Merge with upstream

.github/workflows/openvpn.yml

@@ -43,7 +43,7 @@ jobs:
       fail-fast: false
       matrix:
         # List of refs to test
-        ref: [ release/2.6, v2.6.0, master ]
+        ref: [ release/2.6, master ]
     name: ${{ matrix.ref }}
     if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-22.04

.github/workflows/softhsm.yml

@@ -0,0 +1,94 @@
+name: SoftHSMv2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-softhsm
+          path: build-dir.tgz
+          retention-days: 5
+
+  softhsm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.6.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcppunit-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-softhsm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout SoftHSMv2
+        uses: actions/checkout@v4
+        with:
+          repository: opendnssec/SoftHSMv2
+          path: softhsm
+          ref: ${{ matrix.ref }}
+
+      # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
+      - name: Build softhsm
+        working-directory: softhsm
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
+          autoreconf -if
+          ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          make -j
+
+      - name: Test softhsm
+        working-directory: softhsm
+        run: make -j check

.gitignore

@@ -10,6 +10,7 @@ ctaocrypt/src/src/
 *.cache
 .dirstamp
 *.user
+!*-VS2022.vcxproj.user
 configure
 config.*
 !cmake/config.in

Docker/Dockerfile

@@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev
 ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
 ARG DEPS_UDP_PROXY="wget libevent-dev"
 ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
-ARG DEPS_TOOLS="ccache clang-tidy maven"
+ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
                     && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*

IDE/Espressif/ESP-IDF/README.md

@@ -1,11 +1,12 @@
 # ESP-IDF Port
 
-These Espressif examples have been created and tested with the latest stable release branch of 
-[ESP-IDF v5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
-The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended.
-Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
+These Espressif examples have been created and tested with the latest stable release branch of
+ESP-IDF v5.2, v5.3 and the master branch
 
-See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
+The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
+Espressif has [a list of all ESP-IDF versions](Espressifversions.html).
+
+See the latest Espressif Migration Guides.
 
 ## Examples
 
@@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below.
 ### File: `sdkconfig.h`
 
 The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
-file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html)
+file at [build](Espressif api-guides/build-system.html)
 time, should be included before any other files.
 
 ### File: `user_settings.h`
@@ -101,7 +102,7 @@ of your source code, particularly before the `#include <wolfssl/wolfcrypt/settin
 
 ## Requirements
 
- 1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
+ 1. [ESP-IDF development framework](https://github.com/espressif/esp-idf)
 
 ## wolfSSL as an Espressif component
 
@@ -113,7 +114,7 @@ There are various methods available for using wolfSSL as a component:
 
 ## Espressif Managed Components
 
-Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically:
+Visit https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ and see the instructions. Typically:
 
 ```
 idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
@@ -140,7 +141,7 @@ See the specific examples for additional details.
 
 This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
- 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
+ 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
  3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
 
@@ -177,7 +178,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
 ## Configuration
 
- 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`. 
+ 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
 
 ## Configuration (Legacy IDF install)
 
@@ -191,7 +192,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
  For question please email [support@wolfssl.com]
 
- Note: This is tested with :  
+ Note: This is tested with :
    - OS: Ubuntu 20.04.3 LTS
    - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
    - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
@@ -239,7 +240,7 @@ reset_config srst_push_pull trst_push_pull
 
 Check "Long Paths Enabled" in Windows registry.
 
-Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1. 
+Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1.
 
 The operation requires Administrator privileges. Command:
 

IDE/Espressif/ESP-IDF/README_32se.md

@@ -10,7 +10,7 @@ Including the following examples:
  The `user_settings.h` file enables some of the hardened settings.
 
 ## Requirements
-1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/
+1. ESP-IDF development framework: https://github.com/espressif/esp-idf
 
 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib
 

IDE/Espressif/ESP-IDF/examples/README.md

@@ -78,7 +78,7 @@ wolfSSL to be installed.
 If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
 and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
 
-The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)
+The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
 also installs source code locally, instead of pointing to a source repository.
 
 ## VisualGDB
@@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've
 
 - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058)
 
-See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf).
-
-
-
+See also the `ESP-FAQ Handbook`.

IDE/Espressif/ESP-IDF/examples/template/README.md

@@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ### Prerequisites
 
-It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed.
+It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed.
 
 ### Files Included
 
@@ -30,7 +30,7 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
 
 ## Getting Started:
 
-Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html).
+Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html).
 
 Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory.
 
@@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200
 idf.py flash -p /dev/ttyS19 -b 115200 monitor
 ```
 
-Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html).
+Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html).
 
 ## Other Examples:
 

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md

@@ -2,12 +2,12 @@
 
 This is the directory for wolfSSL as an Espressif ESP-IDF component.
 
-Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). 
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
 
 Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
-to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) 
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
 
-The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the 
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
 `sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
 
 ## Directory Contents
@@ -21,7 +21,7 @@ The directory should also contain:
 - `Kconfig`
 - `component.mk`
 
-The directory may contain wolfSSL source, for example with a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl),
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
 or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
 
 
@@ -41,7 +41,7 @@ While recursing up the directory tree, the following names of wolfSSL directorie
 
 ## Getting Started
 
-See the [Espressif Get STarted Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html).
+See the `Espressif Getting Started Guide`.
 
 ```
 # Set environment variable to ESP-IDF location

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h

@@ -260,7 +260,9 @@
     #endif
     #define HAVE_ALPN
     #ifndef CONFIG_IDF_TARGET_ESP8266
-        /* SNI Not supported on ESP8266 at this time */
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
         #define HAVE_SNI
     #endif
     #define OPENSSL_EXTRA_X509_SMALL
@@ -763,8 +765,7 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES

IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266

@@ -20,3 +20,11 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
 CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
 CONFIG_HEAP_DISABLE_IRAM=y
 
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md

@@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Espressif ESP Component Registry
 
-See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl)
+See the wolfSSL namespace and additional details:
 
+https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
 
 ## Windows COM Port
 

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md

@@ -2,7 +2,7 @@
 
 This is the directory for wolfSSL as an Espressif ESP-IDF component.
 
-Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl).
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
 
 Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
 to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
@@ -21,7 +21,7 @@ The directory should also contain:
 - `Kconfig`
 - `component.mk`
 
-The directory may contain wolfSSL source, for example with a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl),
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
 or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
 
 

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h

@@ -260,7 +260,9 @@
     #endif
     #define HAVE_ALPN
     #ifndef CONFIG_IDF_TARGET_ESP8266
-        /* SNI Not supported on ESP8266 at this time */
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
         #define HAVE_SNI
     #endif
     #define OPENSSL_EXTRA_X509_SMALL
@@ -763,8 +765,7 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6 */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266

@@ -20,3 +20,11 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
 CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
 CONFIG_HEAP_DISABLE_IRAM=y
 
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y