Add test for CRL with invalid GeneralizedTime length of 13 characters

Co-Authored-By: Anthony H <anthony@wolfssl.com>

.codespellexcludelines

@@ -0,0 +1,18 @@
+###############################################################################
+# In this file, you should add the line of the file that needs to be ignored.
+# The line should be exactly as it appears in the file.
+###############################################################################
+        0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
+        0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
+        0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
+static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
+rsource "Kconfig.tls-generic"
+        /* Loop over authenticated associated data AD1..ADn */
+  /* no easy answer [c'est la vie].  Just division */
+    const uint8_t* hashIn, int hashSz)
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
+\pagenumbering{alph}
+    DES3_KEY_SIZE       = 24,  /* 3 des ede               */
+/* functions added to support above needed, removed TOOM and KARATSUBA */

.cyignore

@@ -0,0 +1,40 @@
+# wolfSSL folders
+$(SEARCH_wolfssl)/IDE
+$(SEARCH_wolfssl)/examples
+$(SEARCH_wolfssl)/linuxkm
+$(SEARCH_wolfssl)/mcapi
+$(SEARCH_wolfssl)/mplabx
+$(SEARCH_wolfssl)/mqx
+$(SEARCH_wolfssl)/tirtos
+$(SEARCH_wolfssl)/tests
+$(SEARCH_wolfssl)/testsuite
+$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
+$(SEARCH_wolfssl)/zephyr
+
+# wolfSSL files
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
+
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S

.editorconfig

@@ -0,0 +1,10 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -6,8 +6,10 @@ body:
   - type: markdown
     attributes:
       value: >
-        Thanks for reporting an bug. If you would prefer a private method,
-        please email support@wolfssl.com
+        Thanks for reporting a bug. If you would prefer a private method,
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: contact
     attributes:

.github/ISSUE_TEMPLATE/other.yaml

@@ -6,7 +6,9 @@ body:
     attributes:
       value: >
         Thanks for reporting an issue. If you would prefer a private method,
-        please email support@wolfssl.com
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: version
     attributes:

.github/SECURITY.md

@@ -6,7 +6,7 @@ If you discover a vulnerability, please report it to support@wolfssl.com
 
  1. Include a detailed description
  2. Include method to reproduce and/or method of discovery
- 3. We will evaulate the report promptly and respond to you with findings.
+ 3. We will evaluate the report promptly and respond to you with findings.
  4. We will credit you with the report if you would like.
 
 **Please keep the vulnerability private** until a fix has been released.

.github/workflows/async.yml

@@ -0,0 +1,45 @@
+name: Async Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-asynccrypt --enable-all --enable-dtls13',
+          '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2',
+          '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL async
+        run: |
+          ./async-check.sh install
+          ./configure ${{ matrix.config }}
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi

.github/workflows/bind.yml

@@ -0,0 +1,93 @@
+name: bind9 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-bind
+          path: build-dir.tgz
+          retention-days: 5
+
+  bind_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 9.18.0, 9.18.28 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-bind
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout bind9
+        uses: actions/checkout@v4
+        with:
+          repository: isc-projects/bind9
+          path: bind
+          ref: v${{ matrix.ref }}
+
+      - name: Build and test bind9
+        working-directory: bind
+        run: |
+          export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig
+          patch -p1 < $GITHUB_WORKSPACE/osp/bind9/${{ matrix.ref }}.patch
+          autoreconf -ivf
+          ./configure --with-wolfssl
+          sed -i 's/SUBDIRS = system//g' bin/tests/Makefile # remove failing tests
+          make -j V=1
+          make -j V=1 check

.github/workflows/cmake.yml

@@ -0,0 +1,108 @@
+name: WolfSSL CMake Build Tests
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+# pull wolfSSL
+    - uses: actions/checkout@master
+
+# install cmake
+    - name: Install cmake
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y cmake
+
+# pull wolfssl
+    - name: Checkout wolfssl
+      uses: actions/checkout@master
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+# build wolfssl
+    - name: Build wolfssl
+      working-directory: ./wolfssl
+      run: |
+        mkdir build
+        cd build
+        cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
+            -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
+            -DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
+            -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
+            -DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
+            -DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
+            -DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
+            -DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
+            -DWOLFSSL_CERTREQ:BOOL=yes -DWOLFSSL_CHACHA:STRING=yes -DWOLFSSL_CMAC:BOOL=yes \
+            -DWOLFSSL_CODING:BOOL=yes -DWOLFSSL_CONFIG_H:BOOL=yes -DWOLFSSL_CRL:STRING=yes \
+            -DWOLFSSL_CRYPTOCB:BOOL=yes -DWOLFSSL_CRYPTOCB_NO_SW_TEST:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS:BOOL=yes -DWOLFSSL_CRYPT_TESTS_HELP:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS_LIBS:BOOL=no -DWOLFSSL_CURL:BOOL=yes -DWOLFSSL_CURVE25519:STRING=yes \
+            -DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
+            -DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
+            -DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
+            -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
+            -DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
+            -DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
+            -DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
+            -DWOLFSSL_ERROR_STRINGS:BOOL=yes -DWOLFSSL_EXAMPLES:BOOL=yes -DWOLFSSL_EXPERIMENTAL:BOOL=yes \
+            -DWOLFSSL_EXTENDED_MASTER:BOOL=yes -DWOLFSSL_EX_DATA:BOOL=yes -DWOLFSSL_FAST_MATH:BOOL=no \
+            -DWOLFSSL_FILESYSTEM:BOOL=yes -DWOLFSSL_HARDEN:BOOL=yes -DWOLFSSL_HASH_DRBG:BOOL=yes \
+            -DWOLFSSL_HKDF:BOOL=yes -DWOLFSSL_HPKE:BOOL=yes -DWOLFSSL_HRR_COOKIE:STRING=yes \
+            -DWOLFSSL_INLINE:BOOL=yes -DWOLFSSL_INSTALL:BOOL=yes -DWOLFSSL_IP_ALT_NAME:BOOL=ON \
+            -DWOLFSSL_KEYGEN:BOOL=yes -DWOLFSSL_KEYING_MATERIAL:BOOL=ON \
+            -DWOLFSSL_MD4:BOOL=ON -DWOLFSSL_MD5:BOOL=yes -DWOLFSSL_MEMORY:BOOL=yes -DWOLFSSL_NO_STUB:BOOL=no \
+            -DWOLFSSL_OAEP:BOOL=yes -DWOLFSSL_OCSP:BOOL=yes -DWOLFSSL_OCSPSTAPLING:BOOL=ON \
+            -DWOLFSSL_OCSPSTAPLING_V2:BOOL=ON -DWOLFSSL_OLD_NAMES:BOOL=yes -DWOLFSSL_OLD_TLS:BOOL=yes \
+            -DWOLFSSL_OPENSSLALL:BOOL=yes -DWOLFSSL_OPENSSLEXTRA:BOOL=ON -DWOLFSSL_OPTFLAGS:BOOL=yes \
+            -DWOLFSSL_OQS:BOOL=no -DWOLFSSL_PKCALLBACKS:BOOL=yes -DWOLFSSL_PKCS12:BOOL=yes \
+            -DWOLFSSL_PKCS7:BOOL=yes -DWOLFSSL_POLY1305:BOOL=yes -DWOLFSSL_POSTAUTH:BOOL=yes \
+            -DWOLFSSL_PWDBASED:BOOL=yes -DWOLFSSL_QUIC:BOOL=yes -DWOLFSSL_REPRODUCIBLE_BUILD:BOOL=no \
+            -DWOLFSSL_RNG:BOOL=yes -DWOLFSSL_RSA:BOOL=yes -DWOLFSSL_RSA_PSS:BOOL=yes \
+            -DWOLFSSL_SESSION_TICKET:BOOL=ON -DWOLFSSL_SHA:BOOL=yes -DWOLFSSL_SHA224:BOOL=yes \
+            -DWOLFSSL_SHA3:STRING=yes -DWOLFSSL_SHA384:BOOL=yes -DWOLFSSL_SHA512:BOOL=yes \
+            -DWOLFSSL_SHAKE128:STRING=yes -DWOLFSSL_SHAKE256:STRING=yes -DWOLFSSL_SINGLE_THREADED:BOOL=no \
+            -DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
+            -DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
+            -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
+            -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
+            -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
+            -DWOLFSSL_X963KDF:BOOL=yes \
+            -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
+            ..
+        cmake --build .
+        ctest -j $(nproc)
+        cmake --install .
+
+        # clean up
+        cd ..
+        rm -rf build
+
+        # Kyber Cmake broken
+        # -DWOLFSSL_KYBER:BOOL=yes
+
+# build "lean-tls" wolfssl
+    - name: Build wolfssl with lean-tls
+      working-directory: ./wolfssl
+      run: |
+        mkdir build
+        cd build
+        cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWOLFSSL_LEAN_TLS:BOOL=yes \
+            ..
+        cmake --build .
+        cmake --install .
+
+        # clean up
+        cd ..
+        rm -rf build

.github/workflows/codespell.yml

@@ -0,0 +1,30 @@
+name: Codespell test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  codespell:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: codespell-project/actions-codespell@v2.1
+      with:
+        check_filenames: true
+        check_hidden: true
+          # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
+        ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
+          # The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
+        exclude_file: '.codespellexcludelines'
+          # To skip files entirely from being processed, add it to the following list:
+        skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked'

.github/workflows/coverity-scan-fixes.yml

@@ -0,0 +1,53 @@
+name: Coverity Scan master branch
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1-5'
+    - cron: '0 0 * * 0'
+    - cron: '0 12 * * 0'
+
+jobs:
+  coverity:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: master
+
+    - name: Configure wolfSSL with enable-all M-F
+      if: github.event.schedule == '0 0 * * 1-5'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all
+
+    - name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
+      if: github.event.schedule == '0 0 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all --enable-smallstack
+
+    - name: Configure wolfSSL with bigendian Sun at 12:00
+      if: github.event.schedule == '0 12 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
+
+    - name: Check secrets
+      env:
+        token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
+      run: |
+        token_len=${#token_var}
+        echo "$token_len"
+        email_len=${#email_var}
+        echo "$email_len"
+
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        build_language: 'cxx'
+        project: "wolfSSL/wolfssl"
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        command: "make"

.github/workflows/curl.yml

@@ -0,0 +1,76 @@
+name: curl Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-curl
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-curl
+          path: build-dir.tgz
+          retention-days: 5
+
+  test_curl:
+    name: ${{ matrix.curl_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 15
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        curl_ref: [ 'master', 'curl-8_4_0' ]
+    steps:
+    - name: Install test dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
+
+    - name: Download lib
+      uses: actions/download-artifact@v4
+      with:
+        name: wolf-install-curl
+
+    - name: untar build-dir
+      run: tar -xf build-dir.tgz
+
+    - name: Build curl
+      uses: wolfSSL/actions-build-autotools-project@v1
+      with:
+        repository: curl/curl
+        path: curl
+        ref: ${{ matrix.curl_ref }}
+        configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+        check: false
+
+    - name: Test curl
+      working-directory: curl
+      run: make -j $(nproc) test-ci

.github/workflows/cyrus-sasl.yml

@@ -0,0 +1,105 @@
+name: cyrus-sasl Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-sasl
+          path: build-dir.tgz
+          retention-days: 5
+
+  sasl_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.1.28 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
+            libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-sasl
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout sasl
+        uses: actions/checkout@v4
+        with:
+          repository: cyrusimap/cyrus-sasl
+          ref: cyrus-sasl-${{ matrix.ref }}
+          path: sasl
+
+      - name: Build cyrus-sasl
+        working-directory: sasl
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/${{ matrix.ref }}.patch
+          autoreconf -ivf
+          ./configure --with-openssl=no --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-dblib=berkeley --disable-shared
+          # Need to run 'make' twice with '--disable-shared' for some reason
+          make -j || make -j
+
+      - name: Run testsuite
+        working-directory: sasl
+        run: |
+          make -j -C utils testsuite saslpasswd2
+          # Retry up to five times
+          for i in {1..5}; do
+             TEST_RES=0
+             $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$?
+             if [ "$TEST_RES" -eq "0" ]; then
+                break
+             fi
+          done

.github/workflows/disabled/haproxy.yml

@@ -0,0 +1,60 @@
+name: HaProxy Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  haproxy_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of refs to test
+        ref: [ master ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-quic --enable-haproxy
+          install: true
+
+      - name: Checkout VTest
+        uses: actions/checkout@v4
+        with:
+          repository: vtest/VTest
+          path: VTest
+
+      - name: Build VTest
+        working-directory: VTest
+        # Special flags due to: https://github.com/vtest/VTest/issues/12
+        run: make FLAGS='-O2 -s -Wall'
+
+      - name: Checkout HaProxy
+        uses: actions/checkout@v4
+        with:
+          repository: haproxy/haproxy
+          path: haproxy
+          ref: ${{ matrix.ref }}
+
+      - name: Build HaProxy
+        working-directory: haproxy
+        run: >-
+          make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
+          USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
+          SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+
+      - name: Test HaProxy
+        working-directory: haproxy
+        run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest

.github/workflows/disabled/hitch.yml

@@ -0,0 +1,110 @@
+name: hitch Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-hitch
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-hitch
+          path: build-dir.tgz
+          retention-days: 5
+
+  hitch_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 1.7.3
+            ignore-tests: >-
+              test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-hitch
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
+
+      - name: Checkout hitch
+        uses: actions/checkout@v4
+        with:
+          repository: varnish/hitch
+          ref: 1.7.3
+          path: hitch
+
+      # Do this before configuring so that it only detects the updated list of
+      # tests
+      - if: ${{ matrix.ignore-tests }}
+        name: Remove tests that we want to ignore
+        working-directory: ./hitch/src/tests
+        run: |
+          rm ${{ matrix.ignore-tests }}
+
+      - name: Configure and build hitch
+        run: |
+            cd $GITHUB_WORKSPACE/hitch/
+            patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.7.3.patch
+            autoreconf -ivf
+            SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --enable-silent-rules --enable-documentation --enable-warnings --with-lex --with-yacc --prefix=$GITHUB_WORKSPACE/build-dir
+            make -j$(nproc)
+
+      - name: Confirm hitch built with wolfSSL
+        working-directory: ./hitch
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ldd src/hitch | grep wolfssl
+
+      - name: Run hitch tests, skipping ignored tests
+        working-directory: ./hitch
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          make check

.github/workflows/disabled/hostap.yml

@@ -0,0 +1,294 @@
+name: hostap and wpa-supplicant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    strategy:
+      matrix:
+        include:
+          - build_id: hostap-build1
+            wolf_extra_config: --disable-tls13
+          - build_id: hostap-build2
+            wolf_extra_config: --enable-brainpool --enable-wpas-dpp
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-20.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA
+            ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.build_id }}
+          path: build-dir
+          retention-days: 5
+
+  # Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
+  hostap_test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # should hostapd be compiled with wolfssl
+        hostapd: [true, false]
+        # should wpa_supplicant be compiled with wolfssl
+        wpa_supplicant: [true, false]
+        # Fix the versions of hostap and osp to not break testing when a new
+        # patch is added in to osp. hostap_cherry_pick is used to apply the
+        # commit that updates the certificates used for testing. Tests are read
+        # from the corresponding configs/hostap_ref/tests file.
+        config: [
+          {
+            hostap_ref: hostap_2_10,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
+            remove_teap: true,
+            # TLS 1.3 does not work for this version
+            build_id: hostap-build1,
+          },
+          # Test the dpp patch
+          {
+            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
+            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+            build_id: hostap-build2
+          },
+        ]
+        # parallelize the tests to be able to run all tests within 10 minutes
+        # Update the <total server> in the ./run-tests.py step when changing.
+        server: [1, 2, 3, 4, 5]
+        exclude:
+          # don't test openssl on both sides
+          - hostapd: false
+            wpa_supplicant: false
+          # no hostapd support for dpp yet
+          - hostapd: true
+            config: {
+              hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+              osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+              build_id: hostap-build2
+            }
+    name: hwsim test
+    if: github.repository_owner == 'wolfssl'
+    # For openssl 1.1
+    runs-on: ubuntu-20.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 12
+    needs: build_wolfssl
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
+            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
+            libnl-route-3-dev libdbus-1-dev linux-modules-extra-`uname -r` \
+            bridge-utils
+          sudo pip3 install pycryptodome
+
+      - name: Enable mac80211
+        run: |
+          sudo modprobe mac80211
+          lsmod | grep mac80211
+
+      - if: ${{ runner.debug }}
+        name: Enable hostap debug logging
+        run: |
+          echo "hostap_debug_flags=-d" >> $GITHUB_ENV
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.config.build_id }}
+          path: build-dir
+
+      - name: Setup d-bus
+        working-directory: wolfssl/.github/workflows/hostap-files
+        run: |
+          sudo cp dbus-wpa_supplicant.conf /usr/share/dbus-1/system.d/wpa_supplicant.conf
+          sudo service dbus reload
+
+        # This is super hack-ish :P
+        # If you are trying to reproduce this on a more generic system, you can
+        # just run `sudo apt install linux-modules-extra-$(uname -r)` and
+        # this should have the module in the package. No need to compile it.
+      - name: Compile and install mac80211_hwsim
+        working-directory: wolfssl/.github/workflows/hostap-files
+        run: |
+          # The tag will be the first two numbers of from uname -r
+          LINUX_TAG=$(uname -r | grep -oP '^\d+\.\d+')
+          # Download the correct version of the driver
+          wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.c
+          wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.h
+          make
+          sudo make install
+          sudo modprobe mac80211_hwsim
+          lsmod | grep mac80211_hwsim
+          sudo rmmod mac80211_hwsim
+
+      - name: Checkout hostap
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror
+          path: hostap
+          ref: ${{ matrix.config.hostap_ref }}
+          # necessary for cherry pick step
+          fetch-depth: 0
+
+      - if: ${{ matrix.config.hostap_cherry_pick }}
+        name: Cherry pick certificate update
+        working-directory: hostap
+        run: git cherry-pick -n -X theirs ${{ matrix.config.hostap_cherry_pick }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          ref: ${{ matrix.config.osp_ref }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Apply patch files
+        working-directory: hostap
+        run: |
+          for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
+          do
+            patch -p1 < $f
+          done
+
+      - if: ${{ matrix.hostapd }}
+        name: Setup hostapd config file
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
+             hostap/hostapd/.config
+          cat <<EOF >> hostap/hostapd/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Setup wpa_supplicant config file
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
+             hostap/wpa_supplicant/.config
+          cat <<EOF >> hostap/wpa_supplicant/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - name: Build hostap
+        working-directory: hostap/tests/hwsim/
+        run: ./build.sh
+
+      - if: ${{ matrix.hostapd }}
+        name: Confirm hostapd linking with wolfSSL
+        run: ldd hostap/hostapd/hostapd | grep wolfssl
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Confirm wpa_supplicant linking with wolfSSL
+        run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
+
+      - if: ${{ matrix.config.remove_teap }}
+        name: Remove EAP-TEAP from test configuration
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: |
+          sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
+          sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
+          sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
+          sed -e 's/TEAP,//' -i eap_user.conf
+
+      - name: Run tests
+        id: testing
+        working-directory: hostap/tests/hwsim/
+        run: |
+          # Run tests in increments of 50 to cut down on the uploaded log size.
+          while mapfile -t -n 50 ary && ((${#ary[@]})); do
+            TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
+            # Retry up to three times
+            for i in {1..3}; do
+              HWSIM_RES=0 # Not set when command succeeds
+              # Logs can grow quickly especially in debug mode
+              sudo rm -rf logs
+              sudo ./start.sh
+              sudo ./run-tests.py ${{ env.hostap_debug_flags }} --split ${{ matrix.server }}/5 $TESTS || HWSIM_RES=$?
+              sudo ./stop.sh
+              if [ "$HWSIM_RES" -eq "0" ]; then
+                break
+              fi
+            done
+            echo "test ran $i times"
+            if [ "$HWSIM_RES" -ne "0" ]; then
+              exit $HWSIM_RES
+            fi
+          done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
+
+      - name: Change failure log permissions
+        if: ${{ failure() && steps.testing.outcome == 'failure' }}
+        working-directory: hostap/tests/hwsim/
+        run: |
+          sudo chown -R $USER:$USER logs
+          zip -9 -r logs.zip logs/current
+
+      - name: Upload failure logs
+        if: ${{ failure() && steps.testing.outcome == 'failure' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: hostap-logs-${{ env.our_job_run_id }}
+          path: hostap/tests/hwsim/logs.zip
+          retention-days: 5
+

.github/workflows/disabled/msys2.yml

@@ -0,0 +1,41 @@
+name: MSYS2 Build Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  msys2:
+    runs-on: windows-latest
+    defaults:
+      run:
+        shell: msys2 {0}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - { sys: ucrt64,  compiler: mingw-w64-ucrt-x86_64-gcc }
+          - { sys: mingw64, compiler: mingw-w64-x86_64-gcc }
+          - { sys: msys, compiler: gcc }
+    steps:
+      - uses: actions/checkout@v3
+      - uses: msys2/setup-msys2@v2
+        with:
+          msystem: ${{ matrix.sys }}
+          update: true
+          install: git ${{matrix.compiler}} autotools base-devel autoconf netcat
+      - name: configure wolfSSL
+        run: ./autogen.sh && ./configure CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
+      - name: build wolfSSL
+        run: make check
+      - name: Display log
+        if: always()
+        run: cat test-suite.log

.github/workflows/docker-Espressif.yml

@@ -0,0 +1,46 @@
+name: Espressif examples tests
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  espressif_latest:
+    name: latest Docker container
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 12
+    container:
+      image: espressif/idf:latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialize Espressif IDE and build examples
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+  espressif_v4_4:
+    name: v4.4 Docker container
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    container:
+      image: espressif/idf:release-v4.4
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialize Espressif IDE and build examples
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+  espressif_v5_0:
+    name: v5.0 Docker container
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    container:
+      image: espressif/idf:release-v5.0
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialize Espressif IDE and build examples
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh

.github/workflows/docker-OpenWrt.yml

@@ -0,0 +1,71 @@
+# This workflow tests out new libraries with existing OpenWrt builds to check
+# there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
+name: OpenWrt test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+    build_library:
+        name: Compile libwolfssl.so
+        if: github.repository_owner == 'wolfssl'
+        runs-on: ubuntu-22.04
+        # This should be a safe limit for the tests to run.
+        timeout-minutes: 4
+        container:
+            image: alpine:latest
+        steps:
+            - name: Install required tools
+              run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
+            - uses: actions/checkout@v4
+            - name: Compile libwolfssl.so
+              run: ./autogen.sh && ./configure --enable-all && make
+              # 2024-08-05 - Something broke in the actions. They are no longer following links.
+            - name: tar libwolfssl.so
+              working-directory: src/.libs
+              run: tar -zcf libwolfssl.tgz libwolfssl.so*
+            - name: Upload libwolfssl.so
+              uses: actions/upload-artifact@v4
+              with:
+                name: openwrt-libwolfssl.so
+                path: src/.libs/libwolfssl.tgz
+                retention-days: 5
+    compile_container:
+        name: Compile container
+        if: github.repository_owner == 'wolfssl'
+        runs-on: ubuntu-22.04
+        # This should be a safe limit for the tests to run.
+        timeout-minutes: 2
+        needs: build_library
+        strategy:
+            fail-fast: false
+            matrix:
+                release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
+        steps:
+            - uses: actions/checkout@v4
+            - uses: docker/setup-buildx-action@v3
+            - uses: actions/download-artifact@v4
+              with:
+                name: openwrt-libwolfssl.so
+                path: .
+            - name: untar libwolfssl.so
+              run: tar -xf libwolfssl.tgz -C Docker/OpenWrt
+            - name: Build but dont push
+              uses: docker/build-push-action@v5
+              with:
+                  context: Docker/OpenWrt
+                  platforms: linux/amd64
+                  push: false
+                  tags: openwrt-test:latest
+                  build-args: DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-${{ matrix.release }}
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max

.github/workflows/gencertbuf.yml

@@ -0,0 +1,41 @@
+name: Test gencertbuf script
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  gencertbuf:
+    name: gencertbuf
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test generate wolfssl/certs_test.h
+        run: ./gencertbuf.pl
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber
+          make
+          ./wolfcrypt/test/testwolfcrypt
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi

.github/workflows/grpc.yml

@@ -0,0 +1,108 @@
+name: grpc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir.tgz
+          retention-days: 5
+
+  grpc_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - ref: v1.60.0
+            tests: >-
+              bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
+              crl_ssl_transport_security_test server_ssl_test
+              ssl_transport_security_test ssl_transport_security_utils_test
+              test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
+              h2_ssl_cert_test h2_ssl_session_reuse_test
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    needs: build_wolfssl
+    steps:
+      - name: Confirm IPv4 and IPv6 support
+        run: |
+          ip addr list lo | grep 'inet '
+          ip addr list lo | grep 'inet6 '
+
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-grpc
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout grpc
+        uses: actions/checkout@v4
+        with:
+          repository: grpc/grpc
+          path: grpc
+          ref: ${{ matrix.ref }}
+
+      - name: Build grpc
+        working-directory: ./grpc
+        run: |
+          patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
+          git submodule update --init
+          mkdir cmake/build
+          cd cmake/build
+          cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
+            -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
+          make -j $(nproc) ${{ matrix.tests }}
+
+      - name: Run grpc tests
+        working-directory: ./grpc
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ./tools/run_tests/start_port_server.py
+          for t in ${{ matrix.tests }} ; do
+            ./cmake/build/$t
+          done

.github/workflows/haproxy.yml

@@ -0,0 +1,91 @@
+name: haproxy Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-haproxy
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-haproxy
+          path: build-dir.tgz
+          retention-days: 5
+
+  test_haproxy:
+    name: ${{ matrix.haproxy_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 15
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        haproxy_ref: [ 'v3.1.0' ]
+    steps:
+    - name: Install test dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install libpcre2-dev
+
+    - name: Download lib
+      uses: actions/download-artifact@v4
+      with:
+        name: wolf-install-haproxy
+
+    - name: untar build-dir
+      run: tar -xf build-dir.tgz
+
+    # check cache for haproxy if not there then download it
+    - name: Check haproxy cache
+      uses: actions/cache@v4
+      id: cache-haproxy
+      with:
+        path: build-dir/haproxy-${{matrix.haproxy_ref}}
+        key: haproxy-${{matrix.haproxy_ref}}
+
+    - name: Download haproxy if needed
+      if: steps.cache-haproxy.outputs.cache-hit != 'true'
+      uses: actions/checkout@v3
+      with:
+        repository: haproxy/haproxy
+        ref: ${{matrix.haproxy_ref}}
+        path: build-dir/haproxy-${{matrix.haproxy_ref}}
+
+    - name: Build haproxy
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
+
+    - name: Build haproxy vtest
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: ./scripts/build-vtest.sh
+
+    - name: Test haproxy
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/*

.github/workflows/hostap-files/Makefile

@@ -0,0 +1,11 @@
+obj-m := mac80211_hwsim.o
+KDIR := /lib/modules/$(shell uname -r)/build
+PWD := $(shell pwd)
+default:
+	$(MAKE) -C $(KDIR) M=$(PWD) modules
+install:
+	$(MAKE) -C $(KDIR) M=$(PWD) modules_install
+	depmod -A
+clean:
+	$(MAKE) -C $(KDIR) M=$(PWD) clean
+

.github/workflows/hostap-files/README

@@ -0,0 +1,2 @@
+Makefile and directory used in .github/workflows/hostap.yml to
+compile the mac80211_hwsim kernel module.

.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config

@@ -0,0 +1,122 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y
+CONFIG_IEEE80211BE=y

.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config

@@ -0,0 +1,164 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y

.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/hostapd.config

@@ -0,0 +1,120 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y

.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests

@@ -0,0 +1,656 @@
+sae_pk
+sae_pk_group_negotiation
+sae_pk_sec_3
+sae_pk_sec_5
+sae_pk_group_20
+sae_pk_group_21
+sae_pk_group_20_sae_group_19
+sae_pk_group_20_sae_group_21
+sae_pk_group_19_sae_group_20
+sae_pk_password_without_pk
+sae_pk_only
+sae_pk_modes
+sae_pk_not_on_ap
+sae_pk_mixed
+sae_pk_mixed_immediate_confirm
+sae_pk_missing_ie
+sae_pk_unexpected_status
+sae_pk_invalid_signature
+sae_pk_invalid_fingerprint
+sae_pk_and_psk
+sae_pk_and_psk_invalid_password
+sae_pk_invalid_pw
+sae
+sae_password_ecc
+sae_pmksa_caching
+sae_pmksa_caching_pmkid
+sae_pmksa_caching_disabled
+sae_groups
+sae_group_nego
+sae_group_nego_no_match
+sae_anti_clogging
+sae_forced_anti_clogging
+sae_mixed
+sae_and_psk
+sae_and_psk2
+sae_wpa3_roam
+sae_mixed_mfp
+sae_mfp
+sae_missing_password
+sae_key_lifetime_in_memory
+sae_oom_wpas
+sae_proto_ecc
+sae_proto_ffc
+sae_proto_commit_delayed
+sae_proto_commit_replay
+sae_proto_confirm_replay
+sae_proto_hostapd
+sae_proto_hostapd_ecc
+sae_proto_hostapd_ffc
+sae_proto_hostapd_status_126
+sae_proto_hostapd_status_127
+sae_reflection_attack_ecc
+sae_reflection_attack_ecc_internal
+sae_commit_override
+sae_commit_override2
+sae_commit_invalid_scalar_element_ap
+sae_commit_invalid_element_ap
+sae_commit_invalid_scalar_element_sta
+sae_commit_invalid_element_sta
+sae_anti_clogging_proto
+sae_no_random
+sae_invalid_anti_clogging_token_req
+sae_password
+sae_password_short
+sae_password_long
+sae_connect_cmd
+sae_password_id
+sae_password_id_ecc
+sae_password_id_ffc
+sae_password_id_only
+sae_password_id_pwe_looping
+sae_password_id_pwe_check_ap
+sae_password_id_pwe_check_sta
+sae_forced_anti_clogging_pw_id
+sae_reauth
+sae_sync
+sae_confirm_immediate
+sae_confirm_immediate2
+sae_pwe_group_19
+sae_pwe_group_20
+sae_pwe_group_21
+sae_pwe_group_28
+sae_pwe_group_29
+sae_pwe_group_30
+sae_pwe_group_1
+sae_pwe_group_2
+sae_pwe_group_22
+sae_pwe_h2e_only_ap
+sae_pwe_h2e_only_ap_sta_forcing_loop
+sae_pwe_loop_only_ap
+sae_h2e_rejected_groups
+sae_h2e_rejected_groups_unexpected
+sae_h2e_password_id
+sae_pwe_in_psk_ap
+sae_auth_restart
+sae_rsne_mismatch
+sae_h2e_rsnxe_mismatch
+sae_h2e_rsnxe_mismatch_retries
+sae_h2e_rsnxe_mismatch_assoc
+sae_h2e_rsnxe_mismatch_ap
+sae_h2e_rsnxe_mismatch_ap2
+sae_h2e_rsnxe_mismatch_ap3
+sae_forced_anti_clogging_h2e
+sae_forced_anti_clogging_h2e_loop
+sae_okc
+sae_okc_sta_only
+sae_okc_pmk_lifetime
+sae_pmk_lifetime
+sae_and_psk_multiple_passwords
+sae_pmf_roam
+sae_ocv_pmk
+sae_ocv_pmk_failure
+sae_reject
+eap_tls_pkcs8_pkcs5_v2_des3
+eap_tls_pkcs8_pkcs5_v15
+eap_tls_session_resumption
+eap_tls_session_resumption_expiration
+eap_tls_session_resumption_radius
+eap_tls_sha512
+eap_tls_sha384
+eap_tls_ext_cert_check
+eap_tls_errors
+ap_wpa2_delayed_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission2
+ap_wpa2_delayed_group_m1_retransmission
+ap_wpa2_delayed_group_m1_retransmission_igtk
+ap_wpa2_delayed_m1_m3_zero_tk
+ap_wpa2_plaintext_m1_m3
+ap_wpa2_plaintext_m1_m3_pmf
+ap_wpa2_plaintext_m3
+ap_wpa2_plaintext_group_m1
+ap_wpa2_plaintext_group_m1_pmf
+ap_wpa2_test_command_failures
+ap_wpa2_gtk_initial_rsc_tkip
+ap_wpa2_gtk_initial_rsc_ccmp
+ap_wpa2_gtk_initial_rsc_ccmp_256
+ap_wpa2_gtk_initial_rsc_gcmp
+ap_wpa2_gtk_initial_rsc_gcmp_256
+ap_wpa2_igtk_initial_rsc_aes_128_cmac
+ap_wpa2_igtk_initial_rsc_bip_gmac_128
+ap_wpa2_igtk_initial_rsc_bip_gmac_256
+ap_wpa2_igtk_initial_rsc_bip_cmac_256
+ap_wpa2_psk
+ap_wpa2_psk_file
+ap_wpa2_psk_file_keyid
+ap_wpa2_psk_mem
+ap_wpa2_ptk_rekey
+ap_wpa2_ptk_rekey_blocked_ap
+ap_wpa2_ptk_rekey_blocked_sta
+ap_wpa2_ptk_rekey_anonce
+ap_wpa2_ptk_rekey_ap
+ap_wpa2_sha256_ptk_rekey
+ap_wpa2_sha256_ptk_rekey_ap
+ap_wpa2_psk_file_errors
+ap_wpa2_psk_wildcard_ssid
+ap_wpa2_gtk_rekey
+ap_wpa2_gtk_rekey_request
+ap_wpa2_gtk_rekey_failure
+ap_wpa2_gtk_rekey_fail_1_sta
+ap_wpa2_gmk_rekey
+ap_wpa2_strict_rekey
+ap_wpa2_psk_ext
+ap_wpa2_psk_unexpected
+ap_wpa2_psk_ext_retry_msg_3
+ap_wpa2_psk_ext_retry_msg_3b
+ap_wpa2_psk_ext_retry_msg_3c
+ap_wpa2_psk_ext_retry_msg_3d
+ap_wpa2_psk_ext_retry_msg_3e
+ap_wpa2_psk_ext_delayed_ptk_rekey
+ap_wpa2_psk_ext_eapol
+ap_wpa2_psk_ext_eapol_retry1
+ap_wpa2_psk_ext_eapol_retry1b
+ap_wpa2_psk_ext_eapol_retry1c
+ap_wpa2_psk_ext_eapol_retry1d
+ap_wpa2_psk_ext_eapol_type_diff
+ap_wpa2_psk_ext_eapol_key_info
+ap_wpa2_psk_supp_proto
+ap_wpa2_psk_supp_proto_no_ie
+ap_wpa2_psk_supp_proto_ie_mismatch
+ap_wpa2_psk_supp_proto_ok
+ap_wpa2_psk_supp_proto_no_gtk
+ap_wpa2_psk_supp_proto_anonce_change
+ap_wpa2_psk_supp_proto_unexpected_group_msg
+ap_wpa2_psk_supp_proto_msg_1_invalid_kde
+ap_wpa2_psk_supp_proto_wrong_pairwise_key_len
+ap_wpa2_psk_supp_proto_wrong_group_key_len
+ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround
+ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3
+ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
+ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
+ap_wpa2_psk_supp_proto_too_long_gtk_kde
+ap_wpa2_psk_supp_proto_gtk_not_encrypted
+ap_wpa2_psk_wep
+ap_wpa2_psk_drop_first_msg_4
+ap_wpa2_psk_disable_enable
+ap_wpa2_psk_incorrect_passphrase
+ap_wpa2_psk_no_random
+ap_wpa2_psk_assoc_rsn
+ap_wpa2_psk_ft_workaround
+ap_wpa2_psk_assoc_rsn_pmkid
+ap_wpa2_eapol_retry_limit
+ap_wpa2_disable_eapol_retry
+ap_wpa2_disable_eapol_retry_group
+ap_wpa2_psk_mic_0
+ap_wpa2_psk_local_error
+ap_wpa2_psk_ap_control_port
+ap_wpa2_psk_rsne_mismatch_ap
+ap_wpa2_psk_rsne_mismatch_ap2
+ap_wpa2_psk_rsne_mismatch_ap3
+ap_wpa2_psk_rsnxe_mismatch_ap
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
+ap_wpa2_eap_sim
+ap_wpa2_eap_sim_imsi_identity
+ap_wpa2_eap_sim_imsi_privacy_key
+ap_wpa2_eap_sim_imsi_privacy_attr
+ap_wpa2_eap_sim_sql
+ap_wpa2_eap_sim_config
+ap_wpa2_eap_sim_id_0
+ap_wpa2_eap_sim_id_1
+ap_wpa2_eap_sim_id_2
+ap_wpa2_eap_sim_id_3
+ap_wpa2_eap_sim_ext
+ap_wpa2_eap_sim_ext_replace_sim
+ap_wpa2_eap_sim_ext_replace_sim2
+ap_wpa2_eap_sim_ext_replace_sim3
+ap_wpa2_eap_sim_ext_auth_fail
+ap_wpa2_eap_sim_change_bssid
+ap_wpa2_eap_sim_no_change_set
+ap_wpa2_eap_sim_ext_anonymous
+ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
+ap_wpa2_eap_sim_oom
+ap_wpa2_eap_aka
+ap_wpa2_eap_aka_imsi_identity
+ap_wpa2_eap_aka_imsi_privacy_key
+ap_wpa2_eap_aka_imsi_privacy_attr
+ap_wpa2_eap_aka_imsi_privacy_key_expired
+ap_wpa2_eap_aka_sql
+ap_wpa2_eap_aka_config
+ap_wpa2_eap_aka_ext
+ap_wpa2_eap_aka_ext_auth_fail
+ap_wpa2_eap_aka_prime_imsi_identity
+ap_wpa2_eap_aka_prime_imsi_privacy_key
+ap_wpa2_eap_aka_prime_ext_auth_fail
+ap_wpa2_eap_aka_prime_ext
+ap_wpa2_eap_ttls_pap
+ap_wpa2_eap_ttls_pap_subject_match
+ap_wpa2_eap_ttls_pap_check_cert_subject
+ap_wpa2_eap_ttls_pap_incorrect_password
+ap_wpa2_eap_ttls_chap
+ap_wpa2_eap_ttls_chap_altsubject_match
+ap_wpa2_eap_ttls_chap_incorrect_password
+ap_wpa2_eap_ttls_mschap
+ap_wpa2_eap_ttls_mschap_incorrect_password
+ap_wpa2_eap_ttls_mschapv2
+ap_wpa2_eap_ttls_invalid_phase2
+ap_wpa2_eap_ttls_mschapv2_suffix_match
+ap_wpa2_eap_ttls_mschapv2_domain_match
+ap_wpa2_eap_ttls_mschapv2_incorrect_password
+ap_wpa2_eap_ttls_mschapv2_utf8
+ap_wpa2_eap_ttls_eap_gtc
+ap_wpa2_eap_ttls_eap_gtc_incorrect_password
+ap_wpa2_eap_ttls_eap_gtc_no_password
+ap_wpa2_eap_ttls_eap_gtc_server_oom
+ap_wpa2_eap_ttls_eap_gtc_oom
+ap_wpa2_eap_ttls_eap_md5
+ap_wpa2_eap_ttls_eap_md5_incorrect_password
+ap_wpa2_eap_ttls_eap_md5_no_password
+ap_wpa2_eap_ttls_eap_md5_server_oom
+ap_wpa2_eap_ttls_eap_mschapv2
+ap_wpa2_eap_ttls_eap_mschapv2_no_password
+ap_wpa2_eap_ttls_eap_mschapv2_server_oom
+ap_wpa2_eap_ttls_eap_sim
+ap_wpa2_eap_ttls_eap_sim_ext
+ap_wpa2_eap_ttls_eap_vendor
+ap_wpa2_eap_peap_eap_sim
+ap_wpa2_eap_peap_eap_sim_ext
+ap_wpa2_eap_fast_eap_sim_ext
+ap_wpa2_eap_ttls_eap_aka
+ap_wpa2_eap_peap_eap_aka
+ap_wpa2_eap_peap_eap_mschapv2
+ap_wpa2_eap_peap_eap_mschapv2_domain
+ap_wpa2_eap_peap_eap_mschapv2_incorrect_password
+ap_wpa2_eap_peap_crypto_binding
+ap_wpa2_eap_peap_crypto_binding_server_oom
+ap_wpa2_eap_peap_params
+ap_wpa2_eap_peap_eap_gtc
+ap_wpa2_eap_peap_eap_tls
+ap_wpa2_eap_peap_eap_vendor
+ap_wpa2_eap_tls
+ap_wpa2_eap_tls_blob
+ap_wpa2_eap_tls_blob_pem
+ap_wpa2_eap_tls_blob_missing
+ap_wpa2_eap_tls_with_tls_len
+ap_wpa2_eap_tls_pkcs12
+ap_wpa2_eap_tls_pkcs12_blob
+ap_wpa2_eap_tls_pkcs12_blob_pem
+ap_wpa2_eap_tls_diff_ca_trust
+ap_wpa2_eap_tls_diff_ca_trust2
+ap_wpa2_eap_tls_diff_ca_trust3
+ap_wpa2_eap_tls_neg_suffix_match
+ap_wpa2_eap_tls_neg_domain_match
+ap_wpa2_eap_tls_neg_subject_match
+ap_wpa2_eap_tls_neg_altsubject_match
+ap_wpa2_eap_unauth_tls
+ap_wpa2_eap_ttls_server_cert_hash
+ap_wpa2_eap_ttls_server_cert_hash_invalid
+ap_wpa2_eap_pwd
+ap_wpa2_eap_pwd_nthash
+ap_wpa2_eap_pwd_salt_sha1
+ap_wpa2_eap_pwd_salt_sha256
+ap_wpa2_eap_pwd_salt_sha512
+ap_wpa2_eap_pwd_groups
+ap_wpa2_eap_pwd_invalid_group
+ap_wpa2_eap_pwd_disabled_group
+ap_wpa2_eap_pwd_as_frag
+ap_wpa2_eap_gpsk
+ap_wpa2_eap_sake
+ap_wpa2_eap_eke
+ap_wpa2_eap_eke_many
+ap_wpa2_eap_eke_serverid_nai
+ap_wpa2_eap_eke_server_oom
+ap_wpa2_eap_ikev2
+ap_wpa2_eap_ikev2_as_frag
+ap_wpa2_eap_ikev2_oom
+ap_wpa2_eap_pax
+ap_wpa2_eap_psk
+ap_wpa2_eap_psk_oom
+ap_wpa2_eap_interactive
+ap_wpa2_eap_ext_enable_network_while_connected
+ap_wpa2_eap_vendor_test
+ap_wpa2_eap_vendor_test_oom
+ap_wpa2_eap_fast_gtc_identity_change
+ap_wpa2_eap_fast_eap_vendor
+ap_wpa2_eap_tls_ocsp
+ap_wpa2_eap_tls_ocsp_multi
+ap_wpa2_eap_tls_ocsp_key_id
+ap_wpa2_eap_tls_ocsp_ca_signed_good
+ap_wpa2_eap_tls_ocsp_ca_signed_revoked
+ap_wpa2_eap_tls_ocsp_ca_signed_unknown
+ap_wpa2_eap_tls_ocsp_server_signed
+ap_wpa2_eap_tls_ocsp_invalid_data
+ap_wpa2_eap_tls_ocsp_invalid
+ap_wpa2_eap_tls_ocsp_unknown_sign
+ap_wpa2_eap_tls_intermediate_ca
+ap_wpa2_eap_tls_ocsp_multi_revoked
+ap_wpa2_eap_tls_domain_suffix_match_cn_full
+ap_wpa2_eap_tls_domain_match_cn
+ap_wpa2_eap_tls_domain_suffix_match_cn
+ap_wpa2_eap_tls_domain_suffix_mismatch_cn
+ap_wpa2_eap_tls_domain_mismatch_cn
+ap_wpa2_eap_ttls_long_duration
+ap_wpa2_eap_ttls_server_cert_eku_client
+ap_wpa2_eap_ttls_server_cert_eku_client_server
+ap_wpa2_eap_ttls_server_pkcs12
+ap_wpa2_eap_ttls_server_pkcs12_extra
+ap_wpa2_eap_ttls_dh_params_server
+ap_wpa2_eap_ttls_dh_params_dsa_server
+ap_wpa2_eap_ttls_dh_params_not_found
+ap_wpa2_eap_ttls_dh_params_invalid
+ap_wpa2_eap_reauth
+ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
+ap_wpa2_eap_request_identity_message
+ap_wpa2_eap_sim_aka_result_ind
+ap_wpa2_eap_sim_zero_db_timeout
+ap_wpa2_eap_too_many_roundtrips
+ap_wpa2_eap_too_many_roundtrips_server
+ap_wpa2_eap_too_many_roundtrips_server2
+ap_wpa2_eap_expanded_nak
+ap_wpa2_eap_sql
+ap_wpa2_eap_non_ascii_identity
+ap_wpa2_eap_non_ascii_identity2
+ap_wpa2_eap_unexpected_wep_eapol_key
+ap_wpa2_eap_session_ticket
+ap_wpa2_eap_no_workaround
+ap_wpa2_eap_tls_check_crl
+ap_wpa2_eap_tls_check_crl_not_strict
+ap_wpa2_eap_tls_crl_reload
+ap_wpa2_eap_tls_check_cert_subject
+ap_wpa2_eap_tls_check_cert_subject_neg
+ap_wpa2_eap_tls_oom
+ap_wpa2_eap_tls_macacl
+ap_wpa2_eap_oom
+ap_wpa2_eap_tls_13
+ap_wpa2_eap_tls_13_ocsp
+ap_wpa2_eap_tls_13_missing_prot_success
+ap_wpa2_eap_tls_13_fragmentation
+ap_wpa2_eap_ttls_13
+ap_wpa2_eap_peap_13
+ap_wpa2_eap_tls_13_ec
+ap_wpa2_eap_sim_db
+ap_wpa2_eap_sim_db_sqlite
+ap_wpa2_eap_assoc_rsn
+ap_wpa2_eap_status
+ap_wpa2_eap_gpsk_ptk_rekey_ap
+ap_wpa2_eap_wildcard_ssid
+ap_wpa2_eap_psk_mac_addr_change
+ap_wpa2_eap_server_get_id
+ap_wpa2_radius_server_get_id
+ap_wpa2_eap_tls_tod
+ap_wpa2_eap_tls_tod_tofu
+ap_wpa2_eap_sake_no_control_port
+dpp_network_intro_version
+dpp_network_intro_version_change
+dpp_network_intro_version_missing_req
+dpp_tcp_pkex
+dpp_tcp_pkex_auto_connect_2
+dpp_tcp_pkex_auto_connect_2_status
+dpp_tcp_pkex_auto_connect_2_status_fail
+dpp_tcp_pkex_while_associated
+dpp_tcp_pkex_while_associated_conn_status
+dpp_controller_relay_pkex
+dpp_push_button
+dpp_push_button_session_overlap_sta
+dpp_push_button_session_overlap_ap
+dpp_push_button_session_overlap_configurator
+dpp_push_button_2sta
+dpp_push_button_r_hash_mismatch_sta
+dpp_push_button_i_hash_mismatch_ap
+dpp_push_button_r_hash_mismatch_ap
+dpp_push_button_ext_conf
+dpp_push_button_wpas_conf
+dpp_private_peer_introduction
+dpp_qr_code_parsing
+dpp_uri_version
+dpp_uri_supported_curves
+dpp_uri_host
+dpp_qr_code_parsing_fail
+dpp_qr_code_curves
+dpp_qr_code_curves_brainpool
+dpp_qr_code_unsupported_curve
+dpp_qr_code_keygen_fail
+dpp_qr_code_auth_broadcast
+dpp_configurator_enrollee_prime256v1
+dpp_configurator_enrollee_secp384r1
+dpp_configurator_enrollee_brainpoolP256r1
+dpp_configurator_enrollee_brainpoolP384r1
+dpp_configurator_enrollee_brainpoolP512r1
+dpp_configurator_enroll_conf
+dpp_qr_code_curve_prime256v1
+dpp_qr_code_curve_secp384r1
+dpp_qr_code_curve_secp521r1
+dpp_qr_code_curve_brainpoolP256r1
+dpp_qr_code_curve_brainpoolP384r1
+dpp_qr_code_curve_brainpoolP512r1
+dpp_qr_code_set_key
+dpp_qr_code_auth_mutual
+dpp_qr_code_auth_mutual_p_256
+dpp_qr_code_auth_mutual_p_384
+dpp_qr_code_auth_mutual_p_521
+dpp_qr_code_auth_mutual_bp_256
+dpp_qr_code_auth_mutual_bp_384
+dpp_qr_code_auth_mutual_bp_512
+dpp_auth_resp_retries
+dpp_qr_code_auth_mutual_not_used
+dpp_qr_code_auth_mutual_curve_mismatch
+dpp_qr_code_auth_hostapd_mutual2
+dpp_qr_code_listen_continue
+dpp_qr_code_auth_initiator_enrollee
+dpp_qr_code_auth_initiator_either_2
+dpp_qr_code_auth_initiator_either_3
+dpp_config_legacy
+dpp_config_legacy_psk_hex
+dpp_config_fragmentation
+dpp_config_legacy_gen
+dpp_config_legacy_gen_psk
+dpp_config_dpp_gen_prime256v1
+dpp_config_dpp_gen_secp384r1
+dpp_config_dpp_gen_secp521r1
+dpp_config_dpp_gen_expiry
+dpp_config_dpp_gen_expired_key
+dpp_config_dpp_gen_3rd_party
+dpp_config_dpp_override_prime256v1
+dpp_config_dpp_override_secp384r1
+dpp_config_override_objects
+dpp_config_signed_connector_error_no_dot_1
+dpp_config_signed_connector_error_no_dot_2
+dpp_config_signed_connector_error_unexpected_signature_len
+dpp_config_no_csign
+dpp_config_no_signed_connector
+dpp_config_unexpected_signed_connector_char
+dpp_config_root_not_an_object
+dpp_config_no_wi_fi_tech
+dpp_config_no_discovery
+dpp_config_no_discovery_ssid
+dpp_config_too_long_discovery_ssid
+dpp_config_no_cred
+dpp_config_no_cred_akm
+dpp_config_error_legacy_no_pass
+dpp_config_error_legacy_too_long_pass
+dpp_config_error_legacy_psk_with_sae
+dpp_config_error_legacy_no_pass_for_sae
+dpp_config_error_legacy_invalid_psk
+dpp_config_error_legacy_too_short_psk
+dpp_config_connector_error_ext_sign
+dpp_config_connector_error_too_short_timestamp
+dpp_config_connector_error_invalid_timestamp
+dpp_config_connector_error_invalid_timestamp_date
+dpp_config_connector_error_expired_1
+dpp_config_connector_error_expired_2
+dpp_config_connector_error_expired_3
+dpp_config_connector_error_expired_4
+dpp_config_connector_error_expired_6
+dpp_config_connector_error_no_groups
+dpp_config_connector_error_empty_groups
+dpp_config_connector_error_missing_group_id
+dpp_config_connector_error_missing_net_role
+dpp_config_connector_error_missing_net_access_key
+dpp_config_connector_error_net_access_key_mismatch
+dpp_akm_sha256
+dpp_akm_sha384
+dpp_akm_sha512
+dpp_network_introduction
+dpp_network_introduction_expired
+dpp_and_sae_akm
+dpp_ap_config
+dpp_ap_config_p256_p256
+dpp_ap_config_p256_p384
+dpp_ap_config_p384_p256
+dpp_ap_config_p384_p384
+dpp_ap_config_p521_p256
+dpp_ap_config_p521_p384
+dpp_ap_config_bp256_bp256
+dpp_ap_config_bp384_bp384
+dpp_ap_config_bp512_bp512
+dpp_ap_config_p256_bp256
+dpp_ap_config_bp256_p256
+dpp_ap_config_p521_bp512
+dpp_ap_config_reconfig_configurator
+dpp_auto_connect_legacy
+dpp_auto_connect_legacy_ssid_charset
+dpp_auto_connect_legacy_sae_1
+dpp_auto_connect_legacy_sae_2
+dpp_auto_connect_legacy_psk_sae_1
+dpp_auto_connect_legacy_psk_sae_2
+dpp_auto_connect_legacy_psk_sae_3
+dpp_auto_connect_legacy_pmf_required
+dpp_test_vector_p_256
+dpp_test_vector_p_256_b
+dpp_test_vector_p_521
+dpp_pkex
+dpp_pkex_v2
+dpp_pkex_p256
+dpp_pkex_p384
+dpp_pkex_p521
+dpp_pkex_bp256
+dpp_pkex_bp384
+dpp_pkex_bp512
+dpp_pkex_config
+dpp_pkex_no_identifier
+dpp_pkex_identifier_mismatch
+dpp_pkex_identifier_mismatch2
+dpp_pkex_identifier_mismatch3
+dpp_pkex_test_vector
+dpp_pkex_code_mismatch
+dpp_pkex_code_mismatch_limit
+dpp_pkex_curve_mismatch
+dpp_pkex_curve_mismatch_failure
+dpp_pkex_curve_mismatch_failure2
+dpp_pkex_exchange_resp_processing_failure
+dpp_pkex_commit_reveal_req_processing_failure
+dpp_pkex_config2
+dpp_pkex_no_responder
+dpp_pkex_after_retry
+dpp_pkex_hostapd_responder
+dpp_pkex_v2_hostapd_responder
+dpp_pkex_hostapd_initiator
+dpp_pkex_v2_hostapd_initiator
+dpp_pkex_hostapd_initiator_fallback
+dpp_pkex_hostapd_initiator_no_response
+dpp_pkex_hostapd_errors
+dpp_pkex_nak_curve_change
+dpp_pkex_nak_curve_change2
+dpp_hostapd_configurator
+dpp_hostapd_configurator_responder
+dpp_hostapd_configurator_fragmentation
+dpp_hostapd_enrollee_fragmentation
+dpp_hostapd_enrollee_gas_timeout
+dpp_hostapd_enrollee_gas_timeout_comeback
+dpp_hostapd_enrollee_gas_errors
+dpp_hostapd_enrollee_gas_proto
+dpp_hostapd_enrollee_gas_tx_status_errors
+dpp_hostapd_configurator_override_objects
+dpp_own_config
+dpp_own_config_group_id
+dpp_proto_after_wrapped_data_auth_req
+dpp_auth_req_stop_after_ack
+dpp_auth_req_retries
+dpp_auth_req_retries_multi_chan
+dpp_proto_after_wrapped_data_auth_resp
+dpp_proto_after_wrapped_data_auth_conf
+dpp_proto_after_wrapped_data_conf_req
+dpp_proto_after_wrapped_data_conf_resp
+dpp_proto_stop_at_pkex_exchange_resp
+dpp_proto_stop_at_pkex_cr_req
+dpp_proto_stop_at_pkex_cr_resp
+dpp_proto_network_introduction
+dpp_hostapd_auth_conf_timeout
+dpp_tcp
+dpp_tcp_port
+dpp_tcp_mutual
+dpp_tcp_mutual_hostapd_conf
+dpp_tcp_conf_init
+dpp_tcp_conf_init_hostapd_enrollee
+dpp_tcp_controller_management_hostapd
+dpp_tcp_controller_management_hostapd2
+dpp_tcp_controller_start_failure
+dpp_tcp_init_failure
+dpp_controller_rx_failure
+dpp_controller_rx_errors
+dpp_conn_status_success
+dpp_conn_status_wrong_passphrase
+dpp_conn_status_no_ap
+dpp_conn_status_connector_mismatch
+dpp_conn_status_assoc_reject
+dpp_conn_status_success_hostapd_configurator
+dpp_mud_url
+dpp_mud_url_hostapd
+dpp_config_save
+dpp_config_save2
+dpp_config_save3
+dpp_nfc_uri
+dpp_nfc_uri_hostapd
+dpp_nfc_uri_hostapd_tag_read
+dpp_nfc_negotiated_handover
+dpp_nfc_negotiated_handover_diff_curve
+dpp_nfc_negotiated_handover_hostapd_sel
+dpp_nfc_negotiated_handover_hostapd_req
+dpp_nfc_errors_hostapd
+dpp_with_p2p_device
+dpp_pfs_ap_0
+dpp_pfs_ap_1
+dpp_pfs_ap_2
+dpp_pfs_connect_cmd
+dpp_pfs_connect_cmd_ap_2
+dpp_pfs_connect_cmd_ap_2_sae
+dpp_pfs_ap_0_sta_ver1
+dpp_pfs_errors
+dpp_qr_code_auth_rand_mac_addr
+dpp_enterprise
+dpp_enterprise_tcp
+dpp_enterprise_tcp2
+dpp_qr_code_config_event_initiator
+dpp_qr_code_config_event_initiator_set_comeback
+dpp_qr_code_config_event_initiator_slow
+dpp_qr_code_config_event_initiator_failure
+dpp_qr_code_config_event_initiator_no_response
+dpp_qr_code_config_event_initiator_both
+dpp_tcp_qr_code_config_event_initiator
+dpp_discard_public_action
+

.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/wpa_supplicant.config

@@ -0,0 +1,163 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y

.github/workflows/hostap-files/configs/hostap_2_10/extra.patch

@@ -0,0 +1,47 @@
+From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
+From: Juliusz Sosinowicz <juliusz@wolfssl.com>
+Date: Fri, 19 Apr 2024 16:41:38 +0200
+Subject: [PATCH] Fixes for running tests under UML
+
+- Apply commit ID fix from more recent commit
+- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
+---
+ src/crypto/crypto_wolfssl.c | 2 +-
+ tests/hwsim/run-all.sh      | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 00ecf61352..a57fa50697 100644
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
+ 	int ret = -1;
+ 	WC_RNG rng;
+ 	DhKey *dh = NULL;
+-	word32 priv_sz, pub_sz;
++	word32 priv_sz = prime_len, pub_sz = prime_len;
+ 
+ 	if (TEST_FAIL())
+ 		return -1;
+diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
+index ee48cd0581..75c3a58b52 100755
+--- a/tests/hwsim/run-all.sh
++++ b/tests/hwsim/run-all.sh
+@@ -15,7 +15,13 @@ export LOGDIR
+ if [ -z "$DBFILE" ]; then
+     DB=""
+ else
+-    DB="-S $DBFILE --commit $(git rev-parse HEAD)"
++    DB="-S $DBFILE"
++    if [ -z "$COMMITID" ]; then
++	COMMITID="$(git rev-parse HEAD)"
++    fi
++    if [ -n "$COMMITID" ]; then
++	DB="$DB --commit $COMMITID"
++    fi
+     if [ -n "$BUILD" ]; then
+ 	DB="$DB -b $BUILD"
+     fi
+-- 
+2.34.1
+

.github/workflows/hostap-files/configs/hostap_2_10/hostapd.config

@@ -0,0 +1,119 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+#CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+#CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+#CONFIG_DPP=y
+#CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y

.github/workflows/hostap-files/configs/hostap_2_10/tests

@@ -0,0 +1,270 @@
+sae
+sae_password_ecc
+sae_pmksa_caching
+sae_pmksa_caching_pmkid
+sae_pmksa_caching_disabled
+sae_groups
+sae_group_nego
+sae_group_nego_no_match
+sae_anti_clogging
+sae_forced_anti_clogging
+sae_mixed
+sae_and_psk
+sae_and_psk2
+sae_wpa3_roam
+sae_mixed_mfp
+sae_mfp
+sae_missing_password
+sae_key_lifetime_in_memory
+sae_oom_wpas
+sae_proto_ecc
+sae_proto_ffc
+sae_proto_commit_delayed
+sae_proto_commit_replay
+sae_proto_confirm_replay
+sae_proto_hostapd
+sae_proto_hostapd_ecc
+sae_proto_hostapd_ffc
+sae_proto_hostapd_status_126
+sae_proto_hostapd_status_127
+sae_reflection_attack_ecc
+sae_reflection_attack_ecc_internal
+sae_commit_override
+sae_commit_override2
+sae_commit_invalid_scalar_element_ap
+sae_commit_invalid_element_ap
+sae_commit_invalid_scalar_element_sta
+sae_commit_invalid_element_sta
+sae_anti_clogging_proto
+sae_no_random
+sae_bignum_failure_unsafe_group
+sae_invalid_anti_clogging_token_req
+sae_password
+sae_password_short
+sae_password_long
+sae_connect_cmd
+sae_password_id
+sae_password_id_ecc
+sae_password_id_ffc
+sae_password_id_only
+sae_password_id_pwe_looping
+sae_password_id_pwe_check_ap
+sae_password_id_pwe_check_sta
+sae_forced_anti_clogging_pw_id
+sae_reauth
+sae_sync
+sae_confirm_immediate
+sae_confirm_immediate2
+sae_pwe_group_19
+sae_pwe_group_20
+sae_pwe_group_21
+sae_pwe_group_1
+sae_pwe_group_2
+sae_pwe_group_22
+sae_pwe_h2e_only_ap
+sae_pwe_h2e_only_ap_sta_forcing_loop
+sae_pwe_loop_only_ap
+sae_h2e_rejected_groups
+sae_h2e_rejected_groups_unexpected
+sae_h2e_password_id
+sae_pwe_in_psk_ap
+sae_auth_restart
+sae_rsne_mismatch
+sae_h2e_rsnxe_mismatch
+sae_h2e_rsnxe_mismatch_retries
+sae_h2e_rsnxe_mismatch_assoc
+sae_h2e_rsnxe_mismatch_ap
+sae_h2e_rsnxe_mismatch_ap2
+sae_h2e_rsnxe_mismatch_ap3
+sae_forced_anti_clogging_h2e
+sae_forced_anti_clogging_h2e_loop
+sae_okc
+sae_okc_sta_only
+sae_okc_pmk_lifetime
+sae_pmk_lifetime
+sae_and_psk_multiple_passwords
+sae_pmf_roam
+sae_ocv_pmk
+sae_ocv_pmk_failure
+sae_reject
+eap_tls_pkcs8_pkcs5_v2_des3
+eap_tls_pkcs8_pkcs5_v15
+eap_tls_sha512
+eap_tls_sha384
+eap_tls_errors
+eap_proto_peap_errors_server
+eap_proto_peap_errors
+ap_wpa2_delayed_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission2
+ap_wpa2_delayed_group_m1_retransmission
+ap_wpa2_delayed_group_m1_retransmission_igtk
+ap_wpa2_delayed_m1_m3_zero_tk
+ap_wpa2_plaintext_m1_m3
+ap_wpa2_plaintext_m1_m3_pmf
+ap_wpa2_plaintext_m3
+ap_wpa2_plaintext_group_m1
+ap_wpa2_plaintext_group_m1_pmf
+ap_wpa2_test_command_failures
+ap_wpa2_gtk_initial_rsc_tkip
+ap_wpa2_gtk_initial_rsc_ccmp
+ap_wpa2_gtk_initial_rsc_ccmp_256
+ap_wpa2_gtk_initial_rsc_gcmp
+ap_wpa2_gtk_initial_rsc_gcmp_256
+ap_wpa2_igtk_initial_rsc_aes_128_cmac
+ap_wpa2_igtk_initial_rsc_bip_gmac_128
+ap_wpa2_igtk_initial_rsc_bip_gmac_256
+ap_wpa2_igtk_initial_rsc_bip_cmac_256
+ap_wpa2_psk
+ap_wpa2_psk_file
+ap_wpa2_psk_file_keyid
+ap_wpa2_psk_mem
+ap_wpa2_ptk_rekey
+ap_wpa2_ptk_rekey_blocked_ap
+ap_wpa2_ptk_rekey_blocked_sta
+ap_wpa2_ptk_rekey_anonce
+ap_wpa2_ptk_rekey_ap
+ap_wpa2_sha256_ptk_rekey
+ap_wpa2_sha256_ptk_rekey_ap
+ap_wpa2_psk_file_errors
+ap_wpa2_psk_wildcard_ssid
+ap_wpa2_gtk_rekey
+ap_wpa2_gtk_rekey_request
+ap_wpa2_gtk_rekey_failure
+ap_wpa2_gmk_rekey
+ap_wpa2_strict_rekey
+ap_wpa2_psk_ext
+ap_wpa2_psk_unexpected
+ap_wpa2_psk_ext_retry_msg_3
+ap_wpa2_psk_ext_retry_msg_3b
+ap_wpa2_psk_ext_retry_msg_3c
+ap_wpa2_psk_ext_retry_msg_3d
+ap_wpa2_psk_ext_retry_msg_3e
+ap_wpa2_psk_ext_delayed_ptk_rekey
+ap_wpa2_psk_ext_eapol
+ap_wpa2_psk_ext_eapol_retry1
+ap_wpa2_psk_ext_eapol_retry1b
+ap_wpa2_psk_ext_eapol_retry1c
+ap_wpa2_psk_ext_eapol_retry1d
+ap_wpa2_psk_ext_eapol_type_diff
+ap_wpa2_psk_ext_eapol_key_info
+ap_wpa2_psk_wep
+ap_wpa2_psk_ifdown
+ap_wpa2_psk_drop_first_msg_4
+ap_wpa2_psk_disable_enable
+ap_wpa2_psk_incorrect_passphrase
+ap_wpa2_psk_no_random
+ap_wpa2_psk_assoc_rsn
+ap_wpa2_psk_ft_workaround
+ap_wpa2_psk_assoc_rsn_pmkid
+ap_wpa2_eapol_retry_limit
+ap_wpa2_disable_eapol_retry
+ap_wpa2_disable_eapol_retry_group
+ap_wpa2_psk_mic_0
+ap_wpa2_psk_local_error
+ap_wpa2_psk_inject_assoc
+ap_wpa2_psk_ap_control_port
+ap_wpa2_psk_ap_control_port_disabled
+ap_wpa2_psk_rsne_mismatch_ap
+ap_wpa2_psk_rsne_mismatch_ap2
+ap_wpa2_psk_rsne_mismatch_ap3
+ap_wpa2_psk_rsnxe_mismatch_ap
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
+ap_wpa2_eap_sim
+ap_wpa2_eap_sim_sql
+ap_wpa2_eap_sim_config
+ap_wpa2_eap_sim_id_0
+ap_wpa2_eap_sim_id_1
+ap_wpa2_eap_sim_id_2
+ap_wpa2_eap_sim_id_3
+ap_wpa2_eap_sim_ext
+ap_wpa2_eap_sim_ext_replace_sim
+ap_wpa2_eap_sim_ext_replace_sim2
+ap_wpa2_eap_sim_ext_replace_sim3
+ap_wpa2_eap_sim_ext_auth_fail
+ap_wpa2_eap_sim_change_bssid
+ap_wpa2_eap_sim_no_change_set
+ap_wpa2_eap_sim_ext_anonymous
+ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
+ap_wpa2_eap_sim_oom
+ap_wpa2_eap_aka
+ap_wpa2_eap_aka_sql
+ap_wpa2_eap_aka_config
+ap_wpa2_eap_aka_ext
+ap_wpa2_eap_aka_ext_auth_fail
+ap_wpa2_eap_aka_prime
+ap_wpa2_eap_aka_prime_sql
+ap_wpa2_eap_aka_prime_ext_auth_fail
+ap_wpa2_eap_aka_prime_ext
+ap_wpa2_eap_ttls_invalid_phase2
+ap_wpa2_eap_ttls_eap_vendor
+ap_wpa2_eap_fast_eap_sim
+ap_wpa2_eap_fast_eap_aka
+ap_wpa2_eap_peap_params
+ap_wpa2_eap_peap_eap_gtc
+ap_wpa2_eap_peap_eap_vendor
+ap_wpa2_eap_ttls_server_cert_hash
+ap_wpa2_eap_ttls_server_cert_hash_invalid
+ap_wpa2_eap_pwd
+ap_wpa2_eap_pwd_nthash
+ap_wpa2_eap_pwd_salt_sha1
+ap_wpa2_eap_pwd_salt_sha256
+ap_wpa2_eap_pwd_salt_sha512
+ap_wpa2_eap_pwd_groups
+ap_wpa2_eap_pwd_invalid_group
+ap_wpa2_eap_pwd_disabled_group
+ap_wpa2_eap_pwd_as_frag
+ap_wpa2_eap_gpsk
+ap_wpa2_eap_sake
+ap_wpa2_eap_ikev2
+ap_wpa2_eap_ikev2_as_frag
+ap_wpa2_eap_ikev2_oom
+ap_wpa2_eap_pax
+ap_wpa2_eap_psk
+ap_wpa2_eap_psk_oom
+ap_wpa2_eap_interactive
+ap_wpa2_eap_ext_enable_network_while_connected
+ap_wpa2_eap_vendor_test
+ap_wpa2_eap_vendor_test_oom
+ap_wpa2_eap_ttls_ocsp_revoked
+ap_wpa2_eap_ttls_ocsp_unknown
+ap_wpa2_eap_ttls_optional_ocsp_unknown
+ap_wpa2_eap_ttls_long_duration
+ap_wpa2_eap_ttls_server_cert_eku_client
+ap_wpa2_eap_ttls_server_cert_eku_client_server
+ap_wpa2_eap_ttls_dh_params
+ap_wpa2_eap_ttls_dh_params_dsa
+ap_wpa2_eap_ttls_dh_params_not_found
+ap_wpa2_eap_ttls_dh_params_invalid
+ap_wpa2_eap_ttls_dh_params_blob
+ap_wpa2_eap_ttls_dh_params_server
+ap_wpa2_eap_ttls_dh_params_dsa_server
+ap_wpa2_eap_reauth
+ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
+ap_wpa2_eap_request_identity_message
+ap_wpa2_eap_sim_aka_result_ind
+ap_wpa2_eap_sim_zero_db_timeout
+ap_wpa2_eap_too_many_roundtrips
+ap_wpa2_eap_too_many_roundtrips_server
+ap_wpa2_eap_too_many_roundtrips_server2
+ap_wpa2_eap_expanded_nak
+ap_wpa2_eap_sql
+ap_wpa2_eap_non_ascii_identity
+ap_wpa2_eap_non_ascii_identity2
+ap_wpa2_eap_unexpected_wep_eapol_key
+ap_wpa2_eap_oom
+ap_wpa2_eap_sim_db
+ap_wpa2_eap_sim_db_sqlite
+ap_wpa2_eap_assoc_rsn
+ap_wpa2_eap_status
+ap_wpa2_eap_gpsk_ptk_rekey_ap
+ap_wpa2_eap_wildcard_ssid
+ap_wpa2_eap_psk_mac_addr_change
+ap_wpa2_eap_server_get_id
+ap_wpa2_radius_server_get_id
+ap_wpa2_eap_sake_no_control_port

.github/workflows/hostap-files/configs/hostap_2_10/wpa_supplicant.config

@@ -0,0 +1,163 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+#CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+#CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+#CONFIG_DPP=y
+#CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y

.github/workflows/hostap-files/dbus-wpa_supplicant.conf

@@ -0,0 +1,23 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <policy user="root">
+    <allow own="fi.epitest.hostap.WPASupplicant"/>
+    <allow send_destination="fi.epitest.hostap.WPASupplicant"/>
+    <allow send_interface="fi.epitest.hostap.WPASupplicant"/>
+    <allow own="fi.w1.wpa_supplicant1"/>
+    <allow send_destination="fi.w1.wpa_supplicant1"/>
+    <allow send_interface="fi.w1.wpa_supplicant1"/>
+    <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+  </policy>
+  <policy context="default">
+    <deny own="fi.epitest.hostap.WPASupplicant"/>
+    <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
+    <deny send_interface="fi.epitest.hostap.WPASupplicant"/>
+    <deny own="fi.w1.wpa_supplicant1"/>
+    <deny send_destination="fi.w1.wpa_supplicant1"/>
+    <deny send_interface="fi.w1.wpa_supplicant1"/>
+    <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+  </policy>
+</busconfig>

.github/workflows/hostap-vm.yml

@@ -0,0 +1,344 @@
+name: hostap and wpa-supplicant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  LINUX_REF: v6.12
+
+jobs:
+  build_wolfssl:
+    strategy:
+      matrix:
+        include:
+          - build_id: hostap-vm-build1
+            wolf_extra_config: --disable-tls13
+          - build_id: hostap-vm-build2
+            wolf_extra_config: >-
+              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192
+              --enable-tlsv10 --enable-oldtls
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
+            ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.build_id }}
+          path: build-dir.tgz
+          retention-days: 5
+
+  checkout_hostap:
+    name: Checkout hostap repo
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have hostap in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: hostap
+          key: hostap-repo
+          lookup-only: true
+
+      - name: Checkout hostap
+        run: git clone git://w1.fi/hostap.git hostap
+
+  build_uml_linux:
+    name: Build UML (UserMode Linux)
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: checkout_hostap
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: hostap-linux-${{ env.LINUX_REF }}
+          lookup-only: true
+
+      - name: Checking if we have hostap in cache
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/cache/restore@v4
+        with:
+          path: hostap
+          key: hostap-repo
+          fail-on-cache-miss: true
+
+      - name: Checkout linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: torvalds/linux
+          path: linux
+          ref: ${{ env.LINUX_REF }}
+
+      - name: Compile linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
+          cd linux
+          yes "" | ARCH=um make -j $(nproc)
+
+  hostap_test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # should hostapd be compiled with wolfssl
+        hostapd: [true, false]
+        # should wpa_supplicant be compiled with wolfssl
+        wpa_supplicant: [true, false]
+        # Fix the versions of hostap and osp to not break testing when a new
+        # patch is added in to osp. Tests are read from the corresponding
+        # configs/hostap_ref/tests file.
+        config: [
+          {
+            hostap_ref: hostap_2_10,
+            remove_teap: true,
+            # TLS 1.3 does not work for this version
+            build_id: hostap-vm-build1,
+          },
+          # Test the dpp patch
+          {
+            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+            build_id: hostap-vm-build2
+          },
+          {
+            hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
+            osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
+            build_id: hostap-vm-build2
+          },
+        ]
+        exclude:
+          # don't test openssl on both sides
+          - hostapd: false
+            wpa_supplicant: false
+          # no hostapd support for dpp yet
+          - hostapd: true
+            config: {
+              hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+              osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+              build_id: hostap-vm-build2
+            }
+    name: hwsim test
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 45
+    needs: [build_wolfssl, build_uml_linux, checkout_hostap]
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: hostap-linux-${{ env.LINUX_REF }}
+          fail-on-cache-miss: true
+
+      - name: show file structure
+        run: tree
+
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.config.build_id }}
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
+            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
+
+      - name: Checking if we have hostap in cache
+        uses: actions/cache/restore@v4
+        with:
+          path: hostap
+          key: hostap-repo
+          fail-on-cache-miss: true
+
+      - name: Checkout correct ref
+        working-directory: hostap
+        run: git checkout ${{ matrix.config.hostap_ref }}
+
+      - name: Update certs
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: ./update.sh
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          ref: ${{ matrix.config.osp_ref }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Apply patch files
+        working-directory: hostap
+        run: |
+          for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
+          do
+            patch -p1 < $f
+          done
+
+      - name: Apply extra patches
+        working-directory: hostap
+        run: |
+          FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
+          if [ -f "$FILE" ]; then
+            patch -p1 < $FILE
+          fi
+
+      - if: ${{ matrix.hostapd }}
+        name: Setup hostapd config file
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
+             hostap/hostapd/.config
+          cat <<EOF >> hostap/hostapd/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Setup wpa_supplicant config file
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
+             hostap/wpa_supplicant/.config
+          cat <<EOF >> hostap/wpa_supplicant/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - name: Build hostap and wpa_supplicant
+        working-directory: hostap/tests/hwsim/
+        run: ./build.sh
+
+      - if: ${{ matrix.hostapd }}
+        name: Confirm hostapd linking with wolfSSL
+        run: ldd hostap/hostapd/hostapd | grep wolfssl
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Confirm wpa_supplicant linking with wolfSSL
+        run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
+
+      - if: ${{ matrix.config.remove_teap }}
+        name: Remove EAP-TEAP from test configuration
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: |
+          sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
+          sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
+          sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
+          sed -e 's/TEAP,//' -i eap_user.conf
+
+      - if: ${{ runner.debug }}
+        name: Enable hostap debug logging
+        run: |
+          echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
+
+      - name: Run tests
+        id: testing
+        working-directory: hostap/tests/hwsim/
+        run: |
+          cat <<EOF >> vm/vm-config
+            KERNELDIR=$GITHUB_WORKSPACE/linux
+            KVMARGS="-cpu host"
+          EOF
+          # Run tests in increments of 200 to not stall out the parallel-vm script
+          while mapfile -t -n 200 ary && ((${#ary[@]})); do
+            TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
+            HWSIM_RES=0 # Not set when command succeeds
+            ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS  || HWSIM_RES=$?
+            if [ "$HWSIM_RES" -ne "0" ]; then
+              # Let's re-run the failing tests. We gather the failed tests from the log file.
+              FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
+              printf 'failed tests: %s\n' "$FAILED_TESTS"
+              ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
+            fi
+            rm -r /tmp/hwsim-test-logs
+          done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
+
+      # The logs are quite big. It hasn't been useful so far so let's not waste
+      # precious gh space.
+      #- name: zip logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  working-directory: hostap/tests/hwsim/
+      #  run: |
+      #    rm /tmp/hwsim-test-logs/latest
+      #    zip -9 -r logs.zip /tmp/hwsim-test-logs
+      #
+      #- name: Upload failure logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  uses: actions/upload-artifact@v4
+      #  with:
+      #    name: hostap-logs-${{ env.our_job_run_id }}
+      #    path: hostap/tests/hwsim/logs.zip
+      #    retention-days: 5

.github/workflows/intelasm-c-fallback.yml

@@ -0,0 +1,52 @@
+name: Dynamic C Fallback Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_AES_C_DYNAMIC_FALLBACK -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL with WC_C_DYNAMIC_FALLBACK and DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+        run: |
+          ./autogen.sh
+          randseed=$(head -c 4 /dev/urandom | od -t u4 --address-radix=n)
+          randseed="${randseed#"${randseed%%[![:space:]]*}"}"
+          echo "fuzzing seed=${randseed}"
+          ./configure ${{ matrix.config }} CFLAGS="-DWC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED=$randseed -fsanitize=leak -g -fno-omit-frame-pointer"
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done

.github/workflows/ipmitool.yml

@@ -0,0 +1,85 @@
+name: ipmitool Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    if: github.repository_owner == 'wolfssl'
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-ipmitool
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_ipmitool:
+    strategy:
+      fail-fast: false
+      matrix:
+        git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
+    name: ${{ matrix.git_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-ipmitool
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build ipmitool
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: ipmitool/ipmitool
+          ref: ${{ matrix.git_ref }}
+          path: ipmitool
+          patch-file: $GITHUB_WORKSPACE/osp/ipmitool/*-${{ matrix.git_ref }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          # No checks included and not running since it depends on hardware
+          check: false
+
+      - name: Confirm built with wolfSSL
+        working-directory: ipmitool
+        run: |
+          ldd src/ipmitool | grep wolfssl
+          ldd src/ipmievd | grep wolfssl

.github/workflows/jwt-cpp.yml

@@ -0,0 +1,96 @@
+name: jwt-cpp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-jwt-cpp
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_pam-ipmi:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        config:
+          - ref: 0.7.0
+            runner: ubuntu-22.04
+          - ref: 0.6.0
+            runner: ubuntu-22.04
+    name: ${{ matrix.config.ref }}
+    runs-on: ${{ matrix.config.runner }}
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install libgtest-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-jwt-cpp
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout jwt-cpp
+        uses: actions/checkout@v4
+        with:
+          repository: Thalhammer/jwt-cpp
+          path: jwt-cpp
+          ref: v${{ matrix.config.ref }}
+
+      - name: Build pam-ipmi
+        working-directory: jwt-cpp
+        run: |
+          patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
+            cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
+          make -j -C build
+          ldd ./build/tests/jwt-cpp-test | grep wolfssl
+
+      - name: Run jwt-cpp tests
+        working-directory: jwt-cpp
+        run: ./build/tests/jwt-cpp-test

.github/workflows/krb5.yml

@@ -0,0 +1,103 @@
+name: Kerberos 5 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 5
+    steps:
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-krb CC='gcc -fsanitize=address'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-krb5
+          path: build-dir.tgz
+          retention-days: 5
+
+  krb5_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.21.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-krb5
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout krb5
+        uses: actions/checkout@v4
+        with:
+          repository: krb5/krb5
+          ref: krb5-${{ matrix.ref }}-final
+          path: krb5
+
+      - name: Apply patch
+        working-directory: ./krb5
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
+
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - name: Build krb5
+        working-directory: ./krb5/src
+        run: |
+          autoreconf -ivf
+          # Using rpath because LD_LIBRARY_PATH is overwritten during testing
+          export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl  -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
+          export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
+          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit --with-spake-openssl \
+            CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
+          CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j
+
+      - name: Run tests
+        working-directory: ./krb5/src
+        run: |
+          CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j check
+

.github/workflows/libspdm.yml

@@ -0,0 +1,91 @@
+name: libspdm Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all --enable-static CFLAGS='-DRSA_MIN_SIZE=512'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libspdm
+          path: build-dir.tgz
+          retention-days: 5
+
+  libspdm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 3.3.0 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libspdm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout libspdm
+        uses: actions/checkout@v4
+        with:
+          repository: DMTF/libspdm
+          path: libspdm
+          ref: ${{ matrix.ref }}
+
+      - name: Build and test libspdm
+        working-directory: libspdm
+        run: |
+          patch -p1 < ../osp/libspdm/${{ matrix.ref }}/libspdm-${{ matrix.ref }}.patch
+          git submodule update --init --recursive
+          # Silence cmake version warnings
+          find -name CMakeLists.txt -exec sed -i 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.10)/g' {} \;
+          mkdir build
+          cd build
+          cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=wolfssl -DENABLE_BINARY_BUILD=1 \
+            -DCOMPILED_LIBWOLFSSL_PATH=$GITHUB_WORKSPACE/build-dir/lib/libwolfssl.a \
+            -DWOLFSSL_INCDIR=$GITHUB_WORKSPACE/build-dir/include ..
+          make -j
+          cd ../unit_test/sample_key
+          ../../build/bin/test_crypt
+          ../../build/bin/test_spdm_secured_message
+          ../../build/bin/test_spdm_crypt

.github/workflows/libssh2.yml

@@ -0,0 +1,77 @@
+name: libssh2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          check: false # config is already tested in many other PRB's
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir.tgz
+          retention-days: 5
+
+  libssh2_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.11.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libssh2
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Build and test libssh2
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: libssh2/libssh2
+          ref: libssh2-${{ matrix.ref }}
+          path: libssh2
+          configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
+          check: true
+
+      - name: Confirm libssh2 built with wolfSSL
+        run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: tail -n +1 libssh2/tests/*.log

.github/workflows/libvncserver.yml

@@ -0,0 +1,86 @@
+name: libvncserver Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libvncserver
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_libvncserver:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 0.9.13, 0.9.14 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libvncserver
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout libvncserver
+        uses: actions/checkout@v4
+        with:
+          repository: LibVNC/libvncserver
+          path: libvncserver
+          ref: LibVNCServer-${{ matrix.ref }}
+
+      - name: Build libvncserver
+        working-directory: libvncserver
+        run: |
+          patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
+            cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
+          make -j -C build VERBOSE=1
+          ldd build/libvncclient.so | grep wolfssl
+          ldd build/libvncserver.so | grep wolfssl
+
+      - name: Run libvncserver tests
+        working-directory: libvncserver
+        run: make -C build test

.github/workflows/macos-check.yml

@@ -1,28 +0,0 @@
-name: macOS Build Test
-
-on:
-  push:
-    branches: [ '*' ]
-  pull_request:
-    branches: [ '*' ]
-
-jobs:
-  build:
-
-    runs-on: macos-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: brew
-      run: brew install automake libtool
-    - name: autogen
-      run: ./autogen.sh
-    - name: configure
-      run: ./configure
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck
-

.github/workflows/mbedtls.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+# Basic TLS test
+./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2
+env -C wolfssl ./examples/client/client -p 4433 -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+
+# Basic DTLS test
+./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+env -C wolfssl ./examples/client/client -p 4433 -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1
+kill $SERVER_PID
+sleep 0.1
+
+# DTLS 1.2 CID test
+./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323  # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
+env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1

.github/workflows/mbedtls.yml

@@ -0,0 +1,86 @@
+name: mbedtls interop Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  MBED_REF: v3.6.2
+
+jobs:
+  build_mbedtls:
+    name: Build mbedtls
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have mbed in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: mbedtls
+          key: mbedtls-${{ env.MBED_REF }}
+          lookup-only: true
+
+      - name: Checkout mbedtls
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: Mbed-TLS/mbedtls
+          ref: ${{ env.MBED_REF }}
+          path: mbedtls
+
+      - name: Compile mbedtls
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: mbedtls
+        run: |
+          git submodule update --init
+          mkdir build
+          cd build
+          cmake ..
+          make -j
+          # convert key to pem format
+          openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
+          openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
+
+  mbedtls_test:
+    name: Test interop with mbedtls
+    runs-on: ubuntu-latest
+    needs: build_mbedtls
+    timeout-minutes: 10
+    if: github.repository_owner == 'wolfssl'
+    steps:
+      - name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
+        run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
+
+      - name: Checking if we have mbed in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: mbedtls
+          key: mbedtls-${{ env.MBED_REF }}
+          fail-on-cache-miss: true
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-dtls --enable-dtlscid
+          install: false
+          check: false
+
+      - name: Test interop
+        run: bash wolfssl/.github/workflows/mbedtls.sh
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: cat /tmp/server.log

.github/workflows/memcached.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+if [ -z "$GITHUB_WORKSPACE" ]; then
+    echo '$GITHUB_WORKSPACE is not set'
+    exit 1
+fi
+
+if [ -z "$HOST_ROOT" ]; then
+    echo '$HOST_ROOT is not set'
+    exit 1
+fi
+
+chroot $HOST_ROOT make -C $GITHUB_WORKSPACE/memcached \
+    -j$(nproc) PARALLEL=$(nproc) test_tls

.github/workflows/memcached.yml

@@ -0,0 +1,123 @@
+name: memcached Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-memcached
+          install: true
+
+      - name: Bundle Docker entry point
+        run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-memcached
+          path: build-dir.tgz
+          retention-days: 5
+
+  memcached_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 1.6.22
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-memcached
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
+
+      - name: Checkout memcached
+        uses: actions/checkout@v4
+        with:
+          repository: memcached/memcached
+          ref: 1.6.22
+          path: memcached
+
+      - name: Configure and build memcached
+        run: |
+            cd $GITHUB_WORKSPACE/memcached/
+            patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.22.patch
+            ./autogen.sh
+            export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+            PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig ./configure --enable-wolfssl
+            make -j$(nproc)
+
+      - name: Confirm memcached built with wolfSSL
+        working-directory: ./memcached
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ldd memcached | grep wolfssl
+
+      - name: Run memcached tests
+        working-directory: ./memcached
+        run: |
+          # Retry up to three times
+          # Using docker because interrupting the tests doesn't close running
+          # background servers. They can become daemonized and then all re-runs
+          # will always fail.
+          chmod +x $GITHUB_WORKSPACE/build-dir/bin/memcached.sh
+          for i in {1..3}; do
+            echo "-------- RUNNING TESTS --------"
+            MEMCACHED_RES=0 # Not set when command succeeds
+            # Tests should usually take less than 4 minutes. If already taking
+            # 5 minutes then they are probably stuck. Interrupt and re-run.
+            time timeout -s SIGKILL 5m docker run -v /:/host \
+              -v $GITHUB_WORKSPACE/build-dir/bin/memcached.sh:/memcached.sh \
+              -e GITHUB_WORKSPACE=$GITHUB_WORKSPACE \
+              -e HOST_ROOT=/host \
+              -e LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH \
+              alpine:latest /memcached.sh || MEMCACHED_RES=$?
+
+            if [ "$MEMCACHED_RES" -eq "0" ]; then
+              break
+            fi
+          done
+          echo "test ran $i times"
+          if [ "$MEMCACHED_RES" -ne "0" ]; then
+            exit $MEMCACHED_RES
+          fi

.github/workflows/mosquitto.yml

@@ -0,0 +1,105 @@
+name: mosquitto Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+          path: build-dir.tgz
+          retention-days: 5
+
+  mosquitto_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 2.0.18 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
+
+      - name: Checkout mosquitto
+        uses: actions/checkout@v4
+        with:
+          repository: eclipse/mosquitto
+          ref: v${{ matrix.ref }}
+          path: mosquitto
+
+      - name: Update certs
+        run: |
+            cd $GITHUB_WORKSPACE/mosquitto/test/ssl
+            ./gen.sh
+            cat all-ca.crt >> server.crt
+
+      - name: Configure and build mosquitto
+        run: |
+            cd $GITHUB_WORKSPACE/mosquitto/
+            patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
+
+      - name: Run mosquitto tests
+        working-directory: ./mosquitto
+        run: |
+          # Retry up to five times
+          for i in {1..5}; do
+            TEST_RES=0
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
+            if [ "$TEST_RES" -eq "0" ]; then
+              break
+            fi
+          done
+          if [ "$TEST_RES" -ne "0" ]; then
+            exit $TEST_RES
+          fi

.github/workflows/multi-arch.yml

@@ -0,0 +1,64 @@
+name: Multiple architectures
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  my_matrix:
+    name: Multi-arch test
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - HOST: aarch64-linux-gnu
+            CC: aarch64-linux-gnu-gcc
+            ARCH: arm64
+            EXTRA_OPTS: --enable-sp-asm --enable-armasm
+          - HOST: arm-linux-gnueabihf
+            CC: arm-linux-gnueabihf-gcc
+            ARCH: armhf
+            EXTRA_OPTS: --enable-sp-asm
+          - HOST: riscv64-linux-gnu
+            CC: riscv64-linux-gnu-gcc
+            ARCH: riscv64
+          # Config to ensure CPUs without Thumb instructions compiles
+          - HOST: arm-linux-gnueabi
+            CC: arm-linux-gnueabi-gcc
+            CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
+            ARCH: armel
+            EXTRA_OPTS: --enable-sp-asm
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Install Compiler
+        run: |
+          sudo apt update
+          sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
+      - uses: actions/checkout@v4
+      - name: Build
+        env:
+            CC: ${{ matrix.CC }}
+            CFLAGS: ${{ matrix.CFLAGS }}
+            QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
+        run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          if [ -f config.log ] ; then
+            cat config.log
+          fi
+      - name: Run WolfCrypt Tests
+        env:
+            QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
+        run: ./wolfcrypt/test/testwolfcrypt

.github/workflows/multi-compiler.yml

@@ -0,0 +1,65 @@
+name: Multiple compilers and versions
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  my_matrix:
+    name: Compiler test
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - CC: gcc-9
+            CXX: g++-9
+            OS: ubuntu-22.04
+          - CC: gcc-10
+            CXX: g++-10
+            OS: ubuntu-22.04
+          - CC: gcc-11
+            CXX: g++-11
+            OS: ubuntu-22.04
+          - CC: gcc-12
+            CXX: g++-12
+            OS: ubuntu-22.04
+          - CC: clang-10
+            CXX: clang++-10
+            OS: ubuntu-20.04
+          - CC: clang-11
+            CXX: clang++-11
+            OS: ubuntu-20.04
+          - CC: clang-12
+            CXX: clang++-12
+            OS: ubuntu-20.04
+          - CC: clang-13
+            CXX: clang++-13
+            OS: ubuntu-22.04
+          - CC: clang-14
+            CXX: clang++-14
+            OS: ubuntu-22.04
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ${{ matrix.OS }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
+      - uses: actions/checkout@v4
+      - name: Build
+        env:
+            CC: ${{ matrix.CC }}
+            CXX: ${{ matrix.CXX }}
+        run: ./autogen.sh && ./configure && make && make dist
+      - name: Show log on errors
+        if: ${{ failure() }}
+        run: |
+            cat config.log

.github/workflows/net-snmp.yml

@@ -0,0 +1,84 @@
+name: net-snmp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-net-snmp
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-net-snmp
+          path: build-dir.tgz
+          retention-days: 5
+
+  net-snmp_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 5.9.3
+            test_opts: -e 'agentxperl'
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-net-snmp
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build net-snmp
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: net-snmp/net-snmp
+          ref: v${{ matrix.ref }}
+          path: net-snmp
+          patch-file: $GITHUB_WORKSPACE/osp/net-snmp/${{ matrix.ref }}.patch
+          configure: --disable-shared --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          check: false
+
+      - name: Run net-snmp tests
+        working-directory: net-snmp
+        run: |
+          autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version
+          make -j test TESTOPTS="${{ matrix.test_opts }}"

.github/workflows/nginx.yml

@@ -0,0 +1,226 @@
+name: nginx Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          # We don't use --enable-debug since it makes the logs too loud
+          echo "wolf_debug_flags= CFLAGS='-g3 -O0'" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-nginx ${{ env.wolf_debug_flags }}
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-nginx
+          path: build-dir.tgz
+          retention-days: 5
+
+  nginx_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # in general we want to pass all tests that match *ssl*
+          - ref: 1.25.0
+            test-ref: 5b2894ea1afd01a26c589ce11f310df118e42592
+            # Following tests pass with sanitizer on
+            sanitize-ok: >-
+              h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
+              mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t
+              mail_ssl.t proxy_ssl_certificate_empty.t proxy_ssl_certificate.t
+              proxy_ssl_certificate_vars.t proxy_ssl_conf_command.t proxy_ssl_name.t
+              ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
+              ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t
+              ssl_crl.t ssl_curve.t ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t
+              ssl_proxy_protocol.t ssl_proxy_upgrade.t ssl_reject_handshake.t
+              ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni_reneg.t
+              ssl_sni_sessions.t ssl_sni.t ssl_stapling.t ssl.t ssl_verify_client.t
+              ssl_verify_depth.t stream_proxy_ssl_certificate.t stream_proxy_ssl_certificate_vars.t
+              stream_proxy_ssl_conf_command.t stream_proxy_ssl_name_complex.t
+              stream_proxy_ssl_name.t stream_ssl_certificate.t stream_ssl_conf_command.t
+              stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t stream_ssl_preread.t
+              stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t stream_ssl_variables.t
+              stream_ssl_verify_client.t stream_upstream_zone_ssl.t upstream_zone_ssl.t
+              uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t uwsgi_ssl.t
+              uwsgi_ssl_verify.t
+            # Following tests do not pass with sanitizer on (with OpenSSL too)
+            sanitize-not-ok: >-
+              grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
+              proxy_request_buffering_ssl.t proxy_ssl_keepalive.t proxy_ssl.t
+              proxy_ssl_verify.t stream_proxy_protocol_ssl.t stream_proxy_ssl.t
+              stream_proxy_ssl_verify.t stream_ssl_alpn.t
+          - ref: 1.24.0
+            test-ref: 212d9d003886e3a24542855fb60355a417f037de
+            # Following tests pass with sanitizer on
+            sanitize-ok: >-
+              h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
+              mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t mail_ssl.t
+              proxy_ssl_certificate_empty.t proxy_ssl_certificate.t proxy_ssl_certificate_vars.t
+              proxy_ssl_name.t ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
+              ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t ssl_crl.t
+              ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t ssl_proxy_protocol.t
+              ssl_proxy_upgrade.t ssl_reject_handshake.t ssl_session_reuse.t
+              ssl_session_ticket_key.t ssl_sni_reneg.t ssl_sni_sessions.t ssl_sni.t
+              ssl_stapling.t ssl.t ssl_verify_client.t stream_proxy_ssl_certificate.t
+              stream_proxy_ssl_certificate_vars.t stream_proxy_ssl_name_complex.t
+              stream_proxy_ssl_name.t stream_ssl_alpn.t stream_ssl_certificate.t
+              stream_ssl_conf_command.t stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t
+              stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
+              stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
+              upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
+              uwsgi_ssl.t uwsgi_ssl_verify.t
+            # Following tests do not pass with sanitizer on (with OpenSSL too)
+            sanitize-not-ok: >-
+              grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
+              proxy_request_buffering_ssl.t proxy_ssl_conf_command.t proxy_ssl_keepalive.t
+              proxy_ssl.t proxy_ssl_verify.t ssl_curve.t ssl_verify_depth.t
+              stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
+              stream_proxy_ssl_verify.t
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-nginx
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
+
+      - name: Checkout wolfssl-nginx
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/wolfssl-nginx
+          path: wolfssl-nginx
+
+      - name: Checkout nginx
+        uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx
+          path: nginx
+          ref: release-${{ matrix.ref }}
+
+      - name: Apply nginx patch
+        working-directory: nginx
+        run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl.patch
+
+      - if: ${{ runner.debug }}
+        name: Apply nginx debug patch
+        working-directory: nginx
+        run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
+
+      - name: Checkout nginx-tests
+        uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx-tests
+          path: nginx-tests
+          ref: ${{ matrix.test-ref }}
+
+      - name: Apply nginx-tests patch
+        working-directory: nginx-tests
+        run: patch -p1 < ../wolfssl-nginx/nginx-tests-patches/*${{ matrix.test-ref }}.patch
+
+      - name: Build nginx without sanitizer
+        working-directory: nginx
+        run: |
+          ./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
+            --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
+            --with-http_v2_module --with-mail --with-mail_ssl_module
+          make -j
+
+      - name: Confirm nginx built with wolfSSL
+        working-directory: nginx
+        run: ldd objs/nginx | grep wolfssl
+
+      - if: ${{ runner.debug }}
+        name: Run nginx-tests without sanitizer (debug)
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+            TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
+            TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-not-ok }}
+
+      - if: ${{ !runner.debug }}
+        name: Run nginx-tests without sanitizer
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+            TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
+            prove ${{ matrix.sanitize-not-ok }}
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "nginx_c_flags=-O0" >> $GITHUB_ENV
+
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - name: Build nginx with sanitizer
+        working-directory: nginx
+        run: |
+          ./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
+            --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
+            --with-http_v2_module --with-mail --with-mail_ssl_module \
+            --with-cc-opt='-fsanitize=address -DNGX_DEBUG_PALLOC=1 -g3 ${{ env.nginx_c_flags }}' \
+            --with-ld-opt='-fsanitize=address ${{ env.nginx_c_flags }}'
+          make -j
+
+      - name: Confirm nginx built with wolfSSL
+        working-directory: nginx
+        run: ldd objs/nginx | grep wolfssl
+
+      - if: ${{ runner.debug }}
+        name: Run nginx-tests with sanitizer (debug)
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+          TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
+          TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-ok }}
+
+      - if: ${{ !runner.debug }}
+        name: Run nginx-tests with sanitizer
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+            TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
+            prove ${{ matrix.sanitize-ok }}
+

.github/workflows/no-malloc.yml

@@ -0,0 +1,44 @@
+name: No Malloc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make
+          ./wolfcrypt/test/testwolfcrypt
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi

.github/workflows/nss.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+# Setup nss cert db
+mkdir nssdb
+./dist/Debug/bin/certutil -d nssdb -N --empty-password
+./dist/Debug/bin/certutil -d nssdb  -A -a -i  wolfssl/certs/test/server-localhost.pem \
+    -t TCP -n 'wolf localhost'
+
+# App data for nss
+echo Hello from nss > /tmp/in
+
+# TLS 1.3 test
+env -C wolfssl ./examples/server/server -v 4 -p 4433 \
+    -c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
+sleep 0.1
+./dist/Debug/bin/tstclnt -V tls1.3: -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
+sleep 0.1
+
+# DTLS 1.3 test
+env -C wolfssl ./examples/server/server -v 4 -p 4433 -u \
+    -c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
+sleep 0.1
+./dist/Debug/bin/tstclnt -V tls1.3: -P client -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
+sleep 0.1

.github/workflows/nss.yml

@@ -0,0 +1,89 @@
+name: nss interop Tests
+
+### TODO uncomment stuff
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  NSS_REF: NSS_3_107_RTM
+
+jobs:
+  build_nss:
+    name: Build nss
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    steps:
+      - name: Checking if we have nss in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: dist
+          key: nss-${{ env.NSS_REF }}
+          lookup-only: true
+
+      - name: Install dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y gyp ninja-build
+
+      - name: Checkout nss
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: nss-dev/nss
+          ref: ${{ env.NSS_REF }}
+          path: nss
+
+      - name: Compile nss
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          hg clone https://hg.mozilla.org/projects/nspr
+          cd nss
+          ./build.sh
+
+  nss_test:
+    name: Test interop with nss
+    runs-on: ubuntu-22.04
+    needs: build_nss
+    timeout-minutes: 10
+    if: github.repository_owner == 'wolfssl'
+    steps:
+      - name: Checking if we have nss in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: dist
+          key: nss-${{ env.NSS_REF }}
+          fail-on-cache-miss: true
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-dtls --enable-dtls13
+          install: false
+          check: false
+
+      - name: Test interop
+        run: bash wolfssl/.github/workflows/nss.sh
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: |
+          cat /tmp/server.log

.github/workflows/ntp.yml

@@ -0,0 +1,93 @@
+name: ntp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-ntp
+          path: build-dir.tgz
+          retention-days: 5
+
+  ntp_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 4.2.8p15, 4.2.8p17 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-ntp
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      # Avoid DoS'ing ntp site so cache the tar.gz
+      - name: Check if we have ntp
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: ntp-${{ matrix.ref }}.tar.gz
+          key: ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Download ntp
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Extract ntp
+        run: |
+          tar -xf ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Build and test ntp
+        working-directory: ntp-${{ matrix.ref }}
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch
+          ./bootstrap
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          make -j
+          make -j check

.github/workflows/ocsp.yml

@@ -0,0 +1,38 @@
+name: OCSP Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  ocsp_stapling:
+    name: ocsp stapling
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+
+      - name: Build wolfSSL
+        run: autoreconf -ivf && ./configure --enable-ocsp --enable-ocspstapling && make
+
+      - name: Start OCSP responder 1
+        run: openssl ocsp -port 22221 -ndays 1000 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem &
+
+      - name: Start OCSP responder 2
+        run: openssl ocsp -port 22220 -ndays 1000 -index certs/ocsp/index-ca-and-intermediate-cas.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/root-ca-cert.pem &
+
+      - name: Start TLS server
+        run: ./examples/server/server -p 11111 -c ./certs/ocsp/server1-cert.pem -k ./certs/ocsp/server1-key.pem -d &
+
+      - name: Test Look Up
+        run: ./examples/client/client -A ./certs/ocsp/root-ca-cert.pem -o

.github/workflows/openldap.yml

@@ -0,0 +1,91 @@
+name: openldap Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openldap
+          path: build-dir.tgz
+          retention-days: 5
+
+  openldap_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # List of releases to test
+          - osp_ref: 2.5.13
+            git_ref: OPENLDAP_REL_ENG_2_5_13
+          - osp_ref: 2.6.7
+            git_ref: OPENLDAP_REL_ENG_2_6_7
+    name: ${{ matrix.osp_ref }}
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openldap
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout openldap
+        uses: actions/checkout@v4
+        with:
+          repository: openldap/openldap
+          path: openldap
+          ref: ${{ matrix.git_ref }}
+
+      - name: Build and test OpenLDAP
+        working-directory: openldap
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
+          rm aclocal.m4
+          autoreconf -ivf
+          ./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
+            CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
+              -I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
+              -L$GITHUB_WORKSPACE/build-dir/lib"
+          make -j depend
+          make -j
+          make -j check

.github/workflows/openssh.yml

@@ -0,0 +1,84 @@
+name: openssh Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-openssh --enable-dsa --with-max-rsa-bits=8192
+            --enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir.tgz
+          retention-days: 5
+
+  openssh_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - git_ref: 'V_9_6_P1'
+            osp_ver: '9.6'
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openssh
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test openssh
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: openssh/openssh-portable
+          ref: ${{ matrix.git_ref }}
+          path: openssh
+          patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
+          check: false
+
+      # make tests take >20 minutes. Consider limiting?
+      - name: Run tests
+        working-directory: ./openssh
+        run: |
+          # Run all the tests except (t-exec) as it takes too long
+          make file-tests interop-tests extra-tests unit

.github/workflows/opensslcoexist.yml

@@ -0,0 +1,50 @@
+name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic"',
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -DTEST_OPENSSL_COEXIST"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
+        run: |
+          ./autogen.sh || $(exit 2)
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in config.log scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done

.github/workflows/openvpn.yml

@@ -0,0 +1,93 @@
+name: OpenVPN Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-openvpn
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openvpn
+          path: build-dir.tgz
+          retention-days: 5
+
+  openvpn_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of refs to test
+        ref: [ release/2.6, master ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openvpn
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
+                     linux-libc-dev man2html libcmocka-dev python3-docutils \
+                     libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
+
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - if: ${{ matrix.ref != 'master' }}
+        name: Build and test openvpn with fsanitize
+        run: |
+          echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
+
+      - name: Build and test openvpn
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: OpenVPN/openvpn
+          ref: ${{ matrix.ref }}
+          path: openvpn
+          configure: >-
+            --with-crypto-library=wolfssl
+            WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl"
+            WOLFSSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl"
+            ${{ env.extra_c_flags }}
+          check: true
+
+      - name: Confirm OpenVPN built with wolfSSL
+        working-directory: ./openvpn
+        run: ldd src/openvpn/openvpn | grep wolfssl

.github/workflows/os-check.yml

@@ -0,0 +1,171 @@
+name: Ubuntu-Macos-Windows Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-22.04, macos-latest ]
+        config: [
+          # Add new configs here
+          '',
+          '--enable-all --enable-asn=template',
+          '--enable-all --enable-asn=original',
+          '--enable-harden-tls',
+          '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
+             --enable-opensslextra --enable-sessioncerts
+             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
+             -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
+          '--enable-all --enable-secure-renegotiation',
+          '--enable-all --enable-haproxy --enable-quic',
+          '--enable-dtls --enable-dtls13 --enable-earlydata
+             --enable-session-ticket --enable-psk
+             CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
+          '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
+             --enable-dtls-frag-ch',
+          '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
+          '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
+           --enable-dtls-mtu',
+          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
+            --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
+          '--enable-ascon --enable-experimental',
+          '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+      - name: Build and test wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: ${{ matrix.config }}
+          check: true
+
+  make_user_settings:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-22.04, macos-latest ]
+        user-settings: [
+          # Add new user_settings.h here
+          'examples/configs/user_settings_all.h',
+        ]
+    name: make user_setting.h
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+      - name: Build and test wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: --enable-usersettings
+          check: true
+          user-settings: ${{ matrix.user-settings }}
+
+  make_user_settings_testwolfcrypt:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-22.04, macos-latest ]
+        user-settings: [
+          # Add new user_settings.h here
+          'examples/configs/user_settings_eccnonblock.h',
+          'examples/configs/user_settings_min_ecc.h',
+          'examples/configs/user_settings_wolfboot_keytools.h',
+          'examples/configs/user_settings_wolftpm.h',
+          'examples/configs/user_settings_wolfssh.h',
+          'examples/configs/user_settings_tls12.h',
+        ]
+    name: make user_setting.h (testwolfcrypt only)
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+      - name: Build and test wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: --enable-usersettings --disable-examples
+          check: false
+          user-settings: ${{ matrix.user-settings }}
+
+      - name: Run wolfcrypt/test/testwolfcrypt
+        run: ./wolfcrypt/test/testwolfcrypt
+
+  # Has to be dedicated function due to the sed call
+  make_user_all:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-22.04, macos-latest ]
+    name: make user_setting.h (with sed)
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+    - uses: actions/checkout@v4
+    - if: ${{ matrix.os == 'macos-latest' }}
+      run: brew install automake libtool
+    - run: ./autogen.sh
+    - name: user_settings_all.h with compatibility layer
+      run: |
+        cp ./examples/configs/user_settings_all.h user_settings.h
+        sed -i -e "s/if 0/if 1/" user_settings.h
+        ./configure --enable-usersettings
+        make
+        make check
+
+  windows_build:
+    name: Windows Build Test
+    if: github.repository_owner == 'wolfssl'
+    runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [ x64, Win32, ARM64 ]
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl64.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Release
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Add MSBuild to PATH
+      uses: microsoft/setup-msbuild@v2
+
+    - name: Restore NuGet packages
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: nuget restore ${{env.SOLUTION_FILE_PATH}}
+
+    - name: Build
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      # Add additional options to the MSBuild command line here (like platform or verbosity level).
+      # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+    - if: ${{ matrix.arch != 'ARM64' }}
+      name: Run Test
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: Release/${{matrix.arch}}/testsuite.exe

.github/workflows/packaging.yml

@@ -0,0 +1,57 @@
+name: Packaging Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Package wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+
+      - name: Configure wolfSSL
+        run: |
+          autoreconf -ivf
+          ./configure --enable-distro --enable-all \
+            --disable-openssl-compatible-defaults --enable-intelasm \
+            --enable-dtls13 --enable-dtls-mtu \
+            --enable-sp-asm --disable-examples --disable-silent-rules
+
+      - name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
+        run: |
+          ! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h
+
+      - name: Build wolfSSL .deb
+        run: make deb-docker
+
+# disabled 20240919 -- broken target.
+#      - name: Build wolfSSL .rpm
+#        run: make rpm-docker
+
+      - name: Confirm packages built
+        run: |
+          DEB_COUNT=$(find -name 'libwolfssl*.deb' | wc -l)
+          if [ "$DEB_COUNT" != "2" ]; then
+            echo Did not find exactly two deb packages!!!
+            exit 1
+          fi
+# disabled 20240919 -- broken target.
+#          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
+#          if [ "$RPM_COUNT" != "4" ]; then
+#            echo Did not find exactly four rpm packages!!!
+#            exit 1
+#          fi

.github/workflows/pam-ipmi.yml

@@ -0,0 +1,92 @@
+name: pam-ipmi Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-pam-ipmi
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_pam-ipmi:
+    strategy:
+      fail-fast: false
+      matrix:
+        git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
+    name: ${{ matrix.git_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install libpam-dev ninja-build meson
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-pam-ipmi
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout pam-ipmi
+        uses: actions/checkout@v4
+        with:
+          repository: openbmc/pam-ipmi
+          path: pam-ipmi
+          ref: ${{ matrix.git_ref }}
+
+      - name: Build pam-ipmi
+        working-directory: pam-ipmi
+        run: |
+          patch -p1 < ../osp/pam-ipmi/*-${{ matrix.git_ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig meson setup build
+          ninja -C build
+
+      - name: Confirm built with wolfSSL
+        working-directory: pam-ipmi
+        run: |
+          ldd ./build/src/pam_ipmisave/pam_ipmisave.so | grep wolfssl

.github/workflows/pq-all.yml

@@ -0,0 +1,49 @@
+name: Quantum Resistant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done

.github/workflows/rng-tools.yml

@@ -0,0 +1,116 @@
+name: rng-tools Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-rng-tools
+          path: build-dir.tgz
+          retention-days: 5
+
+  rng-tools_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 6.16 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-rng-tools
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout jitterentropy-library
+        uses: actions/checkout@v4
+        with:
+          repository: smuellerDD/jitterentropy-library
+          path: jitterentropy-library
+          ref: v3.5.0
+
+      - name: Build jitterentropy-library
+        working-directory: jitterentropy-library
+        run: make -j
+
+      - name: Build rng-tools
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: nhorman/rng-tools
+          ref: v${{ matrix.ref }}
+          path: rng-tools
+          patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch
+          configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          check: false
+
+      - name: Testing rng-tools
+        id: testing
+        working-directory: rng-tools
+        run: |
+          # Retry up to five times
+          for i in {1..5}; do
+            TEST_RES=0
+            LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$?
+            if [ "$TEST_RES" -eq "0" ]; then
+               break
+            fi
+          done
+          if [ "$TEST_RES" -ne "0" ]; then
+            exit $TEST_RES
+          fi
+
+      - name: Print logs
+        if: ${{ failure() && steps.testing.outcome == 'failure' }}
+        working-directory: rng-tools/tests
+        run: cat test-suite.log

.github/workflows/socat.yml

@@ -0,0 +1,81 @@
+name: socat Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-socat
+          path: build-dir.tgz
+          retention-days: 5
+
+
+  socat_check:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    needs: build_wolfssl
+    steps:
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-socat
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Download socat
+        run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build socat
+        working-directory: ./socat-1.8.0.0
+        run: |
+          patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
+          autoreconf -vfi
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4
+          make
+
+      - name: Run socat tests
+        working-directory: ./socat-1.8.0.0
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          export SHELL=/bin/bash
+          SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530

.github/workflows/softhsm.yml

@@ -0,0 +1,94 @@
+name: SoftHSMv2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-softhsm
+          path: build-dir.tgz
+          retention-days: 5
+
+  softhsm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.6.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcppunit-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-softhsm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout SoftHSMv2
+        uses: actions/checkout@v4
+        with:
+          repository: opendnssec/SoftHSMv2
+          path: softhsm
+          ref: ${{ matrix.ref }}
+
+      # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
+      - name: Build softhsm
+        working-directory: softhsm
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
+          autoreconf -if
+          ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          make -j
+
+      - name: Test softhsm
+        working-directory: softhsm
+        run: make -j check

.github/workflows/sssd.yml

@@ -0,0 +1,99 @@
+name: sssd Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    if: github.repository_owner == 'wolfssl'
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-sssd
+          path: build-dir.tgz
+          retention-days: 5
+
+  sssd_check:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.9.1 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-22.04
+    container:
+      image: quay.io/sssd/ci-client-devel:ubuntu-latest
+      env:
+        LD_LIBRARY_PATH: /usr/local/lib
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
+
+      - name: Setup env
+        run: |
+          ln -s samba-4.0/ldb.h /usr/include/ldb.h
+          ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
+          ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
+          ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
+          ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-sssd
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test sssd
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: SSSD/sssd
+          ref: ${{ matrix.ref }}
+          path: sssd
+          patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
+          configure: >-
+            --without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
+            --without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          check: true
+

.github/workflows/stunnel.yml

@@ -0,0 +1,81 @@
+name: stunnel Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-stunnel
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-stunnel
+          path: build-dir.tgz
+          retention-days: 5
+
+  stunnel_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 5.67 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-stunnel
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test stunnel
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: mtrojnar/stunnel
+          ref: stunnel-${{ matrix.ref }}
+          path: stunnel
+          patch-file: $GITHUB_WORKSPACE/osp/stunnel/${{ matrix.ref }}/stunnel-${{ matrix.ref }}.patch
+          configure: --enable-wolfssl SSLDIR=$GITHUB_WORKSPACE/build-dir
+          check: true
+
+      - name: Confirm stunnel built with wolfSSL
+        working-directory: ./stunnel
+        run: ldd src/stunnel | grep wolfssl
+

.github/workflows/ubuntu-check.yml

@@ -1,26 +0,0 @@
-name: Ubuntu Build Test
-
-on:
-  push:
-    branches: [ '*' ]
-  pull_request:
-    branches: [ '*' ]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: autogen
-      run: ./autogen.sh
-    - name: configure
-      run: ./configure
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck
-

.github/workflows/watcomc.yml

@@ -0,0 +1,84 @@
+name: Build Watcom C
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  wolfssl_watcomc_windows:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        common:
+          - cmake:    '-G "Watcom WMake" -DCMAKE_VERBOSE_MAKEFILE=TRUE -DWOLFSSL_ASM=no -DWOLFSSL_EXAMPLES=no -DWOLFSSL_CRYPT_TESTS=no'
+        platform:
+          - title:   'Windows OW 2.0'
+            system:   'Windows'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'win32ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'Linux OW 2.0'
+            system:   'Linux'
+            image:    'ubuntu-latest'
+            owimage:  '2.0'
+            id:       'linuxow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'OS/2 OW 2.0'
+            system:   'OS2'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'os2ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=OS2 -DCMAKE_SYSTEM_PROCESSOR=x86'
+        thread:
+          - id:       'multi'
+            cmake:    ''
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=MultiThreaded'
+          - id:       'single'
+            cmake:    '-DWOLFSSL_SINGLE_THREADED=yes'
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=SingleThreaded'
+        library:
+          - id:       'dll'
+            cmake:    ''
+            owcmake:  'DLL'
+          - id:       'static'
+            cmake:    '-DBUILD_SHARED_LIBS=no'
+            owcmake:  ''
+        exclude:
+          - { platform: { system: 'Linux' }, library: { id: 'dll' } }
+    runs-on: ${{ matrix.platform.image }}
+    name: ${{ matrix.platform.title }} (${{ matrix.thread.id }} ${{ matrix.library.id }})
+    steps:
+      - name: Setup Open Watcom ${{ matrix.platform.owimage }}
+        uses: open-watcom/setup-watcom@v0
+        with:
+          version: ${{ matrix.platform.owimage }}
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Build wolfSSL
+        working-directory: wolfssl
+        shell: bash
+        run: |
+          cmake -B build ${{matrix.common.cmake}} ${{ matrix.platform.cmake }} ${{ matrix.thread.cmake }} ${{ matrix.library.cmake }} ${{ matrix.thread.owcmake }}${{ matrix.library.owcmake }}
+          cmake --build build
+
+      - name: Upload build errors
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.platform.id }}-${{ matrix.thread.id }}-${{ matrix.library.id }}
+          path: |
+            build/**

.github/workflows/win-csharp-test.yml

@@ -0,0 +1,58 @@
+name: Windows CSharp Build Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    if: github.repository_owner == 'wolfssl'
+    runs-on: windows-latest
+
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Debug
+      BUILD_PLATFORM: x64
+
+    steps:
+        - name: Pull wolfssl
+          uses: actions/checkout@master
+          with:
+            repository: wolfssl/wolfssl
+            path: wolfssl
+
+        - name: Create FIPS stub files (autogen)
+          working-directory: wolfssl
+          run: |
+            echo $null >> wolfcrypt\src\fips.c
+            echo $null >> wolfcrypt\src\fips_test.c
+            echo $null >> wolfcrypt\src\wolfcrypt_first.c
+            echo $null >> wolfcrypt\src\wolfcrypt_last.c
+
+        - name: Add MSBuild to PATH
+          uses: microsoft/setup-msbuild@v1
+
+        - name: Build
+          working-directory: ${{env.GITHUB_WORKSPACE}}
+          # Add additional options to the MSBuild command line here (like platform or verbosity level).
+          # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+          run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+        - name: Run wolfCrypt test
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfCrypt-test.exe
+
+        - name: Run wolfSSL client/server example
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe

.github/workflows/windows-check.yml

@@ -1,38 +0,0 @@
-name: Windows Build Test
-
-on:
-  push:
-    branches: [ '*' ]
-  pull_request:
-    branches: [ '*' ]
-
-env:
-  # Path to the solution file relative to the root of the project.
-  SOLUTION_FILE_PATH: wolfssl64.sln
-
-  # Configuration type to build.
-  # You can convert this to a build matrix if you need coverage of multiple configuration types.
-  # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
-  BUILD_CONFIGURATION: Release
-  BUILD_PLATFORM: x64
-
-jobs:
-  build:
-    runs-on: windows-latest
-
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Add MSBuild to PATH
-      uses: microsoft/setup-msbuild@v1
-
-    - name: Restore NuGet packages
-      working-directory: ${{env.GITHUB_WORKSPACE}}
-      run: nuget restore ${{env.SOLUTION_FILE_PATH}}
-
-    - name: Build
-      working-directory: ${{env.GITHUB_WORKSPACE}}
-      # Add additional options to the MSBuild command line here (like platform or verbosity level).
-      # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
-      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
-

.github/workflows/wolfCrypt-Wconversion.yml

@@ -0,0 +1,41 @@
+name: wolfCrypt conversion warnings
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_library:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
+        ]
+    name: build library
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Build wolfCrypt with extra type conversion warnings
+        run: |
+          ./autogen.sh || $(exit 2)
+          echo "running ./configure ${{ matrix.config }}"
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)

.github/workflows/zephyr.yml

@@ -0,0 +1,129 @@
+name: Zephyr tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  run_test:
+    name: Build and run
+    strategy:
+      fail-fast: false
+      matrix:
+        config:
+          - zephyr-ref: v3.4.0
+            zephyr-sdk: 0.16.1
+          - zephyr-ref: v3.5.0
+            zephyr-sdk: 0.16.3
+          - zephyr-ref: v2.7.4
+            zephyr-sdk: 0.16.3
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 25
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # most of the ci-base zephyr docker image packages
+          sudo apt-get install -y zip bridge-utils uml-utilities \
+            git cmake ninja-build gperf ccache dfu-util device-tree-compiler wget \
+            python3-dev python3-pip python3-setuptools python3-tk python3-wheel xz-utils file \
+            make gcc gcc-multilib g++-multilib libsdl2-dev libmagic1 \
+            autoconf automake bison build-essential ca-certificates cargo ccache chrpath cmake \
+            cpio device-tree-compiler dfu-util diffstat dos2unix doxygen file flex g++ gawk gcc \
+            gcovr git git-core gnupg gperf gtk-sharp2 help2man iproute2 lcov libcairo2-dev \
+            libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
+            libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
+            net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
+            python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
+            texinfo unzip wget ovmf xz-utils
+
+      - name: Install west
+        run: sudo pip install west
+
+      - name: Init west workspace
+        run: west init --mr ${{ matrix.config.zephyr-ref }} zephyr
+
+      - name: Update west.yml
+        working-directory: zephyr/zephyr
+        run: |
+          REF=$(echo '${{ github.ref }}' | sed -e 's/\//\\\//g')
+          sed -e 's/remotes:/remotes:\n    \- name: wolfssl\n      url\-base: https:\/\/github.com\/${{ github.repository_owner }}/' -i west.yml
+          sed -e "s/projects:/projects:\n    \- name: wolfssl\n      path: modules\/crypto\/wolfssl\n      remote: wolfssl\n      revision: $REF/" -i west.yml
+
+      - name: Update west workspace
+        working-directory: zephyr
+        run: west update -n -o=--depth=1
+
+      - name: Export zephyr
+        working-directory: zephyr
+        run: west zephyr-export
+
+      - name: Install pip dependencies
+        working-directory: zephyr
+        run: sudo pip install -r zephyr/scripts/requirements.txt
+
+      - name: Install zephyr SDK
+        run: |
+          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
+          ./setup.sh -h -c -t x86_64-zephyr-elf
+
+      - name: Fix options for 2.7.4
+        if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
+        working-directory: zephyr/modules/crypto/wolfssl
+        run: |
+          sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
+
+      - name: Run wolfssl test
+        id: wolfssl-test
+        working-directory: zephyr
+        run: |
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
+          rm -rf zephyr/twister-out
+
+      - name: Run wolfssl TLS sock test
+        # Results in a page fault that I can't trace
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
+        id: wolfssl-tls-sock
+        working-directory: zephyr
+        run: |
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
+          rm -rf zephyr/twister-out
+
+      - name: Run wolfssl TLS thread test
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
+        id: wolfssl-tls-thread
+        working-directory: zephyr
+        run: |
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
+          rm -rf zephyr/twister-out
+
+      - name: Zip failure logs
+        if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
+        run: |
+          zip -9 -r logs.zip zephyr/twister-out
+
+      - name: Upload failure logs
+        if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: zephyr-client-test-logs
+          path: logs.zip
+          retention-days: 5

.gitignore

@@ -10,6 +10,7 @@ ctaocrypt/src/src/
 *.cache
 .dirstamp
 *.user
+!*-VS2022.vcxproj.user
 configure
 config.*
 !cmake/config.in
@@ -64,6 +65,8 @@ ctaocrypt/benchmark/benchmark
 ctaocrypt/test/testctaocrypt
 wolfcrypt/benchmark/benchmark
 wolfcrypt/test/testwolfcrypt
+examples/async/async_client
+examples/async/async_server
 examples/benchmark/tls_bench
 examples/client/client
 examples/echoclient/echoclient
@@ -73,20 +76,26 @@ examples/sctp/sctp-server
 examples/sctp/sctp-server-dtls
 examples/sctp/sctp-client
 examples/sctp/sctp-client-dtls
+examples/asn1/asn1
+examples/pem/pem
 server_ready
 snifftest
 output
 mcapi/test
 testsuite/testsuite
-tests/unit
 testsuite/testsuite.test
-tests/unit.test
-tests/bio_write_test.txt
-tests/test-log-dump-to-file.txt
-test-write-dhparams.pem
 testsuite/*.der
 testsuite/*.pem
 testsuite/*.raw
+testsuite/*.obj
+testsuite/*.pdb
+testsuite/*.idb
+tests/unit
+tests/unit.test
+tests/bio_write_test.txt
+tests/test-log-dump-to-file.txt
+tests/cert_cache.tmp
+test-write-dhparams.pem
 cert.der
 cert.pem
 certecc.der
@@ -237,6 +246,7 @@ linuxkm/libwolfssl.mod.c
 linuxkm/libwolfssl.lds
 linuxkm/module_exports.c
 linuxkm/linuxkm/get_thread_size
+*.nds
 
 # autotools generated
 scripts/unit.test
@@ -281,23 +291,6 @@ mqx/wolfcrypt_benchmark/.settings
 mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
 mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
 
-# User Crypto example build
-wolfcrypt/user-crypto/aclocal.m4
-wolfcrypt/user-crypto/config.guess
-wolfcrypt/user-crypto/autom4te.cache
-wolfcrypt/user-crypto/config.log
-wolfcrypt/user-crypto/config.status
-wolfcrypt/user-crypto/config.sub
-wolfcrypt/user-crypto/depcomp
-wolfcrypt/user-crypto/install-sh
-wolfcrypt/user-crypto/libtool
-wolfcrypt/user-crypto/ltmain.sh
-wolfcrypt/user-crypto/m4
-wolfcrypt/user-crypto/missing
-wolfcrypt/user-crypto/Makefile.in
-wolfcrypt/user-crypto/lib/libusercrypto.*
-*.hzs
-
 # wolfSSL CSharp wrapper
 wrapper/CSharp/x64/
 
@@ -334,6 +327,10 @@ wolfcrypt/src/port/intel/qat_test
 # Arduino Generated Files
 /IDE/ARDUINO/wolfSSL
 scripts/memtest.txt
+/IDE/ARDUINO/Arduino_README_prepend.md.tmp
+/IDE/ARDUINO/library.properties.tmp
+/IDE/ARDUINO/library.properties.tmp.backup
+/IDE/ARDUINO/PREPENDED_README.md
 
 # Doxygen generated files
 doc/doxygen_warnings
@@ -342,6 +339,8 @@ doc/pdf
 
 # XCODE Index
 IDE/XCODE/Index
+IDE/**/xcshareddata
+IDE/**/DerivedData
 
 # ARM DS-5 && Eclipse
 \.settings/
@@ -393,6 +392,8 @@ cmake_install.cmake
 # GDB Settings
 \.gdbinit
 
+libFuzzer
+
 # Pycharm and other IDEs
 \.idea
 
@@ -400,7 +401,68 @@ cmake_install.cmake
 XXX-fips-test
 
 # ASYNC
-async
+/wolfAsyncCrypt
+/async
 
 # Generated user_settings_asm.h.
 user_settings_asm.h
+
+# VisualGDB
+**/.visualgdb
+
+# Espressif sdk config default should be saved in sdkconfig.defaults
+# we won't track the actual working sdkconfig files
+/IDE/Espressif/**/sdkconfig
+/IDE/Espressif/**/sdkconfig.old
+
+# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
+/IDE/Espressif/**/sdkconfig.debug
+/IDE/Espressif/**/sdkconfig.release
+/IDE/Espressif/**/sdkconfig-debug
+/IDE/Espressif/**/sdkconfig-release
+
+# Always include Espressif makefiles (typically only used for ESP8266)
+!/IDE/Espressif/**/Makefile
+!/IDE/Espressif/**/component.mk
+
+# Ignore all the example logs
+/IDE/Espressif/ESP-IDF/examples/**/logs/*
+
+# MPLAB
+/IDE/MPLABX16/wolfssl.X/dist/default/
+/IDE/MPLABX16/wolfssl.X/.generated_files
+/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
+/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
+
+# auto-created CMake backups
+**/CMakeLists.txt.old
+
+# MagicCrypto (ARIA Cipher)
+MagicCrypto
+
+# CMake  build directory
+/out
+/out_temp
+
+# debian packaging
+debian/changelog
+debian/control
+*.deb
+
+# Ada/Alire files
+wrapper/Ada/alire/
+wrapper/Ada/config/
+wrapper/Ada/lib/
+wrapper/Ada/obj/
+
+# PlatformIO
+/**/.pio
+/**/.vscode/.browse.c_cpp.db*
+/**/.vscode/c_cpp_properties.json
+/**/.vscode/launch.json
+/**/.vscode/ipch
+/**/sdkconfig.esp32dev
+
+# Autogenerated debug trace headers
+wolfssl/debug-trace-error-codes.h
+wolfssl/debug-untrace-error-codes.h

.wolfssl_known_macro_extras

@@ -0,0 +1,995 @@
+AES_GCM_GMULT_NCT
+AFX_RESOURCE_DLL
+AFX_TARG_ENU
+ALLOW_BINARY_MISMATCH_INTROSPECTION
+ALLOW_V1_EXTENSIONS
+ANDROID
+APP_ESP_HTTP_CLIENT
+APP_ESP_HTTP_CLIENT_EXAMPLE
+APSTUDIO_INVOKED
+ARCH_sim
+ARDUINO
+ARDUINO_ARCH_RP2040
+ARDUINO_SAMD_NANO_33_IOT
+ARDUINO_SAM_DUE
+ASN_DUMP_OID
+ASN_TEMPLATE_SKIP_ISCA_CHECK
+ATCAPRINTF
+ATCA_ENABLE_DEPRECATED
+AVR
+BASE64_NO_TABLE
+BLAKE2B_SELFTEST
+BLAKE2S_SELFTEST
+BLOCKING
+BSP_DEFAULT_IO_CHANNEL_DEFINED
+BSP_LED_0
+BSP_LED_1
+BSP_SDCARD_ESDHC_CHANNEL
+BSP_SDCARD_SDHC_CHANNEL
+BSP_SDCARD_SPI_CHANNEL
+CAAM_OUT_INVALIDATE
+CERT_REL_PREFIX
+CIOCASYMFEAT
+CIOCGSESSINFO
+CMSIS_OS2_H_
+COMPONENT_WOLFSSL
+CONFIG_ARCH_CHIP_STM32F746ZG
+CONFIG_ARCH_CHIP_STM32H743ZI
+CONFIG_ARCH_CHIP_STM32L552ZE
+CONFIG_ARCH_POSIX
+CONFIG_ARM
+CONFIG_ARM64
+CONFIG_BOARD_NATIVE_POSIX
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT
+CONFIG_COMPILER_OPTIMIZATION_NONE
+CONFIG_COMPILER_OPTIMIZATION_PERF
+CONFIG_COMPILER_OPTIMIZATION_SIZE
+CONFIG_CRYPTO_FIPS
+CONFIG_CRYPTO_MANAGER
+CONFIG_CSPRNG_ENABLED
+CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP8266_XTAL_FREQ_26
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80
+CONFIG_ESP_ENABLE_WOLFSSH
+CONFIG_ESP_MAIN_TASK_STACK_SIZE
+CONFIG_ESP_TLS_USING_WOLFSSL
+CONFIG_ESP_WIFI_PASSWORD
+CONFIG_ESP_WIFI_SSID
+CONFIG_ESP_WOLFSSL_ENABLE_KYBER
+CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
+CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
+CONFIG_ESP_WOLFSSL_NO_HW_AES
+CONFIG_ESP_WOLFSSL_NO_HW_HASH
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+CONFIG_FREERTOS_HZ
+CONFIG_FREERTOS_UNICORE
+CONFIG_IDF_TARGET
+CONFIG_IDF_TARGET_ARCH_RISCV
+CONFIG_IDF_TARGET_ARCH_XTENSA
+CONFIG_IDF_TARGET_ESP32
+CONFIG_IDF_TARGET_ESP32C2
+CONFIG_IDF_TARGET_ESP32C3
+CONFIG_IDF_TARGET_ESP32C6
+CONFIG_IDF_TARGET_ESP32H2
+CONFIG_IDF_TARGET_ESP32S2
+CONFIG_IDF_TARGET_ESP32S3
+CONFIG_IDF_TARGET_ESP8266
+CONFIG_IDF_TARGET_ESP8684
+CONFIG_MAIN_TASK_STACK_SIZE
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+CONFIG_MBEDTLS_PSA_CRYPTO_C
+CONFIG_MIPS
+CONFIG_MODULE_SIG
+CONFIG_NET_SOCKETS_SOCKOPT_TLS
+CONFIG_NEWLIB_LIBC
+CONFIG_NEWLIB_NANO_FORMAT
+CONFIG_PICOLIBC
+CONFIG_POSIX_API
+CONFIG_POSIX_THREADS
+CONFIG_PREEMPT_COUNT
+CONFIG_PTHREAD_IPC
+CONFIG_SMP
+CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
+CONFIG_TIMER_TASK_STACK_DEPTH
+CONFIG_TIMER_TASK_STACK_SIZE
+CONFIG_TLS_STACK_WOLFSSL
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME
+CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
+CONFIG_WOLFCRYPT_ARMASM
+CONFIG_WOLFCRYPT_FIPS
+CONFIG_WOLFCRYPT_INTELASM
+CONFIG_WOLFSSL
+CONFIG_WOLFSSL_ALLOW_TLS13
+CONFIG_WOLFSSL_ALPN
+CONFIG_WOLFSSL_ALT_CERT_CHAINS
+CONFIG_WOLFSSL_APPLE_HOMEKIT
+CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+CONFIG_WOLFSSL_DTLS
+CONFIG_WOLFSSL_ENABLE_KYBER
+CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_NONE
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+CONFIG_WOLFSSL_HKDF
+CONFIG_WOLFSSL_MAX_FRAGMENT_LEN
+CONFIG_WOLFSSL_NO_ASN_STRICT
+CONFIG_WOLFSSL_PSK
+CONFIG_WOLFSSL_RSA_PSS
+CONFIG_WOLFSSL_TARGET_HOST
+CONFIG_WOLFSSL_TARGET_PORT
+CONFIG_WOLFSSL_TLS13_ENABLED
+CONFIG_WOLFSSL_TLS_VERSION_1_2
+CONFIG_WOLFSSL_TLS_VERSION_1_3
+CONFIG_WOLFTPM
+CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+CONFIG_X86
+CONV_WITH_DIV
+CPA_CY_API_VERSION_NUM_MAJOR
+CPU_MIMXRT1176DVMAA_cm7
+CPU_MK82FN256VLL15
+CRLDP_VALIDATE_DATA
+CRL_REPORT_LOAD_ERRORS
+CRL_STATIC_REVOKED_LIST
+CRYPTOCELL_KEY_SIZE
+CRYP_HEADERWIDTHUNIT_BYTE
+CRYP_KEYIVCONFIG_ONCE
+CRYP_KEYSIZE_192B
+CSM_UNSUPPORTED_ALGS
+CTYPE_USER
+CURVED448_SMALL
+CY_USING_HAL
+DCP_USE_DCACHE
+DILITHIUM_MUL_11_SLOW
+DILITHIUM_MUL_44_SLOW
+DILITHIUM_MUL_QINV_SLOW
+DILITHIUM_MUL_Q_SLOW
+DILITHIUM_MUL_SLOW
+DILITHIUM_USE_HINT_CT
+DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER
+ECCSI_ORDER_MORE_BITS_THAN_PRIME
+ECC_DUMP_OID
+ECDHE_SIZE
+ENABLE_SECURE_SOCKETS_LOGS
+ESP32
+ESP8266
+ESP_ENABLE_WOLFSSH
+ESP_IDF_VERSION_MAJOR
+ESP_IDF_VERSION_MINOR
+ESP_PLATFORM
+ESP_TASK_MAIN_STACK
+EV_TRIGGER
+FP_ECC_CONTROL
+FREERTOS_TCP_WINSIM
+FREESCALE
+FREESCALE_RNGB
+FREESCALE_USE_MMCAU_CLASSIC
+FSL_FEATURE_HAS_L1CACHE
+FSL_FEATURE_LTC_HAS_DES
+FSL_FEATURE_LTC_HAS_GCM
+FSL_FEATURE_LTC_HAS_PKHA
+FSL_FEATURE_LTC_HAS_SHA
+FSL_FEATURE_SOC_LTC_COUNT
+FSL_FEATURE_SOC_MMCAU_COUNT
+FSL_FEATURE_SOC_RNG_COUNT
+FSL_FEATURE_SOC_TRNG_COUNT
+FUSION_RTOS
+GENERATE_MACHINE_PARSEABLE_REPORT
+GE_P3_TOBYTES_IMPL
+GOAHEAD_WS
+HAL_RTC_MODULE_ENABLED
+HARDWARE_CACHE_COHERENCY
+HASH_AlgoMode_HASH
+HASH_BYTE_SWAP
+HASH_CR_LKEY
+HASH_DIGEST
+HASH_DataType_8b
+HASH_IMR_DCIE
+HASH_IMR_DINIE
+HAVE_AESGCM_DECRYPT
+HAVE_BYTEREVERSE64
+HAVE_CERTIFICATE_STATUS_V2
+HAVE_COLDFIRE_SEC
+HAVE_CRL_UPDATE_CB
+HAVE_CSHARP
+HAVE_CURL
+HAVE_CURVE22519
+HAVE_DANE
+HAVE_ECC239
+HAVE_ECC320
+HAVE_ECC512
+HAVE_ECC_CDH_CAST
+HAVE_ECC_SM2
+HAVE_ESP_CLK
+HAVE_FACON
+HAVE_FIPS_VERSION_PORT
+HAVE_FUZZER
+HAVE_INTEL_MULX
+HAVE_INTEL_QAT_SYNC
+HAVE_INTEL_SPEEDUP
+HAVE_MDK_RTX
+HAVE_NETX_BSD
+HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
+HAVE_POCO_LIB
+HAVE_RTP_SYS
+HAVE_SECURE_GETENV
+HAVE_STACK_SIZE_VERBOSE_LOG
+HAVE_THREADX
+HAVE_TM_TYPE
+HAVE_VALIDATE_DATE
+HAVE_VA_COPY
+HAVE_X448
+HONOR_MATH_USED_LENGTH
+HSM_KEY_TYPE_HMAC_224
+HSM_KEY_TYPE_HMAC_256
+HSM_KEY_TYPE_HMAC_384
+HSM_KEY_TYPE_HMAC_512
+HSM_OP_KEY_GENERATION_FLAGS_CREATE
+HSM_OP_KEY_GENERATION_FLAGS_UPDATE
+HSM_SVC_KEY_STORE_FLAGS_UPDATE
+IDIRECT_DEV_RANDOM
+IDIRECT_DEV_TIME
+ID_TRNG
+IGNORE_KEY_EXTENSIONS
+IGNORE_NETSCAPE_CERT_TYPE
+INCLUDE_uxTaskGetStackHighWaterMark
+INTEGRITY
+INTIMEVER
+IOTSAFE_NO_GETDATA
+IOTSAFE_SIG_8BIT_LENGTH
+KCAPI_USE_XMALLOC
+K_SERIES
+LIBWOLFSSL_VERSION_GIT_BRANCH
+LIBWOLFSSL_VERSION_GIT_HASH
+LIBWOLFSSL_VERSION_GIT_HASH_DATE
+LIBWOLFSSL_VERSION_GIT_ORIGIN
+LIBWOLFSSL_VERSION_GIT_SHORT_HASH
+LIBWOLFSSL_VERSION_GIT_TAG
+LINUXKM_FPU_STATES_FOLLOW_THREADS
+LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+LINUX_CYCLE_COUNT
+LINUX_RUSAGE_UTIME
+LP64
+MAX3266X_AESGCM
+MAX3266X_RSA
+MAXQ10XX_PRODUCTION_KEY
+MAXQ_EXPORT_TLS_KEYS
+MAXQ_SHA1
+MAXSEG_64K
+MAX_WOLFSSL_FILE_SIZE
+MDK_CONF_BARE_METAL
+MDK_CONF_FS
+MDK_CONF_RTX_TCP_FS
+MDK_CONF_TCP_FS
+MDK_WOLFLIB
+MICRIUM_MALLOC
+MICROCHIP_MPLAB_HARMONY
+MICROCHIP_MPLAB_HARMONY_3
+MICRO_SESSION_CACHEx
+MLKEM_NONDETERMINISTIC
+MODULE_SOCK_TCP
+MP_31BIT
+MP_8BIT
+MQX_USE_IO_OLD
+MULTI_VALUE_STATISTICS
+MUTEX_DURING_INIT
+NEED_THREADX_TYPES
+NETX_DUO
+NET_SECURE_MODULE_EN
+NOTE_TRIGGER
+NO_AES_DECRYPT
+NO_ARDUINO_DEFAULT
+NO_ASM
+NO_ASN_OLD_TYPE_NAMES
+NO_CAMELLIA_CBC
+NO_CERT
+NO_CIPHER_SUITE_ALIASES
+NO_CLIENT_CACHE
+NO_CLOCK_SPEEDUP
+NO_CURVE25519_KEY_EXPORT
+NO_CURVE25519_KEY_IMPORT
+NO_CURVE25519_SHARED_SECRET
+NO_CURVE448_KEY_EXPORT
+NO_CURVE448_KEY_IMPORT
+NO_CURVE448_SHARED_SECRET
+NO_DEV_URANDOM
+NO_ECC384
+NO_ECC521
+NO_ECC_CACHE_CURVE
+NO_ECC_CHECK_KEY
+NO_ECC_CHECK_PUBKEY_ORDER
+NO_ECC_KEY_IMPORT
+NO_ECC_MAKE_PUB
+NO_ED25519_CLIENT_AUTH
+NO_ED25519_KEY_EXPORT
+NO_ED25519_KEY_IMPORT
+NO_ED25519_MAKE_KEY
+NO_ED25519_SIGN
+NO_ED25519_VERIFY
+NO_ED448_CLIENT_AUTH
+NO_ED448_KEY_EXPORT
+NO_ED448_KEY_IMPORT
+NO_ED448_SIGN
+NO_ED448_VERIFY
+NO_ESP_MP_MUL_EVEN_ALT_CALC
+NO_FORCE_SCR_SAME_SUITE
+NO_GCM_ENCRYPT_EXTRA
+NO_GETENV
+NO_HANDSHAKE_DONE_CB
+NO_IMX6_CAAM_AES
+NO_IMX6_CAAM_HASH
+NO_OLD_NAMES
+NO_OLD_POLY1305
+NO_OLD_TIMEVAL_NAME
+NO_PBKDF1
+NO_PIC32MZ_CRYPT
+NO_PIC32MZ_HASH
+NO_PIC32MZ_RNG
+NO_PKCS11_AES
+NO_PKCS11_AESCBC
+NO_PKCS11_AESGCM
+NO_PKCS11_ECC
+NO_PKCS11_ECDH
+NO_PKCS11_EC_KEYGEN
+NO_PKCS11_HMAC
+NO_PKCS11_RNG
+NO_PKCS11_RSA
+NO_PKCS11_RSA_PKCS
+NO_PKCS7
+NO_PKCS7_COMPRESSED_DATA
+NO_PKCS7_ENCRYPTED_DATA
+NO_PKCS7_STREAM
+NO_POLY1305_ASM
+NO_PUBLIC_CCM_SET_NONCE
+NO_PUBLIC_GCM_SET_IV
+NO_RESUME_SUITE_CHECK
+NO_RNG
+NO_RNG_MUTEX
+NO_SESSION_CACHE_ROW_LOCK
+NO_SKID
+NO_SKIP_PREVIEW
+NO_STDIO_FGETS_REMAP
+NO_TKERNEL_MEM_POOL
+NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
+NO_VERIFY_OID
+NO_WC_SSIZE_TYPE
+NO_WOLFSSL_ALLOC_ALIGN
+NO_WOLFSSL_AUTOSAR_CRYIF
+NO_WOLFSSL_AUTOSAR_CRYPTO
+NO_WOLFSSL_AUTOSAR_CSM
+NO_WOLFSSL_BASE64_DECODE
+NO_WOLFSSL_BN_CTX
+NO_WOLFSSL_MSG_EX
+NO_WOLFSSL_RENESAS_FSPSM_AES
+NO_WOLFSSL_RENESAS_FSPSM_HASH
+NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES
+NO_WOLFSSL_SHA256
+NO_WOLFSSL_SHA256_INTERLEAVE
+NO_WOLFSSL_SHA512_INTERLEAVE
+NO_WOLFSSL_SKIP_TRAILING_PAD
+NO_WOLFSSL_SMALL_STACK_STATIC
+NO_WOLFSSL_XILINX_TAG_MALLOC
+NRF52
+NRF52_SERIES
+NRF_ERROR_MODULE_ALREADY_INITIALIZED
+OLD_HELLO_ALLOWED
+OPENSSL_EXTRA_BSD
+OPENSSL_EXTRA_NO_ASN1
+OPENSSL_EXTRA_NO_BN
+OPENSSL_NO_PK
+OS_WINDOWS
+OTHERBOARD
+OTHER_BOARD
+PEER_INFO
+PKA_ECC_SCALAR_MUL_IN_B_COEFF
+PLATFORMIO
+PLUTON_CRYPTO_ECC
+PRINT_SESSION_STATS
+PTHREAD_STACK_MIN
+QAT_ENABLE_HASH
+QAT_ENABLE_RNG
+QAT_USE_POLLING_CHECK
+RC_NO_RNG
+REDIRECTION_IN3_KEYELMID
+REDIRECTION_IN3_KEYID
+REDIRECTION_OUT1_KEYELMID
+REDIRECTION_OUT1_KEYID
+REDIRECTION_OUT2_KEYELMID
+REDIRECTION_OUT2_KEYID
+RENESAS_T4_USE
+RTC_ALARMSUBSECONDMASK_ALL
+RTE_CMSIS_RTOS_RTX
+RTOS_MODULE_NET_AVAIL
+RTPLATFORM
+SA_INTERRUPT
+SCEKEY_INSTALLED
+SHA256_MANY_REGISTERS
+SHA3_BY_SPEC
+SHOW_CERTS
+SHOW_GEN
+SHOW_SIZES
+SHOW_SSID_AND_PASSWORD
+SIM_SCGC3_RNGA_MASK
+SIM_SCGC5_PORTC_MASK
+SIM_SCGC5_PORTD_MASK
+SIM_SCGC5_PORTE_MASK
+SIM_SCGC6_RNGA_MASK
+SL_SE_KEY_TYPE_ECC_P384
+SL_SE_KEY_TYPE_ECC_P521
+SL_SE_KEY_TYPE_ECC_X25519
+SL_SE_KEY_TYPE_ECC_X448
+SL_SE_PRF_HMAC_SHA1
+SOFTDEVICE_PRESENT
+SO_NOSIGPIPE
+SO_REUSEPORT
+SP_INT_NO_ASM
+SP_MATH_NEED_ADD_OFF
+SP_USE_DIVTI3
+SQRTMOD_USE_MOD_EXP
+SSL_SNIFFER_EXPORTS
+SSN_BUILDING_LIBYASSL
+STATIC_CHUNKS_ONLY
+STM32F107xC
+STM32F207xx
+STM32F217xx
+STM32F401xE
+STM32F407xx
+STM32F437xx
+STM32F756xx
+STM32F777xx
+STM32G071xx
+STM32G491xx
+STM32H563xx
+STM32H723xx
+STM32H725xx
+STM32H743xx
+STM32H753xx
+STM32H7S3xx
+STM32L475xx
+STM32L4A6xx
+STM32L552xx
+STM32L562xx
+STM32MP135Fxx
+STM32U575xx
+STM32U585xx
+STM32U5A9xx
+STM32WB55xx
+STM32WBA52xx
+STM32WL55xx
+STM32_AESGCM_PARTIAL
+STM32_HW_CLOCK_AUTO
+STM32_NUTTX_RNG
+TASK_EXTRA_STACK_SIZE
+TCP_NODELAY
+TFM_ALREADY_SET
+TFM_SMALL_MONT_SET
+THREADED_SNIFFTEST
+TIME_T_NOT_LONG
+TI_DUMMY_BUILD
+TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+UNICODE
+USER_CA_CB
+USER_CUSTOM_SNIFFX
+USER_MATH_LIB
+USE_ALT_MPRIME
+USE_ANY_ADDR
+USE_CERT_BUFFERS_25519
+USE_CERT_BUFFERS_3072
+USE_ECDSA_KEYSZ_HASH_ALGO
+USE_FULL_ASSERT
+USE_HAL_DRIVER
+USE_NXP_LTC
+USE_NXP_MMCAU
+USE_QAE_THREAD_LS
+USE_SECRET_CALLBACK
+USE_STSAFE_RNG_SEED
+USE_STSAFE_VERBOSE
+USE_TLSV13
+USE_WOLF_STRNSTR
+USS_API
+WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
+WC_AES_BS_WORD_SIZE
+WC_AES_GCM_DEC_AUTH_EARLY
+WC_ASN_HASH_SHA256
+WC_ASYNC_ENABLE_3DES
+WC_ASYNC_ENABLE_AES
+WC_ASYNC_ENABLE_ARC4
+WC_ASYNC_ENABLE_DH
+WC_ASYNC_ENABLE_ECC
+WC_ASYNC_ENABLE_ECC_KEYGEN
+WC_ASYNC_ENABLE_HMAC
+WC_ASYNC_ENABLE_MD5
+WC_ASYNC_ENABLE_RSA
+WC_ASYNC_ENABLE_RSA_KEYGEN
+WC_ASYNC_ENABLE_SHA
+WC_ASYNC_ENABLE_SHA224
+WC_ASYNC_ENABLE_SHA256
+WC_ASYNC_ENABLE_SHA3
+WC_ASYNC_ENABLE_SHA384
+WC_ASYNC_ENABLE_SHA512
+WC_ASYNC_NO_CRYPT
+WC_ASYNC_NO_HASH
+WC_DILITHIUM_CACHE_PRIV_VECTORS
+WC_DILITHIUM_CACHE_PUB_VECTORS
+WC_DILITHIUM_FIXED_ARRAY
+WC_DISABLE_RADIX_ZERO_PAD
+WC_ECC_NONBLOCK_ONLY
+WC_KDF_NIST_SP_800_56C
+WC_LMS_FULL_HASH
+WC_NO_RNG_SIMPLE
+WC_NO_STATIC_ASSERT
+WC_PKCS11_FIND_WITH_ID_ONLY
+WC_PROTECT_ENCRYPTED_MEM
+WC_RNG_BLOCKING
+WC_RSA_DIRECT
+WC_RSA_NONBLOCK
+WC_RSA_NONBLOCK_TIME
+WC_RSA_NO_FERMAT_CHECK
+WC_SHA384
+WC_SHA384_DIGEST_SIZE
+WC_SHA512
+WC_SSIZE_TYPE
+WC_STRICT_SIG
+WC_XMSS_FULL_HASH
+WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
+WOLFSENTRY_H
+WOLFSENTRY_NO_JSON
+WOLFSSL_32BIT_MILLI_TIME
+WOLFSSL_AARCH64_PRIVILEGE_MODE
+WOLFSSL_AESNI_BY4
+WOLFSSL_AESNI_BY6
+WOLFSSL_AFTER_DATE_CLOCK_SKEW
+WOLFSSL_ALGO_HW_MUTEX
+WOLFSSL_ALLOW_CRIT_AIA
+WOLFSSL_ALLOW_CRIT_AKID
+WOLFSSL_ALLOW_CRIT_SKID
+WOLFSSL_ALLOW_ENCODING_CA_FALSE
+WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
+WOLFSSL_ALLOW_NO_CN_IN_SAN
+WOLFSSL_ALLOW_NO_SUITES
+WOLFSSL_ALLOW_SERVER_SC_EXT
+WOLFSSL_ALLOW_TLS_SHA1
+WOLFSSL_ALTERNATIVE_DOWNGRADE
+WOLFSSL_ALT_NAMES_NO_REV
+WOLFSSL_ARM_ARCH_NEON_64BIT
+WOLFSSL_ASCON_UNROLL
+WOLFSSL_ASNC_CRYPT
+WOLFSSL_ASN_EXTRA
+WOLFSSL_ASN_INT_LEAD_0_ANY
+WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
+WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
+WOLFSSL_ATECC508
+WOLFSSL_ATECC508A_NOIDLE
+WOLFSSL_ATECC508A_NOSOFTECC
+WOLFSSL_ATECC508A_TLS
+WOLFSSL_ATECC_ECDH_IOENC
+WOLFSSL_ATECC_NO_ECDH_ENC
+WOLFSSL_ATECC_RNG
+WOLFSSL_ATECC_TFLXTLS
+WOLFSSL_ATECC_TNGTLS
+WOLFSSL_ATMEL
+WOLFSSL_ATMEL_TIME
+WOLFSSL_BEFORE_DATE_CLOCK_SKEW
+WOLFSSL_BIGINT_TYPES
+WOLFSSL_BIO_NO_FLOW_STATS
+WOLFSSL_BLAKE2B_INIT_EACH_FIELD
+WOLFSSL_BLAKE2S_INIT_EACH_FIELD
+WOLFSSL_BLIND_PRIVATE_KEY
+WOLFSSL_BYTESWAP32_ASM
+WOLFSSL_CAAM_BLACK_KEY_AESCCM
+WOLFSSL_CAAM_BLACK_KEY_SM
+WOLFSSL_CAAM_NO_BLACK_KEY
+WOLFSSL_CALLBACKS
+WOLFSSL_CHECK_DESKEY
+WOLFSSL_CHECK_MEM_ZERO
+WOLFSSL_CHIBIOS
+WOLFSSL_CLANG_TIDY
+WOLFSSL_COMMERCIAL_LICENSE
+WOLFSSL_CONTIKI
+WOLFSSL_CRL_ALLOW_MISSING_CDP
+WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_CUSTOM_CONFIG
+WOLFSSL_DILITHIUM_ASSIGN_KEY
+WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
+WOLFSSL_DILITHIUM_NO_ASN1
+WOLFSSL_DILITHIUM_NO_CHECK_KEY
+WOLFSSL_DILITHIUM_NO_LARGE_CODE
+WOLFSSL_DILITHIUM_NO_MAKE
+WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+WOLFSSL_DILITHIUM_SIGN_CHECK_W0
+WOLFSSL_DILITHIUM_SIGN_CHECK_Y
+WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
+WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
+WOLFSSL_DTLS_DISALLOW_FUTURE
+WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
+WOLFSSL_DUMP_MEMIO_STREAM
+WOLFSSL_DUP_CERTPOL
+WOLFSSL_ECC_BLIND_K
+WOLFSSL_ECC_GEN_REJECT_SAMPLING
+WOLFSSL_ECC_NO_SMALL_STACK
+WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
+WOLFSSL_ECDHX_SHARED_NOT_ZERO
+WOLFSSL_ECDSA_MATCH_HASH
+WOLFSSL_ECDSA_SET_K_ONE_LOOP
+WOLFSSL_EC_POINT_CMP_JACOBIAN
+WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+WOLFSSL_EMNET
+WOLFSSL_ESPWROOM32
+WOLFSSL_EVP_PRINT
+WOLFSSL_EXPORT_INT
+WOLFSSL_EXPORT_SPC_SZ
+WOLFSSL_EXTRA
+WOLFSSL_FORCE_OCSP_NONCE_CHECK
+WOLFSSL_FRDM_K64
+WOLFSSL_FRDM_K64_JENKINS
+WOLFSSL_FUNC_TIME
+WOLFSSL_FUNC_TIME_LOG
+WOLFSSL_GEN_CERT
+WOLFSSL_GETRANDOM
+WOLFSSL_GNRC
+WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
+WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
+WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
+WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
+WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
+WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
+WOLFSSL_I2D_ECDSA_SIG_ALLOC
+WOLFSSL_IAR_ARM_TIME
+WOLFSSL_IGNORE_BAD_CERT_PATH
+WOLFSSL_IMX6
+WOLFSSL_IMX6_CAAM
+WOLFSSL_IMX6_CAAM_BLOB
+WOLFSSL_IMX6_CAAM_RNG
+WOLFSSL_IMXRT_DCP
+WOLFSSL_ISOTP
+WOLFSSL_KEIL
+WOLFSSL_KEIL_NET
+WOLFSSL_KYBER_NO_DECAPSULATE
+WOLFSSL_KYBER_NO_ENCAPSULATE
+WOLFSSL_KYBER_NO_MAKE_KEY
+WOLFSSL_LIB
+WOLFSSL_LMS_CACHE_BITS
+WOLFSSL_LMS_FULL_HASH
+WOLFSSL_LMS_LARGE_CACHES
+WOLFSSL_LMS_MAX_HEIGHT
+WOLFSSL_LMS_MAX_LEVELS
+WOLFSSL_LMS_NO_SIG_CACHE
+WOLFSSL_LMS_ROOT_LEVELS
+WOLFSSL_LPC43xx
+WOLFSSL_MAKE_SYSTEM_NAME_LINUX
+WOLFSSL_MAKE_SYSTEM_NAME_WSL
+WOLFSSL_MDK5
+WOLFSSL_MEM_FAIL_COUNT
+WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+WOLFSSL_MLKEM_INVNTT_UNROLL
+WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+WOLFSSL_MLKEM_NO_LARGE_CODE
+WOLFSSL_MLKEM_NO_MALLOC
+WOLFSSL_MLKEM_NTT_UNROLL
+WOLFSSL_MONT_RED_CT
+WOLFSSL_MP_COND_COPY
+WOLFSSL_MP_INVMOD_CONSTANT_TIME
+WOLFSSL_MULTICIRCULATE_ALTNAMELIST
+WOLFSSL_NONBLOCK_OCSP
+WOLFSSL_NOSHA3_384
+WOLFSSL_NOT_WINDOWS_API
+WOLFSSL_NO_BIO_ADDR_IN
+WOLFSSL_NO_CLIENT
+WOLFSSL_NO_CLIENT_CERT_ERROR
+WOLFSSL_NO_COPY_CERT
+WOLFSSL_NO_COPY_KEY
+WOLFSSL_NO_CRL_DATE_CHECK
+WOLFSSL_NO_CRL_NEXT_DATE
+WOLFSSL_NO_DECODE_EXTRA
+WOLFSSL_NO_DER_TO_PEM
+WOLFSSL_NO_DH186
+WOLFSSL_NO_DTLS_SIZE_CHECK
+WOLFSSL_NO_ETM_ALERT
+WOLFSSL_NO_FENCE
+WOLFSSL_NO_FSEEK
+WOLFSSL_NO_INIT_CTX_KEY
+WOLFSSL_NO_ISSUERHASH_TDPEER
+WOLFSSL_NO_KCAPI_AES_CBC
+WOLFSSL_NO_KCAPI_HMAC_SHA1
+WOLFSSL_NO_KCAPI_HMAC_SHA224
+WOLFSSL_NO_KCAPI_HMAC_SHA256
+WOLFSSL_NO_KCAPI_HMAC_SHA384
+WOLFSSL_NO_KCAPI_HMAC_SHA512
+WOLFSSL_NO_KCAPI_SHA224
+WOLFSSL_NO_OCSP_DATE_CHECK
+WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
+WOLFSSL_NO_OCSP_OPTIONAL_CERTS
+WOLFSSL_NO_PUBLIC_FFDHE
+WOLFSSL_NO_RSA_KEY_CHECK
+WOLFSSL_NO_SERVER_GROUPS_EXT
+WOLFSSL_NO_SESSION_STATS
+WOLFSSL_NO_SIGALG
+WOLFSSL_NO_SOCKADDR_UN
+WOLFSSL_NO_SPHINCS
+WOLFSSL_NO_STRICT_CIPHER_SUITE
+WOLFSSL_NO_TICKET_EXPIRE
+WOLFSSL_NO_TRUSTED_CERTS_VERIFY
+WOLFSSL_NO_XOR_OPS
+WOLFSSL_NRF51_AES
+WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
+WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+WOLFSSL_OLD_SET_CURVES_LIST
+WOLFSSL_OLD_TIMINGPADVERIFY
+WOLFSSL_OLD_UNSUPPORTED_EXTENSION
+WOLFSSL_OPTIONS_IGNORE_SYS
+WOLFSSL_PASSTHRU_ERR
+WOLFSSL_PB
+WOLFSSL_PEER_ADDRESS_CHANGES
+WOLFSSL_PKCS11_RW_TOKENS
+WOLFSSL_PRCONNECT_PRO
+WOLFSSL_PREFIX
+WOLFSSL_PSA_NO_AES
+WOLFSSL_PSA_NO_HASH
+WOLFSSL_PSA_NO_PKCB
+WOLFSSL_PSA_NO_PKCBS
+WOLFSSL_PSA_NO_RNG
+WOLFSSL_PSK_IDENTITY_ALERT
+WOLFSSL_PSK_ID_PROTECTION
+WOLFSSL_PSK_MULTI_ID_PER_CS
+WOLFSSL_PSK_TLS13_CB
+WOLFSSL_PSOC6_CRYPTO
+WOLFSSL_PYTHON
+WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY
+WOLFSSL_RENESAS_RA6M3
+WOLFSSL_RENESAS_RA6M3G
+WOLFSSL_RENESAS_RSIP
+WOLFSSL_RENESAS_RZN2L
+WOLFSSL_RENESAS_TLS
+WOLFSSL_RENESAS_TSIP_IAREWRX
+WOLFSSL_RSA_CHECK_D_ON_DECRYPT
+WOLFSSL_RSA_DECRYPT_TO_0_LEN
+WOLFSSL_RW_THREADED
+WOLFSSL_SAKKE_SMALL
+WOLFSSL_SAKKE_SMALL_MODEXP
+WOLFSSL_SE050_AUTO_ERASE
+WOLFSSL_SE050_CRYPT
+WOLFSSL_SE050_HASH
+WOLFSSL_SE050_INIT
+WOLFSSL_SE050_NO_RSA
+WOLFSSL_SE050_NO_TRNG
+WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
+WOLFSSL_SETTINGS_FILE
+WOLFSSL_SH224
+WOLFSSL_SHA256_ALT_CH_MAJ
+WOLFSSL_SHUTDOWNONCE
+WOLFSSL_SILABS_TRNG
+WOLFSSL_SM4_EBC
+WOLFSSL_SNIFFER_NO_RECOVERY
+WOLFSSL_SP_ARM32_UDIV
+WOLFSSL_SP_DH
+WOLFSSL_SP_FAST_NCT_EXPTMOD
+WOLFSSL_SP_INT_SQR_VOLATILE
+WOLFSSL_STACK_CHECK
+WOLFSSL_STM32F427_RNG
+WOLFSSL_STM32_RNG_NOLIB
+WOLFSSL_STRONGEST_HASH_SIG
+WOLFSSL_STSAFE_TAKES_SLOT
+WOLFSSL_TELIT_M2MB
+WOLFSSL_THREADED_CRYPT
+WOLFSSL_TICKET_DECRYPT_NO_CREATE
+WOLFSSL_TICKET_ENC_AES128_GCM
+WOLFSSL_TICKET_ENC_AES256_CBC
+WOLFSSL_TICKET_ENC_AES256_GCM
+WOLFSSL_TICKET_ENC_CBC_HMAC
+WOLFSSL_TICKET_ENC_CHACHA20_POLY1305
+WOLFSSL_TICKET_ENC_HMAC_SHA384
+WOLFSSL_TICKET_ENC_HMAC_SHA512
+WOLFSSL_TI_CURRTIME
+WOLFSSL_TLS13_DRAFT
+WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
+WOLFSSL_TLS13_SHA512
+WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
+WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY
+WOLFSSL_TRACK_MEMORY_FULL
+WOLFSSL_TRAP_MALLOC_SZ
+WOLFSSL_UNALIGNED_64BIT_ACCESS
+WOLFSSL_USER_FILESYSTEM
+WOLFSSL_USER_LOG
+WOLFSSL_USER_MUTEX
+WOLFSSL_USER_THREADING
+WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW
+WOLFSSL_USE_FLASHMEM
+WOLFSSL_USE_OPTIONS_H
+WOLFSSL_USE_POPEN_HOST
+WOLFSSL_VALIDATE_DH_KEYGEN
+WOLFSSL_WC_XMSS_NO_SHA256
+WOLFSSL_WC_XMSS_NO_SHAKE256
+WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME
+WOLFSSL_X509_STORE_CERTS
+WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK
+WOLFSSL_XFREE_NO_NULLNESS_CHECK
+WOLFSSL_XILINX_CRYPTO_OLD
+WOLFSSL_XILINX_PATCH
+WOLFSSL_XIL_MSG_NO_SLEEP
+WOLFSSL_XMSS_LARGE_SECRET_KEY
+WOLFSSL_ZEPHYR
+WOLF_ALLOW_BUILTIN
+WOLF_CRYPTO_CB_CMD
+WOLF_CRYPTO_CB_FIND
+WOLF_CRYPTO_CB_ONLY_ECC
+WOLF_CRYPTO_CB_ONLY_RSA
+WOLF_CRYPTO_DEV
+WOLF_NO_TRAILING_ENUM_COMMAS
+XGETPASSWD
+XMSS_CALL_PRF_KEYGEN
+XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
+XSECURE_CACHE_DISABLE
+_ABI64
+_ABIO64
+_ARCH_PPC64
+_COMPILER_VERSION
+_INTPTR_T_DECLARED
+_LP64
+_MSC_VER
+_MSVC_LANG
+_M_ARM64
+_M_X64
+_NETOS
+_POSIX_C_SOURCE
+_SDCC_VERSION_PATCHLEVEL
+_SH3
+_SILICON_LABS_SECURITY_FEATURE
+_SOCKLEN_T
+_SYS_DEVCON_LOCAL_H
+_TIME_HELPER_H
+_UINTPTR_T_DECLARED
+_WIN32
+_WIN32_WCE
+_WIN64
+_XOPEN_SOURCE_EXTENDED
+__32MZ2048ECH144__
+__32MZ2048ECM144__
+__32MZ2048EFM144__
+__ANDROID__
+__APPLE__
+__ARCH_STRCASECMP_NO_REDIRECT
+__ARCH_STRCMP_NO_REDIRECT
+__ARCH_STRNCASECMP_NO_REDIRECT
+__ARCH_STRNCAT_NO_REDIRECT
+__ARCH_STRNCMP_NO_REDIRECT
+__ARCH_STRNCPY_NO_REDIRECT
+__ARCH_STRSTR_NO_REDIRECT
+__ARM_ARCH_7M__
+__ARM_FEATURE_CRYPTO
+__ASSEMBLER__
+__ATOMIC_RELAXED
+__AVR__
+__BCPLUSPLUS__
+__BIG_ENDIAN__
+__BORLANDC__
+__CCRX__
+__COMPILER_VER__
+__CYGWIN__
+__DATE__
+__DCACHE_PRESENT
+__DCC__
+__DECC_VER
+__ELF__
+__EMSCRIPTEN__
+__FPU_PRESENT
+__FreeBSD__
+__GLIBC__
+__GNUC_MINOR__
+__GNUC__
+__HP_cc
+__IAR_SYSTEMS_ICC__
+__ICCARM__
+__ILP32__
+__INCLUDE_NUTTX_CONFIG_H
+__INTEGRITY
+__INTEL_COMPILER
+__KEIL__
+__KEY_DATA_H__
+__LINUX__
+__LP64
+__LP64__
+__MACH__
+__MICROBLAZE__
+__MINGW32__
+__MINGW64_VERSION_MAJOR
+__MINGW64__
+__MWERKS__
+__NT__
+__OS2__
+__OpenBSD__
+__PIE__
+__POWERPC__
+__PPC__
+__PPU
+__QNXNTO__
+__QNX__
+__ROPI__
+__SAM3A4C__
+__SAM3A8C__
+__SAM3A8H__
+__SAM3X4C__
+__SAM3X4E__
+__SAM3X8C__
+__SAM3X8E__
+__SANITIZE_ADDRESS__
+__SDCC_VERSION_MAJOR
+__SDCC_VERSION_MINOR
+__SDCC_VERSION_PATCH
+__SIZEOF_INT128__
+__SIZEOF_LONG_LONG__
+__STDC_VERSION__
+__STDC__
+__STM32__
+__STRICT_ANSI__
+__SUNPRO_C
+__SUNPRO_CC
+__SVR4
+__TI_COMPILER_VERSION__
+__TURBOC__
+__UNIX__
+__USE_GNU
+__USE_MISC
+__USE_XOPEN2K
+__WATCOMC__
+__WATCOM_INT64__
+__XC32
+__XTENSA__
+__aarch64__
+__alpha__
+__arch64__
+__arm__
+__clang__
+__clang_major__
+__cplusplus
+__ghc__
+__ghs__
+__hpux__
+__i386
+__i386__
+__ia64__
+__linux__
+__llvm__
+__mips
+__mips64
+__must_check
+__ppc64__
+__ppc__
+__riscv
+__riscv_xlen
+__s390x__
+__sparc
+__sparc64__
+__sun
+__svr4__
+__thumb__
+__ti__
+__x86_64__
+byte
+configTICK_RATE_HZ
+fallthrough
+noinline
+ssize_t
+sun
+versal
+wc_Tls13_HKDF_Expand_Label

Docker/Dockerfile

@@ -0,0 +1,58 @@
+ARG DOCKER_BASE_IMAGE=ubuntu:22.04
+FROM $DOCKER_BASE_IMAGE
+
+USER root
+
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat-traditional binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
+ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
+ARG DEPS_UDP_PROXY="wget libevent-dev"
+ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
+ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
+                    && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
+                    && apt clean -y && rm -rf /var/lib/apt/lists/*
+
+# Add 'docker' user
+ARG USER=docker
+ARG UID=1000
+ARG GID=1000
+RUN groupadd -f -g ${GID} docker && ( getent passwd ${UID} || useradd -ms /bin/bash ${USER} -u ${UID} -g ${GID} )
+
+# Add github.com as an SSH known host
+RUN ssh -o StrictHostKeyChecking=no -T git@github.com; cat ~/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
+
+# install ccache
+RUN mkdir -p /opt/ccache/bin && for prog in gcc g++ cc c++ cpp arm-none-eabi-c++ arm-none-eabi-cpp arm-none-eabi-gcc arm-none-eabi-g++; do ln -s /usr/bin/ccache /opt/ccache/bin/$(basename $prog); done
+ENV PATH /opt/ccache/bin:$PATH
+
+# install liboqs
+RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git && cd liboqs && git checkout db08f12b5a96aa6582a82aac7f65cf8a4d8b231f \
+    && mkdir build && cd build && cmake -DOQS_DIST_BUILD=ON -DOQS_USE_CPUFEATURE_INSTRUCTIONS=OFF -DOQS_USE_OPENSSL=0 .. && make -j8 all && make install && cd ../.. && rm -rf liboqs
+
+RUN mkdir /opt/sources
+
+# install liblms
+RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \
+    && sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a
+
+# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
+RUN mkdir /var/empty
+RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
+
+# Install udp/tcp-proxy
+RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
+# Install libbacktrace
+RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
+
+# Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
+RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
+# Allow non-root to use gdb on processes (will need SYS_PTRACE capability when running the container)
+RUN setcap 'CAP_SYS_PTRACE+eip' /usr/bin/gdb
+
+# Add in Jenkins userID
+RUN for i in $(seq 1001 1010); do ( getent passwd ${i} || useradd -ms /bin/bash jenkins${i} -u ${i} -g ${GID} ); done
+
+USER ${UID}:${GID}

Docker/Dockerfile.cross-compiler

@@ -0,0 +1,11 @@
+ARG DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder
+FROM $DOCKER_BASE_IMAGE
+
+USER root
+
+ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
+RUN DEBIAN_FRONTEND=noninteractive apt update \
+                    && apt install -y ${DEPS_TESTING} \
+                    && apt clean -y && rm -rf /var/lib/apt/lists/*
+
+USER docker

Docker/OpenWrt/Dockerfile

@@ -0,0 +1,12 @@
+# This Dockerfile is used in conjunction with the docker-OpenWrt.yml GitHub Action.
+ARG DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-snapshot
+FROM $DOCKER_BASE_CONTAINER
+
+RUN mkdir -p /var/lock # Fix for parent container
+COPY libwolfssl.so /tmp/libwolfssl.so
+RUN export LIBWOLFSSL=$(ls /usr/lib/libwolfssl.so.* -1); \
+                      rm ${LIBWOLFSSL} && ln -s /tmp/libwolfssl.so ${LIBWOLFSSL}
+# for debugging purposes to make sure the correct library is tested
+RUN ls -Ll /usr/lib/libwolfssl* && ldd /lib/libustream-ssl.so | grep wolfssl
+COPY runTests.sh /tmp/.
+RUN /tmp/runTests.sh

Docker/OpenWrt/README.md

@@ -0,0 +1,13 @@
+This container is really only useful in conjunction with the GitHub Workflow
+found in .github/workflows/docker-OpenWrt.yml. The idea is that we will
+compile a new libwolfssl that gets placed in official OpenWrt containers to
+run some tests ensuring the library is still compatible with existing
+binaries.
+
+To run the test locally, build libwolfssl.so (or download from the GitHub Action)
+and put it in Docker/OpenWrt. Then switch to that folder and run:
+docker build -t openwrt --build-args DOCKER_BASE_CONTAINER=<openwrtContainer> .
+where 'openwrtContainer' => "openwrt/rootfs:x86-64-22.03-SNAPSHOT" or similar
+
+This should run some sample tests. The resulting container then can be used to
+evaluate OpenWrt with the latest wolfSSL library.

Docker/OpenWrt/runTests.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+runCMD() { # usage: runCMD "<command>" "<retVal>"
+    TMP_FILE=$(mktemp)
+    eval $1 > $TMP_FILE 2>&1
+    RETVAL=$?
+    if [ "$RETVAL" != "$2" ]; then
+        echo "Command ($1) returned ${RETVAL}, but expected $2. Error output:"
+        cat $TMP_FILE
+        exit 1
+    fi
+}
+
+# Successful tests
+runCMD "ldd /lib/libustream-ssl.so" 0
+# Temporary workaround: comment out missing kmods repo line for 21.02 specifically.
+# Remove after fixed upstream.
+runCMD "sed '\/src\/gz openwrt_kmods https:\/\/downloads.openwrt.org\/releases\/21.02-SNAPSHOT\/targets\/x86\/64\/kmods\/5.4.238-1-5a722da41bc36de95a7195be6fce1b45/s//#&/' -i /etc/opkg/distfeeds.conf" 0
+runCMD "opkg update" 0
+runCMD "uclient-fetch 'https://letsencrypt.org'" 0
+# Negative tests
+runCMD "uclient-fetch --ca-certificate=/dev/null 'https://letsencrypt.org'" 5
+runCMD "uclient-fetch 'https://self-signed.badssl.com/'" 5
+runCMD "uclient-fetch 'https://untrusted-root.badssl.com/'" 5
+runCMD "uclient-fetch 'https://expired.badssl.com/'" 5
+
+echo "All tests passed."

Docker/README.md

@@ -0,0 +1,16 @@
+# Overview
+This is a Docker environment for compiling, testing and running WolfSSL. Use `run.sh` to build everything (Docker container, WolfSSL, etc.). This script takes in arguments that can be passed to `./configure`. For example: `run.sh --enable-all`
+
+When the compilation and tests succeed, you will be dropped in to a shell environment within the container. This can be useful to build other things within the environment. Additional tests can be run as well as debugging of code.
+
+# Docker Hub
+These images are also uploaded to the wolfSSL's [Docker Hub page](https://hub.docker.com/orgs/wolfssl/repositories). There is a convenience script here `buildAndPush.sh` that will create the appropriate containers and push them to the repo.
+
+# FAQ
+## permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
+You need to be added to the `docker` group to run Docker containers. Run `sudo usermod -aG docker $USER`. You may need to restart the Docker daemon.
+
+## Unable to access symlinked files outside of WolfSSL
+The volume mounted in the Docker container needs to have all files that your compilation will need. To solve this, you have a couple options:
+1. Change the `WOLFSSL_DIR` variable in the `run.sh` to one higher up (by adding `/..` to the path). Then update the `docker build` to include the correct path to the Dockerfile and the `docker run` argument to the working directory (`-w`) to the WolfSSL source directory
+2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.

Docker/buildAndPush.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+# Assume we're in wolfssl/Docker
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+echo "Building wolfssl/wolfssl-builder:${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${WOLFSSL_DIR}/Docker" && \
+    docker tag wolfssl/wolfssl-builder:${CUR_DATE} wolfssl/wolfssl-builder:latest && \
+    docker build --build-arg DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder:${CUR_DATE} -t wolfssl/testing-cross-compiler:${CUR_DATE} "${WOLFSSL_DIR}/Docker" -f Dockerfile.cross-compiler && \
+    docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
+
+if [ $? -eq 0 ]; then
+    echo "Push containers to DockerHub [y/N]? "
+    read val
+    if [ "$val" = "y" ]; then
+        docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
+            docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
+        if [ $? -ne 0 ]; then
+            echo "Warning: push failed. Continuing"
+            ((NUM_FAILURES++))
+        fi
+    fi
+else
+    echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
+    ((NUM_FAILURES++))
+fi
+
+echo "Building wolfssl/wolfCLU:${CUR_DATE}"
+DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU"
+docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \
+    docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS}
+if [ $? -eq 0 ]; then
+    echo "Push containers to DockerHub [y/N]? "
+    read val
+    if [ "$val" = "y" ]; then
+        docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \
+            docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest
+        if [ $? -ne 0 ]; then
+            echo "Warning: push failed. Continuing"
+            ((NUM_FAILURES++))
+        fi
+    fi
+else
+    echo "Warning: Build wolfssl/wolfclu failed. Continuing"
+    ((NUM_FAILURES++))
+fi
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

Docker/include.am

@@ -0,0 +1,13 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= Docker/Dockerfile
+EXTRA_DIST+= Docker/Dockerfile.cross-compiler
+EXTRA_DIST+= Docker/run.sh
+EXTRA_DIST+= Docker/README.md
+
+ignore_files+=Docker/buildAndPush.sh
+ignore_files+=Docker/OpenWRT/Dockerfile
+ignore_files+=Docker/OpenWRT/runTests.sh
+ignore_files+=Docker/OpenWRT/README.md

Docker/packaging/debian/Dockerfile

@@ -0,0 +1,6 @@
+FROM debian:latest
+
+RUN apt-get -y update
+RUN apt-get -y upgrade
+RUN apt-get install -y build-essential autoconf gawk debhelper lintian
+

Docker/packaging/fedora/Dockerfile

@@ -0,0 +1,3 @@
+FROM fedora:latest
+
+RUN dnf install -y make automake gcc rpmdevtools

Docker/run.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+echo "Running with \"${*}\"..."
+
+# Assume we're in wolfssl/Docker
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
+
+docker build -t wolfssl/wolfssl-builder --build-arg UID=$(id -u) --build-arg GID=$(id -g) "${WOLFSSL_DIR}/Docker" && \
+  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash -c "./autogen.sh && ./configure ${*@Q} && make" && \
+  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash
+
+exitval=$?
+echo "Exited with error code $exitval"
+exit $exitval

Docker/wolfCLU/Dockerfile

@@ -0,0 +1,26 @@
+ARG DOCKER_BASE_IMAGE=ubuntu
+FROM ubuntu AS builder
+
+ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
+                    && apt install -y ${DEPS_WOLFSSL} \
+                    && apt clean -y && rm -rf /var/lib/apt/lists/*
+
+ARG NUM_CPU=16
+
+# This arg is to force a rebuild starting from this line
+ARG DUMMY=date
+# install wolfssl
+RUN DUMMY=${DUMMY} git clone --depth=1 --single-branch --branch=master http://github.com/wolfssl/wolfssl && cd wolfssl && ./autogen.sh && ./configure --enable-all && make -j $NUM_CPU && make install && ldconfig
+
+# install wolfCLU
+RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/wolfCLU && cd wolfCLU && ./autogen.sh && ./configure && make -j $NUM_CPU && make install
+
+FROM ${DOCKER_BASE_IMAGE}
+USER root
+COPY --from=builder /usr/local/lib/libwolfssl.so /usr/local/lib/
+COPY --from=builder /usr/local/bin/wolfssl* /usr/local/bin/
+RUN ldconfig
+ENTRYPOINT ["/usr/local/bin/wolfssl"]
+LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl
+LABEL org.opencontainers.image.description="Simple wolfCLU in a container"

Docker/wolfCLU/README.md

@@ -0,0 +1,10 @@
+This is a small container that has wolfCLU installed for quick access. To build your own run the following:
+```
+docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
+```
+
+To run the container, you can use:
+```
+docker run -it --rm -v $(pwd):/ws -w /ws wolfclu version
+```
+This command will allow you to use the certs/keys in your local directory.

Docker/yocto/Dockerfile

@@ -0,0 +1,29 @@
+FROM ubuntu
+
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
+RUN locale-gen en_US.UTF-8
+
+# Add in non-root user
+ENV UID_OF_DOCKERUSER 1000
+RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
+RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
+
+USER dockerUser
+
+RUN cd /opt && git clone git://git.yoctoproject.org/poky
+WORKDIR /opt/poky
+
+ARG YOCTO_VERSION=kirkstone
+RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
+
+# This arg is to be able to force a rebuild starting from this line
+ARG DUMMY=date
+RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
+    /bin/bash -c "source oe-init-build-env" && \
+    echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
+    sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
+
+RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"

Docker/yocto/buildAndPush.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+# Assume we're in wolfssl/Docker/yocto
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+for ver in kirkstone langdale scarthgap; do
+    echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+    docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
+        docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
+    if [ $? -eq 0 ]; then
+        echo "Pushing containers to DockerHub"
+        docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
+    else
+        echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
+        ((NUM_FAILURES++))
+    fi
+done
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

IDE/ARDUINO/Arduino_README_prepend.md

@@ -0,0 +1,49 @@
+# Arduino wolfSSL Library
+
+This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
+
+The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
+
+See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
+
+Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
+
+## wolfSSL Configuration
+
+As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
+## wolfSSL Examples
+
+Additional wolfSSL examples can be found at:
+
+- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
+
+- https://github.com/wolfSSL/wolfssl/tree/master/examples
+
+- https://github.com/wolfSSL/wolfssl-examples/
+
+## Arduino Releases
+
+This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
+
+See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
+
+The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
+
+The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

IDE/ARDUINO/README.md

@@ -1,29 +1,109 @@
-### wolfSSL with Arduino
+# wolfSSL with Arduino
 
-##### Reformatting wolfSSL as a compatible Arduino Library
-This is a shell script that will re-organize the wolfSSL library to be 
-compatible with Arduino projects. The Arduino IDE requires a library's source
-files to be in the library's root directory with a header file in the name of 
-the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL`
-directory and creates a stub header file called `wolfssl.h`.
+See the [example sketches](./sketches/README.md):
 
-Step 1: To configure wolfSSL with Arduino, enter the following from within the
-wolfssl/IDE/ARDUINO directory:
+- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
+- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
 
-        `./wolfssl-arduino.sh`
+When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
 
-Step 2: Copy the directory wolfSSL that was just created to:
-`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
+## Getting Started
 
-Step 3: Edit `<arduino-libraries>/wolfSSL/user_settings.h`
+See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
+## Boards
+
+Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
+and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
+
+STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
+from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
+
+```
+https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
+```
+
+## Using wolfSSL from the Arduino IDE
+
+The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
+
+This option will allow wolfSSL to be installed directly using the native Arduino tools.
+
+## Manually Reformatting wolfSSL as a Compatible Arduino Library
+
+Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
+compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
+for projects that use Arduino IDE 1.5.0 or newer.
+
+The Arduino IDE requires a library's source files to be in the library's root directory with a
+header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
+directory and creates a stub header file called `wolfssl.h` inside that directory.
+
+### Step 1:
+
+To configure wolfSSL with Arduino, enter ONE of the following 4 commands
+from within the `wolfssl/IDE/ARDUINO` directory:
+
+1. `./wolfssl-arduino.sh`
+    - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
+    - You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
+
+2. `./wolfssl-arduino.sh INSTALL` (The most common option)
+    - Creates an Arduino Library in the local `wolfSSL` directory
+    - Moves that directory to the Arduino library directory:
+        - `$HOME/Arduino/libraries` for most bash environments
+        - `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+    - The wolfSSL library is now available from the Arduino IDE.
+
+3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/repository`
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+
+4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/any/other/directory`
+
+### Step 2:
+
+Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
 If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
-Add any other custom settings, for a good start see the examples in wolfssl root
-"/examples/configs/user_settings_*.h"
+Add any other custom settings. For a good start see the examples in wolfssl root
+"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)"
 
-Step 4: If you experience any issues with custom user_settings.h see the wolfssl
+### Step 3:
+
+If you experience any issues with custom `user_settings.h` see the wolfssl
 porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
 
-Step 5: If you still have any issues contact support@wolfssl.com for more help.
+If you have any issues contact support@wolfssl.com for help.
+
+# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
+
+1. In the Arduino IDE:
+
+The wolfSSL library should automatically be detected when found in the `libraries`
+directory.
+
+  - In `Sketch -> Include Library` choose wolfSSL for new sketches.
+
 
 ##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
 
@@ -32,6 +112,90 @@ Step 5: If you still have any issues contact support@wolfssl.com for more help.
         `IDE/ARDUNIO/wolfSSL` folder.
     - In `Sketch -> Include Library` choose wolfSSL.
 
-2. Open an example Arduino sketch for wolfSSL:
-	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
-	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
+##### wolfSSL Examples
+
+Open an example Arduino sketch for wolfSSL:
+
+  - wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
+
+  - wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
+
+#### Script Examples
+
+Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
+
+Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
+
+```bash
+# Change to the wolfSSL Arduino IDE directory
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+
+# remove current Arduino wolfSSL library
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
+
+# Install wolfSSL as an Arduino library
+./wolfssl-arduino.sh INSTALL
+```
+
+Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
+```
+
+Publish wolfSSL from WSL to default Windows local library.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL
+```
+
+Test the TLS server by running a local command-line client.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./examples/client/client -h 192.168.1.43 -p 11111 -v 3
+```
+
+Build wolfSSL to include wolfSSH support to an alternate development directory.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
+make
+make install
+
+```
+
+Build wolfSSH with wolfSSL not installed to default directory.
+
+```bash
+cd /mnt/c/workspace/wolfssh-$USER
+./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
+make
+./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
+```
+
+Test the current wolfSSL.
+
+```bash
+cd /mnt/c/workspace/wolfssl-arduino
+git status
+./autogen.sh
+./configure --enable-all
+make clean
+make && make test
+```
+
+Build and run `testwolfcrypt`.
+
+```bash
+./autogen.sh
+./configure --enable-all
+make clean && make && ./wolfcrypt/test/testwolfcrypt
+```

IDE/ARDUINO/include.am

@@ -3,6 +3,15 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST+= IDE/ARDUINO/README.md
+EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
+EXTRA_DIST+= IDE/ARDUINO/keywords.txt
+EXTRA_DIST+= IDE/ARDUINO/library.properties.template
+EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
+EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

IDE/ARDUINO/keywords.txt

@@ -0,0 +1,21 @@
+# Syntax Coloring Map For wolfSSL
+# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
+#
+# Be sure to use tabs, not spaces. This might help:
+#  tr ' ' '\t' < keywords1.txt > keywords.txt
+
+#=============================================
+#	Datatypes	(KEYWORD1)
+#=============================================
+
+
+#=============================================
+#	Methods	and	Functions	(KEYWORD2)
+#=============================================
+wolfSSL_SetIORecv	KEYWORD1
+
+#=============================================
+#	Instances	(KEYWORD2)
+#=============================================
+ctx	KEYWORD2
+