Merge pull request #7566 from douzzer/20240521-fix-overshifts

20240521-fix-overshifts
wolfcrypt/src/wc_xmss_impl.c:wc_xmssmt_sign_next_idx(): use (XmssIdx)1, not (word32)1, for a shift-by-height operand;
2024-05-22 07:42:49 +10:00 · 2024-05-21 13:57:40 -05:00 · 2024-05-21 08:47:10 -07:00 · 2024-05-21 08:19:15 -07:00 · 2024-05-21 22:14:24 +10:00 · 2024-05-21 10:00:40 +08:00
418 changed files with 65266 additions and 21433 deletions
--- a/.cyignore
+++ b/.cyignore
@@ -0,0 +1,40 @@
+# wolfSSL folders
+$(SEARCH_wolfssl)/IDE
+$(SEARCH_wolfssl)/examples
+$(SEARCH_wolfssl)/linuxkm
+$(SEARCH_wolfssl)/mcapi
+$(SEARCH_wolfssl)/mplabx
+$(SEARCH_wolfssl)/mqx
+$(SEARCH_wolfssl)/tirtos
+$(SEARCH_wolfssl)/tests
+$(SEARCH_wolfssl)/testsuite
+$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
+$(SEARCH_wolfssl)/zephyr
+
+# wolfSSL files
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
+
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@@ -1,7 +1,16 @@
 name: Async Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  make_check:
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -1,7 +1,16 @@
 name: curl Test

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/disabled/haproxy.yml
+++ b/.github/workflows/disabled/haproxy.yml
@@ -1,7 +1,16 @@
 name: HaProxy Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  haproxy_check:
--- a/.github/workflows/disabled/hostap.yml
+++ b/.github/workflows/disabled/hostap.yml
@@ -1,7 +1,16 @@
 name: hostap and wpa-supplicant Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
@@ -62,7 +71,7 @@ jobs:
        config: [
          {
            hostap_ref: hostap_2_10,
-            hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
            remove_teap: true,
            # TLS 1.3 does not work for this version
            build_id: hostap-build1,
@@ -70,7 +79,7 @@ jobs:
          # Test the dpp patch
          {
            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
-            hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
            build_id: hostap-build2
          },
--- a/.github/workflows/docker-Espressif.yml
+++ b/.github/workflows/docker-Espressif.yml
@@ -1,6 +1,15 @@
 name: Espressif examples tests
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  espressif_latest:
--- a/.github/workflows/docker-OpenWrt.yml
+++ b/.github/workflows/docker-OpenWrt.yml
@@ -2,8 +2,17 @@
 # there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
 name: OpenWrt test

+# START OF COMMON SECTION
 on:
-    workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
    build_library:
--- a/.github/workflows/grpc.yml
+++ b/.github/workflows/grpc.yml
@@ -0,0 +1,101 @@
+name: grpc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir
+          retention-days: 5
+
+  grpc_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - ref: v1.60.0
+            tests: >-
+              bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
+              crl_ssl_transport_security_test server_ssl_test
+              ssl_transport_security_test ssl_transport_security_utils_test
+              test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
+              h2_ssl_cert_test h2_ssl_session_reuse_test
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    needs: build_wolfssl
+    steps:
+      - name: Confirm IPv4 and IPv6 support
+        run: |
+          ip addr list lo | grep 'inet '
+          ip addr list lo | grep 'inet6 '
+
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout grpc
+        uses: actions/checkout@v4
+        with:
+          repository: grpc/grpc
+          path: grpc
+          ref: ${{ matrix.ref }}
+
+      - name: Build grpc
+        working-directory: ./grpc
+        run: |
+          patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
+          git submodule update --init
+          mkdir cmake/build
+          cd cmake/build
+          cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
+            -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
+          make -j $(nproc) ${{ matrix.tests }}
+
+      - name: Run grpc tests
+        working-directory: ./grpc
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ./tools/run_tests/start_port_server.py
+          for t in ${{ matrix.tests }} ; do
+            ./cmake/build/$t
+          done
--- a/.github/workflows/hitch.yml
+++ b/.github/workflows/hitch.yml
@@ -1,7 +1,16 @@
 name: hitch Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config
@@ -0,0 +1,122 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y
+CONFIG_IEEE80211BE=y
--- a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests
--- a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config
@@ -0,0 +1,164 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
--- a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests
+++ b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests
@@ -191,13 +191,7 @@ ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
 ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
 ap_wpa2_psk_supp_proto_too_long_gtk_kde
 ap_wpa2_psk_supp_proto_gtk_not_encrypted
-ap_wpa2_psk_supp_proto_no_igtk
-ap_wpa2_psk_supp_proto_igtk_ok
-ap_wpa2_psk_supp_proto_igtk_keyid_swap
-ap_wpa2_psk_supp_proto_igtk_keyid_too_large
-ap_wpa2_psk_supp_proto_igtk_keyid_unexpected
 ap_wpa2_psk_wep
-ap_wpa2_psk_ifdown
 ap_wpa2_psk_drop_first_msg_4
 ap_wpa2_psk_disable_enable
 ap_wpa2_psk_incorrect_passphrase
@@ -210,10 +204,7 @@ ap_wpa2_disable_eapol_retry
 ap_wpa2_disable_eapol_retry_group
 ap_wpa2_psk_mic_0
 ap_wpa2_psk_local_error
-ap_wpa2_psk_inject_assoc
-ap_wpa2_psk_no_control_port
 ap_wpa2_psk_ap_control_port
-ap_wpa2_psk_ap_control_port_disabled
 ap_wpa2_psk_rsne_mismatch_ap
 ap_wpa2_psk_rsne_mismatch_ap2
 ap_wpa2_psk_rsne_mismatch_ap3
@@ -253,10 +244,8 @@ ap_wpa2_eap_aka_sql
 ap_wpa2_eap_aka_config
 ap_wpa2_eap_aka_ext
 ap_wpa2_eap_aka_ext_auth_fail
-ap_wpa2_eap_aka_prime
 ap_wpa2_eap_aka_prime_imsi_identity
 ap_wpa2_eap_aka_prime_imsi_privacy_key
-ap_wpa2_eap_aka_prime_sql
 ap_wpa2_eap_aka_prime_ext_auth_fail
 ap_wpa2_eap_aka_prime_ext
 ap_wpa2_eap_ttls_pap
@@ -416,19 +405,6 @@ ap_wpa2_radius_server_get_id
 ap_wpa2_eap_tls_tod
 ap_wpa2_eap_tls_tod_tofu
 ap_wpa2_eap_sake_no_control_port
-ap_wpa2_tdls
-ap_wpa2_tdls_concurrent_init
-ap_wpa2_tdls_concurrent_init2
-ap_wpa2_tdls_decline_resp
-ap_wpa2_tdls_long_lifetime
-ap_wpa2_tdls_long_frame
-ap_wpa2_tdls_reneg
-ap_wpa2_tdls_wrong_lifetime_resp
-ap_wpa2_tdls_diff_rsnie
-ap_wpa2_tdls_wrong_tpk_m2_mic
-ap_wpa2_tdls_wrong_tpk_m3_mic
-ap_wpa2_tdls_double_tpk_m2
-ap_wpa2_tdls_responder_teardown
 dpp_network_intro_version
 dpp_network_intro_version_change
 dpp_network_intro_version_missing_req
@@ -459,12 +435,9 @@ dpp_qr_code_curves
 dpp_qr_code_curves_brainpool
 dpp_qr_code_unsupported_curve
 dpp_qr_code_keygen_fail
-dpp_qr_code_curve_select
 dpp_qr_code_auth_broadcast
-dpp_configurator_enrollee
 dpp_configurator_enrollee_prime256v1
 dpp_configurator_enrollee_secp384r1
-dpp_configurator_enrollee_secp521r1
 dpp_configurator_enrollee_brainpoolP256r1
 dpp_configurator_enrollee_brainpoolP384r1
 dpp_configurator_enrollee_brainpoolP512r1
@@ -477,7 +450,6 @@ dpp_qr_code_curve_brainpoolP384r1
 dpp_qr_code_curve_brainpoolP512r1
 dpp_qr_code_set_key
 dpp_qr_code_auth_mutual
-dpp_qr_code_auth_mutual2
 dpp_qr_code_auth_mutual_p_256
 dpp_qr_code_auth_mutual_p_384
 dpp_qr_code_auth_mutual_p_521
@@ -514,13 +486,11 @@ dpp_config_no_signed_connector
 dpp_config_unexpected_signed_connector_char
 dpp_config_root_not_an_object
 dpp_config_no_wi_fi_tech
-dpp_config_unsupported_wi_fi_tech
 dpp_config_no_discovery
 dpp_config_no_discovery_ssid
 dpp_config_too_long_discovery_ssid
 dpp_config_no_cred
 dpp_config_no_cred_akm
-dpp_config_unsupported_cred_akm
 dpp_config_error_legacy_no_pass
 dpp_config_error_legacy_too_long_pass
 dpp_config_error_legacy_psk_with_sae
@@ -531,13 +501,10 @@ dpp_config_connector_error_ext_sign
 dpp_config_connector_error_too_short_timestamp
 dpp_config_connector_error_invalid_timestamp
 dpp_config_connector_error_invalid_timestamp_date
-dpp_config_connector_error_invalid_time_zone
-dpp_config_connector_error_invalid_time_zone_2
 dpp_config_connector_error_expired_1
 dpp_config_connector_error_expired_2
 dpp_config_connector_error_expired_3
 dpp_config_connector_error_expired_4
-dpp_config_connector_error_expired_5
 dpp_config_connector_error_expired_6
 dpp_config_connector_error_no_groups
 dpp_config_connector_error_empty_groups
@@ -565,13 +532,6 @@ dpp_ap_config_p256_bp256
 dpp_ap_config_bp256_p256
 dpp_ap_config_p521_bp512
 dpp_ap_config_reconfig_configurator
-dpp_auto_connect_1
-dpp_auto_connect_2
-dpp_auto_connect_2_connect_cmd
-dpp_auto_connect_2_sta_ver1
-dpp_auto_connect_2_ap_ver1
-dpp_auto_connect_2_ver1
-dpp_auto_connect_2_conf_ver1
 dpp_auto_connect_legacy
 dpp_auto_connect_legacy_ssid_charset
 dpp_auto_connect_legacy_sae_1
@@ -580,13 +540,6 @@ dpp_auto_connect_legacy_psk_sae_1
 dpp_auto_connect_legacy_psk_sae_2
 dpp_auto_connect_legacy_psk_sae_3
 dpp_auto_connect_legacy_pmf_required
-dpp_qr_code_auth_responder_configurator
-dpp_qr_code_auth_responder_configurator_group_id
-dpp_qr_code_auth_enrollee_init_netrole
-dpp_qr_code_hostapd_init
-dpp_qr_code_hostapd_init_offchannel
-dpp_qr_code_hostapd_init_offchannel_neg_freq
-dpp_qr_code_hostapd_ignore_mismatch
 dpp_test_vector_p_256
 dpp_test_vector_p_256_b
 dpp_test_vector_p_521
@@ -603,7 +556,6 @@ dpp_pkex_no_identifier
 dpp_pkex_identifier_mismatch
 dpp_pkex_identifier_mismatch2
 dpp_pkex_identifier_mismatch3
-dpp_pkex_5ghz
 dpp_pkex_test_vector
 dpp_pkex_code_mismatch
 dpp_pkex_code_mismatch_limit
@@ -625,7 +577,6 @@ dpp_pkex_hostapd_errors
 dpp_pkex_nak_curve_change
 dpp_pkex_nak_curve_change2
 dpp_hostapd_configurator
-dpp_hostapd_configurator_enrollee_v1
 dpp_hostapd_configurator_responder
 dpp_hostapd_configurator_fragmentation
 dpp_hostapd_enrollee_fragmentation
@@ -650,7 +601,6 @@ dpp_proto_stop_at_pkex_cr_req
 dpp_proto_stop_at_pkex_cr_resp
 dpp_proto_network_introduction
 dpp_hostapd_auth_conf_timeout
-dpp_hostapd_auth_resp_retries
 dpp_tcp
 dpp_tcp_port
 dpp_tcp_mutual
@@ -702,6 +652,5 @@ dpp_qr_code_config_event_initiator_failure
 dpp_qr_code_config_event_initiator_no_response
 dpp_qr_code_config_event_initiator_both
 dpp_tcp_qr_code_config_event_initiator
-dpp_qr_code_config_event_responder
 dpp_discard_public_action

--- a/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch
@@ -0,0 +1,47 @@
+From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
+From: Juliusz Sosinowicz <juliusz@wolfssl.com>
+Date: Fri, 19 Apr 2024 16:41:38 +0200
+Subject: [PATCH] Fixes for running tests under UML
+
+- Apply commit ID fix from more recent commit
+- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
+---
+ src/crypto/crypto_wolfssl.c | 2 +-
+ tests/hwsim/run-all.sh      | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 00ecf61352..a57fa50697 100644
+--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
+@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
+ 	int ret = -1;
+ 	WC_RNG rng;
+ 	DhKey *dh = NULL;
+-	word32 priv_sz, pub_sz;
+	word32 priv_sz = prime_len, pub_sz = prime_len;
+ 
+ 	if (TEST_FAIL())
+ 		return -1;
+diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
+index ee48cd0581..75c3a58b52 100755
+--- a/tests/hwsim/run-all.sh
+++ b/tests/hwsim/run-all.sh
+@@ -15,7 +15,13 @@ export LOGDIR
+ if [ -z "$DBFILE" ]; then
+     DB=""
+ else
+-    DB="-S $DBFILE --commit $(git rev-parse HEAD)"
+    DB="-S $DBFILE"
+    if [ -z "$COMMITID" ]; then
+	COMMITID="$(git rev-parse HEAD)"
+    fi
+    if [ -n "$COMMITID" ]; then
+	DB="$DB --commit $COMMITID"
+    fi
+     if [ -n "$BUILD" ]; then
+ 	DB="$DB -b $BUILD"
+     fi
+-- 
+2.34.1
+
--- a/.github/workflows/hostap-files/configs/hostap_2_10/tests
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/tests
@@ -163,7 +163,6 @@ ap_wpa2_disable_eapol_retry_group
 ap_wpa2_psk_mic_0
 ap_wpa2_psk_local_error
 ap_wpa2_psk_inject_assoc
-ap_wpa2_psk_no_control_port
 ap_wpa2_psk_ap_control_port
 ap_wpa2_psk_ap_control_port_disabled
 ap_wpa2_psk_rsne_mismatch_ap
@@ -269,16 +268,3 @@ ap_wpa2_eap_psk_mac_addr_change
 ap_wpa2_eap_server_get_id
 ap_wpa2_radius_server_get_id
 ap_wpa2_eap_sake_no_control_port
-ap_wpa2_tdls
-ap_wpa2_tdls_concurrent_init
-ap_wpa2_tdls_concurrent_init2
-ap_wpa2_tdls_decline_resp
-ap_wpa2_tdls_long_lifetime
-ap_wpa2_tdls_long_frame
-ap_wpa2_tdls_reneg
-ap_wpa2_tdls_wrong_lifetime_resp
-ap_wpa2_tdls_diff_rsnie
-ap_wpa2_tdls_wrong_tpk_m2_mic
-ap_wpa2_tdls_wrong_tpk_m3_mic
-ap_wpa2_tdls_double_tpk_m2
-ap_wpa2_tdls_responder_teardown
--- a/.github/workflows/hostap-vm.yml
+++ b/.github/workflows/hostap-vm.yml
@@ -0,0 +1,313 @@
+name: hostap and wpa-supplicant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  LINUX_REF: v6.6
+
+jobs:
+  build_wolfssl:
+    strategy:
+      matrix:
+        include:
+          - build_id: hostap-vm-build1
+            wolf_extra_config: --disable-tls13
+          - build_id: hostap-vm-build2
+            wolf_extra_config: >-
+              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 
+              --enable-tlsv10 --enable-oldtls
+    name: Build wolfSSL
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
+            ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.build_id }}
+          path: build-dir
+          retention-days: 5
+
+  build_uml_linux:
+    name: Build UML (UserMode Linux)
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: ${{ env.LINUX_REF }}
+          lookup-only: true
+
+      - name: Checkout hostap
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror
+          path: hostap
+
+      - name: Checkout linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: torvalds/linux 
+          path: linux
+
+      - name: Compile linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
+          cd linux
+          yes "" | ARCH=um make -j $(nproc)
+
+  hostap_test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # should hostapd be compiled with wolfssl
+        hostapd: [true, false]
+        # should wpa_supplicant be compiled with wolfssl
+        wpa_supplicant: [true, false]
+        # Fix the versions of hostap and osp to not break testing when a new
+        # patch is added in to osp. Tests are read from the corresponding
+        # configs/hostap_ref/tests file.
+        config: [
+          {
+            hostap_ref: hostap_2_10,
+            remove_teap: true,
+            # TLS 1.3 does not work for this version
+            build_id: hostap-vm-build1,
+          },
+          # Test the dpp patch
+          {
+            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+            build_id: hostap-vm-build2
+          },
+          {
+            hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
+            osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
+            build_id: hostap-vm-build2
+          },
+        ]
+        exclude:
+          # don't test openssl on both sides
+          - hostapd: false
+            wpa_supplicant: false
+          # no hostapd support for dpp yet
+          - hostapd: true
+            config: {
+              hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+              osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+              build_id: hostap-vm-build2
+            }
+    name: hwsim test
+    # For openssl 1.1
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 45
+    needs: [build_wolfssl, build_uml_linux]
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: ${{ env.LINUX_REF }}
+          fail-on-cache-miss: true
+
+      - name: show file structure
+        run: tree
+
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.config.build_id }}
+          path: build-dir
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
+            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark
+          sudo pip3 install pycryptodome
+
+      - name: Checkout hostap
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror 
+          path: hostap
+          ref: ${{ matrix.config.hostap_ref }}
+
+      - name: Update certs
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: ./update.sh
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          ref: ${{ matrix.config.osp_ref }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Apply patch files
+        working-directory: hostap
+        run: |
+          for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
+          do
+            patch -p1 < $f
+          done
+
+      - name: Apply extra patches
+        working-directory: hostap
+        run: |
+          FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
+          if [ -f "$FILE" ]; then
+            patch -p1 < $FILE
+          fi
+
+      - if: ${{ matrix.hostapd }}
+        name: Setup hostapd config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
+             hostap/hostapd/.config
+          cat <<EOF >> hostap/hostapd/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Setup wpa_supplicant config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
+             hostap/wpa_supplicant/.config
+          cat <<EOF >> hostap/wpa_supplicant/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - name: Build hostap and wpa_supplicant
+        working-directory: hostap/tests/hwsim/
+        run: ./build.sh
+
+      - if: ${{ matrix.hostapd }}
+        name: Confirm hostapd linking with wolfSSL
+        run: ldd hostap/hostapd/hostapd | grep wolfssl
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Confirm wpa_supplicant linking with wolfSSL
+        run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
+
+      - if: ${{ matrix.config.remove_teap }}
+        name: Remove EAP-TEAP from test configuration
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: |
+          sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
+          sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
+          sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
+          sed -e 's/TEAP,//' -i eap_user.conf
+
+      - if: ${{ runner.debug }}
+        name: Enable hostap debug logging
+        run: |
+          echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
+
+      - name: Run tests
+        id: testing
+        working-directory: hostap/tests/hwsim/
+        run: |
+          cat <<EOF >> vm/vm-config
+            KERNELDIR=$GITHUB_WORKSPACE/linux
+            KVMARGS="-cpu host"
+          EOF
+          # Run tests in increments of 200 to not stall out the parallel-vm script
+          while mapfile -t -n 200 ary && ((${#ary[@]})); do
+            TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
+            HWSIM_RES=0 # Not set when command succeeds
+            ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS  || HWSIM_RES=$?
+            if [ "$HWSIM_RES" -ne "0" ]; then
+              # Let's re-run the failing tests. We gather the failed tests from the log file.
+              FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
+              printf 'failed tests: %s\n' "$FAILED_TESTS"
+              ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
+            fi
+            rm -r /tmp/hwsim-test-logs
+          done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
+
+      # The logs are quite big. It hasn't been useful so far so let's not waste
+      # precious gh space.
+      #- name: zip logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  working-directory: hostap/tests/hwsim/
+      #  run: |
+      #    rm /tmp/hwsim-test-logs/latest
+      #    zip -9 -r logs.zip /tmp/hwsim-test-logs
+      #
+      #- name: Upload failure logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  uses: actions/upload-artifact@v4
+      #  with:
+      #    name: hostap-logs-${{ env.our_job_run_id }}
+      #    path: hostap/tests/hwsim/logs.zip
+      #    retention-days: 5
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@@ -1,7 +1,16 @@
 name: Kerberos 5 Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@@ -1,7 +1,16 @@
 name: libssh2 Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,52 +0,0 @@
-name: CI
-concurrency:
-  group: ${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  push:
-    branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
-
-jobs:
-    espressif:
-        uses: ./.github/workflows/docker-Espressif.yml
-    multi-compiler:
-        uses: ./.github/workflows/multi-compiler.yml
-    multi-arch:
-        uses: ./.github/workflows/multi-arch.yml
-    openwrt:
-        uses: ./.github/workflows/docker-OpenWrt.yml
-    os-check:
-        uses: ./.github/workflows/os-check.yml
-    async:
-        uses: ./.github/workflows/async.yml
-    stunnel:
-        uses: ./.github/workflows/stunnel.yml
-    openvpn:
-        uses: ./.github/workflows/openvpn.yml
-    hostap:
-        uses: ./.github/workflows/hostap.yml
-    nginx:
-        uses: ./.github/workflows/nginx.yml
-    zephyr:
-        uses: ./.github/workflows/zephyr.yml
-    hitch:
-        uses: ./.github/workflows/hitch.yml
-    curl:
-        uses: ./.github/workflows/curl.yml
-    krb5:
-        uses: ./.github/workflows/krb5.yml
-    packaging:
-        uses: ./.github/workflows/packaging.yml
-    memcached:
-        uses: ./.github/workflows/memcached.yml
-# TODO: Currently this test fails. Enable it once it becomes passing.        
-#    libssh2:
-#        uses: ./.github/workflows/libssh2.yml
-    openssh:
-        uses: ./.github/workflows/openssh.yml
-# TODO: Currently this test fails. Enable it once it becomes passing.        
-#    haproxy:
-#        uses: ./.github/workflows/haproxy.yml
--- a/.github/workflows/memcached.yml
+++ b/.github/workflows/memcached.yml
@@ -1,7 +1,16 @@
 name: memcached Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/multi-arch.yml
+++ b/.github/workflows/multi-arch.yml
@@ -1,7 +1,16 @@
 name: Multiple architectures

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  my_matrix:
--- a/.github/workflows/multi-compiler.yml
+++ b/.github/workflows/multi-compiler.yml
@@ -1,7 +1,16 @@
 name: Multiple compilers and versions

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  my_matrix:
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -1,7 +1,16 @@
 name: nginx Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/no-malloc.yml
+++ b/.github/workflows/no-malloc.yml
@@ -0,0 +1,43 @@
+name: No Malloc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
+        ]
+    name: make check
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make
+          ./wolfcrypt/test/testwolfcrypt
+
+      - name: Print errors 
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi
--- a/.github/workflows/ocsp.yml
+++ b/.github/workflows/ocsp.yml
@@ -0,0 +1,37 @@
+name: OCSP Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  ocsp_stapling:
+    name: ocsp stapling
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+
+      - name: Build wolfSSL
+        run: autoreconf -ivf && ./configure --enable-ocsp --enable-ocspstapling && make
+
+      - name: Start OCSP responder 1
+        run: openssl ocsp -port 22221 -ndays 1000 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem &
+
+      - name: Start OCSP responder 2
+        run: openssl ocsp -port 22220 -ndays 1000 -index certs/ocsp/index-ca-and-intermediate-cas.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/root-ca-cert.pem &
+
+      - name: Start TLS server
+        run: ./examples/server/server -p 11111 -c ./certs/ocsp/server1-cert.pem -k ./certs/ocsp/server1-key.pem -d &
+
+      - name: Test Look Up
+        run: ./examples/client/client -A ./certs/ocsp/root-ca-cert.pem -o
--- a/.github/workflows/openssh.yml
+++ b/.github/workflows/openssh.yml
@@ -1,7 +1,16 @@
 name: openssh Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@@ -1,7 +1,16 @@
 name: OpenVPN Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
@@ -34,7 +43,7 @@ jobs:
    name: ${{ matrix.ref }}
    runs-on: ubuntu-latest
    # This should be a safe limit for the tests to run.
-    timeout-minutes: 6
+    timeout-minutes: 10
    needs: build_wolfssl
    steps:
      - name: Download lib
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -1,7 +1,16 @@
 name: Ubuntu-Macos-Windows Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  make_check:
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -1,7 +1,16 @@
 name: Packaging Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@@ -1,7 +1,16 @@
 name: stunnel Tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  build_wolfssl:
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@@ -1,7 +1,16 @@
 name: Zephyr tests

+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION

 jobs:
  run_test:
@@ -14,9 +23,11 @@ jobs:
            zephyr-sdk: 0.16.1
          - zephyr-ref: v3.5.0
            zephyr-sdk: 0.16.3
+          - zephyr-ref: v2.7.4
+            zephyr-sdk: 0.16.3
    runs-on: ubuntu-latest
    # This should be a safe limit for the tests to run.
-    timeout-minutes: 15
+    timeout-minutes: 25
    steps:
      - name: Install dependencies
        run: |
@@ -69,25 +80,38 @@ jobs:
          cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
          ./setup.sh -h -c -t x86_64-zephyr-elf

+      - name: Fix options for 2.7.4
+        if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
+        working-directory: zephyr/modules/crypto/wolfssl
+        run: |
+          sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
+
      - name: Run wolfssl test
        id: wolfssl-test
        working-directory: zephyr
        run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
          rm -rf zephyr/twister-out

      - name: Run wolfssl TLS sock test
+        # Results in a page fault that I can't trace
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
        id: wolfssl-tls-sock
        working-directory: zephyr
        run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
          rm -rf zephyr/twister-out

      - name: Run wolfssl TLS thread test
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
        id: wolfssl-tls-thread
        working-directory: zephyr
        run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
          rm -rf zephyr/twister-out

      - name: Zip failure logs
--- a/.gitignore
+++ b/.gitignore
@@ -433,3 +433,11 @@ MagicCrypto
 debian/changelog
 debian/control
 *.deb
+
+# PlatformIO
+/**/.pio
+/**/.vscode/.browse.c_cpp.db*
+/**/.vscode/c_cpp_properties.json
+/**/.vscode/launch.json
+/**/.vscode/ipch
+/**/sdkconfig.esp32dev
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,6 @@
-# CMakeList.txt
+# CMakeLists.txt
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL. (formerly known as CyaSSL)
 #
@@ -21,6 +21,12 @@

 cmake_minimum_required(VERSION 3.16)

+if(${CMAKE_VERSION} VERSION_LESS "3.22")
+    message(STATUS "This project recommends using CMake version 3.22 or higher. You are using ${CMAKE_VERSION}.")
+else()
+    cmake_policy(SET CMP0128 NEW)
+endif()
+
 if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
    message(FATAL_ERROR "In-source builds are not allowed.\
     Run cmake from a separate directory from where CMakeLists.txt lives.\
@@ -539,16 +545,89 @@ add_option(WOLFSSL_OQS
    "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
    "no" "yes;no")

-if (WOLFSSL_OQS)
-    find_package(OQS)
+# Kyber
+add_option(WOLFSSL_KYBER
+    "Enable the wolfSSL PQ Kyber library (default: disabled)"
+    "no" "yes;no")

-    if (OQS_FOUND)
-        list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
-        list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
-        set(HAVE_LIBOQS 1)
-        list(APPEND WOLFSSL_DEFINITIONS
-          "-DHAVE_TLS_EXTENSIONS"
-          "-DHAVE_LIBOQS")
+# Experimental features
+add_option(WOLFSSL_EXPERIMENTAL
+    "Enable experimental features (default: disabled)"
+    "no" "yes;no")
+
+message(STATUS "Looking for WOLFSSL_EXPERIMENTAL")
+if (WOLFSSL_EXPERIMENTAL)
+    message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found")
+
+    # We've enabled the experimental environment, but let's
+    # check if any experimental features are also enabled:
+    set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
+
+    set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
+
+    # Checking for experimental feature: OQS
+    message(STATUS "Looking for WOLFSSL_OQS")
+    if (WOLFSSL_OQS)
+        set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
+        message(STATUS "Looking for WOLFSSL_OQS - found")
+
+        message(STATUS "Checking OQS")
+        find_package(OQS)
+        if (OQS_FOUND)
+            message(STATUS "Checking OQS - found")
+            list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
+            list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
+
+            set_wolfssl_definitions("HAVE_LIBOQS"          RESUlT)
+            set_wolfssl_definitions("HAVE_TLS_EXTENSIONS"  RESUlT)
+            set_wolfssl_definitions("OPENSSL_EXTRA"        RESUlT)
+
+        else()
+            message(STATUS "Checking OQS - not found")
+            message(STATUS "WARNING: WOLFSSL_OQS enabled but not found: OQS_LIBRARY=${OQS_LIBRARY}, OQS_INCLUDE_DIR=${OQS_INCLUDE_DIR} ")
+        endif()
+    else()
+        message(STATUS "Looking for WOLFSSL_OQS - not found")
+    endif()
+
+    # Checking for experimental feature: Kyber
+    message(STATUS "Looking for WOLFSSL_KYBER")
+    if (WOLFSSL_KYBER)
+        set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
+
+        message(STATUS "Automatically set related requirements for Kyber:")
+        set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
+        set_wolfssl_definitions("WOLFSSL_WC_KYBER"   RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHA3"       RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESUlT)
+        message(STATUS "Looking for WOLFSSL_KYBER - found")
+    else()
+        message(STATUS "Looking for WOLFSSL_KYBER - not found")
+    endif()
+
+    # Other experimental feature detection can be added here...
+
+    # Were any experimental features found? Display a message.
+    if(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE)
+        message(STATUS "WOLFSSL_EXPERIMENTAL enabled, experimental features enabled.")
+    else()
+        message(STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled.")
+    endif()
+
+    # Sanity checks
+    if(WOLFSSL_OQS AND WOLFSSL_KYBER)
+        message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
+    endif()
+
+else()
+    # Experimental mode not enabled, but were any experimental features enabled? Error out if so:
+    message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found")
+    if (WOLFSSL_OQS)
+        message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
+    endif()
+    if(WOLFSSL_KYBER)
+        message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
    endif()
 endif()

@@ -565,6 +644,9 @@ endif()
 #       - Atomic user record layer
 #       - Public key callbacks
 #       - Microchip/Atmel CryptoAuthLib
+#       - XMSS
+#       - LMS
+#       - dual-certs

 # AES-CBC
 add_option("WOLFSSL_AESCBC"
@@ -1216,6 +1298,14 @@ if(WOLFSSL_OPENSSH OR
    override_cache(WOLFSSL_DES3 "yes")
 endif()

+# DES3 TLS Suites
+set(WOLFSSL_DES3_TLS_SUITES_STRING "Enable DES3 TLS cipher suites (default: disabled)")
+add_option("WOLFSSL_DES3_TLS_SUITES" ${WOLFSSL_DES3_TLS_SUITES_STRING} "no" "yes;no")
+
+if(NOT WOLFSSL_DES3_TLS_SUITES)
+    list(APPEND WOLFSSL_DEFINITIONS "-DNO_DES3_TLS_SUITES")
+endif()
+
 # ARC4
 set(WOLFSSL_ARC4_HELP_STRING "Enable ARC4 (default: disabled)")
 add_option("WOLFSSL_ARC4" ${WOLFSSL_ARC4_HELP_STRING} "no" "yes;no")
@@ -2106,6 +2196,44 @@ else()
 endif()
 set(OPTION_FILE "${WOLFSSL_OUTPUT_BASE}/wolfssl/options.h")

+# sccache
+add_option("ENABLE_SCCACHE"
+        "Enable sccache (default: disabled)"
+        "no" "yes;no")
+
+if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
+    find_program(SCCACHE sccache REQUIRED)
+    if(SCCACHE)
+        message(STATUS "Enable sccache")
+
+        if(CMAKE_C_COMPILER_LAUNCHER)
+            set(CMAKE_C_COMPILER_LAUNCHER "${CMAKE_C_COMPILER_LAUNCHER}" "${SCCACHE}")
+        else()
+            set(CMAKE_C_COMPILER_LAUNCHER "${SCCACHE}")
+        endif()
+        if(CMAKE_CXX_COMPILER_LAUNCHER)
+            set(CMAKE_CXX_COMPILER_LAUNCHER "${CMAKE_CXX_COMPILER_LAUNCHER}" "${SCCACHE}")
+        else()
+            set(CMAKE_CXX_COMPILER_LAUNCHER "${SCCACHE}")
+        endif()
+
+        if (MSVC)
+            if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+                string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG}")
+                string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
+            elseif(CMAKE_BUILD_TYPE STREQUAL "Release")
+                string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}")
+                string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
+            elseif(CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")
+                string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}")
+                string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
+            endif()
+        endif()
+        set(WOLFSSL_SCCACHE_ALREADY_SET_FLAG ON)
+    endif()
+endif()
+
+
 file(REMOVE ${OPTION_FILE})

 file(APPEND ${OPTION_FILE} "/* wolfssl options.h\n")
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev
 ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
 ARG DEPS_UDP_PROXY="wget libevent-dev"
 ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev"
-ARG DEPS_TOOLS="ccache"
+ARG DEPS_TOOLS="ccache clang-tidy maven"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
                    && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
                    && apt clean -y && rm -rf /var/lib/apt/lists/*
--- a/Docker/Dockerfile.cross-compiler
+++ b/Docker/Dockerfile.cross-compiler
@@ -3,7 +3,7 @@ FROM $DOCKER_BASE_IMAGE

 USER root

-ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu"
+ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
 RUN DEBIAN_FRONTEND=noninteractive apt update \
                    && apt install -y ${DEPS_TESTING} \
                    && apt clean -y && rm -rf /var/lib/apt/lists/*
--- a/Docker/yocto/Dockerfile
+++ b/Docker/yocto/Dockerfile
@@ -19,7 +19,9 @@ WORKDIR /opt/poky
 ARG YOCTO_VERSION=kirkstone
 RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull

-RUN git clone --single-branch --branch=${YOCTO_VERSION} https://github.com/wolfSSL/meta-wolfssl.git && \
+# This arg is to be able to force a rebuild starting from this line
+ARG DUMMY=date
+RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
    /bin/bash -c "source oe-init-build-env" && \
    echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
    sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
--- a/Docker/yocto/buildAndPush.sh
+++ b/Docker/yocto/buildAndPush.sh
@@ -11,9 +11,9 @@ fi
 NUM_FAILURES=0

 CUR_DATE=$(date -u +%F)
-for ver in kirkstone dunfell; do
+for ver in kirkstone langdale scarthgap; do
    echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
-    docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
+    docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
        docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
    if [ $? -eq 0 ]; then
        echo "Pushing containers to DockerHub"
--- a/IDE/ECLIPSE/MICRIUM/README.md
+++ b/IDE/ECLIPSE/MICRIUM/README.md
@@ -40,7 +40,7 @@ The folder hierarchy is the same as the wolfSSL folders with an exception of the

 4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL.

-5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
+5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm, aes_xts_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.

 6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths.
 Here's an example of the paths that must be added.
--- a/IDE/Espressif/ESP-IDF/README.md
+++ b/IDE/Espressif/ESP-IDF/README.md
@@ -1,8 +1,8 @@
 # ESP-IDF Port

 These Espressif examples have been created and tested with the latest stable release branch of 
-[ESP-IDF V5.1](https://docs.espressif.com/projects/esp-idf/en/release-v5.1/esp32/get-started/index.html).
-The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended.
+[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
+The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
 Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).

 See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
@@ -44,6 +44,28 @@ default configuration items in the wolfssl `settings.h`. With the latest version
 wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized
 in your project `user_settings.h` as desired.

+The `user_settings.h` include file should not be explicitly included in an project source files. Be
+sure to include `settings.h` (which pulls in `user_settings.h`) before any other wolfSSL include files.
+
+A new project should also include a compiler option suc as `CFLAGS +=-DWOLFSSL_USER_SETTINGS"` to ensure
+the `user_settings.h` is included properly. See the [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/main/main.c).
+
+```
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
 See the respective project directory:

  `[project-dir]/components/wolfssl/user_settings.h`
@@ -116,7 +138,7 @@ See the specific examples for additional details.

 ## Setup for Linux (wolfSSL local copy)

-This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
+This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.

 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
 2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
@@ -124,7 +146,7 @@ This is a legacy method for installation. It is recommended to use the new `CMak

 ## Setup for Windows

-This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
+This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.

 1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
 2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
--- a/IDE/Espressif/ESP-IDF/dummy_test_paths.h
+++ b/IDE/Espressif/ESP-IDF/dummy_test_paths.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/README.md
@@ -10,9 +10,9 @@ These are the core examples for wolfSSL:

 - [Test](./wolfssl_test/README.md)

- [TLS Client](./wolfssl_client/README.md)
+- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).

- [TLS Server](./wolfssl_server/README.md)
+- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server) 

 ## Other Espressif wolfSSL Examples

--- a/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
@@ -18,7 +18,7 @@
    <ToolchainID>
      <ID>com.visualgdb.xtensa-esp32-elf</ID>
      <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
        <GDB>12.1</GDB>
        <Revision>1</Revision>
      </Version>
@@ -67,8 +67,8 @@
      <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
      <ESPIDFExtension>
        <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
          <Type>ESPIDF</Type>
        </IDFCheckout>
        <COMPort>COM37</COMPort>
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #  This file is part of wolfSSL.
 #
@@ -45,6 +45,11 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")

+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()

 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
    idf_component_register(
                            REQUIRES "${COMPONENT_REQUIRES}"
                            PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          # esp_timer
+                                          # driver # this will typically only be needed for wolfSSL benchmark
                           )

 else()
@@ -363,6 +368,10 @@ else()
        "\"${WOLFSSL_ROOT}/wolfssl/\""
        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
        "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
        )


@@ -384,7 +393,10 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -19,12 +19,22 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here
+ *
+ * When editing this file:
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
+ */
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"

 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +46,54 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF

+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+#define NO_ESP_SDK_WIFI
+
+/* Experimental Kyber */
+#if 0
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+#endif
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
 *
 * WOLFSSL_ESP32
- * WOLFSSL_ESPWROOM32SE
 * WOLFSSL_ESP8266
 */
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+

-#define WOLFSSL_ESP32

 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +107,6 @@
 /* #define NO_OLD_TLS */

 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048

 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
@@ -79,7 +124,9 @@

 #define HAVE_AESGCM

-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224

@@ -92,22 +139,31 @@
 /* when you want to use SHA3 */
 #define WOLFSSL_SHA3

-/* Reminder: ED25519 requires SHA512 */
+ /* ED25519 requires SHA512 */
 #define HAVE_ED25519

-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* TODO determine low memory configuration for ECC. */
+#else
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+#endif
+
 #define HAVE_ED25519

 /* Optional OPENSSL compatibility */
 #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
+
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */

-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
    #define HAVE_AES_KEYWRAP
    #define HAVE_X963_KDF
    #define WOLFSSL_AES_DIRECT
@@ -127,27 +183,11 @@
    /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif

-/* RSA primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */

-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */

 /* #define WOLFSSL_ATECC508A_DEBUG         */

@@ -159,9 +199,10 @@


 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+#define ESP_RSA_TIMEOUT_CNT    0x349F00

-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT

 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
@@ -170,6 +211,7 @@
 /* #undef USE_FAST_MATH          */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */

 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
@@ -205,7 +247,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */

-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -213,10 +255,14 @@
 --enable-asn-template
 */

-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -234,6 +280,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -246,6 +293,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -259,6 +307,7 @@

 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
      defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     * single QFN 4x4 mm package. Out of released documentation, Technical
     * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -284,6 +333,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -301,6 +351,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -317,6 +368,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
    /*  wolfSSL Hardware Acceleration not yet implemented */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -325,21 +377,63 @@
    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
 #else
    /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */

+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options

 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
@@ -353,14 +447,26 @@
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */

-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+#define WOLFSSL_ESPIDF_ERROR_PAUSE
+
 #define WOLFSSL_HW_METRICS

-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */

-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */

 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -383,8 +489,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */


-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP

 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -393,12 +499,75 @@
 #define ATCA_WOLFSSL
 */

-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */

+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
    #include <wolfssl/certs_test_sm.h>
    #define CTX_CA_CERT          root_sm2
@@ -414,15 +583,49 @@
    #undef  WOLFSSL_BASE16
    #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
--- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
@@ -1,6 +1,6 @@
 /* template main.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -22,8 +22,23 @@
 /* Espressif */
 #include <esp_log.h>

-/* wolfSSL  */
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+

 /* project */
 #include "main.h"
@@ -32,18 +47,32 @@ static const char* const TAG = "My Project";

 void app_main(void)
 {
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    int ret = 0;
+#endif
    ESP_LOGI(TAG, "Hello wolfSSL!");

 #ifdef HAVE_VERSION_EXTENDED_INFO
-    esp_ShowExtendedSystemInfo();
+    ret = esp_ShowExtendedSystemInfo();
 #endif

 #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
-    esp_hw_show_metrics();
+    ret += esp_hw_show_metrics();
 #endif

+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#else
    ESP_LOGI(TAG, "\n\nDone!"
                  "If running from idf.py monitor, press twice: Ctrl+]\n\n"
                  "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */
            );
+#endif
 }
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
@@ -5,6 +5,7 @@
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)

+add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -21,13 +22,20 @@ cmake_minimum_required(VERSION 3.16)
 #

 # Optionally specify a location for wolfSSL component source code
-# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" )
+# set(WOLFSSL_ROOT "c:/mydir/wolfssl" )
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+#
+#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+#    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+#    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+#    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+#else()
+#    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+#endif()

+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)

-set(COMPONENTS
-  main
-  wolfssl
-) # set components
-
 project(wolfssl_benchmark)
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
@@ -3,9 +3,10 @@
 # project subdirectory.
 #

-PROJECT_NAME := wolfssl_benchmark
-
 CFLAGS += -DWOLFSSL_USER_SETTINGS
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG

+PROJECT_NAME := wolfssl_benchmark
 include $(IDF_PATH)/make/project.mk
-
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
@@ -19,6 +19,13 @@ other local port to `COM20` as needed:
 change port com20=com23
 ```

+## Bulk Testing
+
+If you have a test jig with multiple ESP32 devices and you'd like to run this wolfcrypt benchmark on all of them, check out
+the `testAll.sh` and `testMonitor.sh` scripts in the [../wolfssl_test](../wolfssl_test/README.md) directory. Copy those
+bash script files to this project. See the `esp32[NN]_PORT` and `esp32[NN]_PUTTY` settings in `testMonitor.sh` that will
+be machine-specific.
+
 ## VisualGDB

 Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj
@@ -18,9 +18,9 @@
    <ToolchainID>
      <ID>com.visualgdb.xtensa-esp32-elf</ID>
      <Version>
-        <GCC>11.2.0</GCC>
-        <GDB>9.2.90</GDB>
-        <Revision>2</Revision>
+        <GCC>13.2.0</GCC>
+        <GDB>12.1</GDB>
+        <Revision>1</Revision>
      </Version>
    </ToolchainID>
    <RelativeSourceDirectory>..</RelativeSourceDirectory>
@@ -67,8 +67,8 @@
      <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
      <ESPIDFExtension>
        <IDFCheckout>
-          <Version>release/v5.0</Version>
-          <Subdirectory>esp-idf/v5.0</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
          <Type>ESPIDF</Type>
        </IDFCheckout>
        <COMPort>COM20</COMPort>
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #  This file is part of wolfSSL.
 #
@@ -19,16 +19,95 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.0 template update + THIS_IDF_PATH
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #

 cmake_minimum_required(VERSION 3.16)
+
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
 set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message("Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message("Detected UNIX")
+    endif()
+    if(APPLE)
+        message("Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message("Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message("Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message("Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+endif()

 # find the user name to search for possible "wolfssl-username"
 message(STATUS "USERNAME = $ENV{USERNAME}")
@@ -45,6 +124,11 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")

+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()

 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
    endif()
 endfunction()

+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+        else()
+            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+            if( FOUND_WOLFSSL )
+                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            else()
+                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+                message(STATUS "$ENV{WOLFSSL_ROOT}")
+            endif()
+        endif()
    else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
        if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
-            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
-            return()
+            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
        else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
        endif()
    endif()

+
    # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
    message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
    get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
            return()
        endif()

+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
        if( THIS_USER )
            # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")

-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
            if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                return()
            endif()
        endif()
@@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
        message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
        if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
            set(CURRENT_SEARCH_DIR "")
        endif()
    endwhile()
@@ -149,17 +279,47 @@ endfunction()


 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#

+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")

+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()

+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "")
+    set(THIS_INCLUDE_DRIVER "")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_INCLUDE_DRIVER "driver")
+endif()

 if(CMAKE_BUILD_EARLY_EXPANSION)
    message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
    idf_component_register(
                            REQUIRES "${COMPONENT_REQUIRES}"
                            PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          ${THIS_INCLUDE_TIMER}
+                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
                           )

 else()
@@ -171,24 +331,52 @@ else()
    # search for wolfSSL
    FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
    if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
    else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Searching for wolfSL source code...")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        message(STATUS "Failed: wolfssl directory not found.")
        # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        # Abort CMake after fatal error.
    endif()

    set(INCLUDE_PATH ${WOLFSSL_ROOT})

    set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")

-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()

-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
    endif()

    set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
@@ -200,16 +388,19 @@ else()

    message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")

+    # wolfSSL user_settings.h is in the local project.
    set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")

+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")

    # Espressif may take several passes through this makefile. Check to see if we found IDF
    string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)

    # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
    file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")

    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -232,11 +423,13 @@ else()
        message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
        message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
        message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
        message(STATUS "")
        message(STATUS "**************************************************************************************")
        message(STATUS "")

+        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
+        # Abort CMake after fatal error.
+
        # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")

@@ -286,6 +479,7 @@ else()
                        message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                            "${WOLFSSL_ROOT}/include/user_settings.h "
                                            " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                    else()
                        # we won't overwrite an existing user settings file, just note that we already have one:
                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -355,17 +549,22 @@ else()
            message(STATUS "Could not find RTOS path")
        endif()
    endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
    set(COMPONENT_ADD_INCLUDEDIRS
        "./include" # this is the location of wolfssl user_settings.h
        "\"${WOLFSSL_ROOT}/\""
        "\"${WOLFSSL_ROOT}/wolfssl/\""
        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
        "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
        )

-
+    # Optionally include cryptoauthlib if present
    if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
        list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
    endif()
@@ -374,7 +573,7 @@ else()
    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")


-
+    # Some files are known to be included elsewhere, or not used for Espressif
    set(COMPONENT_SRCEXCLUDE
        "\"${WOLFSSL_ROOT}/src/bio.c\""
        "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -384,9 +583,14 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -423,17 +627,34 @@ else()
                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
                            REQUIRES "${COMPONENT_REQUIRES}"
                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                            PRIV_REQUIRES
+                              "${THIS_INCLUDE_TIMER}"
+                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                           )
-    # some optional diagnostics
-    if (1)
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
        get_cmake_property(_variableNames VARIABLES)
        list (SORT _variableNames)
        message(STATUS "")
        message(STATUS "ALL VARIABLES BEGIN")
        message(STATUS "")
        foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
        endforeach()
        message(STATUS "")
        message(STATUS "ALL VARIABLES END")
@@ -520,6 +741,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION)
    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")

+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
    message(STATUS "************************************************************************************************")
    message(STATUS "wolfssl component config complete!")
    message(STATUS "************************************************************************************************")
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
@@ -1,40 +1,240 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# In the wolfSSL GitHub examples for Espressif,
+# the root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../../
+
+# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+
+# WOLFSSL_ROOT := ""
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
+COMPONENT_SRCDIRS += include
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+
+##
+## wolfcrypt
+##
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -19,12 +19,22 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here
+ *
+ * When editing this file:
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
+ */
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"

 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +46,175 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF

+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+#define NO_ESP_SDK_WIFI
+
+/* Experimental Kyber */
+#if 0
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+#endif
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
 *
 * WOLFSSL_ESP32
- * WOLFSSL_ESPWROOM32SE
 * WOLFSSL_ESP8266
 */
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */

-#define WOLFSSL_ESP32
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+/* Uncommon settings for testing only */
+#define TEST_ESPIDF_ALL_WOLFSSL
+#ifdef  TEST_ESPIDF_ALL_WOLFSSL
+    #define WOLFSSL_MD2
+    #define HAVE_BLAKE2
+    #define HAVE_BLAKE2B
+    #define HAVE_BLAKE2S
+
+    #define WC_RC2
+    #define WOLFSSL_ALLOW_RC4
+
+    #define HAVE_POLY1305
+
+    #define WOLFSSL_AES_128
+    #define WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_CFB
+    #define WOLFSSL_AES_XTS
+
+    /* #define WC_SRTP_KDF */
+    /* TODO Causes failure with Espressif AES HW Enabled */
+    /* #define HAVE_AES_ECB */
+    /* #define HAVE_AESCCM  */
+    /* TODO sanity check when missing HAVE_AES_ECB */
+    #define WOLFSSL_WOLFSSH
+
+    #define HAVE_AESGCM
+    #define WOLFSSL_AES_COUNTER
+
+    #define HAVE_FFDHE
+    #define HAVE_FFDHE_2048
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* TODO Full size SRP is disabled on the ESP8266 at this time.
+         * Low memory issue? */
+        #define WOLFCRYPT_HAVE_SRP
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+          defined(CONFIG_IDF_TARGET_ESP32S2) || \
+          defined(CONFIG_IDF_TARGET_ESP32S3)
+        /* TODO: SRP Not enabled, known to fail on this target
+         * See https://github.com/wolfSSL/wolfssl/issues/7210 */
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32H2)
+        /* SRP Known to be working on this target::*/
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #else
+        /* For everything else, give a try and see if SRP working: */
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+
+    #define HAVE_DH
+
+    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+    /* #define HAVE_CAMELLIA */
+
+    /* DSA requires old SHA */
+    #define HAVE_DSA
+
+    /* Needs SHA512 ? */
+    #define HAVE_HPKE
+
+    /* Not for Espressif? */
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP32H2) || \
+        defined(CONFIG_IDF_TARGET_ESP8266)
+
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            #undef HAVE_ECC
+            #undef HAVE_ECC_CDH
+            #undef HAVE_CURVE25519
+
+            /* TODO does CHACHA also need alignment? Failing on ESP8266
+             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
+            #ifdef HAVE_CHACHA
+                #error "HAVE_CHACHA not supported on ESP8266"
+            #endif
+            #ifdef HAVE_XCHACHA
+                #error "HAVE_XCHACHA not supported on ESP8266"
+            #endif
+        #else
+            #define HAVE_XCHACHA
+            #define HAVE_CHACHA
+            /* TODO Not enabled at this time, needs further testing:
+             *   #define WC_SRTP_KDF
+             *   #define HAVE_COMP_KEY
+             *   #define WOLFSSL_HAVE_XMSS
+             */
+        #endif
+        /* TODO AES-EAX not working on this platform */
+
+        /* Optionally disable DH
+         *   #undef HAVE_DH
+         *   #undef HAVE_FFDHE
+         */
+
+        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+        #ifndef HAVE_ECC
+            #define ECC_SHAMIR
+        #endif
+    #else
+        #define WOLFSSL_AES_EAX
+
+        #define ECC_SHAMIR
+    #endif
+
+    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+    /* #define WOLFSSL_CAAM      */
+    /* #define WOLFSSL_CAAM_BLOB */
+
+    #define WOLFSSL_AES_SIV
+    #define WOLFSSL_CMAC
+
+    #define WOLFSSL_CERT_PIV
+
+    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+    /* #define HAVE_SCRYPT */
+    #define SCRYPT_TEST_ALL
+    #define HAVE_X963_KDF
+#endif

 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +228,6 @@
 /* #define NO_OLD_TLS */

 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048

 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
@@ -79,7 +245,9 @@

 #define HAVE_AESGCM

-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224

@@ -95,24 +263,34 @@
 /* ED25519 requires SHA512 */
 #define HAVE_ED25519

-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* TODO determine low memory configuration for ECC. */
+#else
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+#endif
+
 #define HAVE_ED25519

+/* Optional OPENSSL compatibility */
 #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
-/* #define HAVE_PKCS7 */

+/* #Optional HAVE_PKCS7 */
 #define HAVE_PKCS7

 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
    #define HAVE_AES_KEYWRAP
    #define HAVE_X963_KDF
    #define WOLFSSL_AES_DIRECT
 #endif

-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */

@@ -126,27 +304,11 @@
    /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif

-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */

-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */

 /* #define WOLFSSL_ATECC508A_DEBUG         */

@@ -206,7 +368,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */

-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -214,10 +376,14 @@
 --enable-asn-template
 */

-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -235,6 +401,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -247,6 +414,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -260,6 +428,7 @@

 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
      defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     * single QFN 4x4 mm package. Out of released documentation, Technical
     * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -285,6 +454,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -302,6 +472,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -318,6 +489,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
    /*  wolfSSL Hardware Acceleration not yet implemented */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -326,7 +498,11 @@
    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -343,13 +519,42 @@

 #else
    /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */

+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options

 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
@@ -363,6 +568,14 @@
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */

 /* Pause in a loop rather than exit. */
@@ -396,8 +609,9 @@
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */

-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP

 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -406,12 +620,75 @@
 #define ATCA_WOLFSSL
 */

-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */

+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
    #include <wolfssl/certs_test_sm.h>
    #define CTX_CA_CERT          root_sm2
@@ -427,24 +704,49 @@
    #undef  WOLFSSL_BASE16
    #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1

-/* See settings.h for some of the possible hardening options:
- *
- *  #define NO_ESPIDF_DEFAULT
- *  #define WC_NO_CACHE_RESISTANT
- *  #define WC_AES_BITSLICED
- *  #define HAVE_AES_ECB
- *  #define HAVE_AES_DIRECT
- */
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
@@ -3,6 +3,7 @@
 #
 # This Makefile can be left empty. By default, it will take the sources in the
 # src/ directory, compile them and link them into lib(subdirectory_name).a
-# in the build directory. This behaviour is entirely configurable,
+# in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 #
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
@@ -1,6 +1,6 @@
 /* benchmark main.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
@@ -1,6 +1,6 @@
 /* benchmark main.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -20,8 +20,8 @@
 */

 /* ESP-IDF */
-#include <esp_log.h>
 #include "sdkconfig.h"
+#include <esp_log.h>

 /* wolfSSL */
 /* The wolfSSL user_settings.h file is automatically included by the settings.h
@@ -29,6 +29,7 @@
 * The settings.h should also be listed above wolfssl library include files. */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
 #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #ifndef WOLFSSL_ESPIDF
    #error "Problem with wolfSSL user_settings. "           \
@@ -40,10 +41,24 @@
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfcrypt/benchmark/benchmark.h>

+/* Hardware; include after other libraries,
+ * particularly after freeRTOS from settings.h */
+#include <driver/uart.h>
+
 /* set to 0 for one benchmark,
 ** set to 1 for continuous benchmark loop */
 #define BENCHMARK_LOOP 0

+#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200
+
+#ifdef CONFIG_ESP8266_XTAL_FREQ_26
+    /* 26MHz crystal: 74880 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 74880
+#else
+    /* 40MHz crystal: 115200 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 115200
+#endif
+
 /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */
 #ifdef CONFIG_BENCH_ARGV
    #define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV
@@ -199,17 +214,42 @@ void app_main(void)
 {
    int stack_start = 0;

+    uart_config_t uart_config = {
+        .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
+        .data_bits = UART_DATA_8_BITS,
+        .parity    = UART_PARITY_DISABLE,
+        .stop_bits = UART_STOP_BITS_1,
+    };
+    esp_err_t ret = 0;
+    stack_start = esp_sdk_stack_pointer();
+
+    /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
+     *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
+
+    /* Some targets may need to have UART speed set, such as ESP8266 */
+    ESP_LOGI(TAG, "UART init");
+    uart_param_config(UART_NUM_0, &uart_config);
+    uart_driver_install(UART_NUM_0,
+                        THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0);
+
    ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
    ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
+
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
+    esp_DisableWatchdog();
+#endif

 #if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS)
    esp_ShowExtendedSystemInfo();
 #endif

+    /* all platforms: stack high water mark check */
    ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV);

 /* when using atecc608a on esp32-wroom-32se */
@@ -238,7 +278,7 @@ void app_main(void)
    do {
        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));

-        wolf_benchmark_task();
+        wolf_benchmark_task(); /* TODO capture return value! */
        ESP_LOGI(TAG, "Stack used: %d\n",
                      stack_start - uxTaskGetStackHighWaterMark(NULL));

@@ -255,8 +295,33 @@ void app_main(void)
    ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 #endif

-#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
-    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+    /* note wolfCrypt_Cleanup() should always be called when finished.
+    ** This is called at the end of wolf_test_task();
+    */
+
+#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
+    esp_hw_show_mp_metrics();
+#endif
+
+#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+
+        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                        - (uxTaskGetStackHighWaterMark(NULL)));
+#endif
+
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
+     ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#else
+    ESP_LOGI(TAG, "\n\nDone!\n\n"
+                  "If running from idf.py monitor, press twice: Ctrl+]");
 #endif

    /* after the test, we'll just wait */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
@@ -1,34 +1,87 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
 CONFIG_BENCH_ARGV="-lng 0"
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y

 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
-#
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500

 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+CONFIG_MAIN_TASK_STACK_SIZE=10500

+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
 #
 # Watchdog Timers
 #
-# We don't want to have the watchdog timeout during tests
+# We don't want to have the watchdog timeout during tests & benchmarks
 #
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000

 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y

 #
 # Partition Table
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
@@ -185,4 +185,33 @@ I hear you fa shizzle!
 ./examples/server/server                   -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3     -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem     -A ./certs/sm2/client-sm2.pem -V
 ```

+
+#### Linux Client using Kyber to ESP32 Server
+
+```
+# Ensure build with Kyber enabled:
+# ./configure --enable-kyber=all --enable-experimental && make
+
+./examples/client/client  -h 192.168.1.38 -v 4 -l  TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5
+```
+
+#### ESP32 Client to WSL Linux Server
+
+In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server:
+
+```bash
+netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
+```
+
+After the server exits, remove the port proxy forward:
+
+```bash
+netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
+```
+
+For additional information, see [Accessing network applications with WSL](https://learn.microsoft.com/en-us/windows/wsl/networking).
+
+
+## Additional Information
+
 See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
@@ -18,7 +18,7 @@
    <ToolchainID>
      <ID>com.visualgdb.xtensa-esp32-elf</ID>
      <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
        <GDB>12.1</GDB>
        <Revision>1</Revision>
      </Version>
@@ -67,8 +67,8 @@
      <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
      <ESPIDFExtension>
        <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
          <Type>ESPIDF</Type>
        </IDFCheckout>
        <COMPort>COM19</COMPort>
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #  This file is part of wolfSSL.
 #
@@ -45,6 +45,11 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")

+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()

 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -363,6 +368,10 @@ else()
        "\"${WOLFSSL_ROOT}/wolfssl/\""
        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
        "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        ${THIS_IDF_PATH}/components/esp_event/include
+        ${THIS_IDF_PATH}/components/esp_netif/include
+        ${THIS_IDF_PATH}/components/esp_wifi/include
        )


@@ -374,7 +383,7 @@ else()
    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")


-
+    # Some files are known to be included elsewhere, or not used for Espressif
    set(COMPONENT_SRCEXCLUDE
        "\"${WOLFSSL_ROOT}/src/bio.c\""
        "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -384,9 +393,14 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -56,13 +56,15 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
 # The root is 7 directories up from here:
 WOLFSSL_ROOT := ../../../../../../..

-# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
-COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"

@@ -142,15 +144,15 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
@@ -223,6 +225,9 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o

 ##
 ## wolfcrypt benchmark  (optional)
@@ -242,3 +247,4 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
 ## wolfcrypt
 ##
 # COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
@@ -22,9 +22,30 @@
 /* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */

 /* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
-#define DEBUG_WOLFSSL
-#define DEBUG_WOLFSSL_VERBOSE
+
+#include "sdkconfig.h"
+
+/* #define DEBUG_WOLFSSL */
+/* #define DEBUG_WOLFSSL_VERBOSE */
+
+/* Experimental Kyber */
+#if 0
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048

 /* The Espressif sdkconfig will have chipset info.
 **
@@ -40,23 +61,34 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF

+/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
+#define NO_ESP_SDK_WIFI
+
 /*
 * ONE of these Espressif chipsets should be defined:
 *
 * WOLFSSL_ESP32
 * WOLFSSL_ESPWROOM32SE
 * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
 */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */

 /* Small session cache saves a lot of RAM for ClientCache and SessionCache.
 * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
 * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
- * When really desparate, try NO_SESSION_CACHE.  */
-#define SMALL_SESSION_CACHE
+ * When really desperate, try NO_SESSION_CACHE.  */
+#define MICRO_SESSION_CACHE

 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -70,7 +102,7 @@
 /* #define NO_OLD_TLS */

 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
+
 #define WOLFSSL_SMALL_STACK
 #define HAVE_ECC
 #define RSA_LOW_MEM
@@ -100,25 +132,36 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384

-/* when you want to use SHA512 */
-/* #define WOLFSSL_SHA512 */
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    /* Some known low-memory devices have features not enabled by default. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512

-/* when you want to use SHA3 */
-/* #define WOLFSSL_SHA3 */
+    /* when you want to use SHA3 */
+    #define WOLFSSL_SHA3

-/* ED25519 requires SHA512 */
-/* #define HAVE_ED25519 */
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+    #define HAVE_ED25519
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */

 /* when you want to use pkcs7 */
 /* #define HAVE_PKCS7 */
-
 #if defined(HAVE_PKCS7)
    #define HAVE_AES_KEYWRAP
    #define HAVE_X963_KDF
    #define WOLFSSL_AES_DIRECT
 #endif

-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */

@@ -181,7 +224,9 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */

-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif

 /* #define HAVE_HASHDRBG */

@@ -359,6 +404,7 @@
 #endif /* CONFIG_IDF_TARGET Check */

 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options

 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
@@ -379,7 +425,7 @@

 /* #define HASH_SIZE_LIMIT */ /* for test.c */

-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */

 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -402,8 +448,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */


-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP

 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -497,7 +543,6 @@
    #define WOLFSSL_BASE16
 #else
    #if defined(USE_CERT_BUFFERS_2048)
-        #include <wolfssl/certs_test.h>
        #define CTX_CA_CERT          ca_cert_der_2048
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -517,7 +562,6 @@
        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1

    #elif defined(USE_CERT_BUFFERS_1024)
-        #include <wolfssl/certs_test.h>
        #define CTX_CA_CERT          ca_cert_der_1024
        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@@ -38,6 +38,13 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>

+#if defined(WOLFSSL_WC_KYBER)
+    #include <wolfssl/wolfcrypt/kyber.h>
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+    #include <wolfssl/certs_test.h>
+#endif
 #ifdef WOLFSSL_TRACK_MEMORY
    #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
@@ -180,18 +187,23 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
    struct hostent *hp;
    struct ip4_addr *ip4_addr;
    int ret_i; /* interim return values */
+    int err; /* interim return values */
    int sockfd;
    int doPeerCheck;
    int sendGet;
+#ifdef DEBUG_WOLFSSL
+    int this_heap = 0;
+#endif
 #ifndef NO_DH
    int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
 #endif
-    size_t len;

    /* declare wolfSSL objects */
    WOLFSSL_CTX* ctx;
    WOLFSSL*     ssl;

+    size_t len;
+
    wolfSSL_Debugging_ON();
    WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);

@@ -286,7 +298,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 /* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */
 #ifndef NO_DH
    ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
-     if (ret != SSL_SUCCESS) {
+     if (ret != WOLFSSL_SUCCESS) {
        ESP_LOGE(TAG, "Error setting minimum DH key size");
    }
 #endif
@@ -304,24 +316,28 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
                                         CTX_CLIENT_CERT,
                                         CTX_CLIENT_CERT_SIZE,
                                         CTX_CLIENT_CERT_TYPE);
-        if (ret_i != SSL_SUCCESS) {
-            ESP_LOGE(TAG, "ERROR: failed to load chain %d, "
+        if (ret_i != WOLFSSL_SUCCESS) {
+            ESP_LOGE(TAG, "ERROR: failed to load our cert chain %d, "
                          "please check the file.", ret_i);
        }

        /* Load client certificates into WOLFSSL_CTX */
-        WOLFSSL_MSG("Loading...cert");
+        WOLFSSL_MSG("Loading... CA cert");
        ret_i = wolfSSL_CTX_load_verify_buffer(ctx,
                                         CTX_CA_CERT,
                                         CTX_CA_CERT_SIZE,
                                         CTX_CA_CERT_TYPE);
+        if (ret_i != WOLFSSL_SUCCESS) {
+            ESP_LOGE(TAG, "ERROR: failed to load CA cert %d, "
+                          "please check the file.\n", ret_i) ;
+        }

+        WOLFSSL_MSG("Loading... our key");
        ret_i = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
                                         CTX_CLIENT_KEY,
                                         CTX_CLIENT_KEY_SIZE,
                                         CTX_CLIENT_KEY_TYPE);
-        if(ret_i  != SSL_SUCCESS) {
-            wolfSSL_CTX_free(ctx) ; ctx = NULL ;
+        if (ret_i != WOLFSSL_SUCCESS) {
            ESP_LOGE(TAG, "ERROR: failed to load key %d, "
                          "please check the file.\n", ret_i) ;
        }
@@ -351,11 +367,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)

    /* Connect to the server */
    sprintf(buff,
-            "Connecting to server....%s(port:%d)",
+            "Connecting to server....%s (port:%d)",
            TLS_SMP_TARGET_HOST,
            TLS_SMP_DEFAULT_PORT);
-    WOLFSSL_MSG(buff);
-    printf("%s\n", buff);
+    ESP_LOGI(TAG, "%s\n", buff);

    if ((ret_i = connect(sockfd,
                       (struct sockaddr *)&servAddr,
@@ -363,6 +378,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
        ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i);
    }

+#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+        ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled");
+#endif
+
    WOLFSSL_MSG("Create a WOLFSSL object");
    /* Create a WOLFSSL object */
    if ((ssl = wolfSSL_new(ctx)) == NULL) {
@@ -372,6 +391,36 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 #ifdef DEBUG_WOLFSSL
        ESP_LOGI(TAG, "\nCreated WOLFSSL object:");
        ShowCiphers(ssl);
+        this_heap = esp_get_free_heap_size();
+        ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
+                      &this_heap, this_heap);
+#endif
+#if defined(WOLFSSL_HAVE_KYBER)
+    #if defined(WOLFSSL_KYBER1024)
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL5");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
+    #elif defined(WOLFSSL_KYBER768)
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL3");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
+    #elif defined(WOLFSSL_KYBER512)
+        /* This will typically be a low memory situation, such as ESP8266 */
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL1");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
+    #else
+        ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available.");
+        ret_i = ESP_FAIL;
+    #endif
+        if (ret_i == WOLFSSL_SUCCESS) {
+            ESP_LOGI(TAG, "UseKeyShare Kyber success");
+        }
+        else {
+            ESP_LOGE(TAG, "UseKeyShare Kyber failed");
+        }
+#else
+    ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
 #endif
    }

@@ -396,7 +445,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
    #endif
 #endif
-
+#ifdef DEBUG_WOLFSSL
+        this_heap = esp_get_free_heap_size();
+        ESP_LOGI(TAG, "tls_smp_client_task heap(2) @ %p = %d",
+                      &this_heap, this_heap);
+#endif
    /* Attach wolfSSL to the socket */
    ret_i = wolfSSL_set_fd(ssl, sockfd);
    if (ret_i == WOLFSSL_SUCCESS) {
@@ -406,42 +459,86 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
        ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i);
    }

-    WOLFSSL_MSG("Connect to wolfSSL on the server side");
-    /* Connect to wolfSSL on the server side */
+    ESP_LOGI(TAG, "Connect to wolfSSL server...");
    ret_i = wolfSSL_connect(ssl);
-    if (wolfSSL_connect(ssl) == SSL_SUCCESS) {
+#ifdef DEBUG_WOLFSSL
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "tls_smp_client_task heap(3) @ %p = %d",
+                    &this_heap, this_heap);
+#endif
+    if (ret_i == WOLFSSL_SUCCESS) {
 #ifdef DEBUG_WOLFSSL
        ShowCiphers(ssl);
 #endif
+        ESP_LOGI(TAG, "Connect success! Sending message...");
        /* Get a message for the server from stdin */
        WOLFSSL_MSG("Message for server: ");
        memset(buff, 0, sizeof(buff));

        if (sendGet) {
-            printf("SSL connect ok, sending GET...\n");
            len = XSTRLEN(sndMsg);
            strncpy(buff, sndMsg, len);
-            buff[len] = '\0';
        }
        else {
-            sprintf(buff, "message from esp32 tls client\n");
+            sprintf(buff, "Hello from Espressif wolfSSL TLS client!\n");
            len = strnlen(buff, sizeof(buff));
        }
+        buff[len] = '\0';
+        ESP_LOGI(TAG, "SSL connect ok, sending message:\n\n%s\n", buff);
+
        /* Send the message to the server */
-        if (wolfSSL_write(ssl, buff, len) != len) {
+        do {
+            err = 0; /* reset error */
+            ret_i = wolfSSL_write(ssl, buff, len);
+            if (ret_i <= 0) {
+                err = wolfSSL_get_error(ssl, 0);
+            }
+        } while (err == WOLFSSL_ERROR_WANT_WRITE ||
+                 err == WOLFSSL_ERROR_WANT_READ);
+
+        if (ret_i != len) {
            ESP_LOGE(TAG, "ERROR: failed to write\n");
        }
+        else {
+            ESP_LOGI(TAG, "Message sent! Awaiting response...");
+        }

        /* Read the server data into our buff array */
        memset(buff, 0, sizeof(buff));
-        if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
+
+        do {
+            err = 0; /* reset error */
+            ret_i =wolfSSL_read(ssl, buff, sizeof(buff));
+            if (ret_i <= 0) {
+                err = wolfSSL_get_error(ssl, 0);
+            }
+        } while ((err == WOLFSSL_ERROR_WANT_READ) ||
+                 (err == WOLFSSL_ERROR_WANT_WRITE) );
+
+        if (ret_i < 0) {
            ESP_LOGE(TAG, "ERROR: failed to read\n");
        }

-        /* Print to stdout any data the server sends */
-        printf("Server: ");
-        printf("%s\n", buff);
+        /* Show any data the server sends */
+        ESP_LOGI(TAG, "Server response: \n\n%s\n", buff);
+
+        ret_i = wolfSSL_shutdown(ssl);
+        while (ret_i == WOLFSSL_SHUTDOWN_NOT_DONE) {
+            ret_i = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+            if (ret_i == WOLFSSL_SUCCESS) {
+                ESP_LOGI(TAG, "Bidirectional shutdown complete\n");
+                break;
+            }
+            else if (ret_i != WOLFSSL_SHUTDOWN_NOT_DONE) {
+                ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
+                break;
+            }
        }
+        if (ret_i != WOLFSSL_SUCCESS) {
+            ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
+        }
+
+    } /* wolfSSL_connect(ssl) == WOLFSSL_SUCCESS) */
    else {
        ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. "
                      "Error: %d\n", ret_i);
@@ -450,8 +547,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
    ShowCiphers(ssl);
 #endif

-    /* Cleanup and return */
-    wolfSSL_free(ssl);     /* Free the wolfSSL object                  */
+    ESP_LOGI(TAG, "Cleanup and exit");
+    wolfSSL_free(ssl);     /* Release the wolfSSL object memory        */
    wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
    wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
    close(sockfd);         /* Close the connection to the server       */
@@ -476,7 +573,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
    /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions  */
    if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
        /* Observed approximately 6KB limit for the RTOS task stack size.
-         * Reminder parameter is bytes, not words as with generic FreeeRTOS. */
+         * Reminder parameter is bytes, not words as with generic FreeRTOS. */
        ESP_LOGW(TAG, "Warning: TLS_SMP_CLIENT_TASK_BYTES < 6KB");
    }
 #ifndef WOLFSSL_SMALL_STACK
@@ -485,7 +582,8 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #endif

    /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
-     * Espressif uses BYTES for the task stack size here: */
+     * Espressif uses BYTES for the task stack size here.
+     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
    ret = xTaskCreate(tls_smp_client_task,
                      TLS_SMP_CLIENT_TASK_NAME,
                      TLS_SMP_CLIENT_TASK_BYTES,
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
@@ -29,9 +29,9 @@

 /* See main/Kconfig.projbuild for default configuration settings */
 #ifdef CONFIG_WOLFSSL_TARGET_HOST
-    #define TLS_SMP_TARGET_HOST         CONFIG_WOLFSSL_TARGET_HOST
+    #define TLS_SMP_TARGET_HOST         "192.168.1.36"
 #else
-    #define TLS_SMP_TARGET_HOST         "192.168.1.37"
+    #define TLS_SMP_TARGET_HOST         "192.168.1.41"
 #endif

 #ifdef CONFIG_WOLFSSL_TARGET_PORT
@@ -44,9 +44,23 @@

 /* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
 #if defined(WOLFSSL_ESP8266)
-    #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
+    #if defined(WOLFSSL_HAVE_KYBER)
+        /* Minimum ESP8266 stack size = 10K with Kyber.
+         * Note there's a maximum not far away as Kyber needs heap
+         * and the total DRAM is typically only 80KB total. */
+        #define TLS_SMP_CLIENT_TASK_BYTES (11 * 1024)
+    #else
+        /* Minimum ESP8266 stack size = 6K without Kyber */
+        #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
+    #endif
 #else
-    #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
+    #if defined(WOLFSSL_HAVE_KYBER)
+        /* Minimum ESP32 stack size = 12K with Kyber enabled. */
+        #define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
+    #else
+        /* Minimum ESP32 stack size = 8K without Kyber */
+        #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
+    #endif
 #endif

 #define TLS_SMP_CLIENT_TASK_PRIORITY    8
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
@@ -1,6 +1,6 @@
 /* wifi_connect.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
@@ -124,6 +124,7 @@ void my_atmel_free(int slotId)
 void app_main(void)
 {
    int stack_start = 0;
+    int this_heap = 0;
    esp_err_t ret = 0;
    ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -260,7 +261,6 @@ void app_main(void)

    /* HWM is maximum amount of stack space that has been unused, in bytes
     * not words (unlike vanilla freeRTOS). */
-    int this_heap;
    this_heap = esp_get_free_heap_size();
    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
@@ -117,8 +117,8 @@ int set_fixed_default_time(void)
     * but let's set a default time, just in case */
    struct tm timeinfo = {
        .tm_year = 2024 - 1900,
-        .tm_mon  = 1,
-        .tm_mday = 05,
+        .tm_mon  = 3,
+        .tm_mday = 01,
        .tm_hour = 13,
        .tm_min  = 01,
        .tm_sec  = 05
@@ -203,7 +203,8 @@ int set_time_from_string(const char* time_buffer)
            /* we found a match for all componets */

            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };

            for (int i = 0; i < 12; i++) {
                if (strcmp(month_str, months[i]) == 0) {
@@ -216,7 +217,7 @@ int set_time_from_string(const char* time_buffer)
            this_timeinfo.tm_hour = hour;
            this_timeinfo.tm_min = minute;
            this_timeinfo.tm_sec = second;
-            this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */

            interim_time = mktime(&this_timeinfo);
            now = (struct timeval){ .tv_sec = interim_time };
@@ -350,7 +351,7 @@ int set_time_wait_for_ntp(void)

    ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
 #else
-    ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined");
+    ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined");
 #endif /* HAS_ESP_NETIF_SNTP */
    esp_show_current_datetime();

@@ -370,7 +371,7 @@ int set_time_wait_for_ntp(void)
 #endif

    if (ret == ESP_OK) {
-        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        ESP_LOGI(TAG, "Successfully set time via NTP servers.");
        }
    else {
        ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
@@ -1,5 +1,41 @@
 # sdkconfig.defaults for ESP8266 + ESP32
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+CONFIG_BENCH_ARGV="-lng 0"
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y

+#
+# Default main stack size. See user_settings.h
+#
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+
+# Legacy stack size for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
 # CONFIG_ESP_PANIC_PRINT_REBOOT is not set
 CONFIG_ESP_PANIC_PRINT_REBOOT=n
 CONFIG_ESP_PANIC_PRINT_HALT=y
@@ -7,9 +43,51 @@ CONFIG_ESP_PANIC_PRINT_HALT=y
 # CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
 CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n

+# ESP8266 Memory
 CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
 CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
+
+#
+# Compiler options
+#
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
+CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
+CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
+CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
+
 #
 # Partition Table
 #
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
@@ -53,7 +53,7 @@
  </CustomDebug>
  <DeviceTerminalSettings>
    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM70</ComPortName>
+      <ComPortName>COM80</ComPortName>
      <AdvancedSettings>
        <BaudRate>74880</BaudRate>
        <DataBits>8</DataBits>
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
@@ -68,6 +68,19 @@ Linux Server
 ./examples/server/server                   -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
 ```

+#### ESP32 Client to WSL Linux Server
+
+In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server:
+
+```bash
+netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
+```
+
+After the server exits, remove the port proxy forward:
+
+```bash
+netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
+```

 Cipers to consider

--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
@@ -18,7 +18,7 @@
    <ToolchainID>
      <ID>com.visualgdb.xtensa-esp32-elf</ID>
      <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
        <GDB>12.1</GDB>
        <Revision>1</Revision>
      </Version>
@@ -67,8 +67,8 @@
      <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
      <ESPIDFExtension>
        <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
          <Type>ESPIDF</Type>
        </IDFCheckout>
        <COMPort>COM19</COMPort>
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #  This file is part of wolfSSL.
 #
@@ -45,6 +45,11 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")

+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()

 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
    idf_component_register(
                            REQUIRES "${COMPONENT_REQUIRES}"
                            PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          # esp_timer
+                                          # driver # this will typically only be needed for wolfSSL benchmark
                           )

 else()
@@ -363,6 +368,10 @@ else()
        "\"${WOLFSSL_ROOT}/wolfssl/\""
        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
        "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        ${THIS_IDF_PATH}/components/esp_event/include
+        ${THIS_IDF_PATH}/components/esp_netif/include
+        ${THIS_IDF_PATH}/components/esp_wifi/include
        )


@@ -384,9 +393,14 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
@@ -1,40 +1,248 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../..
+
+# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
+
+##
+## wolfcrypt
+##
+# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -19,12 +19,36 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

+/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
+
 /* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+
+#include "sdkconfig.h"
+
+#define DEBUG_WOLFSSL
+/* #define DEBUG_WOLFSSL_VERBOSE */
+
+/* Experimental Kyber */
+#if 0
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+    #endif
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048

 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +60,34 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF

+/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
+#define NO_ESP_SDK_WIFI
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chipsets should be defined:
 *
 * WOLFSSL_ESP32
 * WOLFSSL_ESPWROOM32SE
 * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
 */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */

-#define WOLFSSL_ESP32
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate, try NO_SESSION_CACHE.  */
+#define MICRO_SESSION_CACHE

 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +101,10 @@
 /* #define NO_OLD_TLS */

 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
+
+#define WOLFSSL_SMALL_STACK
+#define HAVE_ECC
+#define RSA_LOW_MEM

 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
@@ -79,39 +122,45 @@

 #define HAVE_AESGCM

-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224

 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384

-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+	/* Some known low-memory devices have features not enabled by default. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512

-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+    /* when you want to use SHA3 */
+    #define WOLFSSL_SHA3

-#define HAVE_ED25519 /* ED25519 requires SHA512 */
+	/* ED25519 requires SHA512 */
+    #define HAVE_ED25519

-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+    #define HAVE_ED25519
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */

- #define OPENSSL_EXTRA
 /* when you want to use pkcs7 */
 /* #define HAVE_PKCS7 */
-
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
    #define HAVE_AES_KEYWRAP
    #define HAVE_X963_KDF
    #define WOLFSSL_AES_DIRECT
 #endif

-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */

@@ -125,7 +174,7 @@
    /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif

-/* rsa primitive specific definition */
+/* RSA primitive specific definition */
 #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
    /* Define USE_FAST_MATH and SMALL_STACK                        */
    #define ESP32_USE_RSA_PRIMITIVE
@@ -145,8 +194,6 @@
    #endif
 #endif

-#define RSA_LOW_MEM
-
 /* #define WOLFSSL_ATECC508A_DEBUG         */

 /* date/time                               */
@@ -173,10 +220,6 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */

-
-#define WOLFSSL_SMALL_STACK
-
-
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */

@@ -190,7 +233,6 @@
 #define WOLFSSL_CERT_EXT
 #define WOLFSSL_SYS_CA_CERTS

-
 #define WOLFSSL_CERT_TEXT

 #define WOLFSSL_ASN_TEMPLATE
@@ -203,7 +245,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */

-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -211,10 +253,11 @@
 --enable-asn-template
 */

-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -232,6 +275,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -244,6 +288,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -257,6 +302,7 @@

 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
      defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     * single QFN 4x4 mm package. Out of released documentation, Technical
     * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -282,6 +328,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -299,6 +346,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -315,6 +363,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
    /*  wolfSSL Hardware Acceleration not yet implemented */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -323,7 +372,11 @@
    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -340,6 +393,7 @@

 #else
    /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -347,6 +401,7 @@
 #endif /* CONFIG_IDF_TARGET Check */

 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options

 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
@@ -367,7 +422,7 @@

 /* #define HASH_SIZE_LIMIT */ /* for test.c */

-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */

 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -390,8 +445,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */


-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP

 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -400,12 +455,75 @@
 #define ATCA_WOLFSSL
 */

-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */

+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
    #include <wolfssl/certs_test_sm.h>
    #define CTX_CA_CERT          root_sm2
@@ -421,15 +539,45 @@
    #undef  WOLFSSL_BASE16
    #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
@@ -1,6 +1,6 @@
 /* template main.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
@@ -1,6 +1,6 @@
 /* server-tls.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -38,7 +38,8 @@ int esp_show_current_datetime();
 int set_fixed_default_time(void);

 /* set time from string (e.g. GitHub commit time) */
-int set_time_from_string(char* time_buffer);
+/* When not using the new esp-sdk-lib.h helpers: */
+/* int set_time_from_string(char* time_buffer); */

 /* set time from NTP servers,
 * also initially calls set_fixed_default_time or set_time_from_string */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
@@ -1,6 +1,6 @@
 /* wifi_connect.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -28,7 +28,7 @@
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY

 #define TLS_SMP_SERVER_TASK_NAME         "tls_sever_example"
-#define TLS_SMP_SERVER_TASK_WORDS        22240
+#define TLS_SMP_SERVER_TASK_BYTES        22240
 #define TLS_SMP_SERVER_TASK_PRIORITY     8

 #define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
@@ -77,13 +77,19 @@
    #ifdef CONFIG_ESP_WIFI_SSID
        #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
    #else
-        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_SSID
+            #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        #endif
    #endif

    #ifdef CONFIG_ESP_WIFI_PASSWORD
        #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
    #else
-        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_PASS
+            #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        #endif
    #endif
 #endif

--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -234,24 +234,15 @@ void app_main(void)

    /* done */
    while (1) {
-        ESP_LOGV(TAG, "\n\nLoop...\n\n");
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
-        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
-
-        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                     - uxTaskGetStackHighWaterMark(NULL));
-        ESP_LOGI(TAG, "Stack delta: %d\n", stack_start
-                                     - uxTaskGetStackHighWaterMark(NULL));
-#endif

 #if defined(SINGLE_THREADED)
        ESP_LOGV(TAG, "\n\nDone!\n\n");
        while (1);
 #else
-        vTaskDelay(60000);
+        /* Delete this main task to free up memory */
        ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
        vTaskDelete(NULL);
 #endif
-    } /* done whle */
+    } /* done while */

 } /* app_main */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -31,10 +31,16 @@
 /* socket includes */
 #include <lwip/netdb.h>
 #include <lwip/sockets.h>
+#include <netinet/tcp.h> /* For TCP options */
+#include <sys/socket.h>
+
+#ifndef TCP_RTO_MIN
+    #define TCP_RTO_MIN 1500
+#endif

 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
-#include "user_settings.h"
+#include <wolfssl/certs_test.h>
 #include <wolfssl/ssl.h>

 #ifdef WOLFSSL_TRACK_MEMORY
@@ -50,30 +56,6 @@
    #define DEFAULT_MAX_DHKEY_BITS 2048
 #endif

-#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
-    #include <wolfssl/certs_test_sm.h>
-    #define CTX_CA_CERT          root_sm2
-    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
-    #define CTX_SERVER_CERT      server_sm2
-    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
-    #define CTX_SERVER_KEY       server_sm2_priv
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
-#else
-    #include <wolfssl/certs_test.h>
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
-
 /* Project */
 #include "wifi_connect.h"
 #include "time_helper.h"
@@ -112,7 +94,6 @@ int ShowCiphers(WOLFSSL* ssl)
    return ret;
 }

-
 /* FreeRTOS */
 /* server task */
 WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
@@ -133,7 +114,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
    int                ret;
    socklen_t          size = sizeof(clientAddr);
    size_t             len;
-
+#if 0
+    /* optionally set TCP RTO. See also below. */
+    int rto_min = 200; /* Minimum TCP RTO in milliseconds */
+#endif
    /* declare wolfSSL objects */
    WOLFSSL_CTX* ctx;
    WOLFSSL*     ssl;
@@ -157,16 +141,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
        ESP_LOGE(TAG, "ERROR: failed to create the socket");
    }

+    /* Optionally set TCP RTO
+    setsockopt(sockfd, IPPROTO_TCP, TCP_RTO_MIN, &rto_min, sizeof(rto_min)); */
+
    /* Create and initialize WOLFSSL_CTX */
    WOLFSSL_MSG("Create and initialize WOLFSSL_CTX");
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
-    // ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());  /* only TLS 1.3 */
+    /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); for only TLS 1.3 */
    if (ctx == NULL) {
        ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
    }
 #else
-    /* TODO remove duplicate */
    if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
        ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
    }
@@ -304,8 +290,8 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
    ESP_LOGI(TAG, "accept clients...");
    /* Continue to accept clients until shutdown is issued */
    while (!shutdown) {
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES
+                                        - uxTaskGetStackHighWaterMark(NULL) );
        WOLFSSL_MSG("Waiting for a connection...");
        wifi_show_ip();

@@ -314,16 +300,33 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
            == -1) {
             ESP_LOGE(TAG, "ERROR: failed to accept the connection");
        }
+#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+        ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled");
+#endif
        /* Create a WOLFSSL object */
        if ((ssl = wolfSSL_new(ctx)) == NULL) {
            ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
        }
-
+#if defined(WOLFSSL_HAVE_KYBER)
+        else {
+            /* If success creating CTX and Kyber enabled, set key share: */
+            ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
+            if (ret == SSL_SUCCESS) {
+                ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success");
+            }
+            else {
+                ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed");
+            }
+        }
+#else
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
+#endif
        /* show what cipher connected for this WOLFSSL* object */
        ShowCiphers(ssl);

        /* Attach wolfSSL to the socket */
        wolfSSL_set_fd(ssl, connd);
+
        /* Establish TLS connection */
        ret = wolfSSL_accept(ssl);
        if (ret == SSL_SUCCESS) {
@@ -333,23 +336,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
            ESP_LOGE(TAG, "wolfSSL_accept error %d",
                           wolfSSL_get_error(ssl, ret));
        }
-        WOLFSSL_MSG("Client connected successfully");
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "Client connected successfully");

        /* Read the client data into our buff array */
        memset(buff, 0, sizeof(buff));
        if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
            ESP_LOGE(TAG, "ERROR: failed to read");
        }
-        /* Print to stdout any data the client sends */
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
-        WOLFSSL_MSG("Client sends:");
-        WOLFSSL_MSG(buff);
+
+        ESP_LOGI(TAG, "Client sends: %s", buff);
        /* Check for server shutdown command */
        if (strncmp(buff, "shutdown", 8) == 0) {
-            WOLFSSL_MSG("Shutdown command issued!");
+            ESP_LOGI(TAG, "Shutdown command issued!");
            shutdown = 1;
        }
        /* Write our reply into buff */
@@ -360,10 +358,12 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
        if (wolfSSL_write(ssl, buff, len) != len) {
            ESP_LOGE(TAG, "ERROR: failed to write");
        }
+
+        ESP_LOGI(TAG, "Done! Cleanup...");
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        close(connd);           /* Close the connection to the client   */
-    }
+    } /* !shutdown */
    /* Cleanup and return */
    wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
    wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
@@ -397,12 +397,14 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
 #else
    xTaskHandle _handle;
 #endif
-    /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */
+    /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
+     * Espressif uses BYTES for the task stack size here.
+     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
    ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d",
-                   TLS_SMP_SERVER_TASK_WORDS);
+                   TLS_SMP_SERVER_TASK_BYTES);
    ret_i = xTaskCreate(tls_smp_server_task,
                      TLS_SMP_SERVER_TASK_NAME,
-                      TLS_SMP_SERVER_TASK_WORDS, /* not bytes! */
+                      TLS_SMP_SERVER_TASK_BYTES,
                      (void*)&thisPort,
                      TLS_SMP_SERVER_TASK_PRIORITY,
                      &_handle);
@@ -411,7 +413,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
        ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME);
    }

-    /* vTaskStartScheduler(); // called automatically in ESP-IDF */
+    /* vTaskStartScheduler();  called automatically in ESP-IDF */
    return TLS_SMP_CLIENT_TASK_RET;
 }
 #endif
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
@@ -1,6 +1,6 @@
 /* wifi_connect.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
@@ -1,79 +1,15 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.1
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.16)
+cmake_minimum_required(VERSION 3.5)

-# The wolfSSL CMake file should be able to find the source code.
-# Otherwise, assign an environment variable or set it here:
-#
-# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
-#
-# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
-# USE_MY_PRIVATE_CONFIG path for my_private_config.h
-#
-# Expected path varies:
-#
-#     WSL:  /mnt/c/workspace
-#   Linux:  ~/workspace
-# Windows:  C:\workspace
-#
-if(WIN32)
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
-endif()
-if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
-endif()
-if(APPLE)
-    message("Detected APPLE")
-endif()
-if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
-endif()
-if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
-endif()
-if(APPLE)
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
-endif()
-# End optional WOLFSSL_CMAKE_SYSTEM_NAME
-
-# Check that there are not conflicting wolfSSL components
-# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
-# The local component wolfSSL directory will be in ./components/wolfssl
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
-    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
-    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
-    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
-    # So we'll error out and let the user decide how to proceed:
-    message(WARNING "\nFound wolfSSL components in\n"
-                    "./managed_components/wolfssl__wolfssl\n"
-                    "and\n"
-                    "./components/wolfssl\n"
-                    "in project directory: \n"
-                    "${CMAKE_HOME_DIRECTORY}")
-    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
-                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
-                        "or rename the idf_component.yml file typically found in ./main/")
-else()
-    message(STATUS "No conflicting wolfSSL components found.")
-endif()
+add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)

 include($ENV{IDF_PATH}/tools/cmake/project.cmake)

-set(COMPONENTS
-  main
-  wolfssl
-  # cryptoauthlib
-) # set components
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".

 project(wolfssl_test)
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
@@ -3,9 +3,12 @@
 # project subdirectory.
 #

-PROJECT_NAME := wolfssl_test
-
 CFLAGS += -DWOLFSSL_USER_SETTINGS

-include $(IDF_PATH)/make/project.mk
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG

+PROJECT_NAME := wolfssl_test
+
+include $(IDF_PATH)/make/project.mk
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj
@@ -71,7 +71,7 @@
          <Subdirectory>esp-idf/v5.0</Subdirectory>
          <Type>ESPIDF</Type>
        </IDFCheckout>
-        <COMPort>COM9</COMPort>
+        <COMPort>COM19</COMPort>
        <SuppressTestPrerequisiteChecks>false</SuppressTestPrerequisiteChecks>
        <UseCCache>false</UseCCache>
        <DeviceID>ESP32</DeviceID>
@@ -93,7 +93,7 @@
  </CustomDebug>
  <DeviceTerminalSettings>
    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM20</ComPortName>
+      <ComPortName>COM19</ComPortName>
      <AdvancedSettings>
        <BaudRate>115200</BaudRate>
        <DataBits>8</DataBits>
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #  This file is part of wolfSSL.
 #
@@ -19,16 +19,95 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.0 template update + THIS_IDF_PATH
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #

 cmake_minimum_required(VERSION 3.16)
+
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
 set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message("Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message("Detected UNIX")
+    endif()
+    if(APPLE)
+        message("Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message("Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message("Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message("Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+endif()

 # find the user name to search for possible "wolfssl-username"
 message(STATUS "USERNAME = $ENV{USERNAME}")
@@ -45,6 +124,11 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")

+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()

 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
    endif()
 endfunction()

+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+        else()
+            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+            if( FOUND_WOLFSSL )
+                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            else()
+                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+                message(STATUS "$ENV{WOLFSSL_ROOT}")
+            endif()
+        endif()
    else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
        IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
        if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
-            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
-            return()
+            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
        else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
        endif()
    endif()

+
    # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
    message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
    get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
            return()
        endif()

+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
        if( THIS_USER )
            # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")

-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
            if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                return()
            endif()
        endif()
@@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
        message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
        if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
            set(CURRENT_SEARCH_DIR "")
        endif()
    endwhile()
@@ -149,17 +279,47 @@ endfunction()


 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#

+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")

+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()

+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "")
+    set(THIS_INCLUDE_DRIVER "")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_INCLUDE_DRIVER "driver")
+endif()

 if(CMAKE_BUILD_EARLY_EXPANSION)
    message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
    idf_component_register(
                            REQUIRES "${COMPONENT_REQUIRES}"
                            PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          ${THIS_INCLUDE_TIMER}
+                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
                           )

 else()
@@ -171,24 +331,52 @@ else()
    # search for wolfSSL
    FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
    if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
    else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Searching for wolfSL source code...")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        message(STATUS "Failed: wolfssl directory not found.")
        # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        # Abort CMake after fatal error.
    endif()

    set(INCLUDE_PATH ${WOLFSSL_ROOT})

    set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")

-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()

-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
    endif()

    set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
@@ -200,16 +388,19 @@ else()

    message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")

+    # wolfSSL user_settings.h is in the local project.
    set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")

+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")

    # Espressif may take several passes through this makefile. Check to see if we found IDF
    string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)

    # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
    file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")

    message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
    message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -232,11 +423,13 @@ else()
        message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
        message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
        message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
        message(STATUS "")
        message(STATUS "**************************************************************************************")
        message(STATUS "")

+        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
+        # Abort CMake after fatal error.
+
        # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")

@@ -286,6 +479,7 @@ else()
                        message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                            "${WOLFSSL_ROOT}/include/user_settings.h "
                                            " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                    else()
                        # we won't overwrite an existing user settings file, just note that we already have one:
                        if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -355,17 +549,22 @@ else()
            message(STATUS "Could not find RTOS path")
        endif()
    endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
    set(COMPONENT_ADD_INCLUDEDIRS
        "./include" # this is the location of wolfssl user_settings.h
        "\"${WOLFSSL_ROOT}/\""
        "\"${WOLFSSL_ROOT}/wolfssl/\""
        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
        "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
        )

-
+    # Optionally include cryptoauthlib if present
    if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
        list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
    endif()
@@ -374,7 +573,7 @@ else()
    list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")


-
+    # Some files are known to be included elsewhere, or not used for Espressif
    set(COMPONENT_SRCEXCLUDE
        "\"${WOLFSSL_ROOT}/src/bio.c\""
        "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -384,9 +583,14 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
        "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -423,17 +627,34 @@ else()
                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
                            REQUIRES "${COMPONENT_REQUIRES}"
                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                            PRIV_REQUIRES
+                              "${THIS_INCLUDE_TIMER}"
+                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                           )
-    # some optional diagnostics
-    if (1)
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
        get_cmake_property(_variableNames VARIABLES)
        list (SORT _variableNames)
        message(STATUS "")
        message(STATUS "ALL VARIABLES BEGIN")
        message(STATUS "")
        foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
        endforeach()
        message(STATUS "")
        message(STATUS "ALL VARIABLES END")
@@ -520,6 +741,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION)
    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")

+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
    message(STATUS "************************************************************************************************")
    message(STATUS "wolfssl component config complete!")
    message(STATUS "************************************************************************************************")
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
@@ -1,40 +1,240 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# In the wolfSSL GitHub examples for Espressif,
+# the root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../../
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+
+# WOLFSSL_ROOT := ""
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
+COMPONENT_SRCDIRS += include
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+
+##
+## wolfcrypt test (optional)
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+
+##
+## wolfcrypt
+##
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -19,12 +19,22 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here
+ *
+ * When editing this file:
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
+ */
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"

 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +46,175 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF

+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+#define NO_ESP_SDK_WIFI
+
+/* Experimental Kyber */
+#if 0
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+#endif
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
 *
 * WOLFSSL_ESP32
- * WOLFSSL_ESPWROOM32SE
 * WOLFSSL_ESP8266
 */
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */

-#define WOLFSSL_ESP32
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+/* Uncommon settings for testing only */
+#define TEST_ESPIDF_ALL_WOLFSSL
+#ifdef  TEST_ESPIDF_ALL_WOLFSSL
+    #define WOLFSSL_MD2
+    #define HAVE_BLAKE2
+    #define HAVE_BLAKE2B
+    #define HAVE_BLAKE2S
+
+    #define WC_RC2
+    #define WOLFSSL_ALLOW_RC4
+
+    #define HAVE_POLY1305
+
+    #define WOLFSSL_AES_128
+    #define WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_CFB
+    #define WOLFSSL_AES_XTS
+
+    /* #define WC_SRTP_KDF */
+    /* TODO Causes failure with Espressif AES HW Enabled */
+    /* #define HAVE_AES_ECB */
+    /* #define HAVE_AESCCM  */
+    /* TODO sanity check when missing HAVE_AES_ECB */
+    #define WOLFSSL_WOLFSSH
+
+    #define HAVE_AESGCM
+    #define WOLFSSL_AES_COUNTER
+
+    #define HAVE_FFDHE
+    #define HAVE_FFDHE_2048
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* TODO Full size SRP is disabled on the ESP8266 at this time.
+         * Low memory issue? */
+        #define WOLFCRYPT_HAVE_SRP
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+          defined(CONFIG_IDF_TARGET_ESP32S2) || \
+          defined(CONFIG_IDF_TARGET_ESP32S3)
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32H2)
+        /* SRP Known to be working on this target::*/
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #else
+        /* For everything else, give a try and see if SRP working: */
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+
+    #define HAVE_DH
+
+    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+    /* #define HAVE_CAMELLIA */
+
+    /* DSA requires old SHA */
+    #define HAVE_DSA
+
+    /* Needs SHA512 ? */
+    #define HAVE_HPKE
+
+    /* Not for Espressif? */
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP32H2) || \
+        defined(CONFIG_IDF_TARGET_ESP8266)
+
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            #undef HAVE_ECC
+            #undef HAVE_ECC_CDH
+            #undef HAVE_CURVE25519
+
+            /* TODO does CHACHA also need alignment? Failing on ESP8266
+             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
+            #ifdef HAVE_CHACHA
+                #error "HAVE_CHACHA not supported on ESP8266"
+            #endif
+            #ifdef HAVE_XCHACHA
+                #error "HAVE_XCHACHA not supported on ESP8266"
+            #endif
+        #else
+            #define HAVE_XCHACHA
+            #define HAVE_CHACHA
+            /* TODO Not enabled at this time, needs further testing:
+             *   #define WC_SRTP_KDF
+             *   #define HAVE_COMP_KEY
+             *   #define WOLFSSL_HAVE_XMSS
+             */
+        #endif
+        /* TODO AES-EAX not working on this platform */
+
+        /* Optionally disable DH
+         *   #undef HAVE_DH
+         *   #undef HAVE_FFDHE
+         */
+
+        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+        #ifndef HAVE_ECC
+            #define ECC_SHAMIR
+        #endif
+    #else
+        #define WOLFSSL_AES_EAX
+
+        #define ECC_SHAMIR
+    #endif
+
+    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+    /* #define WOLFSSL_CAAM      */
+    /* #define WOLFSSL_CAAM_BLOB */
+
+    #define WOLFSSL_AES_SIV
+    #define WOLFSSL_CMAC
+
+    #define WOLFSSL_CERT_PIV
+
+    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+    /* #define HAVE_SCRYPT */
+    #define SCRYPT_TEST_ALL
+    #define HAVE_X963_KDF
+#endif

 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +228,6 @@
 /* #define NO_OLD_TLS */

 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048

 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
@@ -79,7 +245,9 @@

 #define HAVE_AESGCM

-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224

@@ -95,24 +263,34 @@
 /* ED25519 requires SHA512 */
 #define HAVE_ED25519

-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* TODO determine low memory configuration for ECC. */
+#else
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+#endif
+
 #define HAVE_ED25519

+/* Optional OPENSSL compatibility */
 #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
-/* #define HAVE_PKCS7 */

+/* #Optional HAVE_PKCS7 */
 #define HAVE_PKCS7

 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
    #define HAVE_AES_KEYWRAP
    #define HAVE_X963_KDF
    #define WOLFSSL_AES_DIRECT
 #endif

-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */

@@ -126,27 +304,11 @@
    /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif

-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */

-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */

 /* #define WOLFSSL_ATECC508A_DEBUG         */

@@ -158,7 +320,7 @@


 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+#define ESP_RSA_TIMEOUT_CNT    0x349F00

 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -206,7 +368,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */

-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -214,10 +376,14 @@
 --enable-asn-template
 */

-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -235,6 +401,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -247,6 +414,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -260,6 +428,7 @@

 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
      defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     * single QFN 4x4 mm package. Out of released documentation, Technical
     * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -285,6 +454,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -302,6 +472,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
@@ -318,6 +489,7 @@
    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
    /*  wolfSSL Hardware Acceleration not yet implemented */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -326,7 +498,11 @@
    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/

 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -343,13 +519,42 @@

 #else
    /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */

+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options

 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
@@ -363,6 +568,14 @@
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */

 /* Pause in a loop rather than exit. */
@@ -396,8 +609,9 @@
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */

-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP

 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -406,12 +620,75 @@
 #define ATCA_WOLFSSL
 */

-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */

+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
    #include <wolfssl/certs_test_sm.h>
    #define CTX_CA_CERT          root_sm2
@@ -427,24 +704,72 @@
    #undef  WOLFSSL_BASE16
    #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1

-/* See settings.h for some of the possible hardening options:
- *
- *  #define NO_ESPIDF_DEFAULT
- *  #define WC_NO_CACHE_RESISTANT
- *  #define WC_AES_BITSLICED
- *  #define HAVE_AES_ECB
- *  #define HAVE_AES_DIRECT
- */
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
@@ -3,78 +3,7 @@
 #
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")

-set(COMPONENT_SRCS "main.c")
-
-# when using time helper:
-# set(COMPONENT_SRCS "main.c" "time_helper.c")
-
-set(COMPONENT_ADD_INCLUDEDIRS ".")
-
-set (git_cmd "git")
-
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-    #
-    # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
-    #
-    message(STATUS "")
-    message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH")
-    message(STATUS "")
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
-endif()
-
-idf_component_register(SRCS main.c
-                       INCLUDE_DIRS "." 
-                       "./include")
-
-#
-# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
-#
-# Save the THIS_VAR as a string in a macro called VAR_OUPUT
-#
-# VAR_OUPUT:  the name of the macro to define
-# THIS_VAR:   the OUTPUT_VARIABLE result from a execute_process()
-# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
-#
-function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
-    # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
-    string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
-
-    # if we had a successful operation, save the THIS_VAR in VAR_OUPUT
-    if(${IS_VALID_VALUE})
-        # strip newline chars in THIS_VAR parameter and save in VAR_VALUE
-        string(REPLACE "\n" ""  VAR_VALUE  ${THIS_VAR})
-
-        # we'll could percolate the value to the parent for possible later use
-        # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
-
-        # but we're only using it here in this function
-        set(${VAR_OUPUT} ${VAR_VALUE})
-
-        # we'll print what we found to the console
-        message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
-
-        # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
-    else()
-        # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
-        set(${VAR_OUPUT} "Unknown")
-    endif()
-endfunction() # LIBWOLFSSL_SAVE_INFO
-
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
-    # LIBWOLFSSL_VERSION_GIT_HASH
-    execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
-
-    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH
-    execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
-
-    # LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
-endif()
-
-message(STATUS "")
-
+idf_component_register(SRCS
+                         "main.c"
+                       INCLUDE_DIRS
+                         ".")
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
@@ -1,3 +1,9 @@
 #
-# Main Makefile. This is basically the same as a component makefile.
-#
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
@@ -1,6 +1,6 @@
 /* template main.h
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -24,22 +24,43 @@
 #include "sdkconfig.h"

 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef WOLFSSL_ESPIDF
-#warning "problem with wolfSSL user settings. Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/version.h>
+    #include <wolfssl/wolfcrypt/types.h>
+    #include <wolfcrypt/test/test.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif

-#include <wolfcrypt/test/test.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#include "driver/uart.h"

-/* set to 0 for one benchmark,
-** set to 1 for continuous benchmark loop */
+
+/* set to 0 for one test,
+** set to 1 for continuous test loop */
 #define TEST_LOOP 0

+#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200
+
+#ifdef CONFIG_ESP8266_XTAL_FREQ_26
+    /* 26MHz crystal: 74880 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 74880
+#else
+    /* 40MHz crystal: 115200 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 115200
+#endif
+
 /*
 ** the wolfssl component can be installed in either:
 **
@@ -55,13 +76,9 @@

 /*
 ** although the wolfcrypt/test includes a default time setting,
-** see the enclosed optional time helper for adding NNTP.
-** be sure to add "time_helper.c" in main/CMakeLists.txt
-*/
+** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */
+
 #undef WOLFSSL_USE_TIME_HELPER
-#if defined(WOLFSSL_USE_TIME_HELPER)
-    #include "time_helper.h" */
-#endif

 /* see wolfssl/wolfcrypt/test/test.h */
 extern void wolf_crypt_task();
@@ -132,14 +149,36 @@ void my_atmel_free(int slotId)
 /* entry point */
 void app_main(void)
 {
-    int stack_start = 0;
+    uart_config_t uart_config = {
+        .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
+        .data_bits = UART_DATA_8_BITS,
+        .parity    = UART_PARITY_DISABLE,
+        .stop_bits = UART_STOP_BITS_1,
+    };
    esp_err_t ret = 0;
+    wc_ptr_t stack_start = esp_sdk_stack_pointer();
+
+    /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
+     *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
+
+    /* Some targets may need to have UART speed set. TODO: which? */
+    ESP_LOGI(TAG, "UART init");
+    uart_param_config(UART_NUM_0, &uart_config);
+    uart_driver_install(UART_NUM_0,
+                        THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0);
+
    ESP_LOGI(TAG, "------------------ wolfSSL Test Example ----------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
    ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
    ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
+
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
+    esp_DisableWatchdog();
+#endif

 #ifdef ESP_TASK_MAIN_STACK
     ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
@@ -166,51 +205,9 @@ void app_main(void)
    esp_ShowExtendedSystemInfo();
 #endif

-    /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32)
-    ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
-            );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#elif defined(CONFIG_IDF_TARGET_ESP32S2)
-    ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#elif defined(CONFIG_IDF_TARGET_ESP32S3)
-    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#else
-    /* not available for other platformas at this time */
-#endif
-
    /* all platforms: stack high water mark check */
    ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));

-    /* check to see if we are using hardware encryption
-     * TODO: move this to esp_util.c  */
-#if defined(NO_ESP32_CRYPT)
-    ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED.");
-#else
-    #if defined(CONFIG_IDF_TARGET_ESP32C2)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C2.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C3.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32S2)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S2.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32S3)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S3.");
-
-    #else
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled.");
-    #endif
-#endif
-
 #if defined (WOLFSSL_USE_TIME_HELPER)
    set_time();
 #endif
@@ -256,19 +253,10 @@ void app_main(void)
    ** This is called at the end of wolf_test_task();
    */

-    if (ret == 0) {
-        ESP_LOGI(TAG, "wolf_test_task complete success result code = %d", ret);
-    }
-    else {
-        ESP_LOGE(TAG, "wolf_test_task FAIL result code = %d", ret);
-        /* see wolfssl/wolfcrypt/error-crypt.h */
-    }
-
-#if defined(DEBUG_WOLFSSL) && !defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI)
+#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
    esp_hw_show_mp_metrics();
 #endif

-    /* after the test, we'll just wait */
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));

@@ -276,7 +264,14 @@ void app_main(void)
                                        - (uxTaskGetStackHighWaterMark(NULL)));
 #endif

-#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
 #else
    ESP_LOGI(TAG, "\n\nDone!\n\n"
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c
@@ -1,120 +0,0 @@
-/* time_helper.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#include <string.h>
-#include <lwip/apps/sntp.h>
-
-#include "sdkconfig.h"
-#include "esp_log.h"
-
-#include "time_helper.h"
-
-const static char* TAG = "Time Helper";
-
-#define TIME_ZONE "PST-8"
-/* NELEMS(x) number of elements
- * To determine the number of elements in the array, we can divide the total size of
- * the array by the size of the array element
- * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c
- **/
-#define NELEMS(x)  ( (int)(sizeof(x) / sizeof((x)[0])) )
-#define NTP_SERVER_LIST ( (char*[]) {                        \
-                                     "pool.ntp.org",         \
-                                     "time.nist.gov",        \
-                                     "utcnist.colorado.edu"  \
-                                     }                       \
-                        )
-/* #define NTP_SERVER_COUNT using NELEMS:
- *
- *  (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0]))
- */
-#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST)
-char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
-
-/* our NTP server list is global info */
-extern char* ntpServerList[NTP_SERVER_COUNT];
-
-
-int set_time(void)
-{
-    /* we'll also return a result code of zero */
-    int res = 0;
-    int i = 0; /* counter for time servers */
-    time_t interim_time;
-
-    /* ideally, we'd like to set time from network,
-     * but let's set a default time, just in case */
-    struct tm timeinfo = {
-        .tm_year = 2022 - 1900,
-        .tm_mon = 11,
-        .tm_mday = 15,
-        .tm_hour = 3,
-        .tm_min = 25,
-        .tm_sec = 0
-    };
-    struct timeval now;
-
-#ifndef NTP_SERVER_COUNT
-    #define NTP_SERVER_COUNT 0
-    char* ntpServerList[NTP_SERVER_COUNT];
-#endif /* not defined: NTP_SERVER_COUNT */
-
-#ifndef TIME_ZONE
-    #define TIME_ZONE "PST-8"
-#endif /* not defined: TIME_ZONE */
-
-
-    /* set interim static time */
-    interim_time = mktime(&timeinfo);
-    now = (struct timeval){ .tv_sec = interim_time };
-    settimeofday(&now, NULL);
-
-
-    /* set timezone */
-    setenv("TZ", TIME_ZONE, 1);
-    tzset();
-
-    if (NTP_SERVER_COUNT) {
-        /* next, let's setup NTP time servers
-         *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
-         */
-        sntp_setoperatingmode(SNTP_OPMODE_POLL);
-
-        ESP_LOGI(TAG, "sntp_setservername:");
-        for (i = 0; i < NTP_SERVER_COUNT; i++) {
-            const char* thisServer = ntpServerList[i];
-            if (strncmp(thisServer, "\x00", 1) == 0) {
-                /* just in case we run out of NTP servers */
-                break;
-            }
-            ESP_LOGI(TAG, "%s", thisServer);
-            sntp_setservername(i, thisServer);
-        }
-        sntp_init();
-        ESP_LOGI(TAG, "sntp_init done.");
-    }
-    else {
-        ESP_LOGI(TAG, "No sntp time servers found.");
-    }
-    return res;
-}
-
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
@@ -1,41 +1,88 @@
-# This tag is used to include this file in the ESP Component Registry:
+# sdkconfig.defaults for ESP8266 + ESP32
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+CONFIG_BENCH_ARGV="-lng 0"
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y

 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
-#
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55000
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500

 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55000
+CONFIG_MAIN_TASK_STACK_SIZE=10500

+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
 #
 # Watchdog Timers
 #
-# We don't want to have the watchdog timeout during tests
+# We don't want to have the watchdog timeout during tests & benchmarks
 #
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000

 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options

-# minimum C3 chip revision known to work is 2.
-# rev 0 and 1 not available for testing.
-# all revisions expected to work.
-CONFIG_ESP32C3_REV_MIN_0=
-CONFIG_ESP32C3_REV_MIN_1=
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
 CONFIG_ESP32C3_REV_MIN_2=y
-CONFIG_ESP32C3_REV_MIN_3=
-

 #
 # Partition Table
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+#
+# testAll.sh [keyword suffix]
+#
+# Build and compile the wolfssl_test for all platforms.
+#
+# Supply optional keyword suffix value for log file names.
+#
+# See testMonitor.sh for USB port settings.
+#
+# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty.
+# instead of using `idf.py monitor`
+#==============================================================================
+
+# Run shell check to ensure this a good script.
+shellcheck "$0"
+
+if [[ "$PATH" == *"rtos-sdk"* ]]; then
+    echo "Error. Detected rtos-sdk in path."
+    echo "Need to start with clean path (no prior idf.py setup) "
+    exit 1
+fi
+
+# Save the current PATH to a temporary variable
+ORIGINAL_PATH="$PATH"
+echo "ORIGINAL_PATH=$PATH"
+
+export ESPIDF_PUTTY_MONITOR="TRUE"
+
+THIS_SUFFIX="$1"
+
+
+#******************************************************************************
+# ESP8266 uses rtos-sdk/v3.4 toolchain. Test this first, as it is slowest.
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+#******************************************************************************
+
+# Clear ESP-IDF environment variables to ensure clean start for export.sh
+unset ESP_IDF_VERSION
+unset ESP_ROM_ELF_DIR
+unset IDF_DEACTIVATE_FILE_PATH
+unset IDF_PATH
+unset IDF_PYTHON_ENV_PATH
+unset IDF_TOOLS_EXPORT_CMD
+unset IDF_TOOLS_INSTALL_CMD
+unset OPENOCD_SCRIPTS
+
+echo "Run ESP8266 export.sh from ${WRK_IDF_PATH}"
+
+# shell check should not follow into the ESP-IDF export.sh
+# shellcheck disable=SC1091
+. "$WRK_IDF_PATH"/export.sh
+
+# Tensilica
+./testMonitor.sh wolfssl_test esp8266 "$THIS_SUFFIX" || exit 1 # 2715073
+
+
+#******************************************************************************
+# ESP32[-N] uses esp-idf/v5.2 toolchain
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+#******************************************************************************
+# Restore the original PATH
+export PATH="$ORIGINAL_PATH"
+
+# Clear ESP-IDF environment variables to ensure clean start
+unset ESP_IDF_VERSION
+unset ESP_ROM_ELF_DIR
+unset IDF_DEACTIVATE_FILE_PATH
+unset IDF_PATH
+unset IDF_PYTHON_ENV_PATH
+unset IDF_TOOLS_EXPORT_CMD
+unset IDF_TOOLS_INSTALL_CMD
+unset OPENOCD_SCRIPTS
+
+echo "Run ESP32 export.sh from ${WRK_IDF_PATH}"
+
+# shell check should not follow into the ESP-IDF export.sh
+# shellcheck disable=SC1091
+. "$WRK_IDF_PATH"/export.sh
+
+# Comment numeric values are recently observed runtime durations.
+# Different tests may be enabled for each device.
+# This list is not indicative of relative performance.
+
+# Limited hardware acceleration, test slowest first:
+./testMonitor.sh wolfssl_test esp32h2 "$THIS_SUFFIX" || exit 1 # 1424084 esp32h2 COM31" ok
+./testMonitor.sh wolfssl_test esp8684 "$THIS_SUFFIX" || exit 1 # 1065290 esp8684 COM49" ok
+
+# RISC-V
+./testMonitor.sh wolfssl_test esp32c2 "$THIS_SUFFIX" || exit 1 # 1133856 esp32c2 COM79" ok
+./testMonitor.sh wolfssl_test esp32c3 "$THIS_SUFFIX" || exit 1 # 344677  esp32c3 COM35"   NT
+./testMonitor.sh wolfssl_test esp32c6 "$THIS_SUFFIX" || exit 1 # 346393  esp32c6 COM36" ok
+
+# Xtensa
+./testMonitor.sh wolfssl_test esp32   "$THIS_SUFFIX" || exit 1 # 259093  esp32   COM9"    NT
+./testMonitor.sh wolfssl_test esp32s2 "$THIS_SUFFIX" || exit 1 # 305004  esp32s2 COM30"   NT
+./testMonitor.sh wolfssl_test esp32s3 "$THIS_SUFFIX" || exit 1 # 267518  esp32s3 COM24"   NT
+
+# Restore the original PATH
+export PATH="$ORIGINAL_PATH"
+
+echo "Done!"
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
@@ -0,0 +1,230 @@
+#!/bin/bash
+#
+# Syntax:
+#   ./testMonitor.sh <example_name> <target> <keyword>
+#
+# Example:
+#
+#   ./testMonitor.sh wolfssl_test esp32c6 WIP
+#
+# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty
+# instead of using `idf.py monitor`
+#========================================================================================
+
+# Run shell check to ensure this a good script.
+shellcheck "$0"
+
+PUTTY_EXE="/mnt/c/tools/putty.exe"
+
+THIS_HOME_DIR="$(pwd)"
+# export WOLFSSL_ESPIDF="/mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples"
+
+# the first parameter is expected to be a project name in the WOLFSSL_ESPIDF directory.
+if [ $# -lt 3 ]; then
+    echo "Usage: $0 <example_name> <target> <keyword>"
+    exit 1
+else
+    THIS_EXAMPLE="$1"
+#    pushd "${WOLFSSL_ESPIDF}" || exit 1
+#    pushd "./${THIS_EXAMPLE}" || exit 1
+
+    THIS_TARGET="$2"
+    THIS_KEYWORD="$3"
+fi
+
+echo "testMonitor current path:"
+pwd
+
+#ESP32c2 monitor is 78800
+# These are the WSL Serial Ports for each respective ESP32 SoC Device.
+# Unfortunately they are currently hard coded and computer-specific.
+esp32_PORT="/dev/ttyS9"
+esp32c2_PORT="/dev/ttyS79"
+esp32c3_PORT="/dev/ttyS35"
+esp32c6_PORT="/dev/ttyS36"
+esp32h2_PORT="/dev/ttyS31"
+esp32s2_PORT="/dev/ttyS30"
+esp32s3_PORT="/dev/ttyS24"
+esp8266_PORT="/dev/ttyS70"
+
+esp8684_PORT="/dev/ttyS49"
+# esp32c2_PORT="/dev/ttyS49" #8684
+
+# Load putty profiles. Note profiles names need to have been previously
+# defined and saved in putty! These are the saved sessions in putty:
+esp32_PUTTY="COM9"
+esp32c2_PUTTY="COM79 - ESP32-C2 74880"
+esp32c3_PUTTY="COM35"
+esp32c6_PUTTY="COM36"
+esp32h2_PUTTY="COM31"
+esp32s2_PUTTY="COM30"
+esp32s3_PUTTY="COM24"
+esp8684_PUTTY="COM49"
+esp8266_PUTTY="COM70 - 74880"
+
+echo "esp32_PORT:   $esp32_PORT"
+echo "esp32c2_PORT: $esp32c2_PORT"
+echo "esp32c3_PORT: $esp32c3_PORT"
+echo "esp32c6_PORT: $esp32c6_PORT"
+echo "esp32s2_PORT: $esp32s2_PORT"
+echo "esp32s3_PORT: $esp32s3_PORT"
+echo "esp32h2_PORT: $esp32h2_PORT"
+echo "esp8266_PORT: $esp8266_PORT"
+echo "esp8684_PORT: $esp8684_PORT"
+
+# given a THIS_TARGET, assign THIS_TARGET_PORT to the respective port.
+THIS_TARGET_PORT="${THIS_TARGET}_PORT"
+
+# Check that THIS_TARGET_PORT is defined.
+if [ -z "$THIS_TARGET_PORT" ]; then
+    echo "Error: No port defined for ${THIS_TARGET}"
+    exit 1
+else
+    echo "THIS_TARGET_PORT=${THIS_TARGET_PORT}"
+fi
+
+THIS_TARGET_PORT="${!THIS_TARGET_PORT}"
+echo THIS_TARGET_PORT="${THIS_TARGET_PORT}"
+
+
+# The use of putty is optional
+THIS_TARGET_PUTTY="${THIS_TARGET}_PUTTY"
+
+if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then
+    echo "Using ESP-IDF monitor"
+else
+    # Check that THIS_TARGET_PUTTY is defined.
+    echo ""
+    echo "Using saved putty profile session names:"
+    echo "esp32_PUTTY:   $esp32_PUTTY"
+    echo "esp32c2_PUTTY: $esp32c2_PUTTY"
+    echo "esp32c3_PUTTY: $esp32c3_PUTTY"
+    echo "esp32c6_PUTTY: $esp32c6_PUTTY"
+    echo "esp32s2_PUTTY: $esp32s2_PUTTY"
+    echo "esp32s3_PUTTY: $esp32s3_PUTTY"
+    echo "esp32h2_PUTTY: $esp32h2_PUTTY"
+    echo "esp8684_PUTTY: $esp8684_PUTTY"
+    echo "esp8266_PUTTY: $esp8266_PUTTY"
+    echo ""
+
+    if [ -z "$THIS_TARGET_PUTTY" ]; then
+        echo "Error: No putty profile defined for ${THIS_TARGET}"
+        exit 1
+    else
+        echo "THIS_TARGET_PUTTY=${THIS_TARGET_PUTTY}"
+    fi
+
+    THIS_TARGET_PUTTY="${!THIS_TARGET_PUTTY}"
+    echo THIS_TARGET_PUTTY="${THIS_TARGET_PUTTY}"
+fi
+
+if [[ "$THIS_TARGET" == "esp8684" ]]; then
+    echo "Treating esp8684 like an esp32c2"
+    THIS_TARGET=esp32c2
+fi
+
+
+# Assemble some log file names.
+echo ""
+BUILD_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_build_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+FLASH_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_flash_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_output_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_CFG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_user_settings_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_WLOG="logs\\${THIS_TARGET}_output.log"
+# cp ./components/wolfssl/include/user_settings.h "${THIS_CFG}"
+
+echo  "BUILD_LOG = ${BUILD_LOG}"
+echo  "FLASH_LOG = ${FLASH_LOG}"
+echo  "THIS_LOG  = ${THIS_LOG}"
+echo  "THIS_CFG  = ${THIS_CFG}"
+
+
+if [[ "$THIS_TARGET" == "esp8266" ]]; then
+    # idf.py for the ESP8266  does not support --version
+    echo "ESP8266 using $IDF_PATH"
+else
+    idf.py --version                            > "${BUILD_LOG}" 2>&1
+fi
+
+echo "Full clean for $THIS_TARGET..."
+#---------------------------------------------------------------------
+idf.py fullclean                                >> "${BUILD_LOG}" 2>&1
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    echo "Error during fullclean. Deleting build directory."
+    rm -rf ./build
+fi
+
+#---------------------------------------------------------------------
+if [[ "$THIS_TARGET" == "esp8266" ]]; then
+    #always start with a fresh sdkconfig-debug (or sdkconfig-release) from defaults
+    rm -f ./sdkconfig-debug
+    rm -f ./sdkconfig-release
+
+    # idf.py for the ESP8266  does not support --set-target
+    echo "Target is $THIS_TARGET"
+
+    # Since we don't "set-target" for the ESP8266, ensure the sdkconfig is not present
+    rm -f ./sdkconfig
+else
+    # Start with fresh sdkconfig
+    rm -f ./sdkconfig
+
+    # ESP8266 debug and release files not used for non-ESP8266 targets here,delete anyhow:
+    rm -f ./sdkconfig-debug
+    rm -f ./sdkconfig-release
+
+    echo "idf.py set-target $THIS_TARGET"
+    idf.py "set-target" "$THIS_TARGET"              >> "${BUILD_LOG}" 2>&1
+    THIS_ERROR_CODE=$?
+    if [ $THIS_ERROR_CODE -ne 0 ]; then
+        echo ""
+        tail -n 5 "${BUILD_LOG}"
+        echo "Error during set-target"
+        exit 1
+    fi
+fi
+
+#---------------------------------------------------------------------
+echo ""
+echo "Build $THIS_TARGET..."
+echo "idf.py build"
+idf.py build                                    >> "${BUILD_LOG}" 2>&1
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    tail -n 5 "${BUILD_LOG}"
+    echo "Error during build for $THIS_TARGET"
+    echo ""
+    echo ""
+    exit 1
+fi
+
+#---------------------------------------------------------------------
+echo ""
+echo "Flash $THIS_TARGET..."
+echo "idf.py flash -p ${THIS_TARGET_PORT} -b 115200"
+idf.py flash -p "${THIS_TARGET_PORT}" -b 115200 2>&1 | tee -a "${FLASH_LOG}"
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    tail -n 5 "${FLASH_LOG}"
+    echo "Error during flash"
+    exit 1
+fi
+
+# popd || exit 1
+# popd || exit 1
+
+# Note both of the options spawn a separate process:
+if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then
+    echo "Monitor..."
+    echo  ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}"
+
+    ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}" &
+else
+    echo "Calling putty..."
+    echo "$PUTTY_EXE -load \"$THIS_TARGET_PUTTY\""
+    $PUTTY_EXE -load "$THIS_TARGET_PUTTY" -logoverwrite -sessionlog "${THIS_WLOG}" &
+fi
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM80</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>true</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
 *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
@@ -1,6 +1,6 @@
 #ifndef _TIME_HELPER_H
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
--- a/Show More
+++ b/Show More