From 7ed5e0b3badf94ecc8cbe7995c36316a20c21d4b Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 16 Apr 2024 16:25:17 +0200
Subject: [PATCH 1/8] zephyr no malloc

- cert gen
- csr gen
- pkcs12
- Compiles for Zephyr 3.4.0 and 2.7.4
- Add support for CONFIG_POSIX_API
---
 wolfcrypt/src/memory.c                        |  15 +-
 wolfcrypt/src/pkcs12.c                        |  21 +--
 wolfcrypt/src/random.c                        |  24 ++-
 wolfcrypt/src/wc_port.c                       |  16 +-
 wolfcrypt/test/test.c                         |  93 +++++++++-
 wolfssl/internal.h                            |   7 +-
 wolfssl/test.h                                |  19 +-
 wolfssl/wolfcrypt/pkcs12.h                    |   3 +-
 wolfssl/wolfcrypt/settings.h                  |   7 +
 wolfssl/wolfcrypt/types.h                     |   1 +
 wolfssl/wolfcrypt/wc_port.h                   |  14 +-
 wolfssl/wolfio.h                              |  13 +-
 zephyr/CMakeLists.txt                         |   1 +
 zephyr/samples/wolfssl_benchmark/prj.conf     |   1 +
 zephyr/samples/wolfssl_test/prj.conf          |   5 +-
 zephyr/samples/wolfssl_tls_sock/prj.conf      |   8 +-
 .../samples/wolfssl_tls_sock/src/tls_sock.c   |  29 ++-
 zephyr/user_settings-tls-generic.h            | 175 ++++++++++++++++++
 18 files changed, 401 insertions(+), 51 deletions(-)
 create mode 100644 zephyr/user_settings-tls-generic.h

diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 2e221a9c19..dc50895148 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -991,10 +991,17 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                             break;
                         }
                     #ifdef WOLFSSL_DEBUG_STATIC_MEMORY
+                        #ifdef WOLFSSL_ZEPHYR
+                        else {
+                            fprintf(stderr, "Size: %zu, Empty: %d\n", size,
+                                                              mem->sizeList[i]);
+                        }
+                        #else
                         else {
                             fprintf(stderr, "Size: %ld, Empty: %d\n", size,
                                                               mem->sizeList[i]);
                         }
+                        #endif
                     #endif
                     }
                 }
@@ -1029,7 +1036,13 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
         else {
             WOLFSSL_MSG("ERROR ran out of static memory");
             #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Looking for %lu bytes at %s:%d\n", size, func, line);
+                #ifdef WOLFSSL_ZEPHYR
+                fprintf(stderr, "Looking for %zu bytes at %s:%d\n", size, func,
+                        line);
+                #else
+                fprintf(stderr, "Looking for %lu bytes at %s:%d\n", size, func,
+                        line);
+                #endif
             #endif
         }
 
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index e76f1b1a8e..87321697e3 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -130,15 +130,22 @@ typedef struct WC_PKCS12_ATTRIBUTE {
 
 
 WC_PKCS12* wc_PKCS12_new(void)
+{
+    return wc_PKCS12_new_ex(NULL);
+}
+
+
+WC_PKCS12* wc_PKCS12_new_ex(void* heap)
 {
     WC_PKCS12* pkcs12 = (WC_PKCS12*)XMALLOC(sizeof(WC_PKCS12),
-                                                      NULL, DYNAMIC_TYPE_PKCS);
+                                                      heap, DYNAMIC_TYPE_PKCS);
     if (pkcs12 == NULL) {
         WOLFSSL_MSG("Memory issue when creating WC_PKCS12 struct");
         return NULL;
     }
 
     XMEMSET(pkcs12, 0, sizeof(WC_PKCS12));
+    pkcs12->heap = heap;
 
     return pkcs12;
 }
@@ -202,7 +209,7 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
     }
 #endif
 
-    XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS);
+    XFREE(pkcs12, heap, DYNAMIC_TYPE_PKCS);
 }
 
 
@@ -2604,20 +2611,12 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name,
         return NULL;
     }
 
-    if ((pkcs12 = wc_PKCS12_new()) == NULL) {
+    if ((pkcs12 = wc_PKCS12_new_ex(heap)) == NULL) {
         wc_FreeRng(&rng);
         WOLFSSL_LEAVE("wc_PKCS12_create", MEMORY_E);
         return NULL;
     }
 
-    if ((ret = wc_PKCS12_SetHeap(pkcs12, heap)) != 0) {
-        wc_PKCS12_free(pkcs12);
-        wc_FreeRng(&rng);
-        WOLFSSL_LEAVE("wc_PKCS12_create", ret);
-        (void)ret;
-        return NULL;
-    }
-
     if (iter <= 0) {
         iter = WC_PKCS12_ITT_DEFAULT;
     }
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 272afd93cf..c6d667c029 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -3731,25 +3731,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
 #elif defined(WOLFSSL_ZEPHYR)
 
-        #include <version.h>
+    #include <version.h>
 
     #if KERNEL_VERSION_NUMBER >= 0x30500
         #include <zephyr/random/random.h>
     #else
-        #include <zephyr/random/rand32.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/random/rand32.h>
+        #else
+            #include <random/rand32.h>
+        #endif
     #endif
 
     #ifndef _POSIX_C_SOURCE
-        #include <zephyr/posix/time.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/posix/time.h>
+        #else
+            #include <posix/time.h>
+        #endif
     #else
         #include <time.h>
     #endif
 
-        int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-        {
-            sys_rand_get(output, sz);
-            return 0;
-        }
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        sys_rand_get(output, sz);
+        return 0;
+    }
 
 #elif defined(WOLFSSL_TELIT_M2MB)
 
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index a21cc2b9d2..69c095a329 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -3668,11 +3668,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
 #elif defined(WOLFSSL_ZEPHYR)
 
+    void* wolfsslThreadHeapHint = NULL;
+
     int wolfSSL_NewThread(THREAD_TYPE* thread,
         THREAD_CB cb, void* arg)
     {
         #ifndef WOLFSSL_ZEPHYR_STACK_SZ
-            #define WOLFSSL_ZEPHYR_STACK_SZ (24*1024)
+            #define WOLFSSL_ZEPHYR_STACK_SZ (48*1024)
         #endif
 
         if (thread == NULL || cb == NULL)
@@ -3685,11 +3687,14 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
          * thread->threadStack = k_thread_stack_alloc(WOLFSSL_ZEPHYR_STACK_SZ,
          *                                            0);
          */
+        printf("thread stack size is %ld\n", Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ));
         thread->threadStack = (void*)XMALLOC(
-                Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ), 0,
-                                             DYNAMIC_TYPE_TMP_BUFFER);
-        if (thread->threadStack == NULL)
+                Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ),
+                wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER);
+        if (thread->threadStack == NULL) {
+            WOLFSSL_MSG("error: XMALLOC failed");
             return MEMORY_E;
+        }
 
         /* k_thread_create does not return any error codes */
         /* Casting to k_thread_entry_t should be fine since we just ignore the
@@ -3716,7 +3721,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
          * if (err != 0)
          *     ret = MEMORY_E;
          */
-        XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(thread.threadStack, wolfsslThreadHeapHint,
+                DYNAMIC_TYPE_TMP_BUFFER);
         thread.threadStack = NULL;
 
         /* No thread resources to free. Everything is stored in thread.tid */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 6c025c3e08..374eb987a7 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -354,6 +354,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef HAVE_PKCS7
     #include <wolfssl/wolfcrypt/pkcs7.h>
 #endif
+#ifdef HAVE_PKCS12
+    #include <wolfssl/wolfcrypt/pkcs12.h>
+#endif
 #ifdef HAVE_FIPS
     #include <wolfssl/wolfcrypt/fips_test.h>
 #endif
@@ -584,6 +587,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srp_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  random_test(void);
 #endif /* WC_NO_RNG */
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pwdbased_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pkcs12_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ripemd_test(void);
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_test(void);   /* test mini api */
@@ -595,7 +599,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_evpSig_test(void);
 #endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
 #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
 #endif
@@ -1672,6 +1676,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     PRIVATE_KEY_LOCK();
 #endif
 
+#if defined(HAVE_PKCS12) && defined(USE_CERT_BUFFERS_2048)
+    if ( (ret = pkcs12_test()) != 0)
+        TEST_FAIL("PKCS12   test failed!\n", ret);
+    else
+        TEST_PASS("PKCS12   test passed!\n");
+#endif
+
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     if ( (ret = openssl_test()) != 0)
         TEST_FAIL("OPENSSL  test failed!\n", ret);
@@ -24707,7 +24718,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
 #endif
 
 #ifdef HAVE_PKCS12
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
                             0x00, 0x00 };
@@ -24734,7 +24745,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
     int kLen       = 24;
     int iterations =  1;
     wc_test_ret_t ret;
-    WOLFSSL_ENTER("pkcs12_test");
+    WOLFSSL_ENTER("pkcs12_pbkdf_test");
 
     ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
                           iterations, kLen, WC_SHA256, id);
@@ -24839,7 +24850,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
         return ret;
 #endif
 #ifdef HAVE_PKCS12
-    ret = pkcs12_test();
+    ret = pkcs12_pbkdf_test();
     if (ret != 0)
         return ret;
 #endif
@@ -24853,6 +24864,76 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
 
 #endif /* NO_PWDBASED */
 
+#if defined(HAVE_PKCS12) && defined(USE_CERT_BUFFERS_2048)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
+{
+    wc_test_ret_t ret = 0;
+    WC_PKCS12* pkcs12 = NULL;
+    /* Gen vars */
+    byte* pkcs12der = NULL;
+    int pkcs12derSz = 0;
+    WC_DerCertList derCaList = {
+        (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL
+    };
+    char* pass = (char*)"wolfSSL test";
+    /* Parsing vars */
+    WC_DerCertList* derCaListOut = NULL;
+    byte* keyDer  = NULL;
+    byte* certDer = NULL;
+    word32 keySz;
+    word32 certSz;
+
+    WOLFSSL_ENTER("pkcs12_test");
+
+    pkcs12 = wc_PKCS12_create(pass, XSTRLEN(pass),
+        (char*)"friendlyName" /* not used currently */,
+        (byte*)server_key_der_2048, sizeof_server_key_der_2048,
+        (byte*)server_cert_der_2048, sizeof_server_cert_der_2048,
+        &derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100,
+        0 /* not used currently */, HEAP_HINT);
+    if (pkcs12 == NULL)
+        return MEMORY_E;
+
+    ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz);
+    if (ret != LENGTH_ONLY_E)
+        return ret == 0 ? -1 : ret;
+
+    pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS);
+    if (pkcs12der == NULL)
+        return MEMORY_E;
+
+    {
+        /* Use tmp pointer to avoid advancing pkcs12der */
+        byte* tmp = pkcs12der;
+        ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz);
+        if (ret <= 0)
+            return ret == 0 ? -1 : ret;
+    }
+
+    wc_PKCS12_free(pkcs12);
+    pkcs12 = wc_PKCS12_new_ex(HEAP_HINT);
+    if (pkcs12 == NULL)
+        return MEMORY_E;
+
+    /* convert the DER file into an internal structure */
+    ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12);
+    if (ret != 0)
+        return ret;
+
+    /* parse the internal structure into its parts */
+    ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz,
+            &certDer, &certSz, &derCaListOut);
+    if (ret != 0 || keyDer == NULL || certDer == NULL || derCaListOut == NULL)
+        return ret == 0 ? -1 : ret;
+
+    wc_FreeCertList(derCaListOut, HEAP_HINT);
+    XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
+    XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
+    wc_PKCS12_free(pkcs12);
+    return ret;
+}
+#endif
+
 #if defined(HAVE_HKDF) && !defined(NO_HMAC)
 
 #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) ||     \
@@ -50257,7 +50338,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         return BAD_FUNC_ARG;
 
 #ifdef DEBUG_WOLFSSL
-    printf("CryptoDevCb: Algo Type %d\n", info->algo_type);
+    WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type);
 #endif
 
     if (info->algo_type == WC_ALGO_TYPE_RNG) {
@@ -50299,7 +50380,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     }
     else if (info->algo_type == WC_ALGO_TYPE_PK) {
     #ifdef DEBUG_WOLFSSL
-        printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
+        WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type);
     #endif
 
     #ifndef NO_RSA
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index ea828a84c3..27ddd575f2 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -206,7 +206,12 @@
     #endif
 #elif defined(WOLFSSL_ZEPHYR)
     #ifndef SINGLE_THREADED
-        #include <zephyr/kernel.h>
+        #include <version.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/kernel.h>
+        #else
+            #include <kernel.h>
+        #endif
     #endif
 #elif defined(WOLFSSL_TELIT_M2MB)
     /* do nothing */
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 47abb74af3..a5b2092587 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -143,9 +143,26 @@
     #include <pthread.h>
     #define SOCKET_T int
 #elif defined(WOLFSSL_ZEPHYR)
+    #include <version.h>
     #include <string.h>
     #include <sys/types.h>
-    #include <zephyr/net/socket.h>
+    #if KERNEL_VERSION_NUMBER >= 0x30100
+        #include <zephyr/net/socket.h>
+        #ifdef CONFIG_POSIX_API
+            #include <zephyr/posix/poll.h>
+            #include <zephyr/posix/netdb.h>
+            #include <zephyr/posix/sys/socket.h>
+            #include <zephyr/posix/sys/select.h>
+        #endif
+    #else
+        #include <net/socket.h>
+        #ifdef CONFIG_POSIX_API
+            #include <posix/poll.h>
+            #include <posix/netdb.h>
+            #include <posix/sys/socket.h>
+            #include <posix/sys/select.h>
+        #endif
+    #endif
     #define SOCKET_T int
     #define SOL_SOCKET 1
     #define WOLFSSL_USE_GETADDRINFO
diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h
index f3023540e4..9a3e3f0f73 100644
--- a/wolfssl/wolfcrypt/pkcs12.h
+++ b/wolfssl/wolfcrypt/pkcs12.h
@@ -47,6 +47,7 @@ enum {
 };
 
 WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void);
+WOLFSSL_API WC_PKCS12* wc_PKCS12_new_ex(void* heap);
 WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12);
 WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12);
 #ifndef NO_FILESYSTEM
@@ -67,7 +68,7 @@ WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz,
 WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap);
 WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12);
 
-WOLFSSL_LOCAL void wc_FreeCertList(WC_DerCertList* list, void* heap);
+WOLFSSL_API void wc_FreeCertList(WC_DerCertList* list, void* heap);
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 01926e306e..664ab21ab8 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2082,9 +2082,16 @@ extern void uITRON4_free(void *p) ;
 #endif /*(WOLFSSL_APACHE_MYNEWT)*/
 
 #ifdef WOLFSSL_ZEPHYR
+    #include <version.h>
+#if KERNEL_VERSION_NUMBER >= 0x30100
     #include <zephyr/kernel.h>
     #include <zephyr/sys/printk.h>
     #include <zephyr/sys/util.h>
+#else
+    #include <kernel.h>
+    #include <sys/printk.h>
+    #include <sys/util.h>
+#endif
     #include <stdlib.h>
 
     #define WOLFSSL_DH_CONST
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 89f01e2597..f8fa05c046 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -1422,6 +1422,7 @@ typedef struct w64wrapper {
             k_thread_stack_t* threadStack;
         } THREAD_TYPE;
         #define WOLFSSL_THREAD
+        extern void* wolfsslThreadHeapHint;
     #elif defined(NETOS)
         typedef UINT        THREAD_RETURN;
         typedef struct {
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index bf5ef6b30b..7577bbad8d 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -145,13 +145,20 @@
 #elif defined(WOLFSSL_APACHE_MYNEWT)
     /* do nothing */
 #elif defined(WOLFSSL_ZEPHYR)
+    #include <version.h>
     #ifndef SINGLE_THREADED
         #ifndef CONFIG_PTHREAD_IPC
             #error "Need CONFIG_PTHREAD_IPC for threading"
         #endif
+    #if KERNEL_VERSION_NUMBER >= 0x30100
         #include <zephyr/kernel.h>
         #include <zephyr/posix/posix_types.h>
         #include <zephyr/posix/pthread.h>
+    #else
+        #include <kernel.h>
+        #include <posix/posix_types.h>
+        #include <posix/pthread.h>
+    #endif
     #endif
 #elif defined(WOLFSSL_TELIT_M2MB)
 
@@ -999,8 +1006,13 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define USE_WOLF_TIME_T
 
 #elif defined(WOLFSSL_ZEPHYR)
+    #include <version.h>
     #ifndef _POSIX_C_SOURCE
-        #include <zephyr/posix/time.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/posix/time.h>
+        #else
+            #include <posix/time.h>
+        #endif
     #else
         #include <time.h>
     #endif
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 48646a50ba..421387128c 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -129,7 +129,18 @@
         #include <lwip-socket.h>
         #include <errno.h>
     #elif defined(WOLFSSL_ZEPHYR)
-        #include <zephyr/net/socket.h>
+        #include <version.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/net/socket.h>
+            #ifdef CONFIG_POSIX_API
+                #include <zephyr/posix/sys/socket.h>
+            #endif
+        #else
+            #include <net/socket.h>
+            #ifdef CONFIG_POSIX_API
+                #include <posix/sys/socket.h>
+            #endif
+        #endif
     #elif defined(MICROCHIP_PIC32)
         #include <sys/errno.h>
     #elif defined(HAVE_NETX)
diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt
index 0b26805576..cf64215ca1 100644
--- a/zephyr/CMakeLists.txt
+++ b/zephyr/CMakeLists.txt
@@ -165,6 +165,7 @@ if(CONFIG_WOLFSSL)
   	target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS)
     if(CONFIG_WOLFSSL_DEBUG)
       target_compile_definitions(wolfSSL INTERFACE DEBUG_WOLFSSL)
+      zephyr_library_compile_options(-g3 -O0)
     endif()
   else()
     assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.")
diff --git a/zephyr/samples/wolfssl_benchmark/prj.conf b/zephyr/samples/wolfssl_benchmark/prj.conf
index 41ccf7f948..0179880249 100644
--- a/zephyr/samples/wolfssl_benchmark/prj.conf
+++ b/zephyr/samples/wolfssl_benchmark/prj.conf
@@ -23,6 +23,7 @@ CONFIG_CONSOLE=y
 CONFIG_LOG=y
 CONFIG_LOG_BACKEND_UART=y
 CONFIG_LOG_BUFFER_SIZE=15360
+CONFIG_LOG_MODE_IMMEDIATE=y
 #CONFIG_WOLFSSL_DEBUG=y
 
 # Entropy
diff --git a/zephyr/samples/wolfssl_test/prj.conf b/zephyr/samples/wolfssl_test/prj.conf
index 6c8a5ca437..48afd771d0 100644
--- a/zephyr/samples/wolfssl_test/prj.conf
+++ b/zephyr/samples/wolfssl_test/prj.conf
@@ -1,7 +1,7 @@
 
 # Configure stack and heap sizes
-CONFIG_MAIN_STACK_SIZE=32768
-CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=16384
+CONFIG_MAIN_STACK_SIZE=655360
+#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536
 
 # Pthreads
 CONFIG_PTHREAD_IPC=y
@@ -21,6 +21,7 @@ CONFIG_CONSOLE=y
 CONFIG_LOG=y
 CONFIG_LOG_BACKEND_UART=y
 CONFIG_LOG_BUFFER_SIZE=15360
+CONFIG_LOG_MODE_IMMEDIATE=y
 #CONFIG_WOLFSSL_DEBUG=y
 
 # Entropy
diff --git a/zephyr/samples/wolfssl_tls_sock/prj.conf b/zephyr/samples/wolfssl_tls_sock/prj.conf
index f8b0f292ee..2928d5d4d9 100644
--- a/zephyr/samples/wolfssl_tls_sock/prj.conf
+++ b/zephyr/samples/wolfssl_tls_sock/prj.conf
@@ -1,8 +1,8 @@
 # Kernel options
-CONFIG_MAIN_STACK_SIZE=16384
+CONFIG_MAIN_STACK_SIZE=655360
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_INIT_STACKS=y
-CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
+#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
 
 # General config
 CONFIG_NEWLIB_LIBC=y
@@ -43,8 +43,8 @@ CONFIG_NET_PKT_TX_COUNT=10
 # Logging
 CONFIG_PRINTK=y
 #CONFIG_WOLFSSL_DEBUG=y
-#CONFIG_LOG=y
-#CONFIG_LOG_MODE_IMMEDIATE=y
+CONFIG_LOG=y
+CONFIG_LOG_MODE_IMMEDIATE=y
 
 # TLS configuration
 CONFIG_WOLFSSL=y
diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
index b930554435..f7e0000fe5 100644
--- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
+++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
@@ -32,7 +32,7 @@
 #endif
 
 #define BUFFER_SIZE           2048
-#define STATIC_MEM_SIZE       (192*1024)
+#define STATIC_MEM_SIZE       (256*1024)
 #define MAX_SEND_SIZE         256
 
 #ifdef WOLFSSL_STATIC_MEMORY
@@ -94,7 +94,7 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
     WOLFSSL*     client_ssl = NULL;
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_client_method_ex(HEAP_HINT_CLIENT),
                                                    HEAP_HINT_CLIENT)) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         ret = -1;
@@ -165,7 +165,7 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
     WOLFSSL*     server_ssl = NULL;
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_server_method_ex(HEAP_HINT_SERVER),
                                                    HEAP_HINT_SERVER)) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         ret = -1;
@@ -446,12 +446,12 @@ void client_thread()
     SOCKET_T     sockfd = WOLFSSL_SOCKET_INVALID;
 
 #ifdef WOLFSSL_STATIC_MEMORY
-    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
-                               sizeof(gMemoryClient),
-                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
-        printf("unable to load static memory");
-        ret = -1;
-    }
+    //if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+    //                           sizeof(gMemoryClient),
+    //                           WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+    //    printf("unable to load static memory");
+    //    ret = -1;
+    //}
 
     if (ret == 0)
 #endif
@@ -507,6 +507,17 @@ int main()
     wolfSSL_Debugging_ON();
 #endif
 
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        return -1;
+    }
+
+    wolfsslThreadHeapHint = HEAP_HINT_CLIENT;
+#endif
+
     /* Start server */
     if (wolfSSL_NewThread(&serverThread, server_thread, NULL) != 0) {
         printf("Failed to start server thread\n");
diff --git a/zephyr/user_settings-tls-generic.h b/zephyr/user_settings-tls-generic.h
new file mode 100644
index 0000000000..5c2695f952
--- /dev/null
+++ b/zephyr/user_settings-tls-generic.h
@@ -0,0 +1,175 @@
+/* user_settings-tls-generic.h
+ * generated from configure options
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_OPTIONS_H
+#define WOLFSSL_OPTIONS_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if 0
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+#endif
+
+#undef  TFM_TIMING_RESISTANT
+#define TFM_TIMING_RESISTANT
+
+#undef  ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef  WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#undef  HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef  WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef  WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  HAVE_ECC
+#define HAVE_ECC
+
+#undef  TFM_ECC256
+#define TFM_ECC256
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  WOLFSSL_SHA224
+#define WOLFSSL_SHA224
+
+#undef  WOLFSSL_SHA3
+#define WOLFSSL_SHA3
+
+#undef  HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef  HAVE_ONE_TIME_AUTH
+#define HAVE_ONE_TIME_AUTH
+
+#undef  HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef  HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+//#undef  NO_PWDBASED
+//#define NO_PWDBASED
+
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#undef  WOLFSSL_NO_ASM
+#define WOLFSSL_NO_ASM
+
+#undef  WOLFSSL_X86_BUILD
+#define WOLFSSL_X86_BUILD
+
+#undef  WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+//#undef  NO_DES3
+//#define NO_DES3
+
+#undef  WOLFSSL_STATIC_MEMORY
+#define WOLFSSL_STATIC_MEMORY
+
+#undef  WOLFSSL_TLS13
+#define WOLFSSL_TLS13
+
+#undef  HAVE_HKDF
+#define HAVE_HKDF
+
+#undef  WC_RSA_PSS
+#define WC_RSA_PSS
+
+#undef  HAVE_FFDHE_2048
+#define HAVE_FFDHE_2048
+
+#define WOLFSSL_NO_MALLOC
+//#define WOLFSSL_DEBUG_STATIC_MEMORY
+//#define WOLFSSL_DEBUG_MEMORY_PRINT
+//#define WOLFSSL_DEBUG_MEMORY
+//#define WOLFSSL_TRACK_MEMORY
+#define LARGEST_MEM_BUCKET 65536
+
+#undef WOLFSSL_DYN_CERT
+#define WOLFSSL_DYN_CERT
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_REQ
+
+#undef HAVE_PKCS12
+#define HAVE_PKCS12
+
+#undef WOLFSSL_TLS13
+#define WOLFSSL_TLS13
+
+#if 0
+#undef  WOLFSSL_HAVE_SP_RSA
+#define WOLFSSL_HAVE_SP_RSA
+#undef  WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_DH
+#undef  WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_ECC
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_OPTIONS_H */
+

From 550d9ad9a43cccfddb6321e51004cb29aab4daa9 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 16 Apr 2024 16:45:10 +0200
Subject: [PATCH 2/8] Add testing for zephyr no malloc

---
 .github/workflows/zephyr.yml                  |  9 ++-
 wolfcrypt/src/wc_port.c                       |  1 -
 zephyr/Kconfig.tls-generic                    |  5 --
 .../samples/wolfssl_test/prj-no-malloc.conf   | 30 ++++++++++
 zephyr/samples/wolfssl_test/prj.conf          |  5 +-
 zephyr/samples/wolfssl_test/sample.yaml       |  6 ++
 .../wolfssl_tls_sock/prj-no-malloc.conf       | 57 +++++++++++++++++++
 zephyr/samples/wolfssl_tls_sock/prj.conf      |  6 +-
 zephyr/samples/wolfssl_tls_sock/sample.yaml   |  7 +++
 .../samples/wolfssl_tls_sock/src/tls_sock.c   | 19 ++-----
 ...ls-generic.h => user_settings-no-malloc.h} |  6 --
 zephyr/user_settings.h                        |  9 ++-
 12 files changed, 124 insertions(+), 36 deletions(-)
 create mode 100644 zephyr/samples/wolfssl_test/prj-no-malloc.conf
 create mode 100644 zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf
 rename zephyr/{user_settings-tls-generic.h => user_settings-no-malloc.h} (97%)

diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
index c7f1bc8ee3..2476b74122 100644
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@@ -14,9 +14,11 @@ jobs:
             zephyr-sdk: 0.16.1
           - zephyr-ref: v3.5.0
             zephyr-sdk: 0.16.3
+          - zephyr-ref: v2.7.4
+            zephyr-sdk: 0.16.3
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
-    timeout-minutes: 15
+    timeout-minutes: 25
     steps:
       - name: Install dependencies
         run: |
@@ -75,6 +77,8 @@ jobs:
         run: |
           ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
           rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
+          rm -rf zephyr/twister-out
 
       - name: Run wolfssl TLS sock test
         id: wolfssl-tls-sock
@@ -82,8 +86,11 @@ jobs:
         run: |
           ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
           rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
+          rm -rf zephyr/twister-out
 
       - name: Run wolfssl TLS thread test
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
         id: wolfssl-tls-thread
         working-directory: zephyr
         run: |
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 69c095a329..ab37c2796b 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -3687,7 +3687,6 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
          * thread->threadStack = k_thread_stack_alloc(WOLFSSL_ZEPHYR_STACK_SZ,
          *                                            0);
          */
-        printf("thread stack size is %ld\n", Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ));
         thread->threadStack = (void*)XMALLOC(
                 Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ),
                 wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/zephyr/Kconfig.tls-generic b/zephyr/Kconfig.tls-generic
index 9ffcf90e84..bc46a8fd47 100644
--- a/zephyr/Kconfig.tls-generic
+++ b/zephyr/Kconfig.tls-generic
@@ -264,9 +264,4 @@ config WOLFSSL_HAVE_ASM
 	  of asymmetric cryptography, however this might have an impact on the
 	  code size.
 
-config WOLFSSL_USER_SETTTINGS
-	string "User settings file for wolfSSL"
-	help
-	  User settings file that contains wolfSSL defines.
-
 endmenu
diff --git a/zephyr/samples/wolfssl_test/prj-no-malloc.conf b/zephyr/samples/wolfssl_test/prj-no-malloc.conf
new file mode 100644
index 0000000000..42f98d431d
--- /dev/null
+++ b/zephyr/samples/wolfssl_test/prj-no-malloc.conf
@@ -0,0 +1,30 @@
+# Configure stack and heap sizes
+CONFIG_MAIN_STACK_SIZE=655360
+#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536
+
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
+# Clock for time()
+CONFIG_POSIX_CLOCK=y
+
+# TLS configuration
+CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h"
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_CBPRINTF_LIBC_SUBSTS=y
+CONFIG_CBPRINTF_FP_SUPPORT=y
+CONFIG_CONSOLE=y
+CONFIG_LOG=y
+CONFIG_LOG_BACKEND_UART=y
+CONFIG_LOG_BUFFER_SIZE=15360
+CONFIG_LOG_MODE_IMMEDIATE=y
+#CONFIG_WOLFSSL_DEBUG=y
+
+# Entropy
+CONFIG_TEST_RANDOM_GENERATOR=y
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
diff --git a/zephyr/samples/wolfssl_test/prj.conf b/zephyr/samples/wolfssl_test/prj.conf
index 48afd771d0..38b1ce49b4 100644
--- a/zephyr/samples/wolfssl_test/prj.conf
+++ b/zephyr/samples/wolfssl_test/prj.conf
@@ -1,7 +1,6 @@
-
 # Configure stack and heap sizes
-CONFIG_MAIN_STACK_SIZE=655360
-#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536
+CONFIG_MAIN_STACK_SIZE=32768
+CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=16384
 
 # Pthreads
 CONFIG_PTHREAD_IPC=y
diff --git a/zephyr/samples/wolfssl_test/sample.yaml b/zephyr/samples/wolfssl_test/sample.yaml
index a1c4f81921..50010f76ae 100644
--- a/zephyr/samples/wolfssl_test/sample.yaml
+++ b/zephyr/samples/wolfssl_test/sample.yaml
@@ -13,3 +13,9 @@ tests:
     platform_allow: qemu_x86
     integration_platforms:
       - qemu_x86
+  sample.crypto.wolfssl_test_no_malloc:
+    timeout: 120
+    platform_allow: qemu_x86
+    extra_args: CONF_FILE="prj-no-malloc.conf"
+    integration_platforms:
+      - qemu_x86
diff --git a/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf
new file mode 100644
index 0000000000..830b1944db
--- /dev/null
+++ b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf
@@ -0,0 +1,57 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=655360
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_INIT_STACKS=y
+
+# General config
+CONFIG_NEWLIB_LIBC=y
+
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
+# Clock for time()
+CONFIG_POSIX_CLOCK=y
+
+# Networking config
+CONFIG_NETWORKING=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=n
+CONFIG_NET_TCP=y
+CONFIG_NET_SOCKETS=y
+CONFIG_NET_SOCKETS_POSIX_NAMES=y
+
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+
+# Network driver config
+CONFIG_TEST_RANDOM_GENERATOR=y
+
+# Network address config
+CONFIG_NET_CONFIG_SETTINGS=y
+CONFIG_NET_CONFIG_NEED_IPV4=y
+CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1"
+CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2"
+CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2"
+
+CONFIG_NET_PKT_TX_COUNT=10
+
+# Network debug config
+#CONFIG_NET_LOG=y
+#CONFIG_NET_PKT_LOG_LEVEL_DBG=y
+
+# Logging
+CONFIG_PRINTK=y
+#CONFIG_WOLFSSL_DEBUG=y
+CONFIG_LOG=y
+CONFIG_LOG_MODE_IMMEDIATE=y
+
+# TLS configuration
+CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h"
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
diff --git a/zephyr/samples/wolfssl_tls_sock/prj.conf b/zephyr/samples/wolfssl_tls_sock/prj.conf
index 2928d5d4d9..549bc07ab0 100644
--- a/zephyr/samples/wolfssl_tls_sock/prj.conf
+++ b/zephyr/samples/wolfssl_tls_sock/prj.conf
@@ -1,8 +1,8 @@
 # Kernel options
-CONFIG_MAIN_STACK_SIZE=655360
+CONFIG_MAIN_STACK_SIZE=16384
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_INIT_STACKS=y
-#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
+CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
 
 # General config
 CONFIG_NEWLIB_LIBC=y
@@ -50,7 +50,7 @@ CONFIG_LOG_MODE_IMMEDIATE=y
 CONFIG_WOLFSSL=y
 CONFIG_WOLFSSL_BUILTIN=y
 
-CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_TLS_VERSION_1_3=y
 CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
 CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
 CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
diff --git a/zephyr/samples/wolfssl_tls_sock/sample.yaml b/zephyr/samples/wolfssl_tls_sock/sample.yaml
index ea002827e6..a1b26e8794 100644
--- a/zephyr/samples/wolfssl_tls_sock/sample.yaml
+++ b/zephyr/samples/wolfssl_tls_sock/sample.yaml
@@ -8,9 +8,16 @@ common:
     regex:
       - "Server Return: 0"
       - "Client Return: 0"
+      - "Done"
 tests:
   sample.crypto.wolfssl_tls_sock:
     timeout: 60
     platform_allow: qemu_x86
     integration_platforms:
       - qemu_x86
+  sample.crypto.wolfssl_tls_sock_no_malloc:
+    timeout: 60
+    platform_allow: qemu_x86
+    extra_args: CONF_FILE="prj-no-malloc.conf"
+    integration_platforms:
+      - qemu_x86
diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
index f7e0000fe5..c25277820b 100644
--- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
+++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
@@ -445,20 +445,8 @@ void client_thread()
     WOLFSSL*     client_ssl = NULL;
     SOCKET_T     sockfd = WOLFSSL_SOCKET_INVALID;
 
-#ifdef WOLFSSL_STATIC_MEMORY
-    //if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
-    //                           sizeof(gMemoryClient),
-    //                           WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
-    //    printf("unable to load static memory");
-    //    ret = -1;
-    //}
-
-    if (ret == 0)
-#endif
-    {
-        /* Client connection */
-        ret = wolfssl_client_new(&client_ctx, &client_ssl);
-    }
+    /* Client connection */
+    ret = wolfssl_client_new(&client_ctx, &client_ssl);
 
     if (ret == 0)
         ret = wolfssl_client_connect_tcp(client_ssl, &sockfd);
@@ -526,6 +514,9 @@ int main()
 
     k_sleep(Z_TIMEOUT_TICKS(100));
     client_thread();
+    /* Join is not working in qemu when the thread is still active. Wait for it
+     * to shut down to join it. */
+    k_sleep(Z_TIMEOUT_TICKS(100));
 
     if (wolfSSL_JoinThread(serverThread) != 0) {
         printf("Failed to join server thread\n");
diff --git a/zephyr/user_settings-tls-generic.h b/zephyr/user_settings-no-malloc.h
similarity index 97%
rename from zephyr/user_settings-tls-generic.h
rename to zephyr/user_settings-no-malloc.h
index 5c2695f952..dece0ea817 100644
--- a/zephyr/user_settings-tls-generic.h
+++ b/zephyr/user_settings-no-malloc.h
@@ -102,9 +102,6 @@ extern "C" {
 #undef  NO_MD4
 #define NO_MD4
 
-//#undef  NO_PWDBASED
-//#define NO_PWDBASED
-
 #undef  USE_FAST_MATH
 #define USE_FAST_MATH
 
@@ -117,9 +114,6 @@ extern "C" {
 #undef  WC_NO_ASYNC_THREADING
 #define WC_NO_ASYNC_THREADING
 
-//#undef  NO_DES3
-//#define NO_DES3
-
 #undef  WOLFSSL_STATIC_MEMORY
 #define WOLFSSL_STATIC_MEMORY
 
diff --git a/zephyr/user_settings.h b/zephyr/user_settings.h
index 8c8f2e3032..7876c0baf2 100644
--- a/zephyr/user_settings.h
+++ b/zephyr/user_settings.h
@@ -24,7 +24,10 @@
 
 #ifdef CONFIG_WOLFSSL
 
-/* If a custom user_settings file is provided use it instead */
+/* If a custom user_settings file is provided use it instead.
+ * CONFIG_WOLFSSL_SETTINGS_FILE is always defined. If it is not explicitly set
+ * in prj.conf then it is auto-defined to "". This obviously causes issues here.
+ * That is why we define WOLFSSL_SETTINGS_FILE in CMakeLists.txt. */
 #ifdef WOLFSSL_SETTINGS_FILE
 #include WOLFSSL_SETTINGS_FILE
 #else
@@ -219,7 +222,7 @@ extern "C" {
     #undef  NO_SHA /* on by default */
     //#define USE_SLOW_SHA /* 1k smaller, but 25% slower */
 #else
-    #define NO_SHA
+    // #define NO_SHA /* Necessary for pkcs12 tests */
 #endif
 
 /* SHA2-256 */
@@ -297,7 +300,7 @@ extern "C" {
 #define NO_RC4
 #define NO_MD4
 #define NO_MD5
-#define NO_DES3
+//#define NO_DES3 /* Necessary for pkcs12 tests */
 #define WOLFSSL_NO_SHAKE128
 #define WOLFSSL_NO_SHAKE256
 

From cbd490d1d74445ccca64b8175940d14742446929 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 17 Apr 2024 17:52:41 +0200
Subject: [PATCH 3/8] fixup! zephyr no malloc

---
 src/ssl_p7p12.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c
index 5c45407b0c..8cbdb54c4f 100644
--- a/src/ssl_p7p12.c
+++ b/src/ssl_p7p12.c
@@ -1684,7 +1684,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
     }
 
     if (mem != NULL) {
-        localPkcs12 = wc_PKCS12_new();
+        localPkcs12 = wc_PKCS12_new_ex(bio->heap);
         if (localPkcs12 == NULL) {
             WOLFSSL_MSG("Memory error");
         }

From 8d8f4d4e1e2a5f5e6e053dda020569f8f2476cca Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 26 Apr 2024 11:29:29 +0200
Subject: [PATCH 4/8] fixup! zephyr no malloc

---
 wolfcrypt/test/test.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 374eb987a7..5dc398a916 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1676,7 +1676,10 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     PRIVATE_KEY_LOCK();
 #endif
 
-#if defined(HAVE_PKCS12) && defined(USE_CERT_BUFFERS_2048)
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS)
     if ( (ret = pkcs12_test()) != 0)
         TEST_FAIL("PKCS12   test failed!\n", ret);
     else
@@ -24864,7 +24867,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
 
 #endif /* NO_PWDBASED */
 
-#if defined(HAVE_PKCS12) && defined(USE_CERT_BUFFERS_2048)
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
 {
     wc_test_ret_t ret = 0;

From d7361b36771b5e37d5cf8a442306b849c85716e4 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 26 Apr 2024 11:29:47 +0200
Subject: [PATCH 5/8] Increase zephyr thread sample memory

---
 zephyr/samples/wolfssl_tls_thread/prj.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zephyr/samples/wolfssl_tls_thread/prj.conf b/zephyr/samples/wolfssl_tls_thread/prj.conf
index 95ebedcbb6..185a7b24c0 100644
--- a/zephyr/samples/wolfssl_tls_thread/prj.conf
+++ b/zephyr/samples/wolfssl_tls_thread/prj.conf
@@ -3,7 +3,7 @@ CONFIG_MAIN_STACK_SIZE=16384
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_INIT_STACKS=y
-CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536
+CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072
 
 # Pthreads
 CONFIG_PTHREAD_IPC=y
@@ -23,7 +23,7 @@ CONFIG_DNS_RESOLVER=y
 CONFIG_PRINTK=y
 CONFIG_LOG=y
 CONFIG_LOG_MODE_IMMEDIATE=y
-#CONFIG_WOLFSSL_DEBUG=y
+CONFIG_WOLFSSL_DEBUG=y
 
 # Enable logging using RTT and UART
 #CONFIG_CBPRINTF_LIBC_SUBSTS=y

From 77a6481d6532473818c6ce2dde63d4718cf55ae3 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 26 Apr 2024 14:58:52 +0200
Subject: [PATCH 6/8] fixup! Add testing for zephyr no malloc

---
 .github/workflows/zephyr.yml | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
index 2476b74122..407d461421 100644
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@@ -71,22 +71,30 @@ jobs:
           cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
           ./setup.sh -h -c -t x86_64-zephyr-elf
 
+      - name: Fix options for 2.7.4
+        if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
+        working-directory: zephyr/modules/crypto/wolfssl
+        run: |
+          sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
+
       - name: Run wolfssl test
         id: wolfssl-test
         working-directory: zephyr
         run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
           rm -rf zephyr/twister-out
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
           rm -rf zephyr/twister-out
 
       - name: Run wolfssl TLS sock test
+        # Results in a page fault that I can't trace
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
         id: wolfssl-tls-sock
         working-directory: zephyr
         run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
           rm -rf zephyr/twister-out
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
           rm -rf zephyr/twister-out
 
       - name: Run wolfssl TLS thread test
@@ -94,7 +102,7 @@ jobs:
         id: wolfssl-tls-thread
         working-directory: zephyr
         run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
           rm -rf zephyr/twister-out
 
       - name: Zip failure logs

From 589bdba256f1758a789a65057ade158b75decd47 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <49391366+julek-wolfssl@users.noreply.github.com>
Date: Mon, 6 May 2024 14:45:09 +0200
Subject: [PATCH 7/8] Apply suggestions from code review

Co-authored-by: Bill Phipps <bill@wolfssl.com>
---
 wolfcrypt/src/memory.c           | 16 ++--------------
 zephyr/user_settings-no-malloc.h |  1 +
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index dc50895148..e3a2bb5d07 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -991,17 +991,10 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                             break;
                         }
                     #ifdef WOLFSSL_DEBUG_STATIC_MEMORY
-                        #ifdef WOLFSSL_ZEPHYR
                         else {
-                            fprintf(stderr, "Size: %zu, Empty: %d\n", size,
+                            fprintf(stderr, "Size: %lu, Empty: %d\n", (unsigned long) size,
                                                               mem->sizeList[i]);
                         }
-                        #else
-                        else {
-                            fprintf(stderr, "Size: %ld, Empty: %d\n", size,
-                                                              mem->sizeList[i]);
-                        }
-                        #endif
                     #endif
                     }
                 }
@@ -1036,13 +1029,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
         else {
             WOLFSSL_MSG("ERROR ran out of static memory");
             #ifdef WOLFSSL_DEBUG_MEMORY
-                #ifdef WOLFSSL_ZEPHYR
-                fprintf(stderr, "Looking for %zu bytes at %s:%d\n", size, func,
-                        line);
-                #else
-                fprintf(stderr, "Looking for %lu bytes at %s:%d\n", size, func,
+                fprintf(stderr, "Looking for %lu bytes at %s:%d\n", (unsigned long) size, func,
                         line);
-                #endif
             #endif
         }
 
diff --git a/zephyr/user_settings-no-malloc.h b/zephyr/user_settings-no-malloc.h
index dece0ea817..5a5ca131c7 100644
--- a/zephyr/user_settings-no-malloc.h
+++ b/zephyr/user_settings-no-malloc.h
@@ -129,6 +129,7 @@ extern "C" {
 #undef  HAVE_FFDHE_2048
 #define HAVE_FFDHE_2048
 
+#undef WOLFSSL_NO_MALLOC
 #define WOLFSSL_NO_MALLOC
 //#define WOLFSSL_DEBUG_STATIC_MEMORY
 //#define WOLFSSL_DEBUG_MEMORY_PRINT

From 14ce8ce198132d25edd95c6c8a4c11ca3baa7bc7 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 7 May 2024 10:42:33 +0200
Subject: [PATCH 8/8] Jenkins fixes

---
 src/internal.c             | 2 +-
 src/x509.c                 | 5 +++--
 wolfcrypt/test/test.c      | 4 ++--
 wolfssl/ssl.h              | 2 +-
 wolfssl/wolfcrypt/pkcs12.h | 4 +---
 5 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 02e34dbc23..80305f0e71 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -37860,7 +37860,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
         if (sess == NULL) {
             ret = TlsSessionCacheGetAndRdLock(id, &sess, &freeCtx->row,
-                    ssl->options.side);
+                    (byte)ssl->options.side);
             if (ret != 0)
                 sess = NULL;
         }
diff --git a/src/x509.c b/src/x509.c
index 56fd9aa402..29a718730c 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -11678,8 +11678,9 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
                         "-----BEGIN X509 CRL-----")) {
                 /* We have a crl */
                 WOLFSSL_MSG("Parsing crl");
-                if((PemToDer((const unsigned char*) header, footerEnd - header,
-                        CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
+                if((PemToDer((const unsigned char*) header,
+                        (long)(footerEnd - header), CRL_TYPE, &der, NULL, NULL,
+                        NULL)) < 0) {
                     WOLFSSL_MSG("PemToDer error");
                     goto err;
                 }
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 5dc398a916..e91442ed30 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1679,7 +1679,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #if defined(USE_CERT_BUFFERS_2048) && \
         defined(HAVE_PKCS12) && \
             !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
-            !defined(NO_CERTS)
+            !defined(NO_CERTS) && !defined(NO_DES3)
     if ( (ret = pkcs12_test()) != 0)
         TEST_FAIL("PKCS12   test failed!\n", ret);
     else
@@ -24870,7 +24870,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
 #if defined(USE_CERT_BUFFERS_2048) && \
         defined(HAVE_PKCS12) && \
             !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
-            !defined(NO_CERTS)
+            !defined(NO_CERTS) && !defined(NO_DES3)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
 {
     wc_test_ret_t ret = 0;
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index df538986f4..706765295d 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -37,6 +37,7 @@
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/memory.h>
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/pkcs12.h>
 
 /* For the types */
 #include <wolfssl/openssl/compat_types.h>
@@ -2973,7 +2974,6 @@ WOLFSSL_API int  wolfSSL_connect_cert(WOLFSSL* ssl);
 
 
 /* PKCS12 compatibility */
-typedef struct WC_PKCS12 WC_PKCS12;
 WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
                                        WC_PKCS12** pkcs12);
 WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h
index 9a3e3f0f73..dc06c9df25 100644
--- a/wolfssl/wolfcrypt/pkcs12.h
+++ b/wolfssl/wolfcrypt/pkcs12.h
@@ -29,9 +29,7 @@
     extern "C" {
 #endif
 
-#ifndef WOLFSSL_TYPES_DEFINED /* do not redeclare from ssl.h */
-    typedef struct WC_PKCS12 WC_PKCS12;
-#endif
+typedef struct WC_PKCS12 WC_PKCS12;
 
 typedef struct WC_DerCertList { /* dereferenced in ssl.c */
     byte* buffer;