Merge pull request #7355 from JacobBarthelmeh/release

prepare for release 5.7.0

.github/workflows/async.yml

@@ -18,7 +18,7 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         name: Checkout wolfSSL
 
       - name: Test wolfSSL async

.github/workflows/curl.yml

@@ -18,11 +18,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-curl
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   test_curl:
     name: ${{ matrix.curl_ref }}
@@ -38,11 +38,11 @@ jobs:
     - name: Install test dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install nghttp2
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev
         sudo pip install impacket
 
     - name: Download lib
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: wolf-install-curl
         path: build-dir

.github/workflows/docker-Espressif.yml

@@ -11,7 +11,7 @@ jobs:
     container:
       image: espressif/idf:latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v4_4:
@@ -20,7 +20,7 @@ jobs:
     container:
       image: espressif/idf:release-v4.4
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v5_0:
@@ -29,6 +29,6 @@ jobs:
     container:
       image: espressif/idf:release-v5.0
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh

.github/workflows/docker-OpenWrt.yml

@@ -16,15 +16,15 @@ jobs:
         steps:
             - name: Install required tools
               run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Compile libwolfssl.so
               run: ./autogen.sh && ./configure --enable-all && make
             - name: Upload libwolfssl.so
-              uses: actions/upload-artifact@v3
+              uses: actions/upload-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
                 path: src/.libs/libwolfssl.so
-                retention-days: 1
+                retention-days: 5
     compile_container:
         name: Compile container
         runs-on: ubuntu-latest
@@ -34,16 +34,16 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                release: [ "22.03-SNAPSHOT", "21.02-SNAPSHOT" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
+                release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
         steps:
-            - uses: actions/checkout@v3
-            - uses: docker/setup-buildx-action@v2
-            - uses: actions/download-artifact@v3
+            - uses: actions/checkout@v4
+            - uses: docker/setup-buildx-action@v3
+            - uses: actions/download-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
                 path: Docker/OpenWrt/.
             - name: Build but dont push
-              uses: docker/build-push-action@v3
+              uses: docker/build-push-action@v5
               with:
                   context: Docker/OpenWrt
                   platforms: linux/amd64

.github/workflows/haproxy.yml

@@ -21,7 +21,7 @@ jobs:
           install: true
 
       - name: Checkout VTest
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: vtest/VTest
           path: VTest
@@ -32,7 +32,7 @@ jobs:
         run: make FLAGS='-O2 -s -Wall'
 
       - name: Checkout HaProxy
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: haproxy/haproxy
           path: haproxy

.github/workflows/hitch.yml

@@ -19,11 +19,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-hitch
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   hitch_check:
     strategy:
@@ -41,13 +41,13 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-hitch
           path: build-dir
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -59,7 +59,7 @@ jobs:
             sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
 
       - name: Checkout hitch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: varnish/hitch
           ref: 1.7.3

.github/workflows/hostap.yml

@@ -40,11 +40,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.build_id }}
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   # Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
   hostap_test:
@@ -113,7 +113,7 @@ jobs:
           echo Our job run ID is $SHA_SUM
 
       - name: Checkout wolfSSL
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: wolfssl
 
@@ -140,7 +140,7 @@ jobs:
           echo "hostap_debug_flags=-d" >> $GITHUB_ENV
 
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: ${{ matrix.config.build_id }}
           path: build-dir
@@ -170,7 +170,7 @@ jobs:
           sudo rmmod mac80211_hwsim
 
       - name: Checkout hostap
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: julek-wolfssl/hostap-mirror 
           path: hostap
@@ -185,7 +185,7 @@ jobs:
 
       - if: ${{ matrix.config.osp_ref }}
         name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -250,7 +250,7 @@ jobs:
             TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
             # Retry up to three times
             for i in {1..3}; do
-              HWSIM_RES=0
+              HWSIM_RES=0 # Not set when command succeeds
               # Logs can grow quickly especially in debug mode
               sudo rm -rf logs
               sudo ./start.sh
@@ -275,7 +275,7 @@ jobs:
 
       - name: Upload failure logs
         if: ${{ failure() && steps.testing.outcome == 'failure' }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: hostap-logs-${{ env.our_job_run_id }}
           path: hostap/tests/hwsim/logs.zip

.github/workflows/krb5.yml

@@ -11,19 +11,23 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 5
     steps:
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           path: wolfssl
-          configure: --enable-krb CFLAGS='-fsanitize=address'
+          configure: --enable-krb CC='gcc -fsanitize=address'
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-krb5
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   krb5_check:
     strategy:
@@ -38,19 +42,19 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-krb5
           path: build-dir
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
 
       - name: Checkout krb5
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: krb5/krb5
           ref: krb5-${{ matrix.ref }}-final
@@ -61,6 +65,10 @@ jobs:
         run: |
           patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build krb5
         working-directory: ./krb5/src
         run: |

.github/workflows/libssh2.yml

@@ -0,0 +1,58 @@
+name: libssh2 Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          check: false # config is already tested in many other PRB's
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir
+          retention-days: 5
+
+  libssh2_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.11.0 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir
+
+      - name: Build and test libssh2
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: libssh2/libssh2
+          ref: libssh2-${{ matrix.ref }}
+          path: libssh2
+          configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
+          check: true
+
+      - name: Confirm libssh2 built with wolfSSL
+        working-directory: ./libssh2
+        run: ldd src/.libs/libssh2.so | grep wolfssl

.github/workflows/main.yml

@@ -40,6 +40,13 @@ jobs:
         uses: ./.github/workflows/krb5.yml
     packaging:
         uses: ./.github/workflows/packaging.yml
+    memcached:
+        uses: ./.github/workflows/memcached.yml
+# TODO: Currently this test fails. Enable it once it becomes passing.        
+#    libssh2:
+#        uses: ./.github/workflows/libssh2.yml
+    openssh:
+        uses: ./.github/workflows/openssh.yml
 # TODO: Currently this test fails. Enable it once it becomes passing.        
 #    haproxy:
 #        uses: ./.github/workflows/haproxy.yml

.github/workflows/memcached.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+if [ -z "$GITHUB_WORKSPACE" ]; then
+    echo '$GITHUB_WORKSPACE is not set'
+    exit 1
+fi
+
+if [ -z "$HOST_ROOT" ]; then
+    echo '$HOST_ROOT is not set'
+    exit 1
+fi
+
+chroot $HOST_ROOT make -C $GITHUB_WORKSPACE/memcached \
+    -j$(nproc) PARALLEL=$(nproc) test_tls

.github/workflows/memcached.yml

@@ -0,0 +1,107 @@
+name: memcached Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-memcached
+          install: true
+
+      - name: Bundle Docker entry point
+        run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-memcached
+          path: build-dir
+          retention-days: 5
+
+  memcached_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 1.6.22
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-memcached
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
+
+      - name: Checkout memcached
+        uses: actions/checkout@v4
+        with:
+          repository: memcached/memcached
+          ref: 1.6.22
+          path: memcached
+
+      - name: Configure and build memcached
+        run: |
+            cd $GITHUB_WORKSPACE/memcached/
+            patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.22.patch
+            ./autogen.sh
+            export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+            PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig ./configure --enable-wolfssl
+            make -j$(nproc)
+
+      - name: Confirm memcached built with wolfSSL
+        working-directory: ./memcached
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ldd memcached | grep wolfssl
+
+      - name: Run memcached tests
+        working-directory: ./memcached
+        run: |
+          # Retry up to three times
+          # Using docker because interrupting the tests doesn't close running
+          # background servers. They can become daemonized and then all re-runs
+          # will always fail.
+          chmod +x $GITHUB_WORKSPACE/build-dir/bin/memcached.sh
+          for i in {1..3}; do
+            echo "-------- RUNNING TESTS --------"
+            MEMCACHED_RES=0 # Not set when command succeeds
+            # Tests should usually take less than 4 minutes. If already taking
+            # 5 minutes then they are probably stuck. Interrupt and re-run.
+            time timeout -s SIGKILL 5m docker run -v /:/host \
+              -v $GITHUB_WORKSPACE/build-dir/bin/memcached.sh:/memcached.sh \
+              -e GITHUB_WORKSPACE=$GITHUB_WORKSPACE \
+              -e HOST_ROOT=/host \
+              -e LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH \
+              alpine:latest /memcached.sh || MEMCACHED_RES=$?
+
+            if [ "$MEMCACHED_RES" -eq "0" ]; then
+              break
+            fi
+          done
+          echo "test ran $i times"
+          if [ "$MEMCACHED_RES" -ne "0" ]; then
+            exit $MEMCACHED_RES
+          fi

.github/workflows/multi-arch.yml

@@ -35,7 +35,7 @@ jobs:
         run: |
           sudo apt update
           sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Build
         env:
             CC: ${{ matrix.CC }}

.github/workflows/multi-compiler.yml

@@ -41,7 +41,7 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Build
         env:
             CC: ${{ matrix.CC }}

.github/workflows/nginx.yml

@@ -25,11 +25,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-nginx
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   nginx_check:
     strategy:
@@ -65,6 +65,33 @@ jobs:
               proxy_request_buffering_ssl.t proxy_ssl_keepalive.t proxy_ssl.t
               proxy_ssl_verify.t stream_proxy_protocol_ssl.t stream_proxy_ssl.t
               stream_proxy_ssl_verify.t stream_ssl_alpn.t
+          - ref: 1.24.0
+            test-ref: 212d9d003886e3a24542855fb60355a417f037de
+            # Following tests pass with sanitizer on
+            sanitize-ok: >-
+              h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
+              mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t mail_ssl.t
+              proxy_ssl_certificate_empty.t proxy_ssl_certificate.t proxy_ssl_certificate_vars.t
+              proxy_ssl_name.t ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
+              ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t ssl_crl.t
+              ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t ssl_proxy_protocol.t
+              ssl_proxy_upgrade.t ssl_reject_handshake.t ssl_session_reuse.t
+              ssl_session_ticket_key.t ssl_sni_reneg.t ssl_sni_sessions.t ssl_sni.t
+              ssl_stapling.t ssl.t ssl_verify_client.t stream_proxy_ssl_certificate.t
+              stream_proxy_ssl_certificate_vars.t stream_proxy_ssl_name_complex.t
+              stream_proxy_ssl_name.t stream_ssl_alpn.t stream_ssl_certificate.t
+              stream_ssl_conf_command.t stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t
+              stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
+              stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
+              upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
+              uwsgi_ssl.t uwsgi_ssl_verify.t 
+            # Following tests do not pass with sanitizer on (with OpenSSL too)
+            sanitize-not-ok: >-
+              grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
+              proxy_request_buffering_ssl.t proxy_ssl_conf_command.t proxy_ssl_keepalive.t
+              proxy_ssl.t proxy_ssl_verify.t ssl_curve.t ssl_verify_depth.t
+              stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
+              stream_proxy_ssl_verify.t
     name: ${{ matrix.ref }}
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -72,7 +99,7 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-nginx
           path: build-dir
@@ -82,13 +109,13 @@ jobs:
           sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
 
       - name: Checkout wolfssl-nginx
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/wolfssl-nginx
           path: wolfssl-nginx
 
       - name: Checkout nginx
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: nginx/nginx
           path: nginx
@@ -104,7 +131,7 @@ jobs:
         run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
 
       - name: Checkout nginx-tests
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: nginx/nginx-tests
           path: nginx-tests
@@ -147,6 +174,10 @@ jobs:
         run: |
           echo "nginx_c_flags=-O0" >> $GITHUB_ENV
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build nginx with sanitizer
         working-directory: nginx
         run: |
@@ -176,4 +207,4 @@ jobs:
           LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
             TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
             prove ${{ matrix.sanitize-ok }}
- 
+ 

.github/workflows/openssh.yml

@@ -0,0 +1,68 @@
+name: openssh Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-openssh --enable-dsa --with-max-rsa-bits=8192
+            --enable-intelasm --enable-sp-asm
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir
+          retention-days: 5
+
+  openssh_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - git_ref: 'V_9_6_P1'
+            osp_ver: '9.6'
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test openssh
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: openssh/openssh-portable
+          ref: ${{ matrix.git_ref }}
+          path: openssh
+          patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
+          check: false
+
+      # make tests take >20 minutes. Consider limiting? 
+      - name: Run tests
+        working-directory: ./openssh
+        run: |
+          # Run all the tests except (t-exec) as it takes too long
+          make file-tests interop-tests extra-tests unit

.github/workflows/openvpn.yml

@@ -19,18 +19,18 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-openvpn
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   openvpn_check:
     strategy:
       fail-fast: false
       matrix:
         # List of refs to test
-        ref: [ master, release/2.6, v2.6.0 ]
+        ref: [ release/2.6, v2.6.0, master ]
     name: ${{ matrix.ref }}
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -38,7 +38,7 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-openvpn
           path: build-dir
@@ -50,10 +50,14 @@ jobs:
                      linux-libc-dev man2html libcmocka-dev python3-docutils \
                      libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - if: ${{ matrix.ref != 'master' }}
         name: Build and test openvpn with fsanitize
         run: |
-          echo 'extra_c_flags=CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
+          echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
 
       - name: Build and test openvpn
         uses: wolfSSL/actions-build-autotools-project@v1

.github/workflows/os-check.yml

@@ -16,11 +16,14 @@ jobs:
           '--enable-all --enable-asn=original',
           '--enable-harden-tls',
           '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
-           --enable-opensslextra --enable-sessioncerts 
-           CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
-           -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
+             --enable-opensslextra --enable-sessioncerts 
+             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
+             -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
           '--enable-all --enable-secure-renegotiation',
           '--enable-all --enable-haproxy --enable-quic',
+          '--enable-dtls --enable-dtls13 --enable-earlydata 
+             --enable-session-ticket --enable-psk 
+             CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
         ]
     name: make check
     runs-on: ${{ matrix.os }}
@@ -64,6 +67,7 @@ jobs:
           'examples/configs/user_settings_min_ecc.h',
           'examples/configs/user_settings_wolfboot_keytools.h',
           'examples/configs/user_settings_wolftpm.h',
+          'examples/configs/user_settings_tls12.h',
         ]
     name: make user_setting.h (testwolfcrypt only)
     runs-on: ${{ matrix.os }}
@@ -91,7 +95,7 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - if: ${{ matrix.os == 'macos-latest' }}
       run: brew install automake libtool
     - run: ./autogen.sh
@@ -118,10 +122,10 @@ jobs:
       BUILD_CONFIGURATION: Release
       BUILD_PLATFORM: x64
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Add MSBuild to PATH
-      uses: microsoft/setup-msbuild@v1
+      uses: microsoft/setup-msbuild@v2
 
     - name: Restore NuGet packages
       working-directory: ${{env.GITHUB_WORKSPACE}}

.github/workflows/packaging.yml

@@ -11,7 +11,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout wolfSSL
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Configure wolfSSL
         run: |

.github/workflows/stunnel.yml

@@ -19,11 +19,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-stunnel
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   stunnel_check:
     strategy:
@@ -38,13 +38,13 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-stunnel
           path: build-dir
     
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp

.github/workflows/zephyr.yml

@@ -7,10 +7,13 @@ jobs:
   run_test:
     name: Build and run
     strategy:
+      fail-fast: false
       matrix:
         config:
           - zephyr-ref: v3.4.0
             zephyr-sdk: 0.16.1
+          - zephyr-ref: v3.5.0
+            zephyr-sdk: 0.16.3
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 15
@@ -61,10 +64,10 @@ jobs:
 
       - name: Install zephyr SDK
         run: |
-          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
-          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
+          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
           cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
-          ./setup.sh -h -c
+          ./setup.sh -h -c -t x86_64-zephyr-elf
 
       - name: Run wolfssl test
         id: wolfssl-test
@@ -94,7 +97,7 @@ jobs:
 
       - name: Upload failure logs
         if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: zephyr-client-test-logs
           path: logs.zip

.gitignore

@@ -82,16 +82,19 @@ snifftest
 output
 mcapi/test
 testsuite/testsuite
-tests/unit
 testsuite/testsuite.test
+testsuite/*.der
+testsuite/*.pem
+testsuite/*.raw
+testsuite/*.obj
+testsuite/*.pdb
+testsuite/*.idb
+tests/unit
 tests/unit.test
 tests/bio_write_test.txt
 tests/test-log-dump-to-file.txt
 tests/cert_cache.tmp
 test-write-dhparams.pem
-testsuite/*.der
-testsuite/*.pem
-testsuite/*.raw
 cert.der
 cert.pem
 certecc.der
@@ -286,23 +289,6 @@ mqx/wolfcrypt_benchmark/.settings
 mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
 mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
 
-# User Crypto example build
-wolfcrypt/user-crypto/aclocal.m4
-wolfcrypt/user-crypto/config.guess
-wolfcrypt/user-crypto/autom4te.cache
-wolfcrypt/user-crypto/config.log
-wolfcrypt/user-crypto/config.status
-wolfcrypt/user-crypto/config.sub
-wolfcrypt/user-crypto/depcomp
-wolfcrypt/user-crypto/install-sh
-wolfcrypt/user-crypto/libtool
-wolfcrypt/user-crypto/ltmain.sh
-wolfcrypt/user-crypto/m4
-wolfcrypt/user-crypto/missing
-wolfcrypt/user-crypto/Makefile.in
-wolfcrypt/user-crypto/lib/libusercrypto.*
-*.hzs
-
 # wolfSSL CSharp wrapper
 wrapper/CSharp/x64/
 
@@ -339,6 +325,10 @@ wolfcrypt/src/port/intel/qat_test
 # Arduino Generated Files
 /IDE/ARDUINO/wolfSSL
 scripts/memtest.txt
+/IDE/ARDUINO/Arduino_README_prepend.md.tmp
+/IDE/ARDUINO/library.properties.tmp
+/IDE/ARDUINO/library.properties.tmp.backup
+/IDE/ARDUINO/PREPENDED_README.md
 
 # Doxygen generated files
 doc/doxygen_warnings
@@ -415,12 +405,19 @@ XXX-fips-test
 # Generated user_settings_asm.h.
 user_settings_asm.h
 
-# VisualGD
+# VisualGDB
 **/.visualgdb
 
 # Espressif sdk config default should be saved in sdkconfig.defaults
 # we won't track the actual working sdkconfig files
 /IDE/Espressif/**/sdkconfig
+/IDE/Espressif/**/sdkconfig.old
+
+# MPLAB
+/IDE/MPLABX16/wolfssl.X/dist/default/
+/IDE/MPLABX16/wolfssl.X/.generated_files
+/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
+/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
 
 # auto-created CMake backups
 **/CMakeLists.txt.old

CMakeLists.txt

@@ -28,7 +28,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.6.4 LANGUAGES C ASM)
+project(wolfssl VERSION 5.7.0 LANGUAGES C ASM)
 
 # Set WOLFSSL_ROOT if not already defined
 if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -42,16 +42,19 @@ else()
 endif()
 
 # shared library versioning
-# increment if interfaces have been added, removed or changed
-set(LIBTOOL_CURRENT 41)
-# increment if source code has changed  set to zero if current is incremented
-set(LIBTOOL_REVISION 0)
-# increment if interfaces have been added set to zero if interfaces have been
-# removed or changed
-set(LIBTOOL_AGE 0)
+# increment if interfaces have been removed or changed
+set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
 
-math(EXPR LIBTOOL_SO_VERSION "${LIBTOOL_CURRENT} - ${LIBTOOL_AGE}")
-set(LIBTOOL_FULL_VERSION ${LIBTOOL_SO_VERSION}.${LIBTOOL_AGE}.${LIBTOOL_REVISION})
+# increment if interfaces have been added
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
+set(WOLFSSL_LIBRARY_VERSION_SECOND 1)
+
+# increment if source code has changed
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
+# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
+set(WOLFSSL_LIBRARY_VERSION_THIRD 0)
+
+set(LIBTOOL_FULL_VERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}.${WOLFSSL_LIBRARY_VERSION_SECOND}.${WOLFSSL_LIBRARY_VERSION_THIRD})
 
 set(WOLFSSL_DEFINITIONS)
 set(WOLFSSL_LINK_LIBS)
@@ -127,11 +130,18 @@ check_type_size("time_t" SIZEOF_TIME_T)
 # but we want it as 1.
 if(HAVE___UINT128_T)
     set(HAVE___UINT128_T "1" CACHE INTERNAL "Result of TRY_COMPILE" FORCE)
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE___UINT128_T")
 endif()
 
-include(TestBigEndian)
-
-test_big_endian(WORDS_BIGENDIAN)
+if(CMAKE_VERSION VERSION_LESS "3.20")
+    # TestBigEndian was deprecated in 3.20
+    include(TestBigEndian)
+    test_big_endian(IS_BIG_ENDIAN)
+    set(CMAKE_C_BYTE_ORDER "LITTLE_ENDIAN")
+    if(IS_BIG_ENDIAN)
+        set(CMAKE_C_BYTE_ORDER "BIG_ENDIAN")
+    endif()
+endif()
 
 # Thread local storage
 include(CheckCSourceCompiles)
@@ -214,6 +224,8 @@ if(WOLFSSL_REPRODUCIBLE_BUILD)
     set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -D <TARGET>")
 endif()
 
+add_option("WOLFSSL_INSTALL" "Create install target for WolfSSL project" "yes" "yes;no")
+
 # Support for forcing 32-bit mode
 # TODO: detect platform from other options
 add_option("WOLFSSL_32BIT"
@@ -268,6 +280,18 @@ if(NOT WOLFSSL_SINGLE_THREADED)
     endif()
 endif()
 
+# DTLS-SRTP
+add_option("WOLFSSL_SRTP"
+    "Enables wolfSSL DTLS-SRTP (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_SRTP)
+    list(APPEND WOLFSSL_DEFINITIONS
+        "-DWOLFSSL_SRTP")
+    set(WOLFSSL_DTLS "yes")
+    set(WOLFSSL_KEYING_MATERIAL "yes")
+endif()
+
 
 # DTLS
 add_option("WOLFSSL_DTLS"
@@ -364,6 +388,83 @@ if(NOT WOLFSSL_RNG)
     list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_RNG")
 endif()
 
+# QUIC
+add_option(WOLFSSL_QUIC
+    "Enable QUIC support (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_QUIC)
+    set(WOLFSSL_ALPN "yes")
+    set(WOLFSSL_OPENSSLEXTRA "yes")
+    set(WOLFSSL_AESCTR "yes")
+    set(WOLFSSL_CURVE25519 "yes")
+    set(WOLFSSL_SNI "yes")
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_QUIC" "-DHAVE_EX_DATA")
+endif()
+
+# Curl
+add_option(WOLFSSL_CURL
+    "Enable CURL support (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_CURL)
+    set(WOLFSSL_MD4 "yes")
+    set(WOLFSSL_DES3 "yes")
+    set(WOLFSSL_ALPN "yes")
+    set(WOLFSSL_OPENSSLEXTRA "yes")
+    set(WOLFSSL_CRL "yes")
+    set(WOLFSSL_OCSP "yes")
+    set(WOLFSSL_OCSPSTAPLING "yes")
+    set(WOLFSSL_OCSPSTAPLING_V2 "yes")
+    set(WOLFSSL_SNI "yes")
+    set(WOLFSSL_ALT_CERT_CHAINS "yes")
+    set(WOLFSSL_IP_ALT_NAME "yes")
+    set(WOLFSSL_SESSION_TICKET "yes")
+    set(WOLFSSL_WOLFSSH "yes")
+    list(APPEND WOLFSSL_DEFINITIONS
+        "-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
+endif()
+
+# ALPN
+add_option(WOLFSSL_ALPN
+    "Enable ALPN support (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_ALPN)
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS")
+endif()
+
+# altcertchains
+add_option(WOLFSSL_ALT_CERT_CHAINS
+    "Enable support for Alternate certification chains (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_ALT_CERT_CHAINS)
+        list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ALT_CERT_CHAINS")
+endif()
+
+# ip-alt-name
+add_option(WOLFSSL_IP_ALT_NAME
+    "Enable support for IP alternative name (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_IP_ALT_NAME)
+        list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_IP_ALT_NAME")
+endif()
+
+# wolfSSH
+add_option(WOLFSSL_WOLFSSH
+    "Enable support for wolfSSH (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_WOLFSSH)
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WOLFSSH")
+endif()
+
+if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS)
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
+endif()
+
 # TODO: - DTLS-SCTP
 #       - DTLS multicast
 #       - OpenSSH
@@ -373,14 +474,11 @@ endif()
 #       - wpa_supplicant
 #       - Fortress
 #       - libwebsockets
-#       - IP alternative name
 #       - Qt
 #       - SSL bump
 #       - sniffer
 #       - Signal
 #       - OpenSSL coexist
-#       - OpenSSL compatibility all
-#       - OpenSSL compatibility extra
 #       - Max strength
 
 # Harden, enable Timing Resistance and Blinding by default
@@ -432,7 +530,6 @@ if (WOLFSSL_OPENSSLALL)
       "-DWOLFSSL_ERROR_CODE_OPENSSL" "-DWOLFSSL_CERT_NAME_ALL")
 endif()
 
-
 # TODO: - IPv6 test apps
 
 set(WOLFSSL_SLOW_MATH "yes")
@@ -488,7 +585,7 @@ if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13))
     override_cache(WOLFSSL_AESGCM "no")
 endif()
 
-if(WOLFSSL_AESGCM AND NOT WORDS_BIGENDIAN)
+if(WOLFSSL_AESGCM AND CMAKE_C_BYTE_ORDER STREQUAL "LITTLE_ENDIAN")
     override_cache(WOLFSSL_AESGCM "4bit")
 endif()
 
@@ -516,6 +613,15 @@ if(WOLFSSL_AESGCM)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AESGCM")
 endif()
 
+if(WOLFSSL_QUIC)
+    if(NOT WOLFSSL_TLS13)
+        message(FATAL_ERROR "TLS 1.3 is disabled - necessary for QUIC")
+    endif()
+    if(NOT WOLFSSL_AESGCM)
+        message(FATAL_ERROR "AES-GCM is disabled - necessary for QUIC")
+    endif()
+endif()
+
 # AES-SIV
 add_option("WOLFSSL_AESSIV"
     "Enable wolfSSL AES-SIV support (default: disabled)"
@@ -1422,7 +1528,6 @@ endif()
 
 # TODO: - TLS extensions
 #       - Early data handshake
-#       - wolfSSH options
 #       - SCEP
 #       - Secure remote password
 #       - Indefinite length encoded messages
@@ -1568,17 +1673,14 @@ if(WOLFSSL_FAST_MATH)
         list(APPEND WOLFSSL_DEFINITIONS "-DUSE_FAST_MATH")
         set(WOLFSSL_SLOWMATH "no")
     endif()
-
-    if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
-        # Have settings.h set FP_MAX_BITS higher if user didn't set directly
-        list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
-    endif()
 endif()
 
 # TODO: - Fast huge math
 
 # Set processor-specific build macros
 if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
+    set(WOLFSSL_X86_64_BUILD ON)
+    add_option("WOLFSSL_X86_64_BUILD_ASM" "Build ASM files" "yes" "yes;no")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
 elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "aarch64|arm64")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AARCH64_BUILD")
@@ -1659,13 +1761,15 @@ else()
     list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_ASYNC_THREADING")
 endif()
 
-# TODO: - cryptodev
-#       - Session export
+# TODO: - Session export
 
 add_option("WOLFSSL_CRYPTOCB"
     "Enable crypto callbacks (default: disabled)"
     "no" "yes;no")
 
+add_option("WOLFSSL_PKCALLBACKS"
+    "Enable public key callbacks (default: disabled)"
+    "no" "yes;no")
 
 add_option("WOLFSSL_OLD_NAMES"
     "Keep backwards compat with old names (default: enabled)"
@@ -1723,10 +1827,16 @@ if(WOLFSSL_SYS_CA_CERTS)
         message("Can't enable system CA certs without a filesystem.")
         override_cache(WOLFSSL_SYS_CA_CERTS "no")
     elseif(APPLE)
+        # Headers used for MacOS default system CA certs behavior. Only MacOS SDK will have this header
         check_include_file("Security/SecTrustSettings.h" HAVE_SECURITY_SECTRUSTSETTINGS_H)
+        # Headers used for Apple native cert validation. All device SDKs should have these headers
         check_include_file("Security/SecCertificate.h" HAVE_SECURITY_SECCERTIFICATE_H)
         check_include_file("Security/SecTrust.h" HAVE_SECURITY_SECTRUST_H)
         check_include_file("Security/SecPolicy.h" HAVE_SECURITY_SECPOLICY_H)
+        # Either Security/SecTrustSettings (for MacOS cert loading), or the
+        # trio of Security/SecCertificate.h, Security/SecTrust.h, and
+        # Security/SecPolicy.h (for native trust APIs on other apple devices)
+        # must be present. Default to SecTrustSettings method on MacOS.
         if(HAVE_SECURITY_SECTRUSTSETTINGS_H OR (HAVE_SECURITY_SECCERTIFICATE_H
                                                 AND HAVE_SECURITY_SECTRUST_H
                                                 AND HAVE_SECURITY_SECPOLICY_H))
@@ -1739,6 +1849,14 @@ if(WOLFSSL_SYS_CA_CERTS)
                     message(FATAL_ERROR "Can't enable system CA certs without Security framework.")
                 endif()
             endif()
+
+            # MacOS should not use native cert validation by default, but other apple devices should.
+            if(NOT HAVE_SECURITY_SECTRUSTSETTINGS_H AND HAVE_SECURITY_SECCERTIFICATE_H
+                                                    AND HAVE_SECURITY_SECTRUST_H
+                                                    AND HAVE_SECURITY_SECPOLICY_H)
+                list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_APPLE_NATIVE_CERT_VALIDATION")
+            endif()
+
         else()
             message(FATAL_ERROR "Can't enable system CA certs without Apple Security.framework headers.")
         endif()
@@ -1852,6 +1970,11 @@ if(WOLFSSL_CRYPTOCB)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB")
 endif()
 
+# Public Key Callbacks
+if(WOLFSSL_PKCALLBACKS)
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
+endif()
+
 if(WOLFSSL_OCSPSTAPLING)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CERTIFICATE_STATUS_REQUEST" "-DHAVE_TLS_EXTENSIONS")
     override_cache(WOLFSSL_OCSP "yes")
@@ -1967,7 +2090,7 @@ endif()
 # Suppress some warnings about separate compilation, inlining
 add_definitions("-DWOLFSSL_IGNORE_FILE_WARN")
 # Generate user options header
-message("Generating user options header...")
+message(STATUS "Generating user options header...")
 if (${CMAKE_DISABLE_SOURCE_CHANGES})
     set(WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT "${CMAKE_DISABLE_SOURCE_CHANGES}")
 else()
@@ -2090,7 +2213,7 @@ endif()
 
 set_target_properties(wolfssl
     PROPERTIES
-        SOVERSION ${LIBTOOL_SO_VERSION}
+        SOVERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}
         VERSION ${LIBTOOL_FULL_VERSION}
 )
 
@@ -2147,7 +2270,9 @@ endif()
 # Tests and Examples
 ####################################################
 
+enable_testing()
 if(WOLFSSL_EXAMPLES)
+
     # Build wolfSSL client example
     add_executable(client
         ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
@@ -2203,6 +2328,7 @@ if(WOLFSSL_EXAMPLES)
         tests/suites.c
         tests/w64wrapper.c
         tests/unit.c
+        tests/quic.c
         examples/server/server.c
         examples/client/client.c)
     target_include_directories(unit_test PRIVATE
@@ -2216,6 +2342,9 @@ if(WOLFSSL_EXAMPLES)
     set_property(TARGET unit_test
                  PROPERTY RUNTIME_OUTPUT_NAME
                  unit.test)
+    add_test(NAME unit_test
+             COMMAND $<TARGET_FILE:unit_test>
+             WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 endif()
 
 if(WOLFSSL_CRYPT_TESTS)
@@ -2255,6 +2384,9 @@ if(WOLFSSL_CRYPT_TESTS)
     if(WOLFSSL_CRYPT_TESTS_HELP)
         target_compile_options(wolfcrypttest PRIVATE "-DHAVE_WOLFCRYPT_TEST_OPTIONS")
     endif()
+    add_test(NAME wolfcrypttest
+             COMMAND $<TARGET_FILE:wolfcrypttest>
+             WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 
     # Build wolfCrypt benchmark executable.
     add_executable(wolfcryptbench
@@ -2399,82 +2531,96 @@ list(JOIN HEADER_EXCLUDE "|" EXCLUDED_HEADERS_REGEX)
 string(PREPEND EXCLUDED_HEADERS_REGEX "(")
 string(APPEND  EXCLUDED_HEADERS_REGEX ")")
 
-set(INSTALLED_EXAMPLES
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
+if(WOLFSSL_INSTALL)
 
-# Install the library
-install(TARGETS wolfssl
-        EXPORT wolfssl-targets
-        LIBRARY DESTINATION lib
-        ARCHIVE DESTINATION lib
-        RUNTIME DESTINATION bin
-        )
-# Install the headers
-install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
-        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
-        FILES_MATCHING PATTERN "*.h"
-        REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
-install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
-        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
-        FILES_MATCHING PATTERN "*.h"
-        REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
+    set(INSTALLED_EXAMPLES
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
 
-# Install the examples
-install(FILES ${INSTALLED_EXAMPLES}
-        DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
-# Install README.txt and taoCert.txt
-install(FILES
-        ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
-        ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
-        DESTINATION ${CMAKE_INSTALL_DOCDIR})
-# Install the export set
-install(EXPORT wolfssl-targets
-        DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
-        FILE wolfssl-targets.cmake
-        NAMESPACE wolfssl::)
 
-# TODO: Distro build + rules for what to include in the distro.
-#       See various include.am files.
+    # Install the library
+    install(TARGETS wolfssl
+            EXPORT wolfssl-targets
+            LIBRARY DESTINATION lib
+            ARCHIVE DESTINATION lib
+            RUNTIME DESTINATION bin
+            )
+    # Install the headers
+    install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
+            DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
+            FILES_MATCHING PATTERN "*.h"
+            REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
+    install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
+            DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
+            FILES_MATCHING PATTERN "*.h"
+            REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
 
-set(prefix ${CMAKE_INSTALL_PREFIX})
-set(exec_prefix "\${prefix}")
-set(libdir "\${exec_prefix}/lib")
-set(includedir "\${prefix}/include")
-set(VERSION ${PROJECT_VERSION})
+    # Install the examples
+    install(FILES ${INSTALLED_EXAMPLES}
+            DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
+    # Install README.txt and taoCert.txt
+    install(FILES
+            ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
+            ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
+            DESTINATION ${CMAKE_INSTALL_DOCDIR})
+    # Install the export set
+    install(EXPORT wolfssl-targets
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
+            FILE wolfssl-targets.cmake
+            NAMESPACE wolfssl::)
 
-configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
-  DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+    # TODO: Distro build + rules for what to include in the distro.
+    #       See various include.am files.
 
-include(CMakePackageConfigHelpers)
-configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
-  "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
-  INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
-  NO_SET_AND_CHECK_MACRO
-  NO_CHECK_REQUIRED_COMPONENTS_MACRO
-)
+    set(prefix ${CMAKE_INSTALL_PREFIX})
+    set(exec_prefix "\${prefix}")
+    set(libdir "\${exec_prefix}/lib")
+    set(includedir "\${prefix}/include")
+    set(VERSION ${PROJECT_VERSION})
 
-export(EXPORT wolfssl-targets
-  FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
-  NAMESPACE wolfssl::
-)
+    # Setting libm in Libs.private of wolfssl.pc.
+    # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
+    get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
+    list(FIND _wolfssl_dep_libs m _dep_libm)
+    if ("${_dep_libm}" GREATER -1)
+      set(LIBM -lm)
+    else()
+      set(LIBM)
+    endif()
 
-write_basic_package_version_file(
-  "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
-  VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
-  COMPATIBILITY AnyNewerVersion
-)
+    configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
+    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
 
-install(FILES
-  ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
-  ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
-  DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
-)
+    include(CMakePackageConfigHelpers)
+    configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
+    "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
+    INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
+    NO_SET_AND_CHECK_MACRO
+    NO_CHECK_REQUIRED_COMPONENTS_MACRO
+    )
+
+    export(EXPORT wolfssl-targets
+    FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
+    NAMESPACE wolfssl::
+    )
+
+    write_basic_package_version_file(
+    "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
+    VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
+    COMPATIBILITY AnyNewerVersion
+    )
+
+    install(FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
+    ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
+    )
+endif()

ChangeLog.md

@@ -1,13 +1,193 @@
+# wolfSSL Release 5.7.0 (Mar 20, 2024)
+
+Release 5.7.0 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition.  This option should only be used in backward compatibility scenarios, as it is inherently insecure.
+
+NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.
+
+
+## Vulnerabilities
+* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
+
+
+* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167
+
+
+* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia).
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
+
+
+## New Feature Additions
+
+* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
+
+### POST QUANTUM SUPPORT ADDITIONS
+* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
+* Experimental framework for using wolfSSL’s LMS implementation (PR 7283)
+* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318)
+* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112)
+* CryptoCb support for PQC algorithms (PR 7110)
+
+### OTHER FEATURE ADDITIONS
+* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems.  In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation.
+* CryptoCb hook to one-shot CMAC functions (PR 7059)
+* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184)
+* IoT-Safe SHA-384 and SHA-512 support (PR 7176)
+* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272)
+* Microchip PIC24 support and example project (PR 7151)
+* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296)
+* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)
+* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236)
+
+
+## Enhancements and Optimizations
+
+* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
+* Support for RSA-PSS signatures with CRL use (PR 7119)
+* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
+* Support for crypto cb only build with ECC and NXP CAAM (PR 7269)
+* Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
+* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096)
+* Enhancements to reproducible build (PR 7267)
+* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
+* XC32 compiler version 4.x compatibility (PR 7128)
+* Porting for build on PlayStation 3 and 4 (PR 7072)
+* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)
+* Allow crypto callbacks with SHA-1 HW (PR 7087)
+* Update OpenSSH port to version 9.6p1(PR 7203)
+* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221)
+* Expand heap hint support for static memory build with more x509 functions (PR 7136)
+* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182)
+* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194)
+* Implement wc_rng_new_ex for use with devID’s with crypto callback (PR 7271)
+* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102)
+* Send alert on bad PSK binder error (PR 7235)
+* Enhancements to CMake build files for use with cross compiling (PR 7188)
+
+
+## Fixes
+
+* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051)
+* Fix for Aria sign use (PR 7082)
+* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085)
+* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018)
+* Fixes for STM32 PKA use with ECC (PR 7098)
+* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070)
+* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101)
+* Siphash x64 asm fix for use with older compilers (PR 7299)
+* Fix for SGX build with SP (PR 7308)
+* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190)
+* Fix for wrap around behavior with BIO pairs (PR 7169)
+* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255)
+* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150)
+* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214)
+* Fix for write_dup use with chacha-poly cipher suites (PR 7206)
+* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141)
+* Fix for AES ECB build with Thumb and alignment (PR 7094)
+* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237)
+
+# wolfSSL Release 5.6.6 (Dec 19, 2023)
+
+Release 5.6.6 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+
+REMINDER: When working with AES Block Cipher algorithms, `wc_AesInit()` should
+always be called first to initialize the `Aes` structure, before calling other
+Aes API functions. Recently we found several places in our documentation,
+comments, and codebase where this pattern was not observed. We have since
+fixed this omission in several PRs for this release.
+
+## Vulnerabilities
+
+* [Medium] CVE-2023-6935: After review of the previous RSA timing fix in wolfSSL 5.6.4, additional changes were found to be required. A complete resistant change is delivered in this release. This fix is for the Marvin attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a very large number of trial connections. This issue is around RSA decryption and affects the optional static RSA cipher suites on the server side, which are considered weak, not recommended to be used and are off by default in wolfSSL (even with `--enable-all`). Static RSA cipher suites were also removed from the TLS 1.3 protocol and are only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It is recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. Thanks to Hubert Kario for the report. The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6955.
+
+* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
+
+* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
+
+* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
+
+## New Feature Additions
+
+* Build option for disabling CRL date checks (`WOLFSSL_NO_CRL_DATE_CHECK`) (PR 6927)
+* Support for STM32WL55 and improvements to PKA ECC support (PR 6937)
+* Add option to skip cookie exchange on DTLS 1.3 session resumption (PR 6929)
+* Add implementation of SRTP KDF and SRTCP KDF (`--enable-srtp-kdf`) (PR 6888)
+* Add `wolfSSL_EXTENDED_KEY_USAGE_free()` (PR 6916)
+* Add AES bitsliced implementation that is cache attack safe (`--enable-aes-bitsliced`) (PR 6854)
+* Add memcached support and automated testing (PR 6430, 7022)
+* Add Hardware Encryption Acceleration for ESP32-C3, ESP32-C6, and ESP32-S2 (PR 6990)
+* Add (D)TLS 1.3 support for 0.5-RTT data (PR 7010)
+
+## Enhancements and Optimizations
+
+* Better built in testing of “`--sys-ca-certs`” configure option (PR 6910)
+* Updated CMakeLists.txt for Espressif wolfSSL component usage (PR 6877)
+* Disable TLS 1.1 by default (unless SSL 3.0 or TLS 1.0 is enabled) (PR 6946)
+* Add “`--enable-quic`” to “`--enable-all`” configure option (PR 6957)
+* Add support to SP C implementation for RSA exponent up to 64-bits (PR 6959)
+* Add result of “`HAVE___UINT128_T`” to options.h for CMake builds (PR 6965)
+* Add optimized assembly for AES-GCM on ARM64 using hardware crypto instructions (PR 6967)
+* Add built-in cipher suite tests for DTLS 1.3 PQC (PR 6952)
+* Add wolfCrypt test and unit test to ctest (PR 6977)
+* Move OpenSSL compatibility crypto APIs into `ssl_crypto.c` file (PR 6935)
+* Validate time generated from XGMTIME() (PR 6958)
+* Allow wolfCrypt benchmark to run with microsecond accuracy (PR 6868)
+* Add GitHub Actions testing with nginx 1.24.0 (PR 6982)
+* Allow encoding of CA:FALSE BasicConstraint during cert generation (PR 6953)
+* Add CMake option to enable DTLS-SRTP (PR 6991)
+* Add CMake options for enabling QUIC and cURL (PR 7049)
+* Improve RSA blinding to make code more constant time (PR 6955)
+* Refactor AES-NI implementation macros to allow dynamic fallback to C (PR 6981)
+* Default to native Windows threading API on MinGW (PR 7015)
+* Return better error codes from OCSP response check (PR 7028)
+* Updated Espressif ESP32 TLS client and server examples (PR 6844)
+* Add/clean up support for ESP-IDF v5.1 for a variety of ESP32 chips (PR 7035, 7037)
+* Add API to choose dynamic certs based on client ciphers/sigalgs (PR 6963)
+* Improve Arduino IDE 1.5 project file to match recursive style (PR 7007)
+* Simplify and improve apple-universal build script (PR 7025)
+
+## Fixes
+
+* Fix for async edge case with Intel QuickAssist/Cavium Nitrox (PR 6931)
+* Fix for building PKCS#7 with RSA disabled (PR 6902)
+* Fix for advancing output pointer in `wolfSSL_i2d_X509()` (PR 6891)
+* Fix for `EVP_EncodeBlock()` appending a newline (PR 6900)
+* Fix for `wolfSSL_RSA_verify_PKCS1_PSS()` with `RSA_PSS_SALTLEN_AUTO` (PR 6938)
+* Fixes for CODESonar reports around `isalpha()` and `isalnum()` calls (PR 6810)
+* Fix for SP ARM64 integer math to avoid compiler optimization issues (PR 6942)
+* Fix for SP Thumb2 inline assembly to add IAR build support (PR 6943, 6971)
+* Fix for SP Thumb2 to make functions not inlined (PR 6993)
+* Fix for SP Cortex-M assembly large build with IAR (PR 6954)
+* Fix for SP ARM64 assembly montgomery reduction by 4 (PR 6947)
+* Fix for SP ARM64 P-256 for not inlining functions for iOS compatibility (PR 6979)
+* Fix for `WOLFSSL_CALLBACKS` and potential memory error (PR 6949)
+* Fixes for wolfSSL’s Zephyr OS port (PR 6930)
+* Fix for build errors when building for NXP mmCAU (`FREESCALE_MMCAU`) (PR 6970)
+* Fix for TLS 1.3 `SendBuffered()` return code in non-blocking mode (PR 7001)
+* Fix for TLS `Hmac_UpdateFinal()` when padding byte is invalid (PR 6998)
+* Fix for ARMv8 AES-GCM streaming to check size of IV before storing (PR 6996)
+* Add missing calls to `wc_AesInit()` before `wc_AesSetKey()` (PR 7011)
+* Fix build errors with DTLS 1.3 enabled but TLS 1.2 disabled (PR 6976)
+* Fixes for building wolfSSL in Visual Studio (PR 7040)
+
 # wolfSSL Release 5.6.4 (Oct 30, 2023)
 
 Release 5.6.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-
 NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
       * Old CyaSSL/CtaoCrypt shim layer was removed in this release (5.6.4)
 
-
 ## Vulnerabilities
 
 * [Medium] A fix was added, but still under review for completeness, for a Bleichenbacher style attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a large number of trial connections. This issue is around RSA decryption and affects static RSA cipher suites on the server side, which are not recommended to be used and are off by default. Static RSA cipher suites were also removed from the TLS 1.3 protocol and only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It's recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. The fix is located in this pull request (https://github.com/wolfSSL/wolfssl/pull/6896)
@@ -23,7 +203,7 @@ NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
 * Added LMS/HSS and XMSS/XMSS^MT wolfcrypt hooks, both normal and verify-only options.
 * Added support for the AES EAX mode of operation
 * Port for use with Hitch (https://github.com/varnish/hitch) added
-* Add XTS API's to handle multiple sectors in new port ot VeraCrypt
+* Add XTS API's to handle multiple sectors in new port to VeraCrypt
 
 ## Enhancements and Optimizations
 
@@ -70,7 +250,6 @@ Release 5.6.3 of wolfSSL embedded TLS has 4 bug fixes:
 * Improvements to Encrypted Memory support (WC_PROTECT_ENCRYPTED_MEM) implementations for modular exponentiation in SP math-all (sp_int.c) and TFM (tfm.c).
 * Improvements to SendAlert for getting output buffer.
 
-
 # wolfSSL Release 5.6.2 (Jun 09, 2023)
 
 Release 5.6.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.

Docker/Dockerfile

@@ -3,10 +3,13 @@ FROM $DOCKER_BASE_IMAGE
 
 USER root
 
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
 ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
 ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
 ARG DEPS_UDP_PROXY="wget libevent-dev"
-ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump"
+ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev"
 ARG DEPS_TOOLS="ccache"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
                     && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \

Docker/Dockerfile.cross-compiler

@@ -3,7 +3,7 @@ FROM $DOCKER_BASE_IMAGE
 
 USER root
 
-ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu"
+ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu"
 RUN DEBIAN_FRONTEND=noninteractive apt update \
                     && apt install -y ${DEPS_TESTING} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*

Docker/yocto/Dockerfile

@@ -0,0 +1,27 @@
+FROM ubuntu
+
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
+RUN locale-gen en_US.UTF-8
+
+# Add in non-root user
+ENV UID_OF_DOCKERUSER 1000
+RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
+RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
+
+USER dockerUser
+
+RUN cd /opt && git clone git://git.yoctoproject.org/poky
+WORKDIR /opt/poky
+
+ARG YOCTO_VERSION=kirkstone
+RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
+
+RUN git clone --single-branch --branch=${YOCTO_VERSION} https://github.com/wolfSSL/meta-wolfssl.git && \
+    /bin/bash -c "source oe-init-build-env" && \
+    echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
+    sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
+
+RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"

Docker/yocto/buildAndPush.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Assume we're in wolfssl/Docker/yocto
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+for ver in kirkstone dunfell; do
+    echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+    docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
+        docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
+    if [ $? -eq 0 ]; then
+        echo "Pushing containers to DockerHub"
+        docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
+    else
+        echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
+        ((NUM_FAILURES++))
+    fi
+done
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

IDE/ARDUINO/Arduino_README_prepend.md

@@ -0,0 +1,13 @@
+# Arduino wolfSSL Library
+
+This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
+
+The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
+
+See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
+
+## Arduino Releases
+
+The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
+
+See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

IDE/ARDUINO/README.md

@@ -1,29 +1,89 @@
-### wolfSSL with Arduino
+# wolfSSL with Arduino
 
-##### Reformatting wolfSSL as a compatible Arduino Library
-This is a shell script that will re-organize the wolfSSL library to be 
-compatible with Arduino projects. The Arduino IDE requires a library's source
-files to be in the library's root directory with a header file in the name of 
-the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL`
-directory and creates a stub header file called `wolfssl.h`.
+See the [example sketches](./sketches/README.md):
 
-Step 1: To configure wolfSSL with Arduino, enter the following from within the
-wolfssl/IDE/ARDUINO directory:
+- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
+- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
 
-        `./wolfssl-arduino.sh`
+When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
 
-Step 2: Copy the directory wolfSSL that was just created to:
-`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
+## Boards
 
-Step 3: Edit `<arduino-libraries>/wolfSSL/user_settings.h`
+Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
+and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
+
+STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
+from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started)   .
+
+```
+https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
+```
+
+## Using wolfSSL from the Arduino IDE
+
+The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
+
+This option will allow wolfSSL to be installed directly using the native Arduino tools.
+
+## Manually Reformatting wolfSSL as a Compatible Arduino Library
+
+Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be 
+compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
+for projects that use Arduino IDE 1.5.0 or newer.
+
+The Arduino IDE requires a library's source files to be in the library's root directory with a
+header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
+directory and creates a stub header file called `wolfssl.h` inside that directory.
+
+### Step 1:
+
+To configure wolfSSL with Arduino, enter ONE of the following 4 commands
+from within the `wolfssl/IDE/ARDUINO` directory:
+
+1. `./wolfssl-arduino.sh`
+    - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
+    - You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
+
+2. `./wolfssl-arduino.sh INSTALL` (The most common option)
+    - Creates an Arduino Library in the local `wolfSSL` directory
+    - Moves that directory to the Arduino library directory:
+        - `$HOME/Arduino/libraries` for most bash environments
+        - `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+    - The wolfSSL library is now available from the Arduino IDE.
+
+3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/repository`
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`. 
+     
+4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/any/other/directory`
+
+### Step 2:
+
+Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
 If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
-Add any other custom settings, for a good start see the examples in wolfssl root
-"/examples/configs/user_settings_*.h"
+Add any other custom settings. For a good start see the examples in wolfssl root
+"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)"
 
-Step 4: If you experience any issues with custom user_settings.h see the wolfssl
+### Step 3:
+
+If you experience any issues with custom `user_settings.h` see the wolfssl
 porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
 
-Step 5: If you still have any issues contact support@wolfssl.com for more help.
+If you have any issues contact support@wolfssl.com for help.
+
+# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
+
+1. In the Arduino IDE:
+
+The wolfSSL library should automatically be detected when found in the `libraries`
+directory.
+
+  - In `Sketch -> Include Library` choose wolfSSL for new sketches.
+
 
 ##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
 
@@ -32,6 +92,90 @@ Step 5: If you still have any issues contact support@wolfssl.com for more help.
         `IDE/ARDUNIO/wolfSSL` folder.
     - In `Sketch -> Include Library` choose wolfSSL.
 
-2. Open an example Arduino sketch for wolfSSL:
-	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
-	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
+##### wolfSSL Examples
+
+Open an example Arduino sketch for wolfSSL:
+
+  - wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
+
+  - wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
+
+#### Script Examples
+
+Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
+
+Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
+
+```bash
+# Change to the wolfSSL Arduino IDE directory
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+
+# remove current Arduino wolfSSL library
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
+
+# Install wolfSSL as an Arduino library
+./wolfssl-arduino.sh INSTALL
+```
+
+Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
+```
+
+Publish wolfSSL from WSL to default Windows local library.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL
+```
+
+Test the TLS server by running a local command-line client.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./examples/client/client -h 192.168.1.43 -p 11111 -v 3
+```
+
+Build wolfSSL to include wolfSSH support to an alternate development directory.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
+make
+make install
+
+```
+
+Build wolfSSH with wolfSSL not installed to default directory.
+
+```bash
+cd /mnt/c/workspace/wolfssh-$USER
+./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
+make
+./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
+```
+
+Test the current wolfSSL.
+
+```bash
+cd /mnt/c/workspace/wolfssl-arduino
+git status
+./autogen.sh
+./configure --enable-all
+make clean
+make && make test
+```
+
+Build and run `testwolfcrypt`.
+
+```bash
+./autogen.sh
+./configure --enable-all
+make clean && make && ./wolfcrypt/test/testwolfcrypt
+```

IDE/ARDUINO/include.am

@@ -3,6 +3,15 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST+= IDE/ARDUINO/README.md
+EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
+EXTRA_DIST+= IDE/ARDUINO/keywords.txt
+EXTRA_DIST+= IDE/ARDUINO/library.properties.template
+EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
+EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

IDE/ARDUINO/keywords.txt

@@ -0,0 +1,21 @@
+# Syntax Coloring Map For wolfSSL
+# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
+#
+# Be sure to use tabs, not spaces. This might help:
+#  tr ' ' '\t' < keywords1.txt > keywords.txt
+
+#=============================================
+#	Datatypes	(KEYWORD1)
+#=============================================
+
+
+#=============================================
+#	Methods	and	Functions	(KEYWORD2)
+#=============================================
+wolfSSL_SetIORecv	KEYWORD1
+
+#=============================================
+#	Instances	(KEYWORD2)
+#=============================================
+ctx	KEYWORD2
+

IDE/ARDUINO/library.properties.template

@@ -0,0 +1,9 @@
+name=wolfssl
+version=${WOLFSSL_VERSION}${WOLFSSL_VERSION_ARUINO_SUFFIX}
+author=wolfSSL Inc.
+maintainer=wolfSSL inc <support@wolfssl.com>
+sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
+paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
+category=Communication
+url=https://www.wolfssl.com/
+architectures=*

IDE/ARDUINO/sketches/README.md

@@ -0,0 +1,12 @@
+# wolfSSL Arduino Examples
+
+There are currently two example Arduino sketches:
+
+* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
+* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
+
+Examples have been most recently confirmed operational on the
+[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).

IDE/ARDUINO/sketches/wolfssl_client/README.md

@@ -0,0 +1,22 @@
+# Arduino Basic TLS Listening Client
+
+Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino
+cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```

IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino

@@ -19,141 +19,876 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/*
+Tested with:
+
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo
+
+2) Espressif ESP32 WiFi
+
+3) Arduino Due, Nano33 IoT, Nano RP-2040
+*/
+
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 0
+
+/* Edit this with your other TLS host server address to connect to: */
+#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+#define WOLFSSL_CLIENT_EXAMPLE
+/* #define WOLFSSL_SERVER_EXAMPLE */
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
+#endif
+
+#define BROADCAST_ADDRESS "255.255.255.255"
+
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif
 
 #include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
 #include <wolfssl/ssl.h>
-#include <Ethernet.h>
+#include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
-const char host[] = "192.168.1.148"; /* server to connect to */
-const int port = 11111; /* port on server to connect to */
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
+#endif
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
-int reconnect = 10;
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x
 
-EthernetClient client;
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;
 
-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;
 
-void setup() {
-  WOLFSSL_METHOD* method;
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;
 
-  Serial.begin(9600);
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;
 
-  method = wolfTLSv1_2_client_method();
-  if (method == NULL) {
-    Serial.println("unable to get method");
-    return;
-  }
-  ctx = wolfSSL_CTX_new(method);
-  if (ctx == NULL) {
-    Serial.println("unable to get ctx");
-    return;
-  }
-  /* initialize wolfSSL using callback functions */
-  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-  wolfSSL_SetIOSend(ctx, EthernetSend);
-  wolfSSL_SetIORecv(ctx, EthernetReceive);
-  
-  return;
-}
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
-  int sent = 0;
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;
 
-  sent = client.write((byte*)msg, sz);
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;
 
-  return sent;
-}
+#endif
 
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-  int ret = 0;
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif
 
-  while (client.available() > 0 && ret < sz) {
-    reply[ret++] = client.read();
-  }
+static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
+static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
 
-  return ret;
-}
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];
 
-void loop() {
-  int err            = 0;
-  int input          = 0;
-  int total_input    = 0;
-  char msg[32]       = "hello wolfssl!";
-  int msgSz          = (int)strlen(msg);
-  char errBuf[80];
-  char reply[80];
-  const char* cipherName;
-    
-  if (reconnect) {
-    reconnect--;
-    
-    if (client.connect(host, port)) {
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif
 
-      Serial.print("Connected to ");
-      Serial.println(host);
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */
 
-      ssl = wolfSSL_new(ctx);
-      if (ssl == NULL) {
-        Serial.println("Unable to allocate SSL object");
-        return;
-      }
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif
 
-      err = wolfSSL_connect(ssl);
-      if (err != WOLFSSL_SUCCESS) {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Connect Error: ");
-        Serial.println(errBuf);
-      }
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();
 
-      Serial.print("SSL version is ");
-      Serial.println(wolfSSL_get_version(ssl));
-      
-      cipherName = wolfSSL_get_cipher(ssl);
-      Serial.print("SSL cipher suite is ");
-      Serial.println(cipherName);
-
-      if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
-        
-        Serial.print("Server response: ");
-        /* wait for data */
-        while (!client.available()) {}
-        /* read data */
-        while (wolfSSL_pending(ssl)) {
-          input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-          total_input += input;
-          if (input < 0) {
-            err = wolfSSL_get_error(ssl, 0);
-            wolfSSL_ERR_error_string(err, errBuf);
-            Serial.print("TLS Read Error: ");
-            Serial.println(errBuf);
-            break;
-          } else if (input > 0) {
-            reply[input] = '\0';
-            Serial.print(reply);
-          } else {
-            Serial.println();
-          }
-        } 
-      } else {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Write Error: ");
-        Serial.println(errBuf);
-      }
-      
-      wolfSSL_shutdown(ssl);
-      wolfSSL_free(ssl);
-
-      client.stop();
-      Serial.println("Connection complete.");
-      reconnect = 0;
-    } else {
-      Serial.println("Trying to reconnect...");
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
     }
-  }
-  delay(1000);
+    return 0;
 }
+
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();
+
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif
+
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
+
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
+
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
+}
+
+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
+    int sent = 0;
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
+    return sent;
+}
+
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
+    int ret = 0;
+    (void)ssl;
+    (void)ctx;
+
+    while (client.available() > 0 && ret < sz) {
+        reply[ret++] = client.read();
+    }
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;
+
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
+
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
+
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
+
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
+
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
+
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
+            }
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
+
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Client IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    Serial.print(F("   Configured Server Host to connect to: "));
+    Serial.println(host);
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
+    WOLFSSL_METHOD* method;
+
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_client_method();
+    if (method == NULL) {
+        Serial.println(F("unable to get wolfssl client method"));
+        fail_wait();
+    }
+    ctx = wolfSSL_CTX_new(method);
+    if (ctx == NULL) {
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
+    }
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_CLIENT_CERT,
+                                             CTX_CLIENT_CERT_SIZE,
+                                             CTX_CLIENT_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private client key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_CLIENT_KEY,
+                                            CTX_CLIENT_KEY_SIZE,
+                                            CTX_CLIENT_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    ret = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         CTX_CA_CERT,
+                                         CTX_CA_CERT_SIZE,
+                                         CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println(F("Success: load_verify CTX_CA_CERT"));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Client Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
+    wolfSSL_SetIOSend(ctx, EthernetSend);
+    wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+    Serial.println(F("Completed Arduino setup!"));
+    /* See companion wolfssl_server.ino code; server begins listening here
+     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
+     * Any other server will work. See also:
+     * https://github.com/wolfSSL/wolfssl/tree/master/examples/client
+     */
+    /* See companion wolfssl_server.ino code */
+    return;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
+    int ret = 0;
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    show_memory();
+
+    return ret;
+} /* error_check */
+
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;
+
+    if (ssl == NULL) {
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
+        }
+        else {
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
+    }
+
+    return err;
+}
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
+void loop() {
+    char reply[80];
+    char msg[32]       = "hello wolfssl!";
+    const char* cipherName;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int total_input    = 0;
+    int msgSz          = 0;
+    int input          = 0;
+    int ret            = 0;
+    int err            = 0;
+    msgSz = (int)strlen(msg);
+    Serial.println(F(""));
+    Serial.println(F("Starting Arduino loop() ..."));
+
+    if (reconnect) {
+        reconnect--;
+        /* WiFi client returns true if connection succeeds, false if not.  */
+        /* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
+        Serial.print(F("Connecting to "));
+        Serial.print(host);
+        Serial.print(F(":"));
+        Serial.println(port);
+        /* can also use: IPAddress server(192,168,1,37); */
+        Serial.println(F("Here we go..."));
+        ret = client.connect(host, port);
+        Serial.println(F("Ok, checking..."));
+        if (ret > 0) {
+            Serial.println(F("Connected!"));
+
+            /* initialize wolfSSL */
+            ret = wolfSSL_Init();
+            error_check(ret, false, F("calling wolfSSL_Init") );
+
+            /* create secure connection object. see setup for ctx certs. */
+            Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
+            ssl = wolfSSL_new(ctx);
+            error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
+
+            Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
+            do {
+                err = 0; /* reset error */
+                Serial.println(F("wolfSSL_connect ..."));
+                ret = wolfSSL_connect(ssl);
+                Serial.print("wolfSSL_connect return result =");
+                Serial.println(ret);
+                if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
+                    Serial.println(F("Failed connection, checking error."));
+                    err = error_check_ssl(ssl, ret, true,
+                                    F("Create WOLFSSL object from ctx"));
+                    Serial.print("err =");
+                    Serial.println(err);
+                }
+                else {
+                   Serial.print(PROGRESS_DOT);
+                }
+            } while (err == WC_PENDING_E);
+
+            Serial.println();
+            Serial.println(F("Connected!"));
+            Serial.print(F("SSL version is "));
+            Serial.println(wolfSSL_get_version(ssl));
+
+            cipherName = wolfSSL_get_cipher(ssl);
+            Serial.print(F("SSL cipher suite is "));
+            Serial.println(cipherName);
+
+            /* see test.h
+             * TODO: test.h needs a little bit of Arduino work for these:
+            showPeerEx(ssl, lng_index);
+            showPeerPEM(ssl);
+            */
+
+            Serial.print(F("Sending secure message to server: "));
+            Serial.println(msg);
+            ret = wolfSSL_write(ssl, msg, msgSz);
+            if (ret == msgSz) {
+                Serial.print(F("Waiting for Server response..."));
+
+                while (!client.available()) {
+                    /* wait for data */
+                    delay(1); /* 1 ms delay */
+                }
+
+                Serial.print(F("Reading response.."));
+                /* read data */
+                do {
+                    ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+                    if (ret < 0) {
+                        error_check_ssl(ssl, ret, false,
+                                        F("during TLS Read"));
+                    }
+                    else {
+                        Serial.print(PROGRESS_DOT);
+                    }
+                } while (err == WC_PENDING_E);
+                Serial.println();
+
+                Serial.println();
+                Serial.println(reply); /* typically: I hear you fa shizzle! */
+                Serial.println();
+
+            } /* wolfSSL_write message size matched */
+            else {
+                error_check_ssl(ssl, ret, false,
+                    F("during TLS Write"));
+            }  /* any wolfSSL_write message size mismatch is an error */
+
+            Serial.print(F("Shutting down.."));
+            do {
+                delay(1);
+                Serial.print(PROGRESS_DOT);
+                retry_shutdown--;
+                ret = wolfSSL_shutdown(ssl);
+            } while (   (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
+                     && (retry_shutdown > 0)
+                    ); /* There may be pending data, so wait until done. */
+            Serial.println();
+
+            if (retry_shutdown <= 0) {
+                /* if wolfSSL_free is called before properly shutting down the
+                 * ssl object, undesired results may occur. */
+                Serial.println(F("Warning! Shutdown did not properly complete."));
+            }
+
+            wolfSSL_free(ssl);
+            client.stop();
+            Serial.println(F("Connection complete."));
+            if (REPEAT_CONNECTION) {
+                reconnect = RECONNECT_ATTEMPTS;
+            }
+            else {
+                reconnect = 0;
+            }
+        } /* client.connect(host, port) */
+        else {
+            Serial.println(F("Problem sending message. Trying to reconnect..."));
+        }
+    }
+    delay(1000);
+    if ((reconnect > 0) && (REPEAT_CONNECTION)) {
+        Serial.println(F("Arduino loop repeating..."));
+        Serial.println();
+    }
+    else {
+        printf("wow");
+        Serial.println(F("Done!"));
+        while(1) {
+            /* wait forever */
+        }
+    }
+
+#if defined(MEMORY_STRESS_TEST)
+    if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
+        /* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
+        mem_ctr++;
+        Serial.print(F("Memory stress increment: "));
+        Serial.print(mem_ctr);
+        Serial.print(F(". Allocating addition memory (bytes): "));
+        Serial.println(MEMORY_STRESS_BLOCK_SIZE);
+        memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
+        show_memory();
+    }
+#endif
+} /* Arduino loop repeats */

IDE/ARDUINO/sketches/wolfssl_server/README.md

@@ -0,0 +1,134 @@
+# Arduino Basic TLS Server
+
+Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+## Connect with an Arduino Sketch
+
+See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino). 
+
+## Connect with Linux Client
+
+See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
+and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
+
+Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`,
+connect with the `client` executable:
+
+```
+./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+```
+
+## wolfSSL Error -308 wolfSSL_connect error state on socket
+
+When using a wired Ethernet connection, and this error is encountered, simply
+press the reset button or power cycle the Arduino before making a connection.
+
+Here's one possible script to test the server from a command-line client:
+
+```bash
+#!/bin/bash
+echo "client log " > client_log.txt
+counter=1
+THIS_ERR=0
+while [ $THIS_ERR -eq 0 ]; do
+    ./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt
+
+    THIS_ERR=$?
+    if [ $? -ne 0 ]; then
+        echo "Failed!"
+        exit 1
+    fi
+    echo "Iteration $counter"
+    echo "Iteration $counter" >> client_log.txt
+    ((counter++))
+done
+```
+
+Output expected from the `client` command:
+
+```
+$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+Alternate cert chain used
+ issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ altname = example.com
+ altname = 127.0.0.1
+ serial number:01
+SSL version is TLSv1.2
+SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256
+SSL curve name is SECP256R1
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
+MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
+BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
+M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
+DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
+hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
+vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
+i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
+JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
+W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
+DMa5hrjJBMNRN9JP
+-----END CERTIFICATE-----
+Session timeout set to 500 seconds
+Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31
+    Session-ID-ctx:
+    Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F
+    TLS session ticket: NONE
+    Start Time: 1705533296
+    Timeout   : 500 (sec)
+    Extended master secret: no
+I hear you fa shizzle!
+```
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this:
+
+```text
+c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr'
+collect2.exe: error: ld returned 1 exit status
+
+exit status 1
+
+Compilation error: exit status 1
+```
+
+Try cleaning the Arduino cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```
+
+Remove all other boards from other serial ports, leaving one the one being programmed.

IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino

@@ -19,161 +19,820 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/*
+Tested with:
 
-#include <wolfssl.h>
-#include <wolfssl/ssl.h>
-#include <Ethernet.h>
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo
 
-#define USE_CERT_BUFFERS_256
-#include <wolfssl/certs_test.h>
+2) Espressif ESP32 WiFi
 
-#ifdef NO_WOLFSSL_SERVER
-  #error Please undefine NO_WOLFSSL_SERVER for this example
+3) Arduino Due, Nano33 IoT, Nano RP-2040
+*/
+
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 1
+
+/* Edit this with your other TLS host server address to connect to: */
+/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+/* #define WOLFSSL_CLIENT_EXAMPLE */
+#define WOLFSSL_SERVER_EXAMPLE
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
 #endif
 
-const int port = 11111; /* port to listen on */
+#define BROADCAST_ADDRESS "255.255.255.255"
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif
 
-EthernetServer server(port);
-EthernetClient client;
+#include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
+#include <wolfssl/ssl.h>
+#include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
+#endif
 
-void setup() {
-  int err;
-  WOLFSSL_METHOD* method;
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x
 
-  Serial.begin(9600);
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;
+    EthernetClient server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#endif
 
-  method = wolfTLSv1_2_server_method();
-  if (method == NULL) {
-    Serial.println("unable to get method");
-    return;
-  }
-  ctx = wolfSSL_CTX_new(method);
-  if (ctx == NULL) {
-    Serial.println("unable to get ctx");
-    return;
-  }
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif
 
-  /* initialize wolfSSL using callback functions */
-  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-  wolfSSL_SetIOSend(ctx, EthernetSend);
-  wolfSSL_SetIORecv(ctx, EthernetReceive);
 
-  /* setup the private key and certificate */
-  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
-    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting key");
-    return;
-  }
-  err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, 
-    sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting certificate");
-    return;
-  }
+/* we expect our IP address from DHCP */
 
-  /* Start the server */
-  server.begin();
-  
-  return;
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];
+
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif
+
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */
+
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif
+
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();
+
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
+    }
+    return 0;
 }
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
-  int sent = 0;
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();
 
-  sent = client.write((byte*)msg, sz);
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif
 
-  return sent;
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
+
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
+
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
 }
 
+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
+    int sent = 0;
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
+    return sent;
+}
+
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-  int ret = 0;
+    int ret = 0;
+    (void)ssl;
+    (void)ctx;
 
-  while (client.available() > 0 && ret < sz) {
-    reply[ret++] = client.read();
-  }
-
-  return ret;
+    while (client.available() > 0 && ret < sz) {
+        reply[ret++] = client.read();
+    }
+    return ret;
 }
 
-void loop() {
-  int err = 0;
-  int input = 0;
-  char errBuf[80];
-  char reply[80];
-  int replySz = 0;
-  const char* cipherName;
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;
 
-  /* Listen for incoming client requests. */
-  client = server.available();
-  if (!client) {
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
+
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
+
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
+
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
+
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
+
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
+            }
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
+
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Server IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    /* In server mode, there's no host definition. */
+    /* See companion example: wolfssl_client.ino */
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
+    WOLFSSL_METHOD* method;
+
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_server_method();
+    if (method == NULL) {
+        Serial.println(F("unable to get wolfssl server method"));
+        fail_wait();
+    }
+    ctx = wolfSSL_CTX_new(method);
+    if (ctx == NULL) {
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
+    }
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_SERVER_CERT,
+                                             CTX_SERVER_CERT_SIZE,
+                                             CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private server key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_SERVER_KEY,
+                                            CTX_SERVER_KEY_SIZE,
+                                            CTX_SERVER_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Server Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
+    wolfSSL_SetIOSend(ctx, EthernetSend);
+    wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+#if defined THIS_USER_SETTINGS_VERSION
+    Serial.print(F("This user_settings.h version:"))
+    Serial.println(THIS_USER_SETTINGS_VERSION)
+#endif
+
+    /* Start the server
+     * See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
+     */
+
+    Serial.println(F("Completed Arduino setup()"));
+
+    server.begin();
+    Serial.println("Begin Server... (waiting for remote client to connect)");
+
+    /* See companion wolfssl_client.ino code */
     return;
-  }
+} /* Arduino setup */
 
-  if (client.connected()) {
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
+    int ret = 0;
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    show_memory();
 
-    Serial.println("Client connected");
+    return ret;
+} /* error_check */
+
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;
 
-    ssl = wolfSSL_new(ctx);
     if (ssl == NULL) {
-      Serial.println("Unable to allocate SSL object");
-      return;
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
+        }
+        else {
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
     }
 
-    err = wolfSSL_accept(ssl);
-    if (err != WOLFSSL_SUCCESS) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Accept Error: ");
-      Serial.println(errBuf);
-    }
-
-    Serial.print("SSL version is ");
-    Serial.println(wolfSSL_get_version(ssl));
-    
-    cipherName = wolfSSL_get_cipher(ssl);
-    Serial.print("SSL cipher suite is ");
-    Serial.println(cipherName);
-
-    Serial.print("Server Read: ");
-    /* wait for data */
-    while (!client.available()) {}
-    /* read data */
-    while (wolfSSL_pending(ssl)) {
-      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-      if (input < 0) {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Read Error: ");
-        Serial.println(errBuf);
-        break;
-      } else if (input > 0) {
-        replySz = input;
-        reply[input] = '\0';
-        Serial.print(reply);
-      } else {
-        Serial.println();
-      }
-    }
-
-    /* echo data */
-    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Write Error: ");
-      Serial.println(errBuf);
-    }
-    
-    wolfSSL_shutdown(ssl);
-    wolfSSL_free(ssl);
-  }
-
-  client.stop();
-  Serial.println("Connection complete");
+    return err;
 }
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
+void loop() {
+    char errBuf[80]    = "(no error";
+    char reply[80]     = "(no reply)";
+    const char msg[]   = "I hear you fa shizzle!";
+    const char* cipherName;
+    int input          = 0;
+    int replySz        = 0;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int ret            = 0;
+    IPAddress broadcast_address(255, 255, 255, 255);
+
+    /* Listen for incoming client requests. */
+    client = server.available();
+    if (client)  {
+       Serial.println("Have Client");
+       while (!client.connected()) {
+           /* wait for the client to actually connect */
+           delay(10);
+       }
+        Serial.print("Client connected from remote IP: ");
+        Serial.println(client.remoteIP());
+
+        ssl = wolfSSL_new(ctx);
+        if (ssl == NULL) {
+            Serial.println("Unable to allocate SSL object");
+            fail_wait();
+        }
+
+        ret = wolfSSL_accept(ssl);
+        if (ret != WOLFSSL_SUCCESS) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Accept Error: ");
+            Serial.println(errBuf);
+        }
+
+        cipherName = wolfSSL_get_cipher(ssl);
+        Serial.print("SSL cipher suite is ");
+        Serial.println(cipherName);
+
+        Serial.print("Server Read: ");
+        while (!client.available()) {
+            /* wait for data */
+        }
+
+        /* read data */
+        while (wolfSSL_pending(ssl)) {
+            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+            if (input < 0) {
+                ret = wolfSSL_get_error(ssl, 0);
+                wolfSSL_ERR_error_string(ret, errBuf);
+                Serial.print("TLS Read Error: ");
+                Serial.println(errBuf);
+                break;
+            }
+            else if (input > 0) {
+                replySz = input;
+                reply[input] = '\0';
+                Serial.print(reply);
+            }
+            else {
+                Serial.println("<end of reply, input == 0>");
+            }
+        }
+
+        /* Write our message into reply buffer to send */
+        memset(reply, 0, sizeof(reply));
+        memcpy(reply, msg, sizeof(msg));
+        replySz = strnlen(reply, sizeof(reply));
+
+        Serial.println("Sending reply...");
+        if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Write Error: ");
+            Serial.println(errBuf);
+        }
+        else {
+            Serial.println("Reply sent!");
+        }
+
+        Serial.println("Shutdown!");
+        do {
+            delay(1);
+            retry_shutdown--;
+            ret = wolfSSL_shutdown(ssl);
+        } while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
+
+        if (retry_shutdown <= 0) {
+            /* if wolfSSL_free is called before properly shutting down the
+             * ssl object, undesired results may occur. */
+            Serial.println("Warning! Shutdown did not properly complete.");
+        }
+
+        wolfSSL_free(ssl);
+        Serial.println("Connection complete.");
+        if (REPEAT_CONNECTION) {
+            Serial.println();
+            Serial.println("Waiting for next connection.");
+        }
+        else {
+            client.stop();
+            Serial.println("Done!");
+            while (1) {
+                /* wait forever if not repeating */
+                delay(100);
+            }
+        }
+    }
+    else {
+        /* Serial.println("Client not connected. Trying again..."); */
+    }
+
+    delay(100);
+} /* Arduino loop repeats */

IDE/ARDUINO/sketches/wolfssl_version/README.md

@@ -0,0 +1,3 @@
+# Arduino Basic Hello World
+
+This example simply compiles in wolfSSL and shows the current version number.

IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino

@@ -0,0 +1,24 @@
+#include <Arduino.h>
+#include <wolfssl.h>
+#include <wolfssl/version.h>
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* Arduino setup */
+void setup() {
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial) {
+        /* wait for serial port to connect. Needed for native USB port only */
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL setup complete!"));
+}
+
+/* Arduino main application loop. */
+void loop() {
+    Serial.print("wolfSSL Version: ");
+    Serial.println(LIBWOLFSSL_VERSION_STRING);
+    delay(60000);
+}

IDE/ARDUINO/wolfssl-arduino.sh

@@ -2,89 +2,323 @@
 
 # this script will reformat the wolfSSL source code to be compatible with
 # an Arduino project
-# run as bash ./wolfssl-arduino.sh
+# run as bash ./wolfssl-arduino.sh [INSTALL] [path]
+#
+# ./wolfssl-arduino.sh
+# The default is to install to a local wolfSSL directory (`ROOT_DIR`).
+# If successfully built, and the INSTALL option is used, tis directory
+# is then moved to the target.
+#
+# ./wolfssl-arduino.sh INSTALL
+# Creates a local wolfSSL directory and then moves it to the ARDUINO_ROOT
+#
+# ./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER
+# Updates the Arduino-wolfSSL fork for $USER to refresh versions.
+#
+# To ensure a pristine build, the directory must not exist.
+#
+# Reminder there's typically no $USER for GitHub actions, but:
+# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+#
+# The company name is "wolfSSL Inc."; There’s a space, no comma, and a period after "Inc."
+# The Arduino library name is "wolfssl" (all lower case)
+# The Arduino library directory name is "wolfssl" (all lower case)
+# The Arduino library include file is "wolfssl.h" (all lower case)
+# The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
+# See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
+ROOT_DIR="/wolfssl"
 
-DIR=${PWD##*/}
+# The Arduino Version will initially have a suffix appended during fine tuning stage.
+WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3"
 
-space(){
-    echo "" >> "$1"
-}
+# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
+# Do not set to empty string, as copy will fail with this: CP_CMD=""
+# CP_CMD="cp -v "
+CP_CMD="cp "
 
-if [ "$DIR" = "ARDUINO" ]; then
-	if [ ! -d "wolfSSL" ]; then
-	    mkdir wolfSSL
+# Specify the executable shell checker you want to use:
+MY_SHELLCHECK="shellcheck"
+
+# There are special circumstances to publish to GitHub repository.
+# Typically: https://github.com/wolfSSL/Arduino-wolfSSL
+#
+# Unlike a local Arduino library that requires a clean directory,
+# we'll allow extra files, overwrites, etc.
+#
+# Note in all cases, the local IDE/ARDUINO/wolfssl must be empty.
+THIS_INSTALL_IS_GITHUB="false"
+
+# Check if the executable is available in the PATH
+if command -v "$MY_SHELLCHECK" >/dev/null 2>&1; then
+    # Run your command here
+    shellcheck "$0" || exit 1
+else
+    echo "$MY_SHELLCHECK is not installed. Please install it if changes to this script have been made."
+fi
+
+if ! [ "$CP_CMD" = "cp " ]; then
+    if [ "$CP_CMD" = "cp -v" ]; then
+        echo "Copy verbose mode"
+    else
+        echo "ERROR: Copy mode not supported: $CP_CMD"
+        exit 1
+    fi
+fi
+
+# Check environment
+if [ -n "$WSL_DISTRO_NAME" ]; then
+    # we found a non-blank WSL environment distro name
+    current_path="$(pwd)"
+    pattern="/mnt/?"
+    if echo "$current_path" | grep -Eq "^$pattern"; then
+        # if we are in WSL and shared Windows file system, 'ln' does not work.
+        ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+    else
+        ARDUINO_ROOT="$HOME/Arduino/libraries"
+    fi
+fi
+echo "The Arduino library root is: $ARDUINO_ROOT"
+
+if [ $# -gt 0 ]; then
+    THIS_OPERATION="$1"
+    if [ "$THIS_OPERATION" = "INSTALL" ]; then
+        THIS_INSTALL_DIR=$2
+
+        echo "Install is active."
+
+        if [ "$THIS_INSTALL_DIR" = "" ]; then
+            if [ -d "$ARDUINO_ROOT$ROOT_DIR" ]; then
+                echo "Error: the installation directory already exists: $ARDUINO_ROOT$ROOT_DIR"
+                echo "A new directory needs to be created to ensure there are no stray files"
+                echo "Please delete or move the directory and try again."
+                exit 1
+            fi
+        else
+            echo "Installing to $THIS_INSTALL_DIR"
+            if [ -d "$THIS_INSTALL_DIR/.git" ];then
+                echo "Target is a GitHub repository."
+                THIS_INSTALL_IS_GITHUB="true"
+            else
+                echo "Target is NOT a GitHub repository."
+            fi
+        fi
+    else
+        echo "Error: not a valid operation: $THIS_OPERATION"
+        exit 1
+    fi
+fi
+
+
+ROOT_SRC_DIR="${ROOT_DIR}/src"
+EXAMPLES_DIR="${ROOT_DIR}/examples"
+WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
+WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
+WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
+WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src"
+WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt"
+OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl"
+
+
+# TOP indicates the file directory for top level of the wolfssl repository.
+TOP_DIR="../.."
+WOLFSSL_SRC_TOP="${TOP_DIR}/src"
+WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl"
+WOLFCRYPT_ROOT_TOP="${TOP_DIR}/wolfcrypt"
+WOLFCRYPT_SRC_TOP="${WOLFCRYPT_ROOT_TOP}/src"
+WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt"
+OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
+
+
+WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
+if [ "$WOLFSSL_VERSION" = "" ]; then
+    echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
+    exit 1
+else
+    echo "Found wolfSSL version $WOLFSSL_VERSION"
+    echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
+fi
+echo ""
+
+THIS_DIR=${PWD##*/}
+
+if [ "$THIS_DIR" = "ARDUINO" ]; then
+    # mkdir ./wolfssl
+    if [ -d ".${ROOT_DIR}" ]; then
+        echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
+        exit 1
+    else
+        echo "Step 01: mkdir .${ROOT_DIR}"
+        mkdir ."${ROOT_DIR}"
     fi
 
-    cp ../../src/*.c ./wolfSSL
-    cp ../../wolfcrypt/src/*.c ./wolfSSL
+    # mkdir ./wolfssl/src
+    if [ ! -d ".${ROOT_SRC_DIR}" ]; then
+        echo "Step 02: mkdir .${ROOT_SRC_DIR}"
+        mkdir ."${ROOT_SRC_DIR}"
+    fi
 
-    if [ ! -d "wolfSSL/wolfssl" ]; then
-	    mkdir wolfSSL/wolfssl
+    # mkdir ./wolfssl/src/wolfssl
+    if [ ! -d ".${WOLFSSL_HEADERS}" ]; then
+        echo "Step 03: mkdir .${WOLFSSL_HEADERS}"
+        mkdir ."${WOLFSSL_HEADERS}"
     fi
-    cp ../../wolfssl/*.h ./wolfSSL/wolfssl
-    if [ ! -d "wolfSSL/wolfssl/wolfcrypt" ]; then
-        mkdir wolfSSL/wolfssl/wolfcrypt
-    fi
-    cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt
 
-    # support misc.c as include in wolfcrypt/src
-    if [ ! -d "./wolfSSL/wolfcrypt" ]; then
-        mkdir ./wolfSSL/wolfcrypt
+    #  cp ../../wolfssl/*.h  ./wolfssl/src/wolfssl
+    echo "Step 04: cp    ${WOLFSSL_HEADERS_TOP}/*.h              .${WOLFSSL_HEADERS}"
+    $CP_CMD "${WOLFSSL_HEADERS_TOP}"/*.h ."${WOLFSSL_HEADERS}"
+    if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then
+        #  mkdir ./wolfssl/src/wolfssl/wolfcrypt
+        echo "Step 05: mkdir .${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}/port"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/atmel"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/Espressif"
     fi
-    if [ ! -d "./wolfSSL/wolfcrypt/src" ]; then
-        mkdir ./wolfSSL/wolfcrypt/src
-    fi
-    cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src
-    cp ../../wolfcrypt/src/asm.c  ./wolfSSL/wolfcrypt/src
 
+    # cp  ../../wolfssl/wolfcrypt/*.h  ./wolfssl/src/wolfssl/wolfcrypt
+    echo "Step 06: cp    ${WOLFCRYPT_HEADERS_TOP}/*.h    .${WOLFCRYPT_HEADERS}"
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/*.h                ."${WOLFCRYPT_HEADERS}"                 || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/atmel/*.h     ."${WOLFCRYPT_HEADERS}/port/atmel"      || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/Espressif/*.h ."${WOLFCRYPT_HEADERS}/port/Espressif"  || exit 1
+
+    # Add in source files to wolfcrypt/src
+    if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then
+        # mkdir ./wolfssl/src/wolfcrypt
+        echo "Step 07: mkdir .${WOLFCRYPT_ROOT}"
+        mkdir ."${WOLFCRYPT_ROOT}"
+    fi
+
+    # mkdir ./wolfssl/src/wolfcrypt/src
+    if [ ! -d ".${WOLFCRYPT_SRC}" ]; then
+        echo "Step 08: mkdir .${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"/port
+        mkdir ."${WOLFCRYPT_SRC}"/port/atmel
+        mkdir ."${WOLFCRYPT_SRC}"/port/Espressif
+    fi
+
+    # cp  ../../wolfcrypt/src/*.c  ./wolfssl/src/wolfcrypt/src
+    echo "Step 09: cp    ${WOLFCRYPT_SRC_TOP}/*.c        .${WOLFCRYPT_SRC}"
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/*.c                  ."${WOLFCRYPT_SRC}"                || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/atmel/*.c       ."${WOLFCRYPT_SRC}"/port/atmel     || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/Espressif/*.c   ."${WOLFCRYPT_SRC}"/port/Espressif || exit 1
+
+    # Add in source files to top level src folders
+    if [ ! -d ".${WOLFSSL_SRC}" ]; then
+        # mkdir ./wolfssl/src/src
+        echo "Step 10: mkdir .${WOLFSSL_SRC}"
+        mkdir ."${WOLFSSL_SRC}"
+    fi
+    $CP_CMD "${WOLFSSL_SRC_TOP}"/*.c ."${WOLFSSL_SRC}"                                        || exit 1
     # put bio and evp as includes
-    mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
-	mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
+    $CP_CMD ."${WOLFSSL_SRC}"/bio.c   ."${WOLFSSL_HEADERS}"                                   || exit 1
+    $CP_CMD ."${WOLFCRYPT_SRC}"/evp.c ."${WOLFSSL_HEADERS}"                                   || exit 1
 
     # make a copy of evp.c and bio.c for ssl.c to include inline
-    cp ./wolfSSL/wolfssl/evp.c ./wolfSSL/wolfcrypt/src/evp.c
-    cp ./wolfSSL/wolfssl/bio.c ./wolfSSL/wolfcrypt/src/bio.c
-    
+    $CP_CMD ."${WOLFSSL_HEADERS}"/evp.c ."${WOLFCRYPT_SRC}"/evp.c                             || exit 1
+    $CP_CMD ."${WOLFSSL_HEADERS}"/bio.c ."${WOLFCRYPT_SRC}"/bio.c                             || exit 1
+
     # copy openssl compatibility headers to their appropriate location
-    if [ ! -d "./wolfSSL/wolfssl/openssl" ]; then
-        mkdir ./wolfSSL/wolfssl/openssl
+    if [ ! -d ".${OPENSSL_DIR}" ]; then
+        mkdir ."${OPENSSL_DIR}"
     fi
-    cp ../../wolfssl/openssl/* ./wolfSSL/wolfssl/openssl
+    $CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}"                                          || exit 1
 
-    echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h
-    echo "#include <user_settings.h>" >> ./wolfSSL/wolfssl.h
-    echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
-    echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h
+    # Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
+    $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
 
-    if [ ! -f "./wolfSSL/user_settings.h" ]; then
-        echo "/* Generated wolfSSL user_settings.h file for Arduino */" > ./wolfSSL/user_settings.h
-        echo "#ifndef ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
-        echo "#define ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
-        space ./wolfSSL/user_settings.h
-        echo "/* Platform */" >> ./wolfSSL/user_settings.h
-        echo "#define WOLFSSL_ARDUINO" >> ./wolfSSL/user_settings.h
-        space ./wolfSSL/user_settings.h
-        echo "/* Math library (remove this to use normal math)*/" >>  ./wolfSSL/user_settings.h
-        echo "#define USE_FAST_MATH" >> ./wolfSSL/user_settings.h
-        echo "#define TFM_NO_ASM" >> ./wolfSSL/user_settings.h
-        space ./wolfSSL/user_settings.h
-        echo "/* RNG DEFAULT !!FOR TESTING ONLY!! */" >>  ./wolfSSL/user_settings.h
-        echo "/* comment out the error below to get started w/ bad entropy source" >>  ./wolfSSL/user_settings.h
-        echo " * This will need fixed before distribution but is OK to test with */" >>  ./wolfSSL/user_settings.h
-        echo "#error \"needs solved, see: https://www.wolfssl.com/docs/porting-guide/\"" >>  ./wolfSSL/user_settings.h
-        echo "#define WOLFSSL_GENSEED_FORTEST" >> ./wolfSSL/user_settings.h
-        space ./wolfSSL/user_settings.h
-        echo "#endif /* ARDUINO_USER_SETTINGS_H */" >> ./wolfSSL/user_settings.h
-    fi
+    echo "Copy examples...."
+    # Copy examples
+    mkdir -p ".${ROOT_SRC_DIR}"/examples
 
-    cp wolfSSL/wolfssl/wolfcrypt/settings.h wolfSSL/wolfssl/wolfcrypt/settings.h.bak
-    echo " /* wolfSSL Generated ARDUINO settings */" > ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo "#ifndef WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo "    #define WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo "#endif /* WOLFSSL_USER_SETTINGS */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo " /* wolfSSL Generated ARDUINO settings: END */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    cat ./wolfSSL/wolfssl/wolfcrypt/settings.h.bak >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
+    echo "Copy wolfssl_client example...."
+    mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
+    $CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_client/README.md          ".${EXAMPLES_DIR}"/wolfssl_client/README.md          || exit 1
 
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_server
+    $CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_server/README.md          ".${EXAMPLES_DIR}"/wolfssl_server/README.md          || exit 1
+
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_version
+    $CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_version/README.md           ".${EXAMPLES_DIR}"/wolfssl_version/README.md           || exit 1
 else
     echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
+    exit 1
 fi
+
+# At this point, the library is complete, but we need some additional files.
+#
+# optional diagnostics:
+# echo ".${ROOT_DIR}"
+# echo "${TOP_DIR}"
+# echo "cp ${TOP_DIR}/README.md     .${ROOT_DIR}/"
+
+# Replace the `${WOLFSSL_VERSION}` text in Arduino_README_prepend.md,
+# saving it to a .tmp file. Prepend that file to the wolfSSL README.md
+# file as PREPENDED_README.md, then copy that to the publish directory
+# as an Arduino-specific README.md file.
+VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
+ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+PREPEND_FILE="Arduino_README_prepend.md"
+PROPERTIES_FILE_TEMPLATE="library.properties.template"
+sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
+cat "$PREPEND_FILE.tmp" ${TOP_DIR}/README.md > PREPENDED_README.md
+
+# Here we'll insert the wolfSSL version into the `library.properties.tmp` file, along with an Arduino version suffix.
+# The result should be something like version=5.6.6.Arduino.1 (for the 1st incremental version on top of 5.6.6)
+sed            s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/                              "$PROPERTIES_FILE_TEMPLATE" > "library.properties.tmp"
+sed -i.backup  s/"$ARDUINO_VERSION_SUFFIX_PLACEHOLDER"/"$WOLFSSL_VERSION_ARUINO_SUFFIX"/ "library.properties.tmp"
+
+# cat library.properties.tmp
+# echo "${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+
+echo "Step 11: Final root file copy"
+$CP_CMD  PREPENDED_README.md          ."${ROOT_DIR}"/README.md           || exit 1
+$CP_CMD  library.properties.tmp       ."${ROOT_DIR}"/library.properties  || exit 1
+$CP_CMD  "${TOP_DIR}"/"LICENSING"     ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"README"        ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"COPYING"       ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"ChangeLog.md"  ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".editorconfig" ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".gitignore"    ."${ROOT_DIR}"/                    || exit 1
+
+$CP_CMD  "keywords.txt"               ."${ROOT_DIR}"/                    || exit 1
+
+
+echo "Step 12: Workspace to publish:"
+echo ""
+head -n 3  PREPENDED_README.md
+echo ""
+ls ./wolfssl -al
+echo ""
+
+# Optionally install to a separate directory.
+# Note we should have exited above if a problem was encountered,
+# as we'll never want to install a bad library.
+if [ "$THIS_OPERATION" = "INSTALL" ]; then
+    if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
+        echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
+        cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+    else
+        echo "Config:"
+        echo "cp ../../examples/configs/user_settings_arduino.h  ".${ROOT_SRC_DIR}"/user_settings.h"
+        # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
+        grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
+
+        # Show the user_settings.h revision string:
+        grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
+        echo ""
+
+        echo "Install:"
+        echo "mv .$ROOT_DIR $ARDUINO_ROOT"
+        mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
+
+        echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
+    fi
+fi
+
+echo "Done!"

IDE/ARDUINO/wolfssl.h

@@ -0,0 +1,39 @@
+/* wolfssl.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #define WOLFSSL_USER_SETTINGS
+#endif
+
+#include <Arduino.h>
+
+/* wolfSSL user_settings.h must be included from settings.h */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+int wolfSSL_Arduino_Serial_Print(const char *const s)
+{
+    /* See wolfssl/wolfcrypt/logging.c */
+    Serial.println(F(s));
+    return 0;
+};

IDE/CRYPTOCELL/main.c

@@ -27,7 +27,7 @@
 /* wolfCrypt_Init/wolfCrypt_Cleanup to turn CryptoCell hardware on/off */
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-/* SEGGER_RTT_Init, you can potential replace it with other serial terminal */
+/* SEGGER_RTT_Init, you can potentially replace it with other serial terminal */
 #include "SEGGER_RTT.h"
 
 int main(void)

IDE/Espressif/ESP-IDF/README.md

@@ -1,27 +1,122 @@
-# ESP-IDF port
+# ESP-IDF Port
 
-NOTICE: These Espressif examples have been created and tested with the latest stable release branch of 
-[ESP-IDF V4](https://docs.espressif.com/projects/esp-idf/en/v4.4.1/esp32/get-started/index.html)
-and have not yet been upgraded to the master branch V5. 
-See the latest [migration guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
+These Espressif examples have been created and tested with the latest stable release branch of 
+[ESP-IDF V5.1](https://docs.espressif.com/projects/esp-idf/en/release-v5.1/esp32/get-started/index.html).
+The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended.
+Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
 
-## Overview
+See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
 
- ESP-IDF development framework with wolfSSL by setting *WOLFSSL_ESPIDF* definition
+## Examples
 
-Including the following examples:
+Included are the following [examples](./examples/README.md):
 
-* Simple [TLS client](./examples/wolfssl_client/)/[server](./examples/wolfssl_server/)
-* Cryptographic [test](./examples/wolfssl_test/)
-* Cryptographic [benchmark](./examples/wolfssl_benchmark/)
+* Bare-bones [Template](./examples/template/README.md)
+* Simple [TLS Client](./examples/wolfssl_client/README.md) / [TLS Server](./examples/wolfssl_server/README.md)
+* Cryptographic [Test](./examples/wolfssl_test/README.md)
+* Cryptographic [Benchmark](./examples/wolfssl_benchmark/README.md)
 
- The *user_settings.h* file enables some of the hardened settings.
+## Important Usage Details
+
+The wolfSSL code specific to the Espressif ESP-IDF development framework
+is gated in code with the `WOLFSSL_ESPIDF` definition. This is enabled
+automatically when the `WOLFSSL_USER_SETTINGS` is defined. The recommended
+method is to have this line in the main `CMakeLists.txt` file as shown in the
+[example](./examples/template/main/CMakeLists.txt):
+
+```cmake
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+```
+
+When defining `WOLFSSL_USER_SETTINGS`, this tells the `settings.h` file to
+looks for the wolfSSL `user_settings.h` in the project as described below.
+
+### File: `sdkconfig.h`
+
+The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
+file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html)
+time, should be included before any other files.
+
+### File: `user_settings.h`
+
+The `user_settings.h` file enables some of the hardened security settings. There are also some
+default configuration items in the wolfssl `settings.h`. With the latest version of
+wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized
+in your project `user_settings.h` as desired.
+
+See the respective project directory:
+
+  `[project-dir]/components/wolfssl/user_settings.h`
+
+A typical project will _not_ directly reference the `user_settings.h` file.
+Here's an example to be included at the top of a given source file:
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/settings.h> /* references user_settings.h */
+/* Do not explicitly include wolfSSL user_settings.h */
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+```
+
+Prior versions of the wolfSSL Espressif library expected the `user_settings.h` to be in the root wolfssl folder in a directory
+called `/include`. This method, while possible, is no longer recommended.
+
+Be sure to *not* have a `user_settings.h` in _both_ the local project and the wolfssl `include` directories.
+
+### File: `wolfssl/wolfcrypt/settings.h`
+
+The wolfSSL  built-in `settings.h` references your project `user_settings.h`. The
+`settings.h` should _not_ be edited directly. Any wolfSSL settings should be adjusted in your local project
+`user_settings.h` file.
+
+The `settings.h` has some SoC-target-specific settings, so be sure to `#include "sdkconfig.h"` at the beginning
+of your source code, particularly before the `#include <wolfssl/wolfcrypt/settings.h>` line.
 
 ## Requirements
 
  1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
 
-## Setup for Linux
+## wolfSSL as an Espressif component
+
+There are various methods available for using wolfSSL as a component:
+
+* Managed Component - easiest to get started.
+* Local component directory - best for development.
+* Install locally - least flexible, but project is fully self-contained.
+
+## Espressif Managed Components
+
+Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically:
+
+```
+idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
+```
+
+## Standard local component:
+
+See the [template example](./examples/template/README.md). Simply created a `wolfssl` directory in the
+local project `components` directory and place the [CMakeLists.txt](./examples/template/components/CMakeLists.txt)
+file there. Then add a `components/wolfssl/include` directory and place the [user_settings.h](/examples/template/components/wolfssl/include/user_settings.h)
+file there. If wolfSSL is in a structure such as `./workspace/wolfssl` with respect to your project at `./workspace/wolfssl`,
+then the cmake file should automatically find the wolfSSL source code. Otherwise set the cmake `WOLFSSL_ROOT` variable
+in the top-level CMake file. Examples:
+
+```cmake
+    set(WOLFSSL_ROOT  "C:/some-path/wolfssl")
+    set(WOLFSSL_ROOT  "c:/workspace/wolfssl-[username]")
+    set(WOLFSSL_ROOT  "/mnt/c/somepath/wolfssl")
+```
+
+See the specific examples for additional details.
+
+## Setup for Linux (wolfSSL local copy)
+
+This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
  1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
@@ -29,6 +124,8 @@ Including the following examples:
 
 ## Setup for Windows
 
+This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
+
  1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
  2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
  3. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
@@ -36,6 +133,12 @@ Including the following examples:
 
 ## Setup for VisualGDB
 
+See the local project `./VisualGDB` for sample project files. For single-step JTAG debugging on boards that do not
+have a built-in JTAG port, the wolfSSL examples use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme).
+
+See also the [gojimmypi blog](https://gojimmypi.github.io/Tigard-JTAG-SingleStep-Debugging-ESP32/) on using the Tigard
+to JTAG debug the ESP32.
+
 ### Clone a specific version:
 
 ```
@@ -44,11 +147,15 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
 ## Configuration
 
+ 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`. 
+
+## Configuration (Legacy IDF install)
+
  1. The `user_settings.h` can be found in _/path/to/esp_`/esp-idf/components/wolfssl/include/user_settings.h`
 
 ## Build examples
 
- 1. See README in each example folder
+ 1. See README in each example folder.
 
 ## Support
 
@@ -56,13 +163,13 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
  Note: This is tested with :  
    - OS: Ubuntu 20.04.3 LTS
-   - Microsoft Windows 10 Pro 10.0.19041 
-   - WSL Ubuntu
+   - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
+   - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
+   - WSL 1 Ubuntu 22.04.3 LTS
+   - ESP-IDF: ESP-IDF v5.1
+   - SoC Module : all those supported in ESP-IDF v5.1
 
-   - ESP-IDF: ESP-IDF v4.3.2
-   - Module : ESP32-WROOM-32
-
-## JTAG Debugging
+## JTAG Debugging Notes
 
 All of the examples are configured to use either the on-board JTAG (when available) or
 the open source [Tigard multi-protocol tool for hardware hacking](https://github.com/tigard-tools/tigard).
@@ -72,3 +179,28 @@ VisualGDB users should find the configuration file in the `interface\ftdi` direc
 ```
 C:\Users\%USERNAME%\AppData\Local\VisualGDB\EmbeddedDebugPackages\com.sysprogs.esp32.core\share\openocd\scripts\interface\ftdi
 ```
+
+For reference, the `tigard.cfg` looks like this:
+
+```
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# Tigard: An FTDI FT2232H-based multi-protocol tool for hardware hacking.
+# https://github.com/tigard-tools/tigard
+
+adapter driver ftdi
+
+ftdi device_desc "Tigard V1.1"
+ftdi vid_pid 0x0403 0x6010
+
+ftdi channel 1
+
+ftdi layout_init 0x0038 0x003b
+ftdi layout_signal nTRST -data 0x0010
+ftdi layout_signal nSRST -data 0x0020
+
+# This board doesn't support open-drain reset modes since its output buffer is
+# always enabled.
+reset_config srst_push_pull trst_push_pull
+
+```

IDE/Espressif/ESP-IDF/UPDATE.md

@@ -21,3 +21,4 @@ Updates to Espressif ESP-IDF wolfssl_benchmark and wolfssl_test examples:
 - Added VisualGDB Project file & Visual Studio solution file.
 - Added optional `time_helper` for wolfssl_test
 - Exclude `ssl_misc.c` in component cmake to fix warning:  #warning ssl_misc.c does not need to be compiled separately from ssl.c
+- Exclude `ssl_crypto.c` in component cmake to fix warning:  #warning ssl_crypto.c does not need to be compiled separately from ssl.c

IDE/Espressif/ESP-IDF/compileAllExamples.sh

@@ -62,6 +62,9 @@ if  [[ "$RUN_SETUP" == "--run-setup" ]]; then
     echo "Testing a build of wolfSSL in ESP-IDF components directory"
     echo ""
     for file in "test_idf"; do
+        if [ -e "../../../include/user_settings.h" ]; then
+          mv "../../../include/user_settings.h" "../../../include/user_settings.h.${file}.bak"
+        fi
         pushd ${SCRIPT_DIR}/examples/wolfssl_${file}/ && idf.py fullclean build;
         THIS_ERR=$?
         popd

IDE/Espressif/ESP-IDF/examples/README.md

@@ -0,0 +1,120 @@
+# wolfSSL Examples for Espressif
+
+## Core Examples
+
+These are the core examples for wolfSSL:
+
+- [Template](./template/README.md)
+
+- [Benchmark](./wolfssl_benchmark/README.md)
+
+- [Test](./wolfssl_test/README.md)
+
+- [TLS Client](./wolfssl_client/README.md)
+
+- [TLS Server](./wolfssl_server/README.md)
+
+## Other Espressif wolfSSL Examples
+
+See these other repositories for additional examples:
+
+- [wolfssl-examples/ESP32](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+
+- [wolfssh/Espressif](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif)
+
+- [wolfssh-examples/Espressif](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+
+
+## Interaction with wolfSSL CLI
+
+See the [server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
+and [client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
+examples.
+
+Here are some examples using wolfSSL from Linux to communicate with an
+ESP32 TLS client or server:
+
+TLS1.3 Linux Server
+```
+./examples/server/server -v 4 -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
+```
+
+TLS1.3 Linux Client to Linux Server: `TLS_AES_128_GCM_SHA256` (default)
+```
+./examples/client/client -v 4 -h 127.0.0.1 -p 11111 -A ./certs/ca-cert.pem
+```
+
+TLS1.2 Linux Server 
+```
+./examples/server/server -v 3 -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
+```
+
+TLS1.2 Linux Client to Linux Server: `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` (default)
+```
+./examples/client/client -v 3 -h 127.0.0.1 -p 11111 -A ./certs/ca-cert.pem
+```
+
+TLS1.2 Linux Client to ESP32 Server: `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
+```
+./examples/client/client -v 3 -h 192.168.1.109 -p 11111 -A ./certs/ca-cert.pem
+```
+
+TLS1.3 Linux Client to ESP32 Server: `TLS_AES_128_GCM_SHA256`
+```
+./examples/client/client -v 4 -h 192.168.1.109 -p 11111 -A ./certs/ca-cert.pem
+```
+
+
+There's an additional example that uses wolfSSL installed as a component to the shared ESP-IDF:
+
+- [Test IDF](./wolfssl_test_idf/README.md)
+
+## Installing wolfSSL for Espressif projects
+
+[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) 
+have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require 
+wolfSSL to be installed.
+
+If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) 
+and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
+
+The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)
+also installs source code locally, instead of pointing to a source repository.
+
+## VisualGDB
+
+Users of [VisualGDB](https://visualgdb.com/) can find Espressif project files in each respective
+example `.\VisualGDB` directory. For convenience, there are separate project for various
+target SoC and ESP-IDF version.
+
+For devices without a built-in JTAG, the projects are configured with the open source [Tigard](https://www.crowdsupply.com/securinghw/tigard)
+and using port `COM20`.
+
+For devices _with_ a built-in JTAG, the projects are using `COM9`.
+
+Edit the COM port for your project:
+
+- ESP-IDF Project; Bootloader COM Port.
+- Raw Terminal; COM Port
+
+
+## Troubleshooting
+
+If unusual errors occur, exit Visual Studio and manually delete these directories to start over:
+
+- `.\build`
+- `.\VisualGDB\.visualgdb`
+- `.\VisualGDB\.vs`
+
+It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've made changes to defaults)
+
+## Other Topics
+
+- esp32.com: [RSA peripheral 50% slower on ESP32-S3/C3 than S2](https://www.esp32.com/viewtopic.php?t=23830)
+
+- esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058)
+
+See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf).
+
+
+

IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt

@@ -1,15 +1,24 @@
+# wolfSSL Espressif Example Project CMakeLists.txt
+#   v1.0
+#
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.16)
 
+# The wolfSSL CMake file should be able to find the source code.
+# Otherwise, assign an environment variable or set it here:
+#
 # set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
-
-# This tag is used to include this file in the ESP Component Registry:
-# __ESP_COMPONENT_SOURCE__
-
+#
 # Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
 # USE_MY_PRIVATE_CONFIG path for my_private_config.h
 #
+# Expected path varies:
+#
+#     WSL:  /mnt/c/workspace
+#   Linux:  ~/workspace
+# Windows:  C:\workspace
+#
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
@@ -38,6 +47,27 @@ if(APPLE)
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_template)

IDE/Espressif/ESP-IDF/examples/template/README.md

@@ -1,6 +1,9 @@
 # wolfSSL Template Project
 
-This is an example minimally viable wolfSSL template to get started with your own project.
+This is an example of a minimally viable wolfSSL template to get started with your own project.
+
+For general information on [wolfSSL examples for Espressif](../README.md), see the
+[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
 
 ### Prerequisites
 
@@ -40,6 +43,9 @@ echo "Run export.sh from ${WRK_IDF_PATH}"
 # build the example:
 idf.py build
 
+# optionally erase the flash
+idf.py erase-flash -p /dev/ttyS19 -b 115200
+
 # flash the code onto the serial device at /dev/ttyS19
 idf.py flash -p /dev/ttyS19 -b 115200
 
@@ -61,4 +67,6 @@ For examples, see:
 - [wolfssh-examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
 
 
+See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
+
 

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt

@@ -19,6 +19,8 @@
 #
 # cmake for wolfssl Espressif projects
 #
+# Version 5.6.0.011 for detect test/benchmark
+#
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
 
@@ -26,6 +28,23 @@ cmake_minimum_required(VERSION 3.16)
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+
+# find the user name to search for possible "wolfssl-username"
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -41,11 +60,106 @@ set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl
 # We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
 # The root of wolfSSL is 7 directories up from here:
 
+# function: IS_WOLFSSL_SOURCE
+#  parameter: DIRECTORY_PARAMETER - the directory to test
+#  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
+function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+    if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
+        set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
+    else()
+        set(${RESULT} "" PARENT_SCOPE)
+    endif()
+endfunction()
+
+# function: FIND_WOLFSSL_DIRECTORY
+#  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
+#
+function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
+    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    else()
+        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        else()
+            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+            message(STATUS "$ENV{WOLFSSL_ROOT}")
+        endif()
+    endif()
+
+    # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+    message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+    get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+    message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+    string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+
+    # loop through all the parents, looking for wolfssl
+    while(NOT CURRENT_SEARCH_DIR STREQUAL "/" AND NOT CURRENT_SEARCH_DIR STREQUAL "" )
+        string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+        # wolfSSL may simply be in a parent directory, such as for local examples in wolfssl repo
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        if( THIS_USER )
+            # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+
+            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        # Next check for no user suffix "wolfssl" subdirectory as we recurse up the directory tree
+        set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+        # if(EXISTS ${CURRENT_SEARCH_DIR} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR} AND EXISTS "${CURRENT_SEARCH_DIR}/wolfcrypt/src")
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+        if ( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        # Move up one directory level
+        set(PRIOR_SEARCH_DIR "${CURRENT_SEARCH_DIR}")
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
+        message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+        if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
+            # when the search directory is empty, we'll give up
+            set(CURRENT_SEARCH_DIR "")
+        endif()
+    endwhile()
+
+    # If not found, set the output variable to empty before exiting
+    set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE)
+endfunction()
+
+
+# Example usage:
+
+
+
+
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                            PRIV_REQUIRES # esp_hw_support
+                                          esp_timer
+                                          driver # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -54,132 +168,41 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
-    # Check to see if we're already in wolfssl, and only if WOLFSSL_ROOT not specified
-    if ("${WOLFSSL_ROOT}" STREQUAL "")
-        # wolfssl examples are 7 directories deep from wolfssl repo root
-        #                        1  2  3  4  5  6  7
-        set(THIS_RELATIVE_PATH "../../../../../../..")
-        get_filename_component(THIS_SEARCH_PATH  "${THIS_RELATIVE_PATH}" ABSOLUTE)
-        message(STATUS "Searching in path = ${THIS_SEARCH_PATH}")
-
-        if (EXISTS "${THIS_SEARCH_PATH}/wolfcrypt/src")
-            # we're already in wolfssl examples!
-            get_filename_component(WOLFSSL_ROOT  "${THIS_SEARCH_PATH}" ABSOLUTE)
-            message(STATUS "Using wolfSSL example with root ${WOLFSSL_ROOT}")
-        else()
-            # We're in some other repo such as wolfssh, so we'll search for an
-            # adjacent-level directory for wolfssl. (8 directories up, then down one)
-            #
-            # For example wolfSSL examples:
-            #   C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\components\wolfssl
-            #
-            # For example wolfSSH examples:
-            #   C:\workspace\wolfssh-gojimmypi\ide\Espressif\ESP-IDF\examples\wolfssh_benchmark\components\wolfssl
-            #
-            #                        1  2  3  4  5  6  7  8
-            set(THIS_RELATIVE_PATH "../../../../../../../..")
-            get_filename_component(THIS_SEARCH_PATH  "${THIS_RELATIVE_PATH}" ABSOLUTE)
-            message(STATUS "Searching next in path = ${THIS_SEARCH_PATH}")
-        endif()
-    endif()
-
-    # search other possible locations
-    if ("${WOLFSSL_ROOT}" STREQUAL "")
-        # there's not a hard-coded WOLFSSL_ROOT value above, so let's see if we can find it.
-        if( "$ENV{WOLFSSL_ROOT}" STREQUAL "" )
-            message(STATUS "Environment Variable WOLFSSL_ROOT not set. Will search common locations.")
-
-            message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
-            get_filename_component(THIS_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
-            message(STATUS "THIS_DIR = ${THIS_DIR}")
-
-            # find the user name to search for possible "wolfssl-username"
-            message(STATUS "USERNAME = $ENV{USERNAME}")
-            if(  "$ENV{USER}" STREQUAL "" ) # the bash user
-                if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
-                    message(STATUS "could not find USER or USERNAME")
-                else()
-                    # the bash user is not blank, so we'll use it.
-                    set(THIS_USER "$ENV{USERNAME}")
-                endif()
-            else()
-                # the bash user is not blank, so we'll use it.
-               set(THIS_USER "$ENV{USER}")
-            endif()
-            message(STATUS "THIS_USER = ${THIS_USER}")
-
-            # This same makefile is used for both the wolfssl component, and other
-            # components that may depend on wolfssl, such as wolfssh. Therefore
-            # we need to determine if this makefile is in the wolfssl repo, or
-            # some other repo.
-
-            if(  "{THIS_USER}" STREQUAL "" )
-                # This is highly unusual to not find a user name.
-                # In this case, we'll just search for a "wolfssl" directory:
-                message(STATUS "No username found!")
-                get_filename_component(WOLFSSL_ROOT  "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE)
-            else()
-                # We found an environment USER name!
-                # The first place to look for wolfssl will be in a user-clone called "wolfssl-[username]"
-                message(STATUS "Using [THIS_USER = ${THIS_USER}] to see if there's a [relative path]/wolfssl-${THIS_USER} directory.")
-                get_filename_component(WOLFSSL_ROOT  "${THIS_RELATIVE_PATH}/wolfssl-${THIS_USER}" ABSOLUTE)
-
-                if( EXISTS "${WOLFSSL_ROOT}" )
-                    message(STATUS "Found wolfssl in user-suffix ${WOLFSSL_ROOT}")
-                else()
-                    # If there's not a user-clone called "wolfssl-[username]",
-                    # perhaps there's simply a git clone called "wolfssl"?
-                    message(STATUS "Did not find wolfssl-${THIS_USER}; continuing search...")
-                    get_filename_component(WOLFSSL_ROOT  "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE)
-
-                    if( EXISTS "${WOLFSSL_ROOT}" )
-                        message(STATUS "Found wolfssl in standard ${WOLFSSL_ROOT}")
-                    else()
-                        # Things are looking pretty bleak. We'll likely not be able to compile.
-                        message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}")
-                    endif()
-                endif()
-            endif()
-
-        else()
-            # there's an environment variable, so use it.
-            set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}")
-
-            if( EXISTS "${WOLFSSL_ROOT}" )
-                get_filename_component(WOLFSSL_ROOT  "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
-                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
-            else()
-                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-                message(STATUS "$ENV{WOLFSSL_ROOT}")
-            endif()
-        endif()
-        # end of search for wolfssl component root
-    else()
-        # There's already a value assigned; we won't search for anything else.
-        message(STATUS "Found user-specified WOLFSSL_ROOT value.")
-    endif() # WOLFSSL_ROOT user defined
-
-    # After all the logic above, does our WOLFSSL_ROOT actually exist?
-    if( EXISTS "${WOLFSSL_ROOT}" )
-        message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}")
+    # search for wolfSSL
+    FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    if(WOLFSSL_ROOT)
+        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
     else()
+        message(STATUS "NEW wolfssl directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}. Try setting environment variable or git clone.")
+        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
+                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
     endif()
 
-
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
+    set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+    endif()
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    endif()
+
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
-                          "\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application
-                          "\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application
-       ) # COMPONENT_SRCDIRS
+                          "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
+                         ) # COMPONENT_SRCDIRS
+
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+
 
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
@@ -267,10 +290,10 @@ else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
                             message(STATUS "Using existing wolfSSL user_settings.h in "
-                                           "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
                         else()
                             message(STATUS "Installing wolfSSL user_settings.h to "
-                                           "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
                             file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h"
                             DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/")
                         endif()
@@ -278,7 +301,12 @@ else()
 
                     # next check if there's a [root]/include/config.h
                     if( EXISTS "${WOLFSSL_ROOT}/include/config.h" )
-                        message(FATAL_ERROR "Found stray wolfSSL config.h in        ${WOLFSSL_ROOT}/include/config.h (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h")
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h"              )
+                        message(STATUS "  Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h"                   )
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" )
@@ -353,13 +381,22 @@ else()
         "\"${WOLFSSL_ROOT}/src/misc.c\""
         "\"${WOLFSSL_ROOT}/src/pk.c\""
         "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
-        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -404,6 +441,7 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
 

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h

@@ -19,13 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include <sdkconfig.h> /* essential to chip set detection */
-
-#undef WOLFSSL_ESPIDF
-#undef WOLFSSL_ESP32
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP32
-#undef WOLFSSL_ESP8266
+/* This user_settings.h is for Espressif ESP-IDF */
+#include <sdkconfig.h>
 
 /* The Espressif sdkconfig will have chipset info.
 **
@@ -38,6 +33,7 @@
 **   CONFIG_IDF_TARGET_ESP32C6
 */
 
+#undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
 /*
@@ -47,6 +43,9 @@
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
  */
+#undef WOLFSSL_ESPWROOM32SE
+#undef WOLFSSL_ESP8266
+#undef WOLFSSL_ESP32
 
 #define WOLFSSL_ESP32
 
@@ -54,6 +53,13 @@
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_256 */
 
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* When you don't want to use the old SHA */
+/* #define NO_SHA */
+/* #define NO_OLD_TLS */
+
 #define BENCH_EMBEDDED
 #define USE_CERT_BUFFERS_2048
 
@@ -67,11 +73,10 @@
 
 #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
 
-/* when you want to use SINGLE THREAD */
-#define SINGLE_THREADED
-
 #define NO_FILESYSTEM
 
+#define NO_OLD_TLS
+
 #define HAVE_AESGCM
 
 #define WOLFSSL_RIPEMD
@@ -79,25 +84,36 @@
 #define WOLFSSL_SHA224
 
 /* when you want to use SHA384 */
+#define WOLFSSL_SHA384
+
+/* when you want to use SHA512 */
+#define WOLFSSL_SHA512
+
+/* when you want to use SHA3 */
 #define WOLFSSL_SHA3
 
-#define WOLFSSL_SHA384
-#define WOLFSSL_SHA512
+/* Reminder: ED25519 requires SHA512 */
+#define HAVE_ED25519
+
 #define HAVE_ECC
 #define HAVE_CURVE25519
 #define CURVE25519_SMALL
 #define HAVE_ED25519
 
+/* Optional OPENSSL compatibility */
+#define OPENSSL_EXTRA
 /* when you want to use pkcs7 */
 /* #define HAVE_PKCS7 */
 
+#define HAVE_PKCS7
+
 #if defined(HAVE_PKCS7)
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 
@@ -111,22 +127,29 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* rsa primitive specific definition */
+/* RSA primitive specific definition */
 #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     /* Define USE_FAST_MATH and SMALL_STACK                        */
     #define ESP32_USE_RSA_PRIMITIVE
-    /* threshold for performance adjustment for HW primitive use   */
-    /* X bits of G^X mod P greater than                            */
-    #define EPS_RSA_EXPT_XBTIS           32
-    /* X and Y of X * Y mod P greater than                         */
-    #define ESP_RSA_MULM_BITS            9
+
+    #if defined(CONFIG_IDF_TARGET_ESP32)
+
+        /* NOTE HW unreliable for small values! */
+        /* threshold for performance adjustment for HW primitive use   */
+        /* X bits of G^X mod P greater than                            */
+        #undef  ESP_RSA_EXPT_XBITS
+        #define ESP_RSA_EXPT_XBITS 32
+
+        /* X and Y of X * Y mod P greater than                         */
+        #undef  ESP_RSA_MULM_BITS
+        #define ESP_RSA_MULM_BITS  16
+
+    #endif
 #endif
+
 #define RSA_LOW_MEM
 
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-/* #define WOLFSSL_ESP32_CRYPT_DEBUG */
-/* #define WOLFSSL_ATECC508A_DEBUG          */
+/* #define WOLFSSL_ATECC508A_DEBUG         */
 
 /* date/time                               */
 /* if it cannot adjust time in the device, */
@@ -134,64 +157,272 @@
 /* #define NO_ASN_TIME */
 /* #define XTIME time */
 
+
 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
 #define ESP_RSA_TIMEOUT_CNT    0x249F00
 
 #define HASH_SIZE_LIMIT /* for test.c */
 
+/* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
-/* optionally use SP_MATH */
-/* #define SP_MATH */
+/*****      Use SP_MATH      *****/
+/* #undef USE_FAST_MATH          */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
 
 #define WOLFSSL_SMALL_STACK
 
-#define HAVE_VERSION_EXTENDED_INFO
-#define HAVE_WC_INTROSPECTION
 
-/* allows for all version info, even that suppressed with introspection */
-#define ALLOW_BINARY_MISMATCH_INTROSPECTION
+#define HAVE_VERSION_EXTENDED_INFO
+/* #define HAVE_WC_INTROSPECTION */
+
+#define  HAVE_SESSION_TICKET
+
+/* #define HAVE_HASHDRBG */
+
+#define WOLFSSL_KEY_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_SYS_CA_CERTS
+
+
+#define WOLFSSL_CERT_TEXT
+
+#define WOLFSSL_ASN_TEMPLATE
+
+/*
+#undef  WOLFSSL_KEY_GEN
+#undef  WOLFSSL_CERT_REQ
+#undef  WOLFSSL_CERT_GEN
+#undef  WOLFSSL_CERT_EXT
+#undef  WOLFSSL_SYS_CA_CERTS
+*/
+
+/*
+--enable-keygen
+--enable-certgen
+--enable-certreq
+--enable-certext
+--enable-asn-template
+*/
 
 /* Default is HW enabled unless turned off.
-** Uncomment these lines for SW: */
+** Uncomment these lines to force SW instead of HW acceleration */
+
 #if defined(CONFIG_IDF_TARGET_ESP32)
-    /* #define NO_ESP32_CRYPT                 */
-    /* #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
-    /* #define NO_WOLFSSL_ESP32_CRYPT_AES     */
-    /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
-    #define NO_ESP32_CRYPT
-    #define NO_WOLFSSL_ESP32_CRYPT_HASH
-    #define NO_WOLFSSL_ESP32_CRYPT_AES
-    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
-    /* #define NO_ESP32_CRYPT                 */
-    /* #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
-    /* #define NO_WOLFSSL_ESP32_CRYPT_AES     */
-    /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
-#elif defined(CONFIG_IDF_TARGET_ESP32C2)
-    #define NO_ESP32_CRYPT
-    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
-    #define NO_ESP32_CRYPT
-    #define NO_WOLFSSL_ESP32_CRYPT_HASH
-    #define NO_WOLFSSL_ESP32_CRYPT_AES
-    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
-    #define NO_ESP32_CRYPT
-    #define NO_WOLFSSL_ESP32_CRYPT_HASH
-    #define NO_WOLFSSL_ESP32_CRYPT_AES
-    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    /*  TODO: Revisit ESP8266 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
 #else
+    /* Anything else encountered, disable HW accleration */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+/* Debug options:
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+*/
+
+#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+#define WOLFSSL_HW_METRICS
+
+/* #define HASH_SIZE_LIMIT */ /* for test.c */
+
+/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+#define WOLFSSL_PUBLIC_MP /* used by benchmark */
+#define USE_CERT_BUFFERS_2048
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #define USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_256
+    #define CTX_CA_CERT          ca_cert_der_2048
+    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+    #define CTX_SERVER_CERT      server_cert_der_2048
+    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+    #define CTX_SERVER_KEY       server_key_der_2048
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 #endif

IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt

@@ -1,11 +1,36 @@
-# This tag is used to include this file in the ESP Component Registry:
-# __ESP_COMPONENT_SOURCE__
-
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.0
 #
-# wolfssl client test
+# wolfssl template
 #
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message("Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message("Detected UNIX")
+endif()
+if(APPLE)
+    message("Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message("Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message("Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message("Detected Apple")
+endif()
 set (git_cmd "git")
 
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -20,8 +45,8 @@ endif()
 
 ## register_component()
 idf_component_register(SRCS main.c
-                       INCLUDE_DIRS "." "./include")
-#
+                       INCLUDE_DIRS "."
+                                    "./include")
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)

IDE/Espressif/ESP-IDF/examples/template/main/main.c

@@ -38,6 +38,12 @@ void app_main(void)
     esp_ShowExtendedSystemInfo();
 #endif
 
+#if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
+    esp_hw_show_metrics();
+#endif
+
     ESP_LOGI(TAG, "\n\nDone!"
-                  "If running from idf.py monitor, press twice: Ctrl+]");
+                  "If running from idf.py monitor, press twice: Ctrl+]\n\n"
+                  "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */
+            );
 }

IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv

@@ -0,0 +1,31 @@
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,

IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults

@@ -0,0 +1,35 @@
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
+
+#
+# Default main stack size
+#
+# This is typically way bigger than needed for stack size. See user_settings.h
+#
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+
+# Legacy stack size for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Compiler options
+#
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+CONFIG_COMPILER_STACK_CHECK=y
+
+#
+# Partition Table
+#
+# CONFIG_PARTITION_TABLE_SINGLE_APP is not set
+CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y
+# CONFIG_PARTITION_TABLE_TWO_OTA is not set
+# CONFIG_PARTITION_TABLE_CUSTOM is not set
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="partitions_singleapp_large.csv"
+CONFIG_PARTITION_TABLE_OFFSET=0x8000
+CONFIG_PARTITION_TABLE_MD5=y
+# end of Partition Table

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt

@@ -1,6 +1,27 @@
+# wolfSSL Espressif Example Project CMakeLists.txt
+#   v1.0
+#
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.16)
+
+# The wolfSSL CMake file should be able to find the source code.
+# Otherwise, assign an environment variable or set it here:
+#
+# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
+#
+# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
+# USE_MY_PRIVATE_CONFIG path for my_private_config.h
+#
+# Expected path varies:
+#
+#     WSL:  /mnt/c/workspace
+#   Linux:  ~/workspace
+# Windows:  C:\workspace
+#
+
+# Optionally specify a location for wolfSSL component source code
+# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" )
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md

@@ -1,6 +1,59 @@
 # wolfSSL Benchmark Example
 
-The Example contains of wolfSSL benchmark program.
+This ESP32 example uses the [wolfSSL wolfcrypt Benchmark Application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/benchmark).
+
+For general information on [wolfSSL examples for Espressif](../README.md), see the
+[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
+
+## Espressif ESP Component Registry
+
+See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl)
+
+
+## Windows COM Port
+
+All of these examples use COM20 on Windows. The DOS `change port` command can be use to assign any
+other local port to `COM20` as needed:
+
+```
+change port com20=com23
+```
+
+## VisualGDB
+
+Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
+No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`.
+
+Include in the respective project `./VisualGDB` directory are [VisualGDB](https://visualgdb.com/) project files.
+Individual project files are included for convenience to new users,
+as there are [difficulties switching between ESP-IDF Versions or Chipsets](https://sysprogs.com/w/forums/topic/difficulties-switching-espressif-esp-idf-version-or-chipset/)
+using the VisualGDB extension.
+
+The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project.
+
+
+-------- |------------- |------------- |
+ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.1 |
+-------- |------------- |------------- |
+ESP32    |      x       |              |
+ESP32-S2 |              |              |
+ESP32-S3 |      x       |      x       |
+ESP32-C3 |      x       |      x       |
+ESP32-C6 |              |              |
+
+
+The default directories are:
+
+- `C:\SysGCC` - The root directory install of VisualGDB
+- `C:\SysGCC\esp32` - The default for ESP-IDF v5.x
+- `C:\SysGCC\esp32-8.4` - Many need to manually select this name for ESP-IDF v4.x install
+- `C:\SysGCC\esp8266`- The default for ESP8266
+
+Windows ports assigned with the `change port` command may not appear in the VisualGDB dropdowns but can still
+be used when manually typed.
+See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-show-windows-change-port-results-in-com-port-dropdown-lists/).
+
+## ESP-IDF Commandline
 
 1. `idf.py menuconfig` to configure the program.  
     1-1. Example Configuration ->
@@ -22,17 +75,30 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor
 Example build on WSL:
 
 ```
-Optionally install wolfSSL component
-# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF
-./setup.sh
+Optionally update toolchain
+
+cd /mnt/c/SysGCC/esp32/esp-idf/master
+git fetch
+git pull
+git submodule update --init --recursive
 
 cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
 
-# Pick ESP-IDF install directory, this one for v4.4.2 in VisualGDB
-. /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/export.sh
+# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
 
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
+WRK_IDF_PATH=~/esp/esp-idf
 
-idf.py build flash -p /dev/ttyS20 -b 921600 monitor
+. $WRK_IDF_PATH/export.sh
+
+# Set target SoC
+idf.py set-target esp32c3
+
+# Optionally erase
+
+# Build and flash
+idf.py build flash -p /dev/ttyS20 -b 115200 monitor
 ```
 
 ## Example Output
@@ -42,7 +108,7 @@ compatible across the widest ranges of targets. Contact wolfSSL at support@wolfs
 for help in optimizing for your particular application, or see the 
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
-Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 921600 monitor`:
+Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
 
 ```
 --- idf_monitor on /dev/ttyS7 115200 ---
@@ -186,5 +252,7 @@ compilation terminated.
 A 'clean` may be needed after freshly installing a new component:
 
 ```
-idf.py clean build  flash -p /dev/ttyS7 -b 921600 monitor
-```
+idf.py clean build  flash -p /dev/ttyS7 -b 115200 monitor
+```
+
+See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj

@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<VisualGDBProjectSettings2 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <Project xsi:type="com.visualgdb.project.external.esp-idf">
     <CustomSourceDirectories>
       <Directories />
@@ -220,7 +220,7 @@
     <DebugMethod>
       <ID>openocd</ID>
       <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp32">
-        <CommandLine>-f interface/tigard.cfg -c "adapter_khz 15000" -f target/esp32.cfg</CommandLine>
+        <CommandLine>-f interface/ftdi/tigard.cfg -c "adapter_khz 15000" -f target/esp32.cfg</CommandLine>
         <ExtraParameters>
           <Frequency xsi:nil="true" />
           <BoostedFrequency xsi:nil="true" />

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt

@@ -17,210 +17,437 @@
 #  along with this program; if not, write to the Free Software
 #  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
-# cmake for wolfssl
+# cmake for wolfssl Espressif projects
 #
-cmake_minimum_required(VERSION 3.5)
+# Version 5.6.0.011 for detect test/benchmark
+#
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
+#
+
+cmake_minimum_required(VERSION 3.16)
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 set(CMAKE_CURRENT_SOURCE_DIR ".")
+set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# We are currently in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
-# The root of wolfSSL is 7 directories up from here:
-get_filename_component(WOLFSSL_ROOT  "../../../../../../../" ABSOLUTE)
-
-# Espressif may take several passes through this makefile. Check to see if we found IDF
-string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
-
-if($WOLFSSL_FOUND_IDF)
-    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
-    message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}")
-    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
-endif()
-
-# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
-FILE(GLOB EXCLUDE_ASM *.S)
-file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
-
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
-    message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}")
-endif()
-
-set(INCLUDE_PATH ${WOLFSSL_ROOT})
-
-set(COMPONENT_SRCDIRS "${WOLFSSL_ROOT}/src/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/benchmark/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/test/"
-                        )
-
-set(COMPONENT_REQUIRES lwip)
-
-
-# check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-    #
-    # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
-    #
-    message(STATUS "")
-    message(STATUS "**************************************************************************************")
-    message(STATUS "")
-    message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH")
-    message(STATUS "")
-    message(STATUS "To proceed: ")
-    message(STATUS "")
-    message(STATUS "Remove either the local project component: ${CMAKE_HOME_DIRECTORY}/components/wolfssl/ ")
-    message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
-    message(STATUS "")
-    message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
-    message(STATUS "")
-    message(STATUS "**************************************************************************************")
-    message(STATUS "")
-
-    # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
-
-else()
-    if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-        #
-        # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup.
-        #
-        message(STATUS "")
-        message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}")
-        message(STATUS "")
+# find the user name to search for possible "wolfssl-username"
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
     else()
-        #
-        # wolfSSL is not an ESP-IDF component. We need to now determine if it is local and if so if it is part of the wolfSSL repo
-        # or if  wolfSSL is simply installed as a local component.
-        #
-        if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" )
-            #
-            # wolfSSL found in local project.
-            #
-            if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/include/" )
-                message(STATUS "")
-                message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = $ENV{CMAKE_HOME_DIRECTORY}")
-                message(STATUS "")
-                #
-                # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components.
-                #
-                # We won't do anything else here, as it will be assumed the original install completed successfully.
-                #
-            else()
-                #
-                # This is the developer repo mode. wolfSSL will be assume to be not installed to ESP-IDF nor local project
-                # In this configuration, we are likely running a wolfSSL example found directly in the repo.
-                #
-                message(STATUS "")
-                message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = $ENV{CMAKE_HOME_DIRECTORY}")
-                message(STATUS "")
-
-                message(STATUS "************************************************************************************************")
-                # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories.
-                # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed.
-                #
-                # first check if there's a [root]/include/user_settings.h
-                if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" )
-                    # we won't overwrite an existing user settings file, just note that we already have one:
-                    message(STATUS "Found wolfSSL user_settings.h in ${WOLFSSL_ROOT}/include/user_settings.h")
-                else()
-                    message(STATUS "Installing wolfSSL user_settings.h to ${WOLFSSL_ROOT}/include/user_settings.h")
-                    file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${WOLFSSL_ROOT}/include/")
-                endif() # user_settings.h
-
-                # next check if there's a [root]/include/config.h
-                if( EXISTS "${WOLFSSL_ROOT}/include/config.h" )
-                    message(STATUS "Found wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h")
-                else()
-                    message(STATUS "Installing wolfSSL config.h to ${WOLFSSL_ROOT}/include/config.h")
-                    file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_ROOT}/include/")
-                    file(RENAME "${WOLFSSL_ROOT}/include/dummy_config_h" "${WOLFSSL_ROOT}/include/config.h")
-                endif() # config.h
-                message(STATUS "************************************************************************************************")
-                message(STATUS "")
-            endif()
-
-        else()
-            # we did not find a ./components/wolfssl/include/ directory from this pass of cmake.
-            if($WOLFSSL_FOUND_IDF)
-                message(STATUS "")
-                message(STATUS "WARNING: wolfSSL not found.")
-                message(STATUS "")
-            else()
-                # probably needs to be re-parsed by Espressif
-                message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}")
-            endif() # else we have not found ESP-IDF yet
-        endif() # else not a local wolfSSL component
-
-    endif() #else not an ESP-IDF component
-endif() # else not local copy and EDP-IDF wolfSSL
-
-
-# RTOS_IDF_PATH is typically:
-# "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos"
-# depending on the environment, we may need to swap backslashes with forward slashes
-string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos")
-
-# ESP-IDF after version 4.4x has a different RTOS directory structure
-string(REPLACE "\\" "/" RTOS_IDF_PATH5 "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
-
-if(IS_DIRECTORY ${IDF_PATH}/components/freertos/FreeRTOS-Kernel/)
-    set(COMPONENT_ADD_INCLUDEDIRS
-        "."
-       "${WOLFSSL_ROOT}/include"
-       "${RTOS_IDF_PATH5}"
-       "${WOLFSSL_ROOT}"
-       )
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
 else()
-
-   set(COMPONENT_ADD_INCLUDEDIRS
-       "."
-       "${WOLFSSL_ROOT}/include"
-       "${RTOS_IDF_PATH}"
-       "${WOLFSSL_ROOT}"
-      )
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
 endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
 
-if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
-    list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
-endif()
 
-set(COMPONENT_SRCEXCLUDE
-    "${WOLFSSL_ROOT}/src/bio.c"
-    "${WOLFSSL_ROOT}/src/conf.c"
-    "${WOLFSSL_ROOT}/src/misc.c"
-    "${WOLFSSL_ROOT}/src/pk.c"
-    "${WOLFSSL_ROOT}/src/ssl_asn1.c" # included by ssl.c
-    "${WOLFSSL_ROOT}/src/ssl_bn.c" # included by ssl.c
-    "${WOLFSSL_ROOT}/src/ssl_certman.c" # included by ssl.c
-    "${WOLFSSL_ROOT}/src/ssl_misc.c" # included by ssl.c
-    "${WOLFSSL_ROOT}/src/x509.c"
-    "${WOLFSSL_ROOT}/src/x509_str.c"
-    "${WOLFSSL_ROOT}/wolfcrypt/src/evp.c"
-    "${WOLFSSL_ROOT}/wolfcrypt/src/misc.c"
-    "${EXCLUDE_ASM}"
-    )
-set(COMPONENT_PRIV_INCLUDEDIRS ${IDF_PATH}/components/driver/include)
+# COMPONENT_NAME = wolfssl
+# The component name is the directory name. "No feature to change this".
+# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
+
+# set the root of wolfSSL in top-level project CMakelists.txt:
+#   set(WOLFSSL_ROOT  "C:/some path/with/spaces")
+#   set(WOLFSSL_ROOT  "c:/workspace/wolfssl-[username]")
+#   set(WOLFSSL_ROOT  "/mnt/c/some path/with/spaces")
+#   or use this logic to assign value from Environment Variable WOLFSSL_ROOT,
+#   or assume this is an example 7 subdirectories below:
+
+# We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
+# The root of wolfSSL is 7 directories up from here:
+
+# function: IS_WOLFSSL_SOURCE
+#  parameter: DIRECTORY_PARAMETER - the directory to test
+#  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
+function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+    if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
+        set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
+    else()
+        set(${RESULT} "" PARENT_SCOPE)
+    endif()
+endfunction()
+
+# function: FIND_WOLFSSL_DIRECTORY
+#  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
+#
+function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
+    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    else()
+        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        else()
+            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+            message(STATUS "$ENV{WOLFSSL_ROOT}")
+        endif()
+    endif()
+
+    # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+    message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+    get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+    message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+    string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+
+    # loop through all the parents, looking for wolfssl
+    while(NOT CURRENT_SEARCH_DIR STREQUAL "/" AND NOT CURRENT_SEARCH_DIR STREQUAL "" )
+        string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+        # wolfSSL may simply be in a parent directory, such as for local examples in wolfssl repo
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        if( THIS_USER )
+            # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+
+            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        # Next check for no user suffix "wolfssl" subdirectory as we recurse up the directory tree
+        set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+        # if(EXISTS ${CURRENT_SEARCH_DIR} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR} AND EXISTS "${CURRENT_SEARCH_DIR}/wolfcrypt/src")
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+        if ( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        # Move up one directory level
+        set(PRIOR_SEARCH_DIR "${CURRENT_SEARCH_DIR}")
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
+        message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+        if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
+            # when the search directory is empty, we'll give up
+            set(CURRENT_SEARCH_DIR "")
+        endif()
+    endwhile()
+
+    # If not found, set the output variable to empty before exiting
+    set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE)
+endfunction()
+
+
+# Example usage:
+
+
+
+
+if(CMAKE_BUILD_EARLY_EXPANSION)
+    message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
+    idf_component_register(
+                            REQUIRES "${COMPONENT_REQUIRES}"
+                            PRIV_REQUIRES # esp_hw_support
+                                          esp_timer
+                                          driver # this will typically only be needed for wolfSSL benchmark
+                           )
+
+else()
+    # not CMAKE_BUILD_EARLY_EXPANSION
+    message(STATUS "************************************************************************************************")
+    message(STATUS "wolfssl component config:")
+    message(STATUS "************************************************************************************************")
+
+    # search for wolfSSL
+    FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    if(WOLFSSL_ROOT)
+        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        message(STATUS "NEW wolfssl directory not found.")
+        # Abort. We need wolfssl _somewhere_.
+        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
+                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+    endif()
+
+    set(INCLUDE_PATH ${WOLFSSL_ROOT})
+
+    set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+    endif()
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    endif()
+
+    set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
+                          "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
+                         ) # COMPONENT_SRCDIRS
+
+    message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
+
+    set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+
+
+    # Espressif may take several passes through this makefile. Check to see if we found IDF
+    string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
+
+    # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
+    file(GLOB EXCLUDE_ASM *.S)
+    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+
+    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
+    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
+    message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}")
+
+    #
+    # Check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components.
+    #
+    if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+        #
+        # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
+        #
+        message(STATUS "")
+        message(STATUS "**************************************************************************************")
+        message(STATUS "")
+        message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH")
+        message(STATUS "")
+        message(STATUS "To proceed: ")
+        message(STATUS "")
+        message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
+        message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
+        message(STATUS "")
+        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
+        message(STATUS "")
+        message(STATUS "**************************************************************************************")
+        message(STATUS "")
+
+        # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
+
+    else()
+        if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+            #
+            # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup.
+            #
+            message(STATUS "")
+            message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}")
+            message(STATUS "")
+        else()
+            #
+            # wolfSSL is not an ESP-IDF component.
+            # We need to now determine if it is local and if so if it is part of the wolfSSL repo,
+            # or if  wolfSSL is simply installed as a local component.
+            #
+
+            if( EXISTS "${WOLFSSL_PROJECT_DIR}" )
+                #
+                # wolfSSL found in local project.
+                #
+                if( EXISTS "${WOLFSSL_PROJECT_DIR}/wolfcrypt/" )
+                    message(STATUS "")
+                    message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
+                    message(STATUS "")
+                    #
+                    # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components.
+                    #
+                    # We won't do anything else here, as it will be assumed the original install completed successfully.
+                    #
+                else() # full wolfSSL not installed in local project
+                    #
+                    # This is the developer repo mode. wolfSSL will be assumed to be not installed to ESP-IDF nor local project
+                    # In this configuration, we are likely running a wolfSSL example found directly in the repo.
+                    #
+                    message(STATUS "")
+                    message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
+                    message(STATUS "")
+
+                    message(STATUS "************************************************************************************************")
+                    # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories.
+                    # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed.
+                    #
+                    # first check if there's a [root]/include/user_settings.h
+                    if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" )
+                        message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
+                                            "${WOLFSSL_ROOT}/include/user_settings.h "
+                                            " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                    else()
+                        # we won't overwrite an existing user settings file, just note that we already have one:
+                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
+                            message(STATUS "Using existing wolfSSL user_settings.h in "
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                        else()
+                            message(STATUS "Installing wolfSSL user_settings.h to "
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                            file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h"
+                            DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/")
+                        endif()
+                    endif() # user_settings.h
+
+                    # next check if there's a [root]/include/config.h
+                    if( EXISTS "${WOLFSSL_ROOT}/include/config.h" )
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h"              )
+                        message(STATUS "  Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h"                   )
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
+                    else()
+                        # we won't overwrite an existing user settings file, just note that we already have one:
+                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" )
+                            message(STATUS "Using existing wolfSSL config.h           ${WOLFSSL_PROJECT_DIR}/include/config.h")
+                        else()
+                            message(STATUS "Installing wolfSSL config.h to            ${WOLFSSL_PROJECT_DIR}/include/config.h")
+                            file(COPY   "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_PROJECT_DIR}/include/")
+                            file(RENAME "${WOLFSSL_PROJECT_DIR}/include/dummy_config_h" "${WOLFSSL_PROJECT_DIR}/include/config.h")
+                        endif() # Project config.h
+                    endif() # WOLFSSL_ROOT config.h
+                    message(STATUS "************************************************************************************************")
+                    message(STATUS "")
+                endif()
+
+            else()
+                # we did not find a ./components/wolfssl/include/ directory from this pass of cmake.
+                if($WOLFSSL_FOUND_IDF)
+                    message(STATUS "")
+                    message(STATUS "WARNING: wolfSSL not found.")
+                    message(STATUS "")
+                else()
+                    # probably needs to be re-parsed by Espressif
+                    message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}")
+                endif() # else we have not found ESP-IDF yet
+            endif() # else not a local wolfSSL component
+
+        endif() #else not an ESP-IDF component
+    endif() # else not local copy and EDP-IDF wolfSSL
+
+
+    # RTOS_IDF_PATH is typically:
+    # "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos"
+    # depending on the environment, we may need to swap backslashes with forward slashes
+    string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
+
+    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+
+    if(IS_DIRECTORY "${RTOS_IDF_PATH}")
+        message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
+    else()
+        # ESP-IDF prior version 4.4x has a different RTOS directory structure
+        string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos")
+        if(IS_DIRECTORY "${RTOS_IDF_PATH}")
+            message(STATUS "Found legacy RTOS path: ${RTOS_IDF_PATH}")
+        else()
+            message(STATUS "Could not find RTOS path")
+        endif()
+    endif()
+
+
+    set(COMPONENT_ADD_INCLUDEDIRS
+        "./include" # this is the location of wolfssl user_settings.h
+        "\"${WOLFSSL_ROOT}/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${RTOS_IDF_PATH}/\""
+        )
+
+
+    if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
+        list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
+    endif()
+
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/\"")
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
+
+
+
+    set(COMPONENT_SRCEXCLUDE
+        "\"${WOLFSSL_ROOT}/src/bio.c\""
+        "\"${WOLFSSL_ROOT}/src/conf.c\""
+        "\"${WOLFSSL_ROOT}/src/misc.c\""
+        "\"${WOLFSSL_ROOT}/src/pk.c\""
+        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/x509.c\""
+        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${EXCLUDE_ASM}\""
+        )
+
+    spaces2list(COMPONENT_REQUIRES)
+
+    separate_arguments(COMPONENT_SRCDIRS NATIVE_COMMAND "${COMPONENT_SRCDIRS}")
+    separate_arguments(COMPONENT_SRCEXCLUDE NATIVE_COMMAND "${COMPONENT_SRCEXCLUDE}")
+    separate_arguments(COMPONENT_ADD_INCLUDEDIRS NATIVE_COMMAND "${COMPONENT_ADD_INCLUDEDIRS}")
+
+    #
+    # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#example-component-requirements
+    #
+    message(STATUS "COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
+    message(STATUS "COMPONENT_ADD_INCLUDEDIRS = ${COMPONENT_ADD_INCLUDEDIRS}")
+    message(STATUS "COMPONENT_REQUIRES = ${COMPONENT_REQUIRES}")
+    message(STATUS "COMPONENT_SRCEXCLUDE = ${COMPONENT_SRCEXCLUDE}")
+
+    #
+    # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
+    #
+    set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
+    idf_component_register(
+                            SRC_DIRS "${COMPONENT_SRCDIRS}"
+                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                            REQUIRES "${COMPONENT_REQUIRES}"
+                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                           )
+    # some optional diagnostics
+    if (1)
+        get_cmake_property(_variableNames VARIABLES)
+        list (SORT _variableNames)
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES BEGIN")
+        message(STATUS "")
+        foreach (_variableName ${_variableNames})
+            message(STATUS "${_variableName}=${${_variableName}}")
+        endforeach()
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES END")
+        message(STATUS "")
+    endif()
+
+    # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+
+endif() # CMAKE_BUILD_EARLY_EXPANSION
 
-register_component()
 
-# some optional diagnostics
-if (0)
-    get_cmake_property(_variableNames VARIABLES)
-    list (SORT _variableNames)
-    message(STATUS "")
-    message(STATUS "ALL VARIABLES BEGIN")
-    message(STATUS "")
-    foreach (_variableName ${_variableNames})
-        message(STATUS "${_variableName}=${${_variableName}}")
-    endforeach()
-    message(STATUS "")
-    message(STATUS "ALL VARIABLES END")
-    message(STATUS "")
-endif()
 
 # check to see if there's both a local copy and EDP-IDF copy of the wolfssl components
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
     message(STATUS "")
     message(STATUS "")
     message(STATUS "********************************************************************")
@@ -231,3 +458,69 @@ endif()
 # end multiple component check
 
 
+#
+# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
+#
+# Save the THIS_VAR as a string in a macro called VAR_OUPUT
+#
+# VAR_OUPUT:  the name of the macro to define
+# THIS_VAR:   the OUTPUT_VARIABLE result from a execute_process()
+# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
+#
+function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
+    # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
+    string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
+
+    # if we had a successful operation, save the THIS_VAR in VAR_OUPUT
+    if(${IS_VALID_VALUE})
+        # strip newline chars in THIS_VAR parameter and save in VAR_VALUE
+        string(REPLACE "\n" ""  VAR_VALUE  ${THIS_VAR})
+
+        # we'll could percolate the value to the parent for possible later use
+        # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
+
+        # but we're only using it here in this function
+        set(${VAR_OUPUT} ${VAR_VALUE})
+
+        # we'll print what we found to the console
+        message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
+
+        # the interesting part is defining the VAR_OUPUT name a value to use in the app
+        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+    else()
+        # if we get here, check the execute_process command and parameters.
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        set(${VAR_OUPUT} "Unknown")
+    endif()
+endfunction() # LIBWOLFSSL_SAVE_INFO
+
+# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
+# see wolfcrypt\src\port\Espressif\esp32_utl.c
+if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+    set (git_cmd "git")
+    message(STATUS "Adding macro definitions:")
+
+    # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
+
+    message(STATUS "************************************************************************************************")
+    message(STATUS "wolfssl component config complete!")
+    message(STATUS "************************************************************************************************")
+endif()

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h

@@ -0,0 +1,450 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This user_settings.h is for Espressif ESP-IDF */
+#include <sdkconfig.h>
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/*
+ * choose ONE of these Espressif chips to define:
+ *
+ * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
+ * WOLFSSL_ESP8266
+ */
+#undef WOLFSSL_ESPWROOM32SE
+#undef WOLFSSL_ESP8266
+#undef WOLFSSL_ESP32
+
+#define WOLFSSL_ESP32
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* When you don't want to use the old SHA */
+/* #define NO_SHA */
+/* #define NO_OLD_TLS */
+
+#define BENCH_EMBEDDED
+#define USE_CERT_BUFFERS_2048
+
+/* TLS 1.3                                 */
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define WC_RSA_PSS
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_SUPPORTED_CURVES
+
+#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+#define NO_FILESYSTEM
+
+#define NO_OLD_TLS
+
+#define HAVE_AESGCM
+
+#define WOLFSSL_RIPEMD
+/* when you want to use SHA224 */
+#define WOLFSSL_SHA224
+
+/* when you want to use SHA384 */
+#define WOLFSSL_SHA384
+
+/* when you want to use SHA512 */
+#define WOLFSSL_SHA512
+
+/* when you want to use SHA3 */
+#define WOLFSSL_SHA3
+
+ /* ED25519 requires SHA512 */
+#define HAVE_ED25519
+
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+
+#define OPENSSL_EXTRA
+/* when you want to use pkcs7 */
+/* #define HAVE_PKCS7 */
+
+#define HAVE_PKCS7
+
+#if defined(HAVE_PKCS7)
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* when you want to use aes counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* rsa primitive specific definition */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Define USE_FAST_MATH and SMALL_STACK                        */
+    #define ESP32_USE_RSA_PRIMITIVE
+
+    #if defined(CONFIG_IDF_TARGET_ESP32)
+
+        /* NOTE HW unreliable for small values! */
+        /* threshold for performance adjustment for HW primitive use   */
+        /* X bits of G^X mod P greater than                            */
+        #undef  ESP_RSA_EXPT_XBITS
+        #define ESP_RSA_EXPT_XBITS 32
+
+        /* X and Y of X * Y mod P greater than                         */
+        #undef  ESP_RSA_MULM_BITS
+        #define ESP_RSA_MULM_BITS  16
+
+    #endif
+#endif
+
+#define RSA_LOW_MEM
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
+#define ESP_RSA_TIMEOUT_CNT    0x349F00
+
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef USE_FAST_MATH          */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+
+#define WOLFSSL_SMALL_STACK
+
+
+#define HAVE_VERSION_EXTENDED_INFO
+/* #define HAVE_WC_INTROSPECTION */
+
+#define  HAVE_SESSION_TICKET
+
+/* #define HAVE_HASHDRBG */
+
+#define WOLFSSL_KEY_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_SYS_CA_CERTS
+
+
+#define WOLFSSL_CERT_TEXT
+
+#define WOLFSSL_ASN_TEMPLATE
+
+/*
+#undef  WOLFSSL_KEY_GEN
+#undef  WOLFSSL_CERT_REQ
+#undef  WOLFSSL_CERT_GEN
+#undef  WOLFSSL_CERT_EXT
+#undef  WOLFSSL_SYS_CA_CERTS
+*/
+
+/*
+--enable-keygen
+--enable-certgen
+--enable-certreq
+--enable-certext
+--enable-asn-template
+*/
+
+/* Default is HW enabled unless turned off.
+** Uncomment these lines to force SW instead of HW acceleration */
+
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    /*  TODO: Revisit ESP8266 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
+#else
+    /* Anything else encountered, disable HW accleration */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+/* Debug options:
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+*/
+
+/* Pause in a loop rather than exit. */
+#define WOLFSSL_ESPIDF_ERROR_PAUSE
+
+#define WOLFSSL_HW_METRICS
+
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
+
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+#define WOLFSSL_PUBLIC_MP /* used by benchmark */
+#define USE_CERT_BUFFERS_2048
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #define USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_256
+    #define CTX_CA_CERT          ca_cert_der_2048
+    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+    #define CTX_SERVER_CERT      server_cert_der_2048
+    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+    #define CTX_SERVER_KEY       server_key_der_2048
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+#endif
+
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt

@@ -1,10 +1,9 @@
-
 #
 # wolfssl benchmark test
 #
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-set(COMPONENT_SRCS main.c)
+set(COMPONENT_SRCS "main.c")
 set(COMPONENT_ADD_INCLUDEDIRS ".")
 
 set (git_cmd "git")
@@ -19,7 +18,9 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
-register_component()
+idf_component_register(SRCS main.c
+                       INCLUDE_DIRS "." 
+                       "./include")
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk

@@ -1,8 +1,8 @@
 #
 # Main component makefile.
 #
-# This Makefile can be left empty. By default, it will take the sources in the 
-# src/ directory, compile them and link them into lib(subdirectory_name).a 
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
 # in the build directory. This behaviour is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
-#
+#

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h

@@ -1,4 +1,3 @@
-#pragma once
 /* benchmark main.h
  *
  * Copyright (C) 2006-2023 wolfSSL Inc.
@@ -20,10 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifndef _MAIN_
+#define _MAIN_
+
 void app_main(void);
 
 /* see wolfssl/wolfcrypt/benchmark/benchmark.h */
 extern void wolf_benchmark_task();
 
-
-
+#endif

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c

@@ -18,25 +18,36 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 /* ESP-IDF */
 #include <esp_log.h>
 #include "sdkconfig.h"
 
 /* wolfSSL */
+/* The wolfSSL user_settings.h file is automatically included by the settings.h
+ * file and should never be explicitly included in any other source files.
+ * The settings.h should also be listed above wolfssl library include files. */
 #include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
 #include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #ifndef WOLFSSL_ESPIDF
-    #warning "problem with wolfSSL user_settings. Check components/wolfssl/include"
+    #error "Problem with wolfSSL user_settings. "           \
+           "Check components/wolfssl/include "              \
+           "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+           "typically in the component CMakeLists.txt"
 #endif
 
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfcrypt/benchmark/benchmark.h>
 
+/* set to 0 for one benchmark,
+** set to 1 for continuous benchmark loop */
+#define BENCHMARK_LOOP 0
+
 /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */
 #ifdef CONFIG_BENCH_ARGV
-#define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV
-#define WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS 22 /* arbitrary number of max args */
+    #define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV
+    #define WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS 22 /* arbitrary number of max args */
 #endif
 
 /*
@@ -67,6 +78,8 @@ static const char* const TAG = "wolfssl_benchmark";
 
 static byte mSlotList[ATECC_MAX_SLOT];
 
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc);
+
 /* initialize slot array */
 void my_atmel_slotInit()
 {
@@ -120,6 +133,7 @@ void my_atmel_free(int slotId)
 /* the following are needed by benchmark.c with args */
 #ifdef WOLFSSL_BENCH_ARGV
 char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS];
+#define ARG_BUFF_SIZE 16
 
 int construct_argv()
 {
@@ -128,7 +142,7 @@ int construct_argv()
     int len = 0;
     char *_argv; /* buffer for copying the string    */
     char *ch; /* char pointer to trace the string */
-    char buff[16] = { 0 }; /* buffer for a argument copy       */
+    char buff[ARG_BUFF_SIZE] = { 0 }; /* buffer for a argument copy       */
 
     ESP_LOGI(TAG, "construct_argv arg:%s\n", CONFIG_BENCH_ARGV);
     len = strlen(CONFIG_BENCH_ARGV);
@@ -161,7 +175,7 @@ int construct_argv()
         memset(buff, 0, sizeof(buff));
         /* copy each args into buffer */
         i = 0;
-        while ((*ch != ' ') && (*ch != '\0') && (i < 16)) {
+        while ((*ch != ' ') && (*ch != '\0') && (i <= ARG_BUFF_SIZE)) {
             buff[i] = *ch;
             ++i;
             ++ch;
@@ -183,51 +197,19 @@ int construct_argv()
 /* entry point */
 void app_main(void)
 {
+    int stack_start = 0;
+
+    ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET);
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_STRING = %s", LIBWOLFSSL_VERSION_STRING);
 
-#if defined(WOLFSSL_MULTI_INSTALL_WARNING)
-    ESP_LOGI(TAG, "");
-    ESP_LOGI(TAG, "WARNING: Multiple wolfSSL installs found.");
-    ESP_LOGI(TAG, "Check ESP-IDF and local project [components] directory.");
-    ESP_LOGI(TAG, "");
+#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS)
+    esp_ShowExtendedSystemInfo();
 #endif
 
-#if defined(LIBWOLFSSL_VERSION_GIT_HASH)
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH = %s", LIBWOLFSSL_VERSION_GIT_HASH);
-#endif
-
-#if defined(LIBWOLFSSL_VERSION_GIT_SHORT_HASH )
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_SHORT_HASH = %s", LIBWOLFSSL_VERSION_GIT_SHORT_HASH);
-#endif
-
-#if defined(LIBWOLFSSL_VERSION_GIT_HASH_DATE)
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH_DATE = %s", LIBWOLFSSL_VERSION_GIT_HASH_DATE);
-#endif
-
-
-    /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32C3)
-    /* not available for C3 at this time */
-#elif defined(CONFIG_IDF_TARGET_ESP32S3)
-    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#else
-    ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
-            );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#endif
-
-    /* all platforms: stack high water mark check */
-    ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
     ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV);
 
 /* when using atecc608a on esp32-wroom-32se */
@@ -251,15 +233,38 @@ void app_main(void)
     /* although wolfCrypt_Init() may be explicitly called above,
     ** note it is still always called in wolf_benchmark_task.
     */
-    wolf_benchmark_task();
-    /* wolfCrypt_Cleanup should always be called at completion,
-    ** and is called in wolf_benchmark_task().
-    */
+    stack_start = uxTaskGetStackHighWaterMark(NULL);
+
+    do {
+        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+
+        wolf_benchmark_task();
+        ESP_LOGI(TAG, "Stack used: %d\n",
+                      stack_start - uxTaskGetStackHighWaterMark(NULL));
+
+        #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
+            esp_hw_show_metrics();
+        #endif
+    } while (BENCHMARK_LOOP);
+    /* Reminder: wolfCrypt_Cleanup should always be called at completion,
+    ** and is called in wolf_benchmark_task().  */
+
+#if defined(SINGLE_THREADED)
+    /* need stack monitor for single thread */
+#else
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+#endif
+
+#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#endif
 
     /* after the test, we'll just wait */
     while (1) {
-        /* nothing */
+        /* do something other than nothing to help next program/debug session*/
+#ifndef SINGLE_THREADED
+        vTaskDelay(1000);
+#endif
     }
 
 #endif /* NO_CRYPT_BENCHMARK */

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv

@@ -0,0 +1,31 @@
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,

IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt

@@ -1,11 +1,96 @@
+# wolfSSL Espressif Example Project CMakeLists.txt
+#   v1.0
+#
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.16)
+
+# The wolfSSL CMake file should be able to find the source code.
+# Otherwise, assign an environment variable or set it here:
+#
+# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
+#
+# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
+# USE_MY_PRIVATE_CONFIG path for my_private_config.h
+#
+# Expected path varies:
+#
+#     WSL:  /mnt/c/workspace
+#   Linux:  ~/workspace
+# Windows:  C:\workspace
+#
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message("Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message("Detected UNIX")
+endif()
+if(APPLE)
+    message("Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message("Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message("Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message("Detected Apple")
+endif()
+# End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
-# (Not part of the boilerplate)
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-# disable the following line if there isn't the directory
-set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+
 project(wolfssl_client)

IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile

@@ -1,12 +1,134 @@
+# ESP8266 Project Makefile for wolfssl_client
 #
-# This is a project Makefile. It is assumed the directory this Makefile resides in is a
-# project subdirectory.
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+#
+# This is a project Makefile.
+# It is assumed the directory this Makefile resides in is a
+# project subdirectory containing an entire project.
+#
+# Optional private config headers. Define environment variables
+# to include various default header files that are typically
+# not in a git path, and thus excluded from being checked in.
+#
+#     Environment Variable Name      |     Header file name included
+# ---------------------------------- | ---------------------------------------
+#    MY_PRIVATE_CONFIG                  (files detected / selected in header)
+#    USE_MY_PRIVATE_WSL_CONFIG          /mnt/c/workspace/my_private_config.h
+#    USE_MY_PRIVATE_MAC_CONFIG          ~/Documents/my_private_config.h
+#    USE_MY_PRIVATE_LINUX_CONFIG        ~/workspace/my_private_config.h
+#    USE_MY_PRIVATE_WINDOWS_CONFIG      /workspace/my_private_config.h
+#
+#
 PROJECT_NAME := wolfssl_client
 
+MY_PRIVATE_CONFIG ?= n
+USE_MY_PRIVATE_WSL_CONFIG ?= n
+USE_MY_PRIVATE_MAC_CONFIG ?= n
+USE_MY_PRIVATE_LINUX_CONFIG ?= n
+USE_MY_PRIVATE_WINDOWS_CONFIG ?= n
+
+# Calling shell causes unintuitive error in Windows:
+#     OS := $(shell uname -s)
+#
+# But OS, or MY_PRIVATE_CONFIG should already be defined:
+$(info *************  wolfssl_client *************)
+
+ifeq ($(MY_PRIVATE_CONFIG),y)
+    CFLAGS += -DMY_PRIVATE_CONFIG
+    $(info Enabled MY_PRIVATE_CONFIG")
+endif
+
+# Check for Windows environment variable: USE_MY_PRIVATE_WINDOWS_CONFIG
+ifeq ($(USE_MY_PRIVATE_WINDOWS_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := /workspace/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG
+        $(info Using private config file for: Windows)
+    endif
+endif
+
+# Check for WSL environment variable: USE_MY_PRIVATE_WSL_CONFIG
+ifeq ($(USE_MY_PRIVATE_WSL_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG
+        $(info Using private config file for: WSL)
+    endif
+endif
+
+# Check for Linux environment variable: USE_MY_PRIVATE_LINUX_CONFIG
+ifeq ($(USE_MY_PRIVATE_LINUX_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := ~/workspace/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG
+        $(info Using private config file for: Linux)
+    endif
+endif
+
+# Check for Mac environment variable: USE_MY_PRIVATE_MAC_CONFIG
+ifeq ($(USE_MY_PRIVATE_MAC_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := ~/Documents/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG
+        $(info Using private config file for: Mac)
+    endif
+endif
+
+ifneq ($(OS),MY_PRIVATE_CONFIG)
+    CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)"
+else
+    ifeq ($(OS),Linux)
+        CFLAGS += -DOS_LINUX
+    endif
+    ifeq ($(OS),Windows_NT)
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS
+    endif
+    ifeq ($(OS),Darwin)
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE
+    endif
+    ifneq (,$(findstring MINGW,$(OS)))
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW
+    endif
+    ifneq (,$(findstring CYGWIN,$(OS)))
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN
+    endif
+endif
+
+# It is essential that the build process sees the WOLFSSL_USER_SETTINGS
 CFLAGS += -DWOLFSSL_USER_SETTINGS
-# if there isn't the directory, please disable the line below.
+
+# if directory not available, please disable the line below.
 EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
 
+# The Standard Espressif IDF include:
 include $(IDF_PATH)/make/project.mk

IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md

@@ -1,6 +1,58 @@
-#wolfSSL Example
+# wolfSSL TLS Client Example
+
+This is the wolfSSL TLS Client demo, typically used with the [Espressif TLS Server](../wolfssl_server/README.md)
+or the CLI [Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
+
+When using the CLI, see the [example parameters](/IDE/Espressif/ESP-IDF/examples#interaction-with-wolfssl-cli).
+
+For general information on [wolfSSL examples for Espressif](../README.md), see the
+[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
+
+## Quick Start
+
+Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html)
+for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html)
+for the ESP8266.
+
+Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266)
+and set the various parameters for the target device, along with local WiFi settings:
+
+* Target Host: `CONFIG_WOLFSSL_TARGET_HOST` (The IP address of a listening server)
+* Target Port: `CONFIG_WOLFSSL_TARGET_PORT` (Typically `11111`)
+* Example WiFi SSID: `CONFIG_EXAMPLE_WIFI_SSID` (The WiFi that you want to connect to)
+* Example WiFi Password: `CONFIG_EXAMPLE_WIFI_PASSWORD` (The WiFi password)
+
+The latest examples use makefiles that do not require local file copy installation of wolfSSL.
+
+Build and flash the software to see the example in action.
+
+##  Quick Start with VisualGDB
+
+There are optional [VisualGDB](https://visualgdb.com/tutorials/esp8266/) project files in the
+[VisualGDB](./VisualGDB) project subdirectory, and an ESP8266 project file in the project directory,
+called `wolfssl_client_ESP8266.vgdbproj`.
+
+Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
+No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM19`.
+
+## Troubleshooting
+
+Weird results, odd messages, unexpected compiler errors? Manually delete the build directory and
+any locally generated files (`sdkconfig`, `sdkconfig-debug`, etc.) and start over.
+
+The `build` directory is typically located in the root of the project directory:  `[project]/build`.
+
+
+Difficulty flashing:
+
+* Ensure the target device has a robust, stable, clean power supply.
+* Check that quality USB cables are being used.
+* Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable.
+* Review board specifications: some require manual boot mode via on-board buttons.
+* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
+
+## ESP-IDF Commandline v5.x
 
-The Example contains of wolfSSL tls client demo.
 
 1. `idf.py menuconfig` to config the project
 
@@ -24,4 +76,113 @@ When you want to test the wolfSSL client
 
          e.g. Launch ./examples/server/server -v 4 -b -i -d
 
-See the README.md file in the upper level 'examples' directory for more information about examples.
+
+## VisualGDB for ESP8266
+
+Reminder that we build with `make` and not `cmake` in VisualGDB.
+
+Build files will be created in `[project directory]\build`
+
+## ESP-IDF make Commandline (version 3.5 or earlier for the ESP8266)
+
+```
+export IDF_PATH=~/esp/ESP8266_RTOS_SDK
+
+```
+
+
+## ESP-IDF CMake Commandline (version 3.5 or earlier for the ESP8266)
+
+Build files will be created in `[project directory]\build\debug`
+
+```
+# Set your path to RTOS SDK, shown here for default from WSL with VisualGDB
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+#  or
+WRK_IDF_PATH=~/esp/ESP8266_RTOS_SDK
+
+# Setup the environment
+. $WRK_IDF_PATH/export.sh
+
+# install as needed / prompted
+/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh
+
+# Fetch wolfssl from GitHub if needed:
+cd /workspace
+git clone https://github.com/wolfSSL/wolfssl.git
+
+# change directory to wolfssl client example.
+cd wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+
+# or for example, WSL with C:\workspace as home for git clones:
+# cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+
+# adjust settings as desired
+idf.py menuconfig
+
+
+idf.py build flash -p /dev/ttyS70 -b 115200
+idf.py monitor -p /dev/ttyS70 -b 74880
+```
+
+## SM Ciphers
+
+(TODO coming soon)
+See https://github.com/wolfSSL/wolfsm
+
+#### Working Linux Client to ESP32 Server Example:
+
+```
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3
+```
+
+```text
+-c <file>   Certificate file,           default ./certs/client-cert.pem
+-k <file>   Key file,                   default ./certs/client-key.pem
+-A <file>   Certificate Authority file, default ./certs/ca-cert.pem
+```
+
+Example client, with default certs explicitly given:
+
+```bash
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3 -c ./certs/client-cert.pem -k      ./certs/client-key.pem -A     ./certs/ca-cert.pem
+```
+
+Example client, with RSA 1024 certs explicitly given:
+
+```
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3 -c ./certs/1024/client-cert.pem -k ./certs/1024/client-key.pem -A ./certs/1024/ca-cert.pem
+```
+
+Command:
+
+```
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
+. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+idf.py flash -p /dev/ttyS19 -b 115200 monitor
+```
+
+```
+cd /mnt/c/workspace/wolfssl-$USER
+
+./examples/client/client  -h 192.168.1.108 -v 4 -l TLS_SM4_GCM_SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem     -A ./certs/sm2/root-sm2.pem -C
+```
+
+Output:
+
+```text
+SSL version is TLSv1.3
+SSL cipher suite is TLS_SM4_GCM_SM3
+SSL curve name is SM2P256V1
+I hear you fa shizzle!
+```
+
+#### Linux client to Linux server:
+
+```
+./examples/client/client  -h 127.0.0.1 -v 4 -l ECDHE-ECDSA-SM4-CBC-SM3     -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem     -A ./certs/sm2/root-sm2.pem -C
+
+./examples/server/server                   -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3     -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem     -A ./certs/sm2/client-sm2.pem -V
+```
+
+See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).

IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md

@@ -0,0 +1,512 @@
+# SM Cipher Notes
+
+
+### Install SM
+```
+cd /mnt/c/workspace/wolfsm-$USER
+./install.sh ../wolfssl-$USER
+```
+
+
+### Build Linux SM Examples
+```
+./autogen.sh
+./configure --enable-sm3 --enable-sm4-gcm --enable-sm2         \
+            --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr \
+            --enable-sm4-gcm --enable-sm4-ccm
+make clean && make
+```
+
+### TLS 1.3 Server
+
+```
+./examples/server/server -v 4 -b -d -p 11111 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
+```
+
+### TLS 1.3 Client
+
+```
+./examples/client/client  -h 127.0.0.1 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+```
+
+### TLS 1.2 Client to Local Linux Server
+
+```
+./examples/client/client  -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  \
+                      -c ./certs/sm2/client-sm2.pem                 \
+                      -k ./certs/sm2/client-sm2-priv.pem            \
+                      -A ./certs/sm2/root-sm2.pem -C
+```
+
+###  TLS 1.2 Client to ESP32 Server
+
+```
+./examples/client/client  -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  \
+                      -c ./certs/sm2/client-sm2.pem                 \
+                      -k ./certs/sm2/client-sm2-priv.pem            \
+                      -A ./certs/sm2/root-sm2.pem -C
+```
+### Others...
+
+```
+# Success: Linux Client to ESP32 Server TLS1.2 
+./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+# Success: Linux Client to ESP32 Server TLS1.3
+
+# Reported as TLS_SM4_GCM_SM3, but parameter is TLS13-SM4-GCM-SM3
+./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+# Reported as TLS-SM4-CCM-SM3, but parameter is TLS13-SM4-CCM-SM3
+./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+```
+
+```
+ESP32-to-ESP32
+TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3
+TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3
+TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3
+```
+
+Tried both PEM and DER format.
+
+The latest server is PEM format, triple-checked to have the embedded server
+be the same as the Linux server files.
+
+
+|  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
+| -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
+| emdedded:
+| server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
+
+### Code
+
+See [source code](https://github.com/gojimmypi/wolfssl/blob/2c4f443aec7b151f945cb9dfe2dad6ee30449cf0/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c#L187):
+
+![code](./code.png)
+
+
+### Linux client talking to embedded server:
+
+```
+/examples/client/client  -h 192.168.1.108 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem     -A ./certs/sm2/root-sm2.pem -C
+wolfSSL_connect error -188, ASN no signer error to confirm failure
+wolfSSL error: wolfSSL_connect failed
+```
+
+Output:
+```
+ets Jul 29 2019 12:21:46
+
+rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
+configsip: 0, SPIWP:0xee
+clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
+mode:DIO, clock div:2
+load:0x3fff0030,len:7000
+load:0x40078000,len:15452
+ho 0 tail 12 room 4
+load:0x40080400,len:3840
+entry 0x4008064c
+I (29) boot: ESP-IDF v5.0-dirty 2nd stage bootloader
+I (29) boot: compile time 13:40:31
+I (29) boot: chip revision: v3.0
+I (32) boot_comm: chip revision: 3, min. bootloader chip revision: 0
+I (39) boot.esp32: SPI Speed      : 40MHz
+I (44) boot.esp32: SPI Mode       : DIO
+I (48) boot.esp32: SPI Flash Size : 2MB
+I (53) boot: Enabling RNG early entropy source...
+I (58) boot: Partition Table:
+I (62) boot: ## Label            Usage          Type ST Offset   Length
+I (69) boot:  0 nvs              WiFi data        01 02 00009000 00006000
+I (77) boot:  1 phy_init         RF data          01 01 0000f000 00001000
+I (84) boot:  2 factory          factory app      00 00 00010000 00177000
+I (92) boot: End of partition table
+I (96) boot_comm: chip revision: 3, min. application chip revision: 0
+I (103) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=338d8h (211160) map
+I (188) esp_image: segment 1: paddr=00043900 vaddr=3ffb0000 size=03b78h ( 15224) load
+I (194) esp_image: segment 2: paddr=00047480 vaddr=40080000 size=08b98h ( 35736) load
+I (209) esp_image: segment 3: paddr=00050020 vaddr=400d0020 size=c591ch (809244) map
+I (501) esp_image: segment 4: paddr=00115944 vaddr=40088b98 size=0c230h ( 49712) load
+I (522) esp_image: segment 5: paddr=00121b7c vaddr=50000000 size=00010h (    16) load
+I (533) boot: Loaded app from partition at offset 0x10000
+I (533) boot: Disabling RNG early entropy source...
+I (545) cpu_start: Pro cpu up.
+I (545) cpu_start: Starting app cpu, entry point is 0x400812f4
+I (532) cpu_start: App cpu up.
+I (561) cpu_start: Pro cpu start user code
+I (561) cpu_start: cpu freq: 160000000 Hz
+I (561) cpu_start: Application information:
+I (566) cpu_start: Project name:     wolfssl_server
+I (571) cpu_start: App version:      v5.6.3-stable-1088-g560c84b2b-d
+I (578) cpu_start: Compile time:     Jul 19 2023 22:20:09
+I (585) cpu_start: ELF file SHA256:  3e6e571c9e87bf44...
+I (591) cpu_start: ESP-IDF:          v5.0-dirty
+I (596) heap_init: Initializing. RAM available for dynamic allocation:
+I (603) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
+I (609) heap_init: At 3FFBDA68 len 00022598 (137 KiB): DRAM
+I (615) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
+I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
+I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
+I (636) spi_flash: detected chip: generic
+I (639) spi_flash: flash io: dio
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+size in the binary image header.
+I (657) cpu_start: Starting scheduler on PRO CPU.
+I (0) cpu_start: Starting scheduler on APP CPU.
+I (725) tls_server: ESP_WIFI_MODE_STA
+I (735) wifi:wifi driver task: 3ffcb738, prio:23, stack:6656, core=0
+I (735) system_api: Base MAC address is not set
+I (735) system_api: read default base MAC address from EFUSE
+I (755) wifi:wifi firmware version: 0d470ef
+I (755) wifi:wifi certification version: v7.0
+I (755) wifi:config NVS flash: enabled
+I (755) wifi:config nano formating: disabled
+I (755) wifi:Init data frame dynamic rx buffer num: 32
+I (765) wifi:Init management frame dynamic rx buffer num: 32
+I (765) wifi:Init management short buffer num: 32
+I (775) wifi:Init dynamic tx buffer num: 32
+I (775) wifi:Init static rx buffer size: 1600
+I (775) wifi:Init static rx buffer num: 10
+I (785) wifi:Init dynamic rx buffer num: 32
+I (785) wifi_init: rx ba win: 6
+I (795) wifi_init: tcpip mbox: 32
+I (795) wifi_init: udp mbox: 6
+I (795) wifi_init: tcp mbox: 6
+I (805) wifi_init: tcp tx win: 5744
+I (805) wifi_init: tcp rx win: 5744
+I (815) wifi_init: tcp mss: 1440
+I (815) wifi_init: WiFi IRAM OP enabled
+I (815) wifi_init: WiFi RX IRAM OP enabled
+I (825) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
+I (925) wifi:mode : sta (24:d7:eb:41:7b:68)
+I (935) wifi:enable tsf
+I (935) tls_server: wifi_init_sta finished.
+I (945) wifi:new:<4,0>, old:<1,0>, ap:<255,255>, sta:<4,0>, prof:1
+I (945) wifi:state: init -> auth (b0)
+I (945) wifi:state: auth -> assoc (0)
+I (955) wifi:state: assoc -> run (10)
+W (955) wifi:<ba-add>idx:0 (ifx:0, c8:d7:19:cd:00:17), tid:0, ssn:0, winSize:64
+I (985) wifi:connected with testbench, aid = 1, channel 4, BW20, bssid = c8:d7:19:cd:00:17
+I (985) wifi:security: WPA2-PSK, phy: bgn, rssi: -45
+I (995) wifi:pm start, type: 1
+
+I (1065) wifi:AP's beacon interval = 102400 us, DTIM period = 1
+I (3225) esp_netif_handlers: sta ip: 192.168.1.108, mask: 255.255.255.0, gw: 192.168.1.10
+I (3225) tls_server: got ip:192.168.1.108
+I (3235) Time Helper: sntp_setservername:
+I (3235) Time Helper: pool.ntp.org
+I (3245) Time Helper: time.nist.gov
+I (3245) Time Helper: utcnist.colorado.edu
+I (3255) Time Helper: sntp_init done.
+TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12
+8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS
+A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD
+SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD
+:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3
+:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305
+I (3315) wolfssl: Start wolfSSL_Init()
+I (3315) wolfssl: wolfSSL Entering wolfSSL_Init
+I (3325) wolfssl: wolfSSL Entering wolfCrypt_Init
+I (3325) wolfssl: start socket())
+I (3335) wolfssl: Create and initialize WOLFSSL_CTX
+I (3335) wolfssl: wolfSSL Entering wolfSSLv23_server_method_ex
+I (3345) wolfssl: wolfSSL Entering wolfSSL_CTX_new_ex
+I (3345) wolfssl: wolfSSL Entering wolfSSL_CertManagerNew
+I (3355) wolfssl: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
+I (3365) tls_server: Start SM2
+
+I (3365) wolfssl: wolfSSL Entering wolfSSL_CTX_set_cipher_list
+I (3375) tls_server: Set cipher list: ECDHE-ECDSA-SM4-CBC-SM3
+
+TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12
+8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS
+A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD
+SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD
+:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3
+:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305
+I (3435) wolfssl: Loading certificate...
+I (3435) wolfssl: wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
+I (3445) wolfssl: wolfSSL Entering PemToDer
+I (3455) wolfssl: Checking cert signature type
+I (3455) wolfssl: wolfSSL Entering GetExplicitVersion
+I (3465) wolfssl: wolfSSL Entering wc_GetSerialNumber
+I (3465) wolfssl: Got Cert Header
+I (3475) wolfssl: wolfSSL Entering GetObjectId
+I (3475) wolfssl: Got Algo ID
+I (3475) wolfssl: Getting Name
+I (3485) wolfssl: Getting Cert Name
+I (3485) wolfssl: Getting Name
+I (3495) wolfssl: Getting Cert Name
+I (3495) wolfssl: Got Subject Name
+I (3495) wolfssl: wolfSSL Entering GetAlgoId
+I (3505) wolfssl: wolfSSL Entering GetObjectId
+I (3505) wolfssl: wolfSSL Entering GetObjectId
+I (3515) wolfssl: Got Key
+I (3515) wolfssl: ECDSA/ED25519/ED448 cert signature
+I (3525) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_certificate_buffer, return 1
+I (3535) tls_server: Loaded server_sm2
+
+I (3535) wolfssl: Loading key info...
+I (3535) wolfssl: wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
+I (3545) wolfssl: wolfSSL Entering PemToDer
+I (3555) wolfssl: wolfSSL Entering GetAlgoId
+I (3555) wolfssl: wolfSSL Entering GetObjectId
+I (3565) wolfssl: wolfSSL Entering GetAlgoId
+I (3565) wolfssl: wolfSSL Entering GetObjectId
+I (3575) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1
+I (3575) tls_server: Loaded PrivateKey_buffer server_sm2_priv
+
+I (3585) wolfssl: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
+I (3595) wolfssl: Processing CA PEM file
+I (3595) wolfssl: wolfSSL Entering PemToDer
+I (3605) wolfssl: Adding a CA
+I (3605) wolfssl: wolfSSL Entering GetExplicitVersion
+I (3615) wolfssl: wolfSSL Entering wc_GetSerialNumber
+I (3615) wolfssl: Got Cert Header
+I (3625) wolfssl: wolfSSL Entering GetObjectId
+I (3625) wolfssl: Got Algo ID
+I (3635) wolfssl: Getting Name
+I (3635) wolfssl: Getting Cert Name
+I (3635) wolfssl: Getting Name
+I (3645) wolfssl: Getting Cert Name
+I (3645) wolfssl: Got Subject Name
+I (3655) wolfssl: wolfSSL Entering GetAlgoId
+I (3655) wolfssl: wolfSSL Entering GetObjectId
+I (3665) wolfssl: wolfSSL Entering GetObjectId
+I (3665) wolfssl: Got Key
+I (3665) wolfssl: Parsed Past Key
+I (3675) wolfssl: wolfSSL Entering DecodeCertExtensions
+I (3675) wolfssl: wolfSSL Entering GetObjectId
+I (3685) wolfssl: wolfSSL Entering DecodeSubjKeyId
+I (3685) wolfssl: wolfSSL Entering GetObjectId
+I (3695) wolfssl: wolfSSL Entering DecodeAuthKeyId
+I (3705) wolfssl: wolfSSL Entering GetObjectId
+I (3705) wolfssl: wolfSSL Entering DecodeBasicCaConstraint
+I (3715) wolfssl: wolfSSL Entering GetObjectId
+I (3715) wolfssl: wolfSSL Entering DecodeAltNames
+I (3725) wolfssl:       Unsupported name type, skipping
+I (3725) wolfssl: wolfSSL Entering GetObjectId
+I (3735) wolfssl: wolfSSL Entering DecodeExtKeyUsage
+I (3735) wolfssl: wolfSSL Entering GetObjectId
+I (3745) wolfssl: wolfSSL Entering GetObjectId
+I (3745) wolfssl: wolfSSL Entering GetObjectId
+I (3755) wolfssl:       Parsed new CA
+I (3755) wolfssl:       No key size check done on CA
+I (3765) wolfssl:       Freeing Parsed CA
+I (3765) wolfssl:       Freeing der CA
+I (3775) wolfssl:               OK Freeing der CA
+I (3775) wolfssl: wolfSSL Leaving AddCA, return 0
+I (3785) wolfssl:    Processed a CA
+I (3785) wolfssl: Processed at least one valid CA. Other stuff OK
+I (3795) wolfssl: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1
+I (3795) tls_server: Success: load verify buffer
+
+I (3805) tls_server: Finish SM2
+
+I (3805) tls_server: accept clients...
+I (3815) wolfssl: Waiting for a connection...
+I (14485) wolfssl: wolfSSL Entering wolfSSL_new
+I (14495) wolfssl: wolfSSL Entering ReinitSSL
+I (14495) wolfssl: wolfSSL Entering SetSSL_CTX
+I (14495) wolfssl: wolfSSL Entering wolfSSL_NewSession
+I (14505) wolfssl: wolfSSL Leaving wolfSSL_new, return 0
+I (14505) wolfssl: wolfSSL Entering wolfSSL_set_fd
+I (14515) wolfssl: wolfSSL Entering wolfSSL_set_read_fd
+I (14515) wolfssl: wolfSSL Leaving wolfSSL_set_read_fd, return 1
+I (14525) wolfssl: wolfSSL Entering wolfSSL_set_write_fd
+I (14535) wolfssl: wolfSSL Leaving wolfSSL_set_write_fd, return 1
+I (14535) wolfssl: wolfSSL Entering wolfSSL_accept
+I (14545) wolfssl: wolfSSL Entering ReinitSSL
+I (14545) wolfssl: growing input buffer
+I (14555) wolfssl: received record layer msg
+I (14555) wolfssl: got HANDSHAKE
+I (14565) wolfssl: wolfSSL Entering wolfSSL_get_options
+I (14565) wolfssl: wolfSSL Entering DoTls13HandShakeMsg
+I (14575) wolfssl: wolfSSL Entering DoTls13HandShakeMsgType
+I (14575) wolfssl: processing client hello
+I (14585) wolfssl: wolfSSL Entering DoTls13ClientHello
+I (14595) wolfssl: wolfSSL Entering DoClientHello
+I (14595) wolfssl:     downgrading to TLSv1.2
+I (14605) wolfssl: Matched No Compression
+I (14605) wolfssl: Adding signature algorithms extension
+I (14615) wolfssl: Signature Algorithms extension received
+I (14615) wolfssl: Point Formats extension received
+I (14625) wolfssl: Supported Groups extension received
+I (14625) wolfssl: Unknown TLS extension type
+I (14635) wolfssl: Unknown TLS extension type
+I (14635) wolfssl: wolfSSL Entering MatchSuite
+I (14645) wolfssl: wolfSSL Entering VerifyServerSuite
+I (14645) wolfssl: Requires ECC
+I (14655) wolfssl: Verified suite validity
+I (14655) wolfssl: wolfSSL Leaving DoClientHello, return 0
+I (14665) wolfssl: wolfSSL Leaving DoTls13ClientHello, return 0
+I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
+I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsg, return 0
+I (14685) wolfssl: Shrinking input buffer
+I (14685) wolfssl: accept state ACCEPT_CLIENT_HELLO_DONE
+I (14695) wolfssl: accept state ACCEPT_FIRST_REPLY_DONE
+I (14705) wolfssl: wolfSSL Entering SendServerHello
+I (14705) wolfssl: growing output buffer
+I (14715) internal.c: GrowOutputBuffer ok
+I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
+I (14725) wolfssl: Point Formats extension to write
+W (14735) wolfio: ssl->wflags = 0
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
+I (14765) wolfio: 06 00 0b 00 02 01 00 
+W (14775) wolfio: sz          = 87
+I (14775) wolfssl: Shrinking output buffer
+I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
+I (14785) wolfssl: accept state SERVER_HELLO_SENT
+I (14795) wolfssl: wolfSSL Entering SendCertificate
+I (14795) wolfssl: growing output buffer
+I (14805) internal.c: GrowOutputBuffer ok
+W (14815) wolfio: ssl->wflags = 0
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+W (15135) wolfio: sz          = 747
+I (15135) wolfssl: Shrinking output buffer
+I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
+I (15145) wolfssl: accept state CERT_SENT
+I (15155) wolfssl: wolfSSL Entering SendCertificateStatus
+I (15155) wolfssl: wolfSSL Leaving SendCertificateStatus, return 0
+I (15165) wolfssl: accept state CERT_STATUS_SENT
+I (15165) wolfssl: wolfSSL Entering SendServerKeyExchange
+I (15175) wolfssl: Using ephemeral ECDH
+I (15175) wolfssl: wolfSSL Entering EccMakeKey
+I (15535) wolfssl: wolfSSL Leaving EccMakeKey, return 0
+I (15535) wolfssl: Trying ECC private key, RSA didn't work
+I (15535) wolfssl: wolfSSL Entering GetAlgoId
+I (15545) wolfssl: wolfSSL Entering GetObjectId
+I (15555) wolfssl: Using ECC private key
+I (15555) wolfssl: wolfSSL Entering Sm2wSm3Sign
+I (15915) wolfssl: wolfSSL Leaving Sm2wSm3Sign, return 0
+I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
+I (15925) wolfssl: growing output buffer
+I (15925) internal.c: GrowOutputBuffer ok
+W (15925) wolfio: ssl->wflags = 0
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+W (15995) wolfio: sz          = 154
+I (16005) wolfssl: Shrinking output buffer
+I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
+I (16015) wolfssl: accept state KEY_EXCHANGE_SENT
+I (16025) wolfssl: accept state CERT_REQ_SENT
+I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
+I (16035) wolfssl: growing output buffer
+I (16035) internal.c: GrowOutputBuffer ok
+W (16045) wolfio: ssl->wflags = 0
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+W (16045) wolfio: sz          = 9
+I (16055) wolfssl: Embed Send error
+I (16055) wolfssl:      Connection reset
+I (16065) int: Sent = -3
+W (16065) int: WOLFSSL_CBIO_ERR_CONN_RST
+E (16075) int: SOCKET_ERROR_E 2
+I (16075) wolfssl: wolfSSL Leaving SendServerHelloDone, return -308
+I (16085) wolfssl: wolfSSL error occurred, error = -308
+I (16085) wolfssl: wolfSSL Entering wolfSSL_get_error
+I (16095) wolfssl: wolfSSL Leaving wolfSSL_get_error, return -308
+E (16085) tls_server: wolfSSL_accept error -308
+I (16105) wolfssl: Client connected successfully
+I (16105) wolfssl: wolfSSL Entering wolfSSL_read
+I (16115) wolfssl: wolfSSL Entering wolfSSL_read_internal
+I (16125) wolfssl: wolfSSL Entering ReceiveData
+I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
+I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
+E (16145) tls_server: ERROR: failed to read
+I (16145) wolfssl: Client sends:
+I (16145) wolfssl: 
+I (16155) wolfssl: wolfSSL Entering wolfSSL_write
+I (16155) wolfssl: handshake not complete, trying to finish
+I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
+I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
+I (16175) wolfssl: wolfSSL Entering ReinitSSL
+W (16185) wolfio: ssl->wflags = 0
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+W (16185) wolfio: sz          = 9
+I (16195) wolfssl: Embed Send error
+I (16195) wolfssl:      General error
+I (16205) int: Sent = -1
+E (16205) int: SOCKET_ERROR_E
+I (16205) wolfssl: wolfSSL error occurred, error = -308
+I (16215) wolfssl: wolfSSL Leaving wolfSSL_negotiate, return -1
+I (16225) wolfssl: wolfSSL Leaving wolfSSL_write, return -1
+E (16225) tls_server: ERROR: failed to write
+I (16235) wolfssl: wolfSSL Entering wolfSSL_free
+I (16235) wolfssl: Free'ing server ssl
+I (16245) wolfssl: Shrinking output buffer
+I (16245) wolfssl: wolfSSL Entering ClientSessionToSession
+I (16255) wolfssl: wolfSSL Entering wolfSSL_FreeSession
+I (16255) wolfssl: wolfSSL_FreeSession full free
+I (16265) wolfssl: CTX ref count not 0 yet, no free
+I (16265) wolfssl: wolfSSL Leaving wolfSSL_free, return 0
+I (16275) wolfssl: Waiting for a connection...
+```
+
+### Wireshark:
+
+![wireshark](./wireshark.png)

IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md

@@ -0,0 +1,52 @@
+# wolfSSL Project Files for Visual Studio 2022 with VisualGDB Extension
+
+Include in the respective project `./VisualGDB` directory are [VisualGDB](https://visualgdb.com/) project files.
+Individual project files are included for convenience to new users, as there are [difficulties switching between ESP-IDF Versions or Chipsets](https://sysprogs.com/w/forums/topic/difficulties-switching-espressif-esp-idf-version-or-chipset/) using the VisualGDB extension.
+
+The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project.
+
+
+-------- |------------- |------------- |
+ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.0 |
+-------- |------------- |------------- |
+ESP32    |      x       |              |
+ESP32-S2 |              |              |
+ESP32-S3 |      x       |      x       |
+ESP32-C3 |      x       |      x       |
+ESP32-C6 |              |              |
+
+
+The default directories are:
+
+- `C:\SysGCC` - The root directory install of VisualGDB
+- `C:\SysGCC\esp32` - The default for ESP-IDF v5.x
+- `C:\SysGCC\esp32-8.4` - Many need to manually select this name for ESP-IDF v4.x install
+- `C:\SysGCC\esp8266`- The default for ESP8266
+
+## Resources
+
+- [wolfSSL Website](https://www.wolfssl.com/)
+
+- [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
+
+- [FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips)
+
+- [wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html)
+
+- [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
+
+- [wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
+
+- [wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
+
+- [TLS 1.3](https://www.wolfssl.com/docs/tls13/)
+
+- [wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)
+
+- [Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)
+
+## Support
+
+For questions please email [support@wolfssl.com](mailto:support@wolfssl.com)
+
+<--  edit 5.6.0001 see https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB -->

IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.sln

@@ -1,31 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.33027.164
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "VisualGDB_wolfssl_client", "VisualGDB_wolfssl_client.vgdbproj", "{E903E9CC-1A23-4B00-8914-7E45EC21E351}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|VisualGDB = Debug|VisualGDB
-		Release|VisualGDB = Release|VisualGDB
-		Tests (Debug)|VisualGDB = Tests (Debug)|VisualGDB
-		Tests (Release)|VisualGDB = Tests (Release)|VisualGDB
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.ActiveCfg = Debug|VisualGDB
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.Build.0 = Debug|VisualGDB
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.ActiveCfg = Release|VisualGDB
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.Build.0 = Release|VisualGDB
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.ActiveCfg = Tests (Debug)|VisualGDB
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.Build.0 = Tests (Debug)|VisualGDB
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.ActiveCfg = Tests (Release)|VisualGDB
-		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.Build.0 = Tests (Release)|VisualGDB
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {D510376F-F313-4EF6-8EF5-248D1949DFEB}
-	EndGlobalSection
-EndGlobal

IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln

@@ -0,0 +1,61 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.6.33829.357
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "wolfssl_client_IDF_v5_ESP32", "wolfssl_client_IDF_v5_ESP32.vgdbproj", "{E903E9CC-1A23-4B00-8914-7E45EC21E351}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wolfssl", "wolfssl", "{5D78034B-FAE6-4B8D-8003-EC2B0993F286}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\..\..\..\..\wolfssl\error-ssl.h = ..\..\..\..\..\..\wolfssl\error-ssl.h
+	EndProjectSection
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "include", "include", "{53267705-B3FE-418C-975D-CD898BAF1F46}"
+	ProjectSection(SolutionItems) = preProject
+		..\components\wolfssl\include\config.h = ..\components\wolfssl\include\config.h
+		..\components\wolfssl\include\user_settings.h = ..\components\wolfssl\include\user_settings.h
+	EndProjectSection
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{A51226B3-88A7-4463-B443-0E321C4A3D53}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\..\..\..\..\wolfssl\wolfcrypt\error-crypt.h = ..\..\..\..\..\..\wolfssl\wolfcrypt\error-crypt.h
+		..\..\..\..\..\..\wolfssl\error-ssl.h = ..\..\..\..\..\..\wolfssl\error-ssl.h
+		..\main\Kconfig.projbuild = ..\main\Kconfig.projbuild
+		..\build\VisualGDB\Debug\esp-idf\esp_system\ld\memory.ld = ..\build\VisualGDB\Debug\esp-idf\esp_system\ld\memory.ld
+		..\..\..\..\..\..\..\my_private_config.h = ..\..\..\..\..\..\..\my_private_config.h
+		..\partitions_singleapp_large.csv = ..\partitions_singleapp_large.csv
+		..\README.md = ..\README.md
+		..\sdkconfig = ..\sdkconfig
+		..\build\VisualGDB\Debug\config\sdkconfig.cmake = ..\build\VisualGDB\Debug\config\sdkconfig.cmake
+		..\sdkconfig.defaults = ..\sdkconfig.defaults
+		..\build\VisualGDB\Debug\config\sdkconfig.h = ..\build\VisualGDB\Debug\config\sdkconfig.h
+		..\build\VisualGDB\Debug\esp-idf\esp_system\ld\sections.ld = ..\build\VisualGDB\Debug\esp-idf\esp_system\ld\sections.ld
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|VisualGDB = Debug|VisualGDB
+		Release|VisualGDB = Release|VisualGDB
+		Tests (Debug)|VisualGDB = Tests (Debug)|VisualGDB
+		Tests (Release)|VisualGDB = Tests (Release)|VisualGDB
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.ActiveCfg = Debug|VisualGDB
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Debug|VisualGDB.Build.0 = Debug|VisualGDB
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.ActiveCfg = Release|VisualGDB
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Release|VisualGDB.Build.0 = Release|VisualGDB
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.ActiveCfg = Tests (Debug)|VisualGDB
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Debug)|VisualGDB.Build.0 = Tests (Debug)|VisualGDB
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.ActiveCfg = Tests (Release)|VisualGDB
+		{E903E9CC-1A23-4B00-8914-7E45EC21E351}.Tests (Release)|VisualGDB.Build.0 = Tests (Release)|VisualGDB
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{53267705-B3FE-418C-975D-CD898BAF1F46} = {5D78034B-FAE6-4B8D-8003-EC2B0993F286}
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {BA06FD8D-BEFD-429B-9F82-B6F34B43272E}
+	EndGlobalSection
+EndGlobal

IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj

@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<VisualGDBProjectSettings2 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <Project xsi:type="com.visualgdb.project.external.esp-idf">
     <CustomSourceDirectories>
       <Directories />
@@ -18,9 +18,9 @@
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
-        <GCC>11.2.0</GCC>
-        <GDB>9.2.90</GDB>
-        <Revision>2</Revision>
+        <GCC>12.2.0</GCC>
+        <GDB>12.1</GDB>
+        <Revision>1</Revision>
       </Version>
     </ToolchainID>
     <RelativeSourceDirectory>..</RelativeSourceDirectory>
@@ -67,11 +67,11 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
         <IDFCheckout>
-          <Version>release/v5.0</Version>
-          <Subdirectory>esp-idf/v5.0</Subdirectory>
+          <Version>release/v5.1</Version>
+          <Subdirectory>esp-idf/v5.1</Subdirectory>
           <Type>ESPIDF</Type>
         </IDFCheckout>
-        <COMPort>COM20</COMPort>
+        <COMPort>COM19</COMPort>
         <SuppressTestPrerequisiteChecks>false</SuppressTestPrerequisiteChecks>
         <UseCCache>false</UseCCache>
         <DeviceID>ESP32</DeviceID>
@@ -93,7 +93,7 @@
   </CustomDebug>
   <DeviceTerminalSettings>
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM20</ComPortName>
+      <ComPortName>COM19</ComPortName>
       <AdvancedSettings>
         <BaudRate>115200</BaudRate>
         <DataBits>8</DataBits>
@@ -104,7 +104,7 @@
     </Connection>
     <LastConnectionTime>0</LastConnectionTime>
     <EchoTypedCharacters>false</EchoTypedCharacters>
-    <ClearContentsWhenReconnecting>false</ClearContentsWhenReconnecting>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
     <ReconnectAutomatically>false</ReconnectAutomatically>
     <DisplayMode>ASCII</DisplayMode>
     <Colors>
@@ -220,7 +220,7 @@
     <DebugMethod>
       <ID>openocd</ID>
       <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp32">
-        <CommandLine>-f interface/tigard.cfg -c "adapter_khz 3000" -f target/esp32.cfg</CommandLine>
+        <CommandLine>-f interface/ftdi/tigard.cfg -c "adapter_khz 15000" -f interface/ftdi/tigard.cfg -f target/esp32.cfg</CommandLine>
         <ExtraParameters>
           <Frequency xsi:nil="true" />
           <BoostedFrequency xsi:nil="true" />

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt

@@ -17,206 +17,437 @@
 #  along with this program; if not, write to the Free Software
 #  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
-# cmake for wolfssl
+# cmake for wolfssl Espressif projects
 #
-cmake_minimum_required(VERSION 3.5)
+# Version 5.6.0.011 for detect test/benchmark
+#
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
+#
+
+cmake_minimum_required(VERSION 3.16)
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 set(CMAKE_CURRENT_SOURCE_DIR ".")
+set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# We are currently in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
-# The root of wolfSSL is 7 directories up from here:
-get_filename_component(WOLFSSL_ROOT  "../../../../../../../" ABSOLUTE)
-
-# Espressif may take several passes through this makefile. Check to see if we found IDF
-string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
-
-if($WOLFSSL_FOUND_IDF)
-    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
-    message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}")
-    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
-endif()
-
-# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
-FILE(GLOB EXCLUDE_ASM *.S)
-file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
-
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
-    message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}")
-endif()
-
-set(INCLUDE_PATH ${WOLFSSL_ROOT})
-
-set(COMPONENT_SRCDIRS "${WOLFSSL_ROOT}/src/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/benchmark/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/test/"
-                        )
-
-set(COMPONENT_REQUIRES lwip)
-
-
-# check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-    #
-    # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
-    #
-    message(STATUS "")
-    message(STATUS "**************************************************************************************")
-    message(STATUS "")
-    message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH")
-    message(STATUS "")
-    message(STATUS "To proceed: ")
-    message(STATUS "")
-    message(STATUS "Remove either the local project component: ${CMAKE_HOME_DIRECTORY}/components/wolfssl/ ")
-    message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
-    message(STATUS "")
-    message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
-    message(STATUS "")
-    message(STATUS "**************************************************************************************")
-    message(STATUS "")
-
-    # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
-
-else()
-    if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-        #
-        # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup.
-        #
-        message(STATUS "")
-        message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}")
-        message(STATUS "")
+# find the user name to search for possible "wolfssl-username"
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
     else()
-        #
-        # wolfSSL is not an ESP-IDF component. We need to now determine if it is local and if so if it is part of the wolfSSL repo
-        # or if  wolfSSL is simply installed as a local component.
-        #
-        if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" )
-            #
-            # wolfSSL found in local project.
-            #
-            if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/include/" )
-                message(STATUS "")
-                message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = $ENV{CMAKE_HOME_DIRECTORY}")
-                message(STATUS "")
-                #
-                # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components.
-                #
-                # We won't do anything else here, as it will be assumed the original install completed successfully.
-                #
-            else()
-                #
-                # This is the developer repo mode. wolfSSL will be assume to be not installed to ESP-IDF nor local project
-                # In this configuration, we are likely running a wolfSSL example found directly in the repo.
-                #
-                message(STATUS "")
-                message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = $ENV{CMAKE_HOME_DIRECTORY}")
-                message(STATUS "")
-
-                message(STATUS "************************************************************************************************")
-                # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories.
-                # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed.
-                #
-                # first check if there's a [root]/include/user_settings.h
-                if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" )
-                    # we won't overwrite an existing user settings file, just note that we already have one:
-                    message(STATUS "Found wolfSSL user_settings.h in ${WOLFSSL_ROOT}/include/user_settings.h")
-                else()
-                    message(STATUS "Installing wolfSSL user_settings.h to ${WOLFSSL_ROOT}/include/user_settings.h")
-                    file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${WOLFSSL_ROOT}/include/")
-                endif() # user_settings.h
-
-                # next check if there's a [root]/include/config.h
-                if( EXISTS "${WOLFSSL_ROOT}/include/config.h" )
-                    message(STATUS "Found wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h")
-                else()
-                    message(STATUS "Installing wolfSSL config.h to ${WOLFSSL_ROOT}/include/config.h")
-                    file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_ROOT}/include/")
-                    file(RENAME "${WOLFSSL_ROOT}/include/dummy_config_h" "${WOLFSSL_ROOT}/include/config.h")
-                endif() # config.h
-                message(STATUS "************************************************************************************************")
-                message(STATUS "")
-            endif()
-
-        else()
-            # we did not find a ./components/wolfssl/include/ directory from this pass of cmake.
-            if($WOLFSSL_FOUND_IDF)
-                message(STATUS "")
-                message(STATUS "WARNING: wolfSSL not found.")
-                message(STATUS "")
-            else()
-                # probably needs to be re-parsed by Espressif
-                message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}")
-            endif() # else we have not found ESP-IDF yet
-        endif() # else not a local wolfSSL component
-
-    endif() #else not an ESP-IDF component
-endif() # else not local copy and EDP-IDF wolfSSL
-
-
-# RTOS_IDF_PATH is typically:
-# "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos"
-# depending on the environment, we may need to swap backslashes with forward slashes
-string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos")
-
-# ESP-IDF after version 4.4x has a different RTOS directory structure
-string(REPLACE "\\" "/" RTOS_IDF_PATH5 "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
-
-if(IS_DIRECTORY ${IDF_PATH}/components/freertos/FreeRTOS-Kernel/)
-    set(COMPONENT_ADD_INCLUDEDIRS
-        "."
-       "${WOLFSSL_ROOT}/include"
-       "${RTOS_IDF_PATH5}"
-       "${WOLFSSL_ROOT}"
-       )
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
 else()
-
-   set(COMPONENT_ADD_INCLUDEDIRS
-       "."
-       "${WOLFSSL_ROOT}/include"
-       "${RTOS_IDF_PATH}"
-       "${WOLFSSL_ROOT}"
-      )
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
 endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
 
-if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
-    list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
-endif()
 
-set(COMPONENT_SRCEXCLUDE
-    "${WOLFSSL_ROOT}/src/bio.c"
-    "${WOLFSSL_ROOT}/src/conf.c"
-    "${WOLFSSL_ROOT}/src/misc.c"
-    "${WOLFSSL_ROOT}/src/pk.c"
-    "${WOLFSSL_ROOT}/src/ssl_misc.c" # included by ssl.c
-    "${WOLFSSL_ROOT}/src/x509.c"
-    "${WOLFSSL_ROOT}/src/x509_str.c"
-    "${WOLFSSL_ROOT}/wolfcrypt/src/evp.c"
-    "${WOLFSSL_ROOT}/wolfcrypt/src/misc.c"
-    "${EXCLUDE_ASM}"
-    )
+# COMPONENT_NAME = wolfssl
+# The component name is the directory name. "No feature to change this".
+# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
+
+# set the root of wolfSSL in top-level project CMakelists.txt:
+#   set(WOLFSSL_ROOT  "C:/some path/with/spaces")
+#   set(WOLFSSL_ROOT  "c:/workspace/wolfssl-[username]")
+#   set(WOLFSSL_ROOT  "/mnt/c/some path/with/spaces")
+#   or use this logic to assign value from Environment Variable WOLFSSL_ROOT,
+#   or assume this is an example 7 subdirectories below:
+
+# We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
+# The root of wolfSSL is 7 directories up from here:
+
+# function: IS_WOLFSSL_SOURCE
+#  parameter: DIRECTORY_PARAMETER - the directory to test
+#  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
+function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+    if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
+        set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
+    else()
+        set(${RESULT} "" PARENT_SCOPE)
+    endif()
+endfunction()
+
+# function: FIND_WOLFSSL_DIRECTORY
+#  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
+#
+function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
+    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    else()
+        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        else()
+            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+            message(STATUS "$ENV{WOLFSSL_ROOT}")
+        endif()
+    endif()
+
+    # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+    message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+    get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+    message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+    string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+
+    # loop through all the parents, looking for wolfssl
+    while(NOT CURRENT_SEARCH_DIR STREQUAL "/" AND NOT CURRENT_SEARCH_DIR STREQUAL "" )
+        string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+        # wolfSSL may simply be in a parent directory, such as for local examples in wolfssl repo
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        if( THIS_USER )
+            # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+
+            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        # Next check for no user suffix "wolfssl" subdirectory as we recurse up the directory tree
+        set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+        # if(EXISTS ${CURRENT_SEARCH_DIR} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR} AND EXISTS "${CURRENT_SEARCH_DIR}/wolfcrypt/src")
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+        if ( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        # Move up one directory level
+        set(PRIOR_SEARCH_DIR "${CURRENT_SEARCH_DIR}")
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
+        message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+        if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
+            # when the search directory is empty, we'll give up
+            set(CURRENT_SEARCH_DIR "")
+        endif()
+    endwhile()
+
+    # If not found, set the output variable to empty before exiting
+    set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE)
+endfunction()
+
+
+# Example usage:
+
+
+
+
+if(CMAKE_BUILD_EARLY_EXPANSION)
+    message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
+    idf_component_register(
+                            REQUIRES "${COMPONENT_REQUIRES}"
+                            PRIV_REQUIRES # esp_hw_support
+                                          # esp_timer
+                                          # driver # this will typically only be needed for wolfSSL benchmark
+                           )
+
+else()
+    # not CMAKE_BUILD_EARLY_EXPANSION
+    message(STATUS "************************************************************************************************")
+    message(STATUS "wolfssl component config:")
+    message(STATUS "************************************************************************************************")
+
+    # search for wolfSSL
+    FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    if(WOLFSSL_ROOT)
+        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        message(STATUS "NEW wolfssl directory not found.")
+        # Abort. We need wolfssl _somewhere_.
+        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
+                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+    endif()
+
+    set(INCLUDE_PATH ${WOLFSSL_ROOT})
+
+    set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+    endif()
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    endif()
+
+    set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
+                          "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
+                         ) # COMPONENT_SRCDIRS
+
+    message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
+
+    set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+
+
+    # Espressif may take several passes through this makefile. Check to see if we found IDF
+    string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
+
+    # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
+    file(GLOB EXCLUDE_ASM *.S)
+    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+
+    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
+    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
+    message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}")
+
+    #
+    # Check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components.
+    #
+    if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+        #
+        # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
+        #
+        message(STATUS "")
+        message(STATUS "**************************************************************************************")
+        message(STATUS "")
+        message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH")
+        message(STATUS "")
+        message(STATUS "To proceed: ")
+        message(STATUS "")
+        message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
+        message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
+        message(STATUS "")
+        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
+        message(STATUS "")
+        message(STATUS "**************************************************************************************")
+        message(STATUS "")
+
+        # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
+
+    else()
+        if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+            #
+            # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup.
+            #
+            message(STATUS "")
+            message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}")
+            message(STATUS "")
+        else()
+            #
+            # wolfSSL is not an ESP-IDF component.
+            # We need to now determine if it is local and if so if it is part of the wolfSSL repo,
+            # or if  wolfSSL is simply installed as a local component.
+            #
+
+            if( EXISTS "${WOLFSSL_PROJECT_DIR}" )
+                #
+                # wolfSSL found in local project.
+                #
+                if( EXISTS "${WOLFSSL_PROJECT_DIR}/wolfcrypt/" )
+                    message(STATUS "")
+                    message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
+                    message(STATUS "")
+                    #
+                    # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components.
+                    #
+                    # We won't do anything else here, as it will be assumed the original install completed successfully.
+                    #
+                else() # full wolfSSL not installed in local project
+                    #
+                    # This is the developer repo mode. wolfSSL will be assumed to be not installed to ESP-IDF nor local project
+                    # In this configuration, we are likely running a wolfSSL example found directly in the repo.
+                    #
+                    message(STATUS "")
+                    message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
+                    message(STATUS "")
+
+                    message(STATUS "************************************************************************************************")
+                    # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories.
+                    # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed.
+                    #
+                    # first check if there's a [root]/include/user_settings.h
+                    if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" )
+                        message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
+                                            "${WOLFSSL_ROOT}/include/user_settings.h "
+                                            " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                    else()
+                        # we won't overwrite an existing user settings file, just note that we already have one:
+                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
+                            message(STATUS "Using existing wolfSSL user_settings.h in "
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                        else()
+                            message(STATUS "Installing wolfSSL user_settings.h to "
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                            file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h"
+                            DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/")
+                        endif()
+                    endif() # user_settings.h
+
+                    # next check if there's a [root]/include/config.h
+                    if( EXISTS "${WOLFSSL_ROOT}/include/config.h" )
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h"              )
+                        message(STATUS "  Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h"                   )
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
+                    else()
+                        # we won't overwrite an existing user settings file, just note that we already have one:
+                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" )
+                            message(STATUS "Using existing wolfSSL config.h           ${WOLFSSL_PROJECT_DIR}/include/config.h")
+                        else()
+                            message(STATUS "Installing wolfSSL config.h to            ${WOLFSSL_PROJECT_DIR}/include/config.h")
+                            file(COPY   "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_PROJECT_DIR}/include/")
+                            file(RENAME "${WOLFSSL_PROJECT_DIR}/include/dummy_config_h" "${WOLFSSL_PROJECT_DIR}/include/config.h")
+                        endif() # Project config.h
+                    endif() # WOLFSSL_ROOT config.h
+                    message(STATUS "************************************************************************************************")
+                    message(STATUS "")
+                endif()
+
+            else()
+                # we did not find a ./components/wolfssl/include/ directory from this pass of cmake.
+                if($WOLFSSL_FOUND_IDF)
+                    message(STATUS "")
+                    message(STATUS "WARNING: wolfSSL not found.")
+                    message(STATUS "")
+                else()
+                    # probably needs to be re-parsed by Espressif
+                    message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}")
+                endif() # else we have not found ESP-IDF yet
+            endif() # else not a local wolfSSL component
+
+        endif() #else not an ESP-IDF component
+    endif() # else not local copy and EDP-IDF wolfSSL
+
+
+    # RTOS_IDF_PATH is typically:
+    # "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos"
+    # depending on the environment, we may need to swap backslashes with forward slashes
+    string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
+
+    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+
+    if(IS_DIRECTORY "${RTOS_IDF_PATH}")
+        message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
+    else()
+        # ESP-IDF prior version 4.4x has a different RTOS directory structure
+        string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos")
+        if(IS_DIRECTORY "${RTOS_IDF_PATH}")
+            message(STATUS "Found legacy RTOS path: ${RTOS_IDF_PATH}")
+        else()
+            message(STATUS "Could not find RTOS path")
+        endif()
+    endif()
+
+
+    set(COMPONENT_ADD_INCLUDEDIRS
+        "./include" # this is the location of wolfssl user_settings.h
+        "\"${WOLFSSL_ROOT}/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${RTOS_IDF_PATH}/\""
+        )
+
+
+    if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
+        list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
+    endif()
+
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/\"")
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
+
+
+
+    set(COMPONENT_SRCEXCLUDE
+        "\"${WOLFSSL_ROOT}/src/bio.c\""
+        "\"${WOLFSSL_ROOT}/src/conf.c\""
+        "\"${WOLFSSL_ROOT}/src/misc.c\""
+        "\"${WOLFSSL_ROOT}/src/pk.c\""
+        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/x509.c\""
+        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${EXCLUDE_ASM}\""
+        )
+
+    spaces2list(COMPONENT_REQUIRES)
+
+    separate_arguments(COMPONENT_SRCDIRS NATIVE_COMMAND "${COMPONENT_SRCDIRS}")
+    separate_arguments(COMPONENT_SRCEXCLUDE NATIVE_COMMAND "${COMPONENT_SRCEXCLUDE}")
+    separate_arguments(COMPONENT_ADD_INCLUDEDIRS NATIVE_COMMAND "${COMPONENT_ADD_INCLUDEDIRS}")
+
+    #
+    # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#example-component-requirements
+    #
+    message(STATUS "COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
+    message(STATUS "COMPONENT_ADD_INCLUDEDIRS = ${COMPONENT_ADD_INCLUDEDIRS}")
+    message(STATUS "COMPONENT_REQUIRES = ${COMPONENT_REQUIRES}")
+    message(STATUS "COMPONENT_SRCEXCLUDE = ${COMPONENT_SRCEXCLUDE}")
+
+    #
+    # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
+    #
+    set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
+    idf_component_register(
+                            SRC_DIRS "${COMPONENT_SRCDIRS}"
+                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                            REQUIRES "${COMPONENT_REQUIRES}"
+                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                           )
+    # some optional diagnostics
+    if (1)
+        get_cmake_property(_variableNames VARIABLES)
+        list (SORT _variableNames)
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES BEGIN")
+        message(STATUS "")
+        foreach (_variableName ${_variableNames})
+            message(STATUS "${_variableName}=${${_variableName}}")
+        endforeach()
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES END")
+        message(STATUS "")
+    endif()
+
+    # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+
+endif() # CMAKE_BUILD_EARLY_EXPANSION
 
-register_component()
 
-# some optional diagnostics
-if (0)
-    get_cmake_property(_variableNames VARIABLES)
-    list (SORT _variableNames)
-    message(STATUS "")
-    message(STATUS "ALL VARIABLES BEGIN")
-    message(STATUS "")
-    foreach (_variableName ${_variableNames})
-        message(STATUS "${_variableName}=${${_variableName}}")
-    endforeach()
-    message(STATUS "")
-    message(STATUS "ALL VARIABLES END")
-    message(STATUS "")
-endif()
 
 # check to see if there's both a local copy and EDP-IDF copy of the wolfssl components
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
     message(STATUS "")
     message(STATUS "")
     message(STATUS "********************************************************************")
@@ -227,3 +458,69 @@ endif()
 # end multiple component check
 
 
+#
+# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
+#
+# Save the THIS_VAR as a string in a macro called VAR_OUPUT
+#
+# VAR_OUPUT:  the name of the macro to define
+# THIS_VAR:   the OUTPUT_VARIABLE result from a execute_process()
+# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
+#
+function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
+    # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
+    string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
+
+    # if we had a successful operation, save the THIS_VAR in VAR_OUPUT
+    if(${IS_VALID_VALUE})
+        # strip newline chars in THIS_VAR parameter and save in VAR_VALUE
+        string(REPLACE "\n" ""  VAR_VALUE  ${THIS_VAR})
+
+        # we'll could percolate the value to the parent for possible later use
+        # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
+
+        # but we're only using it here in this function
+        set(${VAR_OUPUT} ${VAR_VALUE})
+
+        # we'll print what we found to the console
+        message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
+
+        # the interesting part is defining the VAR_OUPUT name a value to use in the app
+        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+    else()
+        # if we get here, check the execute_process command and parameters.
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        set(${VAR_OUPUT} "Unknown")
+    endif()
+endfunction() # LIBWOLFSSL_SAVE_INFO
+
+# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
+# see wolfcrypt\src\port\Espressif\esp32_utl.c
+if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+    set (git_cmd "git")
+    message(STATUS "Adding macro definitions:")
+
+    # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
+
+    message(STATUS "************************************************************************************************")
+    message(STATUS "wolfssl component config complete!")
+    message(STATUS "************************************************************************************************")
+endif()

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk

@@ -1,40 +1,244 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2023 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../..
+
+# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
+
+##
+## wolfcrypt
+##
+# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h

@@ -0,0 +1,542 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
+
+/* This user_settings.h is for Espressif ESP-IDF */
+#include <sdkconfig.h>
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/*
+ * ONE of these Espressif chipsets should be defined:
+ *
+ * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
+ * WOLFSSL_ESP8266
+ */
+#undef WOLFSSL_ESPWROOM32SE
+#undef WOLFSSL_ESP8266
+#undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desparate, try NO_SESSION_CACHE.  */
+#define SMALL_SESSION_CACHE
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* When you don't want to use the old SHA */
+/* #define NO_SHA */
+/* #define NO_OLD_TLS */
+
+#define BENCH_EMBEDDED
+#define USE_CERT_BUFFERS_2048
+#define WOLFSSL_SMALL_STACK
+#define HAVE_ECC
+#define RSA_LOW_MEM
+
+/* TLS 1.3                                 */
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define WC_RSA_PSS
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_SUPPORTED_CURVES
+
+#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+#define NO_FILESYSTEM
+
+#define NO_OLD_TLS
+
+#define HAVE_AESGCM
+
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
+/* when you want to use SHA224 */
+#define WOLFSSL_SHA224
+
+/* when you want to use SHA384 */
+#define WOLFSSL_SHA384
+
+/* when you want to use SHA512 */
+/* #define WOLFSSL_SHA512 */
+
+/* when you want to use SHA3 */
+/* #define WOLFSSL_SHA3 */
+
+/* ED25519 requires SHA512 */
+/* #define HAVE_ED25519 */
+
+/* when you want to use pkcs7 */
+/* #define HAVE_PKCS7 */
+
+#if defined(HAVE_PKCS7)
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* when you want to use aes counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* RSA primitive specific definition */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Define USE_FAST_MATH and SMALL_STACK                        */
+    #define ESP32_USE_RSA_PRIMITIVE
+
+    #if defined(CONFIG_IDF_TARGET_ESP32)
+
+        /* NOTE HW unreliable for small values! */
+        /* threshold for performance adjustment for HW primitive use   */
+        /* X bits of G^X mod P greater than                            */
+        #undef  ESP_RSA_EXPT_XBITS
+        #define ESP_RSA_EXPT_XBITS 32
+
+        /* X and Y of X * Y mod P greater than                         */
+        #undef  ESP_RSA_MULM_BITS
+        #define ESP_RSA_MULM_BITS  16
+
+    #endif
+#endif
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
+#define ESP_RSA_TIMEOUT_CNT    0x249F00
+
+#define HASH_SIZE_LIMIT /* for test.c */
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef USE_FAST_MATH          */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+#define HAVE_VERSION_EXTENDED_INFO
+/* #define HAVE_WC_INTROSPECTION */
+
+#define  HAVE_SESSION_TICKET
+
+/* #define HAVE_HASHDRBG */
+
+#define WOLFSSL_KEY_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_SYS_CA_CERTS
+
+#define WOLFSSL_CERT_TEXT
+
+#define WOLFSSL_ASN_TEMPLATE
+
+/*
+#undef  WOLFSSL_KEY_GEN
+#undef  WOLFSSL_CERT_REQ
+#undef  WOLFSSL_CERT_GEN
+#undef  WOLFSSL_CERT_EXT
+#undef  WOLFSSL_SYS_CA_CERTS
+*/
+
+/* command-line options
+--enable-keygen
+--enable-certgen
+--enable-certreq
+--enable-certext
+--enable-asn-template
+*/
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
+#else
+    /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+/* Debug options:
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+*/
+
+#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+#define WOLFSSL_HW_METRICS
+
+/* #define HASH_SIZE_LIMIT */ /* for test.c */
+
+/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+#define WOLFSSL_PUBLIC_MP /* used by benchmark */
+#define USE_CERT_BUFFERS_2048
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+/* Conditional macros used in wolfSSL TLS client and server examples */
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #if defined(USE_CERT_BUFFERS_2048)
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt

@@ -1,12 +1,36 @@
-
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.0
 #
 # wolfssl client test
 #
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-set(COMPONENT_SRCS "client-tls.c" "wifi_connect.c")
-set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
-
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message("Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message("Detected UNIX")
+endif()
+if(APPLE)
+    message("Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message("Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message("Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message("Detected Apple")
+endif()
 set (git_cmd "git")
 
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -19,7 +43,14 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
-register_component()
+## register_component()
+idf_component_register(SRCS main.c
+                            wifi_connect.c
+                            time_helper.c
+                            client-tls.c
+                       INCLUDE_DIRS "."
+                                    "./include")
+#
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild

@@ -1,9 +1,15 @@
 menu "Example Configuration"
 
-config TARGET_HOST
+config WOLFSSL_TARGET_HOST
     string "Target host"
-    default "127.0.01.1"
+    default "127.0.0.1"
     help
         host address for the example to connect
-        
+
+config WOLFSSL_TARGET_PORT
+    int "Target port"
+    default 11111
+    help
+        host port for the example to connect
+
 endmenu

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -1,6 +1,6 @@
-/* client-tls-callback.c
+/* client-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,40 +18,85 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-/* the usual suspects */
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
+#include "client-tls.h"
 
-/* ESP specific */
-#include "wifi_connect.h"
+/* Espressif FreeRTOS */
+#ifndef SINGLE_THREADED
+    #include <freertos/FreeRTOS.h>
+    #include <freertos/task.h>
+    #include <freertos/event_groups.h>
+#endif
+
+/* Espressif */
+#include <esp_log.h>
 
 /* socket includes */
-#include "lwip/netdb.h"
-#include "lwip/sockets.h"
+#include <lwip/netdb.h>
+#include <lwip/sockets.h>
 
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
-#include <wolfssl/certs_test.h>
 
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-static const char* const TAG = "tls_client";
+#ifndef NO_DH
+    /* see also wolfssl/test.h */
+    #undef  DEFAULT_MIN_DHKEY_BITS
+    #define DEFAULT_MIN_DHKEY_BITS 1024
+
+    #undef  DEFAULT_MAX_DHKEY_BITS
+    #define DEFAULT_MAX_DHKEY_BITS 2048
+#endif
+
+/* Project */
+#include "wifi_connect.h"
+#include "time_helper.h"
+
+/* working TLS 1.2 VS client app commandline param:
+ *
+ *  -h 192.168.1.128 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+ *
+ * working Linux, non-working VS c app
+ *
+ *  -h 192.168.1.128 -v 4 -l TLS13-SM4-CCM-SM3        -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+ *
+ **/
+#define TAG "client-tls"
 
 #if defined(DEBUG_WOLFSSL)
+int stack_start = -1;
 
-static void ShowCiphers(void)
+int ShowCiphers(WOLFSSL* ssl)
 {
-    char ciphers[4096];
+    #define CLIENT_TLS_MAX_CIPHER_LENGTH 4096
+    char ciphers[CLIENT_TLS_MAX_CIPHER_LENGTH];
+    const char* cipher_used;
+    int ret = 0;
 
-    int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+    if (ssl == NULL) {
+        ESP_LOGI(TAG, "WOLFSSL* ssl is NULL, so no cipher in use");
+        ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+        if (ret == WOLFSSL_SUCCESS) {
+            for (int i = 0; i < CLIENT_TLS_MAX_CIPHER_LENGTH; i++) {
+                if (ciphers[i] == ':') {
+                    ciphers[i] = '\n';
+                }
+            }
+            ESP_LOGI(TAG, "Available Ciphers:\n%s\n", ciphers);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to call wolfSSL_get_ciphers. Error %d", ret);
+        }
+    }
+    else {
+        cipher_used = wolfSSL_get_cipher_name(ssl);
+        ESP_LOGI(TAG, "WOLFSSL* ssl using %s", cipher_used);
+    }
 
-    if (ret == WOLFSSL_SUCCESS)
-        printf("%s\n", ciphers);
+    return ret;
 }
 
 #endif
@@ -69,13 +114,13 @@ static void ShowCiphers(void)
 static byte mSlotList[ATECC_MAX_SLOT];
 
 int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
-                                                atmel_slot_dealloc_cb dealloc);
+                             atmel_slot_dealloc_cb dealloc);
 /* initialize slot array */
 void my_atmel_slotInit()
 {
     int i;
 
-    for(i=0;i<ATECC_MAX_SLOT; i++) {
+    for (i = 0; i < ATECC_MAX_SLOT; i++) {
         mSlotList[i] = ATECC_INVALID_SLOT;
     }
 }
@@ -84,7 +129,7 @@ int my_atmel_alloc(int slotType)
 {
     int i, slot = -1;
 
-    switch(slotType){
+    switch (slotType) {
         case ATMEL_SLOT_ENCKEY:
             slot = 2;
             break;
@@ -98,8 +143,8 @@ int my_atmel_alloc(int slotType)
             slot = 4;
             break;
         case ATMEL_SLOT_ANY:
-            for(i=0;i<ATECC_MAX_SLOT;i++){
-                if(mSlotList[i] == ATECC_INVALID_SLOT){
+            for (i = 0; i < ATECC_MAX_SLOT; i++) {
+                if (mSlotList[i] == ATECC_INVALID_SLOT) {
                     slot = i;
                     break;
                 }
@@ -111,88 +156,174 @@ int my_atmel_alloc(int slotType)
 /* free slot array       */
 void my_atmel_free(int slotId)
 {
-    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+    if (slotId >= 0 && slotId < ATECC_MAX_SLOT) {
         mSlotList[slotId] = ATECC_INVALID_SLOT;
     }
 }
-#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* CUSTOM_SLOT_ALLOCATION */
 #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
 /* client task */
-void tls_smp_client_task()
+WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 {
-    int ret;
+#if defined(SINGLE_THREADED)
+    int ret = ESP_OK;
+    #define TLS_SMP_CLIENT_TASK_RET ret
+#else
+    #define TLS_SMP_CLIENT_TASK_RET
+#endif
+    char buff[256];
+    const char sndMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
+    const char* ch = TLS_SMP_TARGET_HOST; /* see wifi_connect.h */
+    struct sockaddr_in servAddr;
+
+    struct hostent *hp;
+    struct ip4_addr *ip4_addr;
+    int ret_i; /* interim return values */
     int sockfd;
     int doPeerCheck;
     int sendGet;
-    struct sockaddr_in servAddr;
-    char buff[256];
-    const char* ch = TLS_SMP_TARGET_HOST;
+#ifndef NO_DH
+    int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
+#endif
     size_t len;
-    struct hostent *hp;
-    struct ip4_addr *ip4_addr;
-    const char sndMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
 
     /* declare wolfSSL objects */
-    WOLFSSL_CTX *ctx;
-    WOLFSSL *ssl;
+    WOLFSSL_CTX* ctx;
+    WOLFSSL*     ssl;
 
-    WOLFSSL_ENTER("tls_smp_client_task");
+    wolfSSL_Debugging_ON();
+    WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
 
-    doPeerCheck = 0;
+    doPeerCheck = 1;
     sendGet = 0;
 
 #ifdef DEBUG_WOLFSSL
     WOLFSSL_MSG("Debug ON");
-    wolfSSL_Debugging_ON();
-    ShowCiphers();
+    ShowCiphers(NULL);
 #endif
     /* Initialize wolfSSL */
     wolfSSL_Init();
 
-    /* Create a socket that uses an internet IPv4 address,
+    /* Create a socket that uses an Internet IPv4 address,
      * Sets the socket to be stream based (TCP),
      * 0 means choose the default protocol. */
     if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
-        ESP_LOGE(TAG,"ERROR: failed to create the socket\n");
+        ESP_LOGE(TAG, "ERROR: failed to create the socket\n");
     }
 
     ESP_LOGI(TAG, "get target IP address");
 
     hp = gethostbyname(TLS_SMP_TARGET_HOST);
     if (!hp) {
-         ESP_LOGE(TAG, "Failed to get host name.");
-         ip4_addr = NULL;
-    } else {
+        ESP_LOGE(TAG, "Failed to get host name.");
+        ip4_addr = NULL;
+    }
+    else {
+        ip4_addr = (struct ip4_addr *)hp->h_addr;
+    }
 
-         ip4_addr = (struct ip4_addr *)hp->h_addr;
-         ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
-    }
     /* Create and initialize WOLFSSL_CTX */
-    if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) {
-        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL_CTX\n");
+    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */
+    /*   options:   */
+    /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());      only TLS 1.2 */
+    /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());      only TLS 1.3 */
+    /* wolfSSL_CTX_NoTicketTLSv12(); */
+    /* wolfSSL_NoTicketTLSv12();     */
+    if (ctx == NULL) {
+        ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX\n");
     }
-    WOLFSSL_MSG("Loading...cert");
-    /* Load client certificates into WOLFSSL_CTX */
-    if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
-        sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        ESP_LOGE(TAG,"ERROR: failed to load %d, please check the file.\n",ret);
+
+#if defined(WOLFSSL_ESP32_CIPHER_SUITE)
+    ESP_LOGI(TAG, "Start SM2\n");
+
+/*
+ *
+ * reference code for SM Ciphers:
+ *
+    #if defined(HAVE_AESGCM) && !defined(NO_DH)
+        #ifdef WOLFSSL_TLS13
+            defaultCipherList = "TLS13-AES128-GCM-SHA256"
+            #ifndef WOLFSSL_NO_TLS12
+                                ":DHE-PSK-AES128-GCM-SHA256"
+            #endif
+            ;
+        #else
+            defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+        #endif
+    #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
+            defaultCipherList = "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256"
+            #ifndef WOLFSSL_NO_TLS12
+                                ":PSK-AES128-GCM-SHA256"
+            #endif
+            ;
+    #elif defined(HAVE_NULL_CIPHER)
+            defaultCipherList = "PSK-NULL-SHA256";
+    #elif !defined(NO_AES_CBC)
+            defaultCipherList = "PSK-AES128-CBC-SHA256";
+    #else
+            defaultCipherList = "PSK-AES128-GCM-SHA256";
+    #endif
+*/
+
+    ret = wolfSSL_CTX_set_cipher_list(ctx, WOLFSSL_ESP32_CIPHER_SUITE);
+    if (ret == WOLFSSL_SUCCESS) {
+        ESP_LOGI(TAG, "Set cipher list: %s\n", WOLFSSL_ESP32_CIPHER_SUITE);
     }
-    /* not peer check */
-    if( doPeerCheck == 0 ){
+    else {
+        ESP_LOGE(TAG, "ERROR: failed to set cipher list: %s\n",
+                       WOLFSSL_ESP32_CIPHER_SUITE);
+    }
+#endif
+
+#ifdef DEBUG_WOLFSSL
+    ShowCiphers(NULL);
+    ESP_LOGI(TAG, "Stack used: %d\n",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - uxTaskGetStackHighWaterMark(NULL));
+#endif
+
+/* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */
+#ifndef NO_DH
+    ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+     if (ret != SSL_SUCCESS) {
+        ESP_LOGE(TAG, "Error setting minimum DH key size");
+    }
+#endif
+
+    /* no peer check */
+    if (doPeerCheck == 0) {
+        ESP_LOGW(TAG, "doPeerCheck == 0");
         wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
-    } else {
+    }
+    else {
+        ESP_LOGW(TAG, "doPeerCheck != 0");
         WOLFSSL_MSG("Loading... our cert");
         /* load our certificate */
-   	    if ((ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, client_cert_der_2048,
-            sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-            ESP_LOGE(TAG,"ERROR: failed to load chain %d, please check the file.\n",ret);
+        ret_i = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
+                                         CTX_CLIENT_CERT,
+                                         CTX_CLIENT_CERT_SIZE,
+                                         CTX_CLIENT_CERT_TYPE);
+        if (ret_i != SSL_SUCCESS) {
+            ESP_LOGE(TAG, "ERROR: failed to load chain %d, "
+                          "please check the file.", ret_i);
         }
 
-        if ((ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
-            sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1))  != SSL_SUCCESS) {
-            wolfSSL_CTX_free(ctx); ctx = NULL;
-            ESP_LOGE(TAG,"ERROR: failed to load key %d, please check the file.\n", ret);
+        /* Load client certificates into WOLFSSL_CTX */
+        WOLFSSL_MSG("Loading...cert");
+        ret_i = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         CTX_CA_CERT,
+                                         CTX_CA_CERT_SIZE,
+                                         CTX_CA_CERT_TYPE);
+
+        ret_i = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                         CTX_CLIENT_KEY,
+                                         CTX_CLIENT_KEY_SIZE,
+                                         CTX_CLIENT_KEY_TYPE);
+        if(ret_i  != SSL_SUCCESS) {
+            wolfSSL_CTX_free(ctx) ; ctx = NULL ;
+            ESP_LOGE(TAG, "ERROR: failed to load key %d, "
+                          "please check the file.\n", ret_i) ;
         }
 
         wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, 0);
@@ -202,37 +333,60 @@ void tls_smp_client_task()
     memset(&servAddr, 0, sizeof(servAddr));
 
     /* Fill in the server address */
-    servAddr.sin_family = AF_INET;           /* using IPv4      */
-    servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
+    servAddr.sin_family = AF_INET; /* using IPv4      */
+    servAddr.sin_port = htons(TLS_SMP_DEFAULT_PORT); /* on DEFAULT_PORT */
 
-    if(*ch >= '1' && *ch <= '9') {
+    if (*ch >= '1' && *ch <= '9') {
         /* Get the server IPv4 address from the command line call */
         WOLFSSL_MSG("inet_pton");
-        if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST,
-                 &servAddr.sin_addr)) != 1) {
-            ESP_LOGE(TAG,"ERROR: invalid address ret=%d\n", ret);
+        if ((ret_i = inet_pton(AF_INET,
+                             TLS_SMP_TARGET_HOST,
+                             &servAddr.sin_addr)) != 1) {
+            ESP_LOGE(TAG, "ERROR: invalid address ret=%d\n", ret_i);
         }
-    } else {
+    }
+    else {
         servAddr.sin_addr.s_addr = ip4_addr->addr;
     }
 
     /* Connect to the server */
-    sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST
-                                                      , DEFAULT_PORT);
+    sprintf(buff,
+            "Connecting to server....%s(port:%d)",
+            TLS_SMP_TARGET_HOST,
+            TLS_SMP_DEFAULT_PORT);
     WOLFSSL_MSG(buff);
-    printf("%s\n",buff);
-    if ((ret = connect(sockfd, (struct sockaddr *)&servAddr,
-                                    sizeof(servAddr))) == -1){
-        ESP_LOGE(TAG,"ERROR: failed to connect ret=%d\n", ret);
+    printf("%s\n", buff);
+
+    if ((ret_i = connect(sockfd,
+                       (struct sockaddr *)&servAddr,
+                       sizeof(servAddr))) == -1) {
+        ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i);
     }
 
     WOLFSSL_MSG("Create a WOLFSSL object");
     /* Create a WOLFSSL object */
     if ((ssl = wolfSSL_new(ctx)) == NULL) {
-        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL object\n");
+        ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object\n");
+    }
+    else {
+#ifdef DEBUG_WOLFSSL
+        ESP_LOGI(TAG, "\nCreated WOLFSSL object:");
+        ShowCiphers(ssl);
+#endif
     }
 
-    /* when using atecc608a on esp32-wroom-32se */
+#if defined(WOLFSSL_SM2)
+    /* SM TLS1.3 Cipher needs to have key share explicitly set. */
+    ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1);
+    if (ret == WOLFSSL_SUCCESS) {
+        ESP_LOGI(TAG, "Successfully set WOLFSSL_ECC_SM2P256V1");
+    }
+    else {
+        ESP_LOGE(TAG, "FAILED to set WOLFSSL_ECC_SM2P256V1");
+    }
+#endif
+        /* when using atecc608a on esp32-wroom-32se */
+
 #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
                                   && defined(WOLFSSL_ATECC508A)
     atcatls_set_callbacks(ctx);
@@ -244,41 +398,58 @@ void tls_smp_client_task()
 #endif
 
     /* Attach wolfSSL to the socket */
-    wolfSSL_set_fd(ssl, sockfd);
+    ret_i = wolfSSL_set_fd(ssl, sockfd);
+    if (ret_i == WOLFSSL_SUCCESS) {
+        ESP_LOGI(TAG, "wolfSSL_set_fd success");
+    }
+    else {
+        ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i);
+    }
 
     WOLFSSL_MSG("Connect to wolfSSL on the server side");
     /* Connect to wolfSSL on the server side */
-    if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
-        ESP_LOGE(TAG,"ERROR: failed to connect to wolfSSL\n");
-    }
+    ret_i = wolfSSL_connect(ssl);
+    if (wolfSSL_connect(ssl) == SSL_SUCCESS) {
+#ifdef DEBUG_WOLFSSL
+        ShowCiphers(ssl);
+#endif
+        /* Get a message for the server from stdin */
+        WOLFSSL_MSG("Message for server: ");
+        memset(buff, 0, sizeof(buff));
 
-    /* Get a message for the server from stdin */
-    WOLFSSL_MSG("Message for server: ");
-    memset(buff, 0, sizeof(buff));
+        if (sendGet) {
+            printf("SSL connect ok, sending GET...\n");
+            len = XSTRLEN(sndMsg);
+            strncpy(buff, sndMsg, len);
+            buff[len] = '\0';
+        }
+        else {
+            sprintf(buff, "message from esp32 tls client\n");
+            len = strnlen(buff, sizeof(buff));
+        }
+        /* Send the message to the server */
+        if (wolfSSL_write(ssl, buff, len) != len) {
+            ESP_LOGE(TAG, "ERROR: failed to write\n");
+        }
 
-    if(sendGet){
-        printf("SSL connect ok, sending GET...\n");
-        len = XSTRLEN(sndMsg);
-        strncpy(buff, sndMsg, len);
-        buff[len] = '\0';
-    } else {
-        sprintf(buff, "message from esp32 tls client\n");
-        len = strnlen(buff, sizeof(buff));
-    }
-    /* Send the message to the server */
-    if (wolfSSL_write(ssl, buff, len) != len) {
-        ESP_LOGE(TAG,"ERROR: failed to write\n");
-    }
+        /* Read the server data into our buff array */
+        memset(buff, 0, sizeof(buff));
+        if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
+            ESP_LOGE(TAG, "ERROR: failed to read\n");
+        }
 
-    /* Read the server data into our buff array */
-    memset(buff, 0, sizeof(buff));
-    if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
-        ESP_LOGE(TAG,"ERROR: failed to read\n");
+        /* Print to stdout any data the server sends */
+        printf("Server: ");
+        printf("%s\n", buff);
+        }
+    else {
+        ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. "
+                      "Error: %d\n", ret_i);
     }
+#ifdef DEBUG_WOLFSSL
+    ShowCiphers(ssl);
+#endif
 
-    /* Print to stdout any data the server sends */
-    printf("Server:");
-    printf("%s", buff);
     /* Cleanup and return */
     wolfSSL_free(ssl);     /* Free the wolfSSL object                  */
     wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
@@ -287,5 +458,44 @@ void tls_smp_client_task()
 
     vTaskDelete(NULL);
 
-    return;                /* Return reporting a success               */
+    return TLS_SMP_CLIENT_TASK_RET;
 }
+
+#if defined(SINGLE_THREADED)
+    /* we don't initialize a single thread, so no init function here */
+#else
+/* create task */
+WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
+{
+    int ret;
+#if ESP_IDF_VERSION_MAJOR >= 4
+    TaskHandle_t _handle;
+#else
+    xTaskHandle _handle;
+#endif
+    /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions  */
+    if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
+        /* Observed approximately 6KB limit for the RTOS task stack size.
+         * Reminder parameter is bytes, not words as with generic FreeeRTOS. */
+        ESP_LOGW(TAG, "Warning: TLS_SMP_CLIENT_TASK_BYTES < 6KB");
+    }
+#ifndef WOLFSSL_SMALL_STACK
+    ESP_LOGW(TAG, "WARNING: WOLFSSL_SMALL_STACK is not defined. Consider "
+                  "defining that to reduce embedded memory usage.");
+#endif
+
+    /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
+     * Espressif uses BYTES for the task stack size here: */
+    ret = xTaskCreate(tls_smp_client_task,
+                      TLS_SMP_CLIENT_TASK_NAME,
+                      TLS_SMP_CLIENT_TASK_BYTES,
+                      NULL,
+                      TLS_SMP_CLIENT_TASK_PRIORITY,
+                      &_handle);
+
+    if (ret != pdPASS) {
+        ESP_LOGI(TAG, "Create thread %s failed.", TLS_SMP_CLIENT_TASK_NAME);
+    }
+    return TLS_SMP_CLIENT_TASK_RET;
+}
+#endif

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk

@@ -1,8 +1,8 @@
 #
 # Main component makefile.
 #
-# This Makefile can be left empty. By default, it will take the sources in the 
-# src/ directory, compile them and link them into lib(subdirectory_name).a 
-# in the build directory. This behaviour is entirely configurable,
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 #

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h

@@ -0,0 +1,81 @@
+/* client-tls.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#ifndef _CLIENT_TLS_H_
+#define _CLIENT_TLS_H_
+
+/* Local project, auto-generated configuration */
+#include "sdkconfig.h"
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+/* See main/Kconfig.projbuild for default configuration settings */
+#ifdef CONFIG_WOLFSSL_TARGET_HOST
+    #define TLS_SMP_TARGET_HOST         CONFIG_WOLFSSL_TARGET_HOST
+#else
+    #define TLS_SMP_TARGET_HOST         "192.168.1.37"
+#endif
+
+#ifdef CONFIG_WOLFSSL_TARGET_PORT
+    #define TLS_SMP_DEFAULT_PORT        CONFIG_WOLFSSL_TARGET_PORT
+#else
+    #define TLS_SMP_DEFAULT_PORT        11111
+#endif
+
+#define TLS_SMP_CLIENT_TASK_NAME        "tls_client_example"
+
+/* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
+#if defined(WOLFSSL_ESP8266)
+    #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
+#else
+    #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
+#endif
+
+#define TLS_SMP_CLIENT_TASK_PRIORITY    8
+
+#if defined(SINGLE_THREADED)
+    #define WOLFSSL_ESP_TASK int
+#else
+    #include <freertos/FreeRTOS.h>
+    #define WOLFSSL_ESP_TASK void
+#endif
+
+typedef struct {
+    int port;
+    int loops;
+} tls_args;
+
+/* Function to show the ciphers available / in use. */
+#if defined(DEBUG_WOLFSSL)
+    int ShowCiphers(WOLFSSL* ssl);
+#endif
+
+/* This is the TLS Client function, possibly in an RTOS thread. */
+WOLFSSL_ESP_TASK tls_smp_client_task(void* args);
+
+/* init will create an RTOS task, otherwise server is simply function call. */
+#if defined(SINGLE_THREADED)
+    /* no init neded */
+#else
+    WOLFSSL_ESP_TASK tls_smp_client_init(void* args);
+#endif
+
+#endif /* _SERVER_TLS_ */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h

@@ -0,0 +1,24 @@
+/* wolfssl_client main.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#ifndef _MAIN_H_
+#define _MAIN_H_
+
+#endif

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h

@@ -0,0 +1,55 @@
+/* time_helper.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* common Espressif time_helper v5.6.3.001 */
+
+#ifndef _TIME_HELPER_H_
+#define _TIME_HELPER_H_
+
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
+ * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* a function to show the current data and time */
+int esp_show_current_datetime(void);
+
+/* worst case, if GitHub time not available, used fixed time */
+int set_fixed_default_time(void);
+
+/* set time from string (e.g. GitHub commit time) */
+int set_time_from_string(const char* time_buffer);
+
+/* set time from NTP servers,
+ * also initially calls set_fixed_default_time or set_time_from_string */
+int set_time(void);
+
+/* wait NTP_RETRY_COUNT seconds before giving up on NTP time */
+int set_time_wait_for_ntp(void);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* #ifndef _TIME_HELPER_H_ */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -1,4 +1,4 @@
-/* user_settings.h
+/* wifi_connect.h
  *
  * Copyright (C) 2006-2023 wolfSSL Inc.
  *
@@ -18,26 +18,116 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifndef _TLS_WIFI_H_
-#define _TLS_WIFI_H_
+#ifndef _WIFI_CONNECT_H_
+#define _WIFI_CONNECT_H_
 
-#include "esp_idf_version.h"
-#include "esp_log.h"
-#include "esp_wifi.h"
-#if ESP_IDF_VERSION_MAJOR >= 4
-    #include "esp_event.h"
-#else
-    #include "esp_event_loop.h"
-#endif
-
-#define DEFAULT_PORT                     11111
-
-#define TLS_SMP_CLIENT_TASK_NAME         "tls_client_example"
-#define TLS_SMP_CLIENT_TASK_WORDS        10240
-#define TLS_SMP_CLIENT_TASK_PRIORITY     8
+/* ESP lwip */
+#define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 
 #define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
 #define TLS_SMP_WIFI_PASS                CONFIG_WIFI_PASSWORD
-#define TLS_SMP_TARGET_HOST              CONFIG_TARGET_HOST
 
+#define USE_WIFI_EXAMPLE
+#ifdef USE_WIFI_EXAMPLE
+    #include "esp_netif.h"
+    #include "protocol_examples_common.h" /* see project CMakeLists.txt */
 #endif
+
+/**
+ ******************************************************************************
+ ******************************************************************************
+ ** USER APPLICATION SETTINGS BEGIN
+ ******************************************************************************
+ ******************************************************************************
+ **/
+
+/* when using a private config with plain text passwords,
+ * file my_private_config.h should be excluded from git updates */
+/* #define  USE_MY_PRIVATE_CONFIG */
+
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
+    #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
+        #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
+    #else
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
+    #endif
+#else
+
+    /*
+    ** The examples use WiFi configuration that you can set via project
+    ** configuration menu
+    **
+    ** If you'd rather not, just change the below entries to strings with
+    ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
+    */
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* tyically from ESP32 with ESP-IDF v4 ot v5 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
+    #else
+        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+    #endif
+
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
+    #else
+        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+    #endif
+#endif
+
+/* ESP lwip */
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+
+int wifi_init_sta(void);
+
+int wifi_show_ip(void);
+
+#endif /* _WIFI_CONNECT_H_ */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c

@@ -0,0 +1,305 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include "sdkconfig.h"
+#include "main.h"
+
+/* ESP specific */
+#include <nvs_flash.h>
+#include <esp_log.h>
+#include <esp_event.h>
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#ifndef WOLFSSL_ESPIDF
+    #warning "Problem with wolfSSL user_settings."
+    #warning "Check components/wolfssl/include"
+#endif
+
+/* this project */
+#include "client-tls.h"
+#include "time_helper.h"
+
+#ifndef CONFIG_IDF_TARGET_ESP32H2
+    /* There's no WiFi on ESP32-H2.
+     * For wired ethernet, see:
+     * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
+    #include "wifi_connect.h"
+    /*
+     * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
+     * See https://github.com/espressif/esp-modbus/issues/2
+     */
+#endif
+
+#ifdef WOLFSSL_TRACK_MEMORY
+    #include <wolfssl/wolfcrypt/mem_track.h>
+#endif
+
+static const char* TAG = "main";
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you want to use a custom slot allocation */
+/* enable the definition CUSTOM_SLOT_ALLOCATION. */
+
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc);
+
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+    for(i = 0;i < ATECC_MAX_SLOT;i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i = 0;i < ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
+
+/* Entry for FreeRTOS */
+void app_main(void)
+{
+    int stack_start = 0;
+    esp_err_t ret = 0;
+    ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
+    ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
+    ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "--------------------------------------------------------");
+#ifdef ESP_SDK_MEM_LIB_VERSION
+    sdk_init_meminfo();
+#endif
+#ifdef ESP_TASK_MAIN_STACK
+    ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
+#endif
+#ifdef TASK_EXTRA_STACK_SIZE
+    ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
+#endif
+
+#ifdef SINGLE_THREADED
+    ESP_LOGI(TAG, "Single threaded");
+#else
+    ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE,
+             (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
+
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    {
+        /* Returns the high water mark of the stack associated with xTask. That is,
+         * the minimum free stack space there has been (in bytes not words, unlike
+         * vanilla FreeRTOS) since the task started. The smaller the returned
+         * number the closer the task has come to overflowing its stack.
+         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
+         */
+        stack_start = uxTaskGetStackHighWaterMark(NULL);
+        #ifdef ESP_SDK_MEM_LIB_VERSION
+        {
+            sdk_var_whereis("stack_start", &stack_start);
+        }
+        #endif
+
+        ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
+    }
+    #endif /* INCLUDE_uxTaskGetStackHighWaterMark */
+#endif /* SINGLE_THREADED */
+
+#ifdef HAVE_VERSION_EXTENDED_INFO
+    esp_ShowExtendedSystemInfo();
+#endif
+
+    /* Set time for cert validation.
+     * Some lwIP APIs, including SNTP functions, are not thread safe. */
+    ret = set_time(); /* need to setup NTP before WiFi */
+
+    /* Optionally erase flash */
+    /* ESP_ERROR_CHECK(nvs_flash_erase()); */
+
+#ifdef FOUND_PROTOCOL_EXAMPLES_DIR
+    ESP_LOGI(TAG, "FOUND_PROTOCOL_EXAMPLES_DIR active, using example code.");
+    ESP_ERROR_CHECK(nvs_flash_init());
+
+    #if defined(CONFIG_IDF_TARGET_ESP32H2)
+        ESP_LOGE(TAG, "There's no WiFi on ESP32-H2.");
+    #else
+        #ifdef CONFIG_EXAMPLE_WIFI_SSID
+            if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) {
+                ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is myssid.");
+                ESP_LOGW(TAG, "  Do you have a WiFi AP called myssid, or ");
+                ESP_LOGW(TAG, "  did you forget the ESP-IDF configuration?");
+            }
+        #else
+            #define CONFIG_EXAMPLE_WIFI_SSID "myssid"
+            ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined.");
+        #endif
+        ESP_ERROR_CHECK(esp_netif_init());
+        ESP_ERROR_CHECK(esp_event_loop_create_default());
+        ESP_ERROR_CHECK(example_connect());
+    #endif
+#else
+    ESP_ERROR_CHECK(nvs_flash_init());
+
+    /* Initialize NVS */
+    ret = nvs_flash_init();
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+    {
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
+    }
+    #else
+    {
+        /* Non-ESP8266 initialization is slightly different */
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
+            ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
+    }
+    #endif /* else not CONFIG_IDF_TARGET_ESP8266 */
+    ESP_ERROR_CHECK(ret);
+
+    #if defined(CONFIG_IDF_TARGET_ESP32H2)
+        ESP_LOGE(TAG, "There's no WiFi on ESP32-H2. ");
+    #else
+        /* Initialize WiFi */
+        ESP_LOGI(TAG, "ESP_WIFI_MODE_STA");
+        ret = wifi_init_sta();
+        while (ret != 0) {
+            ESP_LOGI(TAG, "Waiting...");
+            vTaskDelay(60000 / portTICK_PERIOD_MS);
+            ESP_LOGI(TAG, "Trying WiFi again...");
+            ret = wifi_init_sta();
+        }
+    #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */
+#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */
+
+    /* Once we are connected to the network, start & wait for NTP time */
+    ret = set_time_wait_for_ntp();
+
+    if (ret < -1) {
+        /* a value of -1 means there was no NTP server, so no need to wait */
+        ESP_LOGI(TAG, "Waiting 10 more seconds for NTP to complete." );
+        vTaskDelay(10000 / portTICK_PERIOD_MS); /* brute-force solution */
+        esp_show_current_datetime();
+    }
+
+#if defined(SINGLE_THREADED)
+    /* just call the task */
+    tls_smp_client_task((void*)NULL);
+#else
+    tls_args args[1] = {0};
+    /* start a thread with the task */
+    args[0].loops = 10;
+    args[0].port = 11111;
+
+    /* HWM is maximum amount of stack space that has been unused, in bytes
+     * not words (unlike vanilla freeRTOS). */
+    int this_heap;
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - (uxTaskGetStackHighWaterMark(NULL))
+            );
+    ESP_LOGI(TAG, "Starting TLS Client task ...\n");
+
+    ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
+                  &this_heap, this_heap);
+    tls_smp_client_init(args);
+/* optional additional client threads
+    tls_smp_client_init(args);
+    tls_smp_client_init(args);
+    tls_smp_client_init(args);
+    tls_smp_client_init(args);
+    tls_smp_client_init(args);
+    tls_smp_client_init(args);
+    tls_smp_client_init(args);
+*/
+#endif
+
+    /* Done */
+#ifdef SINGLE_THREADED
+    ESP_LOGV(TAG, "\n\nDone!\n\n");
+    while (1);
+#else
+    ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
+    vTaskDelete(NULL);
+    /* done */
+    while (1) {
+        ESP_LOGV(TAG, "\n\nLoop...\n\n");
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+
+        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                        - (uxTaskGetStackHighWaterMark(NULL) ));
+    #endif
+        vTaskDelay(60000);
+    } /* done while */
+#endif /* else not SINGLE_THREADED */
+
+} /* app_main */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c

@@ -0,0 +1,381 @@
+/* time_helper.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* See https://tf.nist.gov/tf-cgi/servers.cgi */
+
+/* common Espressif time_helper v5.6.6.001 */
+#include "sdkconfig.h"
+#include "time_helper.h"
+
+#include <esp_log.h>
+#include <esp_idf_version.h>
+
+#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+    #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR >= 1)
+        #define HAS_ESP_NETIF_SNTP 1
+        #include <lwip/apps/sntp.h>
+        #include <esp_netif_sntp.h>
+    #else
+        #include <string.h>
+        #include <esp_sntp.h>
+    #endif
+#else
+    /* TODO Consider non ESP-IDF environments */
+#endif
+
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
+ * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+ */
+
+/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
+#ifndef TIME_ZONE
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
+     *   that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
+     */
+    #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
+#endif /* not defined: TIME_ZONE, so we are setting our own */
+
+#define NTP_RETRY_COUNT 10
+
+/* NELEMS(x) number of elements
+ * To determine the number of elements in the array, we can divide the total
+ * size of the array by the size of the array element.
+ * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c
+ **/
+#define NELEMS(x)  ( (int)(sizeof(x) / sizeof((x)[0])) )
+
+/* See also CONFIG_LWIP_SNTP_MAX_SERVERS in sdkconfig */
+#define NTP_SERVER_LIST ( (char*[]) {                        \
+                                     "pool.ntp.org",         \
+                                     "time.nist.gov",        \
+                                     "utcnist.colorado.edu"  \
+                                     }                       \
+                        )
+/* #define NTP_SERVER_COUNT using NELEMS:
+ *
+ *  (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0]))
+ */
+#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST)
+
+#ifndef CONFIG_LWIP_SNTP_MAX_SERVERS
+    /* We should find max value in sdkconfig, if not set it to our count:*/
+    #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT
+#endif
+
+char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
+
+const static char* TAG = "time_helper";
+
+/* our NTP server list is global info */
+extern char* ntpServerList[NTP_SERVER_COUNT];
+
+/* Show the current date and time */
+int esp_show_current_datetime(void)
+{
+    time_t now;
+    char strftime_buf[64];
+    struct tm timeinfo;
+
+    time(&now);
+    setenv("TZ", TIME_ZONE, 1);
+    tzset();
+
+    localtime_r(&now, &timeinfo);
+    strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
+    ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
+    return ESP_OK;
+}
+
+/* the worst-case scenario is a hard-coded date/time */
+int set_fixed_default_time(void)
+{
+    /* ideally, we'd like to set time from network,
+     * but let's set a default time, just in case */
+    struct tm timeinfo = {
+        .tm_year = 2024 - 1900,
+        .tm_mon  = 1,
+        .tm_mday = 05,
+        .tm_hour = 13,
+        .tm_min  = 01,
+        .tm_sec  = 05
+    };
+    struct timeval now;
+    time_t interim_time;
+    int ret = -1;
+
+    /* set interim static time */
+    interim_time = mktime(&timeinfo);
+
+    ESP_LOGI(TAG, "Adjusting time from fixed value");
+    now = (struct timeval){ .tv_sec = interim_time };
+    ret = settimeofday(&now, NULL);
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
+
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
+
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
+    return ret;
+}
+
+/* set_time_from_string(s)
+ *
+ * returns 0 = success if able to set the time from the provided string
+ * error for any other value, typically -1 */
+int set_time_from_string(const char* time_buffer)
+{
+    /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
+    const char *format = "%3s %3s %d %d:%d:%d %d %s";
+    struct tm this_timeinfo;
+    struct timeval now;
+    time_t interim_time;
+    int day, year, hour, minute, second;
+    int quote_offset = 0;
+    int ret = 0;
+
+    /* perform some basic sanity checkes */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
+        }
+
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
+
+        if (ret == 8) {
+            /* we found a match for all componets */
+
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
+
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
+            }
+
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
+    }
+
+    return ret;
+}
+
+/* set time; returns 0 if succecssfully configured with NTP */
+int set_time(void)
+{
+#ifndef NTP_SERVER_COUNT
+    ESP_LOGW(TAG, "Warning: no sntp server names defined. "
+                  "Setting to empty list");
+    #define NTP_SERVER_COUNT 0
+    #warning "NTP not properly configured"
+#endif /* not defined: NTP_SERVER_COUNT */
+
+#ifdef HAS_ESP_NETIF_SNTP
+    #if CONFIG_LWIP_SNTP_MAX_SERVERS > 1
+        esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG_MULTIPLE(
+                                       NTP_SERVER_COUNT,
+                                       ESP_SNTP_SERVER_LIST(ntpServerList[0])
+                                   );
+    #else
+        esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG(ntpServerList[0]);
+    #endif /* CONFIG_LWIP_SNTP_MAX_SERVERS > 1 */
+#endif /* HAS_ESP_NETIF_SNTP */
+
+    int ret = 0;
+    int i = 0; /* counter for time servers */
+
+    ESP_LOGI(TAG, "Setting the time. Startup time:");
+    esp_show_current_datetime();
+
+#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
+    /* initialy set a default approximate time from recent git commit */
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
+    esp_show_current_datetime();
+
+    ret = -4;
+#else
+    /* otherwise set a fixed time that was hard coded */
+    set_fixed_default_time();
+    esp_show_current_datetime();
+    ret = -3;
+#endif
+
+#ifdef CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
+    config.smooth_sync = true;
+#endif
+
+    if (NTP_SERVER_COUNT) {
+        /* next, let's setup NTP time servers
+         *
+         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         *
+         * WARNING: do not set operating mode while SNTP client is running!
+         */
+        /* TODO Consider esp_sntp_setoperatingmode(SNTP_OPMODE_POLL);  */
+        sntp_setoperatingmode(SNTP_OPMODE_POLL);
+        if (NTP_SERVER_COUNT > CONFIG_LWIP_SNTP_MAX_SERVERS) {
+            ESP_LOGW(TAG, "WARNING: %d NTP Servers defined, but "
+                          "CONFIG_LWIP_SNTP_MAX_SERVERS = %d",
+                           NTP_SERVER_COUNT,CONFIG_LWIP_SNTP_MAX_SERVERS);
+        }
+        ESP_LOGI(TAG, "sntp_setservername:");
+        for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) {
+            const char* thisServer = ntpServerList[i];
+            if (strncmp(thisServer, "\x00", 1) == 0) {
+                /* just in case we run out of NTP servers */
+                break;
+            }
+            ESP_LOGI(TAG, "%s", thisServer);
+            sntp_setservername(i, thisServer);
+            ret = ESP_OK;
+        }
+    #ifdef HAS_ESP_NETIF_SNTP
+        ret = esp_netif_sntp_init(&config);
+    #else
+        ESP_LOGW(TAG,"Warning: Consider upgrading ESP-IDF to take advantage "
+                     "of updated SNTP libraries");
+    #endif
+        if (ret == ESP_OK) {
+            ESP_LOGV(TAG, "Successfully called esp_netif_sntp_init");
+        }
+        else {
+            ESP_LOGE(TAG, "ERROR: esp_netif_sntp_init return = %d", ret);
+        }
+
+        sntp_init();
+        switch (ret) {
+            case ESP_ERR_INVALID_STATE:
+                break;
+            default:
+                break;
+        }
+        ESP_LOGI(TAG, "sntp_init done.");
+    }
+    else {
+        ESP_LOGW(TAG, "No sntp time servers found.");
+        ret = -1;
+    }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
+    return ret;
+}
+
+/* wait for NTP to actually set the time */
+int set_time_wait_for_ntp(void)
+{
+    int ret = 0;
+#ifdef HAS_ESP_NETIF_SNTP
+    int ntp_retry = 0;
+    const int ntp_retry_count = NTP_RETRY_COUNT;
+
+    ret = esp_netif_sntp_start();
+
+    ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined");
+#endif /* HAS_ESP_NETIF_SNTP */
+    esp_show_current_datetime();
+
+#ifdef HAS_ESP_NETIF_SNTP
+    while (ret == ESP_ERR_TIMEOUT && (ntp_retry++ < ntp_retry_count)) {
+        ret = esp_netif_sntp_sync_wait(1000 / portTICK_PERIOD_MS);
+        ESP_LOGI(TAG, "Waiting for NTP to sync time... (%d/%d)",
+                       ntp_retry,
+                       ntp_retry_count);
+        esp_show_current_datetime();
+    }
+#endif /* HAS_ESP_NETIF_SNTP */
+
+#ifdef TIME_ZONE
+    setenv("TZ", TIME_ZONE, 1);
+    tzset();
+#endif
+
+    if (ret == ESP_OK) {
+        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        }
+    else {
+        ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
+                      "result = 0x%0x: %s",
+                       ret, esp_err_to_name(ret));
+    }
+    return ret;
+}

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,93 +18,170 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-/*ESP specific */
-#include "freertos/FreeRTOS.h"
-#include "freertos/task.h"
-#include "freertos/event_groups.h"
 #include "wifi_connect.h"
-#include "lwip/sockets.h"
-#include "lwip/netdb.h"
-#include "lwip/apps/sntp.h"
-#include "nvs_flash.h"
+
+/* FreeRTOS */
+#include <freertos/FreeRTOS.h>
+#include <freertos/task.h>
+#include <freertos/event_groups.h>
+
+/* Espressif */
+#include <esp_log.h>
+#include <esp_idf_version.h>
+#include <esp_wifi.h>
 
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
 #include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/types.h>
 #ifndef WOLFSSL_ESPIDF
-    #warning "problem with wolfSSL user_settings. Check components/wolfssl/include"
+    #warning "Problem with wolfSSL user_settings."
+    #warning "Check components/wolfssl/include"
 #endif
 
-#if ESP_IDF_VERSION_MAJOR >= 4
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5
+    /* example path set in cmake file */
+#elif ESP_IDF_VERSION_MAJOR >= 4
     #include "protocol_examples_common.h"
 #else
     const static int CONNECTED_BIT = BIT0;
     static EventGroupHandle_t wifi_event_group;
 #endif
 
-/* proto-type */
-extern void tls_smp_client_task();
-static void tls_smp_client_init();
+#if defined(CONFIG_IDF_TARGET_ESP8266)
 
-const static char *TAG = "tls_client";
-
-static void set_time()
-{
-    /* set dummy wallclock time. */
-    struct timeval utctime;
-    struct timezone tz;
-    struct strftime_buf;
-    time_t now;
-    struct tm timeinfo;
-    char strftime_buf[64];
-    /* please update the time if seeing unknown failure when loading cert.   */
-    /* this could cause TLS communication failure due to time expiration     */
-    /* increasing 31536000 seconds is close to spanning 356 days.            */
-    utctime.tv_sec = 1695513105; /* dummy time: Sat Sep 23 17:05:31 PDT 2023 */
-    utctime.tv_usec = 0;
-    tz.tz_minuteswest = 0;
-    tz.tz_dsttime = 0;
-
-    settimeofday(&utctime, &tz);
-
-    time(&now);
-    localtime_r(&now, &timeinfo);
-
-    strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
-    ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
-
-#if ESP_IDF_VERSION_MAJOR < 4
-    /* wait until wifi connect */
-    xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
-                                            false, true, portMAX_DELAY);
-#endif
-    /* now we start client tasks. */
-    tls_smp_client_init();
-}
-
-/* create task */
-static void tls_smp_client_init(void)
-{
-    int ret;
-#if ESP_IDF_VERSION_MAJOR >= 4
-        TaskHandle_t _handle;
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+    #if ESP_IDF_VERSION_MAJOR >= 4
+        /* likely using examples, see wifi_connect.h */
+    #else
+        /* TODO - still supporting pre V4 ? */
+        const static int CONNECTED_BIT = BIT0;
+        static EventGroupHandle_t wifi_event_group;
+    #endif
+    #if (ESP_IDF_VERSION_MAJOR == 5)
+        #define HAS_WPA3_FEATURES
+    #else
+        #undef HAS_WPA3_FEATURES
+    #endif
 #else
-        xTaskHandle _handle;
+    /* TODO Consider pre IDF v5? */
 #endif
-    /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
-    ret = xTaskCreate(tls_smp_client_task,
-                      TLS_SMP_CLIENT_TASK_NAME,
-                      TLS_SMP_CLIENT_TASK_WORDS,
-                      NULL,
-                      TLS_SMP_CLIENT_TASK_PRIORITY,
-                      &_handle);
 
-    if (ret != pdPASS) {
-        ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME);
+/* breadcrumb prefix for logging */
+const static char *TAG = "wifi_connect";
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
     }
 }
-#if ESP_IDF_VERSION_MAJOR < 4
+
+int wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes including WEP/WPA.
+        * However these modes are deprecated and not advisable to be used. Incase your Access point
+        * doesn't support WPA2, these mode can be enabled by commenting below line */
+
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum
+     * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
 /* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
@@ -133,99 +210,185 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
     }
     return ESP_OK;
 }
+#else
+
+#ifdef CONFIG_ESP_MAXIMUM_RETRY
+    #define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+#else
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
 #endif
-/* entry point */
-void app_main(void)
+
+#if CONFIG_ESP_WIFI_AUTH_OPEN
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN
+#elif CONFIG_ESP_WIFI_AUTH_WEP
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WEP
+#elif CONFIG_ESP_WIFI_AUTH_WPA_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA2_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA_WPA2_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_WPA2_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA3_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA3_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA2_WPA3_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_WPA3_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WAPI_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WAPI_PSK
+#endif
+
+#ifndef ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD
+    #define CONFIG_ESP_WIFI_AUTH_WPA2_PSK 1
+    #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD CONFIG_ESP_WIFI_AUTH_WPA2_PSK
+#endif
+
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+
+/* The event group allows multiple bits for each event, but we only care about two events:
+ * - we are connected to the AP with an IP
+ * - we failed to connect after the maximum amount of retries */
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+
+
+static int s_retry_num = 0;
+ip_event_got_ip_t* event;
+
+
+static void event_handler(void* arg,
+                          esp_event_base_t event_base,
+                          int32_t event_id,
+                          void* event_data)
 {
-    ESP_LOGI(TAG, "Start app_main...");
-    ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
-    ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET);
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_STRING = %s", LIBWOLFSSL_VERSION_STRING);
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    }
+    else if (event_base == WIFI_EVENT &&
+             event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        }
+        else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG, "connect to the AP fail");
+    }
+    else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        event = (ip_event_got_ip_t*) event_data;
+        wifi_show_ip();
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
 
-#if defined(WOLFSSL_MULTI_INSTALL_WARNING)
-    ESP_LOGI(TAG, "");
-    ESP_LOGI(TAG, "WARNING: Multiple wolfSSL installs found.");
-    ESP_LOGI(TAG, "Check ESP-IDF and local project [components] directory.");
-    ESP_LOGI(TAG, "");
-#endif
+int wifi_init_sta(void)
+{
+    int ret = ESP_OK;
 
-#if defined(LIBWOLFSSL_VERSION_GIT_HASH)
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH = %s", LIBWOLFSSL_VERSION_GIT_HASH);
-#endif
+    s_wifi_event_group = xEventGroupCreate();
 
-#if defined(LIBWOLFSSL_VERSION_GIT_SHORT_HASH )
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_SHORT_HASH = %s", LIBWOLFSSL_VERSION_GIT_SHORT_HASH);
-#endif
+    ESP_ERROR_CHECK(esp_netif_init());
 
-#if defined(LIBWOLFSSL_VERSION_GIT_HASH_DATE)
-    ESP_LOGI(TAG, "LIBWOLFSSL_VERSION_GIT_HASH_DATE = %s", LIBWOLFSSL_VERSION_GIT_HASH_DATE);
-#endif
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+    esp_netif_create_default_wifi_sta();
 
-
-    /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32C3)
-    /* not available for C3 at this time */
-#elif defined(CONFIG_IDF_TARGET_ESP32S3)
-    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#else
-    ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
-            );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#endif
-
-    /* all platforms: stack high water mark check */
-    ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
-
-
-    ESP_ERROR_CHECK(nvs_flash_init());
-
-    ESP_LOGI(TAG, "Initialize wifi");
-#if (ESP_IDF_VERSION_MAJOR == 4 && ESP_IDF_VERSION_MINOR >= 1) || \
-    (ESP_IDF_VERSION_MAJOR >= 5)
-    esp_netif_init();
-#else
-    tcpip_adapter_init();
-#endif
-
-    /* */
-#if ESP_IDF_VERSION_MAJOR >= 4
-   ESP_ERROR_CHECK(esp_event_loop_create_default());
-   /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
-   * Read "Establishing Wi-Fi or Ethernet Connection" section in
-   * examples/protocols/README.md for more information about this function.
-   */
-    ESP_ERROR_CHECK(example_connect());
-#else
-    wifi_event_group = xEventGroupCreate();
-    ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL));
     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
     ESP_ERROR_CHECK(esp_wifi_init(&cfg));
 
+    esp_event_handler_instance_t instance_any_id;
+    esp_event_handler_instance_t instance_got_ip;
+    ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT,
+                                                        ESP_EVENT_ANY_ID,
+                                                        &event_handler,
+                                                        NULL,
+                                                        &instance_any_id));
+    ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT,
+                                                        IP_EVENT_STA_GOT_IP,
+                                                        &event_handler,
+                                                        NULL,
+                                                        &instance_got_ip));
+
     wifi_config_t wifi_config = {
         .sta = {
-            .ssid = TLS_SMP_WIFI_SSID,
-            .password = TLS_SMP_WIFI_PASS,
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS,
+            /* Authmode threshold resets to WPA2 as default if password matches
+             * WPA2 standards (pasword len => 8). If you want to connect the
+             * device to deprecated WEP/WPA networks, Please set the threshold
+             * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
+             * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
+             * standards. */
+            .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD,
+        #ifdef HAS_WPA3_FEATURES
+            .sae_pwe_h2e = WPA3_SAE_PWE_BOTH,
+        #endif
         },
     };
-    /* WiFi station mode */
     ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
-    /* Wifi Set the configuration of the ESP32 STA or AP */
-    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
-    /* Start Wifi */
+    ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
+
+#ifdef CONFIG_EXAMPLE_WIFI_SSID
+    if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) {
+        ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\".");
+        ESP_LOGW(TAG, "  Do you have a WiFi AP called \"myssid\", ");
+        ESP_LOGW(TAG, "  or did you forget the ESP-IDF configuration?");
+    }
+#else
+    ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined.");
+#endif
+
     ESP_ERROR_CHECK(esp_wifi_start() );
 
     ESP_LOGI(TAG, "wifi_init_sta finished.");
-    ESP_LOGI(TAG, "connect to ap SSID:%s password:%s",
-                                        TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS);
+
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT)
+     * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT).
+     * The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    /* xEventGroupWaitBits() returns the bits before the call returned,
+     * hence we can test which event actually happened. */
+#if defined(SHOW_SSID_AND_PASSWORD)
+    ESP_LOGW(TAG, "Undefine SHOW_SSID_AND_PASSWORD to not show SSID/password");
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s password:%s",
+                       EXAMPLE_ESP_WIFI_SSID,
+                       EXAMPLE_ESP_WIFI_PASS);
+    }
+    else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                       EXAMPLE_ESP_WIFI_SSID,
+                       EXAMPLE_ESP_WIFI_PASS);
+    }
+    else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+#else
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "Connected to AP");
+    }
+    else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to AP");
+        ret = -1;
+    }
+    else {
+        ESP_LOGE(TAG, "AP UNEXPECTED EVENT");
+        ret = -2;
+    }
 #endif
-    ESP_LOGI(TAG, "Set dummy time...");
-    set_time();
+    return ret;
 }
+
+int wifi_show_ip(void)
+{
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
+}
+#endif

IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv

@@ -0,0 +1,31 @@
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,

IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults

@@ -1,26 +1,15 @@
+# sdkconfig.defaults for ESP8266 + ESP32
+
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
 CONFIG_FREERTOS_HZ=1000
-CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
-
-#
-# Default main stack size
-#
-# This is typically way bigger than needed for stack size. See user_settings.h
-#
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
-
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
-
-#
-# Compiler options
-#
-CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
-CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
-CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
-CONFIG_COMPILER_HIDE_PATHS_MACROS=y
-CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
-CONFIG_COMPILER_STACK_CHECK=y
-
 #
 # Partition Table
 #

IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj

@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM70</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>false</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>

IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt

@@ -1,11 +1,96 @@
+# wolfSSL Espressif Example Project CMakeLists.txt
+#   v1.0
+#
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.16)
+
+# The wolfSSL CMake file should be able to find the source code.
+# Otherwise, assign an environment variable or set it here:
+#
+# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
+#
+# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
+# USE_MY_PRIVATE_CONFIG path for my_private_config.h
+#
+# Expected path varies:
+#
+#     WSL:  /mnt/c/workspace
+#   Linux:  ~/workspace
+# Windows:  C:\workspace
+#
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message("Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message("Detected UNIX")
+endif()
+if(APPLE)
+    message("Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message("Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message("Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message("Detected Apple")
+endif()
+# End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
-# (Not part of the boilerplate)
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-# disable the following line if there isn't the directory
-set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+
 project(wolfssl_server)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md

@@ -1,8 +1,23 @@
-# wolfSSL Server Example
+# wolfSSL TLS Server Example
+
+This is the wolfSSL TLS Server demo, typically used with the [Espressif TLS Client](../wolfssl_client/README.md)
+or the CLI [Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client).
+
+When using the CLI, see the [example parameters](/IDE/Espressif/ESP-IDF/examples#interaction-with-wolfssl-cli).
+
+For general information on [wolfSSL examples for Espressif](../README.md), see the
+[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
+
+## VisualGDB
+
+Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
+No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`.
+
+## ESP-IDF Commandline
 
 The Example contains a wolfSSL simple server.
 
-1. `idf.py menuconfigure` to configure the project
+1. `idf.py menuconfig` to configure the project
 
     1-1. Example Connection Configuration ->
     
@@ -20,3 +35,77 @@ When you want to test the wolfSSL simple server demo
     e.g ./example/client/client -h xx.xx.xx
 
 See the README.md file in the upper level 'examples' directory for more information about examples.
+
+
+```
+# . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh
+. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
+
+# optionally erase
+idf.py erase-flash -p /dev/ttyS19 -b 115200
+
+# Program flash
+idf.py flash -p /dev/ttyS19 -b 115200 monitor
+```
+
+
+Linux Client to x108 SM server
+
+```
+cd /mnt/c/workspace/wolfssl-$USER
+
+# show the ciphers
+./examples/client/client -e
+
+./examples/client/client  -h 192.168.1.108 -v 4 -l TLS_SM4_GCM_SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem   -A ./certs/sm2/root-sm2.pem -C
+```
+
+
+Linux Server
+
+```
+./examples/server/server                   -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
+```
+
+
+Cipers to consider
+
+```
+TLS13-AES128-GCM-SHA256:
+TLS13-AES256-GCM-SHA384:
+TLS13-CHACHA20-POLY1305-SHA256:
+
+TLS13-SM4-GCM-SM3:
+TLS13-SM4-CCM-SM3:
+ECDHE-ECDSA-SM4-CBC-SM3:
+ECDHE-ECDSA-SM4-GCM-SM3:
+ECDHE-ECDSA-SM4-CCM-SM3
+
+DHE-RSA-AES128-SHA:
+DHE-RSA-AES256-SHA:
+ECDHE-RSA-AES128-SHA:
+ECDHE-RSA-AES256-SHA:
+ECDHE-ECDSA-AES128-SHA:
+ECDHE-ECDSA-AES256-SHA:
+DHE-RSA-AES128-SHA256:
+DHE-RSA-AES256-SHA256:
+DHE-RSA-AES128-GCM-SHA256:
+DHE-RSA-AES256-GCM-SHA384:
+ECDHE-RSA-AES128-GCM-SHA256:
+ECDHE-RSA-AES256-GCM-SHA384:
+ECDHE-ECDSA-AES128-GCM-SHA256:
+ECDHE-ECDSA-AES256-GCM-SHA384:
+ECDHE-RSA-AES128-SHA256:
+ECDHE-ECDSA-AES128-SHA256:
+ECDHE-RSA-AES256-SHA384:
+ECDHE-ECDSA-AES256-SHA384:
+ECDHE-RSA-CHACHA20-POLY1305:
+ECDHE-ECDSA-CHACHA20-POLY1305:
+DHE-RSA-CHACHA20-POLY1305:
+ECDHE-RSA-CHACHA20-POLY1305-OLD:
+ECDHE-ECDSA-CHACHA20-POLY1305-OLD:
+DHE-RSA-CHACHA20-POLY1305-OLD:
+```
+
+See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).

IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md

@@ -0,0 +1,512 @@
+# SM Cipher Notes
+
+
+### Install SM
+```
+cd /mnt/c/workspace/wolfsm-$USER
+./install.sh ../wolfssl-$USER
+```
+
+
+### Build Linux SM Examples
+```
+./autogen.sh
+./configure --enable-sm3 --enable-sm4-gcm --enable-sm2         \
+            --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr \
+            --enable-sm4-gcm --enable-sm4-ccm
+make clean && make
+```
+
+### TLS 1.3 Server
+
+```
+./examples/server/server -v 4 -b -d -p 11111 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
+```
+
+### TLS 1.3 Client
+
+```
+./examples/client/client  -h 127.0.0.1 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+```
+
+### TLS 1.2 Client to Local Linux Server
+
+```
+./examples/client/client  -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  \
+                      -c ./certs/sm2/client-sm2.pem                 \
+                      -k ./certs/sm2/client-sm2-priv.pem            \
+                      -A ./certs/sm2/root-sm2.pem -C
+```
+
+###  TLS 1.2 Client to ESP32 Server
+
+```
+./examples/client/client  -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  \
+                      -c ./certs/sm2/client-sm2.pem                 \
+                      -k ./certs/sm2/client-sm2-priv.pem            \
+                      -A ./certs/sm2/root-sm2.pem -C
+```
+### Others...
+
+```
+# Success: Linux Client to ESP32 Server TLS1.2 
+./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+# Success: Linux Client to ESP32 Server TLS1.3
+
+# Reported as TLS_SM4_GCM_SM3, but parameter is TLS13-SM4-GCM-SM3
+./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+# Reported as TLS-SM4-CCM-SM3, but parameter is TLS13-SM4-CCM-SM3
+./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
+
+```
+
+```
+ESP32-to-ESP32
+TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3
+TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3
+TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3
+```
+
+Tried both PEM and DER format.
+
+The latest server is PEM format, triple-checked to have the embedded server
+be the same as the Linux server files.
+
+
+|  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
+| -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
+| emdedded:
+| server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
+
+### Code
+
+See [source code](https://github.com/gojimmypi/wolfssl/blob/2c4f443aec7b151f945cb9dfe2dad6ee30449cf0/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c#L187):
+
+![code](./code.png)
+
+
+### Linux client talking to embedded server:
+
+```
+/examples/client/client  -h 192.168.1.108 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem     -A ./certs/sm2/root-sm2.pem -C
+wolfSSL_connect error -188, ASN no signer error to confirm failure
+wolfSSL error: wolfSSL_connect failed
+```
+
+Output:
+```
+ets Jul 29 2019 12:21:46
+
+rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
+configsip: 0, SPIWP:0xee
+clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
+mode:DIO, clock div:2
+load:0x3fff0030,len:7000
+load:0x40078000,len:15452
+ho 0 tail 12 room 4
+load:0x40080400,len:3840
+entry 0x4008064c
+I (29) boot: ESP-IDF v5.0-dirty 2nd stage bootloader
+I (29) boot: compile time 13:40:31
+I (29) boot: chip revision: v3.0
+I (32) boot_comm: chip revision: 3, min. bootloader chip revision: 0
+I (39) boot.esp32: SPI Speed      : 40MHz
+I (44) boot.esp32: SPI Mode       : DIO
+I (48) boot.esp32: SPI Flash Size : 2MB
+I (53) boot: Enabling RNG early entropy source...
+I (58) boot: Partition Table:
+I (62) boot: ## Label            Usage          Type ST Offset   Length
+I (69) boot:  0 nvs              WiFi data        01 02 00009000 00006000
+I (77) boot:  1 phy_init         RF data          01 01 0000f000 00001000
+I (84) boot:  2 factory          factory app      00 00 00010000 00177000
+I (92) boot: End of partition table
+I (96) boot_comm: chip revision: 3, min. application chip revision: 0
+I (103) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=338d8h (211160) map
+I (188) esp_image: segment 1: paddr=00043900 vaddr=3ffb0000 size=03b78h ( 15224) load
+I (194) esp_image: segment 2: paddr=00047480 vaddr=40080000 size=08b98h ( 35736) load
+I (209) esp_image: segment 3: paddr=00050020 vaddr=400d0020 size=c591ch (809244) map
+I (501) esp_image: segment 4: paddr=00115944 vaddr=40088b98 size=0c230h ( 49712) load
+I (522) esp_image: segment 5: paddr=00121b7c vaddr=50000000 size=00010h (    16) load
+I (533) boot: Loaded app from partition at offset 0x10000
+I (533) boot: Disabling RNG early entropy source...
+I (545) cpu_start: Pro cpu up.
+I (545) cpu_start: Starting app cpu, entry point is 0x400812f4
+I (532) cpu_start: App cpu up.
+I (561) cpu_start: Pro cpu start user code
+I (561) cpu_start: cpu freq: 160000000 Hz
+I (561) cpu_start: Application information:
+I (566) cpu_start: Project name:     wolfssl_server
+I (571) cpu_start: App version:      v5.6.3-stable-1088-g560c84b2b-d
+I (578) cpu_start: Compile time:     Jul 19 2023 22:20:09
+I (585) cpu_start: ELF file SHA256:  3e6e571c9e87bf44...
+I (591) cpu_start: ESP-IDF:          v5.0-dirty
+I (596) heap_init: Initializing. RAM available for dynamic allocation:
+I (603) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
+I (609) heap_init: At 3FFBDA68 len 00022598 (137 KiB): DRAM
+I (615) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
+I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
+I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
+I (636) spi_flash: detected chip: generic
+I (639) spi_flash: flash io: dio
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+size in the binary image header.
+I (657) cpu_start: Starting scheduler on PRO CPU.
+I (0) cpu_start: Starting scheduler on APP CPU.
+I (725) tls_server: ESP_WIFI_MODE_STA
+I (735) wifi:wifi driver task: 3ffcb738, prio:23, stack:6656, core=0
+I (735) system_api: Base MAC address is not set
+I (735) system_api: read default base MAC address from EFUSE
+I (755) wifi:wifi firmware version: 0d470ef
+I (755) wifi:wifi certification version: v7.0
+I (755) wifi:config NVS flash: enabled
+I (755) wifi:config nano formating: disabled
+I (755) wifi:Init data frame dynamic rx buffer num: 32
+I (765) wifi:Init management frame dynamic rx buffer num: 32
+I (765) wifi:Init management short buffer num: 32
+I (775) wifi:Init dynamic tx buffer num: 32
+I (775) wifi:Init static rx buffer size: 1600
+I (775) wifi:Init static rx buffer num: 10
+I (785) wifi:Init dynamic rx buffer num: 32
+I (785) wifi_init: rx ba win: 6
+I (795) wifi_init: tcpip mbox: 32
+I (795) wifi_init: udp mbox: 6
+I (795) wifi_init: tcp mbox: 6
+I (805) wifi_init: tcp tx win: 5744
+I (805) wifi_init: tcp rx win: 5744
+I (815) wifi_init: tcp mss: 1440
+I (815) wifi_init: WiFi IRAM OP enabled
+I (815) wifi_init: WiFi RX IRAM OP enabled
+I (825) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
+I (925) wifi:mode : sta (24:d7:eb:41:7b:68)
+I (935) wifi:enable tsf
+I (935) tls_server: wifi_init_sta finished.
+I (945) wifi:new:<4,0>, old:<1,0>, ap:<255,255>, sta:<4,0>, prof:1
+I (945) wifi:state: init -> auth (b0)
+I (945) wifi:state: auth -> assoc (0)
+I (955) wifi:state: assoc -> run (10)
+W (955) wifi:<ba-add>idx:0 (ifx:0, c8:d7:19:cd:00:17), tid:0, ssn:0, winSize:64
+I (985) wifi:connected with testbench, aid = 1, channel 4, BW20, bssid = c8:d7:19:cd:00:17
+I (985) wifi:security: WPA2-PSK, phy: bgn, rssi: -45
+I (995) wifi:pm start, type: 1
+
+I (1065) wifi:AP's beacon interval = 102400 us, DTIM period = 1
+I (3225) esp_netif_handlers: sta ip: 192.168.1.108, mask: 255.255.255.0, gw: 192.168.1.10
+I (3225) tls_server: got ip:192.168.1.108
+I (3235) Time Helper: sntp_setservername:
+I (3235) Time Helper: pool.ntp.org
+I (3245) Time Helper: time.nist.gov
+I (3245) Time Helper: utcnist.colorado.edu
+I (3255) Time Helper: sntp_init done.
+TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12
+8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS
+A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD
+SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD
+:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3
+:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305
+I (3315) wolfssl: Start wolfSSL_Init()
+I (3315) wolfssl: wolfSSL Entering wolfSSL_Init
+I (3325) wolfssl: wolfSSL Entering wolfCrypt_Init
+I (3325) wolfssl: start socket())
+I (3335) wolfssl: Create and initialize WOLFSSL_CTX
+I (3335) wolfssl: wolfSSL Entering wolfSSLv23_server_method_ex
+I (3345) wolfssl: wolfSSL Entering wolfSSL_CTX_new_ex
+I (3345) wolfssl: wolfSSL Entering wolfSSL_CertManagerNew
+I (3355) wolfssl: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
+I (3365) tls_server: Start SM2
+
+I (3365) wolfssl: wolfSSL Entering wolfSSL_CTX_set_cipher_list
+I (3375) tls_server: Set cipher list: ECDHE-ECDSA-SM4-CBC-SM3
+
+TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12
+8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS
+A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD
+SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD
+:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3
+:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305
+I (3435) wolfssl: Loading certificate...
+I (3435) wolfssl: wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
+I (3445) wolfssl: wolfSSL Entering PemToDer
+I (3455) wolfssl: Checking cert signature type
+I (3455) wolfssl: wolfSSL Entering GetExplicitVersion
+I (3465) wolfssl: wolfSSL Entering wc_GetSerialNumber
+I (3465) wolfssl: Got Cert Header
+I (3475) wolfssl: wolfSSL Entering GetObjectId
+I (3475) wolfssl: Got Algo ID
+I (3475) wolfssl: Getting Name
+I (3485) wolfssl: Getting Cert Name
+I (3485) wolfssl: Getting Name
+I (3495) wolfssl: Getting Cert Name
+I (3495) wolfssl: Got Subject Name
+I (3495) wolfssl: wolfSSL Entering GetAlgoId
+I (3505) wolfssl: wolfSSL Entering GetObjectId
+I (3505) wolfssl: wolfSSL Entering GetObjectId
+I (3515) wolfssl: Got Key
+I (3515) wolfssl: ECDSA/ED25519/ED448 cert signature
+I (3525) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_certificate_buffer, return 1
+I (3535) tls_server: Loaded server_sm2
+
+I (3535) wolfssl: Loading key info...
+I (3535) wolfssl: wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
+I (3545) wolfssl: wolfSSL Entering PemToDer
+I (3555) wolfssl: wolfSSL Entering GetAlgoId
+I (3555) wolfssl: wolfSSL Entering GetObjectId
+I (3565) wolfssl: wolfSSL Entering GetAlgoId
+I (3565) wolfssl: wolfSSL Entering GetObjectId
+I (3575) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1
+I (3575) tls_server: Loaded PrivateKey_buffer server_sm2_priv
+
+I (3585) wolfssl: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
+I (3595) wolfssl: Processing CA PEM file
+I (3595) wolfssl: wolfSSL Entering PemToDer
+I (3605) wolfssl: Adding a CA
+I (3605) wolfssl: wolfSSL Entering GetExplicitVersion
+I (3615) wolfssl: wolfSSL Entering wc_GetSerialNumber
+I (3615) wolfssl: Got Cert Header
+I (3625) wolfssl: wolfSSL Entering GetObjectId
+I (3625) wolfssl: Got Algo ID
+I (3635) wolfssl: Getting Name
+I (3635) wolfssl: Getting Cert Name
+I (3635) wolfssl: Getting Name
+I (3645) wolfssl: Getting Cert Name
+I (3645) wolfssl: Got Subject Name
+I (3655) wolfssl: wolfSSL Entering GetAlgoId
+I (3655) wolfssl: wolfSSL Entering GetObjectId
+I (3665) wolfssl: wolfSSL Entering GetObjectId
+I (3665) wolfssl: Got Key
+I (3665) wolfssl: Parsed Past Key
+I (3675) wolfssl: wolfSSL Entering DecodeCertExtensions
+I (3675) wolfssl: wolfSSL Entering GetObjectId
+I (3685) wolfssl: wolfSSL Entering DecodeSubjKeyId
+I (3685) wolfssl: wolfSSL Entering GetObjectId
+I (3695) wolfssl: wolfSSL Entering DecodeAuthKeyId
+I (3705) wolfssl: wolfSSL Entering GetObjectId
+I (3705) wolfssl: wolfSSL Entering DecodeBasicCaConstraint
+I (3715) wolfssl: wolfSSL Entering GetObjectId
+I (3715) wolfssl: wolfSSL Entering DecodeAltNames
+I (3725) wolfssl:       Unsupported name type, skipping
+I (3725) wolfssl: wolfSSL Entering GetObjectId
+I (3735) wolfssl: wolfSSL Entering DecodeExtKeyUsage
+I (3735) wolfssl: wolfSSL Entering GetObjectId
+I (3745) wolfssl: wolfSSL Entering GetObjectId
+I (3745) wolfssl: wolfSSL Entering GetObjectId
+I (3755) wolfssl:       Parsed new CA
+I (3755) wolfssl:       No key size check done on CA
+I (3765) wolfssl:       Freeing Parsed CA
+I (3765) wolfssl:       Freeing der CA
+I (3775) wolfssl:               OK Freeing der CA
+I (3775) wolfssl: wolfSSL Leaving AddCA, return 0
+I (3785) wolfssl:    Processed a CA
+I (3785) wolfssl: Processed at least one valid CA. Other stuff OK
+I (3795) wolfssl: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1
+I (3795) tls_server: Success: load verify buffer
+
+I (3805) tls_server: Finish SM2
+
+I (3805) tls_server: accept clients...
+I (3815) wolfssl: Waiting for a connection...
+I (14485) wolfssl: wolfSSL Entering wolfSSL_new
+I (14495) wolfssl: wolfSSL Entering ReinitSSL
+I (14495) wolfssl: wolfSSL Entering SetSSL_CTX
+I (14495) wolfssl: wolfSSL Entering wolfSSL_NewSession
+I (14505) wolfssl: wolfSSL Leaving wolfSSL_new, return 0
+I (14505) wolfssl: wolfSSL Entering wolfSSL_set_fd
+I (14515) wolfssl: wolfSSL Entering wolfSSL_set_read_fd
+I (14515) wolfssl: wolfSSL Leaving wolfSSL_set_read_fd, return 1
+I (14525) wolfssl: wolfSSL Entering wolfSSL_set_write_fd
+I (14535) wolfssl: wolfSSL Leaving wolfSSL_set_write_fd, return 1
+I (14535) wolfssl: wolfSSL Entering wolfSSL_accept
+I (14545) wolfssl: wolfSSL Entering ReinitSSL
+I (14545) wolfssl: growing input buffer
+I (14555) wolfssl: received record layer msg
+I (14555) wolfssl: got HANDSHAKE
+I (14565) wolfssl: wolfSSL Entering wolfSSL_get_options
+I (14565) wolfssl: wolfSSL Entering DoTls13HandShakeMsg
+I (14575) wolfssl: wolfSSL Entering DoTls13HandShakeMsgType
+I (14575) wolfssl: processing client hello
+I (14585) wolfssl: wolfSSL Entering DoTls13ClientHello
+I (14595) wolfssl: wolfSSL Entering DoClientHello
+I (14595) wolfssl:     downgrading to TLSv1.2
+I (14605) wolfssl: Matched No Compression
+I (14605) wolfssl: Adding signature algorithms extension
+I (14615) wolfssl: Signature Algorithms extension received
+I (14615) wolfssl: Point Formats extension received
+I (14625) wolfssl: Supported Groups extension received
+I (14625) wolfssl: Unknown TLS extension type
+I (14635) wolfssl: Unknown TLS extension type
+I (14635) wolfssl: wolfSSL Entering MatchSuite
+I (14645) wolfssl: wolfSSL Entering VerifyServerSuite
+I (14645) wolfssl: Requires ECC
+I (14655) wolfssl: Verified suite validity
+I (14655) wolfssl: wolfSSL Leaving DoClientHello, return 0
+I (14665) wolfssl: wolfSSL Leaving DoTls13ClientHello, return 0
+I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
+I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsg, return 0
+I (14685) wolfssl: Shrinking input buffer
+I (14685) wolfssl: accept state ACCEPT_CLIENT_HELLO_DONE
+I (14695) wolfssl: accept state ACCEPT_FIRST_REPLY_DONE
+I (14705) wolfssl: wolfSSL Entering SendServerHello
+I (14705) wolfssl: growing output buffer
+I (14715) internal.c: GrowOutputBuffer ok
+I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
+I (14725) wolfssl: Point Formats extension to write
+W (14735) wolfio: ssl->wflags = 0
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
+I (14765) wolfio: 06 00 0b 00 02 01 00 
+W (14775) wolfio: sz          = 87
+I (14775) wolfssl: Shrinking output buffer
+I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
+I (14785) wolfssl: accept state SERVER_HELLO_SENT
+I (14795) wolfssl: wolfSSL Entering SendCertificate
+I (14795) wolfssl: growing output buffer
+I (14805) internal.c: GrowOutputBuffer ok
+W (14815) wolfio: ssl->wflags = 0
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+W (15135) wolfio: sz          = 747
+I (15135) wolfssl: Shrinking output buffer
+I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
+I (15145) wolfssl: accept state CERT_SENT
+I (15155) wolfssl: wolfSSL Entering SendCertificateStatus
+I (15155) wolfssl: wolfSSL Leaving SendCertificateStatus, return 0
+I (15165) wolfssl: accept state CERT_STATUS_SENT
+I (15165) wolfssl: wolfSSL Entering SendServerKeyExchange
+I (15175) wolfssl: Using ephemeral ECDH
+I (15175) wolfssl: wolfSSL Entering EccMakeKey
+I (15535) wolfssl: wolfSSL Leaving EccMakeKey, return 0
+I (15535) wolfssl: Trying ECC private key, RSA didn't work
+I (15535) wolfssl: wolfSSL Entering GetAlgoId
+I (15545) wolfssl: wolfSSL Entering GetObjectId
+I (15555) wolfssl: Using ECC private key
+I (15555) wolfssl: wolfSSL Entering Sm2wSm3Sign
+I (15915) wolfssl: wolfSSL Leaving Sm2wSm3Sign, return 0
+I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
+I (15925) wolfssl: growing output buffer
+I (15925) internal.c: GrowOutputBuffer ok
+W (15925) wolfio: ssl->wflags = 0
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+W (15995) wolfio: sz          = 154
+I (16005) wolfssl: Shrinking output buffer
+I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
+I (16015) wolfssl: accept state KEY_EXCHANGE_SENT
+I (16025) wolfssl: accept state CERT_REQ_SENT
+I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
+I (16035) wolfssl: growing output buffer
+I (16035) internal.c: GrowOutputBuffer ok
+W (16045) wolfio: ssl->wflags = 0
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+W (16045) wolfio: sz          = 9
+I (16055) wolfssl: Embed Send error
+I (16055) wolfssl:      Connection reset
+I (16065) int: Sent = -3
+W (16065) int: WOLFSSL_CBIO_ERR_CONN_RST
+E (16075) int: SOCKET_ERROR_E 2
+I (16075) wolfssl: wolfSSL Leaving SendServerHelloDone, return -308
+I (16085) wolfssl: wolfSSL error occurred, error = -308
+I (16085) wolfssl: wolfSSL Entering wolfSSL_get_error
+I (16095) wolfssl: wolfSSL Leaving wolfSSL_get_error, return -308
+E (16085) tls_server: wolfSSL_accept error -308
+I (16105) wolfssl: Client connected successfully
+I (16105) wolfssl: wolfSSL Entering wolfSSL_read
+I (16115) wolfssl: wolfSSL Entering wolfSSL_read_internal
+I (16125) wolfssl: wolfSSL Entering ReceiveData
+I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
+I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
+E (16145) tls_server: ERROR: failed to read
+I (16145) wolfssl: Client sends:
+I (16145) wolfssl: 
+I (16155) wolfssl: wolfSSL Entering wolfSSL_write
+I (16155) wolfssl: handshake not complete, trying to finish
+I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
+I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
+I (16175) wolfssl: wolfSSL Entering ReinitSSL
+W (16185) wolfio: ssl->wflags = 0
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+W (16185) wolfio: sz          = 9
+I (16195) wolfssl: Embed Send error
+I (16195) wolfssl:      General error
+I (16205) int: Sent = -1
+E (16205) int: SOCKET_ERROR_E
+I (16205) wolfssl: wolfSSL error occurred, error = -308
+I (16215) wolfssl: wolfSSL Leaving wolfSSL_negotiate, return -1
+I (16225) wolfssl: wolfSSL Leaving wolfSSL_write, return -1
+E (16225) tls_server: ERROR: failed to write
+I (16235) wolfssl: wolfSSL Entering wolfSSL_free
+I (16235) wolfssl: Free'ing server ssl
+I (16245) wolfssl: Shrinking output buffer
+I (16245) wolfssl: wolfSSL Entering ClientSessionToSession
+I (16255) wolfssl: wolfSSL Entering wolfSSL_FreeSession
+I (16255) wolfssl: wolfSSL_FreeSession full free
+I (16265) wolfssl: CTX ref count not 0 yet, no free
+I (16265) wolfssl: wolfSSL Leaving wolfSSL_free, return 0
+I (16275) wolfssl: Waiting for a connection...
+```
+
+### Wireshark:
+
+![wireshark](./wireshark.png)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md

@@ -0,0 +1,52 @@
+# wolfSSL Project Files for Visual Studio 2022 with VisualGDB Extension
+
+Include in the respective project `./VisualGDB` directory are [VisualGDB](https://visualgdb.com/) project files.
+Individual project files are included for convenience to new users, as there are [difficulties switching between ESP-IDF Versions or Chipsets](https://sysprogs.com/w/forums/topic/difficulties-switching-espressif-esp-idf-version-or-chipset/) using the VisualGDB extension.
+
+The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project.
+
+
+-------- |------------- |------------- |
+ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.0 |
+-------- |------------- |------------- |
+ESP32    |      x       |              |
+ESP32-S2 |              |              |
+ESP32-S3 |      x       |      x       |
+ESP32-C3 |      x       |      x       |
+ESP32-C6 |              |              |
+
+
+The default directories are:
+
+- `C:\SysGCC` - The root directory install of VisualGDB
+- `C:\SysGCC\esp32` - The default for ESP-IDF v5.x
+- `C:\SysGCC\esp32-8.4` - Many need to manually select this name for ESP-IDF v4.x install
+- `C:\SysGCC\esp8266`- The default for ESP8266
+
+## Resources
+
+- [wolfSSL Website](https://www.wolfssl.com/)
+
+- [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
+
+- [FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips)
+
+- [wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html)
+
+- [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
+
+- [wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
+
+- [wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
+
+- [TLS 1.3](https://www.wolfssl.com/docs/tls13/)
+
+- [wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)
+
+- [Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)
+
+## Support
+
+For questions please email [support@wolfssl.com](mailto:support@wolfssl.com)
+
+<--  edit 5.6.0001 see https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB -->

IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln

@@ -1,9 +1,9 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.33027.164
+# Visual Studio Version 17
+VisualStudioVersion = 17.7.34031.279
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "VisualGDB_wolfssl_server", "VisualGDB_wolfssl_server.vgdbproj", "{CD5A90CA-2D40-461A-A0C3-27654371BB00}"
+Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "wolfssl_server_IDF_v5_ESP32", "wolfssl_server_IDF_v5_ESP32.vgdbproj", "{CD5A90CA-2D40-461A-A0C3-27654371BB00}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -26,6 +26,6 @@ Global
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {719A8CBE-E881-4B20-89F3-9910520E1067}
+		SolutionGuid = {8024AC13-8021-400B-976F-30C392D5BBD3}
 	EndGlobalSection
 EndGlobal

IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj

@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<VisualGDBProjectSettings2 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <Project xsi:type="com.visualgdb.project.external.esp-idf">
     <CustomSourceDirectories>
       <Directories />
@@ -18,9 +18,9 @@
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
-        <GCC>8.4.0</GCC>
-        <GDB>8.1.0</GDB>
-        <Revision>9</Revision>
+        <GCC>12.2.0</GCC>
+        <GDB>12.1</GDB>
+        <Revision>1</Revision>
       </Version>
     </ToolchainID>
     <RelativeSourceDirectory>..</RelativeSourceDirectory>
@@ -67,11 +67,11 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
         <IDFCheckout>
-          <Version>v4.4.1</Version>
-          <Subdirectory>esp-idf/v4.4.1</Subdirectory>
+          <Version>release/v5.1</Version>
+          <Subdirectory>esp-idf/v5.1</Subdirectory>
           <Type>ESPIDF</Type>
         </IDFCheckout>
-        <COMPort>COM20</COMPort>
+        <COMPort>COM19</COMPort>
         <SuppressTestPrerequisiteChecks>false</SuppressTestPrerequisiteChecks>
         <UseCCache>false</UseCCache>
         <DeviceID>ESP32</DeviceID>
@@ -93,7 +93,7 @@
   </CustomDebug>
   <DeviceTerminalSettings>
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM20</ComPortName>
+      <ComPortName>COM19</ComPortName>
       <AdvancedSettings>
         <BaudRate>115200</BaudRate>
         <DataBits>8</DataBits>
@@ -104,7 +104,7 @@
     </Connection>
     <LastConnectionTime>0</LastConnectionTime>
     <EchoTypedCharacters>false</EchoTypedCharacters>
-    <ClearContentsWhenReconnecting>false</ClearContentsWhenReconnecting>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
     <ReconnectAutomatically>false</ReconnectAutomatically>
     <DisplayMode>ASCII</DisplayMode>
     <Colors>
@@ -220,7 +220,7 @@
     <DebugMethod>
       <ID>openocd</ID>
       <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp32">
-        <CommandLine>-f interface/tigard.cfg -c "adapter_khz 3000" -f target/esp32.cfg</CommandLine>
+        <CommandLine>-f interface/ftdi/tigard.cfg -c "adapter_khz 15000" -f interface/ftdi/tigard.cfg -f target/esp32.cfg</CommandLine>
         <ExtraParameters>
           <Frequency xsi:nil="true" />
           <BoostedFrequency xsi:nil="true" />
@@ -252,7 +252,7 @@
       </Configuration>
     </DebugMethod>
     <AutoDetectRTOS>true</AutoDetectRTOS>
-    <SemihostingSupport>Auto</SemihostingSupport>
+    <SemihostingSupport>Disabled</SemihostingSupport>
     <SemihostingPollingDelay>0</SemihostingPollingDelay>
     <StepIntoEntryPoint>false</StepIntoEntryPoint>
     <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt

@@ -17,206 +17,437 @@
 #  along with this program; if not, write to the Free Software
 #  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
-# cmake for wolfssl
+# cmake for wolfssl Espressif projects
 #
-cmake_minimum_required(VERSION 3.5)
+# Version 5.6.0.011 for detect test/benchmark
+#
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
+#
+
+cmake_minimum_required(VERSION 3.16)
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 set(CMAKE_CURRENT_SOURCE_DIR ".")
+set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# We are currently in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
-# The root of wolfSSL is 7 directories up from here:
-get_filename_component(WOLFSSL_ROOT  "../../../../../../../" ABSOLUTE)
-
-# Espressif may take several passes through this makefile. Check to see if we found IDF
-string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
-
-if($WOLFSSL_FOUND_IDF)
-    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
-    message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}")
-    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
-endif()
-
-# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
-FILE(GLOB EXCLUDE_ASM *.S)
-file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
-
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
-    message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}")
-endif()
-
-set(INCLUDE_PATH ${WOLFSSL_ROOT})
-
-set(COMPONENT_SRCDIRS "${WOLFSSL_ROOT}/src/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/benchmark/"
-                        "${WOLFSSL_ROOT}/wolfcrypt/test/"
-                        )
-
-set(COMPONENT_REQUIRES lwip)
-
-
-# check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-    #
-    # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
-    #
-    message(STATUS "")
-    message(STATUS "**************************************************************************************")
-    message(STATUS "")
-    message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH")
-    message(STATUS "")
-    message(STATUS "To proceed: ")
-    message(STATUS "")
-    message(STATUS "Remove either the local project component: ${CMAKE_HOME_DIRECTORY}/components/wolfssl/ ")
-    message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
-    message(STATUS "")
-    message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
-    message(STATUS "")
-    message(STATUS "**************************************************************************************")
-    message(STATUS "")
-
-    # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
-
-else()
-    if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-        #
-        # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup.
-        #
-        message(STATUS "")
-        message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}")
-        message(STATUS "")
+# find the user name to search for possible "wolfssl-username"
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
     else()
-        #
-        # wolfSSL is not an ESP-IDF component. We need to now determine if it is local and if so if it is part of the wolfSSL repo
-        # or if  wolfSSL is simply installed as a local component.
-        #
-        if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" )
-            #
-            # wolfSSL found in local project.
-            #
-            if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/include/" )
-                message(STATUS "")
-                message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = $ENV{CMAKE_HOME_DIRECTORY}")
-                message(STATUS "")
-                #
-                # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components.
-                #
-                # We won't do anything else here, as it will be assumed the original install completed successfully.
-                #
-            else()
-                #
-                # This is the developer repo mode. wolfSSL will be assume to be not installed to ESP-IDF nor local project
-                # In this configuration, we are likely running a wolfSSL example found directly in the repo.
-                #
-                message(STATUS "")
-                message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = $ENV{CMAKE_HOME_DIRECTORY}")
-                message(STATUS "")
-
-                message(STATUS "************************************************************************************************")
-                # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories.
-                # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed.
-                #
-                # first check if there's a [root]/include/user_settings.h
-                if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" )
-                    # we won't overwrite an existing user settings file, just note that we already have one:
-                    message(STATUS "Found wolfSSL user_settings.h in ${WOLFSSL_ROOT}/include/user_settings.h")
-                else()
-                    message(STATUS "Installing wolfSSL user_settings.h to ${WOLFSSL_ROOT}/include/user_settings.h")
-                    file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" DESTINATION "${WOLFSSL_ROOT}/include/")
-                endif() # user_settings.h
-
-                # next check if there's a [root]/include/config.h
-                if( EXISTS "${WOLFSSL_ROOT}/include/config.h" )
-                    message(STATUS "Found wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h")
-                else()
-                    message(STATUS "Installing wolfSSL config.h to ${WOLFSSL_ROOT}/include/config.h")
-                    file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_ROOT}/include/")
-                    file(RENAME "${WOLFSSL_ROOT}/include/dummy_config_h" "${WOLFSSL_ROOT}/include/config.h")
-                endif() # config.h
-                message(STATUS "************************************************************************************************")
-                message(STATUS "")
-            endif()
-
-        else()
-            # we did not find a ./components/wolfssl/include/ directory from this pass of cmake.
-            if($WOLFSSL_FOUND_IDF)
-                message(STATUS "")
-                message(STATUS "WARNING: wolfSSL not found.")
-                message(STATUS "")
-            else()
-                # probably needs to be re-parsed by Espressif
-                message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}")
-            endif() # else we have not found ESP-IDF yet
-        endif() # else not a local wolfSSL component
-
-    endif() #else not an ESP-IDF component
-endif() # else not local copy and EDP-IDF wolfSSL
-
-
-# RTOS_IDF_PATH is typically:
-# "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos"
-# depending on the environment, we may need to swap backslashes with forward slashes
-string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos")
-
-# ESP-IDF after version 4.4x has a different RTOS directory structure
-string(REPLACE "\\" "/" RTOS_IDF_PATH5 "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
-
-if(IS_DIRECTORY ${IDF_PATH}/components/freertos/FreeRTOS-Kernel/)
-    set(COMPONENT_ADD_INCLUDEDIRS
-        "."
-       "${WOLFSSL_ROOT}/include"
-       "${RTOS_IDF_PATH5}"
-       "${WOLFSSL_ROOT}"
-       )
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
 else()
-
-   set(COMPONENT_ADD_INCLUDEDIRS
-       "."
-       "${WOLFSSL_ROOT}/include"
-       "${RTOS_IDF_PATH}"
-       "${WOLFSSL_ROOT}"
-      )
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
 endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
 
-if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
-    list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
-endif()
 
-set(COMPONENT_SRCEXCLUDE
-    "${WOLFSSL_ROOT}/src/bio.c"
-    "${WOLFSSL_ROOT}/src/conf.c"
-    "${WOLFSSL_ROOT}/src/misc.c"
-    "${WOLFSSL_ROOT}/src/pk.c"
-    "${WOLFSSL_ROOT}/src/ssl_misc.c" # included by ssl.c
-    "${WOLFSSL_ROOT}/src/x509.c"
-    "${WOLFSSL_ROOT}/src/x509_str.c"
-    "${WOLFSSL_ROOT}/wolfcrypt/src/evp.c"
-    "${WOLFSSL_ROOT}/wolfcrypt/src/misc.c"
-    "${EXCLUDE_ASM}"
-    )
+# COMPONENT_NAME = wolfssl
+# The component name is the directory name. "No feature to change this".
+# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
+
+# set the root of wolfSSL in top-level project CMakelists.txt:
+#   set(WOLFSSL_ROOT  "C:/some path/with/spaces")
+#   set(WOLFSSL_ROOT  "c:/workspace/wolfssl-[username]")
+#   set(WOLFSSL_ROOT  "/mnt/c/some path/with/spaces")
+#   or use this logic to assign value from Environment Variable WOLFSSL_ROOT,
+#   or assume this is an example 7 subdirectories below:
+
+# We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
+# The root of wolfSSL is 7 directories up from here:
+
+# function: IS_WOLFSSL_SOURCE
+#  parameter: DIRECTORY_PARAMETER - the directory to test
+#  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
+function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+    if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
+        set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
+    else()
+        set(${RESULT} "" PARENT_SCOPE)
+    endif()
+endfunction()
+
+# function: FIND_WOLFSSL_DIRECTORY
+#  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
+#
+function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
+    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    else()
+        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        else()
+            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+            message(STATUS "$ENV{WOLFSSL_ROOT}")
+        endif()
+    endif()
+
+    # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+    message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+    get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+    message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+    string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+
+    # loop through all the parents, looking for wolfssl
+    while(NOT CURRENT_SEARCH_DIR STREQUAL "/" AND NOT CURRENT_SEARCH_DIR STREQUAL "" )
+        string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+        # wolfSSL may simply be in a parent directory, such as for local examples in wolfssl repo
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        if( THIS_USER )
+            # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+
+            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        # Next check for no user suffix "wolfssl" subdirectory as we recurse up the directory tree
+        set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+        # if(EXISTS ${CURRENT_SEARCH_DIR} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR} AND EXISTS "${CURRENT_SEARCH_DIR}/wolfcrypt/src")
+        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+        if ( FOUND_WOLFSSL )
+            message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
+        endif()
+
+        # Move up one directory level
+        set(PRIOR_SEARCH_DIR "${CURRENT_SEARCH_DIR}")
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
+        message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+        if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
+            # when the search directory is empty, we'll give up
+            set(CURRENT_SEARCH_DIR "")
+        endif()
+    endwhile()
+
+    # If not found, set the output variable to empty before exiting
+    set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} "" PARENT_SCOPE)
+endfunction()
+
+
+# Example usage:
+
+
+
+
+if(CMAKE_BUILD_EARLY_EXPANSION)
+    message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
+    idf_component_register(
+                            REQUIRES "${COMPONENT_REQUIRES}"
+                            PRIV_REQUIRES # esp_hw_support
+                                          esp_timer
+                                          driver # this will typically only be needed for wolfSSL benchmark
+                           )
+
+else()
+    # not CMAKE_BUILD_EARLY_EXPANSION
+    message(STATUS "************************************************************************************************")
+    message(STATUS "wolfssl component config:")
+    message(STATUS "************************************************************************************************")
+
+    # search for wolfSSL
+    FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    if(WOLFSSL_ROOT)
+        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        message(STATUS "NEW wolfssl directory not found.")
+        # Abort. We need wolfssl _somewhere_.
+        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
+                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+    endif()
+
+    set(INCLUDE_PATH ${WOLFSSL_ROOT})
+
+    set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+    endif()
+
+    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
+        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    endif()
+
+    set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
+                          "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
+                         ) # COMPONENT_SRCDIRS
+
+    message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
+
+    set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+
+
+    # Espressif may take several passes through this makefile. Check to see if we found IDF
+    string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
+
+    # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
+    file(GLOB EXCLUDE_ASM *.S)
+    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+
+    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
+    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
+    message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}")
+
+    #
+    # Check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components.
+    #
+    if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+        #
+        # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
+        #
+        message(STATUS "")
+        message(STATUS "**************************************************************************************")
+        message(STATUS "")
+        message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH")
+        message(STATUS "")
+        message(STATUS "To proceed: ")
+        message(STATUS "")
+        message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
+        message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
+        message(STATUS "")
+        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
+        message(STATUS "")
+        message(STATUS "**************************************************************************************")
+        message(STATUS "")
+
+        # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
+
+    else()
+        if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+            #
+            # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup.
+            #
+            message(STATUS "")
+            message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}")
+            message(STATUS "")
+        else()
+            #
+            # wolfSSL is not an ESP-IDF component.
+            # We need to now determine if it is local and if so if it is part of the wolfSSL repo,
+            # or if  wolfSSL is simply installed as a local component.
+            #
+
+            if( EXISTS "${WOLFSSL_PROJECT_DIR}" )
+                #
+                # wolfSSL found in local project.
+                #
+                if( EXISTS "${WOLFSSL_PROJECT_DIR}/wolfcrypt/" )
+                    message(STATUS "")
+                    message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
+                    message(STATUS "")
+                    #
+                    # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components.
+                    #
+                    # We won't do anything else here, as it will be assumed the original install completed successfully.
+                    #
+                else() # full wolfSSL not installed in local project
+                    #
+                    # This is the developer repo mode. wolfSSL will be assumed to be not installed to ESP-IDF nor local project
+                    # In this configuration, we are likely running a wolfSSL example found directly in the repo.
+                    #
+                    message(STATUS "")
+                    message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
+                    message(STATUS "")
+
+                    message(STATUS "************************************************************************************************")
+                    # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories.
+                    # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed.
+                    #
+                    # first check if there's a [root]/include/user_settings.h
+                    if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" )
+                        message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
+                                            "${WOLFSSL_ROOT}/include/user_settings.h "
+                                            " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                    else()
+                        # we won't overwrite an existing user settings file, just note that we already have one:
+                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
+                            message(STATUS "Using existing wolfSSL user_settings.h in "
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                        else()
+                            message(STATUS "Installing wolfSSL user_settings.h to "
+                                            "${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+                            file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h"
+                            DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/")
+                        endif()
+                    endif() # user_settings.h
+
+                    # next check if there's a [root]/include/config.h
+                    if( EXISTS "${WOLFSSL_ROOT}/include/config.h" )
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h"              )
+                        message(STATUS "  Please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h"                   )
+                        message(STATUS "******************************************************************************")
+                        message(STATUS "******************************************************************************")
+                    else()
+                        # we won't overwrite an existing user settings file, just note that we already have one:
+                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" )
+                            message(STATUS "Using existing wolfSSL config.h           ${WOLFSSL_PROJECT_DIR}/include/config.h")
+                        else()
+                            message(STATUS "Installing wolfSSL config.h to            ${WOLFSSL_PROJECT_DIR}/include/config.h")
+                            file(COPY   "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_PROJECT_DIR}/include/")
+                            file(RENAME "${WOLFSSL_PROJECT_DIR}/include/dummy_config_h" "${WOLFSSL_PROJECT_DIR}/include/config.h")
+                        endif() # Project config.h
+                    endif() # WOLFSSL_ROOT config.h
+                    message(STATUS "************************************************************************************************")
+                    message(STATUS "")
+                endif()
+
+            else()
+                # we did not find a ./components/wolfssl/include/ directory from this pass of cmake.
+                if($WOLFSSL_FOUND_IDF)
+                    message(STATUS "")
+                    message(STATUS "WARNING: wolfSSL not found.")
+                    message(STATUS "")
+                else()
+                    # probably needs to be re-parsed by Espressif
+                    message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}")
+                endif() # else we have not found ESP-IDF yet
+            endif() # else not a local wolfSSL component
+
+        endif() #else not an ESP-IDF component
+    endif() # else not local copy and EDP-IDF wolfSSL
+
+
+    # RTOS_IDF_PATH is typically:
+    # "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos"
+    # depending on the environment, we may need to swap backslashes with forward slashes
+    string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
+
+    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+
+    if(IS_DIRECTORY "${RTOS_IDF_PATH}")
+        message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
+    else()
+        # ESP-IDF prior version 4.4x has a different RTOS directory structure
+        string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos")
+        if(IS_DIRECTORY "${RTOS_IDF_PATH}")
+            message(STATUS "Found legacy RTOS path: ${RTOS_IDF_PATH}")
+        else()
+            message(STATUS "Could not find RTOS path")
+        endif()
+    endif()
+
+
+    set(COMPONENT_ADD_INCLUDEDIRS
+        "./include" # this is the location of wolfssl user_settings.h
+        "\"${WOLFSSL_ROOT}/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${RTOS_IDF_PATH}/\""
+        )
+
+
+    if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
+        list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
+    endif()
+
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/\"")
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
+
+
+
+    set(COMPONENT_SRCEXCLUDE
+        "\"${WOLFSSL_ROOT}/src/bio.c\""
+        "\"${WOLFSSL_ROOT}/src/conf.c\""
+        "\"${WOLFSSL_ROOT}/src/misc.c\""
+        "\"${WOLFSSL_ROOT}/src/pk.c\""
+        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/x509.c\""
+        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_armthumb.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c32.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_c64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${EXCLUDE_ASM}\""
+        )
+
+    spaces2list(COMPONENT_REQUIRES)
+
+    separate_arguments(COMPONENT_SRCDIRS NATIVE_COMMAND "${COMPONENT_SRCDIRS}")
+    separate_arguments(COMPONENT_SRCEXCLUDE NATIVE_COMMAND "${COMPONENT_SRCEXCLUDE}")
+    separate_arguments(COMPONENT_ADD_INCLUDEDIRS NATIVE_COMMAND "${COMPONENT_ADD_INCLUDEDIRS}")
+
+    #
+    # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#example-component-requirements
+    #
+    message(STATUS "COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
+    message(STATUS "COMPONENT_ADD_INCLUDEDIRS = ${COMPONENT_ADD_INCLUDEDIRS}")
+    message(STATUS "COMPONENT_REQUIRES = ${COMPONENT_REQUIRES}")
+    message(STATUS "COMPONENT_SRCEXCLUDE = ${COMPONENT_SRCEXCLUDE}")
+
+    #
+    # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
+    #
+    set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
+    idf_component_register(
+                            SRC_DIRS "${COMPONENT_SRCDIRS}"
+                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                            REQUIRES "${COMPONENT_REQUIRES}"
+                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                           )
+    # some optional diagnostics
+    if (1)
+        get_cmake_property(_variableNames VARIABLES)
+        list (SORT _variableNames)
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES BEGIN")
+        message(STATUS "")
+        foreach (_variableName ${_variableNames})
+            message(STATUS "${_variableName}=${${_variableName}}")
+        endforeach()
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES END")
+        message(STATUS "")
+    endif()
+
+    # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+
+endif() # CMAKE_BUILD_EARLY_EXPANSION
 
-register_component()
 
-# some optional diagnostics
-if (0)
-    get_cmake_property(_variableNames VARIABLES)
-    list (SORT _variableNames)
-    message(STATUS "")
-    message(STATUS "ALL VARIABLES BEGIN")
-    message(STATUS "")
-    foreach (_variableName ${_variableNames})
-        message(STATUS "${_variableName}=${${_variableName}}")
-    endforeach()
-    message(STATUS "")
-    message(STATUS "ALL VARIABLES END")
-    message(STATUS "")
-endif()
 
 # check to see if there's both a local copy and EDP-IDF copy of the wolfssl components
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
     message(STATUS "")
     message(STATUS "")
     message(STATUS "********************************************************************")
@@ -227,3 +458,69 @@ endif()
 # end multiple component check
 
 
+#
+# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
+#
+# Save the THIS_VAR as a string in a macro called VAR_OUPUT
+#
+# VAR_OUPUT:  the name of the macro to define
+# THIS_VAR:   the OUTPUT_VARIABLE result from a execute_process()
+# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
+#
+function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
+    # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
+    string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
+
+    # if we had a successful operation, save the THIS_VAR in VAR_OUPUT
+    if(${IS_VALID_VALUE})
+        # strip newline chars in THIS_VAR parameter and save in VAR_VALUE
+        string(REPLACE "\n" ""  VAR_VALUE  ${THIS_VAR})
+
+        # we'll could percolate the value to the parent for possible later use
+        # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
+
+        # but we're only using it here in this function
+        set(${VAR_OUPUT} ${VAR_VALUE})
+
+        # we'll print what we found to the console
+        message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
+
+        # the interesting part is defining the VAR_OUPUT name a value to use in the app
+        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+    else()
+        # if we get here, check the execute_process command and parameters.
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        set(${VAR_OUPUT} "Unknown")
+    endif()
+endfunction() # LIBWOLFSSL_SAVE_INFO
+
+# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
+# see wolfcrypt\src\port\Espressif\esp32_utl.c
+if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+    set (git_cmd "git")
+    message(STATUS "Adding macro definitions:")
+
+    # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
+
+    message(STATUS "************************************************************************************************")
+    message(STATUS "wolfssl component config complete!")
+    message(STATUS "************************************************************************************************")
+endif()

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h

@@ -0,0 +1,435 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This user_settings.h is for Espressif ESP-IDF */
+#include <sdkconfig.h>
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/*
+ * choose ONE of these Espressif chips to define:
+ *
+ * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
+ * WOLFSSL_ESP8266
+ */
+#undef WOLFSSL_ESPWROOM32SE
+#undef WOLFSSL_ESP8266
+#undef WOLFSSL_ESP32
+
+#define WOLFSSL_ESP32
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* When you don't want to use the old SHA */
+/* #define NO_SHA */
+/* #define NO_OLD_TLS */
+
+#define BENCH_EMBEDDED
+#define USE_CERT_BUFFERS_2048
+
+/* TLS 1.3                                 */
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define WC_RSA_PSS
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_SUPPORTED_CURVES
+
+#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+#define NO_FILESYSTEM
+
+#define NO_OLD_TLS
+
+#define HAVE_AESGCM
+
+#define WOLFSSL_RIPEMD
+/* when you want to use SHA224 */
+#define WOLFSSL_SHA224
+
+/* when you want to use SHA384 */
+#define WOLFSSL_SHA384
+
+/* when you want to use SHA512 */
+#define WOLFSSL_SHA512
+
+/* when you want to use SHA3 */
+#define WOLFSSL_SHA3
+
+#define HAVE_ED25519 /* ED25519 requires SHA512 */
+
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+
+ #define OPENSSL_EXTRA
+/* when you want to use pkcs7 */
+/* #define HAVE_PKCS7 */
+
+#define HAVE_PKCS7
+
+#if defined(HAVE_PKCS7)
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* when you want to use aes counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* rsa primitive specific definition */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Define USE_FAST_MATH and SMALL_STACK                        */
+    #define ESP32_USE_RSA_PRIMITIVE
+
+    #if defined(CONFIG_IDF_TARGET_ESP32)
+
+        /* NOTE HW unreliable for small values! */
+        /* threshold for performance adjustment for HW primitive use   */
+        /* X bits of G^X mod P greater than                            */
+        #undef  ESP_RSA_EXPT_XBITS
+        #define ESP_RSA_EXPT_XBITS 32
+
+        /* X and Y of X * Y mod P greater than                         */
+        #undef  ESP_RSA_MULM_BITS
+        #define ESP_RSA_MULM_BITS  16
+
+    #endif
+#endif
+
+#define RSA_LOW_MEM
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
+#define ESP_RSA_TIMEOUT_CNT    0x249F00
+
+#define HASH_SIZE_LIMIT /* for test.c */
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef USE_FAST_MATH          */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+
+#define WOLFSSL_SMALL_STACK
+
+
+#define HAVE_VERSION_EXTENDED_INFO
+/* #define HAVE_WC_INTROSPECTION */
+
+#define  HAVE_SESSION_TICKET
+
+/* #define HAVE_HASHDRBG */
+
+#define WOLFSSL_KEY_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_SYS_CA_CERTS
+
+
+#define WOLFSSL_CERT_TEXT
+
+#define WOLFSSL_ASN_TEMPLATE
+
+/*
+#undef  WOLFSSL_KEY_GEN
+#undef  WOLFSSL_CERT_REQ
+#undef  WOLFSSL_CERT_GEN
+#undef  WOLFSSL_CERT_EXT
+#undef  WOLFSSL_SYS_CA_CERTS
+*/
+
+/*
+--enable-keygen
+--enable-certgen
+--enable-certreq
+--enable-certext
+--enable-asn-template
+*/
+
+/* Default is HW enabled unless turned off.
+** Uncomment these lines to force SW instead of HW acceleration */
+
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    /*  TODO: Revisit ESP8266 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
+#else
+    /* Anything else encountered, disable HW accleration */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+/* Debug options:
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+*/
+
+#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+#define WOLFSSL_HW_METRICS
+
+/* #define HASH_SIZE_LIMIT */ /* for test.c */
+
+/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+#define WOLFSSL_PUBLIC_MP /* used by benchmark */
+#define USE_CERT_BUFFERS_2048
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #define USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_256
+    #define CTX_CA_CERT          ca_cert_der_2048
+    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+    #define CTX_SERVER_CERT      server_cert_der_2048
+    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+    #define CTX_SERVER_KEY       server_key_der_2048
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+#endif

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt

@@ -1,12 +1,36 @@
-
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.0
 #
 # wolfssl server test
 #
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-set(COMPONENT_SRCS "server-tls.c" "wifi_connect.c")
-set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
-
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message("Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message("Detected UNIX")
+endif()
+if(APPLE)
+    message("Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message("Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message("Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message("Detected Apple")
+endif()
 set (git_cmd "git")
 
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -19,8 +43,14 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
-
-register_component()
+## register_component()
+idf_component_register(SRCS main.c
+                            wifi_connect.c
+                            time_helper.c
+                            server-tls.c
+                       INCLUDE_DIRS "."
+                                    "./include")
+#
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -73,3 +103,4 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION)
 endif()
 
 message(STATUS "")
+

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild

@@ -0,0 +1,9 @@
+menu "Example Configuration"
+
+config WOLFSSL_TARGET_PORT
+    int "Target port"
+    default 11111
+    help
+        Host listening port for the example to connect.
+
+endmenu