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
    WOLFSSL_OCSP_BASICRESP basicResp;
    WOLFSSL_OCSP_SINGLERESP singleRespOne;
    WOLFSSL_OCSP_SINGLERESP singleRespTwo;
    WOLFSSL_OCSP_SINGLERESP* ret;

    printf(testingFmt, "wolfSSL_OCSP_resp_get0()");

    XMEMSET(&basicResp,     0, sizeof(WOLFSSL_OCSP_BASICRESP));
    XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
    XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));

    basicResp.single = &singleRespOne;
    singleRespOne.next = &singleRespTwo;

    ret = wolfSSL_OCSP_resp_get0(&basicResp, 0);
    AssertPtrEq(ret, &singleRespOne);

    ret = wolfSSL_OCSP_resp_get0(&basicResp, 1);
    AssertPtrEq(ret, &singleRespTwo);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_EVP_PKEY_derive(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)

    printf(testingFmt, "wolfSSL_EVP_PKEY_derive()");
    EVP_PKEY_CTX *ctx;
    unsigned char *skey;
    size_t skeylen;
    EVP_PKEY *pkey, *peerkey;
    const unsigned char* key;

#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
    /* DH */
    key = dh_key_der_2048;
    AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
                                         sizeof_dh_key_der_2048)));
    AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1);
    key = dh_key_der_2048;
    AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
                                            sizeof_dh_key_der_2048)));
    AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1);
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
    AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
    AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
    AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
    AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
    AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);

    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(peerkey);
    EVP_PKEY_free(pkey);
    XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
#endif

#ifdef HAVE_ECC
    /* ECDH */
    key = ecc_clikey_der_256;
    AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key,
                                         sizeof_ecc_clikey_der_256)));
    key = ecc_clikeypub_der_256;
    AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key,
                                        sizeof_ecc_clikeypub_der_256)));
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
    AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
    AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
    AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
    AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
    AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);

    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(peerkey);
    EVP_PKEY_free(pkey);
    XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
#endif /* HAVE_ECC */

    printf(resultFmt, "passed");
#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
}

static void test_wolfSSL_EVP_PBE_scrypt(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5))
#if !defined(NO_PWDBASED) &&  !defined(NO_SHA256)

    int ret;

    const char  pwd[]    = {'p','a','s','s','w','o','r','d'};
    int         pwdlen   = sizeof(pwd);
    const byte  salt[]   = {'N','a','C','l'};
    int         saltlen  = sizeof(salt);
    byte        key[80];
    word64      numOvr32 = (word64)INT32_MAX + 1;

    /* expected derived key for N:16, r:1, p:1 */
    const byte expectedKey[] = {
        0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B,
        0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A,
        0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97,
        0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6,
        0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C,
        0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53,
        0xE7, 0xE9, 0xC0, 0x9A};

    printf(testingFmt, "wolfSSL_EVP_PBE_scrypt()");

    /*                                               N  r  p  mx key keylen */
    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 0); /* N must be greater than 1 */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 0); /* N must be power of 2 */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64);
    AssertIntEQ(ret, 0); /* r must be greater than 0 */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64);
    AssertIntEQ(ret, 0); /* p must be greater than 0 */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0);
    AssertIntEQ(ret, 0); /* keylen must be greater than 0 */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64);
    AssertIntEQ(ret, 0); /* r must be smaller than 9 */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64);
    AssertIntEQ(ret, 1); /* should succeed if key is NULL  */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 1); /* should succeed */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0,
                                                                    key, 64);
    AssertIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0,
                                                                    key, 64);
    AssertIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */

    ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 1); /* should succeed even if salt is NULL */

    ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/

    ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/

    ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */

    ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */

    ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64);
    AssertIntEQ(ret, 1);

    ret = XMEMCMP(expectedKey, key, sizeof(expectedKey));
    AssertIntEQ(ret, 0); /* derived key must be the same as expected-key */

    printf(resultFmt, "passed");

#endif /* !NO_PWDBASED && !NO_SHA256 */
#endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */
}

#ifndef NO_RSA
static void test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
{
#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    RSA *rsa;
    const unsigned char *derBuf = client_key_der_2048;
    unsigned char em[256] = {0}; /* len = 2048/8 */
    /* Random data simulating a hash */
    const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
        0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
        0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
        0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
    };

    AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
    AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -1), 1);
    AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -1), 1);

    RSA_free(rsa);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
}
#endif

static void test_wolfSSL_RSA_sign_sha3(void)
{
#if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
    RSA *rsa;
    const unsigned char *derBuf = client_key_der_2048;
    unsigned char sigRet[256] = {0};
    unsigned int sigLen = sizeof(sigRet);
    /* Random data simulating a hash */
    const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = {
        0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
        0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
        0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
    };

    printf(testingFmt, "wolfSSL_RSA_sign_sha3");

    AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
    AssertIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet,
                            &sigLen, rsa), 1);

    RSA_free(rsa);

    printf(resultFmt, passed);
#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
#endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/
}

static void test_wolfSSL_EC_get_builtin_curves(void)
{
#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    EC_builtin_curve* curves = NULL;
    size_t crv_len = 0;
    size_t i = 0;

    printf(testingFmt, "wolfSSL_EC_get_builtin_curves");

    AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
    AssertNotNull(curves = (EC_builtin_curve*)
            XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
                    DYNAMIC_TYPE_TMP_BUFFER));
    AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);

    for (i = 0; i < crv_len; i++)
    {
        if (curves[i].comment != NULL)
            AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
    }

    XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    printf(resultFmt, passed);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
}

static void test_no_op_functions(void)
{
    #if defined(OPENSSL_EXTRA)
    printf(testingFmt, "no_op_functions()");

    /* this makes sure wolfSSL can compile and run these no-op functions */
    SSL_load_error_strings();
    ENGINE_load_builtin_engines();
    OpenSSL_add_all_ciphers();
    AssertIntEQ(CRYPTO_malloc_init(), 0);

    printf(resultFmt, passed);
    #endif
}

static void test_wolfSSL_CRYPTO_memcmp(void)
{
#ifdef OPENSSL_EXTRA
    char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
               "implementation of TLS/SSL for embedded devices to the cloud.";
    char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
               "implementation of TLS/SSL for embedded devices to the cloud.";
    char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
               "implementation of TLS/SSL for embedded devices to the cloud!";

    AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0);
    AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0);
#endif
}

/*----------------------------------------------------------------------------*
 | wolfCrypt ASN
 *----------------------------------------------------------------------------*/

static void test_wc_CreateEncryptedPKCS8Key(void)
{
#if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
 && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA)
    WC_RNG rng;
    byte* encKey = NULL;
    word32 encKeySz = 0;
    word32 decKeySz = 0;
    const char password[] = "Lorem ipsum dolor sit amet";
    word32 passwordSz = (word32)XSTRLEN(password);
    word32 tradIdx = 0;

    printf(testingFmt, "test_wc_CreateEncryptedPKCS8Key");

    AssertIntEQ(wc_InitRng(&rng), 0);
    /* Call with NULL for out buffer to get necessary length. */
    AssertIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
        sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz,
        PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
        LENGTH_ONLY_E);
    AssertNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
        DYNAMIC_TYPE_TMP_BUFFER));
    /* Call with the allocated out buffer. */
    AssertIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
        sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz,
        PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
        0);
    /* Decrypt the encrypted PKCS8 key we just made. */
    AssertIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password,
        passwordSz)), 0);
    /* encKey now holds the decrypted key (decrypted in place). */
    AssertIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0);
    /* Check that the decrypted key matches the key prior to encryption. */
    AssertIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048,
        sizeof_server_key_der_2048), 0);

    if (encKey != NULL)
        XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    wc_FreeRng(&rng);

    printf(resultFmt, passed);
#endif
}

static void test_wc_GetPkcs8TraditionalOffset(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8)
    int length, derSz;
    word32 inOutIdx;
    const char* path = "./certs/server-keyPkcs8.der";
    XFILE file;
    byte der[2048];

    printf(testingFmt, "wc_GetPkcs8TraditionalOffset");

    file = XFOPEN(path, "rb");
    AssertTrue(file != XBADFILE);
    derSz = (int)XFREAD(der, 1, sizeof(der), file);
    XFCLOSE(file);

    /* valid case */
    inOutIdx = 0;
    length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
    AssertIntGT(length, 0);

    /* inOutIdx > sz */
    inOutIdx = 4000;
    length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
    AssertIntEQ(length, BAD_FUNC_ARG);

    /* null input */
    inOutIdx = 0;
    length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0);
    AssertIntEQ(length, BAD_FUNC_ARG);

    /* invalid input, fill buffer with 1's */
    XMEMSET(der, 1, sizeof(der));
    inOutIdx = 0;
    length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
    AssertIntEQ(length, ASN_PARSE_E);

    printf(resultFmt, passed);
#endif /* NO_ASN */
}

static void test_wc_SetSubjectRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
    const char* joiCertFile = "./certs/test/cert-ext-joi.der";
    WOLFSSL_X509* x509;
    int peerCertSz;
    const byte* peerCertBuf;
    Cert forgedCert;

    printf(testingFmt, "test_wc_SetSubjectRaw()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));

    AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));

    AssertIntEQ(0, wc_InitCert(&forgedCert));

    AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz));

    wolfSSL_FreeX509(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wc_GetSubjectRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
    Cert cert;
    byte *subjectRaw;

    printf(testingFmt, "test_wc_GetSubjectRaw()");

    AssertIntEQ(0, wc_InitCert(&cert));
    AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert));

    printf(resultFmt, passed);
#endif
}

static void test_wc_SetIssuerRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
    const char* joiCertFile = "./certs/test/cert-ext-joi.der";
    WOLFSSL_X509* x509;
    int peerCertSz;
    const byte* peerCertBuf;
    Cert forgedCert;

    printf(testingFmt, "test_wc_SetIssuerRaw()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));

    AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));

    AssertIntEQ(0, wc_InitCert(&forgedCert));

    AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));

    wolfSSL_FreeX509(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wc_SetIssueBuffer(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
    const char* joiCertFile = "./certs/test/cert-ext-joi.der";
    WOLFSSL_X509* x509;
    int peerCertSz;
    const byte* peerCertBuf;
    Cert forgedCert;

    printf(testingFmt, "test_wc_SetIssuerBuffer()");

    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));

    AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));

    AssertIntEQ(0, wc_InitCert(&forgedCert));

    AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz));

    wolfSSL_FreeX509(x509);

    printf(resultFmt, passed);
#endif
}

/*
 * Testing wc_SetSubjectKeyId
 */
static void test_wc_SetSubjectKeyId(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
    Cert cert;
    const char* file = "certs/ecc-client-keyPub.pem";

    printf(testingFmt, "wc_SetSubjectKeyId()");

    AssertIntEQ(0, wc_InitCert(&cert));
    AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file));

    AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
    AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));

    printf(resultFmt, passed);
#endif
} /* END test_wc_SetSubjectKeyId */

/*
 * Testing wc_SetSubject
 */
static void test_wc_SetSubject(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
    Cert cert;
    const char* file = "./certs/ca-ecc-cert.pem";

    printf(testingFmt, "wc_SetSubject()");

    AssertIntEQ(0, wc_InitCert(&cert));
    AssertIntEQ(0, wc_SetSubject(&cert, file));

    AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
    AssertIntGT(0, wc_SetSubject(&cert, "badfile.name"));

    printf(resultFmt, passed);
#endif
} /* END test_wc_SetSubject */


static void test_CheckCertSignature(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
    WOLFSSL_CERT_MANAGER* cm = NULL;
#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
    FILE* fp;
    byte  cert[4096];
    int   certSz;
#endif

    AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
    AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
    AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));

#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
    AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
                sizeof_server_cert_der_1024, NULL, cm));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                ca_cert_der_1024, sizeof_ca_cert_der_1024,
                WOLFSSL_FILETYPE_ASN1));
    AssertIntEQ(0, CheckCertSignature(server_cert_der_1024,
                sizeof_server_cert_der_1024, NULL, cm));
#elif defined(USE_CERT_BUFFERS_2048)
    AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
                sizeof_server_cert_der_2048, NULL, cm));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                ca_cert_der_2048, sizeof_ca_cert_der_2048,
                WOLFSSL_FILETYPE_ASN1));
    AssertIntEQ(0, CheckCertSignature(server_cert_der_2048,
                sizeof_server_cert_der_2048, NULL, cm));
#endif
#endif

#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
    AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
                sizeof_serv_ecc_der_256, NULL, cm));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
                WOLFSSL_FILETYPE_ASN1));
    AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
                NULL, cm));
#endif

#if !defined(NO_FILESYSTEM)
    wolfSSL_CertManagerFree(cm);
    AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
#ifndef NO_RSA
    AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb"));
    AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
    XFCLOSE(fp);
    AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                "./certs/ca-cert.pem", NULL));
    AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
#endif
#ifdef HAVE_ECC
    AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb"));
    AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
    XFCLOSE(fp);
    AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                "./certs/ca-ecc-cert.pem", NULL));
    AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
#endif
#endif

#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
    (void)fp;
    (void)cert;
    (void)certSz;
#endif

    wolfSSL_CertManagerFree(cm);
#endif
}

/*----------------------------------------------------------------------------*
 | wolfCrypt ECC
 *----------------------------------------------------------------------------*/

static void test_wc_ecc_get_curve_size_from_name(void)
{
#ifdef HAVE_ECC
    int ret;

    printf(testingFmt, "wc_ecc_get_curve_size_from_name");

    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
        ret = wc_ecc_get_curve_size_from_name("SECP256R1");
        AssertIntEQ(ret, 32);
    #endif

    /* invalid case */
    ret = wc_ecc_get_curve_size_from_name("BADCURVE");
    AssertIntEQ(ret, -1);

    /* NULL input */
    ret = wc_ecc_get_curve_size_from_name(NULL);
    AssertIntEQ(ret, BAD_FUNC_ARG);

    printf(resultFmt, passed);
#endif /* HAVE_ECC */
}

static void test_wc_ecc_get_curve_id_from_name(void)
{
#ifdef HAVE_ECC
    int id;

    printf(testingFmt, "wc_ecc_get_curve_id_from_name");

    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
        id = wc_ecc_get_curve_id_from_name("SECP256R1");
        AssertIntEQ(id, ECC_SECP256R1);
    #endif

    /* invalid case */
    id = wc_ecc_get_curve_id_from_name("BADCURVE");
    AssertIntEQ(id, -1);

    /* NULL input */
    id = wc_ecc_get_curve_id_from_name(NULL);
    AssertIntEQ(id, BAD_FUNC_ARG);

    printf(resultFmt, passed);
#endif /* HAVE_ECC */
}

#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
    !defined(HAVE_SELFTEST) && \
    !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))

static void test_wc_ecc_get_curve_id_from_dp_params(void)
{
    int id;
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
    int curve_id;
    ecc_key* key;
    const ecc_set_type* params;
    int ret;
#endif
    WOLFSSL_EC_KEY *ecKey = NULL;

    printf(testingFmt, "wc_ecc_get_curve_id_from_dp_params");

    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
        id = wc_ecc_get_curve_id_from_name("SECP256R1");
        AssertIntEQ(id, ECC_SECP256R1);

        ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
        AssertNotNull(ecKey);

        ret = EC_KEY_generate_key(ecKey);

        if (ret == 0) {
            /* normal test */
            key = (ecc_key*)ecKey->internal;
            params = key->dp;

            curve_id = wc_ecc_get_curve_id_from_dp_params(params);
            AssertIntEQ(curve_id, id);
        }
    #endif
    /* invalid case, NULL input*/

    id = wc_ecc_get_curve_id_from_dp_params(NULL);
    AssertIntEQ(id, BAD_FUNC_ARG);
    wolfSSL_EC_KEY_free(ecKey);

    printf(resultFmt, passed);
}
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */

static void test_wc_ecc_get_curve_id_from_params(void)
{
#ifdef HAVE_ECC
    int id;

    const byte prime[] =
    {
        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
    };

    const byte primeInvalid[] =
    {
        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
    };

    const byte Af[] =
    {
        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
    };

    const byte Bf[] =
    {
        0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
        0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
        0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
        0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
    };

    const byte order[] =
    {
        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
        0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
        0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
    };

    const byte Gx[] =
    {
        0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
        0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
        0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
        0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
    };

    const byte Gy[] =
    {
        0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
        0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
        0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
        0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
    };

    int cofactor = 1;
    int fieldSize = 256;

    printf(testingFmt, "wc_ecc_get_curve_id_from_params");

    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
        id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime),
                Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
                Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
        AssertIntEQ(id, ECC_SECP256R1);
    #endif

    /* invalid case, fieldSize = 0 */
    id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
            Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
            Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
    AssertIntEQ(id, ECC_CURVE_INVALID);

    /* invalid case, NULL prime */
    id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
            Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
            Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
    AssertIntEQ(id, BAD_FUNC_ARG);

    /* invalid case, invalid prime */
    id = wc_ecc_get_curve_id_from_params(fieldSize,
            primeInvalid, sizeof(primeInvalid),
            Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
            Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
    AssertIntEQ(id, ECC_CURVE_INVALID);

    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
    !defined(HAVE_FAST_RSA)
    WOLFSSL_RSA* rsa = NULL;
    WOLFSSL_EVP_PKEY* pkey = NULL;
    WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
    const char* in = "What is easy to do is easy not to do.";
    size_t inlen = XSTRLEN(in);
    size_t outEncLen = 0;
    byte*  outEnc = NULL;
    byte*  outDec = NULL;
    size_t outDecLen = 0;
    size_t rsaKeySz = 2048/8;  /* Bytes */
#ifdef WC_RSA_NO_PADDING
    byte*  inTmp = NULL;
    byte*  outEncTmp = NULL;
    byte*  outDecTmp = NULL;
#endif
    printf(testingFmt, "wolfSSL_EVP_PKEY_encrypt()");

    AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
    XMEMSET(outEnc, 0, rsaKeySz);
    AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
    XMEMSET(outDec, 0, rsaKeySz);

    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
    AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
                WOLFSSL_SUCCESS);

    /* Test pkey references count is decremented. pkey shouldn't be destroyed
     since ctx uses it.*/
    AssertIntEQ(pkey->references, 2);
    EVP_PKEY_free(pkey);
    AssertIntEQ(pkey->references, 1);

    /* Encrypt data */
    /* Check that we can get the required output buffer length by passing in a
     * NULL output buffer. */
    AssertIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen,
                            (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
    AssertIntEQ(rsaKeySz, outEncLen);
    /* Now do the actual encryption. */
    AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen,
                            (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);

    /* Decrypt data */
    AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
    /* Check that we can get the required output buffer length by passing in a
     * NULL output buffer. */
    AssertIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen),
                                 WOLFSSL_SUCCESS);
    AssertIntEQ(rsaKeySz, outDecLen);
    /* Now do the actual decryption. */
    AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen),
                                 WOLFSSL_SUCCESS);

    AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0);

#ifdef WC_RSA_NO_PADDING
    /* The input length must be the same size as the RSA key.*/
    AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
    XMEMSET(inTmp, 9, rsaKeySz);
    AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
    XMEMSET(outEncTmp, 0, rsaKeySz);
    AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
    XMEMSET(outDecTmp, 0, rsaKeySz);
    AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
                                             WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz),
                                 WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen),
                                 WOLFSSL_SUCCESS);
    AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0);
#endif
    EVP_PKEY_CTX_free(ctx);
    XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WC_RSA_NO_PADDING
    XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_sign(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    WOLFSSL_RSA* rsa = NULL;
    WOLFSSL_EVP_PKEY* pkey = NULL;
    WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
    const char* in = "What is easy to do is easy not to do.";
    size_t inlen = XSTRLEN(in);
    byte hash[SHA256_DIGEST_LENGTH] = {0};
    SHA256_CTX c;
    byte*  sig = NULL;
    byte*  sigVerify = NULL;
    size_t siglen = 0;
    size_t rsaKeySz = 2048/8;  /* Bytes */

    printf(testingFmt, "wolfSSL_EVP_PKEY_sign()");
    sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    AssertNotNull(sig);
    XMEMSET(sig, 0, rsaKeySz);
    AssertNotNull(sigVerify = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
    XMEMSET(sigVerify, 0, rsaKeySz);

    /* Generate hash */
    SHA256_Init(&c);
    SHA256_Update(&c, in, inlen);
    SHA256_Final(hash, &c);
#ifdef WOLFSSL_SMALL_STACK_CACHE
    /* workaround for small stack cache case */
    wc_Sha256Free((wc_Sha256*)&c);
#endif

    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
    AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
                WOLFSSL_SUCCESS);

    /* Sign data */
    AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, SHA256_DIGEST_LENGTH),
                              WOLFSSL_SUCCESS);
    /* Verify signature.
       EVP_PKEY_verify() doesn't exist yet, so use RSA_public_decrypt(). */
    AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify,
                             rsa, RSA_PKCS1_PADDING), SHA256_DIGEST_LENGTH);

    AssertIntEQ(XMEMCMP(hash, sigVerify, SHA256_DIGEST_LENGTH), 0);
    /* error cases */

    AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS);
    ctx->pkey->type = EVP_PKEY_RSA;
    AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
    AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen),
                              WOLFSSL_SUCCESS);
    AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen),
                              WOLFSSL_SUCCESS);

    EVP_PKEY_free(pkey);
    EVP_PKEY_CTX_free(ctx);
    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
    printf(resultFmt, passed);
#endif
}

static void test_EVP_PKEY_rsa(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
    WOLFSSL_RSA* rsa;
    WOLFSSL_EVP_PKEY* pkey;

    AssertNotNull(rsa = wolfSSL_RSA_new());
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
    AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
    AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
    wolfSSL_EVP_PKEY_free(pkey);

    printf(resultFmt, passed);

#endif
}

static void test_EVP_PKEY_ec(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    WOLFSSL_EC_KEY* ecKey;
    WOLFSSL_EVP_PKEY* pkey;

    AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
    /* Should fail since ecKey is empty */
    AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
    wolfSSL_EVP_PKEY_free(pkey);

    printf(resultFmt, passed);
#endif
#endif
}

static void test_EVP_PKEY_cmp(void)
{
#if defined(OPENSSL_EXTRA)
    EVP_PKEY *a, *b;
    const unsigned char *in;

    printf(testingFmt, "wolfSSL_EVP_PKEY_cmp()");
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
    in = client_key_der_2048;
    AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
        &in, (long)sizeof_client_key_der_2048));
    in = client_key_der_2048;
    AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
        &in, (long)sizeof_client_key_der_2048));

    /* Test success case RSA */
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
    AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
#else
    AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */

    EVP_PKEY_free(b);
    EVP_PKEY_free(a);
#endif

#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
    in = ecc_clikey_der_256;
    AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
        &in, (long)sizeof_ecc_clikey_der_256));
    in = ecc_clikey_der_256;
    AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
        &in, (long)sizeof_ecc_clikey_der_256));

    /* Test success case ECC */
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
    AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
#else
    AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */

    EVP_PKEY_free(b);
    EVP_PKEY_free(a);
#endif

    /* Test failure cases */
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \
     defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)

    in = client_key_der_2048;
    AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
        &in, (long)sizeof_client_key_der_2048));
    in = ecc_clikey_der_256;
    AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
        &in, (long)sizeof_ecc_clikey_der_256));

#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
    AssertIntEQ(EVP_PKEY_cmp(a, b), -1);
#else
    AssertIntNE(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
    EVP_PKEY_free(b);
    EVP_PKEY_free(a);
#endif

    /* invalid or empty failure cases */
    a = EVP_PKEY_new();
    b = EVP_PKEY_new();
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
    AssertIntEQ(EVP_PKEY_cmp(NULL, NULL), 0);
    AssertIntEQ(EVP_PKEY_cmp(a, NULL), 0);
    AssertIntEQ(EVP_PKEY_cmp(NULL, b), 0);
    AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#else
    AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0);
    AssertIntNE(EVP_PKEY_cmp(a, NULL), 0);
    AssertIntNE(EVP_PKEY_cmp(NULL, b), 0);
    AssertIntNE(EVP_PKEY_cmp(a, b), 0);
#endif
    EVP_PKEY_free(b);
    EVP_PKEY_free(a);

    (void)in;

    printf(resultFmt, passed);
#endif
}

static void test_ERR_load_crypto_strings(void)
{
#if defined(OPENSSL_ALL)
    ERR_load_crypto_strings();

    printf(resultFmt, passed);
#endif
}

#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
static void free_x509(X509* x)
{
    AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
}
#endif

static void test_sk_X509(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
    STACK_OF(X509)* s;

    AssertNotNull(s = sk_X509_new());
    AssertIntEQ(sk_X509_num(s), 0);
    sk_X509_pop_free(s, NULL);

    AssertNotNull(s = sk_X509_new_null());
    AssertIntEQ(sk_X509_num(s), 0);
    sk_X509_pop_free(s, NULL);

    AssertNotNull(s = sk_X509_new());
    sk_X509_push(s, (X509*)1);
    AssertIntEQ(sk_X509_num(s), 1);
    AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
    sk_X509_push(s, (X509*)2);
    AssertIntEQ(sk_X509_num(s), 2);
    AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
    AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
    sk_X509_push(s, (X509*)2);
    sk_X509_pop_free(s, free_x509);

    printf(resultFmt, passed);
#endif
}

static void test_X509_get_signature_nid(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    X509*   x509;

    AssertIntEQ(X509_get_signature_nid(NULL), 0);
    AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
                                                             SSL_FILETYPE_PEM));
    AssertIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption);
    X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_X509_REQ(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
    X509_NAME* name;
#if !defined(NO_RSA) || defined(HAVE_ECC)
    X509_REQ* req;
    EVP_PKEY* priv;
    EVP_PKEY* pub;
    unsigned char* der = NULL;
#endif
#ifndef NO_RSA
    EVP_MD_CTX *mctx = NULL;
    EVP_PKEY_CTX *pkctx = NULL;
    #ifdef USE_CERT_BUFFERS_1024
    const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
    const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
    #elif defined(USE_CERT_BUFFERS_2048)
    const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048;
    const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048;
    #endif
#endif
#ifdef HAVE_ECC
    const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
    const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
    int len;
#endif

    AssertNotNull(name = X509_NAME_new());
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
                                           (byte*)"wolfssl.com", 11, 0, 1),
                WOLFSSL_SUCCESS);
    AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
                                           (byte*)"support@wolfssl.com", 19, -1,
                                           1), WOLFSSL_SUCCESS);

#ifndef NO_RSA
    AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
                                        (long)sizeof_client_key_der_2048));
    AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
                                   (long)sizeof_client_keypub_der_2048));
    AssertNotNull(req = X509_REQ_new());
    AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
    AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
    AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
    AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
    AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
    AssertIntEQ(i2d_X509_REQ(req, &der), 643);
    XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
    der = NULL;

    mctx = EVP_MD_CTX_new();
    AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);

    EVP_MD_CTX_free(mctx);
    X509_REQ_free(NULL);
    X509_REQ_free(req);
    EVP_PKEY_free(pub);
    EVP_PKEY_free(priv);
#endif
#ifdef HAVE_ECC
    AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv,
                                                    sizeof_ecc_clikey_der_256));
    AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub,
                                                 sizeof_ecc_clikeypub_der_256));
    AssertNotNull(req = X509_REQ_new());
    AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
    AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
    /* Signature is random and may be shorter or longer. */
    AssertIntGE((len = i2d_X509_REQ(req, &der)), 245);
    AssertIntLE(len, 253);
    XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
    X509_REQ_free(req);
    EVP_PKEY_free(pub);
    EVP_PKEY_free(priv);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif
#endif /* HAVE_ECC */

    X509_NAME_free(name);

    printf(resultFmt, passed);
#endif
}

static void test_wolfssl_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
    PKCS7* pkcs7;
    byte   data[FOURK_BUF];
    word32 len = sizeof(data);
    const byte*  p = data;
    byte   content[] = "Test data to encode.";
#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
    BIO*   bio;
    byte   key[sizeof(client_key_der_2048)];
    word32 keySz = (word32)sizeof(key);
#endif

    AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
                                             (word32)sizeof(content),
                                             0, 0)), 0);

    AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
    AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
    AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
    AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
                                              PKCS7_NOVERIFY), WOLFSSL_FAILURE);
    PKCS7_free(pkcs7);

    /* fail case, without PKCS7_NOVERIFY */
    p = data;
    AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
    AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
                                                           0), WOLFSSL_FAILURE);
    PKCS7_free(pkcs7);

    /* success case, with PKCS7_NOVERIFY */
    p = data;
    AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
    AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
                                              PKCS7_NOVERIFY), WOLFSSL_SUCCESS);

#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
    /* test i2d */
    XMEMCPY(key, client_key_der_2048, keySz);
    pkcs7->privateKey = key;
    pkcs7->privateKeySz = (word32)sizeof(key);
    pkcs7->encryptOID = RSAk;
    pkcs7->hashOID = SHAh;
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
    BIO_free(bio);
#endif

    PKCS7_free(NULL);
    PKCS7_free(pkcs7);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_PKCS7_SIGNED_new(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
    PKCS7_SIGNED* pkcs7;

    printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()");

    pkcs7 = PKCS7_SIGNED_new();
    AssertNotNull(pkcs7);
    AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);

    PKCS7_SIGNED_free(pkcs7);
    printf(resultFmt, passed);
#endif
}

#ifndef NO_BIO
static void test_wolfSSL_PEM_write_bio_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
    PKCS7* pkcs7 = NULL;
    BIO* bio = NULL;
    const byte* cert_buf = NULL;
    int ret = 0;
    WC_RNG rng;
    const byte data[] = { /* Hello World */
        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
        0x72,0x6c,0x64
    };
#ifndef NO_RSA
    #if defined(USE_CERT_BUFFERS_2048)
        byte        key[sizeof(client_key_der_2048)];
        byte        cert[sizeof(client_cert_der_2048)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_2048, keySz);
        XMEMCPY(cert, client_cert_der_2048, certSz);
    #elif defined(USE_CERT_BUFFERS_1024)
        byte        key[sizeof_client_key_der_1024];
        byte        cert[sizeof(sizeof_client_cert_der_1024)];
        word32      keySz = (word32)sizeof(key);
        word32      certSz = (word32)sizeof(cert);
        XMEMSET(key, 0, keySz);
        XMEMSET(cert, 0, certSz);
        XMEMCPY(key, client_key_der_1024, keySz);
        XMEMCPY(cert, client_cert_der_1024, certSz);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz;
        int             keySz;

        fp = XFOPEN("./certs/1024/client-cert.der", "rb");
        AssertTrue((fp != XBADFILE));
        certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/1024/client-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
        XFCLOSE(fp);
    #endif
#elif defined(HAVE_ECC)
    #if defined(USE_CERT_BUFFERS_256)
        unsigned char    cert[sizeof(cliecc_cert_der_256)];
        unsigned char    key[sizeof(ecc_clikey_der_256)];
        int              certSz = (int)sizeof(cert);
        int              keySz = (int)sizeof(key);
        XMEMSET(cert, 0, certSz);
        XMEMSET(key, 0, keySz);
        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
    #else
        unsigned char   cert[ONEK_BUF];
        unsigned char   key[ONEK_BUF];
        XFILE           fp;
        int             certSz, keySz;

        fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
        AssertTrue(fp != XBADFILE);
        certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
        XFCLOSE(fp);

        fp = XFOPEN("./certs/client-ecc-key.der", "rb");
        AssertTrue(fp != XBADFILE);
        keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
        XFCLOSE(fp);
    #endif
#else
    #error PKCS7 requires ECC or RSA
#endif
    printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()");

    AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
    /* initialize with DER encoded cert */
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);

    /* init rng */
    AssertIntEQ(wc_InitRng(&rng), 0);

    pkcs7->rng = &rng;
    pkcs7->content   = (byte*)data; /* not used for ex */
    pkcs7->contentSz = (word32)sizeof(data);
    pkcs7->contentOID = SIGNED_DATA;
    pkcs7->privateKey = key;
    pkcs7->privateKeySz = (word32)sizeof(key);
    pkcs7->encryptOID = RSAk;
    pkcs7->hashOID = SHAh;
    pkcs7->signedAttribs   = NULL;
    pkcs7->signedAttribsSz = 0;

#ifndef NO_BIO
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
    AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);

    /* Read PKCS#7 PEM from BIO */
    ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
    AssertIntGE(ret, 0);

    BIO_free(bio);
#endif
    wc_PKCS7_Free(pkcs7);
    wc_FreeRng(&rng);

    printf(resultFmt, passed);

#endif
}

#ifdef HAVE_SMIME
static void test_wolfSSL_SMIME_read_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
    !defined(NO_RSA)
    PKCS7* pkcs7 = NULL;
    BIO* bio = NULL;
    BIO* bcont = NULL;
    XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r");

    printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()");

    bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
    AssertNotNull(bio);
    AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
    AssertNotNull(pkcs7);
    AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
    XFCLOSE(smimeTestFile);
    if (bcont) BIO_free(bcont);
    wolfSSL_PKCS7_free(pkcs7);

    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
    AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
    AssertNotNull(pkcs7);
    AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
    XFCLOSE(smimeTestFile);
    if (bcont) BIO_free(bcont);
    wolfSSL_PKCS7_free(pkcs7);

    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
    AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
    AssertNull(pkcs7);
    AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE);
    XFCLOSE(smimeTestFile);
    if (bcont) BIO_free(bcont);
    wolfSSL_PKCS7_free(pkcs7);

    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
    AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
    AssertNotNull(pkcs7);
    AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
    BIO_free(bio);
    if (bcont) BIO_free(bcont);
    wolfSSL_PKCS7_free(pkcs7);

    printf(resultFmt, passed);
#endif
}
#endif /* HAVE_SMIME*/
#endif /* !NO_BIO */

/*----------------------------------------------------------------------------*
 | Certificate Failure Checks
 *----------------------------------------------------------------------------*/
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
                           !defined(WOLFSSL_NO_CLIENT_AUTH))
    /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
    static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
        int type)
    {
        int ret;
        WOLFSSL_CERT_MANAGER* cm = NULL;

        switch (type) {
            case TESTING_RSA:
            #ifdef NO_RSA
                printf("RSA disabled, skipping test\n");
                return ASN_SIG_CONFIRM_E;
            #else
                break;
            #endif
            case TESTING_ECC:
            #ifndef HAVE_ECC
                printf("ECC disabled, skipping test\n");
                return ASN_SIG_CONFIRM_E;
            #else
                break;
            #endif
            default:
                printf("Bad function argument\n");
                return BAD_FUNC_ARG;
        }
        cm = wolfSSL_CertManagerNew();
        if (cm == NULL) {
            printf("wolfSSL_CertManagerNew failed\n");
            return -1;
        }

    #ifndef NO_FILESYSTEM
        ret = wolfSSL_CertManagerLoadCA(cm, ca, 0);
        if (ret != WOLFSSL_SUCCESS) {
            printf("wolfSSL_CertManagerLoadCA failed\n");
            wolfSSL_CertManagerFree(cm);
            return ret;
        }
    #else
        (void)ca;
    #endif

        ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1);
        /* Let AssertIntEQ handle return code */

        wolfSSL_CertManagerFree(cm);

        return ret;
    }

    static int test_RsaSigFailure_cm(void)
    {
        int ret = 0;
        const char* ca_cert = "./certs/ca-cert.pem";
        const char* server_cert = "./certs/server-cert.der";
        byte* cert_buf = NULL;
        size_t cert_sz = 0;

        ret = load_file(server_cert, &cert_buf, &cert_sz);
        if (ret == 0) {
            /* corrupt DER - invert last byte, which is signature */
            cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];

            /* test bad cert */
            ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA);
        }

        printf("Signature failure test: RSA: Ret %d\n", ret);

        if (cert_buf)
            free(cert_buf);

        return ret;
    }

    static int test_EccSigFailure_cm(void)
    {
        int ret = 0;
        /* self-signed ECC cert, so use server cert as CA */
        const char* ca_cert = "./certs/ca-ecc-cert.pem";
        const char* server_cert = "./certs/server-ecc.der";
        byte* cert_buf = NULL;
        size_t cert_sz = 0;

        ret = load_file(server_cert, &cert_buf, &cert_sz);
        if (ret == 0) {
            /* corrupt DER - invert last byte, which is signature */
            cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];

            /* test bad cert */
            ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC);
        }

        printf("Signature failure test: ECC: Ret %d\n", ret);

        if (cert_buf)
            free(cert_buf);

#ifdef FP_ECC
    wc_ecc_fp_free();
#endif
        return ret;
    }

#endif /* NO_CERTS */

#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
#ifdef WC_SHA384_DIGEST_SIZE
    static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
#else
    static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
#endif
#endif
#ifdef WOLFSSL_EARLY_DATA
static const char earlyData[] = "Early Data";
static       char earlyDataBuffer[1];
#endif

static int test_tls13_apis(void)
{
    int          ret = 0;
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_CLIENT
    WOLFSSL_CTX* clientTls12Ctx;
    WOLFSSL*     clientTls12Ssl;
#endif
#ifndef NO_WOLFSSL_SERVER
    WOLFSSL_CTX* serverTls12Ctx;
    WOLFSSL*     serverTls12Ssl;
#endif
#endif
#ifndef NO_WOLFSSL_CLIENT
    WOLFSSL_CTX* clientCtx;
    WOLFSSL*     clientSsl;
#endif
#ifndef NO_WOLFSSL_SERVER
    WOLFSSL_CTX* serverCtx;
    WOLFSSL*     serverSsl;
#ifndef NO_CERTS
    const char*  ourCert = svrCertFile;
    const char*  ourKey  = svrKeyFile;
#endif
#endif
    int          required;
#ifdef WOLFSSL_EARLY_DATA
    int          outSz;
#endif
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
    int          groups[2] = { WOLFSSL_ECC_SECP256R1,
#ifdef HAVE_LIBOQS
                               WOLFSSL_SABER_LEVEL3
#else
                               WOLFSSL_ECC_SECP256R1
#endif
                             };
    int          bad_groups[2] = { 0xDEAD, 0xBEEF };
    int          numGroups = 2;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
    char         groupList[] =
#ifndef NO_ECC_SECP
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
            "P-521:"
#endif
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
            "P-384:"
#endif
#if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
            "P-256"
#ifdef HAVE_LIBOQS
            ":P256_SABER_LEVEL1"
#endif
#endif
#ifdef HAVE_LIBOQS
            ":KYBER_LEVEL1"
#endif
            "";
#endif /* !defined(NO_ECC_SECP) */
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */

#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_CLIENT
    clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
#endif
#ifndef NO_WOLFSSL_SERVER
    serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#ifndef NO_CERTS
    wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
    wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif
    serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
#endif
#endif

#ifndef NO_WOLFSSL_CLIENT
    clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
    clientSsl = wolfSSL_new(clientCtx);
#endif
#ifndef NO_WOLFSSL_SERVER
    serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#ifndef NO_CERTS
    wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
    wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif
    serverSsl = wolfSSL_new(serverCtx);
#endif

#ifdef WOLFSSL_SEND_HRR_COOKIE
    AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG);
#endif

    AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
                WOLFSSL_SUCCESS);
#endif
#endif

#ifdef HAVE_SUPPORTED_CURVES
#ifdef HAVE_ECC
    AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),
                WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
                WOLFSSL_SUCCESS);
#endif
    AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
                WOLFSSL_SUCCESS);
#endif
#elif defined(HAVE_CURVE25519)
    AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
                WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
                WOLFSSL_SUCCESS);
#endif
    AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
                WOLFSSL_SUCCESS);
#endif
#elif defined(HAVE_CURVE448)
    AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
                WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
                WOLFSSL_SUCCESS);
#endif
    AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
                WOLFSSL_SUCCESS);
#endif
#else
    AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
                NOT_COMPILED_IN);
#endif
    AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
                NOT_COMPILED_IN);
#endif
#endif

#if defined(HAVE_LIBOQS)
    AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
                WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
                WOLFSSL_SUCCESS);
#endif
#endif

    AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
#endif
    AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
#endif
#endif /* HAVE_SUPPORTED_CURVES */

    AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
#endif

    AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
#endif

    AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
#endif

    AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
#endif

    AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
#endif

    AssertIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
#endif

#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
    AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
#endif

    AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
#endif

    AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
#endif
#endif

#ifdef HAVE_ECC
#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
    AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
#endif
#endif

#ifdef HAVE_SUPPORTED_CURVES
    AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
                                       WOLFSSL_MAX_GROUP_COUNT + 1),
                BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
                WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
                BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
                WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
                BAD_FUNC_ARG);
#endif

    AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_set_groups(clientSsl, groups,
                                   WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
                WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
                BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
                WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
                BAD_FUNC_ARG);
#endif

#ifdef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE);
#endif
    AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
                WOLFSSL_FAILURE);
#endif
    AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
                WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
                WOLFSSL_SUCCESS);
#endif

    AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
#endif
    AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
                WOLFSSL_FAILURE);
#endif
    AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
                WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
                WOLFSSL_SUCCESS);
#endif
#endif /* OPENSSL_EXTRA */
#endif /* HAVE_SUPPORTED_CURVES */
#endif /* HAVE_ECC */

#ifdef WOLFSSL_EARLY_DATA
#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
#else
    AssertIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
    AssertIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
#else
    AssertIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
    AssertIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
#else
    AssertIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
                BAD_FUNC_ARG);
    AssertIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
#endif
#endif
#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
    AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
#else
    AssertIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
    AssertIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32);
#endif
#endif

#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
#else
    AssertIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
    AssertIntEQ(wolfSSL_get_max_early_data(clientSsl), SIDE_ERROR);
#else
    AssertIntEQ(SSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
    AssertIntEQ(SSL_get_max_early_data(clientSsl), SIDE_ERROR);
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
#else
    AssertIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
    AssertIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
#endif
#endif
#ifndef OPENSSL_EXTRA
    AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
    AssertIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
#else
    AssertIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);
    AssertIntEQ(SSL_get_max_early_data(serverSsl), 16);
#endif
#endif


    AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
                                         &outSz), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
                                         &outSz), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
                BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
                                         sizeof(earlyData), NULL),
                BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
                                         sizeof(earlyData), &outSz),
                SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
                                         sizeof(earlyData), &outSz),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
                                         sizeof(earlyData), &outSz),
                WOLFSSL_FATAL_ERROR);
#endif

    AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
                                        sizeof(earlyDataBuffer), &outSz),
                BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
    AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
                                        sizeof(earlyDataBuffer), &outSz),
                BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz),
                BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
                                        sizeof(earlyDataBuffer), NULL),
                BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
    AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
                                        sizeof(earlyDataBuffer), &outSz),
                SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
    AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
                                        sizeof(earlyDataBuffer), &outSz),
                BAD_FUNC_ARG);
#endif
    AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
                                        sizeof(earlyDataBuffer), &outSz),
                WOLFSSL_FATAL_ERROR);
#endif
#endif

#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA)
    AssertIntLT(SSL_get_early_data_status(NULL), 0);
#endif


#ifndef NO_WOLFSSL_SERVER
    wolfSSL_free(serverSsl);
    wolfSSL_CTX_free(serverCtx);
#endif
#ifndef NO_WOLFSSL_CLIENT
    wolfSSL_free(clientSsl);
    wolfSSL_CTX_free(clientCtx);
#endif

#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
    wolfSSL_free(serverTls12Ssl);
    wolfSSL_CTX_free(serverTls12Ctx);
#endif
#ifndef NO_WOLFSSL_CLIENT
    wolfSSL_free(clientTls12Ssl);
    wolfSSL_CTX_free(clientTls12Ctx);
#endif
#endif

    return ret;
}

#endif

#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
    !defined(NO_OLD_TLS))
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
        !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
        !defined(NO_AES) && defined(HAVE_AES_CBC) && \
         defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
        const unsigned char* priv, unsigned int privSz,
        const unsigned char* pubKeyDer, unsigned int pubKeySz,
        unsigned char* out, unsigned int* outlen,
        void* ctx)
{
    int result;
    /* Test fail when context associated with WOLFSSL is NULL */
    if (ctx == NULL) {
        return -1;
    }

    (void)ssl;
    /* return 0 on success */
    PRIVATE_KEY_UNLOCK();
    result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
    PRIVATE_KEY_LOCK();
    return result;
}

static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
    wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
    AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
            WOLFSSL_SUCCESS);
#endif
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
    AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
            WOLFSSL_SUCCESS);
#endif
}

static void test_dh_ssl_setup(WOLFSSL* ssl)
{
    static int dh_test_ctx = 1;
    int ret;

    wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
    AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
    ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
        AssertIntEQ(ret, WOLFSSL_SUCCESS);
    }
}

static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
{
    int ret;

    wolfSSL_SetDhAgreeCtx(ssl, NULL);
    AssertNull(wolfSSL_GetDhAgreeCtx(ssl));
    ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
        AssertIntEQ(ret, WOLFSSL_SUCCESS);
    }
}
#endif

static void test_DhCallbacks(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
        !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
        !defined(NO_AES) && defined(HAVE_AES_CBC) && \
         defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
    WOLFSSL_CTX *ctx;
    WOLFSSL     *ssl;
    tcp_ready   ready;
    func_args   server_args;
    func_args   client_args;
    THREAD_TYPE serverThread;
    callback_functions func_cb_client;
    callback_functions func_cb_server;
    int  test;

    printf(testingFmt, "test_DhCallbacks");

#ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif

    AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);

    wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);

    /* load client ca cert */
    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
            WOLFSSL_SUCCESS);

    /* test with NULL arguments */
    wolfSSL_SetDhAgreeCtx(NULL, &test);
    AssertNull(wolfSSL_GetDhAgreeCtx(NULL));

    /* test success case */
    test = 1;
    AssertNotNull(ssl = wolfSSL_new(ctx));
    wolfSSL_SetDhAgreeCtx(ssl, &test);
    AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);

    /* test a connection where callback is used */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
    XMEMSET(&func_cb_server, 0, sizeof(callback_functions));

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    server_args.return_code = TEST_FAIL;
    client_args.return_code = TEST_FAIL;

    /* set callbacks to use DH functions */
    func_cb_client.ctx_ready = &test_dh_ctx_setup;
    func_cb_client.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
    func_cb_client.method = wolfTLSv1_2_client_method;
#else
    func_cb_client.method = wolfTLSv1_3_client_method;
#endif
    client_args.callbacks = &func_cb_client;

    func_cb_server.ctx_ready = &test_dh_ctx_setup;
    func_cb_server.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
    func_cb_server.method = wolfTLSv1_2_server_method;
#else
    func_cb_server.method = wolfTLSv1_3_server_method;
#endif
    server_args.callbacks = &func_cb_server;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    /* now set user ctx to not be 1 so that the callback returns fail case */
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
    XMEMSET(&func_cb_server, 0, sizeof(callback_functions));

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    server_args.return_code = TEST_FAIL;
    client_args.return_code = TEST_FAIL;

    /* set callbacks to use DH functions */
    func_cb_client.ctx_ready = &test_dh_ctx_setup;
    func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
    func_cb_client.method = wolfTLSv1_2_client_method;
#else
    func_cb_client.method = wolfTLSv1_3_client_method;
#endif
    client_args.callbacks = &func_cb_client;

    func_cb_server.ctx_ready = &test_dh_ctx_setup;
    func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
    func_cb_server.method = wolfTLSv1_2_server_method;
#else
    func_cb_server.method = wolfTLSv1_3_server_method;
#endif
    server_args.callbacks = &func_cb_server;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, NULL);
    join_thread(serverThread);

    AssertIntEQ(client_args.return_code, TEST_FAIL);
    AssertIntEQ(server_args.return_code, TEST_FAIL);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    printf(resultFmt, passed);
#endif
}
#endif /* HAVE_PK_CALLBACKS */

#ifdef HAVE_HASHDRBG

#ifdef TEST_RESEED_INTERVAL
static int test_wc_RNG_GenerateBlock_Reseed(void)
{
    int i, ret;
    WC_RNG rng;
    byte key[32];

    ret = wc_InitRng(&rng);

    if (ret == 0) {
        for(i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
            ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
            if (ret != 0) {
                break;
            }
        }
    }

    wc_FreeRng(&rng);

    return ret;
}
#endif /* TEST_RESEED_INTERVAL */

static int test_wc_RNG_GenerateBlock(void)
{
    int i, ret;
    WC_RNG rng;
    byte key[32];

    ret = wc_InitRng(&rng);

    if (ret == 0) {
        for(i = 0; i < 10; i++) {
            ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
            if (ret != 0) {
                break;
            }
        }
    }

    wc_FreeRng(&rng);

    (void)rng; /* for WC_NO_RNG case */
    (void)key;

    return ret;
}
#endif
/*
 * Testing get_rand_digit
 */
static int test_get_rand_digit (void)
{
    int ret = 0;
#if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)

    WC_RNG      rng;
    mp_digit    d;

    printf(testingFmt, "get_rand_digit()");

    ret = wc_InitRng(&rng);

    if (ret == 0) {
        ret = get_rand_digit(&rng, &d);
    }
    if (ret == 0) {
        ret = get_rand_digit(NULL, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = get_rand_digit(NULL, &d);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = get_rand_digit(&rng, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }

    if (ret == 0) {
        ret = wc_FreeRng(&rng);
    }

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;

}/* End test_get_rand_digit*/
/*
 * Testing get_digit_count
 */
static int test_get_digit_count (void)
{
    int ret = 0;
#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
    mp_int a;

    printf(testingFmt, "get_digit_count()");

    if (mp_init(&a) != MP_OKAY) {
        ret = -1;
    }
    if (ret == 0) {
        ret = get_digit_count(NULL);
    }
    if (ret == 0) {
        ret = get_digit_count(&a);
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    mp_clear(&a);
#endif
    return ret;

}/* End test_get_digit_count*/
/*
 * Testing mp_cond_copy
 */
static int test_mp_cond_copy (void)
{
    int     ret = 0;
#if defined(WOLFSSL_PUBLIC_MP)
    mp_int  a;
    mp_int  b;
    int     copy = 0;

    printf(testingFmt, "mp_cond_copy()");

    if (mp_init(&a) != MP_OKAY) {
        ret = -1;
    }
    if (ret == 0) {
        if (mp_init(&b) != MP_OKAY) {
            ret = -1;
        }
    }
    if (ret == 0) {
        ret = mp_cond_copy(NULL, copy, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = mp_cond_copy(NULL, copy, &b);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = mp_cond_copy(&a, copy, NULL);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = mp_cond_copy(&a, copy, &b);
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    mp_clear(&a);
    mp_clear(&b);
#endif
    return ret;

}/* End test_mp_cond_copy*/
/*
 * Testing mp_rand
 */
static int test_mp_rand (void)
{
    int ret = 0;
#if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
    mp_int  a;
    int     digits = 1;
    WC_RNG  rng;

    printf(testingFmt, "mp_rand()");

    if (mp_init(&a) != MP_OKAY) {
        ret = -1;
    }
    if (ret == 0) {
        ret = wc_InitRng(&rng);
    }

    if (ret == 0) {
        ret = mp_rand(&a, digits, NULL);
        if (ret == MISSING_RNG_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = mp_rand(NULL, digits, &rng);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = mp_rand(&a, 0, &rng);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        ret = mp_rand(&a, digits, &rng);
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    mp_clear(&a);
    wc_FreeRng(&rng);
#endif
    return ret;
}/* End test_mp_rand*/
/*
 * Testing get_digit
 */
static int test_get_digit (void)
{
    int     ret = 0;
#if defined(WOLFSSL_PUBLIC_MP)
    mp_int  a;
    int     n = 0;

    printf(testingFmt, "get_digit()");

    if (mp_init(&a) != MP_OKAY) {
        ret = -1;
    }
    if (ret == 0) {
        if (get_digit(NULL, n) != 0) { /* Should not hit this */
            ret = -1;
        }
    }
    if (ret == 0) {
        if (get_digit(NULL, n) == 0) { /* Should hit this */
            ret = 0;
        }
    }
    if (ret == 0) {
        if (get_digit(&a, n) != 0) { /* Should not hit this */
            ret = -1;
        }
    }
    if (ret == 0) {
        if (get_digit(&a, n) == 0) { /* Should hit this */
            ret = 0;
        }
    }


    printf(resultFmt, ret == 0 ? passed : failed);
    mp_clear(&a);
#endif
    return ret;
}/* End test_get_digit*/
/*
 * Testing wc_export_int
 */
static int test_wc_export_int(void)
{
    int         ret = 0;
#if defined(WOLFSSL_PUBLIC_MP)
    mp_int      mp;
    byte        buf[32];
    word32      keySz = (word32)sizeof(buf);
    word32      len = (word32)sizeof(buf);

    printf(testingFmt, "wc_export_int()");

    if (mp_init(&mp) != MP_OKAY) {
        ret = -1;
    }
    if (ret == 0) {
        ret = mp_set_int(&mp, 1234);
    }
    if (ret == 0) {
        ret = wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
    if (ret == 0) {
        len = sizeof(buf)-1;
        ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
        if (ret == BUFFER_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        len = sizeof(buf);
        ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
    }
    if (ret == 0) {
        len = 4; /* test input too small */
        ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
        if (ret == BUFFER_E) {
            ret = 0;
        }
    }
    if (ret == 0) {
        len = sizeof(buf);
        ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
        /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
        if (ret == 0 && len != 5) {
            ret = BAD_FUNC_ARG;
        }
    }

    printf(resultFmt, ret == 0 ? passed : failed);
    mp_clear(&mp);
#endif
    return ret;

}/* End test_wc_export_int*/
static int test_wc_InitRngNonce(void)
{
    int     ret=0;
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
   (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
    WC_RNG  rng;
    byte    nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
                      "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
    word32  nonceSz = sizeof(nonce);


    printf(testingFmt, "wc_InitRngNonce()");

    if (ret == 0){
        ret = wc_InitRngNonce(&rng, nonce, nonceSz);
    }

    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/* End test_wc_InitRngNonce*/
/*
 * Testing wc_InitRngNonce_ex
 */
static int test_wc_InitRngNonce_ex(void)
{
    int     ret=0;
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
   (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
    WC_RNG  rng;
    byte    nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
                      "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
    word32  nonceSz = sizeof(nonce);

    printf(testingFmt, "wc_InitRngNonce_ex()");

    if (ret == 0){
        ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, devId);
    }

    wc_FreeRng(&rng);

    printf(resultFmt, ret == 0 ? passed : failed);
#endif
    return ret;
}/*End test_wc_InitRngNonce_ex*/



static void test_wolfSSL_X509_CRL(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)

    X509_CRL *crl;
    char pem[][100] = {
        "./certs/crl/crl.pem",
        "./certs/crl/crl2.pem",
        "./certs/crl/caEccCrl.pem",
        "./certs/crl/eccCliCRL.pem",
        "./certs/crl/eccSrvCRL.pem",
        ""
    };
#ifndef NO_BIO
    BIO *bio;
#endif

#ifdef HAVE_TEST_d2i_X509_CRL_fp
    char der[][100] = {
        "./certs/crl/crl.der",
        "./certs/crl/crl2.der",
        ""};
#endif

    XFILE fp;
    int i;

    printf(testingFmt, "test_wolfSSL_X509_CRL");

    for (i = 0; pem[i][0] != '\0'; i++)
    {
        fp = XFOPEN(pem[i], "rb");
        AssertTrue((fp != XBADFILE));
        AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
        AssertNotNull(crl);
        X509_CRL_free(crl);
        XFCLOSE(fp);
        fp = XFOPEN(pem[i], "rb");
        AssertTrue((fp != XBADFILE));
        AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL));
        AssertNotNull(crl);
        X509_CRL_free(crl);
        XFCLOSE(fp);
    }

#ifndef NO_BIO
    for (i = 0; pem[i][0] != '\0'; i++)
    {
        AssertNotNull(bio = BIO_new_file(pem[i], "rb"));
        AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
        X509_CRL_free(crl);
        BIO_free(bio);
    }
#endif

#ifdef HAVE_TEST_d2i_X509_CRL_fp
    for(i = 0; der[i][0] != '\0'; i++){
        fp = XFOPEN(der[i], "rb");
        AssertTrue((fp != XBADFILE));
        AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
        AssertNotNull(crl);
        X509_CRL_free(crl);
        XFCLOSE(fp);
        fp = XFOPEN(der[i], "rb");
        AssertTrue((fp != XBADFILE));
        AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
        AssertNotNull(crl);
        X509_CRL_free(crl);
        XFCLOSE(fp);
    }
#endif

    printf(resultFmt, passed);
#endif
        return;
}

static void test_wolfSSL_X509_load_crl_file(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
    !defined(NO_RSA) && !defined(NO_BIO)
    int i;
    char pem[][100] = {
        "./certs/crl/crl.pem",
        "./certs/crl/crl2.pem",
        "./certs/crl/caEccCrl.pem",
        "./certs/crl/eccCliCRL.pem",
        "./certs/crl/eccSrvCRL.pem",
        ""
    };
    char der[][100] = {
        "./certs/crl/crl.der",
        "./certs/crl/crl2.der",
        ""
    };
    WOLFSSL_X509_STORE*  store;
    WOLFSSL_X509_LOOKUP* lookup;

    printf(testingFmt, "wolfSSL_X509_load_crl_file");

    AssertNotNull(store = wolfSSL_X509_STORE_new());
    AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));

    AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
                                              X509_FILETYPE_PEM), 1);
    AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
                                              X509_FILETYPE_PEM), 1);
    if (store) {
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
                    WOLFSSL_FILETYPE_PEM), 1);
        /* since store hasn't yet known the revoked cert*/
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
                    WOLFSSL_FILETYPE_PEM), 1);
    }

    for (i = 0; pem[i][0] != '\0'; i++)
    {
        AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
    }

    if (store) {
        /* since store knows crl list */
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
                   WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
    }
    /* once feeing store */
    X509_STORE_free(store);
    store = NULL;

    AssertNotNull(store = wolfSSL_X509_STORE_new());
    AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));

    AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
                                              X509_FILETYPE_PEM), 1);
    AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
                                              X509_FILETYPE_PEM), 1);
    if (store) {
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
                    WOLFSSL_FILETYPE_PEM), 1);
        /* since store hasn't yet known the revoked cert*/
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
                    WOLFSSL_FILETYPE_PEM), 1);
    }

    for (i = 0; der[i][0] != '\0'; i++)
    {
        AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
    }

    if (store) {
        /* since store knows crl list */
        AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
                   WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
    }

    /* test for incorrect parameter */
    AssertIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0);
    AssertIntEQ(X509_load_crl_file(lookup, NULL, 0), 0);
    AssertIntEQ(X509_load_crl_file(NULL, NULL, 0), 0);

    X509_STORE_free(store);
    store = NULL;

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_d2i_X509_REQ(void)
{
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \
    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
    /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
     * generated by libest
     * ./certs/csr.attr.der contains sample attributes
     * ./certs/csr.ext.der contains sample extensions */
    const char* csrFile = "./certs/csr.signed.der";
    const char* csrPopFile = "./certs/csr.attr.der";
    const char* csrExtFile = "./certs/csr.ext.der";
    /* ./certs/csr.dsa.pem is generated using
     * openssl req -newkey dsa:certs/dsaparams.pem \
     *     -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
     *     -outform PEM
     * with the passphrase "wolfSSL"
     */
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
    const char* csrDsaFile = "./certs/csr.dsa.pem";
    XFILE f;
#endif
    BIO* bio = NULL;
    X509* req = NULL;
    EVP_PKEY *pub_key = NULL;

    {
        AssertNotNull(bio = BIO_new_file(csrFile, "rb"));
        AssertNotNull(d2i_X509_REQ_bio(bio, &req));

        /*
         * Extract the public key from the CSR
         */
        AssertNotNull(pub_key = X509_REQ_get_pubkey(req));

        /*
         * Verify the signature in the CSR
         */
        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);

        X509_free(req);
        BIO_free(bio);
        EVP_PKEY_free(pub_key);
    }
    {
#ifdef OPENSSL_ALL
        X509_ATTRIBUTE* attr;
        ASN1_TYPE *at;
#endif
        AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
        AssertNotNull(d2i_X509_REQ_bio(bio, &req));

        /*
         * Extract the public key from the CSR
         */
        AssertNotNull(pub_key = X509_REQ_get_pubkey(req));

        /*
         * Verify the signature in the CSR
         */
        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);

#ifdef OPENSSL_ALL
        /*
         * Obtain the challenge password from the CSR
         */
        AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
                NID_pkcs9_challengePassword);
        AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
        AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
        AssertNotNull(at->value.asn1_string);
        AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
        AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1);
#endif

        X509_free(req);
        BIO_free(bio);
        EVP_PKEY_free(pub_key);
    }
    {
#ifdef OPENSSL_ALL
        X509_ATTRIBUTE* attr;
        ASN1_TYPE *at;
        STACK_OF(X509_EXTENSION) *exts = NULL;
#endif
        AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
        /* This CSR contains an Extension Request attribute so
         * we test extension parsing in a CSR attribute here. */
        AssertNotNull(d2i_X509_REQ_bio(bio, &req));

        /*
         * Extract the public key from the CSR
         */
        AssertNotNull(pub_key = X509_REQ_get_pubkey(req));

        /*
         * Verify the signature in the CSR
         */
        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);

#ifdef OPENSSL_ALL
        AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req));
        AssertIntEQ(sk_X509_EXTENSION_num(exts), 2);
        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
        /*
         * Obtain the challenge password from the CSR
         */
        AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
                NID_pkcs9_challengePassword);
        AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
        AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
        AssertNotNull(at->value.asn1_string);
        AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
        AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0);
        AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0);
#endif

        X509_free(req);
        BIO_free(bio);
        EVP_PKEY_free(pub_key);
    }
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
    {
        AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
        AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));

        /*
         * Extract the public key from the CSR
         */
        AssertNotNull(pub_key = X509_REQ_get_pubkey(req));

        /*
         * Verify the signature in the CSR
         */
        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);

        X509_free(req);
        BIO_free(bio);

        /* Run the same test, but with a file pointer instead of a BIO.
         * (PEM_read_X509_REQ)*/
        AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
        AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);

        X509_free(req);
        EVP_PKEY_free(pub_key);
    }
#endif /* !NO_DSA && !HAVE_SELFTEST */
#endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
}

static void test_wolfSSL_PEM_read_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
    !defined(NO_RSA)
    X509 *x509 = NULL;
    XFILE fp;

    printf(testingFmt, "wolfSSL_PEM_read_X509");
    fp = XFOPEN(svrCertFile, "rb");
    AssertTrue((fp != XBADFILE));
    AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL));
    X509_free(x509);
    XFCLOSE(fp);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_PEM_read(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
    const char* filename = "./certs/server-keyEnc.pem";
    XFILE fp;
    char* name = NULL;
    char* header = NULL;
    byte* data = NULL;
    long len;
    EVP_CIPHER_INFO cipher;
    WOLFSSL_BIO* bio;
    byte* fileData;
    size_t fileDataSz;
    byte* out;

    printf(testingFmt, "wolfSSL_PEM_read");
    fp = XFOPEN(filename, "rb");
    AssertTrue((fp != XBADFILE));

    /* Fail cases. */
    AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
    AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
    AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
    AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);

    AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);

    AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
    AssertIntGT(XSTRLEN(header), 0);
    AssertIntGT(len, 0);

    AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
    AssertIntGT((fileDataSz = XFTELL(fp)), 0);
    AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
    AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
                                                      DYNAMIC_TYPE_TMP_BUFFER));
    AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
    XFCLOSE(fp);

    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));

    /* Fail cases. */
    AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0);
    AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0);
    AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0);
    AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0);

    AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
    AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
    AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);

    /* Fail cases. */
    AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
    AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);

#ifndef NO_DES3
    AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
#endif

    /* Fail cases. */
    AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
                              (void*)"yassl123"), WOLFSSL_FAILURE);
    AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
                              (void*)"yassl123"), WOLFSSL_FAILURE);
    AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL,
                              (void*)"yassl123"), WOLFSSL_FAILURE);

#if !defined(NO_DES3) && !defined(NO_MD5)
    AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
                              (void*)"yassl123"), WOLFSSL_SUCCESS);
#endif

    BIO_free(bio);
    XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    name = NULL;
    header = NULL;
    data = NULL;
    fp = XFOPEN(svrKeyFile, "rb");
    AssertTrue((fp != XBADFILE));
    AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
    AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
    AssertIntEQ(XSTRLEN(header), 0);
    AssertIntGT(len, 0);

    AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
    AssertIntGT((fileDataSz = XFTELL(fp)), 0);
    AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
    AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
                                                      DYNAMIC_TYPE_TMP_BUFFER));
    AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
    XFCLOSE(fp);

    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
    AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
    AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
    AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);

    BIO_free(bio);
    XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    printf(resultFmt, passed);
#endif
}

static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
    !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
    const byte iv[12] = { 0 };
    const byte key[16] = { 0 };
    const byte cleartext[16] = { 0 };
    const byte aad[] = {
        0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
        0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93,
        0x4f
    };
    byte out1Part[16];
    byte outTag1Part[16];
    byte out2Part[16];
    byte outTag2Part[16];
    byte decryptBuf[16];
    int len;
    int tlen;
    EVP_CIPHER_CTX* ctx = NULL;

    printf(testingFmt, "wolfssl_EVP_aes_gcm_AAD_2_parts");

    /* ENCRYPT */
    /* Send AAD and data in 1 part */
    AssertNotNull(ctx = EVP_CIPHER_CTX_new());
    tlen = 0;
    AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
                1);
    AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
    AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
    AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext,
                                  sizeof(cleartext)), 1);
    tlen += len;
    AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
    tlen += len;
    AssertIntEQ(tlen, sizeof(cleartext));
    AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
                                    outTag1Part), 1);
    EVP_CIPHER_CTX_free(ctx);

    /* DECRYPT */
    /* Send AAD and data in 1 part */
    AssertNotNull(ctx = EVP_CIPHER_CTX_new());
    tlen = 0;
    AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
                1);
    AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
    AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
    AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part,
                                  sizeof(cleartext)), 1);
    tlen += len;
    AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
                                    outTag1Part), 1);
    AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
    tlen += len;
    AssertIntEQ(tlen, sizeof(cleartext));
    EVP_CIPHER_CTX_free(ctx);

    AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);

    /* ENCRYPT */
    /* Send AAD and data in 2 parts */
    AssertNotNull(ctx = EVP_CIPHER_CTX_new());
    tlen = 0;
    AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
                1);
    AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
    AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1);
    AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
                1);
    AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1);
    tlen += len;
    AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1,
                                  sizeof(cleartext) - 1), 1);
    tlen += len;
    AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1);
    tlen += len;
    AssertIntEQ(tlen, sizeof(cleartext));
    AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
                                    outTag2Part), 1);

    AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
    AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
    EVP_CIPHER_CTX_free(ctx);

    /* DECRYPT */
    /* Send AAD and data in 2 parts */
    AssertNotNull(ctx = EVP_CIPHER_CTX_new());
    tlen = 0;
    AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
                1);
    AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
    AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1);
    AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
                1);
    AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
    tlen += len;
    AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1,
                                  sizeof(cleartext) - 1), 1);
    tlen += len;
    AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
                                    outTag1Part), 1);
    AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1);
    tlen += len;
    AssertIntEQ(tlen, sizeof(cleartext));

    AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);

    /* Test AAD re-use */
    EVP_CIPHER_CTX_free(ctx);

    printf(resultFmt, passed);
#endif
}

#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
    !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
static void test_wolfssl_EVP_aes_gcm_zeroLen(void)
{
    /* Zero length plain text */

    byte key[] = {
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    }; /* align */
    byte iv[]  = {
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    }; /* align */
    byte plaintxt[1];
    int ivSz  = 12;
    int plaintxtSz = 0;
    unsigned char tag[16];
    unsigned char tag_kat[] =
        {0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9,
        0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b};

    byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
    byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
    int ciphertxtSz = 0;
    int decryptedtxtSz = 0;
    int len = 0;

    EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();

    AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv));
    AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
    AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
                                     plaintxtSz));
    AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
    ciphertxtSz += len;
    AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
    AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en));

    AssertIntEQ(0, ciphertxtSz);
    AssertIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag)));

    EVP_CIPHER_CTX_init(de);
    AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv));
    AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
    AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
    decryptedtxtSz = len;
    AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag));
    AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
    decryptedtxtSz += len;
    AssertIntEQ(0, decryptedtxtSz);

    EVP_CIPHER_CTX_free(en);
    EVP_CIPHER_CTX_free(de);
}
#endif

static void test_wolfssl_EVP_aes_gcm(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
    !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)

    /* A 256 bit key, AES_128 will use the first 128 bit*/
    byte *key = (byte*)"01234567890123456789012345678901";
    /* A 128 bit IV */
    byte *iv = (byte*)"0123456789012345";
    int ivSz = AES_BLOCK_SIZE;
    /* Message to be encrypted */
    byte *plaintxt = (byte*)"for things to change you have to change";
    /* Additional non-confidential data */
    byte *aad = (byte*)"Don't spend major time on minor things.";

    unsigned char tag[AES_BLOCK_SIZE] = {0};
    int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
    int aadSz = (int)XSTRLEN((char*)aad);
    byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
    byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
    int ciphertxtSz = 0;
    int decryptedtxtSz = 0;
    int len = 0;
    int i = 0;
    EVP_CIPHER_CTX en[2];
    EVP_CIPHER_CTX de[2];

    printf(testingFmt, "wolfssl_EVP_aes_gcm");

    for (i = 0; i < 2; i++) {

        EVP_CIPHER_CTX_init(&en[i]);

        if (i == 0) {
            /* Default uses 96-bits IV length */
#ifdef WOLFSSL_AES_128
            AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_192)
            AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_256)
            AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv));
#endif
        }
        else {
#ifdef WOLFSSL_AES_128
            AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_192)
            AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_256)
            AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
#endif
             /* non-default must to set the IV length first */
            AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
            AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
        }
        AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
        AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
        ciphertxtSz = len;
        AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
        ciphertxtSz += len;
        AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag));
        AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);

        EVP_CIPHER_CTX_init(&de[i]);
        if (i == 0) {
            /* Default uses 96-bits IV length */
#ifdef WOLFSSL_AES_128
            AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_192)
            AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_256)
            AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
#endif
        }
        else {
#ifdef WOLFSSL_AES_128
            AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_192)
            AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_256)
            AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
#endif
            /* non-default must to set the IV length first */
            AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
            AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));

        }
        AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
        AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
        decryptedtxtSz = len;
        AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
        AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
        decryptedtxtSz += len;
        AssertIntEQ(ciphertxtSz, decryptedtxtSz);
        AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));

        /* modify tag*/
        tag[AES_BLOCK_SIZE-1]+=0xBB;
        AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
        AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
        /* fail due to wrong tag */
        AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
        AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
        AssertIntEQ(0, len);
        AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
    }

    test_wolfssl_EVP_aes_gcm_zeroLen();

    printf(resultFmt, passed);

#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
}

#ifndef NO_BIO
static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    BIO* bio;
    X509_INFO* info;
    STACK_OF(X509_INFO)* sk;
    char* subject;
    char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
    char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";

    printf(testingFmt, "wolfSSL_PEM_X509_INFO_read_bio");
    AssertNotNull(bio = BIO_new(BIO_s_file()));
    AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
    AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
    AssertIntEQ(sk_X509_INFO_num(sk), 2);

    /* using dereference to maintain testing for Apache port*/
    AssertNotNull(info = sk_X509_INFO_pop(sk));
    AssertNotNull(info->x_pkey);
    AssertNotNull(info->x_pkey->dec_pkey);
    AssertIntEQ(EVP_PKEY_bits(info->x_pkey->dec_pkey), 2048);
    AssertNotNull(subject =
            X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));

    AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
    XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
    X509_INFO_free(info);

    AssertNotNull(info = sk_X509_INFO_pop(sk));
    AssertNotNull(subject =
            X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));

    AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
    XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
    X509_INFO_free(info);
    AssertNull(info = sk_X509_INFO_pop(sk));

    sk_X509_INFO_pop_free(sk, X509_INFO_free);
    BIO_free(bio);
    printf(resultFmt, passed);
#endif
}
#endif /* !NO_BIO */

static void test_wolfSSL_X509_NAME_ENTRY_get_object(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    X509 *x509;
    X509_NAME* name;
    int idx = 0;
    X509_NAME_ENTRY *ne;
    ASN1_OBJECT *object = NULL;

    printf(testingFmt, "wolfSSL_X509_NAME_ENTRY_get_object");
    x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);
    name = X509_get_subject_name(x509);
    idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
    AssertIntGE(idx, 0);

    ne = X509_NAME_get_entry(name, idx);
    AssertNotNull(ne);
    AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));

    X509_free(x509);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_ASN1_INTEGER_get_set(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
    ASN1_INTEGER *a;
    long val;
    int ret;

    printf(testingFmt, "test_wolfSSL_ASN1_INTEGER_get_set");

    a = ASN1_INTEGER_new();
    val = 0;
    ret = ASN1_INTEGER_set(NULL, val);
    AssertIntEQ(ret, 0);
    ASN1_INTEGER_free(a);

    /* 0 */
    a = ASN1_INTEGER_new();
    val = 0;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    /* 40 */
    a = ASN1_INTEGER_new();
    val = 40;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    /* -40 */
    a = ASN1_INTEGER_new();
    val = -40;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    /* 128 */
    a = ASN1_INTEGER_new();
    val = 128;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    /* -128 */
    a = ASN1_INTEGER_new();
    val = -128;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    /* 200 */
    a = ASN1_INTEGER_new();
    val = 200;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    /* int max (2147483647) */
    a = ASN1_INTEGER_new();
    val = 2147483647;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    /* int min (-2147483648) */
    a = ASN1_INTEGER_new();
    val = -2147483647 - 1;
    ret = ASN1_INTEGER_set(a, val);
    AssertIntEQ(ret, 1);
    AssertIntEQ(ASN1_INTEGER_get(a), val);
    ASN1_INTEGER_free(a);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_X509_STORE_get1_certs(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
    X509_STORE_CTX *storeCtx;
    X509_STORE *store;
    X509 *caX509;
    X509 *svrX509;
    X509_NAME *subject;
    WOLF_STACK_OF(WOLFSSL_X509) *certs;

    printf(testingFmt, "wolfSSL_X509_STORE_get1_certs()");

    AssertNotNull(caX509 =
        X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
    AssertNotNull((svrX509 =
        wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
    AssertNotNull(storeCtx = X509_STORE_CTX_new());
    AssertNotNull(store = X509_STORE_new());
    AssertNotNull(subject = X509_get_subject_name(caX509));

    /* Errors */
    AssertNull(X509_STORE_get1_certs(storeCtx, subject));
    AssertNull(X509_STORE_get1_certs(NULL, subject));
    AssertNull(X509_STORE_get1_certs(storeCtx, NULL));

    AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS);
    AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS);

    /* Should find the cert */
    AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
    AssertIntEQ(1, wolfSSL_sk_X509_num(certs));

    sk_X509_pop_free(certs, NULL);

    /* Should not find the cert */
    AssertNotNull(subject = X509_get_subject_name(svrX509));
    AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
    AssertIntEQ(0, wolfSSL_sk_X509_num(certs));

    sk_X509_pop_free(certs, NULL);

    X509_STORE_free(store);
    X509_STORE_CTX_free(storeCtx);
    X509_free(svrX509);
    X509_free(caX509);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
}

/* Testing code used in dpp.c in hostap */
#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
typedef struct {
    /* AlgorithmIdentifier ecPublicKey with optional parameters present
     * as an OID identifying the curve */
    X509_ALGOR *alg;
    /* Compressed format public key per ANSI X9.63 */
    ASN1_BIT_STRING *pub_key;
} DPP_BOOTSTRAPPING_KEY;

ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
    ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
    ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY)

IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
#endif

static void test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
{
    /* Testing code used in dpp.c in hostap */
#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    EC_KEY *eckey;
    EVP_PKEY *key;
    size_t len;
    unsigned char *der = NULL;
    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
    const unsigned char *in = ecc_clikey_der_256;
    const EC_GROUP *group;
    const EC_POINT *point;
    int nid;

    AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());

    AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
                                       (long)sizeof_ecc_clikey_der_256));
    AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
    AssertNotNull(group = EC_KEY_get0_group(eckey));
    AssertNotNull(point = EC_KEY_get0_public_key(eckey));
    nid = EC_GROUP_get_curve_name(group);

    AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC),
                                V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1);
#ifdef HAVE_COMP_KEY
    AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
                                          NULL, 0, NULL)), 0);
#else
    AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
                                          NULL, 0, NULL)), 0);
#endif
    AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
#ifdef HAVE_COMP_KEY
    AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
                                   der, len, NULL), len);
#else
    AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
                                   der, len, NULL), len);
#endif
    bootstrap->pub_key->data = der;
    bootstrap->pub_key->length = (int)len;
    /* Not actually used */
    bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
    bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;

    der = NULL;
    AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);

    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
    EVP_PKEY_free(key);
    EC_KEY_free(eckey);
    DPP_BOOTSTRAPPING_KEY_free(bootstrap);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* WOLFSSL_WPAS && HAVE_ECC && USE_CERT_BUFFERS_256 */
}

static void test_wolfSSL_i2c_ASN1_INTEGER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
    ASN1_INTEGER *a;
    unsigned char *pp,*tpp;
    int ret;

    printf(testingFmt, "wolfSSL_i2c_ASN1_INTEGER");

    a = wolfSSL_ASN1_INTEGER_new();

    /* 40 */
    a->intData[0] = ASN_INTEGER;
    a->intData[1] = 1;
    a->intData[2] = 40;
    ret = i2c_ASN1_INTEGER(a, NULL);
    AssertIntEQ(ret, 1);
    AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
                DYNAMIC_TYPE_TMP_BUFFER));
    tpp = pp;
    XMEMSET(pp, 0, ret + 1);
    i2c_ASN1_INTEGER(a, &pp);
    pp--;
    AssertIntEQ(*pp, 40);
    XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    /* 128 */
    a->intData[0] = ASN_INTEGER;
    a->intData[1] = 1;
    a->intData[2] = 128;
    ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
    AssertIntEQ(ret, 2);
    AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
                DYNAMIC_TYPE_TMP_BUFFER));
    tpp = pp;
    XMEMSET(pp, 0, ret + 1);
    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
    pp--;
    AssertIntEQ(*(pp--), 128);
    AssertIntEQ(*pp, 0);
    XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    /* -40 */
    a->intData[0] = ASN_INTEGER;
    a->intData[1] = 1;
    a->intData[2] = 40;
    a->negative = 1;
    ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
    AssertIntEQ(ret, 1);
    AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
                DYNAMIC_TYPE_TMP_BUFFER));
    tpp = pp;
    XMEMSET(pp, 0, ret + 1);
    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
    pp--;
    AssertIntEQ(*pp, 216);
    XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    /* -128 */
    a->intData[0] = ASN_INTEGER;
    a->intData[1] = 1;
    a->intData[2] = 128;
    a->negative = 1;
    ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
    AssertIntEQ(ret, 1);
    AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
                DYNAMIC_TYPE_TMP_BUFFER));
    tpp = pp;
    XMEMSET(pp, 0, ret + 1);
    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
    pp--;
    AssertIntEQ(*pp, 128);
    XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);

    /* -200 */
    a->intData[0] = ASN_INTEGER;
    a->intData[1] = 1;
    a->intData[2] = 200;
    a->negative = 1;
    ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
    AssertIntEQ(ret, 2);
    AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
            DYNAMIC_TYPE_TMP_BUFFER));
    tpp = pp;
    XMEMSET(pp, 0, ret + 1);
    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
    pp--;
    AssertIntEQ(*(pp--), 56);
    AssertIntEQ(*pp, 255);

    XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    wolfSSL_ASN1_INTEGER_free(a);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN */
}

#ifndef NO_INLINE
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#else
#include <wolfssl/wolfcrypt/misc.h>
#endif

static int test_ForceZero(void)
{
    unsigned char data[32];
    unsigned int i, j, len;

    /* Test case with 0 length */
    ForceZero(data, 0);

    /* Test ForceZero */
    for (i = 0; i < sizeof(data); i++) {
        for (len = 1; len < sizeof(data) - i; len++) {
            for (j = 0; j < sizeof(data); j++)
                data[j] = j + 1;

            ForceZero(data + i, len);

            for (j = 0; j < sizeof(data); j++) {
                if (j < i || j >= i + len) {
                    if (data[j] == 0x00)
                        return -10200;
                }
                else if (data[j] != 0x00)
                    return -10201;
            }
        }
    }

    return 0;
}

#ifndef NO_BIO

static void test_wolfSSL_X509_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
    X509 *x509;
    BIO *bio;
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
    const X509_ALGOR *cert_sig_alg;
#endif

    printf(testingFmt, "wolfSSL_X509_print");
    x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
    AssertNotNull(x509);

    /* print to memory */
    AssertNotNull(bio = BIO_new(BIO_s_mem()));
    AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);

#if defined(WOLFSSL_QT)
    AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113);
#else
    AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103);
#endif
    BIO_free(bio);

    AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));

#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
    /* Print signature */
    AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
    AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
#endif

    /* print to stdout */
#if !defined(NO_WOLFSSL_DIR)
    AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
#endif
    /* print again */
    AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS);

    X509_free(x509);
    BIO_free(bio);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_RSA_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
   !defined(HAVE_FAST_RSA) && !defined(NO_BIO)
    BIO *bio;
    WOLFSSL_RSA* rsa = NULL;
    printf(testingFmt, "wolfSSL_RSA_print");

    AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
    AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
    AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);

    BIO_free(bio);
    RSA_free(rsa);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_BIO_get_len(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
    BIO *bio = NULL;
    const char txt[] = "Some example text to push to the BIO.";
    printf(testingFmt, "wolfSSL_BIO_get_len");

    AssertIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);

    AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));

    AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
    AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
    BIO_free(bio);

    AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
    AssertIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
    BIO_free(bio);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_ASN1_STRING_print(void){
#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
    ASN1_STRING* asnStr = NULL;
    const char HELLO_DATA[]= \
                      {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
    #define MAX_UNPRINTABLE_CHAR 32
    #define MAX_BUF 255
    unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
    unsigned char expected[sizeof(unprintableData)+1];
    unsigned char rbuf[MAX_BUF];

    BIO *bio;
    int p_len, i;

    printf(testingFmt, "wolfSSL_ASN1_STRING_print()");

    /* setup */

    for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
        unprintableData[i]  = HELLO_DATA[i];
        expected[i]         = HELLO_DATA[i];
    }

    for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
        unprintableData[sizeof(HELLO_DATA)+i] = i;

        if (i == (int)'\n' || i == (int)'\r')
            expected[sizeof(HELLO_DATA)+i] = i;
        else
            expected[sizeof(HELLO_DATA)+i] = '.';
    }

    unprintableData[sizeof(unprintableData)-1] = '\0';
    expected[sizeof(expected)-1] = '\0';

    XMEMSET(rbuf, 0, MAX_BUF);
    bio = BIO_new(BIO_s_mem());
    BIO_set_write_buf_size(bio, MAX_BUF);

    asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
    ASN1_STRING_set(asnStr,(const void*)unprintableData,
            (int)sizeof(unprintableData));
    /* test */
    p_len = wolfSSL_ASN1_STRING_print(bio, asnStr);
    AssertIntEQ(p_len, 46);
    BIO_read(bio, (void*)rbuf, 46);

    AssertStrEQ((char*)rbuf, (const char*)expected);

    BIO_free(bio);
    ASN1_STRING_free(asnStr);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */
}

#endif /* !NO_BIO */

static void test_wolfSSL_ASN1_get_object(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
    const unsigned char* derBuf = cliecc_cert_der_256;
    int len = sizeof_cliecc_cert_der_256;
    long asnLen = 0;
    int tag = 0, cls = 0;
    ASN1_OBJECT *a;

    printf(testingFmt, "wolfSSL_ASN1_get_object()");

    /* Read a couple TLV triplets and make sure they match the expected values */

    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
    AssertIntEQ(asnLen, 841);
    AssertIntEQ(tag, 0x10);
    AssertIntEQ(cls, 0);

    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
    AssertIntEQ(asnLen, 750);
    AssertIntEQ(tag, 0x10);
    AssertIntEQ(cls, 0);

    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
    AssertIntEQ(asnLen, 3);
    AssertIntEQ(tag, 0);
    AssertIntEQ(cls, 0x80);

    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
    AssertIntEQ(asnLen, 1);
    AssertIntEQ(tag, 0x2);
    AssertIntEQ(cls, 0);
    derBuf += asnLen;

    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
    AssertIntEQ(asnLen, 9);
    AssertIntEQ(tag, 0x2);
    AssertIntEQ(cls, 0);
    derBuf += asnLen;

    AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
    AssertIntEQ(asnLen, 10);
    AssertIntEQ(tag, 0x10);
    AssertIntEQ(cls, 0);

    /* Read an ASN OBJECT */
    AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
    ASN1_OBJECT_free(a);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
}

static void test_wolfSSL_RSA_verify(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
    !defined(NO_FILESYSTEM) && defined(HAVE_CRL)
#ifndef NO_BIO
    XFILE fp;
    RSA *pKey, *pubKey;
    X509 *cert;
    const char *text = "Hello wolfSSL !";
    unsigned char hash[SHA256_DIGEST_LENGTH];
    unsigned char signature[2048/8];
    unsigned int signatureLength;
    byte *buf;
    BIO *bio;
    SHA256_CTX c;
    EVP_PKEY *evpPkey, *evpPubkey;
    size_t sz;

    printf(testingFmt, "wolfSSL_RSA_verify");

    /* generate hash */
    SHA256_Init(&c);
    SHA256_Update(&c, text, strlen(text));
    SHA256_Final(hash, &c);
#ifdef WOLFSSL_SMALL_STACK_CACHE
    /* workaround for small stack cache case */
    wc_Sha256Free((wc_Sha256*)&c);
#endif

    /* read privete key file */
    fp = XFOPEN(svrKeyFile, "rb");
    AssertTrue((fp != XBADFILE));
    XFSEEK(fp, 0, XSEEK_END);
    sz = XFTELL(fp);
    XREWIND(fp);
    AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
    AssertIntEQ(XFREAD(buf, 1, sz, fp), sz);
    XFCLOSE(fp);

    /* read private key and sign hash data */
    AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
    AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
    AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
    AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
                            signature, &signatureLength, pKey), SSL_SUCCESS);

    /* read public key and verify signed data */
    fp = XFOPEN(svrCertFile,"rb");
    AssertTrue((fp != XBADFILE));
    cert = PEM_read_X509(fp, 0, 0, 0 );
    XFCLOSE(fp);
    evpPubkey = X509_get_pubkey(cert);
    pubKey = EVP_PKEY_get1_RSA(evpPubkey);
    AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
                                signatureLength, pubKey), SSL_SUCCESS);

    RSA_free(pKey);
    EVP_PKEY_free(evpPkey);
    RSA_free(pubKey);
    EVP_PKEY_free(evpPubkey);
    X509_free(cert);
    BIO_free(bio);
    XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
    printf(resultFmt, passed);
#endif
#endif
}


#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
static void test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
{
    X509* x509 = NULL;
    BIGNUM* serial_number = NULL;
    X509_NAME* name = NULL;
    time_t epoch_off = 0;
    ASN1_INTEGER* asn1_serial_number;
    long not_before, not_after;

    AssertNotNull(x509 = X509_new());

    AssertIntNE(X509_set_pubkey(x509, pkey), 0);

    AssertNotNull(serial_number = BN_new());
    AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0);
    AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509));
    AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number));

    /* version 3 */
    AssertIntNE(X509_set_version(x509, 2L), 0);

    AssertNotNull(name = X509_NAME_new());

    AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
        (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);

    AssertIntNE(X509_set_subject_name(x509, name), 0);
    AssertIntNE(X509_set_issuer_name(x509, name), 0);

    not_before = (long)XTIME(NULL);
    not_after = not_before + (365 * 24 * 60 * 60);
    AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off));
    AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off));

    AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);

    BN_free(serial_number);
    X509_NAME_free(name);
    X509_free(x509);
}
#endif

static void test_openssl_generate_key_and_cert(void)
{
#if defined(OPENSSL_EXTRA)
#if !defined(NO_RSA)
    {
        EVP_PKEY* pkey = EVP_PKEY_new();
        int key_length = 2048;
        BIGNUM* exponent = BN_new();
        RSA* rsa = RSA_new();

        AssertNotNull(pkey);
        AssertNotNull(exponent);
        AssertNotNull(rsa);

        AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0);
    #ifndef WOLFSSL_KEY_GEN
        AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), WOLFSSL_FAILURE);

        #if defined(USE_CERT_BUFFERS_1024)
        AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024,
            sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0);
        key_length = 1024;
        #elif defined(USE_CERT_BUFFERS_2048)
        AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048,
            sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0);
        #else
        RSA_free(rsa);
        rsa = NULL;
        #endif
    #else
        AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
    #endif

        if (rsa) {
            AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0);

            BN_free(exponent);

        #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
                defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
            test_openssl_make_self_signed_certificate(pkey);
        #endif
        }

        EVP_PKEY_free(pkey);
    }
#endif /* !NO_RSA */

#ifdef HAVE_ECC
    {
        EVP_PKEY* pkey = EVP_PKEY_new();
        EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);

        AssertNotNull(pkey);
        AssertNotNull(ec_key);

    #ifndef NO_WOLFSSL_STUB
        EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
    #endif

        AssertIntNE(EC_KEY_generate_key(ec_key), 0);
        AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0);

    #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
            defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
        test_openssl_make_self_signed_certificate(pkey);
    #endif

        EVP_PKEY_free(pkey);
    }
#endif /* HAVE_ECC */
#endif /* OPENSSL_EXTRA */
}

static void test_stubs_are_stubs(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
    WOLFSSL_CTX* ctx = NULL;
    WOLFSSL_CTX* ctxN = NULL;
  #ifndef NO_WOLFSSL_CLIENT
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
  #elif !defined(NO_WOLFSSL_SERVER)
    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertNotNull(ctx);
  #else
    return;
  #endif

    #define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \
                     AssertIntEQ((int) x(z), 0)
    /* test logic, all stubs return same result regardless of ctx being NULL
     * as there are no sanity checks, it's just a stub! If at some
     * point a stub is not a stub it should begin to return BAD_FUNC_ARG
     * if invalid inputs are supplied. Test calling both
     * with and without valid inputs, if a stub functionality remains unchanged.
     */
    CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
    CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
    wolfSSL_CTX_free(ctx);
    ctx = NULL;
#endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */
}


static void test_CONF_modules_xxx(void)
{
#if defined(OPENSSL_EXTRA)
    CONF_modules_free();
    AssertTrue(1);   /* to confirm previous call gives no harm */

    CONF_modules_unload(0);
    AssertTrue(1);

    CONF_modules_unload(1);
    AssertTrue(1);

    CONF_modules_unload(-1);
    AssertTrue(1);

#endif /* OPENSSL_EXTRA */
}
static void test_CRYPTO_set_dynlock_xxx(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "CRYPTO_set_dynlock_xxx()");

    CRYPTO_set_dynlock_create_callback(
        (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL);

    CRYPTO_set_dynlock_create_callback(
        (struct CRYPTO_dynlock_value *(*)(const char*, int))1);

    CRYPTO_set_dynlock_destroy_callback(
        (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL);

    CRYPTO_set_dynlock_destroy_callback(
        (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1);

    CRYPTO_set_dynlock_lock_callback(
        (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL);

    CRYPTO_set_dynlock_lock_callback(
        (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1);

    AssertTrue(1);   /* to confirm previous call gives no harm */
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_CRYPTO_THREADID_xxx(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "CRYPTO_THREADID_xxx()");

    CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL);
    CRYPTO_THREADID_current((CRYPTO_THREADID*)1);
    AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_ENGINE_cleanup(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "ENGINE_cleanup()");
    ENGINE_cleanup();
    AssertTrue(1);   /* to confirm previous call gives no harm */
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}

static void test_wolfSSL_CTX_LoadCRL(void)
{
#ifdef HAVE_CRL
    WOLFSSL_CTX* ctx = NULL;
    const char* badPath = "dummypath";
    const char* validPath = "./certs/crl";
    int derType = WOLFSSL_FILETYPE_ASN1;
    int pemType = WOLFSSL_FILETYPE_PEM;
    int monitor = WOLFSSL_CRL_MONITOR;

    #define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
                                                BAD_FUNC_ARG)
    #define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
                                                WOLFSSL_SUCCESS)

    FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);

  #ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  #elif !defined(NO_WOLFSSL_SERVER)
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  #else
    return;
  #endif

    SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
    SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
    SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);

    wolfSSL_CTX_free(ctx);
    ctx = NULL;
#endif
}

static void test_SetTmpEC_DHE_Sz(void)
{
#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx;
    WOLFSSL *ssl;
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32));
    ssl = wolfSSL_new(ctx);
    AssertNotNull(ssl);
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32));

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
#endif
}

static void test_wolfSSL_CTX_get0_privatekey(void)
{
#ifdef OPENSSL_ALL
    WOLFSSL_CTX* ctx = NULL;

    printf(testingFmt, "wolfSSL_CTX_get0_privatekey()");

#ifndef NO_RSA
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
    AssertNull(SSL_CTX_get0_privatekey(ctx));
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
                                                WOLFSSL_FILETYPE_PEM));
    AssertNull(SSL_CTX_get0_privatekey(ctx));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                                               WOLFSSL_FILETYPE_PEM));
    AssertNotNull(SSL_CTX_get0_privatekey(ctx));
    wolfSSL_CTX_free(ctx);
#endif
#ifdef HAVE_ECC
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
    AssertNull(SSL_CTX_get0_privatekey(ctx));
    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
                                                WOLFSSL_FILETYPE_PEM));
    AssertNull(SSL_CTX_get0_privatekey(ctx));
    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
                                               WOLFSSL_FILETYPE_PEM));
    AssertNotNull(SSL_CTX_get0_privatekey(ctx));
    wolfSSL_CTX_free(ctx);
#endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_dtls_set_mtu(void)
{
#if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
                                                           defined(WOLFSSL_DTLS)
    WOLFSSL_CTX* ctx = NULL;
    WOLFSSL*     ssl = NULL;
    const char* testCertFile;
    const char* testKeyFile;

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
#ifndef NO_RSA
        testCertFile = svrCertFile;
        testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
        testCertFile = eccCertFile;
        testKeyFile = eccKeyFile;
#endif
    if  (testCertFile != NULL && testKeyFile != NULL) {
        AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
                                                    WOLFSSL_FILETYPE_PEM));
        AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
                                                   WOLFSSL_FILETYPE_PEM));
    }
    AssertNotNull(ssl = wolfSSL_new(ctx));

    AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);

    printf(testingFmt, "wolfSSL_dtls_set_mtu()");
    printf(resultFmt, passed);
#endif
}

#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
    !defined(WOLFSSL_NO_CLIENT_AUTH))
static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
    int ret;

    if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
        printf("loading cert %s failed\n", certA);
        printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
        return -1;
    }

    return 0;
}

static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
    int ret;
    if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
                                                         != WOLFSSL_SUCCESS) {
        printf("could not verify the cert: %s\n", certA);
        printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
        return -1;
    } else {
        printf("successfully verified: %s\n", certA);
    }

    return 0;
}
#define LOAD_ONE_CA(a, b, c, d)                         \
                    do {                                \
                        a = load_ca_into_cm(c, d);      \
                        if (a != 0)                     \
                            return b;                   \
                        else                            \
                            b--;                        \
                    } while(0)

#define VERIFY_ONE_CERT(a, b, c, d)                     \
                    do {                                \
                        a = verify_cert_with_cm(c, d);  \
                        if (a != 0)                     \
                            return b;                   \
                        else                            \
                            b--;                        \
                    } while(0)

static int test_chainG(WOLFSSL_CERT_MANAGER* cm)
{
    int ret;
    int i = -1;
    /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */
    char chainGArr[9][50] = {"certs/ca-cert.pem",
                             "certs/test-pathlen/chainG-ICA7-pathlen100.pem",
                             "certs/test-pathlen/chainG-ICA6-pathlen10.pem",
                             "certs/test-pathlen/chainG-ICA5-pathlen20.pem",
                             "certs/test-pathlen/chainG-ICA4-pathlen5.pem",
                             "certs/test-pathlen/chainG-ICA3-pathlen99.pem",
                             "certs/test-pathlen/chainG-ICA2-pathlen1.pem",
                             "certs/test-pathlen/chainG-ICA1-pathlen0.pem",
                             "certs/test-pathlen/chainG-entity.pem"};

    LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */
    LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */
    LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */
    LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */
    LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */
    LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */
    LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */
    LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */

/* test validating the entity twice, should have no effect on pathLen since
 * entity/leaf cert */
    VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */

    return ret;
}

static int test_chainH(WOLFSSL_CERT_MANAGER* cm)
{
    int ret;
    int i = -1;
    /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9:
     * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2)
     * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1)
     * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0)
     * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR)
     * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
     */
    char chainHArr[6][50] = {"certs/ca-cert.pem",
                             "certs/test-pathlen/chainH-ICA4-pathlen2.pem",
                             "certs/test-pathlen/chainH-ICA3-pathlen2.pem",
                             "certs/test-pathlen/chainH-ICA2-pathlen2.pem",
                             "certs/test-pathlen/chainH-ICA1-pathlen0.pem",
                             "certs/test-pathlen/chainH-entity.pem"};

    LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */
    LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */
    LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */
    LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */
    LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */
    VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */
    VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */
    VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */
    VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */
    VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */

    return ret;
}

static int test_chainI(WOLFSSL_CERT_MANAGER* cm)
{
    int ret;
    int i = -1;
    /* Chain I is a valid chain per RFC5280 section 4.2.1.9:
     * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2)
     * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1)
     * ICA1-no_pathlen signing entity (reduce maxPathLen to 0)
     * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
     */
    char chainIArr[5][50] = {"certs/ca-cert.pem",
                             "certs/test-pathlen/chainI-ICA3-pathlen2.pem",
                             "certs/test-pathlen/chainI-ICA2-no_pathlen.pem",
                             "certs/test-pathlen/chainI-ICA1-no_pathlen.pem",
                             "certs/test-pathlen/chainI-entity.pem"};

    LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */
    LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */
    LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */
    LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */
    VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */
    VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */
    VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */
    VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */

    return ret;
}

static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
{
    int ret;
    int i = -1;
    /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9:
     * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2)
     * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1)
     * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0)
     * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert)
     */
    char chainJArr[6][50] = {"certs/ca-cert.pem",
                             "certs/test-pathlen/chainJ-ICA4-pathlen2.pem",
                             "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem",
                             "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem",
                             "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem",
                             "certs/test-pathlen/chainJ-entity.pem"};

    LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */
    LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */
    LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */
    LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */
    LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */
    VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */
    VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */
    VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */
    VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */
    VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */

    return ret;
}

static int test_various_pathlen_chains(void)
{
    int ret;
    WOLFSSL_CERT_MANAGER* cm;

    /* Test chain G (large chain with varying pathLens) */
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {
        printf("cert manager new failed\n");
        return -1;
    }

    AssertIntEQ(test_chainG(cm), 0);

    ret = wolfSSL_CertManagerUnloadCAs(cm);
    if (ret != WOLFSSL_SUCCESS)
        return -1;
    wolfSSL_CertManagerFree(cm);
    /* end test chain G */

    /* Test chain H (5 chain with same pathLens) */
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {
        printf("cert manager new failed\n");
        return -1;
    }
    AssertIntLT(test_chainH(cm), 0);

    wolfSSL_CertManagerUnloadCAs(cm);
    wolfSSL_CertManagerFree(cm);
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {
        printf("cert manager new failed\n");
        return -1;
    }

    ret = wolfSSL_CertManagerUnloadCAs(cm);
    if (ret != WOLFSSL_SUCCESS)
        return -1;
    wolfSSL_CertManagerFree(cm);
    /* end test chain H */

    /* Test chain I (only first ICA has pathLen set and it's set to 2,
     * followed by 2 ICA's, should pass) */
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {
        printf("cert manager new failed\n");
        return -1;
    }
    AssertIntEQ(test_chainI(cm), 0);

    wolfSSL_CertManagerUnloadCAs(cm);
    wolfSSL_CertManagerFree(cm);
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {
        printf("cert manager new failed\n");
        return -1;
    }

    ret = wolfSSL_CertManagerUnloadCAs(cm);
    if (ret != WOLFSSL_SUCCESS)
        return -1;
    wolfSSL_CertManagerFree(cm);

    /* Test chain J (Again only first ICA has pathLen set and it's set to 2,
     * this time followed by 3 ICA's, should fail */
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {
        printf("cert manager new failed\n");
        return -1;
    }
    AssertIntLT(test_chainJ(cm), 0);

    wolfSSL_CertManagerUnloadCAs(cm);
    wolfSSL_CertManagerFree(cm);
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {
        printf("cert manager new failed\n");
        return -1;
    }

    ret = wolfSSL_CertManagerUnloadCAs(cm);
    wolfSSL_CertManagerFree(cm);

    return ret;
}
#endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */

#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
{
    byte ekm[100] = {0};

    (void)ctx;

    /* Succes Cases */
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1);
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1);
    /* Use some random context */
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1);
    /* Failure cases */
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0);
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0);
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0);
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "extended master secret", XSTR_SIZEOF("extended master secret"), NULL, 0, 0), 0);
    AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
            "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
    return 0;
}

static void test_export_keying_material_ssl_cb(WOLFSSL* ssl)
{
    wolfSSL_KeepArrays(ssl);
}

static void test_export_keying_material(void)
{
#ifndef SINGLE_THREADED
    tcp_ready ready;
    callback_functions clientCb;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));
    XMEMSET(&clientCb, 0, sizeof(callback_functions));
#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    server_args.signal = &ready;
    client_args.signal = &ready;
    clientCb.ssl_ready = test_export_keying_material_ssl_cb;
    client_args.callbacks = &clientCb;

    start_thread(test_server_nofail, &server_args, &serverThread);
    wait_tcp_ready(&server_args);
    test_client_nofail(&client_args, test_export_keying_material_cb);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    FreeTcpReady(&ready);

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
#endif /* !SINGLE_THREADED */
}
#endif /* HAVE_KEYING_MATERIAL */

static int test_wolfSSL_THREADID_hash(void)
{
    int ret = 0;
    unsigned long res;
#if defined(OPENSSL_EXTRA)
    CRYPTO_THREADID id;
    printf(testingFmt, "wolfSSL_THREADID_hash");
    CRYPTO_THREADID_current(NULL);
    AssertTrue(1);
    res = CRYPTO_THREADID_hash(NULL);
    AssertTrue( res == 0UL);
    XMEMSET(&id, 0, sizeof(id));
    res = CRYPTO_THREADID_hash(&id);
    AssertTrue( res == 0UL);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
    (void)res;
    return ret;
}
static int test_wolfSSL_CTX_set_ecdh_auto(void)
{
    int ret = 0;
    WOLFSSL_CTX* ctx = NULL;
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "SSL_CTX_set_ecdh_auto");
    AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1);
    AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1);
    AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1);
    AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
    (void)ctx;
    return ret;
}

#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
{
    callback_functions* callbacks = NULL;
    WOLFSSL_CTX* ctx = NULL;
    WOLFSSL*     ssl = NULL;
    SOCKET_T     sfd = 0;
    SOCKET_T     cfd = 0;
    word16       port;
    char msg[] = "I hear you fa shizzle!";
    int  len   = (int) XSTRLEN(msg);
    char input[1024];
    int  ret, err;

    if (!args)
        return 0;

    ((func_args*)args)->return_code = TEST_FAIL;

    callbacks   = ((func_args*)args)->callbacks;
    ctx         = wolfSSL_CTX_new(callbacks->method());

#if defined(USE_WINDOWS_API)
    port = ((func_args*)args)->signal->port;
#else
    /* Let tcp_listen assign port */
    port = 0;
#endif

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
                                        WOLFSSL_FILETYPE_PEM));

    AssertIntEQ(WOLFSSL_SUCCESS,
        wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                                        WOLFSSL_FILETYPE_PEM));

    if (callbacks->ctx_ready)
        callbacks->ctx_ready(ctx);

    ssl = wolfSSL_new(ctx);
    AssertNotNull(ssl);

    /* listen and accept */
    tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
    CloseSocket(sfd);

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));

    if (callbacks->ssl_ready)
        callbacks->ssl_ready(ssl);

    do {
        err = 0; /* Reset error */
        ret = wolfSSL_accept(ssl);
        if (ret != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
        }
    } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);

    if (ret != WOLFSSL_SUCCESS) {
        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);
        CloseSocket(cfd);
        ((func_args*)args)->return_code = TEST_FAIL;
        return 0;
    }

    /* read and write data */
    XMEMSET( input, 0, sizeof(input));

    while (1) {
        ret = wolfSSL_read(ssl, input, sizeof(input));
        if (ret > 0) {
            break;
        }
        else {
            err = wolfSSL_get_error(ssl,ret);
            if (err == WOLFSSL_ERROR_WANT_READ) {
                continue;
            }
            break;
        }
    }

    if (err == WOLFSSL_ERROR_ZERO_RETURN) {
        do {
            ret = wolfSSL_write(ssl, msg, len);
            if (ret > 0) {
                break;
            }
        } while (ret < 0);
    }

    /* bidirectional shutdown */
    while ((ret = wolfSSL_shutdown(ssl)) != WOLFSSL_SUCCESS) {
        continue;
    }

    /* wait for the peer to disconnect the tcp connection */
    do {
        ret = wolfSSL_read(ssl, input, sizeof(input));
        err = wolfSSL_get_error(ssl, ret);
    } while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN);

    /* detect TCP disconnect */
    AssertIntLE(ret,WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);

    ((func_args*)args)->return_code = TEST_SUCCESS;

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(cfd);

    return 0;
}
static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
{
    callback_functions* callbacks = NULL;
    WOLFSSL_CTX* ctx = NULL;
    WOLFSSL*     ssl = NULL;
    SOCKET_T     sfd = 0;
    char msg[] = "hello wolfssl server!";
    int  len   = (int) XSTRLEN(msg);
    char input[1024];
    int  idx;
    int  ret, err;

    if (!args)
        return 0;

    ((func_args*)args)->return_code = TEST_FAIL;
    callbacks   = ((func_args*)args)->callbacks;
    ctx         = wolfSSL_CTX_new(callbacks->method());

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif

    AssertIntEQ(WOLFSSL_SUCCESS,
                wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));

    AssertIntEQ(WOLFSSL_SUCCESS,
                wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
                WOLFSSL_FILETYPE_PEM));

    AssertIntEQ(WOLFSSL_SUCCESS,
                wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
                WOLFSSL_FILETYPE_PEM));

    AssertNotNull((ssl = wolfSSL_new(ctx)));

    tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl);

    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));

    do {
        err = 0; /* Reset error */
        ret = wolfSSL_connect(ssl);
        if (ret != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
        }
    } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);

    ret = wolfSSL_write(ssl, msg, len);

    if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
        input[idx] = 0;
    }

    ret = wolfSSL_shutdown(ssl);
    if ( ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
        ret = wolfSSL_shutdown(ssl);
    }
    AssertIntEQ(ret, WOLFSSL_SUCCESS);

    ((func_args*)args)->return_code = TEST_SUCCESS;

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    CloseSocket(sfd);
    return 0;
}
#endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL */

/* This test is to check wolfSSL_read behaves as same as
 * openSSL when it is called after SSL_shutdown completes.
 */
static int test_wolfSSL_read_detect_TCP_disconnect(void)
{
    int ret = 0;
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
    tcp_ready ready;
    func_args client_args;
    func_args server_args;
    THREAD_TYPE serverThread;
    THREAD_TYPE clientThread;
    callback_functions server_cbf;
    callback_functions client_cbf;


    printf(testingFmt, "wolfSSL_read_detect_TCP_disconnect()");

#ifdef WOLFSSL_TIRTOS
    fdOpenSession(Task_self());
#endif
    StartTCP();
    InitTcpReady(&ready);

#if defined(USE_WINDOWS_API)
    /* use RNG to get random port if using windows */
    ready.port = GetRandomPort();
#endif

    XMEMSET(&client_args, 0, sizeof(func_args));
    XMEMSET(&server_args, 0, sizeof(func_args));

    XMEMSET(&server_cbf, 0, sizeof(callback_functions));
    XMEMSET(&client_cbf, 0, sizeof(callback_functions));

    server_cbf.method = wolfTLSv1_2_server_method;
    client_cbf.method = wolfTLSv1_2_client_method;

    server_args.callbacks = &server_cbf;
    client_args.callbacks = &client_cbf;

    server_args.signal = &ready;
    client_args.signal = &ready;

    start_thread(SSL_read_test_server_thread, &server_args, &serverThread);

    wait_tcp_ready(&server_args);

    start_thread(SSL_read_test_client_thread, &client_args, &clientThread);

    join_thread(clientThread);
    join_thread(serverThread);

    AssertTrue(client_args.return_code);
    AssertTrue(server_args.return_code);

    FreeTcpReady(&ready);

    printf(resultFmt, passed);
#endif
    return ret;
}
static void test_wolfSSL_CTX_get_min_proto_version(void)
{
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
    WOLFSSL_CTX *ctx;

    (void)ctx;

    printf(testingFmt, "wolfSSL_CTX_get_min_proto_version()");

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), WOLFSSL_SUCCESS);
    #ifdef WOLFSSL_ALLOW_SSLV3
        AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
    #else
        AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
    #endif
    wolfSSL_CTX_free(ctx);

    #ifdef WOLFSSL_ALLOW_TLSV10
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method()));
    #else
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
    #endif
    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), WOLFSSL_SUCCESS);
    #ifdef WOLFSSL_ALLOW_TLSV10
        AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
    #else
        AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
    #endif
    wolfSSL_CTX_free(ctx);

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), WOLFSSL_SUCCESS);
    #ifndef NO_OLD_TLS
        AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
    #else
        AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
    #endif
    wolfSSL_CTX_free(ctx);

    #ifndef WOLFSSL_NO_TLS12
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()));
        AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
        wolfSSL_CTX_free(ctx);
    #endif

    #ifdef WOLFSSL_TLS13
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method()));
        AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION);
        wolfSSL_CTX_free(ctx);
    #endif

    printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
}

static void test_wolfSSL_security_level(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "test_wolfSSL_security_level()");

    SSL_CTX *ctx;

    #ifdef WOLFSSL_TLS13
        #ifdef NO_WOLFSSL_SERVER
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
        #else
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
        #endif
        SSL_CTX_set_security_level(ctx, 1);
        AssertTrue(1);

        AssertIntEQ(SSL_CTX_get_security_level(ctx), 0);

        SSL_CTX_free(ctx);
    #else
        (void)ctx;
    #endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_SSL_in_init(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO)
    printf(testingFmt, "test_wolfSSL_SSL_in_init()");

    SSL_CTX* ctx;
    SSL*     ssl;
    const char* testCertFile;
    const char* testKeyFile;

    #ifdef WOLFSSL_TLS13
        #ifdef NO_WOLFSSL_SERVER
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
        #else
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
        #endif
#ifndef NO_RSA
        testCertFile = svrCertFile;
        testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
        testCertFile = eccCertFile;
        testKeyFile = eccKeyFile;
#else
        testCertFile = NULL;
        testKeyFile = NULL;
#endif
        if  (testCertFile != NULL && testKeyFile != NULL) {
            AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
                                                    SSL_FILETYPE_PEM));
            AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
                                                    SSL_FILETYPE_PEM));
        }

        ssl = SSL_new(ctx);
        AssertNotNull(ssl);
        AssertIntEQ(SSL_in_init(ssl), 1);

        SSL_CTX_free(ctx);
        SSL_free(ssl);
    #else
        (void)ctx;
        (void)ssl;
        (void)testCertFile;
        (void)testKeyFile;
    #endif

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_EC_curve(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
    printf(testingFmt, "test_wolfSSL_EC_curve()");
    int nid = NID_secp160k1;
    const char* nid_name;

    AssertNotNull(nid_name = EC_curve_nid2nist(nid));
    AssertIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0);

    AssertIntEQ(EC_curve_nist2nid(nid_name), nid);

    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_CTX_set_timeout(void)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
    int timeout;
    (void)timeout;
    printf(testingFmt, "test_wolfSSL_CTX_set_timeout()");

    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
    AssertNotNull(ctx);

#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
    /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
     * wolfSSL_CTX_set_timeout returns previous timeout value on success.
     */
    AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
    /* giving 0 as timeout value sets default timeout */
    timeout = wolfSSL_CTX_set_timeout(ctx, 0);
    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);

#else

    AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);

#endif
    wolfSSL_CTX_free(ctx);

    printf(resultFmt, passed);
#endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
}

static void test_wolfSSL_OpenSSL_version(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "test_wolfSSL_OpenSSL_version()");
    const char* ver;

    #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
    AssertNotNull(ver = OpenSSL_version(0));
    #else
    AssertNotNull(ver = OpenSSL_version());
    #endif
    AssertIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING,
            XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0);
    printf(resultFmt, passed);
#endif
}

static void test_CONF_CTX_CMDLINE(void)
{
#if defined(OPENSSL_ALL)
    printf(testingFmt, "test_CONF_CTX_CMDLINE");

    SSL_CTX* ctx = NULL;
    SSL_CONF_CTX* cctx = NULL;

    AssertNotNull(cctx = SSL_CONF_CTX_new());

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
    AssertTrue(1);

    /* set flags */
    AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE),
                                            WOLFSSL_CONF_FLAG_CMDLINE);
    AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
                   WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE);
    /* cmd invalid command */
    AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
    AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
    AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);

    /* cmd Certificate and Private Key*/
    {
    #if !defined(NO_CERTS) && !defined(NO_RSA)
        const char*  ourCert = svrCertFile;
        const char*  ourKey  = svrKeyFile;

        AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert),
                                                            WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
    #endif
    }

    /* cmd curves */
    {
    #if defined(HAVE_ECC)
        const char* curve = "secp256r1";

        AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
    #endif
    }

    /* cmd CipherString */
    {
        char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);

        AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
    }

    /* cmd DH parameter */
    {
    #if !defined(NO_DH) && !defined(NO_BIO)
        const char* ourdhcert = "./certs/dh2048.pem";

        AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL),
                                                        -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert),
                                                        WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);

    #endif
    }
    SSL_CTX_free(ctx);
    SSL_CONF_CTX_free(cctx);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}

static void test_CONF_CTX_FILE(void)
{
#if defined(OPENSSL_ALL)
    printf(testingFmt, "test_CONF_CTX_FILE");

    SSL_CTX* ctx = NULL;
    SSL_CONF_CTX* cctx = NULL;

    AssertNotNull(cctx = SSL_CONF_CTX_new());
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
    AssertTrue(1);

    /* set flags */
    AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE),
                                            WOLFSSL_CONF_FLAG_FILE);
    AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
                    WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE);
    /* sanity check */
    AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
    AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
    AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
    AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);

    /* cmd Certificate and Private Key*/
    {
    #if !defined(NO_CERTS) && !defined(NO_RSA)
        const char*  ourCert = svrCertFile;
        const char*  ourKey  = svrKeyFile;

        AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3);

        AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert),
                                                            WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
    #endif
    }

    /* cmd curves */
    {
    #if defined(HAVE_ECC)
        const char* curve = "secp256r1";

        AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
    #endif
    }

    /* cmd CipherString */
    {
        char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);

        AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
    }

    /* cmd DH parameter */
    {
    #if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072)
        const char* ourdhcert = "./certs/dh3072.pem";

        AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3);
        AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert),
                                                        WOLFSSL_SUCCESS);
        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);

    #endif
    }
    SSL_CTX_free(ctx);
    SSL_CONF_CTX_free(cctx);

    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}

static void test_wolfSSL_CRYPTO_get_ex_new_index(void)
{
#ifdef HAVE_EX_DATA
    int idx1,idx2;

    printf(testingFmt, "test_wolfSSL_CRYPTO_get_ex_new_index()");

    /* test for unsupported flass index */
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG,
                                         0,NULL, NULL, NULL, NULL ), -1);
    AssertIntEQ(CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1);

    /* test for supported class index */
    idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
                                         0,NULL, NULL, NULL, NULL );
    idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
                                         0,NULL, NULL, NULL, NULL );
    AssertIntNE(idx1, -1);
    AssertIntNE(idx2, -1);
    AssertIntNE(idx1, idx2);

    idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
                                         0,NULL, NULL, NULL, NULL );
    idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
                                         0,NULL, NULL, NULL, NULL );
    AssertIntNE(idx1, -1);
    AssertIntNE(idx2, -1);
    AssertIntNE(idx1, idx2);

    idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
                                         0,NULL, NULL, NULL, NULL );
    idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
                                         0,NULL, NULL, NULL, NULL );
    AssertIntNE(idx1, -1);
    AssertIntNE(idx2, -1);
    AssertIntNE(idx1, idx2);

    printf(resultFmt, "passed");
#endif /* HAVE_EX_DATA */
}

static void test_wolfSSL_set_psk_use_session_callback(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_PSK)
    printf(testingFmt, "test_wolfSSL_set_psk_use_session_callback()");
    SSL_CTX* ctx;
    SSL*     ssl;
    const char* testCertFile;
    const char* testKeyFile;

     #ifdef WOLFSSL_TLS13
        #ifdef NO_WOLFSSL_SERVER
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
        #else
            AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
        #endif
#ifndef NO_RSA
        testCertFile = svrCertFile;
        testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
        testCertFile = eccCertFile;
        testKeyFile = eccKeyFile;
#else
        testCertFile = NULL;
        testKeyFile = NULL;
#endif
        if  (testCertFile != NULL && testKeyFile != NULL) {
            AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
                                                    SSL_FILETYPE_PEM));
            AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
                                                    SSL_FILETYPE_PEM));
        }

        ssl = SSL_new(ctx);
        AssertNotNull(ssl);

        SSL_set_psk_use_session_callback(ssl,
                            my_psk_use_session_cb);
        AssertTrue(1);

        SSL_CTX_free(ctx);
        SSL_free(ssl);
    #else
        (void)ctx;
        (void)ssl;
        (void)testCertFile;
        (void)testKeyFile;
    #endif
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_DH(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
    DH *dh = NULL;
    BIGNUM* p;
    BIGNUM* q;
    BIGNUM* g;
    BIGNUM* pub;
    BIGNUM* priv;
    (void)dh;
    (void)p;
    (void)q;
    (void)g;
    (void)pub;
    (void)priv;

#if defined(OPENSSL_ALL) && defined(WOLFSSL_KEY_GEN)
#if !defined(HAVE_FIPS) || \
        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
    FILE* f = NULL;
    unsigned char buf[268];
    const unsigned char* pt = buf;
    long len = 0;

    dh = NULL;
    XMEMSET(buf, 0, sizeof(buf));
    /* Test 2048 bit parameters */
    f = XFOPEN("./certs/dh2048.der", "rb");
    AssertTrue(f != XBADFILE);
    len = (long)XFREAD(buf, 1, sizeof(buf), f);
    XFCLOSE(f);

    AssertNotNull(dh = d2i_DHparams(NULL, &pt, len));
    AssertNotNull(dh->p);
    AssertNotNull(dh->g);
    AssertTrue(pt != buf);
    AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);

    DH_get0_pqg(dh, (const BIGNUM**)&p,
                    (const BIGNUM**)&q,
                    (const BIGNUM**) &g);
    AssertPtrEq(p, dh->p);
    AssertPtrEq(q, dh->q);
    AssertPtrEq(g, dh->g);
    DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
    AssertPtrEq(pub, dh->pub_key);
    AssertPtrEq(priv, dh->priv_key);
    AssertNotNull(pub = BN_new());
    AssertNotNull(priv = BN_new());
    AssertIntEQ(DH_set0_key(dh, pub, priv), 1);
    AssertPtrEq(pub, dh->pub_key);
    AssertPtrEq(priv, dh->priv_key);

    DH_free(dh);

    AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
    DH_free(dh);
#endif
#endif
    printf(testingFmt, "test_wolfSSL_DH");

    dh =  wolfSSL_DH_new();
    AssertNotNull(dh);

    /* invalid parameters test */
    DH_get0_pqg(NULL, (const BIGNUM**)&p,
                      (const BIGNUM**)&q,
                      (const BIGNUM**)&g);

    DH_get0_pqg(dh, NULL,
                    (const BIGNUM**)&q,
                    (const BIGNUM**)&g);

    DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g);

    DH_get0_pqg(dh, NULL, NULL, NULL);
    AssertTrue(1);

    DH_get0_pqg(dh, (const BIGNUM**)&p,
                    (const BIGNUM**)&q,
                    (const BIGNUM**)&g);

    AssertPtrEq(p, NULL);
    AssertPtrEq(q, NULL);
    AssertPtrEq(g, NULL);
    DH_free(dh);
    printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_DH */
}

static void test_wolfSSL_ERR_strings(void)
{
    const char* err1 = "unsupported cipher suite";
    const char* err2 = "wolfSSL PEM routines";
    const char* err  = NULL;

    (void)err;
    (void)err1;
    (void)err2;
#if !defined(NO_ERROR_STRINGS)
    printf(testingFmt, "test_wolfSSL_ERR_strings");

#if defined(OPENSSL_EXTRA)
    err = ERR_reason_error_string(UNSUPPORTED_SUITE);
    AssertTrue(err != NULL);
    AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);

    err = ERR_func_error_string(UNSUPPORTED_SUITE);
    AssertTrue(err != NULL);
    AssertIntEQ((*err == '\0'), 1);

    err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD);
    AssertTrue(err != NULL);
    AssertIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
#else
    err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE);
    AssertTrue(err != NULL);
    AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);

    err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE);
    AssertTrue(err != NULL);
    AssertIntEQ((*err == '\0'), 1);

    /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
    err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2);
    AssertTrue(err != NULL);
    AssertIntEQ((*err == '\0'), 1);
#endif
    printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_shake128(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
                                            defined(WOLFSSL_SHAKE128)
    printf(testingFmt, "test_wolfSSL_EVP_shake128");
    const EVP_MD* md = NULL;
    md = EVP_shake128();
    AssertTrue(md != NULL);
    AssertIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0);
    printf(resultFmt, passed);
#endif
}

static void test_wolfSSL_EVP_shake256(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
                                            defined(WOLFSSL_SHAKE256)
    printf(testingFmt, "test_wolfSSL_EVP_shake256");
    const EVP_MD* md = NULL;
    md = EVP_shake256();
    AssertTrue(md != NULL);
    AssertIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0);
    printf(resultFmt, passed);
#endif
}

static void test_EVP_blake2(void)
{
#if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S))
    printf(testingFmt, "test_EVP_blake2");

    const EVP_MD* md = NULL;
    (void)md;

#if defined(HAVE_BLAKE2)
    md = EVP_blake2b512();
    AssertTrue(md != NULL);
    AssertIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0);
#endif

#if defined(HAVE_BLAKE2S)
    md = EVP_blake2s256();
    AssertTrue(md != NULL);
    AssertIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0);
#endif
    printf(resultFmt, passed);
#endif
}

#if defined(OPENSSL_EXTRA)
static void list_md_fn(const EVP_MD* m, const char* from,
                       const char* to, void* arg)
{
    const char* mn;
    BIO *bio;

    (void) from;
    (void) to;
    (void) arg;
    (void) mn;
    (void) bio;

    if (!m) {
        /* alias */
        AssertNull(m);
        AssertNotNull(to);
    }
    else {
        AssertNotNull(m);
        AssertNull(to);
    }

    AssertNotNull(from);

#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
    mn = EVP_get_digestbyname(from);
    /* print to stdout */
    AssertNotNull(arg);

    bio = BIO_new(BIO_s_file());
    BIO_set_fp(bio, arg, BIO_NOCLOSE);
    BIO_printf(bio, "Use %s message digest algorithm\n", mn);
    BIO_free(bio);
#endif
}
#endif

static void test_EVP_MD_do_all(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "test_EVP_MD_do_all");

    EVP_MD_do_all(NULL, stdout);
    /* to confirm previous call gives no harm */
    AssertTrue(1);


    EVP_MD_do_all(list_md_fn, stdout);
    /* to confirm previous call gives no harm */
    AssertTrue(1);

    printf(resultFmt, passed);
#endif
}

#if defined(OPENSSL_EXTRA)
static void obj_name_t(const OBJ_NAME* nm, void* arg)
{
    (void)arg;
    (void)nm;

    AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF);

#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
    /* print to stdout */
    AssertNotNull(arg);

    bio = BIO_new(BIO_s_file());
    BIO_set_fp(bio, arg, BIO_NOCLOSE);
    BIO_printf(bio, "%s\n", mn);
    BIO_free(bio);
#endif
}

#endif
static void test_OBJ_NAME_do_all(void)
{
#if defined(OPENSSL_EXTRA)
    printf(testingFmt, "test_OBJ_NAME_do_all");

    OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL);
    /* to confirm previous call gives no harm */
    AssertTrue(1);

    OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stdout);
    /* to confirm previous call gives no harm */
    AssertTrue(1);

    OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stdout);
    AssertTrue(1);
    OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stdout);
    AssertTrue(1);
    OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stdout);
    AssertTrue(1);
    OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stdout);
    AssertTrue(1);
    OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stdout);
    AssertTrue(1);
    OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stdout);
    AssertTrue(1);
    OBJ_NAME_do_all(-1, obj_name_t, stdout);
    AssertTrue(1);

    printf(resultFmt, passed);
#endif
}

static void test_SSL_CIPHER_get_xxx(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM)

    printf(testingFmt, "test_SSL_CIPHER_get_xxx");

    const SSL_CIPHER* cipher = NULL;
    STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
    int i, numCiphers = 0;
    SSL_CTX* ctx = NULL;
    SSL*     ssl = NULL;
    const char* testCertFile;
    const char* testKeyFile;
    char buf[256] = {0};

    const char* cipher_id = NULL;
    int   expect_nid1 = NID_undef;
    int   expect_nid2 = NID_undef;
    int   expect_nid3 = NID_undef;
    int   expect_nid4 = NID_undef;
    int   expect_nid5 = 0;

    const char* cipher_id2 = NULL;
    int   expect_nid21 = NID_undef;
    int   expect_nid22 = NID_undef;
    int   expect_nid23 = NID_undef;
    int   expect_nid24 = NID_undef;
    int   expect_nid25 = 0;

    (void)cipher;
    (void)supportedCiphers;
    (void)i;
    (void)numCiphers;
    (void)ctx;
    (void)ssl;
    (void)testCertFile;
    (void)testKeyFile;

#if defined(WOLFSSL_TLS13)
    cipher_id = "TLS13-AES128-GCM-SHA256";
    expect_nid1 = NID_auth_rsa;
    expect_nid2 = NID_aes_128_gcm;
    expect_nid3 = NID_sha256;
    expect_nid4 = NID_kx_any;
    expect_nid5 = 1;

    #if !defined(WOLFSSL_NO_TLS12)
    cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384";
    expect_nid21 = NID_auth_rsa;
    expect_nid22 = NID_aes_256_gcm;
    expect_nid23 = NID_sha384;
    expect_nid24 = NID_kx_ecdhe;
    expect_nid25 = 1;
    #endif
#endif

    #ifdef NO_WOLFSSL_SERVER
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
    #else
        AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
    #endif

    if (cipher_id) {
    #ifndef NO_RSA
        testCertFile = svrCertFile;
        testKeyFile = svrKeyFile;
    #elif defined(HAVE_ECC)
        testCertFile = eccCertFile;
        testKeyFile = eccKeyFile;
    #else
        testCertFile = NULL;
        testKeyFile = NULL;
    #endif
        if  (testCertFile != NULL && testKeyFile != NULL) {
            AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
                                                    SSL_FILETYPE_PEM));
            AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
                                                    SSL_FILETYPE_PEM));
        }

        ssl = SSL_new(ctx);
        AssertNotNull(ssl);
        AssertIntEQ(SSL_in_init(ssl), 1);

        supportedCiphers = SSL_get_ciphers(ssl);
        numCiphers = sk_num(supportedCiphers);

        for (i = 0; i < numCiphers; ++i) {

            if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
                SSL_CIPHER_description(cipher, buf, sizeof(buf));
            }

            if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
                break;
            }
        }
        /* test case for */
        if (i != numCiphers) {
            AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1);
            AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2);
            AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3);
            AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4);
            AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5);
        }

        if (cipher_id2) {

            for (i = 0; i < numCiphers; ++i) {

                if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
                    SSL_CIPHER_description(cipher, buf, sizeof(buf));
                }

                if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) {
                    break;
                }
            }
            /* test case for */
            if (i != numCiphers) {
                AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21);
                AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22);
                AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23);
                AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24);
                AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25);
            }
        }
    }

    if (ctx)
        SSL_CTX_free(ctx);
    if(ssl)
        SSL_free(ssl);

    printf(resultFmt, passed);
#endif
}

#if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES)

static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
    int* keyFormat)
{
    int ret;
    byte* key_buf = NULL;
    size_t key_sz = 0;
    EncryptedInfo encInfo;

    XMEMSET(&encInfo, 0, sizeof(encInfo));

    ret = load_file(privKeyFile, &key_buf, &key_sz);
    if (ret == 0) {
        ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer,
            NULL, &encInfo, keyFormat);
    }

    if (key_buf != NULL) {
        free(key_buf); key_buf = NULL;
    }
    (void)encInfo; /* not used in this test */

#ifdef DEBUG_WOLFSSL
    printf("%s (%d): Loading PEM %s (len %d) to DER (len %d)\n",
        (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz,
        (*pDer)->length);
#endif

    return ret;
}
static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
{
    int ret = CRYPTOCB_UNAVAILABLE;
    const char* privKeyFile = (const char*)ctx;
    DerBuffer* pDer = NULL;
    int keyFormat = 0;

    if (info->algo_type == WC_ALGO_TYPE_PK) {
    #ifdef DEBUG_WOLFSSL
        printf("test_CryptoCb_Func: Pk Type %d\n", info->pk.type);
    #endif

    #ifndef NO_RSA
        if (info->pk.type == WC_PK_TYPE_RSA) {
            switch (info->pk.rsa.type) {
                case RSA_PUBLIC_ENCRYPT:
                case RSA_PUBLIC_DECRYPT:
                    /* perform software based RSA public op */
                    ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
                    break;
                case RSA_PRIVATE_ENCRYPT:
                case RSA_PRIVATE_DECRYPT:
                {
                    RsaKey key;

                    /* perform software based RSA private op */
                #ifdef DEBUG_WOLFSSL
                    printf("test_CryptoCb_Func: RSA Priv\n");
                #endif

                    ret = load_pem_key_file_as_der(privKeyFile, &pDer,
                        &keyFormat);
                    if (ret != 0) {
                        return ret;
                    }
                    ret = wc_InitRsaKey(&key, NULL);
                    if (ret == 0) {
                        word32 keyIdx = 0;
                        /* load RSA private key and perform private transform */
                        ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
                            &key, pDer->length);
                        if (ret == 0) {
                            ret = wc_RsaFunction(
                                info->pk.rsa.in, info->pk.rsa.inLen,
                                info->pk.rsa.out, info->pk.rsa.outLen,
                                info->pk.rsa.type, &key, info->pk.rsa.rng);
                        }
                        else {
                            /* if decode fails, then fall-back to software based crypto */
                            printf("test_CryptoCb_Func: RSA private key decode "
                                "failed %d, falling back to software\n", ret);
                            ret = CRYPTOCB_UNAVAILABLE;
                        }
                        wc_FreeRsaKey(&key);
                    }
                    wc_FreeDer(&pDer); pDer = NULL;
                    break;
                }
            }
        #ifdef DEBUG_WOLFSSL
            printf("test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n",
                info->pk.rsa.type, ret, *info->pk.rsa.outLen);
        #endif
        }
    #endif /* !NO_RSA */
    #ifdef HAVE_ECC
        if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
            /* mark this key as ephemeral */
            if (info->pk.eckg.key != NULL) {
                XSTRNCPY(info->pk.eckg.key->label, "ephemeral",
                    sizeof(info->pk.eckg.key->label));
                info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label);
            }
        }
        else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
            ecc_key key;

            /* perform software based ECC sign */
        #ifdef DEBUG_WOLFSSL
            printf("test_CryptoCb_Func: ECC Sign\n");
        #endif

            if (info->pk.eccsign.key != NULL &&
                XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) {
                /* this is an empheral key */
            #ifdef DEBUG_WOLFSSL
                printf("test_CryptoCb_Func: skipping signing op on ephemeral key\n");
            #endif
                return CRYPTOCB_UNAVAILABLE;
            }

            ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
            if (ret != 0) {
                return ret;
            }

            ret = wc_ecc_init(&key);
            if (ret == 0) {
                word32 keyIdx = 0;
                /* load ECC private key and perform private transform */
                ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx,
                    &key, pDer->length);
                if (ret == 0) {
                    ret = wc_ecc_sign_hash(
                        info->pk.eccsign.in, info->pk.eccsign.inlen,
                        info->pk.eccsign.out, info->pk.eccsign.outlen,
                        info->pk.eccsign.rng, &key);
                }
                else {
                    /* if decode fails, then fall-back to software based crypto */
                    printf("test_CryptoCb_Func: ECC private key decode "
                        "failed %d, falling back to software\n", ret);
                    ret = CRYPTOCB_UNAVAILABLE;
                }
                wc_ecc_free(&key);
            }
            wc_FreeDer(&pDer); pDer = NULL;

        #ifdef DEBUG_WOLFSSL
            printf("test_CryptoCb_Func: ECC Ret %d, Out %d\n",
                ret, *info->pk.eccsign.outlen);
        #endif
        }
    #endif /* HAVE_ECC */
    #ifdef HAVE_ED25519
        if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
            ed25519_key key;

            /* perform software based ED25519 sign */
        #ifdef DEBUG_WOLFSSL
            printf("test_CryptoCb_Func: ED25519 Sign\n");
        #endif

            ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
            if (ret != 0) {
                return ret;
            }
            ret = wc_ed25519_init(&key);
            if (ret == 0) {
                word32 keyIdx = 0;
                /* load ED25519 private key and perform private transform */
                ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx,
                    &key, pDer->length);
                if (ret == 0) {
                    /* calculate public key */
                    ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE);
                    if (ret == 0) {
                        key.pubKeySet = 1;
                        ret = wc_ed25519_sign_msg_ex(
                            info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
                            info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
                            &key, info->pk.ed25519sign.type,
                            info->pk.ed25519sign.context,
                            info->pk.ed25519sign.contextLen);
                    }
                }
                else {
                    /* if decode fails, then fall-back to software based crypto */
                    printf("test_CryptoCb_Func: ED25519 private key decode "
                        "failed %d, falling back to software\n", ret);
                    ret = CRYPTOCB_UNAVAILABLE;
                }
                wc_ed25519_free(&key);
            }
            wc_FreeDer(&pDer); pDer = NULL;

        #ifdef DEBUG_WOLFSSL
            printf("test_CryptoCb_Func: ED25519 Ret %d, Out %d\n",
                ret, *info->pk.ed25519sign.outLen);
        #endif
        }
    #endif /* HAVE_ED25519 */
    }
    (void)thisDevId;
    (void)keyFormat;

    return ret;
}

/* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wc_CryptoCb_TLS(int tlsVer,
    const char* cliCaPemFile, const char* cliCertPemFile,
    const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile,
    const char* svrCaPemFile, const char* svrCertPemFile,
    const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile)
{
    callback_functions client_cbf;
    callback_functions server_cbf;

    XMEMSET(&client_cbf, 0, sizeof(client_cbf));
    XMEMSET(&server_cbf, 0, sizeof(server_cbf));

    if (tlsVer == WOLFSSL_TLSV1_3) {
    #ifdef WOLFSSL_TLS13
        server_cbf.method = wolfTLSv1_3_server_method;
        client_cbf.method = wolfTLSv1_3_client_method;
    #endif
    }
    else if (tlsVer == WOLFSSL_TLSV1_2) {
    #ifndef WOLFSSL_NO_TLS12
        server_cbf.method = wolfTLSv1_2_server_method;
        client_cbf.method = wolfTLSv1_2_client_method;
    #endif
    }
    else if (tlsVer == WOLFSSL_TLSV1_1) {
    #ifndef NO_OLD_TLS
        server_cbf.method = wolfTLSv1_1_server_method;
        client_cbf.method = wolfTLSv1_1_client_method;
    #endif
    }
    else if (tlsVer == WOLFSSL_TLSV1) {
    #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
        server_cbf.method = wolfTLSv1_server_method;
        client_cbf.method = wolfTLSv1_client_method;
    #endif
    }
    else if (tlsVer == WOLFSSL_SSLV3) {
    #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
         defined(WOLFSSL_STATIC_RSA)
        server_cbf.method = wolfSSLv3_server_method;
        client_cbf.method = wolfSSLv3_client_method;
    #endif
    }
    else if (tlsVer == WOLFSSL_DTLSV1_2) {
    #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
        server_cbf.method = wolfDTLSv1_2_server_method;
        client_cbf.method = wolfDTLSv1_2_client_method;
    #endif
    }
    else if (tlsVer == WOLFSSL_DTLSV1) {
    #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
        server_cbf.method = wolfDTLSv1_server_method;
        client_cbf.method = wolfDTLSv1_client_method;
    #endif
    }

    if (server_cbf.method == NULL) {
        /* not enabled */
        return;
    }

    /* Setup the keys for the TLS test */
    client_cbf.certPemFile = cliCertPemFile;
    client_cbf.keyPemFile = cliPubKeyPemFile;
    client_cbf.caPemFile = cliCaPemFile;

    server_cbf.certPemFile = svrCertPemFile;
    server_cbf.keyPemFile = svrPubKeyPemFile;
    server_cbf.caPemFile = svrCaPemFile;

    /* Setup a crypto callback with pointer to private key file for testing */
    client_cbf.devId = 1;
    wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func,
        (void*)cliPrivKeyPemFile);
    server_cbf.devId = 2;
    wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func,
        (void*)svrPrivKeyPemFile);

    /* Perform TLS server and client test */
    /* First test is at WOLFSSL_CTX level */
    test_wolfSSL_client_server(&client_cbf, &server_cbf);
    /* Check for success */
    AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
    AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);

    /* Second test is a WOLFSSL object level */
    client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
    test_wolfSSL_client_server(&client_cbf, &server_cbf);

    /* Check for success */
    AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
    AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);

    /* Un register the devId's */
    wc_CryptoCb_UnRegisterDevice(client_cbf.devId);
    client_cbf.devId = INVALID_DEVID;
    wc_CryptoCb_UnRegisterDevice(server_cbf.devId);
    server_cbf.devId = INVALID_DEVID;
}
#endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */

static void test_wc_CryptoCb(void)
{
#ifdef WOLF_CRYPTO_CB
    /* TODO: Add crypto callback API tests */

#ifdef HAVE_IO_TESTS_DEPENDENCIES
    #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
    int tlsVer;
    #endif

    #ifndef NO_RSA
    for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
        test_wc_CryptoCb_TLS(tlsVer,
            svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile,
            cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile);
    }
    #endif
    #ifdef HAVE_ECC
    for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
        test_wc_CryptoCb_TLS(tlsVer,
            caEccCertFile,  cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile,
            cliEccCertFile, eccCertFile,    eccKeyFile,    eccKeyPubFile);
    }
    #endif
    #ifdef HAVE_ED25519
    for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
        if (tlsVer == WOLFSSL_DTLSV1) continue;
        test_wc_CryptoCb_TLS(tlsVer,
            caEdCertFile,  cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile,
            cliEdCertFile, edCertFile,    edKeyFile,    edKeyPubFile);
    }
    #endif
#endif /* HAVE_IO_TESTS_DEPENDENCIES */
#endif /* WOLF_CRYPTO_CB */
}

#if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES)

/* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer,
    const char* cliCaPemFile, const char* cliCertPemFile,
    const char* cliPrivKeyPemFile,
    const char* svrCaPemFile, const char* svrCertPemFile,
    const char* svrPrivKeyPemFile,
    byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz)
{
    callback_functions client_cbf;
    callback_functions server_cbf;

    XMEMSET(&client_cbf, 0, sizeof(client_cbf));
    XMEMSET(&server_cbf, 0, sizeof(server_cbf));

    if (tlsVer == WOLFSSL_TLSV1_3) {
    #ifdef WOLFSSL_TLS13
        server_cbf.method_ex = wolfTLSv1_3_server_method_ex;
        client_cbf.method_ex = wolfTLSv1_3_client_method_ex;
    #endif
    }
    else if (tlsVer == WOLFSSL_TLSV1_2) {
    #ifndef WOLFSSL_NO_TLS12
        server_cbf.method_ex = wolfTLSv1_2_server_method_ex;
        client_cbf.method_ex = wolfTLSv1_2_client_method_ex;
    #endif
    }
    else if (tlsVer == WOLFSSL_TLSV1_1) {
    #ifndef NO_OLD_TLS
        server_cbf.method_ex = wolfTLSv1_1_server_method_ex;
        client_cbf.method_ex = wolfTLSv1_1_client_method_ex;
    #endif
    }
    else if (tlsVer == WOLFSSL_TLSV1) {
    #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
        server_cbf.method_ex = wolfTLSv1_server_method_ex;
        client_cbf.method_ex = wolfTLSv1_client_method_ex;
    #endif
    }
    else if (tlsVer == WOLFSSL_SSLV3) {
    #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
         defined(WOLFSSL_STATIC_RSA)
        server_cbf.method_ex = wolfSSLv3_server_method_ex;
        client_cbf.method_ex = wolfSSLv3_client_method_ex;
    #endif
    }
    else if (tlsVer == WOLFSSL_DTLSV1_2) {
    #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
        server_cbf.method_ex = wolfDTLSv1_2_server_method_ex;
        client_cbf.method_ex = wolfDTLSv1_2_client_method_ex;
    #endif
    }
    else if (tlsVer == WOLFSSL_DTLSV1) {
    #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
        server_cbf.method_ex = wolfDTLSv1_server_method_ex;
        client_cbf.method_ex = wolfDTLSv1_client_method_ex;
    #endif
    }

    if (server_cbf.method_ex == NULL) {
        /* not enabled */
        return;
    }

    /* Setup the keys for the TLS test */
    client_cbf.certPemFile = cliCertPemFile;
    client_cbf.keyPemFile = cliPrivKeyPemFile;
    client_cbf.caPemFile = cliCaPemFile;

    server_cbf.certPemFile = svrCertPemFile;
    server_cbf.keyPemFile = svrPrivKeyPemFile;
    server_cbf.caPemFile = svrCaPemFile;

    client_cbf.mem = cliMem;
    client_cbf.memSz = cliMemSz;
    server_cbf.mem = svrMem;
    server_cbf.memSz = svrMemSz;

    client_cbf.devId = INVALID_DEVID;
    server_cbf.devId = INVALID_DEVID;

    /* Perform TLS server and client test */
    /* First test is at WOLFSSL_CTX level */
    test_wolfSSL_client_server(&client_cbf, &server_cbf);
    /* Check for success */
    AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
    AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);

    /* Second test is a WOLFSSL object level */
    client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
    test_wolfSSL_client_server(&client_cbf, &server_cbf);

    /* Check for success */
    AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
    AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
}
#endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */

#ifdef WOLFSSL_STATIC_MEMORY
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
        defined(SESSION_CERTS)
    #ifdef OPENSSL_EXTRA
    #define TEST_TLS_STATIC_MEMSZ (400000)
    #else
    #define TEST_TLS_STATIC_MEMSZ (320000)
    #endif
#else
    #define TEST_TLS_STATIC_MEMSZ (80000)
#endif

static void test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
{
    WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL;
    WOLFSSL_MEM_STATS mem_stats;
    WOLFSSL_MEM_CONN_STATS ssl_stats;

#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
    AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif

    AssertNotNull((ssl1 = wolfSSL_new(ctx)));
    AssertNotNull((ssl2 = wolfSSL_new(ctx)));
    /* this should fail because kMaxCtxClients == 2 */
    AssertNull((ssl3 = wolfSSL_new(ctx)));

    if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) {
    #ifdef DEBUG_WOLFSSL
        wolfSSL_PrintStatsConn(&ssl_stats);
    #endif
        (void)ssl_stats;
    }

    /* display collected statistics */
    if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) {
    #ifdef DEBUG_WOLFSSL
        wolfSSL_PrintStats(&mem_stats);
    #endif
        (void)mem_stats;
    }

    wolfSSL_free(ssl1);
    wolfSSL_free(ssl2);
}
#endif /* WOLFSSL_STATIC_MEMORY */

static void test_wolfSSL_CTX_StaticMemory(void)
{
#ifdef WOLFSSL_STATIC_MEMORY
    wolfSSL_method_func method_func;
    WOLFSSL_CTX* ctx;
    const int kMaxCtxClients = 2;
    #ifdef HAVE_IO_TESTS_DEPENDENCIES
    #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
    int tlsVer;
    byte cliMem[TEST_TLS_STATIC_MEMSZ];
    #endif
    #endif
    byte svrMem[TEST_TLS_STATIC_MEMSZ];

    printf(testingFmt, "test_wolfSSL_CTX_StaticMemory()");

#ifndef NO_WOLFSSL_SERVER
    #ifndef WOLFSSL_NO_TLS12
        method_func = wolfTLSv1_2_server_method_ex;
    #else
        method_func = wolfTLSv1_3_server_method_ex;
    #endif
#else
    #ifndef WOLFSSL_NO_TLS12
        method_func = wolfTLSv1_2_client_method_ex;
    #else
        method_func = wolfTLSv1_3_client_method_ex;
    #endif
#endif

    /* Test creating CTX directly from static memory pool */
    ctx = NULL;
    AssertIntEQ(wolfSSL_CTX_load_static_memory(
            &ctx, method_func, svrMem, sizeof(svrMem),
            0, kMaxCtxClients), WOLFSSL_SUCCESS);
    test_wolfSSL_CTX_StaticMemory_SSL(ctx);
    wolfSSL_CTX_free(ctx);
    ctx = NULL;

    /* Test for heap allocated CTX, then assigning static pool to it */
    AssertNotNull(ctx = wolfSSL_CTX_new(method_func(NULL)));
    AssertIntEQ(wolfSSL_CTX_load_static_memory(&ctx,
        NULL, svrMem, sizeof(svrMem),
        0, kMaxCtxClients), WOLFSSL_SUCCESS);
    test_wolfSSL_CTX_StaticMemory_SSL(ctx);
    wolfSSL_CTX_free(ctx);

    /* TLS Level Tests using static memory */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
    #ifndef NO_RSA
    for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
        test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
            svrCertFile, cliCertFile, cliKeyFile,
            cliCertFile, svrCertFile, svrKeyFile,
            cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
    }
    #endif
    #ifdef HAVE_ECC
    for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
        test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
            caEccCertFile,  cliEccCertFile, cliEccKeyFile,
            cliEccCertFile, eccCertFile,    eccKeyFile,
            cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
    }
    #endif
    #ifdef HAVE_ED25519
    for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
        if (tlsVer == WOLFSSL_DTLSV1) continue;
        test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
            caEdCertFile,  cliEdCertFile, cliEdKeyFile,
            cliEdCertFile, edCertFile,    edKeyFile,
            cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
    }
    #endif
#endif /* HAVE_IO_TESTS_DEPENDENCIES */

    printf(resultFmt, passed);
#endif
}



/*----------------------------------------------------------------------------*
 | Main
 *----------------------------------------------------------------------------*/

void ApiTest(void)
{
    printf("\n-----------------Porting tests------------------\n");
    AssertTrue(test_fileAccess());

    printf(" Begin API Tests\n");
    AssertIntEQ(test_wolfSSL_Init(), WOLFSSL_SUCCESS);
    /* wolfcrypt initialization tests */
    test_wolfSSL_Method_Allocators();
#ifndef NO_WOLFSSL_SERVER
    test_wolfSSL_CTX_new(wolfSSLv23_server_method());
#endif
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
    test_for_double_Free();
#endif
#ifdef HAVE_IO_TESTS_DEPENDENCIES
    test_wolfSSL_get_finished();
#endif
    test_SSL_CIPHER_get_xxx();
    test_wolfSSL_ERR_strings();
    test_wolfSSL_EVP_shake128();
    test_wolfSSL_EVP_shake256();
    test_EVP_blake2();
    test_EVP_MD_do_all();
    test_OBJ_NAME_do_all();
    test_wolfSSL_CTX_use_certificate_file();
    AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS);
    test_wolfSSL_CTX_use_PrivateKey_file();
    test_wolfSSL_CTX_load_verify_locations();
    test_wolfSSL_CertManagerCheckOCSPResponse();
    test_wolfSSL_CertManagerLoadCABuffer();
    test_wolfSSL_CertManagerGetCerts();
    test_wolfSSL_CertManagerSetVerify();
    test_wolfSSL_CertManagerNameConstraint();
    test_wolfSSL_CertManagerNameConstraint2();
    test_wolfSSL_CertManagerNameConstraint3();
    test_wolfSSL_CertManagerNameConstraint4();
    test_wolfSSL_CertManagerNameConstraint5();
    test_wolfSSL_CertManagerCRL();
    test_wolfSSL_CTX_load_verify_locations_ex();
    test_wolfSSL_CTX_load_verify_buffer_ex();
    test_wolfSSL_CTX_load_verify_chain_buffer_format();
    test_wolfSSL_CTX_add1_chain_cert();
    test_wolfSSL_CTX_use_certificate_chain_file_format();
    test_wolfSSL_CTX_trust_peer_cert();
    test_wolfSSL_CTX_SetTmpDH_file();
    test_wolfSSL_CTX_SetTmpDH_buffer();
    test_wolfSSL_CTX_SetMinMaxDhKey_Sz();
    test_wolfSSL_CTX_der_load_verify_locations();
    test_wolfSSL_CTX_enable_disable();
    test_wolfSSL_CTX_ticket_API();
    test_server_wolfSSL_new();
    test_client_wolfSSL_new();
    test_wolfSSL_SetTmpDH_file();
    test_wolfSSL_SetTmpDH_buffer();
    test_wolfSSL_SetMinMaxDhKey_Sz();
    test_SetTmpEC_DHE_Sz();
    test_wolfSSL_CTX_get0_privatekey();
    test_wolfSSL_dtls_set_mtu();
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
    defined(HAVE_IO_TESTS_DEPENDENCIES)
    test_wolfSSL_read_write();
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
    test_wolfSSL_reuse_WOLFSSLobj();
#endif
    test_wolfSSL_CTX_verifyDepth_ServerClient();
    test_wolfSSL_dtls_export();
    test_wolfSSL_tls_export();
#endif
    AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS);
    AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS);

    /* TLS extensions tests */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
    test_wolfSSL_UseSNI();
#endif
    test_wolfSSL_UseTrustedCA();
    test_wolfSSL_UseMaxFragment();
    test_wolfSSL_UseTruncatedHMAC();
    test_wolfSSL_UseSupportedCurve();
    test_wolfSSL_UseALPN();
    test_wolfSSL_DisableExtendedMasterSecret();
    test_wolfSSL_wolfSSL_UseSecureRenegotiation();

    /* X509 tests */
    test_wolfSSL_X509_NAME_get_entry();
    test_wolfSSL_PKCS12();
    test_wolfSSL_no_password_cb();
    test_wolfSSL_PKCS8();
    test_wolfSSL_PKCS8_ED25519();
    test_wolfSSL_PKCS8_ED448();
    test_wolfSSL_PKCS5();
    test_wolfSSL_URI();
    test_wolfSSL_TBS();
    test_wolfSSL_X509_verify();
    test_wolfSSL_X509_TLS_version();

    test_wc_PemToDer();
    test_wc_AllocDer();
    test_wc_CertPemToDer();
    test_wc_PubKeyPemToDer();
    test_wc_PemPubKeyToDer();

    /*OCSP Stapling. */
    AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS);
    AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), WOLFSSL_SUCCESS);

    /* Multicast */
    test_wolfSSL_mcast();

    /* compatibility tests */
    test_wolfSSL_lhash();
    test_wolfSSL_X509_NAME();
    test_wolfSSL_X509_NAME_hash();
#ifndef NO_BIO
    test_wolfSSL_X509_INFO();
#endif
    test_wolfSSL_X509_subject_name_hash();
    test_wolfSSL_X509_issuer_name_hash();
    test_wolfSSL_X509_check_host();
    test_wolfSSL_X509_check_email();
    test_wolfSSL_DES();
    test_wolfSSL_certs();
    test_wolfSSL_X509_check_private_key();
    test_wolfSSL_ASN1_TIME_print();
    test_wolfSSL_ASN1_UTCTIME_print();
    test_wolfSSL_ASN1_TIME_diff();
    test_wolfSSL_ASN1_GENERALIZEDTIME_free();
    test_wolfSSL_private_keys();
    test_wolfSSL_PEM_read_PrivateKey();
    test_wolfSSL_PEM_PrivateKey();
#ifndef NO_BIO
    test_wolfSSL_PEM_bio_RSAKey();
    test_wolfSSL_PEM_bio_DSAKey();
    test_wolfSSL_PEM_bio_ECKey();
    test_wolfSSL_PEM_RSAPrivateKey();
    test_wolfSSL_PEM_PUBKEY();
#endif
    test_DSA_do_sign_verify();
    test_wolfSSL_tmp_dh();
    test_wolfSSL_ctrl();
    test_wolfSSL_EVP_MD_size();
    test_wolfSSL_EVP_MD_pkey_type();
    test_wolfSSL_EVP_Digest();
    test_wolfSSL_EVP_Digest_all();
    test_wolfSSL_EVP_PKEY_new_mac_key();
    test_wolfSSL_EVP_MD_hmac_signing();
    test_wolfSSL_EVP_MD_rsa_signing();
    test_wolfSSL_EVP_MD_ecc_signing();
    test_wolfSSL_EVP_PKEY_print_public();
    test_wolfSSL_EVP_ENCODE_CTX_new();
    test_wolfSSL_EVP_ENCODE_CTX_free();
    test_wolfSSL_EVP_EncodeInit();
    test_wolfSSL_EVP_EncodeUpdate();
    test_wolfSSL_EVP_EncodeFinal();
    test_wolfSSL_EVP_DecodeInit();
    test_wolfSSL_EVP_DecodeUpdate();
    test_wolfSSL_EVP_DecodeFinal();
    test_wolfSSL_CTX_add_extra_chain_cert();
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
    test_wolfSSL_ERR_peek_last_error_line();
#endif
#ifndef NO_BIO
    test_wolfSSL_ERR_print_errors_cb();
    AssertFalse(test_wolfSSL_GetLoggingCb());
    AssertFalse(test_WOLFSSL_ERROR_MSG());
    AssertFalse(test_wc_ERR_remove_state());
    AssertFalse(test_wc_ERR_print_errors_fp());
#endif
    test_wolfSSL_set_options();
    test_wolfSSL_sk_SSL_CIPHER();
    test_wolfSSL_set1_curves_list();
    test_wolfSSL_set1_sigalgs_list();
    test_wolfSSL_PKCS7_certs();
    test_wolfSSL_X509_STORE_CTX();
    test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup();
    test_wolfSSL_X509_STORE_CTX_get0_current_issuer();
    test_wolfSSL_msgCb();
    test_wolfSSL_either_side();
    test_wolfSSL_DTLS_either_side();
    test_generate_cookie();
    test_wolfSSL_X509_STORE_set_flags();
    test_wolfSSL_X509_LOOKUP_load_file();
    test_wolfSSL_X509_Name_canon();
    test_wolfSSL_X509_LOOKUP_ctrl_file();
    test_wolfSSL_X509_LOOKUP_ctrl_hash_dir();
    test_wolfSSL_X509_NID();
    test_wolfSSL_X509_STORE_CTX_set_time();
    test_wolfSSL_get0_param();
    test_wolfSSL_X509_VERIFY_PARAM_set1_host();
    test_wolfSSL_X509_VERIFY_PARAM_set1_ip();
    test_wolfSSL_X509_STORE_CTX_get0_store();
    test_wolfSSL_X509_STORE();
    test_wolfSSL_X509_STORE_load_locations();
    test_X509_STORE_get0_objects();
    test_wolfSSL_X509_load_crl_file();
    test_wolfSSL_BN();
    test_wolfSSL_CTX_get0_set1_param();
#ifndef NO_BIO
    test_wolfSSL_PEM_read_bio();
    test_wolfSSL_BIO();
#endif
    test_wolfSSL_ASN1_STRING();
    test_wolfSSL_ASN1_BIT_STRING();
    test_wolfSSL_a2i_ASN1_INTEGER();
    test_wolfSSL_a2i_IPADDRESS();
    test_wolfSSL_X509();
    test_wolfSSL_X509_VERIFY_PARAM();
    test_wolfSSL_X509_sign();
    test_wolfSSL_X509_sign2();
    test_wolfSSL_X509_get0_tbs_sigalg();
    test_wolfSSL_X509_ALGOR_get0();
    test_wolfSSL_X509_get_X509_PUBKEY();
    test_wolfSSL_X509_PUBKEY_RSA();
    test_wolfSSL_X509_PUBKEY_EC();
    test_wolfSSL_X509_PUBKEY_DSA();
    test_wolfSSL_RAND();
    test_wolfSSL_BUF();
    test_wolfSSL_set_tlsext_status_type();
    test_wolfSSL_ASN1_TIME_adj();
    test_wolfSSL_ASN1_TIME_to_tm();
    test_wolfSSL_X509_cmp_time();
    test_wolfSSL_X509_time_adj();
    test_wolfSSL_CTX_set_client_CA_list();
    test_wolfSSL_CTX_add_client_CA();
    test_wolfSSL_CTX_set_srp_username();
    test_wolfSSL_CTX_set_srp_password();
    test_wolfSSL_CTX_set_keylog_callback();
    test_wolfSSL_CTX_get_keylog_callback();
    test_wolfSSL_Tls12_Key_Logging_test();
    test_wolfSSL_Tls13_Key_Logging_test();
    test_wolfSSL_Tls13_postauth();
    test_wolfSSL_CTX_set_ecdh_auto();
    test_wolfSSL_set_minmax_proto_version();
    test_wolfSSL_THREADID_hash();
    test_wolfSSL_RAND_set_rand_method();
    test_wolfSSL_RAND_bytes();
    test_wolfSSL_BN_rand();
    test_wolfSSL_pseudo_rand();
    test_wolfSSL_PKCS8_Compat();
    test_wolfSSL_PKCS8_d2i();
    test_error_queue_per_thread();
    test_wolfSSL_ERR_put_error();
#ifndef NO_BIO
    test_wolfSSL_ERR_print_errors();
#endif
    test_wolfSSL_HMAC();
    test_wolfSSL_CMAC();
    test_wolfSSL_OBJ();
    test_wolfSSL_i2a_ASN1_OBJECT();
    test_wolfSSL_OBJ_cmp();
    test_wolfSSL_OBJ_txt2nid();
    test_wolfSSL_OBJ_txt2obj();
    test_wolfSSL_i2t_ASN1_OBJECT();
    test_wolfSSL_PEM_write_bio_X509();
    test_wolfSSL_X509_NAME_ENTRY();
    test_wolfSSL_X509_set_name();
    test_wolfSSL_X509_set_notAfter();
    test_wolfSSL_X509_set_notBefore();
    test_wolfSSL_X509_set_version();
#ifndef NO_BIO
    test_wolfSSL_BIO_gets();
    test_wolfSSL_BIO_puts();
    test_wolfSSL_BIO_should_retry();
    test_wolfSSL_d2i_PUBKEY();
    test_wolfSSL_BIO_write();
    test_wolfSSL_BIO_connect();
    test_wolfSSL_BIO_accept();
    test_wolfSSL_BIO_printf();
    test_wolfSSL_BIO_f_md();
    test_wolfSSL_BIO_up_ref();
#endif
    test_wolfSSL_cert_cb();
    test_wolfSSL_SESSION();
    test_wolfSSL_ticket_keys();
    test_wolfSSL_DES_ecb_encrypt();
    test_wolfSSL_sk_GENERAL_NAME();
    test_wolfSSL_GENERAL_NAME_print();
    test_wolfSSL_sk_DIST_POINT();
    test_wolfSSL_MD4();
    test_wolfSSL_RSA();
    test_wolfSSL_RSA_DER();
    test_wolfSSL_RSA_get0_key();
    test_wolfSSL_RSA_meth();
    test_wolfSSL_verify_mode();
    test_wolfSSL_verify_depth();
    test_wolfSSL_HMAC_CTX();
    test_wolfSSL_msg_callback();
    test_wolfSSL_SHA();
    test_wolfSSL_DH_1536_prime();
    test_wolfSSL_PEM_write_DHparams();
    test_wolfSSL_PEM_read_DHparams();
    test_wolfSSL_AES_ecb_encrypt();
    test_wolfSSL_MD5();
    test_wolfSSL_MD5_Transform();
    test_wolfSSL_SHA_Transform();
    test_wolfSSL_SHA256();
    test_wolfSSL_SHA256_Transform();
    test_wolfSSL_SHA224();
    test_wolfSSL_SHA512_Transform();
    test_wolfSSL_X509_get_serialNumber();
    test_wolfSSL_X509_CRL();
    test_wolfSSL_d2i_X509_REQ();
    test_wolfSSL_PEM_read_X509();
    test_wolfSSL_PEM_read();
#ifndef NO_BIO
    test_wolfSSL_PEM_X509_INFO_read_bio();
    test_wolfSSL_PEM_read_bio_ECPKParameters();
#endif
    test_wolfSSL_X509_STORE_get1_certs();
    test_wolfSSL_X509_NAME_ENTRY_get_object();
    test_wolfSSL_OpenSSL_add_all_algorithms();
    test_wolfSSL_OPENSSL_hexstr2buf();
    test_wolfSSL_ASN1_STRING_print_ex();
    test_wolfSSL_ASN1_TIME_to_generalizedtime();
    test_wolfSSL_ASN1_INTEGER_get_set();
    test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS();
    test_wolfSSL_i2c_ASN1_INTEGER();
    test_wolfSSL_X509_check_ca();
    test_wolfSSL_X509_check_ip_asc();
    test_wolfSSL_DC_cert();
    test_wolfSSL_DES_ncbc();
    test_wolfSSL_AES_cbc_encrypt();
    test_wolfssl_EVP_aes_gcm_AAD_2_parts();
    test_wolfssl_EVP_aes_gcm();
    test_wolfSSL_PKEY_up_ref();
    test_wolfSSL_EVP_Cipher_extra();
    test_wolfSSL_d2i_and_i2d_PublicKey();
    test_wolfSSL_d2i_and_i2d_DSAparams();
    test_wolfSSL_i2d_PrivateKey();
    test_wolfSSL_OCSP_id_get0_info();
    test_wolfSSL_i2d_OCSP_CERTID();
    test_wolfSSL_OCSP_id_cmp();
    test_wolfSSL_OCSP_SINGLERESP_get0_id();
    test_wolfSSL_OCSP_single_get0_status();
    test_wolfSSL_OCSP_resp_count();
    test_wolfSSL_OCSP_resp_get0();
    test_wolfSSL_EVP_PKEY_derive();
    test_wolfSSL_EVP_PBE_scrypt();
#ifndef NO_RSA
    test_wolfSSL_RSA_padding_add_PKCS1_PSS();
#endif
    test_wolfSSL_RSA_sign_sha3();

    test_CONF_modules_xxx();
    test_CRYPTO_set_dynlock_xxx();
    test_CRYPTO_THREADID_xxx();
    test_ENGINE_cleanup();
    test_wolfSSL_EC_KEY_set_group();
#if defined(OPENSSL_ALL)
    test_wolfSSL_X509_PUBKEY_get();
    test_wolfSSL_sk_CIPHER_description();
    test_wolfSSL_get_ciphers_compat();
    test_wolfSSL_d2i_DHparams();
    test_wolfSSL_i2d_DHparams();
    test_wolfSSL_ASN1_STRING_to_UTF8();
    test_wolfSSL_ASN1_UNIVERSALSTRING_to_string();
    test_wolfSSL_EC_KEY_dup();
    test_wolfSSL_EVP_PKEY_set1_get1_DSA();
    test_wolfSSL_DSA_SIG();
    test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
    test_wolfSSL_EVP_PKEY_set1_get1_DH();
    test_wolfSSL_CTX_ctrl();
    test_wolfSSL_DH_check();
    test_wolfSSL_EVP_PKEY_assign();
    test_wolfSSL_EVP_PKEY_base_id();
    test_wolfSSL_EVP_PKEY_id();
    test_wolfSSL_EVP_PKEY_keygen();
    test_wolfSSL_EVP_PKEY_keygen_init();
    test_wolfSSL_EVP_PKEY_missing_parameters();
    test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits();
    test_wolfSSL_EVP_CIPHER_CTX_iv_length();
    test_wolfSSL_EVP_CIPHER_CTX_key_length();
    test_wolfSSL_EVP_CIPHER_CTX_set_key_length();
    test_wolfSSL_EVP_CIPHER_CTX_set_iv();
    test_wolfSSL_EVP_PKEY_CTX_new_id();
    test_wolfSSL_EVP_rc4();
    test_wolfSSL_EVP_enc_null();
    test_wolfSSL_EVP_rc2_cbc();
    test_wolfSSL_EVP_mdc2();
    test_wolfSSL_EVP_md4();
    test_wolfSSL_EVP_aes_256_gcm();
    test_wolfSSL_EVP_aes_192_gcm();
    test_wolfSSL_EVP_ripemd160();
    test_wolfSSL_EVP_get_digestbynid();
    test_wolfSSL_EVP_MD_nid();
    test_wolfSSL_EVP_PKEY_get0_EC_KEY();
    test_wolfSSL_EVP_X_STATE();
    test_wolfSSL_EVP_X_STATE_LEN();
    test_wolfSSL_EVP_CIPHER_block_size();
    test_wolfSSL_EVP_CIPHER_iv_length();
    test_wolfSSL_EVP_SignInit_ex();
    test_wolfSSL_EVP_DigestFinal_ex();
    test_wolfSSL_EVP_PKEY_assign_DH();
    test_wolfSSL_EVP_BytesToKey();
    test_wolfSSL_EVP_PKEY_param_check();
    test_wolfSSL_QT_EVP_PKEY_CTX_free();
    test_IncCtr();
    test_wolfSSL_OBJ_ln();
    test_wolfSSL_OBJ_sn();
    test_wolfSSL_TXT_DB();
    test_wolfSSL_NCONF();

#endif /* OPENSSL_ALL */

#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
    AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
#ifndef NO_BIO
    test_wolfSSL_d2i_PrivateKeys_bio();
#endif
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */

    test_wolfSSL_X509_CA_num();
    test_wolfSSL_X509_get_version();
#ifndef NO_BIO
    test_wolfSSL_X509_print();
    test_wolfSSL_BIO_get_len();
#endif
    test_wolfSSL_RSA_verify();
    test_wolfSSL_X509V3_EXT_get();
    test_wolfSSL_X509V3_EXT_nconf();
    test_wolfSSL_X509V3_EXT();
    test_wolfSSL_X509_get_extension_flags();
    test_wolfSSL_X509_get_ext();
    test_wolfSSL_X509_get_ext_by_NID();
    test_wolfSSL_X509_get_ext_subj_alt_name();
    test_wolfSSL_X509_get_ext_count();
    test_wolfSSL_X509_EXTENSION_new();
    test_wolfSSL_X509_EXTENSION_get_object();
    test_wolfSSL_X509_EXTENSION_get_data();
    test_wolfSSL_X509_EXTENSION_get_critical();
    test_wolfSSL_X509V3_EXT_print();
    test_wolfSSL_X509_cmp();
#ifndef NO_BIO
    test_wolfSSL_RSA_print();
    test_wolfSSL_ASN1_STRING_print();
#endif
    test_wolfSSL_ASN1_get_object();
    test_openssl_generate_key_and_cert();

    test_wolfSSL_EC_get_builtin_curves();

    test_wolfSSL_CRYPTO_memcmp();
    test_wolfSSL_read_detect_TCP_disconnect();
    /* test the no op functions for compatibility */
    test_no_op_functions();

    /* OpenSSL EVP_PKEY API tests */
    test_EVP_PKEY_rsa();
    test_wolfSSL_EVP_PKEY_encrypt();
    test_wolfSSL_EVP_PKEY_sign();
    test_EVP_PKEY_ec();
    test_EVP_PKEY_cmp();
    /* OpenSSL error API tests */
    test_ERR_load_crypto_strings();
    /* OpenSSL sk_X509 API test */
    test_sk_X509();
    /* OpenSSL X509 API test */
    test_X509_get_signature_nid();
    /* OpenSSL X509 REQ API test */
    test_X509_REQ();
    /* OpenSSL PKCS7 API test */
    test_wolfssl_PKCS7();
    test_wolfSSL_PKCS7_SIGNED_new();
#ifndef NO_BIO
    test_wolfSSL_PEM_write_bio_PKCS7();
#ifdef HAVE_SMIME
    test_wolfSSL_SMIME_read_PKCS7();
#endif
#endif

    /* wolfCrypt ASN tests */
    test_wc_CreateEncryptedPKCS8Key();
    test_wc_GetPkcs8TraditionalOffset();
    test_wc_SetSubjectRaw();
    test_wc_GetSubjectRaw();
    test_wc_SetIssuerRaw();
    test_wc_SetIssueBuffer();
    test_wc_SetSubjectKeyId();
    test_wc_SetSubject();
    test_CheckCertSignature();

    /* wolfCrypt ECC tests */
    test_wc_ecc_get_curve_size_from_name();
    test_wc_ecc_get_curve_id_from_name();
    test_wc_ecc_get_curve_id_from_params();
#ifdef WOLFSSL_TLS13
    /* TLS v1.3 API tests */
    test_tls13_apis();
#endif

#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
                           !defined(WOLFSSL_NO_CLIENT_AUTH))
    /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
    /* Bad certificate signature tests */
    AssertIntEQ(test_EccSigFailure_cm(), ASN_SIG_CONFIRM_E);
    AssertIntEQ(test_RsaSigFailure_cm(), ASN_SIG_CONFIRM_E);
#endif /* NO_CERTS */

#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
    !defined(NO_OLD_TLS))
    /* public key callback tests */
    test_DhCallbacks();
#endif


#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
    test_export_keying_material();
#endif /* HAVE_KEYING_MATERIAL */

    test_wolfSSL_CTX_get_min_proto_version();

    test_wolfSSL_security_level();
    test_wolfSSL_SSL_in_init();
    test_wolfSSL_EC_curve();
    test_wolfSSL_CTX_set_timeout();
    test_wolfSSL_OpenSSL_version();
    test_wolfSSL_set_psk_use_session_callback();

    test_CONF_CTX_FILE();
    test_CONF_CTX_CMDLINE();
    test_wolfSSL_CRYPTO_get_ex_new_index();
    test_wolfSSL_DH();

    /*wolfcrypt */
    printf("\n-----------------wolfcrypt unit tests------------------\n");
    AssertFalse(test_wolfCrypt_Init());
    AssertFalse(test_wc_InitMd5());
    AssertFalse(test_wc_Md5Update());
    AssertFalse(test_wc_Md5Final());
    AssertFalse(test_wc_InitSha());
    AssertFalse(test_wc_ShaUpdate());
    AssertFalse(test_wc_ShaFinal());
    AssertFalse(test_wc_InitSha256());
    AssertFalse(test_wc_Sha256Update());
    AssertFalse(test_wc_Sha256Final());
    AssertFalse(test_wc_Sha256FinalRaw());
    AssertFalse(test_wc_Sha256GetFlags());
    AssertFalse(test_wc_Sha256Free());
    AssertFalse(test_wc_Sha256GetHash());
    AssertFalse(test_wc_Sha256Copy());
    AssertFalse(test_wc_InitSha512());
    AssertFalse(test_wc_Sha512Update());
    AssertFalse(test_wc_Sha512Final());
    AssertFalse(test_wc_Sha512GetFlags());
    AssertFalse(test_wc_Sha512FinalRaw());
    AssertFalse(test_wc_Sha512Free());
    AssertFalse(test_wc_Sha512GetHash());
    AssertFalse(test_wc_Sha512Copy());

    AssertFalse(test_wc_InitSha512_224());
    AssertFalse(test_wc_Sha512_224Update());
    AssertFalse(test_wc_Sha512_224Final());
    AssertFalse(test_wc_Sha512_224GetFlags());
    AssertFalse(test_wc_Sha512_224FinalRaw());
    AssertFalse(test_wc_Sha512_224Free());
    AssertFalse(test_wc_Sha512_224GetHash());
    AssertFalse(test_wc_Sha512_224Copy());
    AssertFalse(test_wc_InitSha512_256());
    AssertFalse(test_wc_Sha512_256Update());
    AssertFalse(test_wc_Sha512_256Final());
    AssertFalse(test_wc_Sha512_256GetFlags());
    AssertFalse(test_wc_Sha512_256FinalRaw());
    AssertFalse(test_wc_Sha512_256Free());
    AssertFalse(test_wc_Sha512_256GetHash());
    AssertFalse(test_wc_Sha512_256Copy());

    AssertFalse(test_wc_InitSha384());
    AssertFalse(test_wc_Sha384Update());
    AssertFalse(test_wc_Sha384Final());
    AssertFalse(test_wc_Sha384GetFlags());
    AssertFalse(test_wc_Sha384FinalRaw());
    AssertFalse(test_wc_Sha384Free());
    AssertFalse(test_wc_Sha384GetHash());
    AssertFalse(test_wc_Sha384Copy());
    AssertFalse(test_wc_InitSha224());
    AssertFalse(test_wc_Sha224Update());
    AssertFalse(test_wc_Sha224Final());
    AssertFalse(test_wc_Sha224SetFlags());
    AssertFalse(test_wc_Sha224GetFlags());
    AssertFalse(test_wc_Sha224Free());
    AssertFalse(test_wc_Sha224GetHash());
    AssertFalse(test_wc_Sha224Copy());
    AssertFalse(test_wc_InitBlake2b());
    AssertFalse(test_wc_InitBlake2b_WithKey());
    AssertFalse(test_wc_InitBlake2s_WithKey());
    AssertFalse(test_wc_InitRipeMd());
    AssertFalse(test_wc_RipeMdUpdate());
    AssertFalse(test_wc_RipeMdFinal());

    AssertIntEQ(test_wc_InitSha3(), 0);
    AssertIntEQ(testing_wc_Sha3_Update(), 0);
    AssertIntEQ(test_wc_Sha3_224_Final(), 0);
    AssertIntEQ(test_wc_Sha3_256_Final(), 0);
    AssertIntEQ(test_wc_Sha3_384_Final(), 0);
    AssertIntEQ(test_wc_Sha3_512_Final(), 0);
    AssertIntEQ(test_wc_Sha3_224_Copy(), 0);
    AssertIntEQ(test_wc_Sha3_256_Copy(), 0);
    AssertIntEQ(test_wc_Sha3_384_Copy(), 0);
    AssertIntEQ(test_wc_Sha3_512_Copy(), 0);
    AssertIntEQ(test_wc_Sha3_GetFlags(), 0);
    AssertIntEQ(test_wc_InitShake256(), 0);
    AssertIntEQ(testing_wc_Shake256_Update(), 0);
    AssertIntEQ(test_wc_Shake256_Final(), 0);
    AssertIntEQ(test_wc_Shake256_Copy(), 0);
    AssertIntEQ(test_wc_Shake256Hash(), 0);

    AssertFalse(test_wc_Md5HmacSetKey());
    AssertFalse(test_wc_Md5HmacUpdate());
    AssertFalse(test_wc_Md5HmacFinal());
    AssertFalse(test_wc_ShaHmacSetKey());
    AssertFalse(test_wc_ShaHmacUpdate());
    AssertFalse(test_wc_ShaHmacFinal());
    AssertFalse(test_wc_Sha224HmacSetKey());
    AssertFalse(test_wc_Sha224HmacUpdate());
    AssertFalse(test_wc_Sha224HmacFinal());
    AssertFalse(test_wc_Sha256HmacSetKey());
    AssertFalse(test_wc_Sha256HmacUpdate());
    AssertFalse(test_wc_Sha256HmacFinal());
    AssertFalse(test_wc_Sha384HmacSetKey());
    AssertFalse(test_wc_Sha384HmacUpdate());
    AssertFalse(test_wc_Sha384HmacFinal());

    AssertIntEQ(test_wc_HashInit(), 0);
    AssertIntEQ(test_wc_HashSetFlags(), 0);
    AssertIntEQ(test_wc_HashGetFlags(), 0);

    AssertIntEQ(test_wc_InitCmac(), 0);
    AssertIntEQ(test_wc_CmacUpdate(), 0);
    AssertIntEQ(test_wc_CmacFinal(), 0);
    AssertIntEQ(test_wc_AesCmacGenerate(), 0);
    AssertIntEQ(test_wc_AesGcmStream(), 0);

    AssertIntEQ(test_wc_Des3_SetIV(), 0);
    AssertIntEQ(test_wc_Des3_SetKey(), 0);
    AssertIntEQ(test_wc_Des3_CbcEncryptDecrypt(), 0);
    AssertIntEQ(test_wc_Des3_CbcEncryptDecryptWithKey(), 0);
    AssertIntEQ(test_wc_Des3_EcbEncrypt(), 0);
    AssertIntEQ(test_wc_IdeaSetKey(), 0);
    AssertIntEQ(test_wc_IdeaSetIV(), 0);
    AssertIntEQ(test_wc_IdeaCipher(), 0);
    AssertIntEQ(test_wc_IdeaCbcEncyptDecrypt(), 0);
    AssertIntEQ(test_wc_Chacha_SetKey(), 0);
    AssertIntEQ(test_wc_Chacha_Process(), 0);
    AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0);
    AssertIntEQ(test_wc_Poly1305SetKey(), 0);

    AssertIntEQ(test_wc_CamelliaSetKey(), 0);
    AssertIntEQ(test_wc_CamelliaSetIV(), 0);
    AssertIntEQ(test_wc_CamelliaEncryptDecryptDirect(), 0);
    AssertIntEQ(test_wc_CamelliaCbcEncryptDecrypt(), 0);


    AssertIntEQ(test_wc_RabbitSetKey(), 0);
    AssertIntEQ(test_wc_RabbitProcess(), 0);

    AssertIntEQ(test_wc_Arc4SetKey(), 0);
    AssertIntEQ(test_wc_Arc4Process(), 0);

    AssertIntEQ(test_wc_Rc2SetKey(), 0);
    AssertIntEQ(test_wc_Rc2SetIV(), 0);
    AssertIntEQ(test_wc_Rc2EcbEncryptDecrypt(), 0);
    AssertIntEQ(test_wc_Rc2CbcEncryptDecrypt(), 0);

    AssertIntEQ(test_wc_AesSetKey(), 0);
    AssertIntEQ(test_wc_AesSetIV(), 0);
    AssertIntEQ(test_wc_AesCbcEncryptDecrypt(), 0);
    AssertIntEQ(test_wc_AesCtrEncryptDecrypt(), 0);
    AssertIntEQ(test_wc_AesGcmSetKey(), 0);
    AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0);
    AssertIntEQ(test_wc_GmacSetKey(), 0);
    AssertIntEQ(test_wc_GmacUpdate(), 0);
    AssertIntEQ(test_wc_InitRsaKey(), 0);
    AssertIntEQ(test_wc_RsaPrivateKeyDecode(), 0);
    AssertIntEQ(test_wc_RsaPublicKeyDecode(), 0);
    AssertIntEQ(test_wc_RsaPublicKeyDecodeRaw(), 0);
    AssertIntEQ(test_wc_MakeRsaKey(), 0);
    AssertIntEQ(test_wc_SetKeyUsage (), 0);

    AssertIntEQ(test_wc_CheckProbablePrime (), 0);
    AssertIntEQ(test_wc_RsaPSS_Verify (), 0);
    AssertIntEQ(test_wc_RsaPSS_VerifyCheck (), 0);
    AssertIntEQ(test_wc_RsaPSS_VerifyCheckInline (), 0);

    AssertIntEQ(test_wc_SetMutexCb(), 0);
    AssertIntEQ(test_wc_LockMutex_ex(), 0);

    AssertIntEQ(test_wc_RsaKeyToDer(), 0);
    AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0);
    AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0);
    AssertIntEQ(test_wc_RsaPublicEncryptDecrypt_ex(), 0);
    AssertIntEQ(test_wc_RsaEncryptSize(), 0);
    AssertIntEQ(test_wc_RsaSSL_SignVerify(), 0);
    AssertIntEQ(test_wc_RsaFlattenPublicKey(), 0);
    AssertIntEQ(test_RsaDecryptBoundsCheck(), 0);
    AssertIntEQ(test_wc_AesCcmSetKey(), 0);
    AssertIntEQ(test_wc_AesCcmEncryptDecrypt(), 0);
    AssertIntEQ(test_wc_Hc128_SetKey(), 0);
    AssertIntEQ(test_wc_Hc128_Process(), 0);
    AssertIntEQ(test_wc_InitDsaKey(), 0);
    AssertIntEQ(test_wc_DsaSignVerify(), 0);
    AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0);
    AssertIntEQ(test_wc_MakeDsaKey(), 0);
    AssertIntEQ(test_wc_DsaKeyToDer(), 0);
    AssertIntEQ(test_wc_DsaKeyToPublicDer(), 0);
    AssertIntEQ(test_wc_DsaImportParamsRaw(), 0);
    AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0);
    AssertIntEQ(test_wc_DsaExportParamsRaw(), 0);
    AssertIntEQ(test_wc_DsaExportKeyRaw(), 0);
    AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0);
    AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0);
    wolfCrypt_Cleanup();

#ifdef OPENSSL_EXTRA
    /*wolfSSL_EVP_get_cipherbynid test*/
    test_wolfSSL_EVP_get_cipherbynid();
    test_wolfSSL_EVP_CIPHER_CTX();
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
    test_wolfSSL_EC();
#endif
    test_wolfSSL_ECDSA_SIG();
    test_ECDSA_size_sign();
    test_ED25519();
    test_ED448();
    test_EC_i2d();
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
    !defined(HAVE_SELFTEST) && \
    !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
    test_wc_ecc_get_curve_id_from_dp_params();
#endif

#ifdef HAVE_HASHDRBG
    #ifdef TEST_RESEED_INTERVAL
    AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0);
    #endif
    AssertIntEQ(test_wc_RNG_GenerateBlock(), 0);

#endif
    AssertIntEQ(test_get_rand_digit(), 0);
    AssertIntEQ(test_get_digit_count(), 0);
    AssertIntEQ(test_mp_cond_copy(), 0);
    AssertIntEQ(test_mp_rand(), 0);
    AssertIntEQ(test_get_digit(), 0);
    AssertIntEQ(test_wc_export_int(), 0);
    AssertIntEQ(test_wc_InitRngNonce(), 0);
    AssertIntEQ(test_wc_InitRngNonce_ex(), 0);
    AssertIntEQ(test_wc_ed25519_make_key(), 0);
    AssertIntEQ(test_wc_ed25519_init(), 0);
    AssertIntEQ(test_wc_ed25519_sign_msg(), 0);
    AssertIntEQ(test_wc_ed25519_import_public(), 0);
    AssertIntEQ(test_wc_ed25519_import_private_key(), 0);
    AssertIntEQ(test_wc_ed25519_export(), 0);
    AssertIntEQ(test_wc_ed25519_size(), 0);
    AssertIntEQ(test_wc_ed25519_exportKey(), 0);
    AssertIntEQ(test_wc_Ed25519PublicKeyToDer(), 0);
    AssertIntEQ(test_wc_curve25519_init(), 0);
    AssertIntEQ(test_wc_curve25519_size(), 0);
    AssertIntEQ(test_wc_curve25519_export_key_raw(), 0);
    AssertIntEQ(test_wc_curve25519_export_key_raw_ex(), 0);
    AssertIntEQ(test_wc_curve25519_size (), 0);
    AssertIntEQ(test_wc_curve25519_make_key (), 0);
    AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0);
    AssertIntEQ(test_wc_curve25519_make_pub (), 0);
    AssertIntEQ(test_wc_curve25519_export_public_ex (), 0);
    AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0);
    AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0);
    AssertIntEQ(test_wc_curve25519_import_private (), 0);
    AssertIntEQ(test_wc_ed448_make_key(), 0);
    AssertIntEQ(test_wc_ed448_init(), 0);
    AssertIntEQ(test_wc_ed448_sign_msg(), 0);
    AssertIntEQ(test_wc_ed448_import_public(), 0);
    AssertIntEQ(test_wc_ed448_import_private_key(), 0);
    AssertIntEQ(test_wc_ed448_export(), 0);
    AssertIntEQ(test_wc_ed448_size(), 0);
    AssertIntEQ(test_wc_ed448_exportKey(), 0);
    AssertIntEQ(test_wc_Ed448PublicKeyToDer(), 0);
    AssertIntEQ(test_wc_curve448_make_key (), 0);
    AssertIntEQ(test_wc_curve448_shared_secret_ex (), 0);
    AssertIntEQ(test_wc_curve448_export_public_ex (), 0);
    AssertIntEQ(test_wc_curve448_export_private_raw_ex (), 0);
    AssertIntEQ(test_wc_curve448_export_key_raw (), 0);
    AssertIntEQ(test_wc_curve448_import_private_raw_ex (), 0);
    AssertIntEQ(test_wc_curve448_import_private (), 0);
    AssertIntEQ(test_wc_curve448_init(), 0);
    AssertIntEQ(test_wc_curve448_size (), 0);
    AssertIntEQ(test_wc_ecc_make_key(), 0);
    AssertIntEQ(test_wc_ecc_init(), 0);
    AssertIntEQ(test_wc_ecc_check_key(), 0);
    AssertIntEQ(test_wc_ecc_get_generator(), 0);
    AssertIntEQ(test_wc_ecc_size(), 0);
    test_wc_ecc_params();
    AssertIntEQ(test_wc_ecc_signVerify_hash(), 0);
    PRIVATE_KEY_UNLOCK();
    AssertIntEQ(test_wc_ecc_shared_secret(), 0);
    AssertIntEQ(test_wc_ecc_export_x963(), 0);
    PRIVATE_KEY_LOCK();
    AssertIntEQ(test_wc_ecc_export_x963_ex(), 0);
    AssertIntEQ(test_wc_ecc_import_x963(), 0);
    AssertIntEQ(ecc_import_private_key(), 0);
    AssertIntEQ(test_wc_ecc_export_private_only(), 0);
    AssertIntEQ(test_wc_ecc_rs_to_sig(), 0);
    AssertIntEQ(test_wc_ecc_import_raw(), 0);
    AssertIntEQ(test_wc_ecc_import_unsigned(), 0);
    AssertIntEQ(test_wc_ecc_sig_size(), 0);
    AssertIntEQ(test_wc_ecc_ctx_new(), 0);
    AssertIntEQ(test_wc_ecc_ctx_reset(), 0);
    AssertIntEQ(test_wc_ecc_ctx_set_peer_salt(), 0);
    AssertIntEQ(test_wc_ecc_ctx_set_info(), 0);
    AssertIntEQ(test_wc_ecc_encryptDecrypt(), 0);
    AssertIntEQ(test_wc_ecc_del_point(), 0);
    AssertIntEQ(test_wc_ecc_pointFns(), 0);
    AssertIntEQ(test_wc_ecc_shared_secret_ssh(), 0);
    AssertIntEQ(test_wc_ecc_verify_hash_ex(), 0);
    AssertIntEQ(test_wc_ecc_mulmod(), 0);
    AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
    AssertIntEQ(test_wc_ecc_get_curve_id_from_oid(), 0);
    AssertIntEQ(test_wc_ecc_sig_size_calc(), 0);


    AssertIntEQ(test_ToTraditional(), 0);
    AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0);
    AssertIntEQ(test_wc_DhPublicKeyDecode(), 0);
    AssertIntEQ(test_wc_Ed25519KeyToDer(), 0);
    AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0);
    AssertIntEQ(test_wc_Ed448KeyToDer(), 0);
    AssertIntEQ(test_wc_Ed448PrivateKeyToDer(), 0);
    AssertIntEQ(test_wc_SetAuthKeyIdFromPublicKey_ex(), 0);
    AssertIntEQ(test_wc_SetSubjectBuffer(), 0);
    AssertIntEQ(test_wc_SetSubjectKeyIdFromPublicKey_ex(), 0);

    test_wc_PKCS7_New();
    test_wc_PKCS7_Init();
    test_wc_PKCS7_InitWithCert();
    test_wc_PKCS7_EncodeData();
    test_wc_PKCS7_EncodeSignedData();
    test_wc_PKCS7_EncodeSignedData_ex();
    test_wc_PKCS7_VerifySignedData();
    test_wc_PKCS7_EncodeDecodeEnvelopedData();
    test_wc_PKCS7_EncodeEncryptedData();
    test_wc_PKCS7_Degenerate();
    test_wc_PKCS7_BER();
    test_PKCS7_signed_enveloped();
    test_wc_PKCS7_NoDefaultSignedAttribs();
    test_wc_PKCS7_SetOriEncryptCtx();
    test_wc_PKCS7_SetOriDecryptCtx();
    test_wc_PKCS7_DecodeCompressedData();

    test_wc_i2d_PKCS12();

    test_wolfSSL_CTX_LoadCRL();

    test_wc_CryptoCb();
    test_wolfSSL_CTX_StaticMemory();

    AssertIntEQ(test_ForceZero(), 0);

    AssertIntEQ(test_wolfSSL_Cleanup(), WOLFSSL_SUCCESS);

#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
                           !defined(WOLFSSL_NO_CLIENT_AUTH))
    AssertIntEQ(test_various_pathlen_chains(), WOLFSSL_SUCCESS);
#endif

    /* If at some point a stub get implemented this test should fail indicating
     * a need to implement a new test case
     */
    test_stubs_are_stubs();
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
                      && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
    wc_ecc_fp_free();  /* free per thread cache */
#endif
    wolfSSL_Cleanup();

    (void)devId;

    printf(" End API Tests\n");

}