wolfSSL: Set up initial port

Includes some porting ideas from qursa-uc3m libcoap-wolfssl work. Some common ASN1 code moved from coap_gnutls.c to coap_asn1.c to support RPK. WolfSSL build $ ./configure --enable-all --enable-dtls13 CFLAGS="-DBUILD_TLS_PSK_WITH_AES_128_CCM -DHAVE_RPK" Interoperability requirements DTLS1.3 downgrade requires https://github.com/eclipse/tinydtls/pull/230 https://github.com/wolfSSL/wolfssl/pull/7367 TLS1.3 downgrade requires https://github.com/wolfSSL/wolfssl/pull/7367 (D)TLS1.2 use of RPK requires https://github.com/wolfSSL/wolfssl/pull/7375 MbedTLS using TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 requires https://github.com/wolfSSL/wolfssl/pull/7132 GnuTLS using PSK and TLS1.3 requires https://github.com/wolfSSL/wolfssl/pull/7407
2025-10-14 02:19:34 +08:00 · 2024-04-10 14:16:36 +00:00
parent 04b239f55a
commit e3a662a934
53 changed files with 3612 additions and 125 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -30,12 +30,12 @@ jobs:
    strategy:
      matrix:
        CC: ["gcc", "clang"]
-        TLS: ["no", "openssl", "gnutls", "mbedtls"]
+        TLS: ["no", "openssl", "gnutls", "mbedtls", "wolfssl"]
    steps:
      - uses: actions/checkout@v4
      - name: setup
        run: |
-          sudo apt-get update && sudo apt-get install -y libcunit1-dev libmbedtls-dev libgnutls28-dev libtool libtool-bin exuberant-ctags valgrind
+          sudo apt-get update && sudo apt-get install -y libcunit1-dev libmbedtls-dev libgnutls28-dev libwolfssl-dev libtool libtool-bin exuberant-ctags valgrind
          ./autogen.sh
      - name: configure no-TLS
        if: matrix.TLS == 'no'
@@ -80,14 +80,14 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        TLS: ["no", "openssl", "gnutls", "mbedtls", "tinydtls"]
+        TLS: ["no", "openssl", "gnutls", "mbedtls", "wolfssl", "tinydtls"]
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive
      - name: setup
        run: |
-          sudo apt-get update && sudo apt-get install -y libcunit1-dev libmbedtls-dev libgnutls28-dev
+          sudo apt-get update && sudo apt-get install -y libcunit1-dev libmbedtls-dev libgnutls28-dev libwolfssl-dev
          cmake -E make_directory $GITHUB_WORKSPACE/build-${{matrix.TLS}}-cmake
      - name: configure no-TLS
        if: matrix.TLS == 'no'
--- a/3
+++ b/3
@@ -99,6 +99,9 @@ Note: FreeBSD requires gmake instead of make when building TinyDTLS - i.e.
 # With OpenSSL
 ./configure --with-openssl --enable-tests --enable-shared
 # With wolfSSL
 ./configure --with-wolfssl --enable-tests --enable-shared
 # With GnuTLS
 ./configure --with-gnutls --enable-tests --enable-shared
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -103,17 +103,18 @@ set(DTLS_BACKEND
      STRING
      "\
 Name of the dtls backend, only relevant if `ENABLE_DTLS` is ON which is default. \
-Possible values: default, gnutls, openssl, tinydtls and mbedtls. \
+Possible values: default, gnutls, openssl, wolfssl, tinydtls and mbedtls. \
 If specified then this library will be searched and if found also used. \
 If not found then the cmake configuration will stop with an error. \
 If not specified, then cmake will try to use the first one found in the following order: \
-gnutls, openssl, tinydtls, mbedtls \
+gnutls, openssl, wolfssl, tinydtls, mbedtls \
    ")
 set_property(
  CACHE DTLS_BACKEND
  PROPERTY STRINGS
           default
           openssl
           wolfssl
           gnutls
           tinydtls
           mbedtls)
@@ -425,6 +426,7 @@ set(WITH_GNUTLS OFF)
 set(WITH_OPENSSL OFF)
 set(WITH_TINYDTLS OFF)
 set(WITH_MBEDTLS OFF)
 set(WITH_WOLFSSL OFF)
 function(compile_tinydtls)
  set(TINYDTLS_SOURCES_DIR ${CMAKE_CURRENT_LIST_DIR}/ext/tinydtls)
@@ -509,33 +511,43 @@ if(ENABLE_DTLS)
        set(COAP_WITH_LIBOPENSSL 1)
      else()
        # openssl not found
-        # libmbedtls (e.g. debian libmbedtls-dev)
+        # wolfSSL
-        find_package(MbedTLS)
+        find_package(wolfSSL)
-        if(MbedTLS_FOUND)
+        if(wolfSSL_FOUND)
-          set(WITH_MBEDTLS ON)
+          set(WITH_WOLFSSL ON)
-          message(STATUS "compiling with mbedtls support")
+          message(STATUS "compiling with wolfssl support")
-          set(COAP_WITH_LIBMBEDTLS 1)
+          set(COAP_WITH_LIBWOLFSSL 1)
        else()
-          # mbedtls not found
+          # wolfssl not found
-          if(USE_VENDORED_TINYDTLS)
+          # libmbedtls (e.g. debian libmbedtls-dev)
-            compile_tinydtls()
+          find_package(MbedTLS)
          if(MbedTLS_FOUND)
            set(WITH_MBEDTLS ON)
            message(STATUS "compiling with mbedtls support")
            set(COAP_WITH_LIBMBEDTLS 1)
          else()
-            find_package(TinyDTLS)
+            # mbedtls not found
-            if(TINYDTLS_FOUND)
+            if(USE_VENDORED_TINYDTLS)
-
+              compile_tinydtls()
            else()
-              # no cryto lib found
+              find_package(TinyDTLS)
-              message(
+              if(TINYDTLS_FOUND)
-                FATAL_ERROR
+
-                  "cannot find any cryto lib, either install one or compile without DTLS support"
+              else()
-              )
+                # no cryto lib found
                message(
                  FATAL_ERROR
                    "cannot find any cryto lib, either install one or compile without DTLS support"
                )
              endif()
            endif()
-          endif()
+            set(WITH_TINYDTLS ON)
            message(STATUS "compiling with tinydtls support")
            set(COAP_WITH_LIBTINYDTLS 1)
-          set(WITH_TINYDTLS ON)
+          endif()
          message(STATUS "compiling with tinydtls support")
          set(COAP_WITH_LIBTINYDTLS 1)
        endif()
@@ -570,6 +582,15 @@ if(ENABLE_DTLS)
      set(COAP_WITH_LIBOPENSSL 1)
    endif()
    if(DTLS_BACKEND
        STREQUAL
        "wolfssl")
      find_package(wolfSSL REQUIRED)
      set(WITH_WOLFSSL ON)
      message(STATUS "compiling with wolfssl support")
      set(COAP_WITH_LIBWOLFSSL 1)
    endif()
    if(DTLS_BACKEND
       STREQUAL
       "mbedtls")
@@ -600,6 +621,16 @@ if(ENABLE_DTLS)
 endif()
 if(WITH_WOLFSSL)
  find_library(WOLFSSL_LIBRARY wolfssl HINTS /usr/local/lib)
  find_path(WOLFSSL_INCLUDE_DIR wolfssl/wolfcrypt/settings.h HINTS /usr/local/include)
  if(WOLFSSL_LIBRARY AND WOLFSSL_INCLUDE_DIR)
    message(STATUS "compiling with wolfssl support")
  else()
    message(FATAL_ERROR "WolfSSL not found")
  endif()
 endif()
 execute_process(COMMAND git describe --tags --dirty --always
                RESULT_VARIABLE USING_GIT
                OUTPUT_VARIABLE LIBCOAP_PACKAGE_BUILD
@@ -649,10 +680,12 @@ message(STATUS "DTLS_BACKEND:....................${DTLS_BACKEND}")
 message(STATUS "WITH_GNUTLS:.....................${WITH_GNUTLS}")
 message(STATUS "WITH_TINYDTLS:...................${WITH_TINYDTLS}")
 message(STATUS "WITH_OPENSSL:....................${WITH_OPENSSL}")
 message(STATUS "WITH_WOLFSSL:....................${WITH_WOLFSSL}")
 message(STATUS "WITH_MBEDTLS:....................${WITH_MBEDTLS}")
 message(STATUS "HAVE_LIBTINYDTLS:................${COAP_WITH_LIBTINYDTLS}")
 message(STATUS "HAVE_LIBGNUTLS:..................${COAP_WITH_LIBGNUTLS}")
 message(STATUS "HAVE_LIBOPENSSL:.................${COAP_WITH_LIBOPENSSL}")
 message(STATUS "HAVE_LIBWOLFSSL:.................${COAP_WITH_LIBWOLFSSL}")
 message(STATUS "HAVE_LIBMBEDTLS:.................${COAP_WITH_LIBMBEDTLS}")
 message(STATUS "WITH_EPOLL:......................${WITH_EPOLL}")
 message(STATUS "WITH_OBSERVE_PERSIST:............${WITH_OBSERVE_PERSIST}")
@@ -723,6 +756,7 @@ target_sources(
          ${CMAKE_CURRENT_LIST_DIR}/src/coap_ws.c
          # no need to parse those files if we do not need them
          $<$<BOOL:${COAP_WITH_LIBOPENSSL}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_openssl.c>
          $<$<BOOL:${COAP_WITH_LIBWOLFSSL}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_wolfssl.c>
          $<$<BOOL:${COAP_WITH_LIBTINYDTLS}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_tinydtls.c>
          $<$<BOOL:${COAP_WITH_LIBGNUTLS}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_gnutls.c>
          $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_mbedtls.c>
@@ -765,7 +799,8 @@ target_include_directories(
         $<INSTALL_INTERFACE:include/>
         $<$<AND:$<BOOL:${COAP_WITH_LIBTINYDTLS}>,$<BOOL:${USE_VENDORED_TINYDTLS}>>:${CMAKE_BINARY_DIR}/include/tinydtls>
         $<$<BOOL:${COAP_WITH_LIBGNUTLS}>:${GNUTLS_INCLUDE_DIR}>
-         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDTLS_INCLUDE_DIRS}>)
+         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDTLS_INCLUDE_DIRS}>
         $<$<BOOL:${COAP_WITH_LIBWOLFSSL}>:${WOLFSSL_INCLUDE_DIR}>)
 target_link_libraries(
  ${COAP_LIBRARY_NAME}
  PUBLIC $<$<BOOL:${COAP_WITH_LIBOPENSSL}>:OpenSSL::SSL>
@@ -775,6 +810,7 @@ target_link_libraries(
         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDTLS_LIBRARY}>
         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDX509_LIBRARY}>
         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDCRYPTO_LIBRARY}>
         $<$<BOOL:${COAP_WITH_LIBWOLFSSL}>:${WOLFSSL_LIBRARY}>
         $<$<BOOL:${MINGW}>:ws2_32>)
 target_compile_options(
--- a/CMakeLists.txt.in
+++ b/CMakeLists.txt.in
@@ -103,17 +103,18 @@ set(DTLS_BACKEND
      STRING
      "\
 Name of the dtls backend, only relevant if `ENABLE_DTLS` is ON which is default. \
-Possible values: default, gnutls, openssl, tinydtls and mbedtls. \
+Possible values: default, gnutls, openssl, wolfssl, tinydtls and mbedtls. \
 If specified then this library will be searched and if found also used. \
 If not found then the cmake configuration will stop with an error. \
 If not specified, then cmake will try to use the first one found in the following order: \
-gnutls, openssl, tinydtls, mbedtls \
+gnutls, openssl, wolfssl, tinydtls, mbedtls \
    ")
 set_property(
  CACHE DTLS_BACKEND
  PROPERTY STRINGS
           default
           openssl
           wolfssl
           gnutls
           tinydtls
           mbedtls)
@@ -425,6 +426,7 @@ set(WITH_GNUTLS OFF)
 set(WITH_OPENSSL OFF)
 set(WITH_TINYDTLS OFF)
 set(WITH_MBEDTLS OFF)
 set(WITH_WOLFSSL OFF)
 function(compile_tinydtls)
  set(TINYDTLS_SOURCES_DIR ${CMAKE_CURRENT_LIST_DIR}/ext/tinydtls)
@@ -509,33 +511,43 @@ if(ENABLE_DTLS)
        set(COAP_WITH_LIBOPENSSL 1)
      else()
        # openssl not found
-        # libmbedtls (e.g. debian libmbedtls-dev)
+        # wolfSSL
-        find_package(MbedTLS)
+        find_package(wolfSSL)
-        if(MbedTLS_FOUND)
+        if(wolfSSL_FOUND)
-          set(WITH_MBEDTLS ON)
+          set(WITH_WOLFSSL ON)
-          message(STATUS "compiling with mbedtls support")
+          message(STATUS "compiling with wolfssl support")
-          set(COAP_WITH_LIBMBEDTLS 1)
+          set(COAP_WITH_LIBWOLFSSL 1)
        else()
-          # mbedtls not found
+          # wolfssl not found
-          if(USE_VENDORED_TINYDTLS)
+          # libmbedtls (e.g. debian libmbedtls-dev)
-            compile_tinydtls()
+          find_package(MbedTLS)
          if(MbedTLS_FOUND)
            set(WITH_MBEDTLS ON)
            message(STATUS "compiling with mbedtls support")
            set(COAP_WITH_LIBMBEDTLS 1)
          else()
-            find_package(TinyDTLS)
+            # mbedtls not found
-            if(TINYDTLS_FOUND)
+            if(USE_VENDORED_TINYDTLS)
-
+              compile_tinydtls()
            else()
-              # no cryto lib found
+              find_package(TinyDTLS)
-              message(
+              if(TINYDTLS_FOUND)
-                FATAL_ERROR
+
-                  "cannot find any cryto lib, either install one or compile without DTLS support"
+              else()
-              )
+                # no cryto lib found
                message(
                  FATAL_ERROR
                    "cannot find any cryto lib, either install one or compile without DTLS support"
                )
              endif()
            endif()
-          endif()
+            set(WITH_TINYDTLS ON)
            message(STATUS "compiling with tinydtls support")
            set(COAP_WITH_LIBTINYDTLS 1)
-          set(WITH_TINYDTLS ON)
+          endif()
          message(STATUS "compiling with tinydtls support")
          set(COAP_WITH_LIBTINYDTLS 1)
        endif()
@@ -570,6 +582,15 @@ if(ENABLE_DTLS)
      set(COAP_WITH_LIBOPENSSL 1)
    endif()
    if(DTLS_BACKEND
        STREQUAL
        "wolfssl")
      find_package(wolfSSL REQUIRED)
      set(WITH_WOLFSSL ON)
      message(STATUS "compiling with wolfssl support")
      set(COAP_WITH_LIBWOLFSSL 1)
    endif()
    if(DTLS_BACKEND
       STREQUAL
       "mbedtls")
@@ -600,6 +621,16 @@ if(ENABLE_DTLS)
 endif()
 if(WITH_WOLFSSL)
  find_library(WOLFSSL_LIBRARY wolfssl HINTS /usr/local/lib)
  find_path(WOLFSSL_INCLUDE_DIR wolfssl/wolfcrypt/settings.h HINTS /usr/local/include)
  if(WOLFSSL_LIBRARY AND WOLFSSL_INCLUDE_DIR)
    message(STATUS "compiling with wolfssl support")
  else()
    message(FATAL_ERROR "WolfSSL not found")
  endif()
 endif()
 execute_process(COMMAND git describe --tags --dirty --always
                RESULT_VARIABLE USING_GIT
                OUTPUT_VARIABLE LIBCOAP_PACKAGE_BUILD
@@ -649,10 +680,12 @@ message(STATUS "DTLS_BACKEND:....................${DTLS_BACKEND}")
 message(STATUS "WITH_GNUTLS:.....................${WITH_GNUTLS}")
 message(STATUS "WITH_TINYDTLS:...................${WITH_TINYDTLS}")
 message(STATUS "WITH_OPENSSL:....................${WITH_OPENSSL}")
 message(STATUS "WITH_WOLFSSL:....................${WITH_WOLFSSL}")
 message(STATUS "WITH_MBEDTLS:....................${WITH_MBEDTLS}")
 message(STATUS "HAVE_LIBTINYDTLS:................${COAP_WITH_LIBTINYDTLS}")
 message(STATUS "HAVE_LIBGNUTLS:..................${COAP_WITH_LIBGNUTLS}")
 message(STATUS "HAVE_LIBOPENSSL:.................${COAP_WITH_LIBOPENSSL}")
 message(STATUS "HAVE_LIBWOLFSSL:.................${COAP_WITH_LIBWOLFSSL}")
 message(STATUS "HAVE_LIBMBEDTLS:.................${COAP_WITH_LIBMBEDTLS}")
 message(STATUS "WITH_EPOLL:......................${WITH_EPOLL}")
 message(STATUS "WITH_OBSERVE_PERSIST:............${WITH_OBSERVE_PERSIST}")
@@ -723,6 +756,7 @@ target_sources(
          ${CMAKE_CURRENT_LIST_DIR}/src/coap_ws.c
          # no need to parse those files if we do not need them
          $<$<BOOL:${COAP_WITH_LIBOPENSSL}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_openssl.c>
          $<$<BOOL:${COAP_WITH_LIBWOLFSSL}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_wolfssl.c>
          $<$<BOOL:${COAP_WITH_LIBTINYDTLS}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_tinydtls.c>
          $<$<BOOL:${COAP_WITH_LIBGNUTLS}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_gnutls.c>
          $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${CMAKE_CURRENT_LIST_DIR}/src/coap_mbedtls.c>
@@ -765,7 +799,8 @@ target_include_directories(
         $<INSTALL_INTERFACE:include/>
         $<$<AND:$<BOOL:${COAP_WITH_LIBTINYDTLS}>,$<BOOL:${USE_VENDORED_TINYDTLS}>>:${CMAKE_BINARY_DIR}/include/tinydtls>
         $<$<BOOL:${COAP_WITH_LIBGNUTLS}>:${GNUTLS_INCLUDE_DIR}>
-         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDTLS_INCLUDE_DIRS}>)
+         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDTLS_INCLUDE_DIRS}>
         $<$<BOOL:${COAP_WITH_LIBWOLFSSL}>:${WOLFSSL_INCLUDE_DIR}>)
 target_link_libraries(
  ${COAP_LIBRARY_NAME}
  PUBLIC $<$<BOOL:${COAP_WITH_LIBOPENSSL}>:OpenSSL::SSL>
@@ -775,6 +810,7 @@ target_link_libraries(
         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDTLS_LIBRARY}>
         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDX509_LIBRARY}>
         $<$<BOOL:${COAP_WITH_LIBMBEDTLS}>:${MBEDCRYPTO_LIBRARY}>
         $<$<BOOL:${COAP_WITH_LIBWOLFSSL}>:${WOLFSSL_LIBRARY}>
         $<$<BOOL:${MINGW}>:ws2_32>)
 target_compile_options(
--- a/7
+++ b/7
@@ -115,6 +115,13 @@ When compiled with Mbed TLS support, this software includes components
 that are licensed under the terms of the Apache 2.0 license
 (http://www.apache.org/licenses/LICENSE-2.0).
 ========================================================================
 wolfSSL
 When compiled with wolfSSL support, this software includes components
 that are licensed under the terms of the GPLv2 license
 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html).
 ========================================================================
 SHA1
--- a/Makefile.am
+++ b/Makefile.am
@@ -36,6 +36,7 @@ EXTRA_DIST = \
  cmake/Config.cmake.in \
  cmake/FindMbedTLS.cmake \
  cmake/FindTinyDTLS.cmake \
  cmake/FindwolfSSL.cmake \
  coap_config.h.contiki \
  coap_config.h.riot \
  coap_config.h.windows \
@@ -219,6 +220,7 @@ libcoap_@LIBCOAP_NAME_SUFFIX@_la_SOURCES = \
  src/coap_time.c \
  src/coap_tinydtls.c \
  src/coap_uri.c \
  src/coap_wolfssl.c \
  src/coap_ws.c
 if COAP_OSCORE_SUPPORT
--- a/README.md
+++ b/README.md
@@ -73,6 +73,8 @@ There is (D)TLS support for the following libraries
 * [Mbed TLS](https://www.trustedfirmware.org/projects/mbed-tls/) (Minimum version 2.7.10) [PKI and PSK]
 * [wolfSSL](https://wolfssl.com) (Minimum version 5.2.0) [PKI, PSK and RPK(5.6.4+)]
 * [TinyDTLS](https://github.com/eclipse/tinydtls) [PSK and RPK] [DTLS Only]
 The examples directory contain a CoAP client, CoAP Resource Directory server
--- a/cmake/FindwolfSSL.cmake
+++ b/cmake/FindwolfSSL.cmake
@@ -0,0 +1,86 @@
 # FindWolfSSL.cmake
 # -----------------
 #
 # Find the wolfSSL library.
 #
 # Imported Targets
 # ^^^^^^^^^^^^^^^^
 #
 # This module defines the following :prop_tgt:`IMPORTED` targets:
 #
 # ``wolfssl``
 #   The wolfSSL library, if found.
 #
 # Result Variables
 # ^^^^^^^^^^^^^^^^
 #
 # This module will set the following variables in your project:
 #
 # ``wolfSSL_FOUND``
 #   System has the wolfSSL library.
 # ``WOLFSSL_INCLUDE_DIR``
 #   The wolfSSL include directory.
 # ``WOLFSSL_LIBRARIES``
 #   All wolfSSL libraries.
 #
 # Hints
 # ^^^^^
 #
 # Set ``WOLFSSL_ROOT_DIR`` to the root directory of a wolfSSL installation.
 if(WOLFSSL_ROOT_DIR)
  set(_WOLFSSL_EXTRA_FIND_ARGS "NO_CMAKE_FIND_ROOT_PATH")
 endif()
 find_path(
  WOLFSSL_INCLUDE_DIR
  NAMES wolfssl/ssl.h
  PATH_SUFFIXES include
  HINTS ${PROJECT_SOURCE_DIR}
        ${CMAKE_CURRENT_BINARY_DIR}
        ${WOLFSSL_ROOT_DIR}
        ${_WOLFSSL_EXTRA_FIND_ARGS})
 find_library(
  WOLFSSL_LIBRARIES
  NAMES wolfssl
  PATH_SUFFIXES lib
  HINTS ${PROJECT_SOURCE_DIR}
        ${CMAKE_CURRENT_BINARY_DIR}
        ${WOLFSSL_ROOT_DIR}
        ${_WOLFSSL_EXTRA_FIND_ARGS})
 if(WOLFSSL_LIBRARIES)
  set(wolfSSL_FOUND TRUE)
 else()
  set(wolfSSL_FOUND FALSE)
  if(wolfSSL_FIND_REQUIRED)
    message(FATAL_ERROR "wolfSSL could not be found")
  endif()
 endif()
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(
  wolfSSL
  FOUND_VAR
  wolfSSL_FOUND
  REQUIRED_VARS
  WOLFSSL_INCLUDE_DIR
  WOLFSSL_LIBRARIES
  VERSION_VAR)
 if(NOT TARGET wolfssl)
  add_library(
    wolfssl
    UNKNOWN
    IMPORTED)
  set_target_properties(
    wolfssl
    PROPERTIES INTERFACE_INCLUDE_DIRECTORIES "${WOLFSSL_INCLUDE_DIR}"
               IMPORTED_LINK_INTERFACE_LANGUAGES "C"
               IMPORTED_LOCATION "${WOLFSSL_LIBRARIES}")
 endif()
 message(STATUS "WOLFSSL_INCLUDE_DIR: ${WOLFSSL_INCLUDE_DIR}")
 message(STATUS "WOLFSSL_LIBRARIES: ${WOLFSSL_LIBRARIES}")
 message(STATUS "WOLFSSL_ROOT_DIR: ${WOLFSSL_ROOT_DIR}")
--- a/cmake_coap_config.h.in
+++ b/cmake_coap_config.h.in
@@ -68,6 +68,9 @@
 /* Define to 1 if the system has openssl */
 #cmakedefine COAP_WITH_LIBOPENSSL @COAP_WITH_LIBOPENSSL@
 /* Define to 1 if the system has wolfSSL */
 #cmakedefine COAP_WITH_WOLFSSL @COAP_WITH_WOLFSSL@
 /* Define to 1 if the system has libgnutls28 */
 #cmakedefine COAP_WITH_LIBGNUTLS @COAP_WITH_LIBGNUTLS@
--- a/configure.ac
+++ b/configure.ac
@@ -366,6 +366,7 @@ AM_CONDITIONAL(BUILD_MANPAGES, [test "x$build_manpages" = "xyes"])
 gnutls_version_required=3.3.0
 openssl_version_required=1.1.0
 mbedtls_version_required=2.7.10
 wolfssl_version_required=5.2.0
 tinydtls_version_required=0.8.6
 AC_ARG_ENABLE([dtls],
@@ -386,6 +387,12 @@ AC_ARG_WITH([openssl],
            [with_openssl="$withval"],
            [with_openssl="no"])
 AC_ARG_WITH([wolfssl],
            [AS_HELP_STRING([--with-wolfssl],
                            [Use wolfSSL for DTLS functions])],
            [with_wolfssl="$withval"],
            [with_wolfssl="no"])
 AC_ARG_WITH([mbedtls],
            [AS_HELP_STRING([--with-mbedtls],
                            [Use Mbed TLS for DTLS functions])],
@@ -404,11 +411,11 @@ AC_ARG_WITH([submodule-tinydtls],
           [with_submodule_tinydtls="$withval"],
           [with_submodule_tinydtls="explicit_fallback"])
-if test "x$with_gnutls" = "xyes" -o "x$with_openssl" = "xyes" -o "x$with_mbedtls" = "xyes" -o "x$with_tinydtls" = "xyes"; then
+if test "x$with_gnutls" = "xyes" -o "x$with_openssl" = "xyes" -o "x$with_wolfssl" = "xyes" -o "x$with_mbedtls" = "xyes" -o "x$with_tinydtls" = "xyes"; then
    if test "x$build_dtls" = "xno"; then
-        # Give an advice that '--with_gnutls', '--with_openssl', '--with-mbedtls' or '--with-tinydtls' was used but
+        # Give an advice that '--with_gnutls', '--with_openssl', '--with_wolfssl', '--with-mbedtls' or '--with-tinydtls' was used but
        # DTLS support isn't configured.
-        AC_MSG_WARN([==> Using the configure options '--with-gnutls', '--with-openssl', '--with-mbedtls' or '--with-tinydtls' without '--enable-dtls' is useless and will be ignored.])
+        AC_MSG_WARN([==> Using the configure options '--with-gnutls', '--with-openssl', '--with_wolfssl', '--with-mbedtls' or '--with-tinydtls' without '--enable-dtls' is useless and will be ignored.])
    fi
 fi
 if test "x$with_submodule_tinydtls" = "xyes"; then
@@ -428,6 +435,9 @@ if test "x$build_dtls" = "xyes"; then
    if test "x$with_openssl" = "xyes"; then
        TLSCOUNT=`expr $TLSCOUNT + 1`
    fi
    if test "x$with_wolfssl" = "xyes"; then
        TLSCOUNT=`expr $TLSCOUNT + 1`
    fi
    if test "x$with_mbedtls" = "xyes"; then
        TLSCOUNT=`expr $TLSCOUNT + 1`
    fi
@@ -452,6 +462,12 @@ if test "x$build_dtls" = "xyes"; then
                      [have_openssl="yes"],
                      [have_openssl="no"])
    # wolfSSL
    PKG_CHECK_MODULES([wolfSSL],
                  [wolfssl],
                  [have_wolfssl="yes"],
                  [have_wolfssl="no"])
    # Mbed TLS [does not have mbedtls.pc pkg-config file]
    AC_CHECK_LIB(mbedtls, mbedtls_version_get_string,
                 [have_mbedtls="yes"; MbedTLS_CFLAGS="" ; MbedTLS_LIBS="-lmbedtls -lmbedcrypto -lmbedx509"],
@@ -511,6 +527,7 @@ if test "x$build_dtls" = "xyes"; then
        gnutls_version=`$PKG_CONFIG --modversion gnutls`
        AX_CHECK_GNUTLS_VERSION
        have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
    fi
@@ -529,6 +546,26 @@ if test "x$build_dtls" = "xyes"; then
        openssl_version=`$PKG_CONFIG --modversion openssl`
        AX_CHECK_OPENSSL_VERSION
        have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
    fi
    # The user wants to use explicit wolfSSL if '--with-wolfssl' was set.
    if test "x$with_wolfssl" = "xyes"; then
        # Some more sanity checking.
        if test "x$have_wolfssl" != "xyes"; then
            AC_MSG_ERROR([==> You want to build libcoap with DTLS support by the wolfSSL library but pkg-config file 'wolfssl.pc' could not be found!
                    Install the package(s) that contains the development files for wolfSSL,
                    or select a different TLS library or disable the DTLS support using '--disable-dtls'.])
        fi
        AC_MSG_NOTICE([The use of wolfSSL was explicitly requested with configure option '--with-wolfssl'!])
        # check for valid wolfSSL version
        wolfssl_version=`$PKG_CONFIG --modversion wolfssl`
        AX_CHECK_WOLFSSL_VERSION
        have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
    fi
@@ -548,6 +585,7 @@ if test "x$build_dtls" = "xyes"; then
        AX_CHECK_MBEDTLS_VERSION
        have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
    fi
@@ -599,6 +637,7 @@ if test "x$build_dtls" = "xyes"; then
        have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
    fi
@@ -611,6 +650,7 @@ if test "x$build_dtls" = "xyes"; then
          AC_MSG_NOTICE([Using auto selected library GnuTLS for DTLS support!])
          with_gnutls_auto="yes"
          have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
@@ -620,10 +660,22 @@ if test "x$build_dtls" = "xyes"; then
          AX_CHECK_OPENSSL_VERSION
          AC_MSG_NOTICE([Using auto selected library OpenSSL for DTLS support!])
          with_openssl_auto="yes"
          have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
      # ... and if not found, check if wolfSSL is suitable.
      elif test "x$have_wolfssl" = "xyes"; then
          wolfssl_version=`$PKG_CONFIG --modversion wolfssl`
          AX_CHECK_WOLFSSL_VERSION
          AC_MSG_NOTICE([Using auto selected library wolfSSL for DTLS support!])
          with_wolfssl_auto="yes"
          have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
      # ... and if not found check Mbed TLS is suitable.
      elif test "x$have_mbedtls" = "xyes"; then
          # Mbed TLS [does not have mbedtls.pc pkg-config file]
@@ -632,6 +684,7 @@ if test "x$build_dtls" = "xyes"; then
          AC_MSG_NOTICE([Using auto selected library Mbed TLS for DTLS support!])
          with_mbedtls_auto="yes"
          have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
          have_tinydtls="no" # don't confuse AC_MSG_RESULT at the end of the script
@@ -643,13 +696,13 @@ if test "x$build_dtls" = "xyes"; then
        have_gnutls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_mbedtls="no" # don't confuse AC_MSG_RESULT at the end of the script
        have_openssl="no" # don't confuse AC_MSG_RESULT at the end of the script
-
+        have_wolfssl="no" # don't confuse AC_MSG_RESULT at the end of the script
      # Note that the TinyDTLS submodule is used only when explicitly requested.
      # Giving out an error message if we haven't found at least one crypto library.
      else
-          AC_MSG_ERROR([==> Option '--enable-dtls' is set but none of the needed cryptography libraries GnuTLS, OpenSSL, Mbed TLS or TinyDTLS could be found!
+          AC_MSG_ERROR([==> Option '--enable-dtls' is set but none of the needed cryptography libraries GnuTLS, OpenSSL, wolfSSL, Mbed TLS or TinyDTLS could be found!
-                        Install at least one of the package(s) that contains the development files for GnuTLS (>= $gnutls_version_required), OpenSSL(>= $openssl_version_required), Mbed TLS(>= $mbedtls_version_required), or TinyDTLS(>= $tinydtls_version_required)
+                        Install at least one of the package(s) that contains the development files for GnuTLS (>= $gnutls_version_required), OpenSSL(>= $openssl_version_required), wolfSSL(>= $wolfssl_version_required), Mbed TLS(>= $mbedtls_version_required), or TinyDTLS(>= $tinydtls_version_required)
                        or disable the DTLS support using '--disable-dtls'.])
      fi
    fi
@@ -665,6 +718,11 @@ if test "x$build_dtls" = "xyes"; then
        DTLS_LIBS="$OpenSSL_LIBS"
        AC_DEFINE(COAP_WITH_LIBOPENSSL, [1], [Define to 1 if the system has libssl1.1.])
    fi
    if test "x$with_wolfssl" = "xyes" -o "x$with_wolfssl_auto" = "xyes"; then
        DTLS_CFLAGS="$wolfSSL_CFLAGS"
        DTLS_LIBS="$wolfSSL_LIBS"
        AC_DEFINE(COAP_WITH_LIBWOLFSSL, [1], [Define to 1 if the system has libwolfssl.])
    fi
    if test "x$with_mbedtls" = "xyes" -o "x$with_mbedtls_auto" = "xyes"; then
        DTLS_CFLAGS="$MbedTLS_CFLAGS"
        DTLS_LIBS="$MbedTLS_LIBS"
@@ -682,6 +740,8 @@ fi
 # Define the Library name extension for the TLS the library was linked against
 if test "x$with_openssl" = "xyes" -o "x$with_openssl_auto" = "xyes"; then
    LIBCOAP_DTLS_LIB_EXTENSION_NAME=-openssl
 elif test "x$with_wolfssl" = "xyes" -o "x$with_wolfssl_auto" = "xyes"; then
    LIBCOAP_DTLS_LIB_EXTENSION_NAME=-wolfssl
 elif test "x$with_gnutls" = "xyes" -o "x$with_gnutls_auto" = "xyes"; then
    LIBCOAP_DTLS_LIB_EXTENSION_NAME=-gnutls
 elif test "x$with_mbedtls" = "xyes" -o "x$with_mbedtls_auto" = "xyes"; then
@@ -1262,6 +1322,12 @@ if test "x$with_openssl" = "xyes" -o "x$with_openssl_auto" = "xyes"; then
    AC_MSG_RESULT([              OPENSSL_CFLAGS         : "$OpenSSL_CFLAGS"])
    AC_MSG_RESULT([              OPENSSL_LIBS           : "$OpenSSL_LIBS"])
 fi
 if test "x$with_wolfssl" = "xyes" -o "x$with_wolfssl_auto" = "xyes"; then
    AC_MSG_RESULT([      build DTLS support             : "yes"])
    AC_MSG_RESULT([         -->  wolfSSL around         : "yes" (found wolfSSL $wolfssl_version)])
    AC_MSG_RESULT([              wolfSSL_CFLAGS         : "$wolfSSL_CFLAGS"])
    AC_MSG_RESULT([              wolfSSL_LIBS           : "$wolfSSL_LIBS"])
 fi
 if test "x$with_mbedtls" = "xyes" -o "x$with_mbedtls_auto" = "xyes"; then
    AC_MSG_RESULT([      build DTLS support             : "yes"])
    AC_MSG_RESULT([         -->  Mbed TLS around        : "yes" (found Mbed TLS $mbedtls_version)])
--- a/doc/main.md
+++ b/doc/main.md
@@ -56,6 +56,8 @@ There is (D)TLS support for the following libraries
 * [Mbed TLS](https://www.trustedfirmware.org/projects/mbed-tls/) (Minimum version 2.7.10) [PKI and PSK]
 * [wolfSSL](https://wolfssl.com) (Minimum version 5.2.0) [PKI, PSK and RPK(5.6.4+)]
 * [TinyDTLS](https://github.com/eclipse/tinydtls) [PSK and RPK] [DTLS Only]
 Documentation
--- a/examples/share.libcoap.examples.Makefile
+++ b/examples/share.libcoap.examples.Makefile
@@ -6,7 +6,8 @@
 # COPYING for terms of use.
 # Set external variable LIBCOAP if you need a specific libcoap library.
-# E.g. libcoap-3-openssl, libcoap-3-gnutls, libcoap-3-mbedtls or libcoap-3-notls
+# E.g. libcoap-3-openssl, libcoap-3-gnutls, libcoap-3-mbedtls, libcoap-3-wolfssl
 # or libcoap-3-notls
 #
 LIBCOAP?=libcoap-3
--- a/include/coap3/coap_asn1_internal.h
+++ b/include/coap3/coap_asn1_internal.h
@@ -86,6 +86,19 @@ coap_asn1_tag_t asn1_tag_c(const uint8_t **ptr, int *constructed, int *cls);
 coap_binary_t *get_asn1_tag(coap_asn1_tag_t ltag, const uint8_t *ptr,
                            size_t tlen, asn1_validate validate);
 /**
 * Abstract SPKI public key from the ASN1.
 *
 * Internal function.
 *
 * @param data Pointer to ASN1 object containing EC Private Key
 * @param size Length of ASN1 object
 *
 * @return The publick key (to be freed off by caller)
 *         or @c NULL if not found
 */
 coap_binary_t *get_asn1_spki(const uint8_t *data, size_t size);
 /** @} */
 #endif /* COAP_ASN1_INTERNAL_H_ */
--- a/include/coap3/coap_dtls.h
+++ b/include/coap3/coap_dtls.h
@@ -96,6 +96,7 @@ typedef enum coap_tls_library_t {
  COAP_TLS_LIBRARY_OPENSSL,   /**< Using OpenSSL library */
  COAP_TLS_LIBRARY_GNUTLS,    /**< Using GnuTLS library */
  COAP_TLS_LIBRARY_MBEDTLS,   /**< Using Mbed TLS library */
  COAP_TLS_LIBRARY_WOLFSSL,   /**< Using wolfSSL library */
 } coap_tls_library_t;
 /**
--- a/m4/ac_check_cryptolibs.m4
+++ b/m4/ac_check_cryptolibs.m4
@@ -69,6 +69,20 @@ AC_DEFUN([AX_CHECK_MBEDTLS_VERSION],
          fi
 ]) dnl AX_CHECK_MBEDTLS_VERSION
 AC_DEFUN([AX_CHECK_WOLFSSL_VERSION],
         [AC_MSG_CHECKING([for compatible wolfSSL version (>= $wolfssl_version_required)])
          AS_VERSION_COMPARE([$wolfssl_version], [$wolfssl_version_required],
                             [AC_MSG_RESULT([no])
                              WOLFSSLV=""],
                             [AC_MSG_RESULT([yes $wolfssl_version])
                              WOLFSSLV="$wolfssl_version"],
                             [AC_MSG_RESULT([yes $wolfssl_version])
                              WOLFSSLV="$wolfssl_version"])
          if test "x$WOLFSSLV" = "x"; then
              AC_MSG_ERROR([==> wolfSSL $wolfssl_version too old. wolfSSL >= $wolfssl_version_required required for suitable DTLS support build.])
          fi
 ]) dnl AX_CHECK_WOLFSSL_VERSION
 AC_DEFUN([AX_CHECK_TINYDTLS_VERSION],
    [AC_MSG_CHECKING([for compatible TinyDTLS version (>= $tinydtls_version_required)])
    AS_VERSION_COMPARE([$tinydtls_version], [$tinydtls_version_required],
--- a/man/coap_address.txt.in
+++ b/man/coap_address.txt.in
@@ -73,6 +73,7 @@ const uint8_t *_host_, size_t _host_len_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_async.txt.in
+++ b/man/coap_async.txt.in
@@ -46,6 +46,7 @@ coap_bin_const_t _token_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_attribute.txt.in
+++ b/man/coap_attribute.txt.in
@@ -31,6 +31,7 @@ coap_str_const_t *_name_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_block.txt.in
+++ b/man/coap_block.txt.in
@@ -51,6 +51,7 @@ size_t _length_, const uint8_t *_data_, size_t _offset_, size_t _total_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_cache.txt.in
+++ b/man/coap_cache.txt.in
@@ -64,6 +64,7 @@ coap_cache_app_data_free_callback_t _callback_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_context.txt.in
+++ b/man/coap_context.txt.in
@@ -61,6 +61,7 @@ size_t _max_token_size_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_deprecated.txt.in
+++ b/man/coap_deprecated.txt.in
@@ -74,6 +74,7 @@ unsigned int _max_sockets_, unsigned int *_num_sockets_, coap_tick_t _now_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_encryption.txt.in
+++ b/man/coap_encryption.txt.in
@@ -29,6 +29,7 @@ SYNOPSIS
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
@@ -40,6 +41,7 @@ When the libcoap library was built, it will have been compiled using a
 specific underlying TLS implementation type (e.g. https://www.openssl.org[OpenSSL],
 https://www.gnutls.org[GnuTLS],
 https://www.trustedfirmware.org/projects/mbed-tls/[Mbed TLS],
 https://wolfssl.com[wolfSSL],
 https://github.com/eclipse/tinydtls[TinyDTLS] or noTLS).
 When the libcoap library is linked into an application, it is possible
 that the application needs to dynamically determine whether DTLS or TLS is
@@ -55,11 +57,20 @@ version is 1.1.0.
 *NOTE:* If Mbed TLS is being used, then the minimum Mbed TLS library version is
 2.7.10.
 *NOTE:* If wolfSSL is being used, then the minimum wolfSSL library version is
 5.2.0.
 *NOTE:* If GnuTLS is going to interoperate with TinyDTLS, then a minimum
 revision of GnuTLS 3.5.5 which supports CCM algorithms is required
 by TinyDTLS as TinyDTLS currently only supports CCM.
 *NOTE:* If wolfSSL is going to interoperate with TinyDTLS, then the library
 needs to be build with
 './configure CFLAGS="-DBUILD_TLS_PSK_WITH_AES_128_CCM"'
 as TinyDTLS currently only supports CCM.
 *NOTE:* For Raw Public Key support, GnuTLS library version must be 3.6.6 or
 later. For Raw Public Key support, wolfSSL library version must be 5.6.4 or
 later. TinyDTLS only supports TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, curve
 secp256r1 and hash SHA-256.  There currently is no OpenSSL or Mbed TLS RPK support
 (respective library limitations).
--- a/man/coap_endpoint_client.txt.in
+++ b/man/coap_endpoint_client.txt.in
@@ -41,6 +41,7 @@ _proto_, coap_dtls_pki_t *_setup_data_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_endpoint_server.txt.in
+++ b/man/coap_endpoint_server.txt.in
@@ -50,6 +50,7 @@ const char *_groupname_, const char *_ifname_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_handler.txt.in
+++ b/man/coap_handler.txt.in
@@ -44,6 +44,7 @@ coap_event_handler_t _handler_)*;
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_init.txt.in
+++ b/man/coap_init.txt.in
@@ -26,6 +26,7 @@ SYNOPSIS
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_io.txt.in
+++ b/man/coap_io.txt.in
@@ -53,6 +53,7 @@ size_t _nevents_)*;
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_keepalive.txt.in
+++ b/man/coap_keepalive.txt.in
@@ -24,6 +24,7 @@ unsigned int _seconds_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_locking.txt.in
+++ b/man/coap_locking.txt.in
@@ -48,6 +48,7 @@ coap_code_t _failed_statement_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_logging.txt.in
+++ b/man/coap_logging.txt.in
@@ -100,6 +100,7 @@ char *_buffer_, size_t _length_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_observe.txt.in
+++ b/man/coap_observe.txt.in
@@ -35,6 +35,7 @@ coap_pdu_type_t _message_type_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_oscore.txt.in
+++ b/man/coap_oscore.txt.in
@@ -60,6 +60,7 @@ coap_oscore_conf_t *_oscore_conf_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_pdu_access.txt.in
+++ b/man/coap_pdu_access.txt.in
@@ -77,6 +77,7 @@ coap_opt_iterator_t *_oi_, const coap_opt_filter_t *_filter_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_pdu_setup.txt.in
+++ b/man/coap_pdu_setup.txt.in
@@ -97,6 +97,7 @@ uint8_t *_buffer_, size_t *_buflen_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_persist.txt.in
+++ b/man/coap_persist.txt.in
@@ -46,6 +46,7 @@ uint32_t _start_observe_no_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_recovery.txt.in
+++ b/man/coap_recovery.txt.in
@@ -97,6 +97,7 @@ uint32_t _value_)*;
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_resource.txt.in
+++ b/man/coap_resource.txt.in
@@ -65,6 +65,7 @@ coap_resource_release_userdata_handler_t _callback_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_session.txt.in
+++ b/man/coap_session.txt.in
@@ -77,6 +77,7 @@ const coap_session_t *_session_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
@@ -199,6 +200,7 @@ of the _session_.
 OpenSSL:  SSL*
 GnuTLS:   gnutls_session_t (implicit *)
 Mbed TLS: mbedtls_ssl_context*
 wolfSSL:  WOLFSSL*
 TinyDTLS: struct dtls_context*
 ----
--- a/man/coap_string.txt.in
+++ b/man/coap_string.txt.in
@@ -56,6 +56,7 @@ SYNOPSIS
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/man/coap_tls_library.txt.in
+++ b/man/coap_tls_library.txt.in
@@ -53,6 +53,7 @@ SYNOPSIS
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
@@ -62,6 +63,7 @@ When the libcoap library was built, it will have been compiled using a
 specific TLS implementation type (e.g. https://www.openssl.org[OpenSSL],
 https://www.gnutls.org[GnuTLS],
 https://www.trustedfirmware.org/projects/mbed-tls/[Mbed TLS],
 https://wolfssl.com[wolfSSL],
 https://github.com/eclipse/tinydtls[TinyDTLS] or noTLS).
 When the libcoap library is linked into an application, it is possible that
 the application needs to dynamically determine whether DTLS or TLS is
@@ -139,6 +141,7 @@ typedef enum coap_tls_library_t {
  COAP_TLS_LIBRARY_OPENSSL,   /* Using OpenSSL library */
  COAP_TLS_LIBRARY_GNUTLS,    /* Using GnuTLS library */
  COAP_TLS_LIBRARY_MBEDTLS,   /* Using Mbed TLS library */
  COAP_TLS_LIBRARY_WOLFSSL,   /* Using wolfSSL library */
 } coap_tls_library_t;
 typedef struct coap_tls_version_t {
--- a/man/coap_uri.txt.in
+++ b/man/coap_uri.txt.in
@@ -42,6 +42,7 @@ int _create_port_host_opt_, uint8_t *_buf_, size_t _buflen_);*
 For specific (D)TLS library support, link with
 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
 *-lcoap-@LIBCOAP_API_VERSION@-wolfssl*,
 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*.   Otherwise, link with
 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -17,6 +17,8 @@ case "x${TLS}" in
               ;;
    xmbedtls)  WITH_TLS="--with-mbedtls"
               ;;
    xwolfssl)  WITH_TLS="--with-wolfssl"
               ;;
    xtinydtls) WITH_TLS="--with-tinydtls"
               # Need this as libtinydtls.so has not been installed
               # as a part of the travis build
--- a/scripts/dist.sh
+++ b/scripts/dist.sh
@@ -35,6 +35,8 @@ case "x${TLS}" in
               ;;
    xmbedtls)  WITH_TLS="--with-mbedtls"
               ;;
    xwolfssl)  WITH_TLS="--with-wolfssl"
               ;;
    xtinydtls) WITH_TLS="--with-tinydtls --disable-shared"
               ;;
    *)         WITH_TLS="--with-gnutls"
--- a/src/coap_asn1.c
+++ b/src/coap_asn1.c
@@ -100,3 +100,51 @@ get_asn1_tag(coap_asn1_tag_t ltag, const uint8_t *ptr, size_t tlen,
  }
  return NULL;
 }
 /* first part of Raw public key, this is the start of the Subject Public Key */
 static const unsigned char cert_asn1_header1[] = {
  0x30, 0x59, /* SEQUENCE, length 89 bytes */
  0x30, 0x13, /* SEQUENCE, length 19 bytes */
  0x06, 0x07, /* OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) */
  0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
 };
 /* PrimeX will get inserted */
 #if 0
 0x06, 0x08, /* OBJECT IDENTIFIER prime256v1 (1 2 840 10045 3 1 7) */
      0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07,
 #endif
 static const unsigned char cert_asn1_header2[] = {
  0x03, 0x42, /* BIT STRING, length 66 bytes */
  /* Note: 0 bits (0x00) and no compression (0x04) are already in the certificate */
 };
 coap_binary_t *
 get_asn1_spki(const uint8_t *data, size_t size) {
  coap_binary_t *pub_key = get_asn1_tag(COAP_ASN1_BITSTRING, data, size, NULL);
  coap_binary_t *prime = get_asn1_tag(COAP_ASN1_IDENTIFIER, data, size, NULL);
  coap_binary_t *spki = NULL;
  if (pub_key && prime) {
    size_t header_size = sizeof(cert_asn1_header1) +
                         2 +
                         prime->length +
                         sizeof(cert_asn1_header2);
    spki = coap_new_binary(header_size + pub_key->length);
    if (spki) {
      memcpy(&spki->s[header_size], pub_key->s, pub_key->length);
      memcpy(spki->s, cert_asn1_header1, sizeof(cert_asn1_header1));
      spki->s[sizeof(cert_asn1_header1)] = COAP_ASN1_IDENTIFIER;
      spki->s[sizeof(cert_asn1_header1)+1] = (uint8_t)prime->length;
      memcpy(&spki->s[sizeof(cert_asn1_header1)+2],
             prime->s, prime->length);
      memcpy(&spki->s[sizeof(cert_asn1_header1)+2+prime->length],
             cert_asn1_header2, sizeof(cert_asn1_header2));
      spki->length = header_size + pub_key->length;
    }
  }
  if (pub_key)
    coap_delete_binary(pub_key);
  if (prime)
    coap_delete_binary(prime);
  return spki;
 }
--- a/src/coap_debug.c
+++ b/src/coap_debug.c
@@ -1216,6 +1216,16 @@ coap_string_tls_version(char *buffer, size_t bufsize) {
             (unsigned long)((tls_version->built_version >> 16) & 0xff),
             (unsigned long)((tls_version->built_version >> 8) & 0xff));
    break;
  case COAP_TLS_LIBRARY_WOLFSSL:
    snprintf(buffer, bufsize, "TLS Library: wolfSSL - runtime %lu.%lu.%lu, "
             "libcoap built for %lu.%lu.%lu",
             (unsigned long)(tls_version->version >> 24),
             (unsigned long)((tls_version->version >> 12) & 0xfff),
             (unsigned long)((tls_version->version >> 0) & 0xfff),
             (unsigned long)(tls_version->built_version >> 24),
             (unsigned long)((tls_version->built_version >> 12) & 0xfff),
             (unsigned long)((tls_version->built_version >> 0) & 0xfff));
    break;
  default:
    snprintf(buffer, bufsize, "Library type %d unknown", tls_version->type);
    break;
--- a/src/coap_gnutls.c
+++ b/src/coap_gnutls.c
@@ -983,60 +983,6 @@ pin_callback(void *user_data, int attempt,
  }
  return -1;
 }
 #if (GNUTLS_VERSION_NUMBER >= 0x030606)
 /* first part of Raw public key, this is the start of the Subject Public Key */
 static const unsigned char cert_asn1_header1[] = {
  0x30, 0x59, /* SEQUENCE, length 89 bytes */
  0x30, 0x13, /* SEQUENCE, length 19 bytes */
  0x06, 0x07, /* OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) */
  0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
 };
 /* PrimeX will get inserted */
 #if 0
 0x06, 0x08, /* OBJECT IDENTIFIER prime256v1 (1 2 840 10045 3 1 7) */
      0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07,
 #endif
 static const unsigned char cert_asn1_header2[] = {
  0x03, 0x42, /* BIT STRING, length 66 bytes */
  /* Note: 0 bits (0x00) and no compression (0x04) are already in the certificate */
 };
 static gnutls_datum_t *
 get_asn1_spki(const uint8_t *data, size_t size) {
  coap_binary_t *pub_key = get_asn1_tag(COAP_ASN1_BITSTRING, data, size, NULL);
  coap_binary_t *prime = get_asn1_tag(COAP_ASN1_IDENTIFIER, data, size, NULL);
  gnutls_datum_t *spki = NULL;
  if (pub_key && prime) {
    size_t header_size = sizeof(cert_asn1_header1) +
                         2 +
                         prime->length +
                         sizeof(cert_asn1_header2);
    uint8_t *tmp = gnutls_malloc(sizeof(gnutls_datum_t) +
                                 header_size +
                                 pub_key->length);
    if (tmp) {
      spki = (gnutls_datum_t *)tmp;
      spki->data = &tmp[sizeof(gnutls_datum_t)];
      memcpy(&spki->data[header_size], pub_key->s, pub_key->length);
      memcpy(spki->data, cert_asn1_header1, sizeof(cert_asn1_header1));
      spki->data[sizeof(cert_asn1_header1)] = COAP_ASN1_IDENTIFIER;
      spki->data[sizeof(cert_asn1_header1)+1] = prime->length;
      memcpy(&spki->data[sizeof(cert_asn1_header1)+2],
             prime->s, prime->length);
      memcpy(&spki->data[sizeof(cert_asn1_header1)+2+prime->length],
             cert_asn1_header2, sizeof(cert_asn1_header2));
      spki->size = header_size + pub_key->length;
    }
  }
  if (pub_key)
    coap_delete_binary(pub_key);
  if (prime)
    coap_delete_binary(prime);
  return spki;
 }
 #endif /* GNUTLS_VERSION_NUMBER >= 0x030606 */
 /*
 * return 0   Success (GNUTLS_E_SUCCESS)
@@ -1145,12 +1091,16 @@ setup_pki_credentials(gnutls_certificate_credentials_t *pki_credentials,
          if (gnutls_pem_base64_decode2("EC PRIVATE KEY", &key,
                                        &der_private) == 0) {
-            gnutls_datum_t *spki = get_asn1_spki(der_private.data,
+            coap_binary_t *spki = get_asn1_spki(der_private.data,
-                                                 der_private.size);
+                                                der_private.size);
            if (spki) {
              gnutls_datum_t tspki;
              tspki.data = spki->s;
              tspki.size = spki->length;
              ret = gnutls_certificate_set_rawpk_key_mem(*pki_credentials,
-                                                         spki,
+                                                         &tspki,
                                                         &der_private,
                                                         GNUTLS_X509_FMT_DER, NULL,
                                                         COAP_GNUTLS_KEY_RPK,
@@ -1158,7 +1108,7 @@ setup_pki_credentials(gnutls_certificate_credentials_t *pki_credentials,
              if (ret >= 0) {
                have_done_key = 1;
              }
-              gnutls_free(spki);
+              coap_delete_binary(spki);
            }
            gnutls_free(der_private.data);
          }
@@ -1256,12 +1206,16 @@ setup_pki_credentials(gnutls_certificate_credentials_t *pki_credentials,
        int have_done_key = 0;
        if (setup_data->pki_key.key.asn1.private_key_type ==
            COAP_ASN1_PKEY_EC) {
-          gnutls_datum_t *spki = get_asn1_spki(key.data,
+          coap_binary_t *spki = get_asn1_spki(key.data,
-                                               key.size);
+                                              key.size);
          if (spki) {
            gnutls_datum_t tspki;
            tspki.data = spki->s;
            tspki.size = spki->length;
            ret = gnutls_certificate_set_rawpk_key_mem(*pki_credentials,
-                                                       spki,
+                                                       &tspki,
                                                       &key,
                                                       GNUTLS_X509_FMT_DER, NULL,
                                                       COAP_GNUTLS_KEY_RPK,
@@ -1269,7 +1223,7 @@ setup_pki_credentials(gnutls_certificate_credentials_t *pki_credentials,
            if (ret >= 0) {
              have_done_key = 1;
            }
-            gnutls_free(spki);
+            coap_delete_binary(spki);
          }
        }
        if (!have_done_key) {
--- a/src/coap_notls.c
+++ b/src/coap_notls.c
@@ -17,7 +17,7 @@
 #include "coap3/coap_internal.h"
-#if !defined(COAP_WITH_LIBTINYDTLS) && !defined(COAP_WITH_LIBOPENSSL) && !defined(COAP_WITH_LIBGNUTLS) && !defined(COAP_WITH_LIBMBEDTLS)
+#if !defined(COAP_WITH_LIBTINYDTLS) && !defined(COAP_WITH_LIBOPENSSL) && !defined(COAP_WITH_LIBWOLFSSL) && !defined(COAP_WITH_LIBGNUTLS) && !defined(COAP_WITH_LIBMBEDTLS)
 int
 coap_dtls_is_supported(void) {
@@ -400,7 +400,7 @@ coap_crypto_hmac(cose_hmac_alg_t hmac_alg,
 #endif /* COAP_OSCORE_SUPPORT */
-#else /* !COAP_WITH_LIBTINYDTLS && !COAP_WITH_LIBOPENSSL && !COAP_WITH_LIBGNUTLS */
+#else /* !COAP_WITH_LIBTINYDTLS && !COAP_WITH_LIBOPENSSL && !COAP_WITH_LIBWOLFSSL && !COAP_WITH_LIBGNUTLS */
 #ifdef __clang__
 /* Make compilers happy that do not like empty modules. As this function is
@@ -412,4 +412,4 @@ static inline void
 dummy(void) {
 }
-#endif /* !COAP_WITH_LIBTINYDTLS && !COAP_WITH_LIBOPENSSL && !COAP_WITH_LIBGNUTLS && !COAP_WITH_LIBMBEDTLS */
+#endif /* !COAP_WITH_LIBTINYDTLS && !COAP_WITH_LIBOPENSSL && !COAP_WITH_LIBWOLFSSL && !COAP_WITH_LIBGNUTLS && !COAP_WITH_LIBMBEDTLS */
--- a/src/coap_sha1.c
+++ b/src/coap_sha1.c
@@ -65,7 +65,7 @@
 #include "coap3/coap_internal.h"
-#if COAP_WS_SUPPORT && !defined(COAP_WITH_LIBOPENSSL) && !defined(COAP_WITH_LIBGNUTLS) && !defined(COAP_WITH_LIBMBEDTLS)
+#if COAP_WS_SUPPORT && !defined(COAP_WITH_LIBOPENSSL) && !defined(COAP_WITH_LIBGNUTLS) && !defined(COAP_WITH_LIBMBEDTLS) && !defined(COAP_WITH_LIBWOLFSSL)
 /*
 *  Define the SHA1 circular left shift macro
 */
--- a/src/coap_wolfssl.c
+++ b/src/coap_wolfssl.c
--- a/tests/test_tls.c
+++ b/tests/test_tls.c
@@ -34,6 +34,12 @@
 #include <openssl/ssl.h>
 #endif /* COAP_WITH_LIBOPENSSL */
 #ifdef COAP_WITH_LIBWOLFSSL
 #define HAVE_DTLS 1
 #include <wolfssl/options.h>
 #include <wolfssl/ssl.h>
 #endif /* COAP_WITH_LIBWOLFSSL */
 #ifdef COAP_WITH_LIBGNUTLS
 #define HAVE_DTLS 1
 #include <gnutls/gnutls.h>
@@ -64,6 +70,9 @@ t_tls2(void) {
 #if defined(COAP_WITH_LIBOPENSSL)
  version.version = SSLeay();
  version.type = COAP_TLS_LIBRARY_OPENSSL;
 #elif defined(COAP_WITH_LIBWOLFSSL)
  version.version = wolfSSL_lib_version_hex();
  version.type = COAP_TLS_LIBRARY_WOLFSSL;
 #elif defined(COAP_WITH_LIBTINYDTLS)
  const char *vers = dtls_package_version();
  version.version = 0;
--- a/win32/libcoap.vcxproj
+++ b/win32/libcoap.vcxproj
@@ -71,6 +71,7 @@
    <ClCompile Include="..\src\coap_threadsafe.c" />
    <ClCompile Include="..\src\coap_tinydtls.c" />
    <ClCompile Include="..\src\coap_uri.c" />
    <ClCompile Include="..\src\coap_wolfssl.c" />
    <ClCompile Include="..\src\coap_ws.c" />
    <ClCompile Include="..\src\oscore\oscore.c" />
    <ClCompile Include="..\src\oscore\oscore_cbor.c" />
--- a/win32/libcoap.vcxproj.filters
+++ b/win32/libcoap.vcxproj.filters
@@ -107,6 +107,9 @@
    <ClCompile Include="..\src\coap_uri.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="..\src\coap_wolfssl.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="..\src\coap_ws.c">
      <Filter>Source Files</Filter>
    </ClCompile>