Merge pull request #7725 from JacobBarthelmeh/release

prepare for release 5.7.2
remove * in changelog created from search and replace
2024-07-08 11:02:46 -07:00 · 2024-07-08 10:31:13 -06:00 · 2024-07-08 09:47:46 -06:00 · 2024-07-06 21:53:16 -06:00 · 2024-07-06 10:04:26 -05:00 · 2024-07-06 10:04:06 -05:00
2575 changed files with 1828402 additions and 376840 deletions
--- a/.cyignore
+++ b/.cyignore
@ -0,0 +1,40 @@
+# wolfSSL folders
+$(SEARCH_wolfssl)/IDE
+$(SEARCH_wolfssl)/examples
+$(SEARCH_wolfssl)/linuxkm
+$(SEARCH_wolfssl)/mcapi
+$(SEARCH_wolfssl)/mplabx
+$(SEARCH_wolfssl)/mqx
+$(SEARCH_wolfssl)/tirtos
+$(SEARCH_wolfssl)/tests
+$(SEARCH_wolfssl)/testsuite
+$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
+$(SEARCH_wolfssl)/zephyr
+
+# wolfSSL files
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
+
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,10 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@ -0,0 +1,58 @@
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+labels: ["bug", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        Thanks for reporting an bug. If you would prefer a private method,
+        please email support@wolfssl.com
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: What version were you using?
+    validations:
+      required: true
+  - type: textarea
+    id: details
+    attributes:
+      label: Description
+      description: |
+        Describe the issue in detail
+        Please include:
+          * Specific `./configure` options or `user_settings.h`
+          * Target and build environment
+      placeholder: |
+        Blinded by the light!
+        Code runs too fast. It's gone plaid!
+        ...
+    validations:
+      required: true
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Reproduction steps
+      description: If possible please give instructions on how to reproduce.
+      placeholder: |
+        1. `./configure --enable-42`
+        2. `make question`
+        3.
+        ...
+    validations:
+      required: false
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
--- a/.github/ISSUE_TEMPLATE/other.yaml
+++ b/.github/ISSUE_TEMPLATE/other.yaml
@ -0,0 +1,28 @@
+name: General Issue
+description: Request support with an issue
+labels: ["triage"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        Thanks for reporting an issue. If you would prefer a private method,
+        please email support@wolfssl.com
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: What version were you using?
+    validations:
+      required: true
+  - type: textarea
+    id: details
+    attributes:
+      label: Description
+      description: |
+        Describe the issue in detail.
+        Please include specific configuration options or user_settings.h
+      placeholder: |
+        `./configure --enable-world-domination` fails
+        ...
+    validations:
+      required: true
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -0,0 +1,16 @@
+# Description
+
+Please describe the scope of the fix or feature addition.
+
+Fixes zd#
+
+# Testing
+
+How did you test?
+
+# Checklist
+
+ - [ ] added tests
+ - [ ] updated/added doxygen
+ - [ ] updated appropriate READMEs
+ - [ ] Updated manual and documentation
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a vulnerability, please report it to support@wolfssl.com
+
+ 1. Include a detailed description
+ 2. Include method to reproduce and/or method of discovery
+ 3. We will evaluate the report promptly and respond to you with findings.
+ 4. We will credit you with the report if you would like.
+
+**Please keep the vulnerability private** until a fix has been released.
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@ -0,0 +1,44 @@
+name: Async Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-asynccrypt --enable-all --enable-dtls13',
+          '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2',
+          '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
+        ]
+    name: make check
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL async
+        run: |
+          ./async-check.sh install
+          ./configure ${{ matrix.config }}
+          make check
+
+      - name: Print errors 
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@ -0,0 +1,70 @@
+name: curl Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-curl
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-curl
+          path: build-dir
+          retention-days: 5
+
+  test_curl:
+    name: ${{ matrix.curl_ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 15
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        curl_ref: [ 'master', 'curl-8_4_0' ]
+    steps:
+    - name: Install test dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev
+        sudo pip install impacket
+
+    - name: Download lib
+      uses: actions/download-artifact@v4
+      with:
+        name: wolf-install-curl
+        path: build-dir
+
+    - name: Build curl
+      uses: wolfSSL/actions-build-autotools-project@v1
+      with:
+        repository: curl/curl
+        path: curl
+        ref: ${{ matrix.curl_ref }}
+        configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+        check: false
+
+    - name: Test curl
+      working-directory: curl
+      run: make -j test-ci
--- a/.github/workflows/cyrus-sasl.yml
+++ b/.github/workflows/cyrus-sasl.yml
@ -0,0 +1,91 @@
+name: cyrus-sasl Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-sasl
+          path: build-dir
+          retention-days: 5
+
+  sasl_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.1.28 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
+            libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-sasl
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout sasl
+        uses: actions/checkout@v4
+        with:
+          repository: cyrusimap/cyrus-sasl
+          ref: cyrus-sasl-${{ matrix.ref }}
+          path: sasl
+
+      - name: Build cyrus-sasl
+        working-directory: sasl
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/${{ matrix.ref }}.patch
+          autoreconf -ivf
+          ./configure --with-openssl=no --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-dblib=berkeley --disable-shared
+          # Need to run 'make' twice with '--disable-shared' for some reason
+          make -j || make -j
+
+      - name: Run testsuite
+        working-directory: sasl
+        run: |
+          make -j -C utils testsuite saslpasswd2
+          $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh
--- a/.github/workflows/disabled/haproxy.yml
+++ b/.github/workflows/disabled/haproxy.yml
@ -0,0 +1,60 @@
+name: HaProxy Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  haproxy_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of refs to test
+        ref: [ master ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-quic --enable-haproxy
+          install: true
+
+      - name: Checkout VTest
+        uses: actions/checkout@v4
+        with:
+          repository: vtest/VTest
+          path: VTest
+
+      - name: Build VTest
+        working-directory: VTest
+        # Special flags due to: https://github.com/vtest/VTest/issues/12
+        run: make FLAGS='-O2 -s -Wall'
+
+      - name: Checkout HaProxy
+        uses: actions/checkout@v4
+        with:
+          repository: haproxy/haproxy
+          path: haproxy
+          ref: ${{ matrix.ref }}
+
+      - name: Build HaProxy
+        working-directory: haproxy
+        run: >-
+          make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
+          USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
+          SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+
+      - name: Test HaProxy
+        working-directory: haproxy
+        run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest
+ 
--- a/.github/workflows/disabled/hostap.yml
+++ b/.github/workflows/disabled/hostap.yml
@ -0,0 +1,292 @@
+name: hostap and wpa-supplicant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    strategy:
+      matrix:
+        include:
+          - build_id: hostap-build1
+            wolf_extra_config: --disable-tls13
+          - build_id: hostap-build2
+            wolf_extra_config: --enable-brainpool --enable-wpas-dpp
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-20.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA
+            ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.build_id }}
+          path: build-dir
+          retention-days: 5
+
+  # Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
+  hostap_test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # should hostapd be compiled with wolfssl
+        hostapd: [true, false]
+        # should wpa_supplicant be compiled with wolfssl
+        wpa_supplicant: [true, false]
+        # Fix the versions of hostap and osp to not break testing when a new
+        # patch is added in to osp. hostap_cherry_pick is used to apply the
+        # commit that updates the certificates used for testing. Tests are read
+        # from the corresponding configs/hostap_ref/tests file.
+        config: [
+          {
+            hostap_ref: hostap_2_10,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
+            remove_teap: true,
+            # TLS 1.3 does not work for this version
+            build_id: hostap-build1,
+          },
+          # Test the dpp patch
+          {
+            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
+            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+            build_id: hostap-build2
+          },
+        ]
+        # parallelize the tests to be able to run all tests within 10 minutes
+        # Update the <total server> in the ./run-tests.py step when changing.
+        server: [1, 2, 3, 4, 5]
+        exclude:
+          # don't test openssl on both sides
+          - hostapd: false
+            wpa_supplicant: false
+          # no hostapd support for dpp yet
+          - hostapd: true
+            config: {
+              hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+              osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+              build_id: hostap-build2
+            }
+    name: hwsim test
+    # For openssl 1.1
+    runs-on: ubuntu-20.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 12
+    needs: build_wolfssl
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
+            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
+            libnl-route-3-dev libdbus-1-dev linux-modules-extra-`uname -r` \
+            bridge-utils
+          sudo pip3 install pycryptodome
+
+      - name: Enable mac80211
+        run: |
+          sudo modprobe mac80211
+          lsmod | grep mac80211
+
+      - if: ${{ runner.debug }}
+        name: Enable hostap debug logging
+        run: |
+          echo "hostap_debug_flags=-d" >> $GITHUB_ENV
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.config.build_id }}
+          path: build-dir
+
+      - name: Setup d-bus
+        working-directory: wolfssl/.github/workflows/hostap-files
+        run: |
+          sudo cp dbus-wpa_supplicant.conf /usr/share/dbus-1/system.d/wpa_supplicant.conf
+          sudo service dbus reload
+
+        # This is super hack-ish :P
+        # If you are trying to reproduce this on a more generic system, you can
+        # just run `sudo apt install linux-modules-extra-$(uname -r)` and
+        # this should have the module in the package. No need to compile it.
+      - name: Compile and install mac80211_hwsim
+        working-directory: wolfssl/.github/workflows/hostap-files
+        run: |
+          # The tag will be the first two numbers of from uname -r
+          LINUX_TAG=$(uname -r | grep -oP '^\d+\.\d+')
+          # Download the correct version of the driver
+          wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.c
+          wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.h
+          make
+          sudo make install
+          sudo modprobe mac80211_hwsim
+          lsmod | grep mac80211_hwsim
+          sudo rmmod mac80211_hwsim
+
+      - name: Checkout hostap
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror 
+          path: hostap
+          ref: ${{ matrix.config.hostap_ref }}
+          # necessary for cherry pick step
+          fetch-depth: 0
+
+      - if: ${{ matrix.config.hostap_cherry_pick }}
+        name: Cherry pick certificate update
+        working-directory: hostap
+        run: git cherry-pick -n -X theirs ${{ matrix.config.hostap_cherry_pick }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          ref: ${{ matrix.config.osp_ref }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Apply patch files
+        working-directory: hostap
+        run: |
+          for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
+          do
+            patch -p1 < $f
+          done
+
+      - if: ${{ matrix.hostapd }}
+        name: Setup hostapd config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
+             hostap/hostapd/.config
+          cat <<EOF >> hostap/hostapd/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Setup wpa_supplicant config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
+             hostap/wpa_supplicant/.config
+          cat <<EOF >> hostap/wpa_supplicant/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - name: Build hostap
+        working-directory: hostap/tests/hwsim/
+        run: ./build.sh
+
+      - if: ${{ matrix.hostapd }}
+        name: Confirm hostapd linking with wolfSSL
+        run: ldd hostap/hostapd/hostapd | grep wolfssl
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Confirm wpa_supplicant linking with wolfSSL
+        run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
+
+      - if: ${{ matrix.config.remove_teap }}
+        name: Remove EAP-TEAP from test configuration
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: |
+          sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
+          sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
+          sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
+          sed -e 's/TEAP,//' -i eap_user.conf
+
+      - name: Run tests
+        id: testing
+        working-directory: hostap/tests/hwsim/
+        run: |
+          # Run tests in increments of 50 to cut down on the uploaded log size.
+          while mapfile -t -n 50 ary && ((${#ary[@]})); do
+            TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
+            # Retry up to three times
+            for i in {1..3}; do
+              HWSIM_RES=0 # Not set when command succeeds
+              # Logs can grow quickly especially in debug mode
+              sudo rm -rf logs
+              sudo ./start.sh
+              sudo ./run-tests.py ${{ env.hostap_debug_flags }} --split ${{ matrix.server }}/5 $TESTS || HWSIM_RES=$?
+              sudo ./stop.sh
+              if [ "$HWSIM_RES" -eq "0" ]; then
+                break
+              fi
+            done
+            echo "test ran $i times"
+            if [ "$HWSIM_RES" -ne "0" ]; then
+              exit $HWSIM_RES
+            fi
+          done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
+
+      - name: Change failure log permissions
+        if: ${{ failure() && steps.testing.outcome == 'failure' }}
+        working-directory: hostap/tests/hwsim/
+        run: |
+          sudo chown -R $USER:$USER logs
+          zip -9 -r logs.zip logs/current
+
+      - name: Upload failure logs
+        if: ${{ failure() && steps.testing.outcome == 'failure' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: hostap-logs-${{ env.our_job_run_id }}
+          path: hostap/tests/hwsim/logs.zip
+          retention-days: 5
+
--- a/.github/workflows/docker-Espressif.yml
+++ b/.github/workflows/docker-Espressif.yml
@ -0,0 +1,43 @@
+name: Espressif examples tests
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  espressif_latest:
+    name: latest Docker container
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 12
+    container:
+      image: espressif/idf:latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialize Espressif IDE and build examples
+        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+  espressif_v4_4:
+    name: v4.4 Docker container
+    runs-on: ubuntu-latest
+    container:
+      image: espressif/idf:release-v4.4
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialize Espressif IDE and build examples
+        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+  espressif_v5_0:
+    name: v5.0 Docker container
+    runs-on: ubuntu-latest
+    container:
+      image: espressif/idf:release-v5.0
+    steps:
+      - uses: actions/checkout@v4
+      - name: Initialize Espressif IDE and build examples
+        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
--- a/.github/workflows/docker-OpenWrt.yml
+++ b/.github/workflows/docker-OpenWrt.yml
@ -0,0 +1,63 @@
+# This workflow tests out new libraries with existing OpenWrt builds to check
+# there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
+name: OpenWrt test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+    build_library:
+        name: Compile libwolfssl.so
+        runs-on: ubuntu-latest
+        # This should be a safe limit for the tests to run.
+        timeout-minutes: 4
+        container:
+            image: alpine:latest
+        steps:
+            - name: Install required tools
+              run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
+            - uses: actions/checkout@v4
+            - name: Compile libwolfssl.so
+              run: ./autogen.sh && ./configure --enable-all && make
+            - name: Upload libwolfssl.so
+              uses: actions/upload-artifact@v4
+              with:
+                name: openwrt-libwolfssl.so
+                path: src/.libs/libwolfssl.so
+                retention-days: 5
+    compile_container:
+        name: Compile container
+        runs-on: ubuntu-latest
+        # This should be a safe limit for the tests to run.
+        timeout-minutes: 2
+        needs: build_library
+        strategy:
+            fail-fast: false
+            matrix:
+                release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
+        steps:
+            - uses: actions/checkout@v4
+            - uses: docker/setup-buildx-action@v3
+            - uses: actions/download-artifact@v4
+              with:
+                name: openwrt-libwolfssl.so
+                path: Docker/OpenWrt/.
+            - name: Build but dont push
+              uses: docker/build-push-action@v5
+              with:
+                  context: Docker/OpenWrt
+                  platforms: linux/amd64
+                  push: false
+                  tags: openwrt-test:latest
+                  build-args: DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-${{ matrix.release }}
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
--- a/.github/workflows/grpc.yml
+++ b/.github/workflows/grpc.yml
@ -0,0 +1,101 @@
+name: grpc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir
+          retention-days: 5
+
+  grpc_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - ref: v1.60.0
+            tests: >-
+              bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
+              crl_ssl_transport_security_test server_ssl_test
+              ssl_transport_security_test ssl_transport_security_utils_test
+              test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
+              h2_ssl_cert_test h2_ssl_session_reuse_test
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    needs: build_wolfssl
+    steps:
+      - name: Confirm IPv4 and IPv6 support
+        run: |
+          ip addr list lo | grep 'inet '
+          ip addr list lo | grep 'inet6 '
+
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout grpc
+        uses: actions/checkout@v4
+        with:
+          repository: grpc/grpc
+          path: grpc
+          ref: ${{ matrix.ref }}
+
+      - name: Build grpc
+        working-directory: ./grpc
+        run: |
+          patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
+          git submodule update --init
+          mkdir cmake/build
+          cd cmake/build
+          cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
+            -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
+          make -j $(nproc) ${{ matrix.tests }}
+
+      - name: Run grpc tests
+        working-directory: ./grpc
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ./tools/run_tests/start_port_server.py
+          for t in ${{ matrix.tests }} ; do
+            ./cmake/build/$t
+          done
--- a/.github/workflows/hitch.yml
+++ b/.github/workflows/hitch.yml
@ -0,0 +1,103 @@
+name: hitch Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-hitch
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-hitch
+          path: build-dir
+          retention-days: 5
+
+  hitch_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 1.7.3
+            ignore-tests: >-
+              test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-hitch
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
+
+      - name: Checkout hitch
+        uses: actions/checkout@v4
+        with:
+          repository: varnish/hitch
+          ref: 1.7.3
+          path: hitch
+
+      # Do this before configuring so that it only detects the updated list of
+      # tests
+      - if: ${{ matrix.ignore-tests }}
+        name: Remove tests that we want to ignore
+        working-directory: ./hitch/src/tests
+        run: |
+          rm ${{ matrix.ignore-tests }}
+
+      - name: Configure and build hitch
+        run: |
+            cd $GITHUB_WORKSPACE/hitch/
+            patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.7.3.patch
+            autoreconf -ivf
+            SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --enable-silent-rules --enable-documentation --enable-warnings --with-lex --with-yacc --prefix=$GITHUB_WORKSPACE/build-dir
+            make -j$(nproc)
+
+      - name: Confirm hitch built with wolfSSL
+        working-directory: ./hitch
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ldd src/hitch | grep wolfssl
+
+      - name: Run hitch tests, skipping ignored tests
+        working-directory: ./hitch
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          make check
--- a/.github/workflows/hostap-files/Makefile
+++ b/.github/workflows/hostap-files/Makefile
@ -0,0 +1,11 @@
+obj-m := mac80211_hwsim.o
+KDIR := /lib/modules/$(shell uname -r)/build
+PWD := $(shell pwd)
+default:
+	$(MAKE) -C $(KDIR) M=$(PWD) modules
+install:
+	$(MAKE) -C $(KDIR) M=$(PWD) modules_install
+	depmod -A
+clean:
+	$(MAKE) -C $(KDIR) M=$(PWD) clean
+
--- a/.github/workflows/hostap-files/README
+++ b/.github/workflows/hostap-files/README
@ -0,0 +1,2 @@
+Makefile and directory used in .github/workflows/hostap.yml to
+compile the mac80211_hwsim kernel module.
--- a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config
@ -0,0 +1,122 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y
+CONFIG_IEEE80211BE=y
--- a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests
--- a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config
@ -0,0 +1,164 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
--- a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/hostapd.config
+++ b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/hostapd.config
@ -0,0 +1,120 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y
--- a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests
+++ b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests
@ -0,0 +1,656 @@
+sae_pk
+sae_pk_group_negotiation
+sae_pk_sec_3
+sae_pk_sec_5
+sae_pk_group_20
+sae_pk_group_21
+sae_pk_group_20_sae_group_19
+sae_pk_group_20_sae_group_21
+sae_pk_group_19_sae_group_20
+sae_pk_password_without_pk
+sae_pk_only
+sae_pk_modes
+sae_pk_not_on_ap
+sae_pk_mixed
+sae_pk_mixed_immediate_confirm
+sae_pk_missing_ie
+sae_pk_unexpected_status
+sae_pk_invalid_signature
+sae_pk_invalid_fingerprint
+sae_pk_and_psk
+sae_pk_and_psk_invalid_password
+sae_pk_invalid_pw
+sae
+sae_password_ecc
+sae_pmksa_caching
+sae_pmksa_caching_pmkid
+sae_pmksa_caching_disabled
+sae_groups
+sae_group_nego
+sae_group_nego_no_match
+sae_anti_clogging
+sae_forced_anti_clogging
+sae_mixed
+sae_and_psk
+sae_and_psk2
+sae_wpa3_roam
+sae_mixed_mfp
+sae_mfp
+sae_missing_password
+sae_key_lifetime_in_memory
+sae_oom_wpas
+sae_proto_ecc
+sae_proto_ffc
+sae_proto_commit_delayed
+sae_proto_commit_replay
+sae_proto_confirm_replay
+sae_proto_hostapd
+sae_proto_hostapd_ecc
+sae_proto_hostapd_ffc
+sae_proto_hostapd_status_126
+sae_proto_hostapd_status_127
+sae_reflection_attack_ecc
+sae_reflection_attack_ecc_internal
+sae_commit_override
+sae_commit_override2
+sae_commit_invalid_scalar_element_ap
+sae_commit_invalid_element_ap
+sae_commit_invalid_scalar_element_sta
+sae_commit_invalid_element_sta
+sae_anti_clogging_proto
+sae_no_random
+sae_invalid_anti_clogging_token_req
+sae_password
+sae_password_short
+sae_password_long
+sae_connect_cmd
+sae_password_id
+sae_password_id_ecc
+sae_password_id_ffc
+sae_password_id_only
+sae_password_id_pwe_looping
+sae_password_id_pwe_check_ap
+sae_password_id_pwe_check_sta
+sae_forced_anti_clogging_pw_id
+sae_reauth
+sae_sync
+sae_confirm_immediate
+sae_confirm_immediate2
+sae_pwe_group_19
+sae_pwe_group_20
+sae_pwe_group_21
+sae_pwe_group_28
+sae_pwe_group_29
+sae_pwe_group_30
+sae_pwe_group_1
+sae_pwe_group_2
+sae_pwe_group_22
+sae_pwe_h2e_only_ap
+sae_pwe_h2e_only_ap_sta_forcing_loop
+sae_pwe_loop_only_ap
+sae_h2e_rejected_groups
+sae_h2e_rejected_groups_unexpected
+sae_h2e_password_id
+sae_pwe_in_psk_ap
+sae_auth_restart
+sae_rsne_mismatch
+sae_h2e_rsnxe_mismatch
+sae_h2e_rsnxe_mismatch_retries
+sae_h2e_rsnxe_mismatch_assoc
+sae_h2e_rsnxe_mismatch_ap
+sae_h2e_rsnxe_mismatch_ap2
+sae_h2e_rsnxe_mismatch_ap3
+sae_forced_anti_clogging_h2e
+sae_forced_anti_clogging_h2e_loop
+sae_okc
+sae_okc_sta_only
+sae_okc_pmk_lifetime
+sae_pmk_lifetime
+sae_and_psk_multiple_passwords
+sae_pmf_roam
+sae_ocv_pmk
+sae_ocv_pmk_failure
+sae_reject
+eap_tls_pkcs8_pkcs5_v2_des3
+eap_tls_pkcs8_pkcs5_v15
+eap_tls_session_resumption
+eap_tls_session_resumption_expiration
+eap_tls_session_resumption_radius
+eap_tls_sha512
+eap_tls_sha384
+eap_tls_ext_cert_check
+eap_tls_errors
+ap_wpa2_delayed_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission2
+ap_wpa2_delayed_group_m1_retransmission
+ap_wpa2_delayed_group_m1_retransmission_igtk
+ap_wpa2_delayed_m1_m3_zero_tk
+ap_wpa2_plaintext_m1_m3
+ap_wpa2_plaintext_m1_m3_pmf
+ap_wpa2_plaintext_m3
+ap_wpa2_plaintext_group_m1
+ap_wpa2_plaintext_group_m1_pmf
+ap_wpa2_test_command_failures
+ap_wpa2_gtk_initial_rsc_tkip
+ap_wpa2_gtk_initial_rsc_ccmp
+ap_wpa2_gtk_initial_rsc_ccmp_256
+ap_wpa2_gtk_initial_rsc_gcmp
+ap_wpa2_gtk_initial_rsc_gcmp_256
+ap_wpa2_igtk_initial_rsc_aes_128_cmac
+ap_wpa2_igtk_initial_rsc_bip_gmac_128
+ap_wpa2_igtk_initial_rsc_bip_gmac_256
+ap_wpa2_igtk_initial_rsc_bip_cmac_256
+ap_wpa2_psk
+ap_wpa2_psk_file
+ap_wpa2_psk_file_keyid
+ap_wpa2_psk_mem
+ap_wpa2_ptk_rekey
+ap_wpa2_ptk_rekey_blocked_ap
+ap_wpa2_ptk_rekey_blocked_sta
+ap_wpa2_ptk_rekey_anonce
+ap_wpa2_ptk_rekey_ap
+ap_wpa2_sha256_ptk_rekey
+ap_wpa2_sha256_ptk_rekey_ap
+ap_wpa2_psk_file_errors
+ap_wpa2_psk_wildcard_ssid
+ap_wpa2_gtk_rekey
+ap_wpa2_gtk_rekey_request
+ap_wpa2_gtk_rekey_failure
+ap_wpa2_gtk_rekey_fail_1_sta
+ap_wpa2_gmk_rekey
+ap_wpa2_strict_rekey
+ap_wpa2_psk_ext
+ap_wpa2_psk_unexpected
+ap_wpa2_psk_ext_retry_msg_3
+ap_wpa2_psk_ext_retry_msg_3b
+ap_wpa2_psk_ext_retry_msg_3c
+ap_wpa2_psk_ext_retry_msg_3d
+ap_wpa2_psk_ext_retry_msg_3e
+ap_wpa2_psk_ext_delayed_ptk_rekey
+ap_wpa2_psk_ext_eapol
+ap_wpa2_psk_ext_eapol_retry1
+ap_wpa2_psk_ext_eapol_retry1b
+ap_wpa2_psk_ext_eapol_retry1c
+ap_wpa2_psk_ext_eapol_retry1d
+ap_wpa2_psk_ext_eapol_type_diff
+ap_wpa2_psk_ext_eapol_key_info
+ap_wpa2_psk_supp_proto
+ap_wpa2_psk_supp_proto_no_ie
+ap_wpa2_psk_supp_proto_ie_mismatch
+ap_wpa2_psk_supp_proto_ok
+ap_wpa2_psk_supp_proto_no_gtk
+ap_wpa2_psk_supp_proto_anonce_change
+ap_wpa2_psk_supp_proto_unexpected_group_msg
+ap_wpa2_psk_supp_proto_msg_1_invalid_kde
+ap_wpa2_psk_supp_proto_wrong_pairwise_key_len
+ap_wpa2_psk_supp_proto_wrong_group_key_len
+ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround
+ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3
+ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
+ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
+ap_wpa2_psk_supp_proto_too_long_gtk_kde
+ap_wpa2_psk_supp_proto_gtk_not_encrypted
+ap_wpa2_psk_wep
+ap_wpa2_psk_drop_first_msg_4
+ap_wpa2_psk_disable_enable
+ap_wpa2_psk_incorrect_passphrase
+ap_wpa2_psk_no_random
+ap_wpa2_psk_assoc_rsn
+ap_wpa2_psk_ft_workaround
+ap_wpa2_psk_assoc_rsn_pmkid
+ap_wpa2_eapol_retry_limit
+ap_wpa2_disable_eapol_retry
+ap_wpa2_disable_eapol_retry_group
+ap_wpa2_psk_mic_0
+ap_wpa2_psk_local_error
+ap_wpa2_psk_ap_control_port
+ap_wpa2_psk_rsne_mismatch_ap
+ap_wpa2_psk_rsne_mismatch_ap2
+ap_wpa2_psk_rsne_mismatch_ap3
+ap_wpa2_psk_rsnxe_mismatch_ap
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
+ap_wpa2_eap_sim
+ap_wpa2_eap_sim_imsi_identity
+ap_wpa2_eap_sim_imsi_privacy_key
+ap_wpa2_eap_sim_imsi_privacy_attr
+ap_wpa2_eap_sim_sql
+ap_wpa2_eap_sim_config
+ap_wpa2_eap_sim_id_0
+ap_wpa2_eap_sim_id_1
+ap_wpa2_eap_sim_id_2
+ap_wpa2_eap_sim_id_3
+ap_wpa2_eap_sim_ext
+ap_wpa2_eap_sim_ext_replace_sim
+ap_wpa2_eap_sim_ext_replace_sim2
+ap_wpa2_eap_sim_ext_replace_sim3
+ap_wpa2_eap_sim_ext_auth_fail
+ap_wpa2_eap_sim_change_bssid
+ap_wpa2_eap_sim_no_change_set
+ap_wpa2_eap_sim_ext_anonymous
+ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
+ap_wpa2_eap_sim_oom
+ap_wpa2_eap_aka
+ap_wpa2_eap_aka_imsi_identity
+ap_wpa2_eap_aka_imsi_privacy_key
+ap_wpa2_eap_aka_imsi_privacy_attr
+ap_wpa2_eap_aka_imsi_privacy_key_expired
+ap_wpa2_eap_aka_sql
+ap_wpa2_eap_aka_config
+ap_wpa2_eap_aka_ext
+ap_wpa2_eap_aka_ext_auth_fail
+ap_wpa2_eap_aka_prime_imsi_identity
+ap_wpa2_eap_aka_prime_imsi_privacy_key
+ap_wpa2_eap_aka_prime_ext_auth_fail
+ap_wpa2_eap_aka_prime_ext
+ap_wpa2_eap_ttls_pap
+ap_wpa2_eap_ttls_pap_subject_match
+ap_wpa2_eap_ttls_pap_check_cert_subject
+ap_wpa2_eap_ttls_pap_incorrect_password
+ap_wpa2_eap_ttls_chap
+ap_wpa2_eap_ttls_chap_altsubject_match
+ap_wpa2_eap_ttls_chap_incorrect_password
+ap_wpa2_eap_ttls_mschap
+ap_wpa2_eap_ttls_mschap_incorrect_password
+ap_wpa2_eap_ttls_mschapv2
+ap_wpa2_eap_ttls_invalid_phase2
+ap_wpa2_eap_ttls_mschapv2_suffix_match
+ap_wpa2_eap_ttls_mschapv2_domain_match
+ap_wpa2_eap_ttls_mschapv2_incorrect_password
+ap_wpa2_eap_ttls_mschapv2_utf8
+ap_wpa2_eap_ttls_eap_gtc
+ap_wpa2_eap_ttls_eap_gtc_incorrect_password
+ap_wpa2_eap_ttls_eap_gtc_no_password
+ap_wpa2_eap_ttls_eap_gtc_server_oom
+ap_wpa2_eap_ttls_eap_gtc_oom
+ap_wpa2_eap_ttls_eap_md5
+ap_wpa2_eap_ttls_eap_md5_incorrect_password
+ap_wpa2_eap_ttls_eap_md5_no_password
+ap_wpa2_eap_ttls_eap_md5_server_oom
+ap_wpa2_eap_ttls_eap_mschapv2
+ap_wpa2_eap_ttls_eap_mschapv2_no_password
+ap_wpa2_eap_ttls_eap_mschapv2_server_oom
+ap_wpa2_eap_ttls_eap_sim
+ap_wpa2_eap_ttls_eap_sim_ext
+ap_wpa2_eap_ttls_eap_vendor
+ap_wpa2_eap_peap_eap_sim
+ap_wpa2_eap_peap_eap_sim_ext
+ap_wpa2_eap_fast_eap_sim_ext
+ap_wpa2_eap_ttls_eap_aka
+ap_wpa2_eap_peap_eap_aka
+ap_wpa2_eap_peap_eap_mschapv2
+ap_wpa2_eap_peap_eap_mschapv2_domain
+ap_wpa2_eap_peap_eap_mschapv2_incorrect_password
+ap_wpa2_eap_peap_crypto_binding
+ap_wpa2_eap_peap_crypto_binding_server_oom
+ap_wpa2_eap_peap_params
+ap_wpa2_eap_peap_eap_gtc
+ap_wpa2_eap_peap_eap_tls
+ap_wpa2_eap_peap_eap_vendor
+ap_wpa2_eap_tls
+ap_wpa2_eap_tls_blob
+ap_wpa2_eap_tls_blob_pem
+ap_wpa2_eap_tls_blob_missing
+ap_wpa2_eap_tls_with_tls_len
+ap_wpa2_eap_tls_pkcs12
+ap_wpa2_eap_tls_pkcs12_blob
+ap_wpa2_eap_tls_pkcs12_blob_pem
+ap_wpa2_eap_tls_diff_ca_trust
+ap_wpa2_eap_tls_diff_ca_trust2
+ap_wpa2_eap_tls_diff_ca_trust3
+ap_wpa2_eap_tls_neg_suffix_match
+ap_wpa2_eap_tls_neg_domain_match
+ap_wpa2_eap_tls_neg_subject_match
+ap_wpa2_eap_tls_neg_altsubject_match
+ap_wpa2_eap_unauth_tls
+ap_wpa2_eap_ttls_server_cert_hash
+ap_wpa2_eap_ttls_server_cert_hash_invalid
+ap_wpa2_eap_pwd
+ap_wpa2_eap_pwd_nthash
+ap_wpa2_eap_pwd_salt_sha1
+ap_wpa2_eap_pwd_salt_sha256
+ap_wpa2_eap_pwd_salt_sha512
+ap_wpa2_eap_pwd_groups
+ap_wpa2_eap_pwd_invalid_group
+ap_wpa2_eap_pwd_disabled_group
+ap_wpa2_eap_pwd_as_frag
+ap_wpa2_eap_gpsk
+ap_wpa2_eap_sake
+ap_wpa2_eap_eke
+ap_wpa2_eap_eke_many
+ap_wpa2_eap_eke_serverid_nai
+ap_wpa2_eap_eke_server_oom
+ap_wpa2_eap_ikev2
+ap_wpa2_eap_ikev2_as_frag
+ap_wpa2_eap_ikev2_oom
+ap_wpa2_eap_pax
+ap_wpa2_eap_psk
+ap_wpa2_eap_psk_oom
+ap_wpa2_eap_interactive
+ap_wpa2_eap_ext_enable_network_while_connected
+ap_wpa2_eap_vendor_test
+ap_wpa2_eap_vendor_test_oom
+ap_wpa2_eap_fast_gtc_identity_change
+ap_wpa2_eap_fast_eap_vendor
+ap_wpa2_eap_tls_ocsp
+ap_wpa2_eap_tls_ocsp_multi
+ap_wpa2_eap_tls_ocsp_key_id
+ap_wpa2_eap_tls_ocsp_ca_signed_good
+ap_wpa2_eap_tls_ocsp_ca_signed_revoked
+ap_wpa2_eap_tls_ocsp_ca_signed_unknown
+ap_wpa2_eap_tls_ocsp_server_signed
+ap_wpa2_eap_tls_ocsp_invalid_data
+ap_wpa2_eap_tls_ocsp_invalid
+ap_wpa2_eap_tls_ocsp_unknown_sign
+ap_wpa2_eap_tls_intermediate_ca
+ap_wpa2_eap_tls_ocsp_multi_revoked
+ap_wpa2_eap_tls_domain_suffix_match_cn_full
+ap_wpa2_eap_tls_domain_match_cn
+ap_wpa2_eap_tls_domain_suffix_match_cn
+ap_wpa2_eap_tls_domain_suffix_mismatch_cn
+ap_wpa2_eap_tls_domain_mismatch_cn
+ap_wpa2_eap_ttls_long_duration
+ap_wpa2_eap_ttls_server_cert_eku_client
+ap_wpa2_eap_ttls_server_cert_eku_client_server
+ap_wpa2_eap_ttls_server_pkcs12
+ap_wpa2_eap_ttls_server_pkcs12_extra
+ap_wpa2_eap_ttls_dh_params_server
+ap_wpa2_eap_ttls_dh_params_dsa_server
+ap_wpa2_eap_ttls_dh_params_not_found
+ap_wpa2_eap_ttls_dh_params_invalid
+ap_wpa2_eap_reauth
+ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
+ap_wpa2_eap_request_identity_message
+ap_wpa2_eap_sim_aka_result_ind
+ap_wpa2_eap_sim_zero_db_timeout
+ap_wpa2_eap_too_many_roundtrips
+ap_wpa2_eap_too_many_roundtrips_server
+ap_wpa2_eap_too_many_roundtrips_server2
+ap_wpa2_eap_expanded_nak
+ap_wpa2_eap_sql
+ap_wpa2_eap_non_ascii_identity
+ap_wpa2_eap_non_ascii_identity2
+ap_wpa2_eap_unexpected_wep_eapol_key
+ap_wpa2_eap_session_ticket
+ap_wpa2_eap_no_workaround
+ap_wpa2_eap_tls_check_crl
+ap_wpa2_eap_tls_check_crl_not_strict
+ap_wpa2_eap_tls_crl_reload
+ap_wpa2_eap_tls_check_cert_subject
+ap_wpa2_eap_tls_check_cert_subject_neg
+ap_wpa2_eap_tls_oom
+ap_wpa2_eap_tls_macacl
+ap_wpa2_eap_oom
+ap_wpa2_eap_tls_13
+ap_wpa2_eap_tls_13_ocsp
+ap_wpa2_eap_tls_13_missing_prot_success
+ap_wpa2_eap_tls_13_fragmentation
+ap_wpa2_eap_ttls_13
+ap_wpa2_eap_peap_13
+ap_wpa2_eap_tls_13_ec
+ap_wpa2_eap_sim_db
+ap_wpa2_eap_sim_db_sqlite
+ap_wpa2_eap_assoc_rsn
+ap_wpa2_eap_status
+ap_wpa2_eap_gpsk_ptk_rekey_ap
+ap_wpa2_eap_wildcard_ssid
+ap_wpa2_eap_psk_mac_addr_change
+ap_wpa2_eap_server_get_id
+ap_wpa2_radius_server_get_id
+ap_wpa2_eap_tls_tod
+ap_wpa2_eap_tls_tod_tofu
+ap_wpa2_eap_sake_no_control_port
+dpp_network_intro_version
+dpp_network_intro_version_change
+dpp_network_intro_version_missing_req
+dpp_tcp_pkex
+dpp_tcp_pkex_auto_connect_2
+dpp_tcp_pkex_auto_connect_2_status
+dpp_tcp_pkex_auto_connect_2_status_fail
+dpp_tcp_pkex_while_associated
+dpp_tcp_pkex_while_associated_conn_status
+dpp_controller_relay_pkex
+dpp_push_button
+dpp_push_button_session_overlap_sta
+dpp_push_button_session_overlap_ap
+dpp_push_button_session_overlap_configurator
+dpp_push_button_2sta
+dpp_push_button_r_hash_mismatch_sta
+dpp_push_button_i_hash_mismatch_ap
+dpp_push_button_r_hash_mismatch_ap
+dpp_push_button_ext_conf
+dpp_push_button_wpas_conf
+dpp_private_peer_introduction
+dpp_qr_code_parsing
+dpp_uri_version
+dpp_uri_supported_curves
+dpp_uri_host
+dpp_qr_code_parsing_fail
+dpp_qr_code_curves
+dpp_qr_code_curves_brainpool
+dpp_qr_code_unsupported_curve
+dpp_qr_code_keygen_fail
+dpp_qr_code_auth_broadcast
+dpp_configurator_enrollee_prime256v1
+dpp_configurator_enrollee_secp384r1
+dpp_configurator_enrollee_brainpoolP256r1
+dpp_configurator_enrollee_brainpoolP384r1
+dpp_configurator_enrollee_brainpoolP512r1
+dpp_configurator_enroll_conf
+dpp_qr_code_curve_prime256v1
+dpp_qr_code_curve_secp384r1
+dpp_qr_code_curve_secp521r1
+dpp_qr_code_curve_brainpoolP256r1
+dpp_qr_code_curve_brainpoolP384r1
+dpp_qr_code_curve_brainpoolP512r1
+dpp_qr_code_set_key
+dpp_qr_code_auth_mutual
+dpp_qr_code_auth_mutual_p_256
+dpp_qr_code_auth_mutual_p_384
+dpp_qr_code_auth_mutual_p_521
+dpp_qr_code_auth_mutual_bp_256
+dpp_qr_code_auth_mutual_bp_384
+dpp_qr_code_auth_mutual_bp_512
+dpp_auth_resp_retries
+dpp_qr_code_auth_mutual_not_used
+dpp_qr_code_auth_mutual_curve_mismatch
+dpp_qr_code_auth_hostapd_mutual2
+dpp_qr_code_listen_continue
+dpp_qr_code_auth_initiator_enrollee
+dpp_qr_code_auth_initiator_either_2
+dpp_qr_code_auth_initiator_either_3
+dpp_config_legacy
+dpp_config_legacy_psk_hex
+dpp_config_fragmentation
+dpp_config_legacy_gen
+dpp_config_legacy_gen_psk
+dpp_config_dpp_gen_prime256v1
+dpp_config_dpp_gen_secp384r1
+dpp_config_dpp_gen_secp521r1
+dpp_config_dpp_gen_expiry
+dpp_config_dpp_gen_expired_key
+dpp_config_dpp_gen_3rd_party
+dpp_config_dpp_override_prime256v1
+dpp_config_dpp_override_secp384r1
+dpp_config_override_objects
+dpp_config_signed_connector_error_no_dot_1
+dpp_config_signed_connector_error_no_dot_2
+dpp_config_signed_connector_error_unexpected_signature_len
+dpp_config_no_csign
+dpp_config_no_signed_connector
+dpp_config_unexpected_signed_connector_char
+dpp_config_root_not_an_object
+dpp_config_no_wi_fi_tech
+dpp_config_no_discovery
+dpp_config_no_discovery_ssid
+dpp_config_too_long_discovery_ssid
+dpp_config_no_cred
+dpp_config_no_cred_akm
+dpp_config_error_legacy_no_pass
+dpp_config_error_legacy_too_long_pass
+dpp_config_error_legacy_psk_with_sae
+dpp_config_error_legacy_no_pass_for_sae
+dpp_config_error_legacy_invalid_psk
+dpp_config_error_legacy_too_short_psk
+dpp_config_connector_error_ext_sign
+dpp_config_connector_error_too_short_timestamp
+dpp_config_connector_error_invalid_timestamp
+dpp_config_connector_error_invalid_timestamp_date
+dpp_config_connector_error_expired_1
+dpp_config_connector_error_expired_2
+dpp_config_connector_error_expired_3
+dpp_config_connector_error_expired_4
+dpp_config_connector_error_expired_6
+dpp_config_connector_error_no_groups
+dpp_config_connector_error_empty_groups
+dpp_config_connector_error_missing_group_id
+dpp_config_connector_error_missing_net_role
+dpp_config_connector_error_missing_net_access_key
+dpp_config_connector_error_net_access_key_mismatch
+dpp_akm_sha256
+dpp_akm_sha384
+dpp_akm_sha512
+dpp_network_introduction
+dpp_network_introduction_expired
+dpp_and_sae_akm
+dpp_ap_config
+dpp_ap_config_p256_p256
+dpp_ap_config_p256_p384
+dpp_ap_config_p384_p256
+dpp_ap_config_p384_p384
+dpp_ap_config_p521_p256
+dpp_ap_config_p521_p384
+dpp_ap_config_bp256_bp256
+dpp_ap_config_bp384_bp384
+dpp_ap_config_bp512_bp512
+dpp_ap_config_p256_bp256
+dpp_ap_config_bp256_p256
+dpp_ap_config_p521_bp512
+dpp_ap_config_reconfig_configurator
+dpp_auto_connect_legacy
+dpp_auto_connect_legacy_ssid_charset
+dpp_auto_connect_legacy_sae_1
+dpp_auto_connect_legacy_sae_2
+dpp_auto_connect_legacy_psk_sae_1
+dpp_auto_connect_legacy_psk_sae_2
+dpp_auto_connect_legacy_psk_sae_3
+dpp_auto_connect_legacy_pmf_required
+dpp_test_vector_p_256
+dpp_test_vector_p_256_b
+dpp_test_vector_p_521
+dpp_pkex
+dpp_pkex_v2
+dpp_pkex_p256
+dpp_pkex_p384
+dpp_pkex_p521
+dpp_pkex_bp256
+dpp_pkex_bp384
+dpp_pkex_bp512
+dpp_pkex_config
+dpp_pkex_no_identifier
+dpp_pkex_identifier_mismatch
+dpp_pkex_identifier_mismatch2
+dpp_pkex_identifier_mismatch3
+dpp_pkex_test_vector
+dpp_pkex_code_mismatch
+dpp_pkex_code_mismatch_limit
+dpp_pkex_curve_mismatch
+dpp_pkex_curve_mismatch_failure
+dpp_pkex_curve_mismatch_failure2
+dpp_pkex_exchange_resp_processing_failure
+dpp_pkex_commit_reveal_req_processing_failure
+dpp_pkex_config2
+dpp_pkex_no_responder
+dpp_pkex_after_retry
+dpp_pkex_hostapd_responder
+dpp_pkex_v2_hostapd_responder
+dpp_pkex_hostapd_initiator
+dpp_pkex_v2_hostapd_initiator
+dpp_pkex_hostapd_initiator_fallback
+dpp_pkex_hostapd_initiator_no_response
+dpp_pkex_hostapd_errors
+dpp_pkex_nak_curve_change
+dpp_pkex_nak_curve_change2
+dpp_hostapd_configurator
+dpp_hostapd_configurator_responder
+dpp_hostapd_configurator_fragmentation
+dpp_hostapd_enrollee_fragmentation
+dpp_hostapd_enrollee_gas_timeout
+dpp_hostapd_enrollee_gas_timeout_comeback
+dpp_hostapd_enrollee_gas_errors
+dpp_hostapd_enrollee_gas_proto
+dpp_hostapd_enrollee_gas_tx_status_errors
+dpp_hostapd_configurator_override_objects
+dpp_own_config
+dpp_own_config_group_id
+dpp_proto_after_wrapped_data_auth_req
+dpp_auth_req_stop_after_ack
+dpp_auth_req_retries
+dpp_auth_req_retries_multi_chan
+dpp_proto_after_wrapped_data_auth_resp
+dpp_proto_after_wrapped_data_auth_conf
+dpp_proto_after_wrapped_data_conf_req
+dpp_proto_after_wrapped_data_conf_resp
+dpp_proto_stop_at_pkex_exchange_resp
+dpp_proto_stop_at_pkex_cr_req
+dpp_proto_stop_at_pkex_cr_resp
+dpp_proto_network_introduction
+dpp_hostapd_auth_conf_timeout
+dpp_tcp
+dpp_tcp_port
+dpp_tcp_mutual
+dpp_tcp_mutual_hostapd_conf
+dpp_tcp_conf_init
+dpp_tcp_conf_init_hostapd_enrollee
+dpp_tcp_controller_management_hostapd
+dpp_tcp_controller_management_hostapd2
+dpp_tcp_controller_start_failure
+dpp_tcp_init_failure
+dpp_controller_rx_failure
+dpp_controller_rx_errors
+dpp_conn_status_success
+dpp_conn_status_wrong_passphrase
+dpp_conn_status_no_ap
+dpp_conn_status_connector_mismatch
+dpp_conn_status_assoc_reject
+dpp_conn_status_success_hostapd_configurator
+dpp_mud_url
+dpp_mud_url_hostapd
+dpp_config_save
+dpp_config_save2
+dpp_config_save3
+dpp_nfc_uri
+dpp_nfc_uri_hostapd
+dpp_nfc_uri_hostapd_tag_read
+dpp_nfc_negotiated_handover
+dpp_nfc_negotiated_handover_diff_curve
+dpp_nfc_negotiated_handover_hostapd_sel
+dpp_nfc_negotiated_handover_hostapd_req
+dpp_nfc_errors_hostapd
+dpp_with_p2p_device
+dpp_pfs_ap_0
+dpp_pfs_ap_1
+dpp_pfs_ap_2
+dpp_pfs_connect_cmd
+dpp_pfs_connect_cmd_ap_2
+dpp_pfs_connect_cmd_ap_2_sae
+dpp_pfs_ap_0_sta_ver1
+dpp_pfs_errors
+dpp_qr_code_auth_rand_mac_addr
+dpp_enterprise
+dpp_enterprise_tcp
+dpp_enterprise_tcp2
+dpp_qr_code_config_event_initiator
+dpp_qr_code_config_event_initiator_set_comeback
+dpp_qr_code_config_event_initiator_slow
+dpp_qr_code_config_event_initiator_failure
+dpp_qr_code_config_event_initiator_no_response
+dpp_qr_code_config_event_initiator_both
+dpp_tcp_qr_code_config_event_initiator
+dpp_discard_public_action
+
--- a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/wpa_supplicant.config
+++ b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/wpa_supplicant.config
@ -0,0 +1,163 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
--- a/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch
@ -0,0 +1,47 @@
+From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
+From: Juliusz Sosinowicz <juliusz@wolfssl.com>
+Date: Fri, 19 Apr 2024 16:41:38 +0200
+Subject: [PATCH] Fixes for running tests under UML
+
+- Apply commit ID fix from more recent commit
+- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
+---
+ src/crypto/crypto_wolfssl.c | 2 +-
+ tests/hwsim/run-all.sh      | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 00ecf61352..a57fa50697 100644
+--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
+@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
+ 	int ret = -1;
+ 	WC_RNG rng;
+ 	DhKey *dh = NULL;
+-	word32 priv_sz, pub_sz;
+	word32 priv_sz = prime_len, pub_sz = prime_len;
+ 
+ 	if (TEST_FAIL())
+ 		return -1;
+diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
+index ee48cd0581..75c3a58b52 100755
+--- a/tests/hwsim/run-all.sh
+++ b/tests/hwsim/run-all.sh
+@@ -15,7 +15,13 @@ export LOGDIR
+ if [ -z "$DBFILE" ]; then
+     DB=""
+ else
+-    DB="-S $DBFILE --commit $(git rev-parse HEAD)"
+    DB="-S $DBFILE"
+    if [ -z "$COMMITID" ]; then
+	COMMITID="$(git rev-parse HEAD)"
+    fi
+    if [ -n "$COMMITID" ]; then
+	DB="$DB --commit $COMMITID"
+    fi
+     if [ -n "$BUILD" ]; then
+ 	DB="$DB -b $BUILD"
+     fi
+-- 
+2.34.1
+
--- a/.github/workflows/hostap-files/configs/hostap_2_10/hostapd.config
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/hostapd.config
@ -0,0 +1,119 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+#CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+#CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+#CONFIG_DPP=y
+#CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y
--- a/.github/workflows/hostap-files/configs/hostap_2_10/tests
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/tests
@ -0,0 +1,270 @@
+sae
+sae_password_ecc
+sae_pmksa_caching
+sae_pmksa_caching_pmkid
+sae_pmksa_caching_disabled
+sae_groups
+sae_group_nego
+sae_group_nego_no_match
+sae_anti_clogging
+sae_forced_anti_clogging
+sae_mixed
+sae_and_psk
+sae_and_psk2
+sae_wpa3_roam
+sae_mixed_mfp
+sae_mfp
+sae_missing_password
+sae_key_lifetime_in_memory
+sae_oom_wpas
+sae_proto_ecc
+sae_proto_ffc
+sae_proto_commit_delayed
+sae_proto_commit_replay
+sae_proto_confirm_replay
+sae_proto_hostapd
+sae_proto_hostapd_ecc
+sae_proto_hostapd_ffc
+sae_proto_hostapd_status_126
+sae_proto_hostapd_status_127
+sae_reflection_attack_ecc
+sae_reflection_attack_ecc_internal
+sae_commit_override
+sae_commit_override2
+sae_commit_invalid_scalar_element_ap
+sae_commit_invalid_element_ap
+sae_commit_invalid_scalar_element_sta
+sae_commit_invalid_element_sta
+sae_anti_clogging_proto
+sae_no_random
+sae_bignum_failure_unsafe_group
+sae_invalid_anti_clogging_token_req
+sae_password
+sae_password_short
+sae_password_long
+sae_connect_cmd
+sae_password_id
+sae_password_id_ecc
+sae_password_id_ffc
+sae_password_id_only
+sae_password_id_pwe_looping
+sae_password_id_pwe_check_ap
+sae_password_id_pwe_check_sta
+sae_forced_anti_clogging_pw_id
+sae_reauth
+sae_sync
+sae_confirm_immediate
+sae_confirm_immediate2
+sae_pwe_group_19
+sae_pwe_group_20
+sae_pwe_group_21
+sae_pwe_group_1
+sae_pwe_group_2
+sae_pwe_group_22
+sae_pwe_h2e_only_ap
+sae_pwe_h2e_only_ap_sta_forcing_loop
+sae_pwe_loop_only_ap
+sae_h2e_rejected_groups
+sae_h2e_rejected_groups_unexpected
+sae_h2e_password_id
+sae_pwe_in_psk_ap
+sae_auth_restart
+sae_rsne_mismatch
+sae_h2e_rsnxe_mismatch
+sae_h2e_rsnxe_mismatch_retries
+sae_h2e_rsnxe_mismatch_assoc
+sae_h2e_rsnxe_mismatch_ap
+sae_h2e_rsnxe_mismatch_ap2
+sae_h2e_rsnxe_mismatch_ap3
+sae_forced_anti_clogging_h2e
+sae_forced_anti_clogging_h2e_loop
+sae_okc
+sae_okc_sta_only
+sae_okc_pmk_lifetime
+sae_pmk_lifetime
+sae_and_psk_multiple_passwords
+sae_pmf_roam
+sae_ocv_pmk
+sae_ocv_pmk_failure
+sae_reject
+eap_tls_pkcs8_pkcs5_v2_des3
+eap_tls_pkcs8_pkcs5_v15
+eap_tls_sha512
+eap_tls_sha384
+eap_tls_errors
+eap_proto_peap_errors_server
+eap_proto_peap_errors
+ap_wpa2_delayed_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission
+ap_wpa2_delayed_m1_m3_retransmission2
+ap_wpa2_delayed_group_m1_retransmission
+ap_wpa2_delayed_group_m1_retransmission_igtk
+ap_wpa2_delayed_m1_m3_zero_tk
+ap_wpa2_plaintext_m1_m3
+ap_wpa2_plaintext_m1_m3_pmf
+ap_wpa2_plaintext_m3
+ap_wpa2_plaintext_group_m1
+ap_wpa2_plaintext_group_m1_pmf
+ap_wpa2_test_command_failures
+ap_wpa2_gtk_initial_rsc_tkip
+ap_wpa2_gtk_initial_rsc_ccmp
+ap_wpa2_gtk_initial_rsc_ccmp_256
+ap_wpa2_gtk_initial_rsc_gcmp
+ap_wpa2_gtk_initial_rsc_gcmp_256
+ap_wpa2_igtk_initial_rsc_aes_128_cmac
+ap_wpa2_igtk_initial_rsc_bip_gmac_128
+ap_wpa2_igtk_initial_rsc_bip_gmac_256
+ap_wpa2_igtk_initial_rsc_bip_cmac_256
+ap_wpa2_psk
+ap_wpa2_psk_file
+ap_wpa2_psk_file_keyid
+ap_wpa2_psk_mem
+ap_wpa2_ptk_rekey
+ap_wpa2_ptk_rekey_blocked_ap
+ap_wpa2_ptk_rekey_blocked_sta
+ap_wpa2_ptk_rekey_anonce
+ap_wpa2_ptk_rekey_ap
+ap_wpa2_sha256_ptk_rekey
+ap_wpa2_sha256_ptk_rekey_ap
+ap_wpa2_psk_file_errors
+ap_wpa2_psk_wildcard_ssid
+ap_wpa2_gtk_rekey
+ap_wpa2_gtk_rekey_request
+ap_wpa2_gtk_rekey_failure
+ap_wpa2_gmk_rekey
+ap_wpa2_strict_rekey
+ap_wpa2_psk_ext
+ap_wpa2_psk_unexpected
+ap_wpa2_psk_ext_retry_msg_3
+ap_wpa2_psk_ext_retry_msg_3b
+ap_wpa2_psk_ext_retry_msg_3c
+ap_wpa2_psk_ext_retry_msg_3d
+ap_wpa2_psk_ext_retry_msg_3e
+ap_wpa2_psk_ext_delayed_ptk_rekey
+ap_wpa2_psk_ext_eapol
+ap_wpa2_psk_ext_eapol_retry1
+ap_wpa2_psk_ext_eapol_retry1b
+ap_wpa2_psk_ext_eapol_retry1c
+ap_wpa2_psk_ext_eapol_retry1d
+ap_wpa2_psk_ext_eapol_type_diff
+ap_wpa2_psk_ext_eapol_key_info
+ap_wpa2_psk_wep
+ap_wpa2_psk_ifdown
+ap_wpa2_psk_drop_first_msg_4
+ap_wpa2_psk_disable_enable
+ap_wpa2_psk_incorrect_passphrase
+ap_wpa2_psk_no_random
+ap_wpa2_psk_assoc_rsn
+ap_wpa2_psk_ft_workaround
+ap_wpa2_psk_assoc_rsn_pmkid
+ap_wpa2_eapol_retry_limit
+ap_wpa2_disable_eapol_retry
+ap_wpa2_disable_eapol_retry_group
+ap_wpa2_psk_mic_0
+ap_wpa2_psk_local_error
+ap_wpa2_psk_inject_assoc
+ap_wpa2_psk_ap_control_port
+ap_wpa2_psk_ap_control_port_disabled
+ap_wpa2_psk_rsne_mismatch_ap
+ap_wpa2_psk_rsne_mismatch_ap2
+ap_wpa2_psk_rsne_mismatch_ap3
+ap_wpa2_psk_rsnxe_mismatch_ap
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
+ap_wpa2_eap_sim
+ap_wpa2_eap_sim_sql
+ap_wpa2_eap_sim_config
+ap_wpa2_eap_sim_id_0
+ap_wpa2_eap_sim_id_1
+ap_wpa2_eap_sim_id_2
+ap_wpa2_eap_sim_id_3
+ap_wpa2_eap_sim_ext
+ap_wpa2_eap_sim_ext_replace_sim
+ap_wpa2_eap_sim_ext_replace_sim2
+ap_wpa2_eap_sim_ext_replace_sim3
+ap_wpa2_eap_sim_ext_auth_fail
+ap_wpa2_eap_sim_change_bssid
+ap_wpa2_eap_sim_no_change_set
+ap_wpa2_eap_sim_ext_anonymous
+ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
+ap_wpa2_eap_sim_oom
+ap_wpa2_eap_aka
+ap_wpa2_eap_aka_sql
+ap_wpa2_eap_aka_config
+ap_wpa2_eap_aka_ext
+ap_wpa2_eap_aka_ext_auth_fail
+ap_wpa2_eap_aka_prime
+ap_wpa2_eap_aka_prime_sql
+ap_wpa2_eap_aka_prime_ext_auth_fail
+ap_wpa2_eap_aka_prime_ext
+ap_wpa2_eap_ttls_invalid_phase2
+ap_wpa2_eap_ttls_eap_vendor
+ap_wpa2_eap_fast_eap_sim
+ap_wpa2_eap_fast_eap_aka
+ap_wpa2_eap_peap_params
+ap_wpa2_eap_peap_eap_gtc
+ap_wpa2_eap_peap_eap_vendor
+ap_wpa2_eap_ttls_server_cert_hash
+ap_wpa2_eap_ttls_server_cert_hash_invalid
+ap_wpa2_eap_pwd
+ap_wpa2_eap_pwd_nthash
+ap_wpa2_eap_pwd_salt_sha1
+ap_wpa2_eap_pwd_salt_sha256
+ap_wpa2_eap_pwd_salt_sha512
+ap_wpa2_eap_pwd_groups
+ap_wpa2_eap_pwd_invalid_group
+ap_wpa2_eap_pwd_disabled_group
+ap_wpa2_eap_pwd_as_frag
+ap_wpa2_eap_gpsk
+ap_wpa2_eap_sake
+ap_wpa2_eap_ikev2
+ap_wpa2_eap_ikev2_as_frag
+ap_wpa2_eap_ikev2_oom
+ap_wpa2_eap_pax
+ap_wpa2_eap_psk
+ap_wpa2_eap_psk_oom
+ap_wpa2_eap_interactive
+ap_wpa2_eap_ext_enable_network_while_connected
+ap_wpa2_eap_vendor_test
+ap_wpa2_eap_vendor_test_oom
+ap_wpa2_eap_ttls_ocsp_revoked
+ap_wpa2_eap_ttls_ocsp_unknown
+ap_wpa2_eap_ttls_optional_ocsp_unknown
+ap_wpa2_eap_ttls_long_duration
+ap_wpa2_eap_ttls_server_cert_eku_client
+ap_wpa2_eap_ttls_server_cert_eku_client_server
+ap_wpa2_eap_ttls_dh_params
+ap_wpa2_eap_ttls_dh_params_dsa
+ap_wpa2_eap_ttls_dh_params_not_found
+ap_wpa2_eap_ttls_dh_params_invalid
+ap_wpa2_eap_ttls_dh_params_blob
+ap_wpa2_eap_ttls_dh_params_server
+ap_wpa2_eap_ttls_dh_params_dsa_server
+ap_wpa2_eap_reauth
+ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
+ap_wpa2_eap_request_identity_message
+ap_wpa2_eap_sim_aka_result_ind
+ap_wpa2_eap_sim_zero_db_timeout
+ap_wpa2_eap_too_many_roundtrips
+ap_wpa2_eap_too_many_roundtrips_server
+ap_wpa2_eap_too_many_roundtrips_server2
+ap_wpa2_eap_expanded_nak
+ap_wpa2_eap_sql
+ap_wpa2_eap_non_ascii_identity
+ap_wpa2_eap_non_ascii_identity2
+ap_wpa2_eap_unexpected_wep_eapol_key
+ap_wpa2_eap_oom
+ap_wpa2_eap_sim_db
+ap_wpa2_eap_sim_db_sqlite
+ap_wpa2_eap_assoc_rsn
+ap_wpa2_eap_status
+ap_wpa2_eap_gpsk_ptk_rekey_ap
+ap_wpa2_eap_wildcard_ssid
+ap_wpa2_eap_psk_mac_addr_change
+ap_wpa2_eap_server_get_id
+ap_wpa2_radius_server_get_id
+ap_wpa2_eap_sake_no_control_port
--- a/.github/workflows/hostap-files/configs/hostap_2_10/wpa_supplicant.config
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/wpa_supplicant.config
@ -0,0 +1,163 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+#CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+#CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+#CONFIG_DPP=y
+#CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
--- a/.github/workflows/hostap-files/dbus-wpa_supplicant.conf
+++ b/.github/workflows/hostap-files/dbus-wpa_supplicant.conf
@ -0,0 +1,23 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <policy user="root">
+    <allow own="fi.epitest.hostap.WPASupplicant"/>
+    <allow send_destination="fi.epitest.hostap.WPASupplicant"/>
+    <allow send_interface="fi.epitest.hostap.WPASupplicant"/>
+    <allow own="fi.w1.wpa_supplicant1"/>
+    <allow send_destination="fi.w1.wpa_supplicant1"/>
+    <allow send_interface="fi.w1.wpa_supplicant1"/>
+    <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+  </policy>
+  <policy context="default">
+    <deny own="fi.epitest.hostap.WPASupplicant"/>
+    <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
+    <deny send_interface="fi.epitest.hostap.WPASupplicant"/>
+    <deny own="fi.w1.wpa_supplicant1"/>
+    <deny send_destination="fi.w1.wpa_supplicant1"/>
+    <deny send_interface="fi.w1.wpa_supplicant1"/>
+    <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+  </policy>
+</busconfig>
--- a/.github/workflows/hostap-vm.yml
+++ b/.github/workflows/hostap-vm.yml
@ -0,0 +1,313 @@
+name: hostap and wpa-supplicant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  LINUX_REF: v6.6
+
+jobs:
+  build_wolfssl:
+    strategy:
+      matrix:
+        include:
+          - build_id: hostap-vm-build1
+            wolf_extra_config: --disable-tls13
+          - build_id: hostap-vm-build2
+            wolf_extra_config: >-
+              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 
+              --enable-tlsv10 --enable-oldtls
+    name: Build wolfSSL
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
+            ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.build_id }}
+          path: build-dir
+          retention-days: 5
+
+  build_uml_linux:
+    name: Build UML (UserMode Linux)
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: ${{ env.LINUX_REF }}
+          lookup-only: true
+
+      - name: Checkout hostap
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror
+          path: hostap
+
+      - name: Checkout linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: torvalds/linux 
+          path: linux
+
+      - name: Compile linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
+          cd linux
+          yes "" | ARCH=um make -j $(nproc)
+
+  hostap_test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # should hostapd be compiled with wolfssl
+        hostapd: [true, false]
+        # should wpa_supplicant be compiled with wolfssl
+        wpa_supplicant: [true, false]
+        # Fix the versions of hostap and osp to not break testing when a new
+        # patch is added in to osp. Tests are read from the corresponding
+        # configs/hostap_ref/tests file.
+        config: [
+          {
+            hostap_ref: hostap_2_10,
+            remove_teap: true,
+            # TLS 1.3 does not work for this version
+            build_id: hostap-vm-build1,
+          },
+          # Test the dpp patch
+          {
+            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+            build_id: hostap-vm-build2
+          },
+          {
+            hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
+            osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
+            build_id: hostap-vm-build2
+          },
+        ]
+        exclude:
+          # don't test openssl on both sides
+          - hostapd: false
+            wpa_supplicant: false
+          # no hostapd support for dpp yet
+          - hostapd: true
+            config: {
+              hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+              osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+              build_id: hostap-vm-build2
+            }
+    name: hwsim test
+    # For openssl 1.1
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 45
+    needs: [build_wolfssl, build_uml_linux]
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: ${{ env.LINUX_REF }}
+          fail-on-cache-miss: true
+
+      - name: show file structure
+        run: tree
+
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.config.build_id }}
+          path: build-dir
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
+            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark
+          sudo pip3 install pycryptodome
+
+      - name: Checkout hostap
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror 
+          path: hostap
+          ref: ${{ matrix.config.hostap_ref }}
+
+      - name: Update certs
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: ./update.sh
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          ref: ${{ matrix.config.osp_ref }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Apply patch files
+        working-directory: hostap
+        run: |
+          for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
+          do
+            patch -p1 < $f
+          done
+
+      - name: Apply extra patches
+        working-directory: hostap
+        run: |
+          FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
+          if [ -f "$FILE" ]; then
+            patch -p1 < $FILE
+          fi
+
+      - if: ${{ matrix.hostapd }}
+        name: Setup hostapd config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
+             hostap/hostapd/.config
+          cat <<EOF >> hostap/hostapd/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Setup wpa_supplicant config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
+             hostap/wpa_supplicant/.config
+          cat <<EOF >> hostap/wpa_supplicant/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - name: Build hostap and wpa_supplicant
+        working-directory: hostap/tests/hwsim/
+        run: ./build.sh
+
+      - if: ${{ matrix.hostapd }}
+        name: Confirm hostapd linking with wolfSSL
+        run: ldd hostap/hostapd/hostapd | grep wolfssl
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Confirm wpa_supplicant linking with wolfSSL
+        run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
+
+      - if: ${{ matrix.config.remove_teap }}
+        name: Remove EAP-TEAP from test configuration
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: |
+          sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
+          sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
+          sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
+          sed -e 's/TEAP,//' -i eap_user.conf
+
+      - if: ${{ runner.debug }}
+        name: Enable hostap debug logging
+        run: |
+          echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
+
+      - name: Run tests
+        id: testing
+        working-directory: hostap/tests/hwsim/
+        run: |
+          cat <<EOF >> vm/vm-config
+            KERNELDIR=$GITHUB_WORKSPACE/linux
+            KVMARGS="-cpu host"
+          EOF
+          # Run tests in increments of 200 to not stall out the parallel-vm script
+          while mapfile -t -n 200 ary && ((${#ary[@]})); do
+            TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
+            HWSIM_RES=0 # Not set when command succeeds
+            ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS  || HWSIM_RES=$?
+            if [ "$HWSIM_RES" -ne "0" ]; then
+              # Let's re-run the failing tests. We gather the failed tests from the log file.
+              FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
+              printf 'failed tests: %s\n' "$FAILED_TESTS"
+              ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
+            fi
+            rm -r /tmp/hwsim-test-logs
+          done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
+
+      # The logs are quite big. It hasn't been useful so far so let's not waste
+      # precious gh space.
+      #- name: zip logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  working-directory: hostap/tests/hwsim/
+      #  run: |
+      #    rm /tmp/hwsim-test-logs/latest
+      #    zip -9 -r logs.zip /tmp/hwsim-test-logs
+      #
+      #- name: Upload failure logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  uses: actions/upload-artifact@v4
+      #  with:
+      #    name: hostap-logs-${{ env.our_job_run_id }}
+      #    path: hostap/tests/hwsim/logs.zip
+      #    retention-days: 5
--- a/.github/workflows/ipmitool.yml
+++ b/.github/workflows/ipmitool.yml
@ -0,0 +1,77 @@
+name: ipmitool Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-ipmitool
+          path: build-dir
+          retention-days: 5
+
+  build_ipmitool:
+    strategy:
+      fail-fast: false
+      matrix:
+        git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
+    name: ${{ matrix.git_ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-ipmitool
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build ipmitool
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: ipmitool/ipmitool
+          ref: ${{ matrix.git_ref }}
+          path: ipmitool
+          patch-file: $GITHUB_WORKSPACE/osp/ipmitool/*-${{ matrix.git_ref }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          # No checks included and not running since it depends on hardware
+          check: false
+
+      - name: Confirm built with wolfSSL
+        working-directory: ipmitool
+        run: |
+          ldd src/ipmitool | grep wolfssl
+          ldd src/ipmievd | grep wolfssl
+ 
--- a/.github/workflows/jwt-cpp.yml
+++ b/.github/workflows/jwt-cpp.yml
@ -0,0 +1,85 @@
+name: jwt-cpp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-jwt-cpp
+          path: build-dir
+          retention-days: 5
+
+  build_pam-ipmi:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 0.6.0 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install libgtest-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-jwt-cpp
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout jwt-cpp
+        uses: actions/checkout@v4
+        with:
+          repository: Thalhammer/jwt-cpp
+          path: jwt-cpp
+          ref: v${{ matrix.ref }}
+
+      - name: Build pam-ipmi
+        working-directory: jwt-cpp
+        run: |
+          patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
+            cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
+          make -j -C build
+          ldd ./build/tests/jwt-cpp-test | grep wolfssl
+
+      - name: Run jwt-cpp tests
+        working-directory: jwt-cpp
+        run: ./build/tests/jwt-cpp-test
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@ -0,0 +1,96 @@
+name: Kerberos 5 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 5
+    steps:
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-krb CC='gcc -fsanitize=address'
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-krb5
+          path: build-dir
+          retention-days: 5
+
+  krb5_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.21.1 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-krb5
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout krb5
+        uses: actions/checkout@v4
+        with:
+          repository: krb5/krb5
+          ref: krb5-${{ matrix.ref }}-final
+          path: krb5
+
+      - name: Apply patch
+        working-directory: ./krb5
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
+
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - name: Build krb5
+        working-directory: ./krb5/src
+        run: |
+          autoreconf -ivf
+          # Using rpath because LD_LIBRARY_PATH is overwritten during testing
+          export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl  -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
+          export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
+          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
+            CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
+          CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j
+
+      - name: Run tests
+        working-directory: ./krb5/src
+        run: |
+          CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j check
+
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@ -0,0 +1,67 @@
+name: libssh2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          check: false # config is already tested in many other PRB's
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir
+          retention-days: 5
+
+  libssh2_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.11.0 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir
+
+      - name: Build and test libssh2
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: libssh2/libssh2
+          ref: libssh2-${{ matrix.ref }}
+          path: libssh2
+          configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
+          check: true
+
+      - name: Confirm libssh2 built with wolfSSL
+        working-directory: ./libssh2
+        run: ldd src/.libs/libssh2.so | grep wolfssl
--- a/.github/workflows/libvncserver.yml
+++ b/.github/workflows/libvncserver.yml
@ -0,0 +1,79 @@
+name: libvncserver Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libvncserver
+          path: build-dir
+          retention-days: 5
+
+  build_libvncserver:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 0.9.13 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libvncserver
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout libvncserver
+        uses: actions/checkout@v4
+        with:
+          repository: LibVNC/libvncserver
+          path: libvncserver
+          ref: LibVNCServer-${{ matrix.ref }}
+
+      - name: Build libvncserver
+        working-directory: libvncserver
+        run: |
+          patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
+            cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
+          make -j -C build VERBOSE=1
+          ldd build/libvncclient.so | grep wolfssl
+          ldd build/libvncserver.so | grep wolfssl
+
+      - name: Run libvncserver tests
+        working-directory: libvncserver
+        run: make -C build test
--- a/.github/workflows/memcached.sh
+++ b/.github/workflows/memcached.sh
@ -0,0 +1,14 @@
+#!/bin/sh
+
+if [ -z "$GITHUB_WORKSPACE" ]; then
+    echo '$GITHUB_WORKSPACE is not set'
+    exit 1
+fi
+
+if [ -z "$HOST_ROOT" ]; then
+    echo '$HOST_ROOT is not set'
+    exit 1
+fi
+
+chroot $HOST_ROOT make -C $GITHUB_WORKSPACE/memcached \
+    -j$(nproc) PARALLEL=$(nproc) test_tls
--- a/.github/workflows/memcached.yml
+++ b/.github/workflows/memcached.yml
@ -0,0 +1,116 @@
+name: memcached Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-memcached
+          install: true
+
+      - name: Bundle Docker entry point
+        run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-memcached
+          path: build-dir
+          retention-days: 5
+
+  memcached_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 1.6.22
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-memcached
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
+
+      - name: Checkout memcached
+        uses: actions/checkout@v4
+        with:
+          repository: memcached/memcached
+          ref: 1.6.22
+          path: memcached
+
+      - name: Configure and build memcached
+        run: |
+            cd $GITHUB_WORKSPACE/memcached/
+            patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.22.patch
+            ./autogen.sh
+            export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+            PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig ./configure --enable-wolfssl
+            make -j$(nproc)
+
+      - name: Confirm memcached built with wolfSSL
+        working-directory: ./memcached
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ldd memcached | grep wolfssl
+
+      - name: Run memcached tests
+        working-directory: ./memcached
+        run: |
+          # Retry up to three times
+          # Using docker because interrupting the tests doesn't close running
+          # background servers. They can become daemonized and then all re-runs
+          # will always fail.
+          chmod +x $GITHUB_WORKSPACE/build-dir/bin/memcached.sh
+          for i in {1..3}; do
+            echo "-------- RUNNING TESTS --------"
+            MEMCACHED_RES=0 # Not set when command succeeds
+            # Tests should usually take less than 4 minutes. If already taking
+            # 5 minutes then they are probably stuck. Interrupt and re-run.
+            time timeout -s SIGKILL 5m docker run -v /:/host \
+              -v $GITHUB_WORKSPACE/build-dir/bin/memcached.sh:/memcached.sh \
+              -e GITHUB_WORKSPACE=$GITHUB_WORKSPACE \
+              -e HOST_ROOT=/host \
+              -e LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH \
+              alpine:latest /memcached.sh || MEMCACHED_RES=$?
+
+            if [ "$MEMCACHED_RES" -eq "0" ]; then
+              break
+            fi
+          done
+          echo "test ran $i times"
+          if [ "$MEMCACHED_RES" -ne "0" ]; then
+            exit $MEMCACHED_RES
+          fi
--- a/.github/workflows/multi-arch.yml
+++ b/.github/workflows/multi-arch.yml
@ -0,0 +1,63 @@
+name: Multiple architectures
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  my_matrix:
+    name: Multi-arch test
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - HOST: aarch64-linux-gnu
+            CC: aarch64-linux-gnu-gcc
+            ARCH: arm64
+            EXTRA_OPTS: --enable-sp-asm --enable-armasm
+          - HOST: arm-linux-gnueabihf
+            CC: arm-linux-gnueabihf-gcc
+            ARCH: armhf
+            EXTRA_OPTS: --enable-sp-asm
+          - HOST: riscv64-linux-gnu
+            CC: riscv64-linux-gnu-gcc
+            ARCH: riscv64
+          # Config to ensure CPUs without Thumb instructions compiles
+          - HOST: arm-linux-gnueabi
+            CC: arm-linux-gnueabi-gcc
+            CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
+            ARCH: armel
+            EXTRA_OPTS: --enable-sp-asm
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Install Compiler
+        run: |
+          sudo apt update
+          sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
+      - uses: actions/checkout@v4
+      - name: Build
+        env:
+            CC: ${{ matrix.CC }}
+            CFLAGS: ${{ matrix.CFLAGS }}
+            QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
+        run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
+      - name: Print errors 
+        if: ${{ failure() }}
+        run: |
+          if [ -f config.log ] ; then
+            cat config.log
+          fi
+      - name: Run WolfCrypt Tests
+        env:
+            QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
+        run: ./wolfcrypt/test/testwolfcrypt
--- a/.github/workflows/multi-compiler.yml
+++ b/.github/workflows/multi-compiler.yml
@ -0,0 +1,62 @@
+name: Multiple compilers and versions
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  my_matrix:
+    name: Compiler test
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - CC: gcc-9
+            CXX: g++-9
+            OS: ubuntu-latest
+          - CC: gcc-10
+            CXX: g++-10
+            OS: ubuntu-latest
+          - CC: gcc-11
+            CXX: g++-11
+            OS: ubuntu-latest
+          - CC: gcc-12
+            CXX: g++-12
+            OS: ubuntu-latest
+          - CC: clang-10
+            CXX: clang++-10
+            OS: ubuntu-20.04
+          - CC: clang-11
+            CXX: clang++-11
+            OS: ubuntu-20.04
+          - CC: clang-12
+            CXX: clang++-12
+            OS: ubuntu-20.04
+          - CC: clang-13
+            CXX: clang++-13
+            OS: ubuntu-latest
+          - CC: clang-14
+            CXX: clang++-14
+            OS: ubuntu-latest
+    runs-on: ${{ matrix.OS }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build
+        env:
+            CC: ${{ matrix.CC }}
+            CXX: ${{ matrix.CXX }}
+        run: ./autogen.sh && ./configure && make && make dist
+      - name: Show log on errors
+        if: ${{ failure() }}
+        run: |
+            cat config.log
--- a/.github/workflows/net-snmp.yml
+++ b/.github/workflows/net-snmp.yml
@ -0,0 +1,77 @@
+name: net-snmp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-net-snmp
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-net-snmp
+          path: build-dir
+          retention-days: 5
+
+  net-snmp_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 5.9.3
+            test_opts: -e 'agentxperl'
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-net-snmp
+          path: build-dir
+    
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build net-snmp
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: net-snmp/net-snmp
+          ref: v${{ matrix.ref }}
+          path: net-snmp
+          patch-file: $GITHUB_WORKSPACE/osp/net-snmp/${{ matrix.ref }}.patch
+          configure: --disable-shared --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          check: false
+
+      - name: Run net-snmp tests
+        working-directory: net-snmp
+        run: |
+          autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version
+          make -j test TESTOPTS="${{ matrix.test_opts }}"
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@ -0,0 +1,219 @@
+name: nginx Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          # We don't use --enable-debug since it makes the logs too loud
+          echo "wolf_debug_flags= CFLAGS='-g3 -O0'" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-nginx ${{ env.wolf_debug_flags }}
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-nginx
+          path: build-dir
+          retention-days: 5
+
+  nginx_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # in general we want to pass all tests that match *ssl*
+          - ref: 1.25.0
+            test-ref: 5b2894ea1afd01a26c589ce11f310df118e42592
+            # Following tests pass with sanitizer on
+            sanitize-ok: >-
+              h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
+              mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t
+              mail_ssl.t proxy_ssl_certificate_empty.t proxy_ssl_certificate.t
+              proxy_ssl_certificate_vars.t proxy_ssl_conf_command.t proxy_ssl_name.t
+              ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
+              ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t
+              ssl_crl.t ssl_curve.t ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t
+              ssl_proxy_protocol.t ssl_proxy_upgrade.t ssl_reject_handshake.t
+              ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni_reneg.t
+              ssl_sni_sessions.t ssl_sni.t ssl_stapling.t ssl.t ssl_verify_client.t
+              ssl_verify_depth.t stream_proxy_ssl_certificate.t stream_proxy_ssl_certificate_vars.t
+              stream_proxy_ssl_conf_command.t stream_proxy_ssl_name_complex.t
+              stream_proxy_ssl_name.t stream_ssl_certificate.t stream_ssl_conf_command.t
+              stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t stream_ssl_preread.t
+              stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t stream_ssl_variables.t
+              stream_ssl_verify_client.t stream_upstream_zone_ssl.t upstream_zone_ssl.t
+              uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t uwsgi_ssl.t
+              uwsgi_ssl_verify.t
+            # Following tests do not pass with sanitizer on (with OpenSSL too)
+            sanitize-not-ok: >-
+              grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
+              proxy_request_buffering_ssl.t proxy_ssl_keepalive.t proxy_ssl.t
+              proxy_ssl_verify.t stream_proxy_protocol_ssl.t stream_proxy_ssl.t
+              stream_proxy_ssl_verify.t stream_ssl_alpn.t
+          - ref: 1.24.0
+            test-ref: 212d9d003886e3a24542855fb60355a417f037de
+            # Following tests pass with sanitizer on
+            sanitize-ok: >-
+              h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
+              mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t mail_ssl.t
+              proxy_ssl_certificate_empty.t proxy_ssl_certificate.t proxy_ssl_certificate_vars.t
+              proxy_ssl_name.t ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
+              ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t ssl_crl.t
+              ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t ssl_proxy_protocol.t
+              ssl_proxy_upgrade.t ssl_reject_handshake.t ssl_session_reuse.t
+              ssl_session_ticket_key.t ssl_sni_reneg.t ssl_sni_sessions.t ssl_sni.t
+              ssl_stapling.t ssl.t ssl_verify_client.t stream_proxy_ssl_certificate.t
+              stream_proxy_ssl_certificate_vars.t stream_proxy_ssl_name_complex.t
+              stream_proxy_ssl_name.t stream_ssl_alpn.t stream_ssl_certificate.t
+              stream_ssl_conf_command.t stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t
+              stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
+              stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
+              upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
+              uwsgi_ssl.t uwsgi_ssl_verify.t 
+            # Following tests do not pass with sanitizer on (with OpenSSL too)
+            sanitize-not-ok: >-
+              grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
+              proxy_request_buffering_ssl.t proxy_ssl_conf_command.t proxy_ssl_keepalive.t
+              proxy_ssl.t proxy_ssl_verify.t ssl_curve.t ssl_verify_depth.t
+              stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
+              stream_proxy_ssl_verify.t
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-nginx
+          path: build-dir
+
+      - name: Install dependencies
+        run: |
+          sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
+
+      - name: Checkout wolfssl-nginx
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/wolfssl-nginx
+          path: wolfssl-nginx
+
+      - name: Checkout nginx
+        uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx
+          path: nginx
+          ref: release-${{ matrix.ref }}
+
+      - name: Apply nginx patch
+        working-directory: nginx
+        run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl.patch
+
+      - if: ${{ runner.debug }}
+        name: Apply nginx debug patch
+        working-directory: nginx
+        run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
+
+      - name: Checkout nginx-tests
+        uses: actions/checkout@v4
+        with:
+          repository: nginx/nginx-tests
+          path: nginx-tests
+          ref: ${{ matrix.test-ref }}
+
+      - name: Apply nginx-tests patch
+        working-directory: nginx-tests
+        run: patch -p1 < ../wolfssl-nginx/nginx-tests-patches/*${{ matrix.test-ref }}.patch
+
+      - name: Build nginx without sanitizer
+        working-directory: nginx
+        run: |
+          ./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
+            --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
+            --with-http_v2_module --with-mail --with-mail_ssl_module
+          make -j
+
+      - name: Confirm nginx built with wolfSSL
+        working-directory: nginx
+        run: ldd objs/nginx | grep wolfssl
+
+      - if: ${{ runner.debug }}
+        name: Run nginx-tests without sanitizer (debug)
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+            TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
+            TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-not-ok }}
+
+      - if: ${{ !runner.debug }}
+        name: Run nginx-tests without sanitizer
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+            TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
+            prove ${{ matrix.sanitize-not-ok }}
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "nginx_c_flags=-O0" >> $GITHUB_ENV
+
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - name: Build nginx with sanitizer
+        working-directory: nginx
+        run: |
+          ./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
+            --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
+            --with-http_v2_module --with-mail --with-mail_ssl_module \
+            --with-cc-opt='-fsanitize=address -DNGX_DEBUG_PALLOC=1 -g3 ${{ env.nginx_c_flags }}' \
+            --with-ld-opt='-fsanitize=address ${{ env.nginx_c_flags }}'
+          make -j
+
+      - name: Confirm nginx built with wolfSSL
+        working-directory: nginx
+        run: ldd objs/nginx | grep wolfssl
+
+      - if: ${{ runner.debug }}
+        name: Run nginx-tests with sanitizer (debug)
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+          TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
+          TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-ok }}
+
+      - if: ${{ !runner.debug }}
+        name: Run nginx-tests with sanitizer
+        working-directory: nginx-tests
+        run: |
+          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+            TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
+            prove ${{ matrix.sanitize-ok }}
+ 
--- a/.github/workflows/no-malloc.yml
+++ b/.github/workflows/no-malloc.yml
@ -0,0 +1,43 @@
+name: No Malloc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
+        ]
+    name: make check
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make
+          ./wolfcrypt/test/testwolfcrypt
+
+      - name: Print errors 
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi
--- a/.github/workflows/ocsp.yml
+++ b/.github/workflows/ocsp.yml
@ -0,0 +1,37 @@
+name: OCSP Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  ocsp_stapling:
+    name: ocsp stapling
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+
+      - name: Build wolfSSL
+        run: autoreconf -ivf && ./configure --enable-ocsp --enable-ocspstapling && make
+
+      - name: Start OCSP responder 1
+        run: openssl ocsp -port 22221 -ndays 1000 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem &
+
+      - name: Start OCSP responder 2
+        run: openssl ocsp -port 22220 -ndays 1000 -index certs/ocsp/index-ca-and-intermediate-cas.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/root-ca-cert.pem &
+
+      - name: Start TLS server
+        run: ./examples/server/server -p 11111 -c ./certs/ocsp/server1-cert.pem -k ./certs/ocsp/server1-key.pem -d &
+
+      - name: Test Look Up
+        run: ./examples/client/client -A ./certs/ocsp/root-ca-cert.pem -o
--- a/.github/workflows/openssh.yml
+++ b/.github/workflows/openssh.yml
@ -0,0 +1,77 @@
+name: openssh Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-openssh --enable-dsa --with-max-rsa-bits=8192
+            --enable-intelasm --enable-sp-asm
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir
+          retention-days: 5
+
+  openssh_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - git_ref: 'V_9_6_P1'
+            osp_ver: '9.6'
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test openssh
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: openssh/openssh-portable
+          ref: ${{ matrix.git_ref }}
+          path: openssh
+          patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
+          check: false
+
+      # make tests take >20 minutes. Consider limiting? 
+      - name: Run tests
+        working-directory: ./openssh
+        run: |
+          # Run all the tests except (t-exec) as it takes too long
+          make file-tests interop-tests extra-tests unit
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@ -0,0 +1,86 @@
+name: OpenVPN Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-openvpn
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openvpn
+          path: build-dir
+          retention-days: 5
+
+  openvpn_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of refs to test
+        ref: [ release/2.6, v2.6.0, master ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openvpn
+          path: build-dir
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
+                     linux-libc-dev man2html libcmocka-dev python3-docutils \
+                     libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
+
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
+      - if: ${{ matrix.ref != 'master' }}
+        name: Build and test openvpn with fsanitize
+        run: |
+          echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
+
+      - name: Build and test openvpn
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: OpenVPN/openvpn
+          ref: ${{ matrix.ref }}
+          path: openvpn
+          configure: >-
+            --with-crypto-library=wolfssl
+            WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl"
+            WOLFSSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl"
+            ${{ env.extra_c_flags }}
+          check: true
+
+      - name: Confirm OpenVPN built with wolfSSL
+        working-directory: ./openvpn
+        run: ldd src/openvpn/openvpn | grep wolfssl
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@ -0,0 +1,152 @@
+name: Ubuntu-Macos-Windows Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+        config: [
+          # Add new configs here
+          '',
+          '--enable-all --enable-asn=template',
+          '--enable-all --enable-asn=original',
+          '--enable-harden-tls',
+          '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
+             --enable-opensslextra --enable-sessioncerts 
+             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
+             -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
+          '--enable-all --enable-secure-renegotiation',
+          '--enable-all --enable-haproxy --enable-quic',
+          '--enable-dtls --enable-dtls13 --enable-earlydata 
+             --enable-session-ticket --enable-psk 
+             CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
+        ]
+    name: make check
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+      - name: Build and test wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: ${{ matrix.config }}
+          check: true
+
+  make_user_settings:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+        user-settings: [
+          # Add new user_settings.h here
+          'examples/configs/user_settings_all.h',
+        ]
+    name: make user_setting.h
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+      - name: Build and test wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: --enable-usersettings
+          check: true
+          user-settings: ${{ matrix.user-settings }}
+
+  make_user_settings_testwolfcrypt:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+        user-settings: [
+          # Add new user_settings.h here
+          'examples/configs/user_settings_min_ecc.h',
+          'examples/configs/user_settings_wolfboot_keytools.h',
+          'examples/configs/user_settings_wolftpm.h',
+          'examples/configs/user_settings_wolfssh.h',
+          'examples/configs/user_settings_tls12.h',
+        ]
+    name: make user_setting.h (testwolfcrypt only)
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+      - name: Build and test wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: --enable-usersettings --disable-examples
+          check: false
+          user-settings: ${{ matrix.user-settings }}
+
+      - name: Run wolfcrypt/test/testwolfcrypt
+        run: ./wolfcrypt/test/testwolfcrypt
+
+  # Has to be dedicated function due to the sed call
+  make_user_all:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+    name: make user_setting.h (with sed)
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+    - uses: actions/checkout@v4
+    - if: ${{ matrix.os == 'macos-latest' }}
+      run: brew install automake libtool
+    - run: ./autogen.sh
+    - name: user_settings_all.h with compatibility layer
+      run: |
+        cp ./examples/configs/user_settings_all.h user_settings.h
+        sed -i -e "s/if 0/if 1/" user_settings.h
+        ./configure --enable-usersettings
+        make
+        make check
+
+  windows_build:
+    name: Windows Build Test
+    runs-on: windows-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl64.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Release
+      BUILD_PLATFORM: x64
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Add MSBuild to PATH
+      uses: microsoft/setup-msbuild@v2
+
+    - name: Restore NuGet packages
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: nuget restore ${{env.SOLUTION_FILE_PATH}}
+
+    - name: Build
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      # Add additional options to the MSBuild command line here (like platform or verbosity level).
+      # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+    - name: Run Test
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: Release/x64/testsuite.exe
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@ -0,0 +1,54 @@
+name: Packaging Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Package wolfSSL
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+
+      - name: Configure wolfSSL
+        run: |
+          autoreconf -ivf
+          ./configure --enable-distro --enable-all \
+            --disable-openssl-compatible-defaults --enable-intelasm \
+            --enable-dtls13 --enable-dtls-mtu \
+            --enable-sp-asm --disable-examples --disable-silent-rules
+
+      - name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
+        run: |
+          ! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h
+
+      - name: Build wolfSSL .deb
+        run: make deb-docker
+
+      - name: Build wolfSSL .rpm
+        run: make rpm-docker
+
+      - name: Confirm packages built
+        run: |
+          DEB_COUNT=$(find -name 'libwolfssl*.deb' | wc -l)
+          if [ "$DEB_COUNT" != "2" ]; then
+            echo Did not find exactly two deb packages!!!
+            exit 1
+          fi
+          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
+          if [ "$RPM_COUNT" != "4" ]; then
+            echo Did not find exactly four rpm packages!!!
+            exit 1
+          fi
--- a/.github/workflows/pam-ipmi.yml
+++ b/.github/workflows/pam-ipmi.yml
@ -0,0 +1,86 @@
+name: pam-ipmi Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-pam-ipmi
+          path: build-dir
+          retention-days: 5
+
+  build_pam-ipmi:
+    strategy:
+      fail-fast: false
+      matrix:
+        git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
+    name: ${{ matrix.git_ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install libpam-dev ninja-build
+          sudo pip3 install meson
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-pam-ipmi
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout pam-ipmi
+        uses: actions/checkout@v4
+        with:
+          repository: openbmc/pam-ipmi
+          path: pam-ipmi
+          ref: ${{ matrix.git_ref }}
+
+      - name: Build pam-ipmi
+        working-directory: pam-ipmi
+        run: |
+          patch -p1 < ../osp/pam-ipmi/*-${{ matrix.git_ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig meson setup build
+          ninja -C build
+
+      - name: Confirm built with wolfSSL
+        working-directory: pam-ipmi
+        run: |
+          ldd ./build/src/pam_ipmisave/pam_ipmisave.so | grep wolfssl
--- a/.github/workflows/socat.yml
+++ b/.github/workflows/socat.yml
@ -0,0 +1,76 @@
+name: socat Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    runs-on: ubuntu-latest
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-socat
+          path: build-dir
+          retention-days: 3
+
+
+  socat_check:
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    needs: build_wolfssl
+    steps:
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-socat
+          path: build-dir
+
+      - name: Download socat
+        run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build socat
+        working-directory: ./socat-1.8.0.0
+        run: |
+          patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
+          autoreconf -vfi
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          make
+
+      - name: Run socat tests
+        working-directory: ./socat-1.8.0.0
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          export SHELL=/bin/bash
+          SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 146,216,309,310,386,399,402,459,460,467,468,478,492,528,530
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@ -0,0 +1,74 @@
+name: stunnel Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-stunnel
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-stunnel
+          path: build-dir
+          retention-days: 5
+
+  stunnel_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 5.67 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-stunnel
+          path: build-dir
+    
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test stunnel
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: mtrojnar/stunnel
+          ref: stunnel-${{ matrix.ref }}
+          path: stunnel
+          patch-file: $GITHUB_WORKSPACE/osp/stunnel/${{ matrix.ref }}/stunnel-${{ matrix.ref }}.patch
+          configure: --enable-wolfssl SSLDIR=$GITHUB_WORKSPACE/build-dir
+          check: true
+
+      - name: Confirm stunnel built with wolfSSL
+        working-directory: ./stunnel
+        run: ldd src/stunnel | grep wolfssl
+
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@ -0,0 +1,128 @@
+name: Zephyr tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  run_test:
+    name: Build and run
+    strategy:
+      fail-fast: false
+      matrix:
+        config:
+          - zephyr-ref: v3.4.0
+            zephyr-sdk: 0.16.1
+          - zephyr-ref: v3.5.0
+            zephyr-sdk: 0.16.3
+          - zephyr-ref: v2.7.4
+            zephyr-sdk: 0.16.3
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 25
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # most of the ci-base zephyr docker image packages
+          sudo apt-get install -y zip bridge-utils uml-utilities \
+            git cmake ninja-build gperf ccache dfu-util device-tree-compiler wget \
+            python3-dev python3-pip python3-setuptools python3-tk python3-wheel xz-utils file \
+            make gcc gcc-multilib g++-multilib libsdl2-dev libmagic1 \
+            autoconf automake bison build-essential ca-certificates cargo ccache chrpath cmake \
+            cpio device-tree-compiler dfu-util diffstat dos2unix doxygen file flex g++ gawk gcc \
+            gcovr git git-core gnupg gperf gtk-sharp2 help2man iproute2 lcov libcairo2-dev \
+            libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
+            libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
+            net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
+            python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
+            texinfo unzip wget ovmf xz-utils
+
+      - name: Install west
+        run: sudo pip install west
+
+      - name: Init west workspace
+        run: west init --mr ${{ matrix.config.zephyr-ref }} zephyr
+
+      - name: Update west.yml
+        working-directory: zephyr/zephyr
+        run: |
+          REF=$(echo '${{ github.ref }}' | sed -e 's/\//\\\//g')
+          sed -e 's/remotes:/remotes:\n    \- name: wolfssl\n      url\-base: https:\/\/github.com\/${{ github.repository_owner }}/' -i west.yml
+          sed -e "s/projects:/projects:\n    \- name: wolfssl\n      path: modules\/crypto\/wolfssl\n      remote: wolfssl\n      revision: $REF/" -i west.yml
+
+      - name: Update west workspace
+        working-directory: zephyr
+        run: west update -n -o=--depth=1
+
+      - name: Export zephyr
+        working-directory: zephyr
+        run: west zephyr-export
+
+      - name: Install pip dependencies
+        working-directory: zephyr
+        run: sudo pip install -r zephyr/scripts/requirements.txt
+
+      - name: Install zephyr SDK
+        run: |
+          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
+          ./setup.sh -h -c -t x86_64-zephyr-elf
+
+      - name: Fix options for 2.7.4
+        if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
+        working-directory: zephyr/modules/crypto/wolfssl
+        run: |
+          sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
+
+      - name: Run wolfssl test
+        id: wolfssl-test
+        working-directory: zephyr
+        run: |
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
+          rm -rf zephyr/twister-out
+
+      - name: Run wolfssl TLS sock test
+        # Results in a page fault that I can't trace
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
+        id: wolfssl-tls-sock
+        working-directory: zephyr
+        run: |
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
+          rm -rf zephyr/twister-out
+
+      - name: Run wolfssl TLS thread test
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
+        id: wolfssl-tls-thread
+        working-directory: zephyr
+        run: |
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
+          rm -rf zephyr/twister-out
+
+      - name: Zip failure logs
+        if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
+        run: |
+          zip -9 -r logs.zip zephyr/twister-out
+
+      - name: Upload failure logs
+        if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: zephyr-client-test-logs
+          path: logs.zip
+          retention-days: 5
--- a/.gitignore
+++ b/.gitignore
@ -5,18 +5,21 @@ ctaocrypt/src/src/
 *.o
 *.patch
 *.deps
+*.d
 *.libs
 *.cache
 .dirstamp
 *.user
 configure
 config.*
+!cmake/config.in
 *Debug/
 *Release/
 *.ncb
 *.suo
 *.sdf
 *.opensdf
+*.cmd
 ipch/
 build-aux/
 rpm/spec
@ -24,6 +27,7 @@ rpm/spec
 stamp-h
 cyassl/options.h
 wolfssl/options.h
+.build_params
 libtool.m4
 aclocal.m4
 aminclude.am
@ -60,6 +64,8 @@ ctaocrypt/benchmark/benchmark
 ctaocrypt/test/testctaocrypt
 wolfcrypt/benchmark/benchmark
 wolfcrypt/test/testwolfcrypt
+examples/async/async_client
+examples/async/async_server
 examples/benchmark/tls_bench
 examples/client/client
 examples/echoclient/echoclient
@ -69,19 +75,26 @@ examples/sctp/sctp-server
 examples/sctp/sctp-server-dtls
 examples/sctp/sctp-client
 examples/sctp/sctp-client-dtls
+examples/asn1/asn1
+examples/pem/pem
 server_ready
 snifftest
 output
 mcapi/test
 testsuite/testsuite
-tests/unit
 testsuite/testsuite.test
-tests/unit.test
-tests/bio_write_test.txt
-test-write-dhparams.pem
 testsuite/*.der
 testsuite/*.pem
 testsuite/*.raw
+testsuite/*.obj
+testsuite/*.pdb
+testsuite/*.idb
+tests/unit
+tests/unit.test
+tests/bio_write_test.txt
+tests/test-log-dump-to-file.txt
+tests/cert_cache.tmp
+test-write-dhparams.pem
 cert.der
 cert.pem
 certecc.der
@ -203,14 +216,6 @@ TAGS
 support/cyassl.pc
 support/wolfssl.pc
 cyassl/ctaocrypt/stamp-h1
-swig/_cyassl.so
-swig/_wolfssl.so
-swig/cyassl.py
-swig/wolfssl.py
-swig/cyassl.pyc
-swig/wolfssl.pyc
-swig/cyassl_wrap.c
-swig/wolfssl_wrap.c
 stamp-h1
 clang_output_*
 internal.plist
@ -226,6 +231,24 @@ IDE/MDK-ARM/LPC43xx/LPC43xx/
 *.gcno
 *.gcda
 *.gcov
+*.dgcov
+!linuxkm/Makefile
+/Kbuild
+linuxkm/*.ko
+linuxkm/*.ko.signed
+linuxkm/Module.symvers
+linuxkm/built-in.a
+linuxkm/modules.order
+linuxkm/wolfcrypt
+linuxkm/libwolfssl.mod
+linuxkm/libwolfssl.mod.c
+linuxkm/libwolfssl.lds
+linuxkm/module_exports.c
+linuxkm/linuxkm/get_thread_size
+
+# autotools generated
+scripts/unit.test
+wolfcrypt/test/test_paths.h

 # MPLAB Generated Files (OS X)
 mcapi/wolfcrypt_mcapi.X/nbproject/Makefile-*
@ -266,23 +289,6 @@ mqx/wolfcrypt_benchmark/.settings
 mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
 mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig

-# User Crypto example build
-wolfcrypt/user-crypto/aclocal.m4
-wolfcrypt/user-crypto/config.guess
-wolfcrypt/user-crypto/autom4te.cache
-wolfcrypt/user-crypto/config.log
-wolfcrypt/user-crypto/config.status
-wolfcrypt/user-crypto/config.sub
-wolfcrypt/user-crypto/depcomp
-wolfcrypt/user-crypto/install-sh
-wolfcrypt/user-crypto/libtool
-wolfcrypt/user-crypto/ltmain.sh
-wolfcrypt/user-crypto/m4
-wolfcrypt/user-crypto/missing
-wolfcrypt/user-crypto/Makefile.in
-wolfcrypt/user-crypto/lib/libusercrypto.*
-*.hzs
-
 # wolfSSL CSharp wrapper
 wrapper/CSharp/x64/

@ -307,6 +313,10 @@ IDE/HEXIWEAR/wolfSSL_HW/Debug
 # Linux-SGX
 IDE/LINUX-SGX/*.a

+IDE/iotsafe/*.map
+IDE/iotsafe/*.elf
+IDE/iotsafe/*.bin
+
 # Binaries
 wolfcrypt/src/port/intel/qat_test
 /mplabx/wolfssl.X/dist/default/
@ -315,6 +325,10 @@ wolfcrypt/src/port/intel/qat_test
 # Arduino Generated Files
 /IDE/ARDUINO/wolfSSL
 scripts/memtest.txt
+/IDE/ARDUINO/Arduino_README_prepend.md.tmp
+/IDE/ARDUINO/library.properties.tmp
+/IDE/ARDUINO/library.properties.tmp.backup
+/IDE/ARDUINO/PREPENDED_README.md

 # Doxygen generated files
 doc/doxygen_warnings
@ -323,6 +337,8 @@ doc/pdf

 # XCODE Index
 IDE/XCODE/Index
+IDE/**/xcshareddata
+IDE/**/DerivedData

 # ARM DS-5 && Eclipse
 \.settings/
@ -335,3 +351,93 @@ IDE/XCODE/Index
 /IDE/Renesas/e2studio/Projects/test/trash
 /IDE/Renesas/e2studio/Projects/test/*.launch
 /IDE/Renesas/e2studio/Projects/test/*.scfg
+
+/IDE/Renesas/e2studio/RX65N/GR-ROSE/.metadata
+/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/src
+/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/trash
+/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/smc_gen
+/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/generate
+
+/IDE/Renesas/e2studio/RX65N/RSK/.metadata
+/IDE/Renesas/e2studio/RX65N/RSK/smc/src
+/IDE/Renesas/e2studio/RX65N/RSK/smc/trash
+/IDE/Renesas/e2studio/RX65N/RSK/test/src/smc_gen
+/IDE/Renesas/e2studio/RX65N/RSK/test/generate
+
+/IDE/Renesas/e2studio/RX72N/EnvisionKit/.metadata
+/IDE/Renesas/e2studio/RX72N/EnvisionKit/smc/src
+/IDE/Renesas/e2studio/RX72N/EnvisionKit/smc/trash
+/IDE/Renesas/e2studio/RX72N/EnvisionKit/test/src/smc_gen
+/IDE/Renesas/e2studio/RX72N/EnvisionKit/test/generate
+
+# QNX CAAM
+/IDE/QNX/example-server/server-tls
+/IDE/QNX/example-client/client-tls
+/IDE/QNX/example-cmac/cmac-test
+/IDE/QNX/CAAM-DRIVER/wolfCrypt
+
+# Xilinx
+/IDE/XilinxSDK/data
+
+# Emacs
+*~
+
+# CMake
+CMakeFiles/
+CMakeCache.txt
+cmake_install.cmake
+
+# GDB Settings
+\.gdbinit
+
+libFuzzer
+
+# Pycharm and other IDEs
+\.idea
+
+# FIPS
+XXX-fips-test
+
+# ASYNC
+/wolfAsyncCrypt
+/async
+
+# Generated user_settings_asm.h.
+user_settings_asm.h
+
+# VisualGDB
+**/.visualgdb
+
+# Espressif sdk config default should be saved in sdkconfig.defaults
+# we won't track the actual working sdkconfig files
+/IDE/Espressif/**/sdkconfig
+/IDE/Espressif/**/sdkconfig.old
+
+# MPLAB
+/IDE/MPLABX16/wolfssl.X/dist/default/
+/IDE/MPLABX16/wolfssl.X/.generated_files
+/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
+/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
+
+# auto-created CMake backups
+**/CMakeLists.txt.old
+
+# MagicCrypto (ARIA Cipher)
+MagicCrypto
+
+# CMake  build directory
+/out
+/out_temp
+
+# debian packaging
+debian/changelog
+debian/control
+*.deb
+
+# PlatformIO
+/**/.pio
+/**/.vscode/.browse.c_cpp.db*
+/**/.vscode/c_cpp_properties.json
+/**/.vscode/launch.json
+/**/.vscode/ipch
+/**/sdkconfig.esp32dev
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
--- a/ChangeLog.md
+++ b/ChangeLog.md
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@ -0,0 +1,56 @@
+ARG DOCKER_BASE_IMAGE=ubuntu:22.04
+FROM $DOCKER_BASE_IMAGE
+
+USER root
+
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
+ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
+ARG DEPS_UDP_PROXY="wget libevent-dev"
+ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev"
+ARG DEPS_TOOLS="ccache clang-tidy maven"
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
+                    && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
+                    && apt clean -y && rm -rf /var/lib/apt/lists/*
+
+# Add 'docker' user
+ARG USER=docker
+ARG UID=1000
+ARG GID=1000
+RUN groupadd -f -g ${GID} docker && ( getent passwd ${UID} || useradd -ms /bin/bash ${USER} -u ${UID} -g ${GID} )
+
+# Add github.com as an SSH known host
+RUN ssh -o StrictHostKeyChecking=no -T git@github.com; cat ~/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
+
+# install ccache
+RUN mkdir -p /opt/ccache/bin && for prog in gcc g++ cc c++ cpp arm-none-eabi-c++ arm-none-eabi-cpp arm-none-eabi-gcc arm-none-eabi-g++; do ln -s /usr/bin/ccache /opt/ccache/bin/$(basename $prog); done
+ENV PATH /opt/ccache/bin:$PATH
+
+# install liboqs
+RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git && cd liboqs && git checkout db08f12b5a96aa6582a82aac7f65cf8a4d8b231f \
+    && mkdir build && cd build && cmake -DOQS_DIST_BUILD=ON -DOQS_USE_CPUFEATURE_INSTRUCTIONS=OFF -DOQS_USE_OPENSSL=0 .. && make -j8 all && make install && cd ../.. && rm -rf liboqs
+
+RUN mkdir /opt/sources
+
+# install liblms
+RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \
+    && sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a
+
+# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
+RUN mkdir /var/empty
+RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
+
+# Install udp/tcp-proxy
+RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
+
+# Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
+RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
+# Allow non-root to use gdb on processes (will need SYS_PTRACE capability when running the container)
+RUN setcap 'CAP_SYS_PTRACE+eip' /usr/bin/gdb
+
+# Add in Jenkins userID
+RUN for i in $(seq 1001 1010); do ( getent passwd ${i} || useradd -ms /bin/bash jenkins${i} -u ${i} -g ${GID} ); done
+
+USER ${UID}:${GID}
--- a/Docker/Dockerfile.cross-compiler
+++ b/Docker/Dockerfile.cross-compiler
@ -0,0 +1,11 @@
+ARG DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder
+FROM $DOCKER_BASE_IMAGE
+
+USER root
+
+ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
+RUN DEBIAN_FRONTEND=noninteractive apt update \
+                    && apt install -y ${DEPS_TESTING} \
+                    && apt clean -y && rm -rf /var/lib/apt/lists/*
+
+USER docker
--- a/Docker/OpenWrt/Dockerfile
+++ b/Docker/OpenWrt/Dockerfile
@ -0,0 +1,12 @@
+# This Dockerfile is used in conjunction with the docker-OpenWrt.yml GitHub Action.
+ARG DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-snapshot
+FROM $DOCKER_BASE_CONTAINER
+
+RUN mkdir -p /var/lock # Fix for parent container
+COPY libwolfssl.so /tmp/libwolfssl.so
+RUN export LIBWOLFSSL=$(ls /usr/lib/libwolfssl.so.* -1); \
+                      rm ${LIBWOLFSSL} && ln -s /tmp/libwolfssl.so ${LIBWOLFSSL}
+# for debugging purposes to make sure the correct library is tested
+RUN ls -Ll /usr/lib/libwolfssl* && ldd /lib/libustream-ssl.so | grep wolfssl
+COPY runTests.sh /tmp/.
+RUN /tmp/runTests.sh
--- a/Docker/OpenWrt/README.md
+++ b/Docker/OpenWrt/README.md
@ -0,0 +1,13 @@
+This container is really only useful in conjunction with the GitHub Workflow
+found in .github/workflows/docker-OpenWrt.yml. The idea is that we will
+compile a new libwolfssl that gets placed in official OpenWrt containers to
+run some tests ensuring the library is still compatible with existing
+binaries.
+
+To run the test locally, build libwolfssl.so (or download from the GitHub Action)
+and put it in Docker/OpenWrt. Then switch to that folder and run:
+docker build -t openwrt --build-args DOCKER_BASE_CONTAINER=<openwrtContainer> .
+where 'openwrtContainer' => "openwrt/rootfs:x86-64-22.03-SNAPSHOT" or similar
+
+This should run some sample tests. The resulting container then can be used to
+evaluate OpenWrt with the latest wolfSSL library.
--- a/Docker/OpenWrt/runTests.sh
+++ b/Docker/OpenWrt/runTests.sh
@ -0,0 +1,27 @@
+#!/bin/sh
+
+runCMD() { # usage: runCMD "<command>" "<retVal>"
+    TMP_FILE=$(mktemp)
+    eval $1 > $TMP_FILE 2>&1
+    RETVAL=$?
+    if [ "$RETVAL" != "$2" ]; then
+        echo "Command ($1) returned ${RETVAL}, but expected $2. Error output:"
+        cat $TMP_FILE
+        exit 1
+    fi
+}
+
+# Successful tests
+runCMD "ldd /lib/libustream-ssl.so" 0
+# Temporary workaround: comment out missing kmods repo line for 21.02 specifically.
+# Remove after fixed upstream.
+runCMD "sed '\/src\/gz openwrt_kmods https:\/\/downloads.openwrt.org\/releases\/21.02-SNAPSHOT\/targets\/x86\/64\/kmods\/5.4.238-1-5a722da41bc36de95a7195be6fce1b45/s//#&/' -i /etc/opkg/distfeeds.conf" 0
+runCMD "opkg update" 0
+runCMD "uclient-fetch 'https://letsencrypt.org'" 0
+# Negative tests
+runCMD "uclient-fetch --ca-certificate=/dev/null 'https://letsencrypt.org'" 5
+runCMD "uclient-fetch 'https://self-signed.badssl.com/'" 5
+runCMD "uclient-fetch 'https://untrusted-root.badssl.com/'" 5
+runCMD "uclient-fetch 'https://expired.badssl.com/'" 5
+
+echo "All tests passed."
--- a/Docker/README.md
+++ b/Docker/README.md
@ -0,0 +1,16 @@
+# Overview
+This is a Docker environment for compiling, testing and running WolfSSL. Use `run.sh` to build everything (Docker container, WolfSSL, etc.). This script takes in arguments that can be passed to `./configure`. For example: `run.sh --enable-all`
+
+When the compilation and tests succeed, you will be dropped in to a shell environment within the container. This can be useful to build other things within the environment. Additional tests can be run as well as debugging of code.
+
+# Docker Hub
+These images are also uploaded to the wolfSSL's [Docker Hub page](https://hub.docker.com/orgs/wolfssl/repositories). There is a convenience script here `buildAndPush.sh` that will create the appropriate containers and push them to the repo.
+
+# FAQ
+## permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
+You need to be added to the `docker` group to run Docker containers. Run `sudo usermod -aG docker $USER`. You may need to restart the Docker daemon.
+
+## Unable to access symlinked files outside of WolfSSL
+The volume mounted in the Docker container needs to have all files that your compilation will need. To solve this, you have a couple options:
+1. Change the `WOLFSSL_DIR` variable in the `run.sh` to one higher up (by adding `/..` to the path). Then update the `docker build` to include the correct path to the Dockerfile and the `docker run` argument to the working directory (`-w`) to the WolfSSL source directory
+2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.
--- a/Docker/buildAndPush.sh
+++ b/Docker/buildAndPush.sh
@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Assume we're in wolfssl/Docker
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+echo "Building wolfssl/wolfssl-builder:${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${WOLFSSL_DIR}/Docker" && \
+    docker tag wolfssl/wolfssl-builder:${CUR_DATE} wolfssl/wolfssl-builder:latest && \
+    docker build --build-arg DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder:${CUR_DATE} -t wolfssl/testing-cross-compiler:${CUR_DATE} "${WOLFSSL_DIR}/Docker" -f Dockerfile.cross-compiler && \
+    docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
+
+if [ $? -eq 0 ]; then
+    echo "Pushing containers to DockerHub"
+    docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
+        docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
+else
+    echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
+    ((NUM_FAILURES++))
+fi
+
+echo "Building wolfssl/wolfCLU:${CUR_DATE}"
+docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
+docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest      --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
+if [ $? -ne 0 ]; then
+    echo "Warning: Build wolfssl/wolfclu failed. Continuing"
+    ((NUM_FAILURES++))
+fi
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."
--- a/Docker/include.am
+++ b/Docker/include.am
@ -0,0 +1,13 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= Docker/Dockerfile
+EXTRA_DIST+= Docker/Dockerfile.cross-compiler
+EXTRA_DIST+= Docker/run.sh
+EXTRA_DIST+= Docker/README.md
+
+ignore_files+=Docker/buildAndPush.sh
+ignore_files+=Docker/OpenWRT/Dockerfile
+ignore_files+=Docker/OpenWRT/runTests.sh
+ignore_files+=Docker/OpenWRT/README.md
--- a/Docker/packaging/debian/Dockerfile
+++ b/Docker/packaging/debian/Dockerfile
@ -0,0 +1,6 @@
+FROM debian:latest
+
+RUN apt-get -y update
+RUN apt-get -y upgrade
+RUN apt-get install -y build-essential autoconf gawk debhelper lintian
+
--- a/Docker/packaging/fedora/Dockerfile
+++ b/Docker/packaging/fedora/Dockerfile
@ -0,0 +1,3 @@
+FROM fedora:latest
+
+RUN dnf install -y make automake gcc rpmdevtools
--- a/Docker/run.sh
+++ b/Docker/run.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+echo "Running with \"${*}\"..."
+
+# Assume we're in wolfssl/Docker
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
+
+docker build -t wolfssl/wolfssl-builder --build-arg UID=$(id -u) --build-arg GID=$(id -g) "${WOLFSSL_DIR}/Docker" && \
+  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash -c "./autogen.sh && ./configure ${*@Q} && make" && \
+  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash
+
+exitval=$?
+echo "Exited with error code $exitval"
+exit $exitval
--- a/Docker/wolfCLU/Dockerfile
+++ b/Docker/wolfCLU/Dockerfile
@ -0,0 +1,26 @@
+ARG DOCKER_BASE_IMAGE=ubuntu
+FROM ubuntu as BUILDER
+
+ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat iputils-ping bubblewrap"
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
+                    && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \
+                    && apt clean -y && rm -rf /var/lib/apt/lists/*
+
+ARG NUM_CPU=16
+
+# This arg is to force a rebuild starting from this line
+ARG DUMMY=date
+# install wolfssl
+RUN DUMMY=${DUMMY} git clone --depth=1 --single-branch --branch=master http://github.com/wolfssl/wolfssl && cd wolfssl && ./autogen.sh && ./configure --enable-all && make -j $NUM_CPU && make install && ldconfig
+
+# install wolfCLU
+RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/wolfCLU && cd wolfCLU && ./autogen.sh && ./configure && make -j $NUM_CPU && make install
+
+FROM ${DOCKER_BASE_IMAGE}
+USER root
+COPY --from=BUILDER /usr/local/lib/libwolfssl.so /usr/local/lib/
+COPY --from=BUILDER /usr/local/bin/wolfssl* /usr/local/bin/
+RUN ldconfig
+ENTRYPOINT ["/usr/local/bin/wolfssl"]
+LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl
+LABEL org.opencontainers.image.description="Simple wolfCLU in a container"
--- a/Docker/wolfCLU/README.md
+++ b/Docker/wolfCLU/README.md
@ -0,0 +1,10 @@
+This is a small container that has wolfCLU installed for quick access. To build your own run the following:
+```
+docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu . 
+```
+
+To run the container, you can use:
+```
+docker run -it --rm -v $(pwd):/ws -w /ws wolfclu version
+```
+This command will allow you to use the certs/keys in your local directory.
--- a/Docker/yocto/Dockerfile
+++ b/Docker/yocto/Dockerfile
@ -0,0 +1,29 @@
+FROM ubuntu
+
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
+RUN locale-gen en_US.UTF-8
+
+# Add in non-root user
+ENV UID_OF_DOCKERUSER 1000
+RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
+RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
+
+USER dockerUser
+
+RUN cd /opt && git clone git://git.yoctoproject.org/poky
+WORKDIR /opt/poky
+
+ARG YOCTO_VERSION=kirkstone
+RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
+
+# This arg is to be able to force a rebuild starting from this line
+ARG DUMMY=date
+RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
+    /bin/bash -c "source oe-init-build-env" && \
+    echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
+    sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
+
+RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"
--- a/Docker/yocto/buildAndPush.sh
+++ b/Docker/yocto/buildAndPush.sh
@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Assume we're in wolfssl/Docker/yocto
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+for ver in kirkstone langdale scarthgap; do
+    echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+    docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
+        docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
+    if [ $? -eq 0 ]; then
+        echo "Pushing containers to DockerHub"
+        docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
+    else
+        echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
+        ((NUM_FAILURES++))
+    fi
+done
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."
--- a/IDE/ARDUINO/Arduino_README_prepend.md
+++ b/IDE/ARDUINO/Arduino_README_prepend.md
@ -0,0 +1,13 @@
+# Arduino wolfSSL Library
+
+This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
+
+The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
+
+See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
+
+## Arduino Releases
+
+The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
+
+See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
--- a/IDE/ARDUINO/README.md
+++ b/IDE/ARDUINO/README.md
@ -1,29 +1,89 @@
-### wolfSSL with Arduino
+# wolfSSL with Arduino

-##### Reformatting wolfSSL as a compatible Arduino Library
-This is a shell script that will re-organize the wolfSSL library to be 
-compatible with Arduino projects. The Arduino IDE requires a library's source
-files to be in the library's root directory with a header file in the name of 
-the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL`
-directory and creates a stub header file called `wolfssl.h`.
+See the [example sketches](./sketches/README.md):

-Step 1: To configure wolfSSL with Arduino, enter the following from within the
-wolfssl/IDE/ARDUINO directory:
+- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
+- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)

-        `./wolfssl-arduino.sh`
+When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.

-Step 2: Copy the directory wolfSSL that was just created to:
-`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
+## Boards

-Step 3: Edit `<arduino-libraries>/wolfSSL/user_settings.h`
+Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
+and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
+
+STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
+from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started)   .
+
+```
+https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
+```
+
+## Using wolfSSL from the Arduino IDE
+
+The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
+
+This option will allow wolfSSL to be installed directly using the native Arduino tools.
+
+## Manually Reformatting wolfSSL as a Compatible Arduino Library
+
+Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be 
+compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
+for projects that use Arduino IDE 1.5.0 or newer.
+
+The Arduino IDE requires a library's source files to be in the library's root directory with a
+header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
+directory and creates a stub header file called `wolfssl.h` inside that directory.
+
+### Step 1:
+
+To configure wolfSSL with Arduino, enter ONE of the following 4 commands
+from within the `wolfssl/IDE/ARDUINO` directory:
+
+1. `./wolfssl-arduino.sh`
+    - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
+    - You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
+
+2. `./wolfssl-arduino.sh INSTALL` (The most common option)
+    - Creates an Arduino Library in the local `wolfSSL` directory
+    - Moves that directory to the Arduino library directory:
+        - `$HOME/Arduino/libraries` for most bash environments
+        - `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+    - The wolfSSL library is now available from the Arduino IDE.
+
+3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/repository`
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`. 
+     
+4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/any/other/directory`
+
+### Step 2:
+
+Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
 If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
-Add any other custom settings, for a good start see the below in wolfssl root.
-(See wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h)
+Add any other custom settings. For a good start see the examples in wolfssl root
+"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)"

-Step 4: If you experience any issues with custom user_settings.h see the wolfssl
+### Step 3:
+
+If you experience any issues with custom `user_settings.h` see the wolfssl
 porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/

-Step 5: If you still have any issues contact support@wolfssl.com for more help.
+If you have any issues contact support@wolfssl.com for help.
+
+# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
+
+1. In the Arduino IDE:
+
+The wolfSSL library should automatically be detected when found in the `libraries`
+directory.
+
+  - In `Sketch -> Include Library` choose wolfSSL for new sketches.
+

 ##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)

@ -32,6 +92,90 @@ Step 5: If you still have any issues contact support@wolfssl.com for more help.
        `IDE/ARDUNIO/wolfSSL` folder.
    - In `Sketch -> Include Library` choose wolfSSL.

-2. Open an example Arduino sketch for wolfSSL:
-	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
-	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
+##### wolfSSL Examples
+
+Open an example Arduino sketch for wolfSSL:
+
+  - wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
+
+  - wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
+
+#### Script Examples
+
+Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
+
+Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
+
+```bash
+# Change to the wolfSSL Arduino IDE directory
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+
+# remove current Arduino wolfSSL library
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
+
+# Install wolfSSL as an Arduino library
+./wolfssl-arduino.sh INSTALL
+```
+
+Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
+```
+
+Publish wolfSSL from WSL to default Windows local library.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL
+```
+
+Test the TLS server by running a local command-line client.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./examples/client/client -h 192.168.1.43 -p 11111 -v 3
+```
+
+Build wolfSSL to include wolfSSH support to an alternate development directory.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
+make
+make install
+
+```
+
+Build wolfSSH with wolfSSL not installed to default directory.
+
+```bash
+cd /mnt/c/workspace/wolfssh-$USER
+./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
+make
+./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
+```
+
+Test the current wolfSSL.
+
+```bash
+cd /mnt/c/workspace/wolfssl-arduino
+git status
+./autogen.sh
+./configure --enable-all
+make clean
+make && make test
+```
+
+Build and run `testwolfcrypt`.
+
+```bash
+./autogen.sh
+./configure --enable-all
+make clean && make && ./wolfcrypt/test/testwolfcrypt
+```
--- a/IDE/ARDUINO/include.am
+++ b/IDE/ARDUINO/include.am
@ -3,6 +3,15 @@
 # All paths should be given relative to the root

 EXTRA_DIST+= IDE/ARDUINO/README.md
+EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
+EXTRA_DIST+= IDE/ARDUINO/keywords.txt
+EXTRA_DIST+= IDE/ARDUINO/library.properties.template
+EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
+EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh
--- a/IDE/ARDUINO/keywords.txt
+++ b/IDE/ARDUINO/keywords.txt
@ -0,0 +1,21 @@
+# Syntax Coloring Map For wolfSSL
+# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
+#
+# Be sure to use tabs, not spaces. This might help:
+#  tr ' ' '\t' < keywords1.txt > keywords.txt
+
+#=============================================
+#	Datatypes	(KEYWORD1)
+#=============================================
+
+
+#=============================================
+#	Methods	and	Functions	(KEYWORD2)
+#=============================================
+wolfSSL_SetIORecv	KEYWORD1
+
+#=============================================
+#	Instances	(KEYWORD2)
+#=============================================
+ctx	KEYWORD2
+
--- a/IDE/ARDUINO/library.properties.template
+++ b/IDE/ARDUINO/library.properties.template
@ -0,0 +1,9 @@
+name=wolfssl
+version=${WOLFSSL_VERSION}${WOLFSSL_VERSION_ARUINO_SUFFIX}
+author=wolfSSL Inc.
+maintainer=wolfSSL inc <support@wolfssl.com>
+sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
+paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
+category=Communication
+url=https://www.wolfssl.com/
+architectures=*
--- a/IDE/ARDUINO/sketches/README.md
+++ b/IDE/ARDUINO/sketches/README.md
@ -0,0 +1,12 @@
+# wolfSSL Arduino Examples
+
+There are currently two example Arduino sketches:
+
+* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
+* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
+
+Examples have been most recently confirmed operational on the
+[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
--- a/IDE/ARDUINO/sketches/wolfssl_client/README.md
+++ b/IDE/ARDUINO/sketches/wolfssl_client/README.md
@ -0,0 +1,22 @@
+# Arduino Basic TLS Listening Client
+
+Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino
+cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```
--- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
@ -1,6 +1,6 @@
 /* wolfssl_client.ino
 *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -19,138 +19,876 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

+/*
+Tested with:
+
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo
+
+2) Espressif ESP32 WiFi
+
+3) Arduino Due, Nano33 IoT, Nano RP-2040
+*/
+
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 0
+
+/* Edit this with your other TLS host server address to connect to: */
+#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+#define WOLFSSL_CLIENT_EXAMPLE
+/* #define WOLFSSL_SERVER_EXAMPLE */
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
+#endif
+
+#define BROADCAST_ADDRESS "255.255.255.255"
+
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif

 #include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
 #include <wolfssl/ssl.h>
-#include <Ethernet.h>
+#include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>

-const char host[] = "192.168.1.148"; // server to connect to
-const int port = 11111; // port on server to connect to
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
+#endif

-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
-int reconnect = 10;
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x

-EthernetClient client;
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;

-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;

-void setup() {
-  WOLFSSL_METHOD* method;
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;

-  Serial.begin(9600);
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;

-  method = wolfTLSv1_2_client_method();
-  if (method == NULL) {
-    Serial.println("unable to get method");
-    return;
-  }
-  ctx = wolfSSL_CTX_new(method);
-  if (ctx == NULL) {
-    Serial.println("unable to get ctx");
-    return;
-  }
-  // initialize wolfSSL using callback functions
-  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-  wolfSSL_SetIOSend(ctx, EthernetSend);
-  wolfSSL_SetIORecv(ctx, EthernetReceive);
-  
-  return;
-}
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;

-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
-  int sent = 0;
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;

-  sent = client.write((byte*)msg, sz);
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;

-  return sent;
-}
+#endif

-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-  int ret = 0;
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif

-  while (client.available() > 0 && ret < sz) {
-    reply[ret++] = client.read();
-  }
+static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
+static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */

-  return ret;
-}
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];

-void loop() {
-  int err            = 0;
-  int input          = 0;
-  int total_input    = 0;
-  char msg[32]       = "hello wolfssl!";
-  int msgSz          = (int)strlen(msg);
-  char errBuf[80];
-  char reply[80];
-  const char* cipherName;
-    
-  if (reconnect) {
-    reconnect--;
-    
-    if (client.connect(host, port)) {
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif

-      Serial.print("Connected to ");
-      Serial.println(host);
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */

-      ssl = wolfSSL_new(ctx);
-      if (ssl == NULL) {
-        Serial.println("Unable to allocate SSL object");
-        return;
-      }
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif

-      err = wolfSSL_connect(ssl);
-      if (err != WOLFSSL_SUCCESS) {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Connect Error: ");
-        Serial.println(errBuf);
-      }
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();

-      Serial.print("SSL version is ");
-      Serial.println(wolfSSL_get_version(ssl));
-      
-      cipherName = wolfSSL_get_cipher(ssl);
-      Serial.print("SSL cipher suite is ");
-      Serial.println(cipherName);
-
-      if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
-        
-        Serial.print("Server response: ");
-        while (client.available() || wolfSSL_pending(ssl)) {
-          input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-          total_input += input;
-          if (input < 0) {
-            err = wolfSSL_get_error(ssl, 0);
-            wolfSSL_ERR_error_string(err, errBuf);
-            Serial.print("TLS Read Error: ");
-            Serial.println(errBuf);
-            break;
-          } else if (input > 0) {
-            reply[input] = '\0';
-            Serial.print(reply);
-          } else {
-            Serial.println();
-          }
-        } 
-      } else {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Write Error: ");
-        Serial.println(errBuf);
-      }
-      
-      wolfSSL_shutdown(ssl);
-      wolfSSL_free(ssl);
-
-      client.stop();
-      Serial.println("Connection complete.");
-      reconnect = 0;
-    } else {
-      Serial.println("Trying to reconnect...");
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
    }
-  }
-  delay(1000);
+    return 0;
 }
+
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();
+
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif
+
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
+
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
+
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
+}
+
+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
+    int sent = 0;
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
+    return sent;
+}
+
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
+    int ret = 0;
+    (void)ssl;
+    (void)ctx;
+
+    while (client.available() > 0 && ret < sz) {
+        reply[ret++] = client.read();
+    }
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;
+
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
+
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
+
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
+
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
+
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
+
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
+            }
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
+
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Client IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    Serial.print(F("   Configured Server Host to connect to: "));
+    Serial.println(host);
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
+    WOLFSSL_METHOD* method;
+
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_client_method();
+    if (method == NULL) {
+        Serial.println(F("unable to get wolfssl client method"));
+        fail_wait();
+    }
+    ctx = wolfSSL_CTX_new(method);
+    if (ctx == NULL) {
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
+    }
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_CLIENT_CERT,
+                                             CTX_CLIENT_CERT_SIZE,
+                                             CTX_CLIENT_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private client key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_CLIENT_KEY,
+                                            CTX_CLIENT_KEY_SIZE,
+                                            CTX_CLIENT_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    ret = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         CTX_CA_CERT,
+                                         CTX_CA_CERT_SIZE,
+                                         CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println(F("Success: load_verify CTX_CA_CERT"));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Client Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
+    wolfSSL_SetIOSend(ctx, EthernetSend);
+    wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+    Serial.println(F("Completed Arduino setup!"));
+    /* See companion wolfssl_server.ino code; server begins listening here
+     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
+     * Any other server will work. See also:
+     * https://github.com/wolfSSL/wolfssl/tree/master/examples/client
+     */
+    /* See companion wolfssl_server.ino code */
+    return;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
+    int ret = 0;
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    show_memory();
+
+    return ret;
+} /* error_check */
+
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;
+
+    if (ssl == NULL) {
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
+        }
+        else {
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
+    }
+
+    return err;
+}
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
+void loop() {
+    char reply[80];
+    char msg[32]       = "hello wolfssl!";
+    const char* cipherName;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int total_input    = 0;
+    int msgSz          = 0;
+    int input          = 0;
+    int ret            = 0;
+    int err            = 0;
+    msgSz = (int)strlen(msg);
+    Serial.println(F(""));
+    Serial.println(F("Starting Arduino loop() ..."));
+
+    if (reconnect) {
+        reconnect--;
+        /* WiFi client returns true if connection succeeds, false if not.  */
+        /* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
+        Serial.print(F("Connecting to "));
+        Serial.print(host);
+        Serial.print(F(":"));
+        Serial.println(port);
+        /* can also use: IPAddress server(192,168,1,37); */
+        Serial.println(F("Here we go..."));
+        ret = client.connect(host, port);
+        Serial.println(F("Ok, checking..."));
+        if (ret > 0) {
+            Serial.println(F("Connected!"));
+
+            /* initialize wolfSSL */
+            ret = wolfSSL_Init();
+            error_check(ret, false, F("calling wolfSSL_Init") );
+
+            /* create secure connection object. see setup for ctx certs. */
+            Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
+            ssl = wolfSSL_new(ctx);
+            error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
+
+            Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
+            do {
+                err = 0; /* reset error */
+                Serial.println(F("wolfSSL_connect ..."));
+                ret = wolfSSL_connect(ssl);
+                Serial.print("wolfSSL_connect return result =");
+                Serial.println(ret);
+                if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
+                    Serial.println(F("Failed connection, checking error."));
+                    err = error_check_ssl(ssl, ret, true,
+                                    F("Create WOLFSSL object from ctx"));
+                    Serial.print("err =");
+                    Serial.println(err);
+                }
+                else {
+                   Serial.print(PROGRESS_DOT);
+                }
+            } while (err == WC_PENDING_E);
+
+            Serial.println();
+            Serial.println(F("Connected!"));
+            Serial.print(F("SSL version is "));
+            Serial.println(wolfSSL_get_version(ssl));
+
+            cipherName = wolfSSL_get_cipher(ssl);
+            Serial.print(F("SSL cipher suite is "));
+            Serial.println(cipherName);
+
+            /* see test.h
+             * TODO: test.h needs a little bit of Arduino work for these:
+            showPeerEx(ssl, lng_index);
+            showPeerPEM(ssl);
+            */
+
+            Serial.print(F("Sending secure message to server: "));
+            Serial.println(msg);
+            ret = wolfSSL_write(ssl, msg, msgSz);
+            if (ret == msgSz) {
+                Serial.print(F("Waiting for Server response..."));
+
+                while (!client.available()) {
+                    /* wait for data */
+                    delay(1); /* 1 ms delay */
+                }
+
+                Serial.print(F("Reading response.."));
+                /* read data */
+                do {
+                    ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+                    if (ret < 0) {
+                        error_check_ssl(ssl, ret, false,
+                                        F("during TLS Read"));
+                    }
+                    else {
+                        Serial.print(PROGRESS_DOT);
+                    }
+                } while (err == WC_PENDING_E);
+                Serial.println();
+
+                Serial.println();
+                Serial.println(reply); /* typically: I hear you fa shizzle! */
+                Serial.println();
+
+            } /* wolfSSL_write message size matched */
+            else {
+                error_check_ssl(ssl, ret, false,
+                    F("during TLS Write"));
+            }  /* any wolfSSL_write message size mismatch is an error */
+
+            Serial.print(F("Shutting down.."));
+            do {
+                delay(1);
+                Serial.print(PROGRESS_DOT);
+                retry_shutdown--;
+                ret = wolfSSL_shutdown(ssl);
+            } while (   (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
+                     && (retry_shutdown > 0)
+                    ); /* There may be pending data, so wait until done. */
+            Serial.println();
+
+            if (retry_shutdown <= 0) {
+                /* if wolfSSL_free is called before properly shutting down the
+                 * ssl object, undesired results may occur. */
+                Serial.println(F("Warning! Shutdown did not properly complete."));
+            }
+
+            wolfSSL_free(ssl);
+            client.stop();
+            Serial.println(F("Connection complete."));
+            if (REPEAT_CONNECTION) {
+                reconnect = RECONNECT_ATTEMPTS;
+            }
+            else {
+                reconnect = 0;
+            }
+        } /* client.connect(host, port) */
+        else {
+            Serial.println(F("Problem sending message. Trying to reconnect..."));
+        }
+    }
+    delay(1000);
+    if ((reconnect > 0) && (REPEAT_CONNECTION)) {
+        Serial.println(F("Arduino loop repeating..."));
+        Serial.println();
+    }
+    else {
+        printf("wow");
+        Serial.println(F("Done!"));
+        while(1) {
+            /* wait forever */
+        }
+    }
+
+#if defined(MEMORY_STRESS_TEST)
+    if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
+        /* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
+        mem_ctr++;
+        Serial.print(F("Memory stress increment: "));
+        Serial.print(mem_ctr);
+        Serial.print(F(". Allocating addition memory (bytes): "));
+        Serial.println(MEMORY_STRESS_BLOCK_SIZE);
+        memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
+        show_memory();
+    }
+#endif
+} /* Arduino loop repeats */
--- a/IDE/ARDUINO/sketches/wolfssl_server/README.md
+++ b/IDE/ARDUINO/sketches/wolfssl_server/README.md
@ -0,0 +1,134 @@
+# Arduino Basic TLS Server
+
+Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+## Connect with an Arduino Sketch
+
+See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino). 
+
+## Connect with Linux Client
+
+See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
+and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
+
+Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`,
+connect with the `client` executable:
+
+```
+./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+```
+
+## wolfSSL Error -308 wolfSSL_connect error state on socket
+
+When using a wired Ethernet connection, and this error is encountered, simply
+press the reset button or power cycle the Arduino before making a connection.
+
+Here's one possible script to test the server from a command-line client:
+
+```bash
+#!/bin/bash
+echo "client log " > client_log.txt
+counter=1
+THIS_ERR=0
+while [ $THIS_ERR -eq 0 ]; do
+    ./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt
+
+    THIS_ERR=$?
+    if [ $? -ne 0 ]; then
+        echo "Failed!"
+        exit 1
+    fi
+    echo "Iteration $counter"
+    echo "Iteration $counter" >> client_log.txt
+    ((counter++))
+done
+```
+
+Output expected from the `client` command:
+
+```
+$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+Alternate cert chain used
+ issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ altname = example.com
+ altname = 127.0.0.1
+ serial number:01
+SSL version is TLSv1.2
+SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256
+SSL curve name is SECP256R1
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
+MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
+BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
+M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
+DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
+hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
+vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
+i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
+JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
+W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
+DMa5hrjJBMNRN9JP
+-----END CERTIFICATE-----
+Session timeout set to 500 seconds
+Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31
+    Session-ID-ctx:
+    Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F
+    TLS session ticket: NONE
+    Start Time: 1705533296
+    Timeout   : 500 (sec)
+    Extended master secret: no
+I hear you fa shizzle!
+```
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this:
+
+```text
+c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr'
+collect2.exe: error: ld returned 1 exit status
+
+exit status 1
+
+Compilation error: exit status 1
+```
+
+Try cleaning the Arduino cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```
+
+Remove all other boards from other serial ports, leaving one the one being programmed.
--- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
@ -1,6 +1,6 @@
 /* wolfssl_server.ino
 *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -19,158 +19,820 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

+/*
+Tested with:

-#include <wolfssl.h>
-#include <wolfssl/ssl.h>
-#include <Ethernet.h>
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo

-#define USE_CERT_BUFFERS_256
-#include <wolfssl/certs_test.h>
+2) Espressif ESP32 WiFi

-#ifdef NO_WOLFSSL_SERVER
-  #error Please undefine NO_WOLFSSL_SERVER for this example
+3) Arduino Due, Nano33 IoT, Nano RP-2040
+*/
+
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 1
+
+/* Edit this with your other TLS host server address to connect to: */
+/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+/* #define WOLFSSL_CLIENT_EXAMPLE */
+#define WOLFSSL_SERVER_EXAMPLE
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
 #endif

-const int port = 11111; // port to listen on
+#define BROADCAST_ADDRESS "255.255.255.255"

-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif

-EthernetServer server(port);
-EthernetClient client;
+#include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
+#include <wolfssl/ssl.h>
+#include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>

-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
+#endif

-void setup() {
-  int err;
-  WOLFSSL_METHOD* method;
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x

-  Serial.begin(9600);
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;
+    EthernetClient server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#endif

-  method = wolfTLSv1_2_server_method();
-  if (method == NULL) {
-    Serial.println("unable to get method");
-    return;
-  }
-  ctx = wolfSSL_CTX_new(method);
-  if (ctx == NULL) {
-    Serial.println("unable to get ctx");
-    return;
-  }
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif

-  // initialize wolfSSL using callback functions
-  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-  wolfSSL_SetIOSend(ctx, EthernetSend);
-  wolfSSL_SetIORecv(ctx, EthernetReceive);

-  // setup the private key and certificate
-  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
-    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting key");
-    return;
-  }
-  err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, 
-    sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting certificate");
-    return;
-  }
+/* we expect our IP address from DHCP */

-  // Start the server
-  server.begin();
-  
-  return;
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];
+
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif
+
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */
+
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif
+
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();
+
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
+    }
+    return 0;
 }

-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
-  int sent = 0;
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();

-  sent = client.write((byte*)msg, sz);
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif

-  return sent;
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
+
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
+
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
 }

+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
+    int sent = 0;
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
+    return sent;
+}
+
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-  int ret = 0;
+    int ret = 0;
+    (void)ssl;
+    (void)ctx;

-  while (client.available() > 0 && ret < sz) {
-    reply[ret++] = client.read();
-  }
-
-  return ret;
+    while (client.available() > 0 && ret < sz) {
+        reply[ret++] = client.read();
+    }
+    return ret;
 }

-void loop() {
-  int err = 0;
-  int input = 0;
-  char errBuf[80];
-  char reply[80];
-  int replySz = 0;
-  const char* cipherName;
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;

-  // Listen for incoming client requests.
-  client = server.available();
-  if (!client) {
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
+
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
+
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
+
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
+
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
+
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
+            }
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
+
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Server IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    /* In server mode, there's no host definition. */
+    /* See companion example: wolfssl_client.ino */
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
+    WOLFSSL_METHOD* method;
+
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_server_method();
+    if (method == NULL) {
+        Serial.println(F("unable to get wolfssl server method"));
+        fail_wait();
+    }
+    ctx = wolfSSL_CTX_new(method);
+    if (ctx == NULL) {
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
+    }
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_SERVER_CERT,
+                                             CTX_SERVER_CERT_SIZE,
+                                             CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private server key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_SERVER_KEY,
+                                            CTX_SERVER_KEY_SIZE,
+                                            CTX_SERVER_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Server Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
+    wolfSSL_SetIOSend(ctx, EthernetSend);
+    wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+#if defined THIS_USER_SETTINGS_VERSION
+    Serial.print(F("This user_settings.h version:"))
+    Serial.println(THIS_USER_SETTINGS_VERSION)
+#endif
+
+    /* Start the server
+     * See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
+     */
+
+    Serial.println(F("Completed Arduino setup()"));
+
+    server.begin();
+    Serial.println("Begin Server... (waiting for remote client to connect)");
+
+    /* See companion wolfssl_client.ino code */
    return;
-  }
+} /* Arduino setup */

-  if (client.connected()) {
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
+    int ret = 0;
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    show_memory();

-    Serial.println("Client connected");
+    return ret;
+} /* error_check */
+
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;

-    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
-      Serial.println("Unable to allocate SSL object");
-      return;
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
+        }
+        else {
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
    }

-    err = wolfSSL_accept(ssl);
-    if (err != WOLFSSL_SUCCESS) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Accept Error: ");
-      Serial.println(errBuf);
-    }
-
-    Serial.print("SSL version is ");
-    Serial.println(wolfSSL_get_version(ssl));
-    
-    cipherName = wolfSSL_get_cipher(ssl);
-    Serial.print("SSL cipher suite is ");
-    Serial.println(cipherName);
-
-    Serial.print("Server Read: ");
-    while (client.available() || wolfSSL_pending(ssl)) {
-      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-      if (input < 0) {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Read Error: ");
-        Serial.println(errBuf);
-        break;
-      } else if (input > 0) {
-        replySz = input;
-        reply[input] = '\0';
-        Serial.print(reply);
-      } else {
-        Serial.println();
-      }
-    }
-
-    // echo data
-    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Write Error: ");
-      Serial.println(errBuf);
-    }
-    
-    wolfSSL_shutdown(ssl);
-    wolfSSL_free(ssl);
-  }
-
-  client.stop();
-  Serial.println("Connection complete");
+    return err;
 }
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
+void loop() {
+    char errBuf[80]    = "(no error";
+    char reply[80]     = "(no reply)";
+    const char msg[]   = "I hear you fa shizzle!";
+    const char* cipherName;
+    int input          = 0;
+    int replySz        = 0;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int ret            = 0;
+    IPAddress broadcast_address(255, 255, 255, 255);
+
+    /* Listen for incoming client requests. */
+    client = server.available();
+    if (client)  {
+       Serial.println("Have Client");
+       while (!client.connected()) {
+           /* wait for the client to actually connect */
+           delay(10);
+       }
+        Serial.print("Client connected from remote IP: ");
+        Serial.println(client.remoteIP());
+
+        ssl = wolfSSL_new(ctx);
+        if (ssl == NULL) {
+            Serial.println("Unable to allocate SSL object");
+            fail_wait();
+        }
+
+        ret = wolfSSL_accept(ssl);
+        if (ret != WOLFSSL_SUCCESS) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Accept Error: ");
+            Serial.println(errBuf);
+        }
+
+        cipherName = wolfSSL_get_cipher(ssl);
+        Serial.print("SSL cipher suite is ");
+        Serial.println(cipherName);
+
+        Serial.print("Server Read: ");
+        while (!client.available()) {
+            /* wait for data */
+        }
+
+        /* read data */
+        while (wolfSSL_pending(ssl)) {
+            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+            if (input < 0) {
+                ret = wolfSSL_get_error(ssl, 0);
+                wolfSSL_ERR_error_string(ret, errBuf);
+                Serial.print("TLS Read Error: ");
+                Serial.println(errBuf);
+                break;
+            }
+            else if (input > 0) {
+                replySz = input;
+                reply[input] = '\0';
+                Serial.print(reply);
+            }
+            else {
+                Serial.println("<end of reply, input == 0>");
+            }
+        }
+
+        /* Write our message into reply buffer to send */
+        memset(reply, 0, sizeof(reply));
+        memcpy(reply, msg, sizeof(msg));
+        replySz = strnlen(reply, sizeof(reply));
+
+        Serial.println("Sending reply...");
+        if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Write Error: ");
+            Serial.println(errBuf);
+        }
+        else {
+            Serial.println("Reply sent!");
+        }
+
+        Serial.println("Shutdown!");
+        do {
+            delay(1);
+            retry_shutdown--;
+            ret = wolfSSL_shutdown(ssl);
+        } while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
+
+        if (retry_shutdown <= 0) {
+            /* if wolfSSL_free is called before properly shutting down the
+             * ssl object, undesired results may occur. */
+            Serial.println("Warning! Shutdown did not properly complete.");
+        }
+
+        wolfSSL_free(ssl);
+        Serial.println("Connection complete.");
+        if (REPEAT_CONNECTION) {
+            Serial.println();
+            Serial.println("Waiting for next connection.");
+        }
+        else {
+            client.stop();
+            Serial.println("Done!");
+            while (1) {
+                /* wait forever if not repeating */
+                delay(100);
+            }
+        }
+    }
+    else {
+        /* Serial.println("Client not connected. Trying again..."); */
+    }
+
+    delay(100);
+} /* Arduino loop repeats */
--- a/IDE/ARDUINO/sketches/wolfssl_version/README.md
+++ b/IDE/ARDUINO/sketches/wolfssl_version/README.md
@ -0,0 +1,3 @@
+# Arduino Basic Hello World
+
+This example simply compiles in wolfSSL and shows the current version number.
--- a/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
@ -0,0 +1,24 @@
+#include <Arduino.h>
+#include <wolfssl.h>
+#include <wolfssl/version.h>
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* Arduino setup */
+void setup() {
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial) {
+        /* wait for serial port to connect. Needed for native USB port only */
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL setup complete!"));
+}
+
+/* Arduino main application loop. */
+void loop() {
+    Serial.print("wolfSSL Version: ");
+    Serial.println(LIBWOLFSSL_VERSION_STRING);
+    delay(60000);
+}
--- a/IDE/ARDUINO/wolfssl-arduino.sh
+++ b/IDE/ARDUINO/wolfssl-arduino.sh
@ -2,67 +2,323 @@

 # this script will reformat the wolfSSL source code to be compatible with
 # an Arduino project
-# run as bash ./wolfssl-arduino.sh
+# run as bash ./wolfssl-arduino.sh [INSTALL] [path]
+#
+# ./wolfssl-arduino.sh
+# The default is to install to a local wolfSSL directory (`ROOT_DIR`).
+# If successfully built, and the INSTALL option is used, tis directory
+# is then moved to the target.
+#
+# ./wolfssl-arduino.sh INSTALL
+# Creates a local wolfSSL directory and then moves it to the ARDUINO_ROOT
+#
+# ./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER
+# Updates the Arduino-wolfSSL fork for $USER to refresh versions.
+#
+# To ensure a pristine build, the directory must not exist.
+#
+# Reminder there's typically no $USER for GitHub actions, but:
+# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+#
+# The company name is "wolfSSL Inc."; There’s a space, no comma, and a period after "Inc."
+# The Arduino library name is "wolfssl" (all lower case)
+# The Arduino library directory name is "wolfssl" (all lower case)
+# The Arduino library include file is "wolfssl.h" (all lower case)
+# The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
+# See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
+ROOT_DIR="/wolfssl"

-DIR=${PWD##*/}
+# The Arduino Version will initially have a suffix appended during fine tuning stage.
+WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3"

-space(){
-    echo "" >> "$1"
-}
+# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
+# Do not set to empty string, as copy will fail with this: CP_CMD=""
+# CP_CMD="cp -v "
+CP_CMD="cp "

-if [ "$DIR" = "ARDUINO" ]; then
-	rm -rf wolfSSL
-	mkdir wolfSSL
+# Specify the executable shell checker you want to use:
+MY_SHELLCHECK="shellcheck"

-    cp ../../src/*.c ./wolfSSL
-    cp ../../wolfcrypt/src/*.c ./wolfSSL
+# There are special circumstances to publish to GitHub repository.
+# Typically: https://github.com/wolfSSL/Arduino-wolfSSL
+#
+# Unlike a local Arduino library that requires a clean directory,
+# we'll allow extra files, overwrites, etc.
+#
+# Note in all cases, the local IDE/ARDUINO/wolfssl must be empty.
+THIS_INSTALL_IS_GITHUB="false"

-    mkdir wolfSSL/wolfssl
-    cp ../../wolfssl/*.h ./wolfSSL/wolfssl
-    mkdir wolfSSL/wolfssl/wolfcrypt
-    cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt
+# Check if the executable is available in the PATH
+if command -v "$MY_SHELLCHECK" >/dev/null 2>&1; then
+    # Run your command here
+    shellcheck "$0" || exit 1
+else
+    echo "$MY_SHELLCHECK is not installed. Please install it if changes to this script have been made."
+fi

-    # support misc.c as include in wolfcrypt/src
-    mkdir ./wolfSSL/wolfcrypt
-    mkdir ./wolfSSL/wolfcrypt/src
-    cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src
-    cp ../../wolfcrypt/src/asm.c  ./wolfSSL/wolfcrypt/src
+if ! [ "$CP_CMD" = "cp " ]; then
+    if [ "$CP_CMD" = "cp -v" ]; then
+        echo "Copy verbose mode"
+    else
+        echo "ERROR: Copy mode not supported: $CP_CMD"
+        exit 1
+    fi
+fi

+# Check environment
+if [ -n "$WSL_DISTRO_NAME" ]; then
+    # we found a non-blank WSL environment distro name
+    current_path="$(pwd)"
+    pattern="/mnt/?"
+    if echo "$current_path" | grep -Eq "^$pattern"; then
+        # if we are in WSL and shared Windows file system, 'ln' does not work.
+        ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+    else
+        ARDUINO_ROOT="$HOME/Arduino/libraries"
+    fi
+fi
+echo "The Arduino library root is: $ARDUINO_ROOT"
+
+if [ $# -gt 0 ]; then
+    THIS_OPERATION="$1"
+    if [ "$THIS_OPERATION" = "INSTALL" ]; then
+        THIS_INSTALL_DIR=$2
+
+        echo "Install is active."
+
+        if [ "$THIS_INSTALL_DIR" = "" ]; then
+            if [ -d "$ARDUINO_ROOT$ROOT_DIR" ]; then
+                echo "Error: the installation directory already exists: $ARDUINO_ROOT$ROOT_DIR"
+                echo "A new directory needs to be created to ensure there are no stray files"
+                echo "Please delete or move the directory and try again."
+                exit 1
+            fi
+        else
+            echo "Installing to $THIS_INSTALL_DIR"
+            if [ -d "$THIS_INSTALL_DIR/.git" ];then
+                echo "Target is a GitHub repository."
+                THIS_INSTALL_IS_GITHUB="true"
+            else
+                echo "Target is NOT a GitHub repository."
+            fi
+        fi
+    else
+        echo "Error: not a valid operation: $THIS_OPERATION"
+        exit 1
+    fi
+fi
+
+
+ROOT_SRC_DIR="${ROOT_DIR}/src"
+EXAMPLES_DIR="${ROOT_DIR}/examples"
+WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
+WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
+WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
+WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src"
+WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt"
+OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl"
+
+
+# TOP indicates the file directory for top level of the wolfssl repository.
+TOP_DIR="../.."
+WOLFSSL_SRC_TOP="${TOP_DIR}/src"
+WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl"
+WOLFCRYPT_ROOT_TOP="${TOP_DIR}/wolfcrypt"
+WOLFCRYPT_SRC_TOP="${WOLFCRYPT_ROOT_TOP}/src"
+WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt"
+OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
+
+
+WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
+if [ "$WOLFSSL_VERSION" = "" ]; then
+    echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
+    exit 1
+else
+    echo "Found wolfSSL version $WOLFSSL_VERSION"
+    echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
+fi
+echo ""
+
+THIS_DIR=${PWD##*/}
+
+if [ "$THIS_DIR" = "ARDUINO" ]; then
+    # mkdir ./wolfssl
+    if [ -d ".${ROOT_DIR}" ]; then
+        echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
+        exit 1
+    else
+        echo "Step 01: mkdir .${ROOT_DIR}"
+        mkdir ."${ROOT_DIR}"
+    fi
+
+    # mkdir ./wolfssl/src
+    if [ ! -d ".${ROOT_SRC_DIR}" ]; then
+        echo "Step 02: mkdir .${ROOT_SRC_DIR}"
+        mkdir ."${ROOT_SRC_DIR}"
+    fi
+
+    # mkdir ./wolfssl/src/wolfssl
+    if [ ! -d ".${WOLFSSL_HEADERS}" ]; then
+        echo "Step 03: mkdir .${WOLFSSL_HEADERS}"
+        mkdir ."${WOLFSSL_HEADERS}"
+    fi
+
+    #  cp ../../wolfssl/*.h  ./wolfssl/src/wolfssl
+    echo "Step 04: cp    ${WOLFSSL_HEADERS_TOP}/*.h              .${WOLFSSL_HEADERS}"
+    $CP_CMD "${WOLFSSL_HEADERS_TOP}"/*.h ."${WOLFSSL_HEADERS}"
+    if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then
+        #  mkdir ./wolfssl/src/wolfssl/wolfcrypt
+        echo "Step 05: mkdir .${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}/port"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/atmel"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/Espressif"
+    fi
+
+    # cp  ../../wolfssl/wolfcrypt/*.h  ./wolfssl/src/wolfssl/wolfcrypt
+    echo "Step 06: cp    ${WOLFCRYPT_HEADERS_TOP}/*.h    .${WOLFCRYPT_HEADERS}"
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/*.h                ."${WOLFCRYPT_HEADERS}"                 || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/atmel/*.h     ."${WOLFCRYPT_HEADERS}/port/atmel"      || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/Espressif/*.h ."${WOLFCRYPT_HEADERS}/port/Espressif"  || exit 1
+
+    # Add in source files to wolfcrypt/src
+    if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then
+        # mkdir ./wolfssl/src/wolfcrypt
+        echo "Step 07: mkdir .${WOLFCRYPT_ROOT}"
+        mkdir ."${WOLFCRYPT_ROOT}"
+    fi
+
+    # mkdir ./wolfssl/src/wolfcrypt/src
+    if [ ! -d ".${WOLFCRYPT_SRC}" ]; then
+        echo "Step 08: mkdir .${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"/port
+        mkdir ."${WOLFCRYPT_SRC}"/port/atmel
+        mkdir ."${WOLFCRYPT_SRC}"/port/Espressif
+    fi
+
+    # cp  ../../wolfcrypt/src/*.c  ./wolfssl/src/wolfcrypt/src
+    echo "Step 09: cp    ${WOLFCRYPT_SRC_TOP}/*.c        .${WOLFCRYPT_SRC}"
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/*.c                  ."${WOLFCRYPT_SRC}"                || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/atmel/*.c       ."${WOLFCRYPT_SRC}"/port/atmel     || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/Espressif/*.c   ."${WOLFCRYPT_SRC}"/port/Espressif || exit 1
+
+    # Add in source files to top level src folders
+    if [ ! -d ".${WOLFSSL_SRC}" ]; then
+        # mkdir ./wolfssl/src/src
+        echo "Step 10: mkdir .${WOLFSSL_SRC}"
+        mkdir ."${WOLFSSL_SRC}"
+    fi
+    $CP_CMD "${WOLFSSL_SRC_TOP}"/*.c ."${WOLFSSL_SRC}"                                        || exit 1
    # put bio and evp as includes
-    mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
-	mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
+    $CP_CMD ."${WOLFSSL_SRC}"/bio.c   ."${WOLFSSL_HEADERS}"                                   || exit 1
+    $CP_CMD ."${WOLFCRYPT_SRC}"/evp.c ."${WOLFSSL_HEADERS}"                                   || exit 1

-    echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h
-    echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
-    echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h
+    # make a copy of evp.c and bio.c for ssl.c to include inline
+    $CP_CMD ."${WOLFSSL_HEADERS}"/evp.c ."${WOLFCRYPT_SRC}"/evp.c                             || exit 1
+    $CP_CMD ."${WOLFSSL_HEADERS}"/bio.c ."${WOLFCRYPT_SRC}"/bio.c                             || exit 1

-    echo "/* Generated wolfSSL user_settings.h file for Arduino */" > ./wolfSSL/user_settings.h
-    echo "#ifndef ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
-    echo "#define ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "/* Platform */" >> ./wolfSSL/user_settings.h
-    echo "#define WOLFSSL_ARDUINO" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "/* Math library (remove this to use normal math)*/" >>  ./wolfSSL/user_settings.h
-    echo "#define USE_FAST_MATH" >> ./wolfSSL/user_settings.h
-    echo "#define TFM_NO_ASM" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "/* RNG DEFAULT !!FOR TESTING ONLY!! */" >>  ./wolfSSL/user_settings.h
-    echo "/* comment out the error below to get started w/ bad entropy source" >>  ./wolfSSL/user_settings.h
-    echo " * This will need fixed before distribution but is OK to test with */" >>  ./wolfSSL/user_settings.h
-    echo "#error \"needs solved, see: https://www.wolfssl.com/docs/porting-guide/\"" >>  ./wolfSSL/user_settings.h
-    echo "#define WOLFSSL_GENSEED_FORTEST" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "#endif /* ARDUINO_USER_SETTINGS_H */" >> ./wolfSSL/user_settings.h
+    # copy openssl compatibility headers to their appropriate location
+    if [ ! -d ".${OPENSSL_DIR}" ]; then
+        mkdir ."${OPENSSL_DIR}"
+    fi
+    $CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}"                                          || exit 1

-    cp wolfSSL/wolfssl/wolfcrypt/settings.h wolfSSL/wolfssl/wolfcrypt/settings.h.bak
-    echo " /* wolfSSL Generated ARDUINO settings */" > ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo "#ifndef WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo "    #define WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo "#endif /* WOLFSSL_USER_SETTINGS */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    echo " /* wolfSSL Generated ARDUINO settings: END */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
-    cat ./wolfSSL/wolfssl/wolfcrypt/settings.h.bak >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
+    # Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
+    $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h

+    echo "Copy examples...."
+    # Copy examples
+    mkdir -p ".${ROOT_SRC_DIR}"/examples
+
+    echo "Copy wolfssl_client example...."
+    mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
+    $CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_client/README.md          ".${EXAMPLES_DIR}"/wolfssl_client/README.md          || exit 1
+
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_server
+    $CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_server/README.md          ".${EXAMPLES_DIR}"/wolfssl_server/README.md          || exit 1
+
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_version
+    $CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_version/README.md           ".${EXAMPLES_DIR}"/wolfssl_version/README.md           || exit 1
 else
    echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
+    exit 1
 fi
+
+# At this point, the library is complete, but we need some additional files.
+#
+# optional diagnostics:
+# echo ".${ROOT_DIR}"
+# echo "${TOP_DIR}"
+# echo "cp ${TOP_DIR}/README.md     .${ROOT_DIR}/"
+
+# Replace the `${WOLFSSL_VERSION}` text in Arduino_README_prepend.md,
+# saving it to a .tmp file. Prepend that file to the wolfSSL README.md
+# file as PREPENDED_README.md, then copy that to the publish directory
+# as an Arduino-specific README.md file.
+VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
+ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+PREPEND_FILE="Arduino_README_prepend.md"
+PROPERTIES_FILE_TEMPLATE="library.properties.template"
+sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
+cat "$PREPEND_FILE.tmp" ${TOP_DIR}/README.md > PREPENDED_README.md
+
+# Here we'll insert the wolfSSL version into the `library.properties.tmp` file, along with an Arduino version suffix.
+# The result should be something like version=5.6.6.Arduino.1 (for the 1st incremental version on top of 5.6.6)
+sed            s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/                              "$PROPERTIES_FILE_TEMPLATE" > "library.properties.tmp"
+sed -i.backup  s/"$ARDUINO_VERSION_SUFFIX_PLACEHOLDER"/"$WOLFSSL_VERSION_ARUINO_SUFFIX"/ "library.properties.tmp"
+
+# cat library.properties.tmp
+# echo "${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+
+echo "Step 11: Final root file copy"
+$CP_CMD  PREPENDED_README.md          ."${ROOT_DIR}"/README.md           || exit 1
+$CP_CMD  library.properties.tmp       ."${ROOT_DIR}"/library.properties  || exit 1
+$CP_CMD  "${TOP_DIR}"/"LICENSING"     ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"README"        ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"COPYING"       ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"ChangeLog.md"  ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".editorconfig" ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".gitignore"    ."${ROOT_DIR}"/                    || exit 1
+
+$CP_CMD  "keywords.txt"               ."${ROOT_DIR}"/                    || exit 1
+
+
+echo "Step 12: Workspace to publish:"
+echo ""
+head -n 3  PREPENDED_README.md
+echo ""
+ls ./wolfssl -al
+echo ""
+
+# Optionally install to a separate directory.
+# Note we should have exited above if a problem was encountered,
+# as we'll never want to install a bad library.
+if [ "$THIS_OPERATION" = "INSTALL" ]; then
+    if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
+        echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
+        cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+    else
+        echo "Config:"
+        echo "cp ../../examples/configs/user_settings_arduino.h  ".${ROOT_SRC_DIR}"/user_settings.h"
+        # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
+        grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
+
+        # Show the user_settings.h revision string:
+        grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
+        echo ""
+
+        echo "Install:"
+        echo "mv .$ROOT_DIR $ARDUINO_ROOT"
+        mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
+
+        echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
+    fi
+fi
+
+echo "Done!"
--- a/cyassl/ctaocrypt/md2.h
+++ b/cyassl/ctaocrypt/md2.h
@ -1,6 +1,6 @@
-/* md2.h
+/* wolfssl.h
 *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -19,25 +19,21 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

+/* Edit with caution. This is an Arduino-library specific header for wolfSSL */

-
-/* check for old macro */
-#if !defined(CYASSL_MD2) && defined(WOLFSSL_MD2)
-    #define CYASSL_MD2
+#ifndef WOLFSSL_USER_SETTINGS
+    #define WOLFSSL_USER_SETTINGS
 #endif

-#ifdef CYASSL_MD2
+#include <Arduino.h>

-#ifndef CTAO_CRYPT_MD2_H
-#define CTAO_CRYPT_MD2_H
-
-#include <wolfssl/wolfcrypt/md2.h>
-
-#define InitMd2   wc_InitMd2
-#define Md2Update wc_Md2Update
-#define Md2Final  wc_Md2Final
-#define Md2Hash   wc_Md2Hash
-
-#endif /* CTAO_CRYPT_MD2_H */
-#endif /* CYASSL_MD2 */
+/* wolfSSL user_settings.h must be included from settings.h */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>

+int wolfSSL_Arduino_Serial_Print(const char *const s)
+{
+    /* See wolfssl/wolfcrypt/logging.c */
+    Serial.println(F(s));
+    return 0;
+};
--- a/IDE/AURIX/Cpu0_Main.c
+++ b/IDE/AURIX/Cpu0_Main.c
@ -0,0 +1,153 @@
+/* Cpu0_Main.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Infineon includes */
+#include "Ifx_Types.h"
+#include "IfxCpu.h"
+#include "IfxScuWdt.h"
+#include "IfxAsclin_Asc.h"
+#include "IfxCpu_Irq.h"
+#include "IfxPort.h"
+#include "SysSe/Bsp/Bsp.h"
+
+/* For mapping stdio printf */
+#include <stdio.h>
+#include <string.h>
+
+/* used to wait for CPU sync event */
+IFX_ALIGN(4) IfxCpu_syncEvent g_cpuSyncEvent = 0;
+
+#define SERIAL_BAUDRATE         115200  /* Baud rate in bit/s */
+#define SERIAL_PIN_RX           IfxAsclin0_RXA_P14_1_IN /* RX pin of the board */
+#define SERIAL_PIN_TX           IfxAsclin0_TX_P14_0_OUT /* TX pin of the board */
+#define INTPRIO_ASCLIN0_TX      19  /* Priority of the ISR */
+#define ASC_TX_BUFFER_SIZE      128 /* Definition of the buffer size */
+
+/* Declaration of the ASC handle */
+static IfxAsclin_Asc g_asc;
+
+/* Declaration of the FIFOs parameters:
+ * The transfer buffers allocate memory for the data itself and for FIFO runtime
+ * variables. 8 more bytes have to be added to ensure a proper circular buffer
+ * handling independent from the address to which the buffers have been located.
+ */
+static uint8 g_ascTxBuffer[ASC_TX_BUFFER_SIZE + sizeof(Ifx_Fifo) + 8];
+
+/******************************************************************************/
+/*----Function Implementations------------------------------------------------*/
+/******************************************************************************/
+
+/* Re-target the C library printf function to the asc lin. */
+int fputc(int ch, FILE *f)
+{
+    Ifx_SizeT count;
+    /* convert to CRLF */
+    if (ch == (int)'\n') {
+        int chcr = (int)'\r';
+        count = 1;
+        IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);    
+    }
+    count = 1;
+    IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);
+    return ch;
+}
+
+/* Add the Interrupt Service Routine */
+IFX_INTERRUPT(asclin0_Tx_ISR, 0, INTPRIO_ASCLIN0_TX);
+void asclin0_Tx_ISR(void)
+{
+    IfxAsclin_Asc_isrTransmit(&g_asc);
+}
+
+static void init_UART(void)
+{
+    IfxAsclin_Asc_Config ascConfig;
+
+    IfxCpu_Irq_installInterruptHandler(asclin0_Tx_ISR, INTPRIO_ASCLIN0_TX);
+
+    /* Port pins configuration */
+    const IfxAsclin_Asc_Pins pins = {
+        NULL_PTR,         IfxPort_InputMode_pullUp,     /* CTS pin not used   */
+        &SERIAL_PIN_RX,   IfxPort_InputMode_pullUp,     /* RX pin             */
+        NULL_PTR,         IfxPort_OutputMode_pushPull,  /* RTS pin not used   */
+        &SERIAL_PIN_TX,   IfxPort_OutputMode_pushPull,  /* TX pin             */
+        IfxPort_PadDriver_cmosAutomotiveSpeed1
+    };
+
+    /* Initialize an instance of IfxAsclin_Asc_Config with default values */
+    IfxAsclin_Asc_initModuleConfig(&ascConfig, SERIAL_PIN_TX.module);
+
+    /* Set the desired baud rate */
+    ascConfig.baudrate.baudrate = SERIAL_BAUDRATE;
+
+    /* ISR priorities and interrupt target */
+    ascConfig.interrupt.txPriority = INTPRIO_ASCLIN0_TX;
+    ascConfig.interrupt.typeOfService = IfxCpu_Irq_getTos(IfxCpu_getCoreIndex());
+
+    /* FIFO configuration */
+    ascConfig.txBuffer = &g_ascTxBuffer;
+    ascConfig.txBufferSize = ASC_TX_BUFFER_SIZE;
+
+    ascConfig.pins = &pins;
+
+    /* Initialize module with above parameters  */
+    IfxAsclin_Asc_initModule(&g_asc, &ascConfig);
+
+    /* Turn off buffers, so I/O occurs immediately */
+    setvbuf(stdin, NULL, _IONBF, 0);
+    setvbuf(stdout, NULL, _IONBF, 0);
+    setvbuf(stderr, NULL, _IONBF, 0);
+}
+
+int send_UART(const char* str)
+{
+    Ifx_SizeT count = (Ifx_SizeT)strlen(str);
+    IfxAsclin_Asc_write(&g_asc, str, &count, TIME_INFINITE);
+    return (int)count;
+}
+
+void core0_main(void)
+{
+    IfxCpu_enableInterrupts();
+
+    /* !!WATCHDOG0 AND SAFETY WATCHDOG ARE DISABLED HERE!!
+     * Enable the watchdogs and service them periodically if it is required
+     */
+    IfxScuWdt_disableCpuWatchdog(IfxScuWdt_getCpuWatchdogPassword());
+    IfxScuWdt_disableSafetyWatchdog(IfxScuWdt_getSafetyWatchdogPassword());
+
+    /* Wait for CPU sync event */
+    IfxCpu_emitEvent(&g_cpuSyncEvent);
+    IfxCpu_waitEvent(&g_cpuSyncEvent, 1);
+
+    /* Initialize the UART to board VCOM */
+    init_UART();
+
+    /* bare metal loop */
+    while(1)
+    {
+        extern void run_wolf_tests(void);
+        run_wolf_tests();
+
+        /* wait 5 seconds */
+        waitTime(IfxStm_getTicksFromMilliseconds(BSP_DEFAULT_TIMER, 5 * 1000));
+    } /* while */
+}
--- a/IDE/AURIX/README.md
+++ b/IDE/AURIX/README.md
@ -0,0 +1,114 @@
+# Infineon AURIX Development Studio
+
+An Eclipse based IDE for developing software for the Infineon TriCore AURIX TX3XX.
+
+Tested Platform:
+* Infineon AURIX™ Development Studio 1.7.2 (Build 20220617-0730)
+* Infineon TriBoard TC399 v2.0
+* wolfSSL v5.4.0 (with PR 5419)
+
+## Running wolfCrypt on TriCore
+
+1) Add the wolfSSL source and headers to `Libraries/wolfssl`. 
+  - Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
+  - See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
+2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.
+3) Add `Libraries/wolfssl` to the include path. C/C++ General -> Paths and Symbols -> Includes -> GNU C
+4) Add ignores for the following warnings. Unused static function (553) and switch missing break (536). C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Diagnostics
+5) Copy `Cpu0_Main.c`, `user_settings.h` and `wolf_main.c` into the project folder.
+6) Increase the stack by modifying `Lcf_Tasking_Tricore_Tc.lsl` to adjusting the USTACK0-4 (`LCF_USTACK#_SIZE`) from 2k to 12k.
+6) Build and run/debug.
+
+### Example output from wolfCrypt test and benchmark
+
+Benchmark Configuration:
+* TriCore (TC1.6.2P) 32-bit super-scalar running at 300MHz:
+* Release build: `-O2`
+* SP Math SMALL: sp_c32.c for RSA/ECC/DH
+* AES GCM SMALL
+
+```
+Running wolfCrypt Tests...
+------------------------------------------------------------------------------
+ wolfSSL version 5.4.0
+------------------------------------------------------------------------------
+error    test passed!
+MEMORY   test passed!
+base64   test passed!
+asn      test passed!
+RANDOM   test passed!
+SHA      test passed!
+SHA-256  test passed!
+Hash     test passed!
+HMAC-SHA test passed!
+HMAC-SHA256 test passed!
+HMAC-KDF    test passed!
+TLSv1.3 KDF test passed!
+GMAC     test passed!
+Chacha   test passed!
+POLY1305 test passed!
+ChaCha20-Poly1305 AEAD test passed!
+AES      test passed!
+AES192   test passed!
+AES256   test passed!
+AES-GCM  test passed!
+RSA      test passed!
+ECC      test passed!
+ECC buffer test passed!
+CMAC     test passed!
+logging  test passed!
+time test passed!
+mutex    test passed!
+memcb    test passed!
+Test complete
+Crypt Test: Return code 0
+Running wolfCrypt Benchmarks...
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                725 KB took 1.023 seconds,  708.703 KB/s
+AES-128-CBC-enc      2 MB took 1.002 seconds,    2.071 MB/s
+AES-128-CBC-dec      2 MB took 1.005 seconds,    2.065 MB/s
+AES-192-CBC-enc      2 MB took 1.002 seconds,    1.779 MB/s
+AES-192-CBC-dec      2 MB took 1.013 seconds,    1.783 MB/s
+AES-256-CBC-enc      2 MB took 1.003 seconds,    1.558 MB/s
+AES-256-CBC-dec      2 MB took 1.009 seconds,    1.573 MB/s
+AES-128-GCM-enc    225 KB took 1.013 seconds,  222.112 KB/s
+AES-128-GCM-dec    225 KB took 1.014 seconds,  221.892 KB/s
+AES-192-GCM-enc    225 KB took 1.046 seconds,  215.107 KB/s
+AES-192-GCM-dec    225 KB took 1.046 seconds,  215.104 KB/s
+AES-256-GCM-enc    225 KB took 1.070 seconds,  210.279 KB/s
+AES-256-GCM-dec    225 KB took 1.069 seconds,  210.477 KB/s
+GMAC Small         251 KB took 1.000 seconds,  251.000 KB/s
+AES-128-ECB-enc      2 MB took 1.000 seconds,    2.000 MB/s
+AES-128-ECB-dec      2 MB took 1.000 seconds,    2.049 MB/s
+AES-192-ECB-enc      2 MB took 1.000 seconds,    1.727 MB/s
+AES-192-ECB-dec      2 MB took 1.000 seconds,    1.772 MB/s
+AES-256-ECB-enc      2 MB took 1.000 seconds,    1.518 MB/s
+AES-256-ECB-dec      2 MB took 1.000 seconds,    1.563 MB/s
+CHACHA               3 MB took 1.007 seconds,    3.322 MB/s
+CHA-POLY             2 MB took 1.011 seconds,    2.028 MB/s
+POLY1305             6 MB took 1.003 seconds,    6.012 MB/s
+SHA                  3 MB took 1.004 seconds,    3.380 MB/s
+SHA-256              2 MB took 1.003 seconds,    1.558 MB/s
+AES-128-CMAC         2 MB took 1.010 seconds,    2.055 MB/s
+AES-256-CMAC         2 MB took 1.010 seconds,    1.547 MB/s
+HMAC-SHA             3 MB took 1.004 seconds,    3.356 MB/s
+HMAC-SHA256          2 MB took 1.010 seconds,    1.547 MB/s
+RSA     2048 public         50 ops took 1.020 sec, avg 20.400 ms, 49.019 ops/sec
+RSA     2048 private         2 ops took 2.377 sec, avg 1188.492 ms, 0.841 ops/sec
+ECC   [      SECP256R1]   256 key gen        16 ops took 1.061 sec, avg 66.313 ms, 15.080 ops/sec
+ECDHE [      SECP256R1]   256 agree          16 ops took 1.059 sec, avg 66.187 ms, 15.109 ops/sec
+ECDSA [      SECP256R1]   256 sign           14 ops took 1.058 sec, avg 75.570 ms, 13.233 ops/sec
+ECDSA [      SECP256R1]   256 verify          8 ops took 1.080 sec, avg 135.002 ms, 7.407 ops/sec
+Benchmark complete
+Benchmark Test: Return code 0
+```
+
+
+## Running wolfCrypt on the HSM (Cortex M3)
+
+Coming soon
+
+
+## Support
+
+For questions please email facts@wolfssl.com
--- a/IDE/AURIX/include.am
+++ b/IDE/AURIX/include.am
@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/AURIX/Cpu0_Main.c
+EXTRA_DIST+= IDE/AURIX/README.md
+EXTRA_DIST+= IDE/AURIX/user_settings.h
+EXTRA_DIST+= IDE/AURIX/wolf_main.c
--- a/IDE/OPENSTM32/Inc/user_settings.h
+++ b/IDE/OPENSTM32/Inc/user_settings.h
@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -19,7 +19,11 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

-/* Example wolfSSL user settings for STM32F4 with CubeMX */
+/* Template for the Infineon AURIX Development Studio and TC3XX
+ * Example wolfSSL user settings with #if 0/1 gates to enable/disable algorithms and features.
+ * This file is included with wolfssl/wolfcrypt/settings.h when WOLFSSL_USER_SETTINGS is defined.
+
+ */

 #ifndef WOLFSSL_USER_SETTINGS_H
 #define WOLFSSL_USER_SETTINGS_H
@ -31,73 +35,91 @@ extern "C" {
 /* ------------------------------------------------------------------------- */
 /* Platform */
 /* ------------------------------------------------------------------------- */
-#undef  WOLFSSL_GENERAL_ALIGNMENT
-#define WOLFSSL_GENERAL_ALIGNMENT   4
+/* Alignment and sizeof 64-bit */
+#define WOLFSSL_GENERAL_ALIGNMENT 4
+#define SIZEOF_LONG_LONG 8

-#undef  SINGLE_THREADED
-//#define SINGLE_THREADED
+/* disable threading - mutex locking */
+#define SINGLE_THREADED

-#undef  WOLFSSL_SMALL_STACK
-#define WOLFSSL_SMALL_STACK
+/* ignore file include warnings */
+#define WOLFSSL_IGNORE_FILE_WARN

-#undef  WOLFSSL_STM32F4
-#define WOLFSSL_STM32F4
-
-#undef  WOLFSSL_STM32_CUBEMX
-#define WOLFSSL_STM32_CUBEMX
-
-#undef  FREERTOS
-#define FREERTOS
-
-#undef  WOLFSSL_USER_IO
+/* disable the built-in socket support and use the IO callbacks.
+ * Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
+ */
 #define WOLFSSL_USER_IO

-#undef  WOLFSSL_NO_SOCK
-#define WOLFSSL_NO_SOCK
+/* Disable file system */
+#define NO_FILESYSTEM


 /* ------------------------------------------------------------------------- */
-/* HW Crypto Acceleration */
+/* Port */
 /* ------------------------------------------------------------------------- */
-// See settings.h STM32F4 section
-/* Optionally Disable Hardware Hashing Support */
-//#define NO_STM32_HASH
-//#define NO_STM32_RNG
-//#define NO_STM32_CRYPTO
+
+/* Override Current Time */
+/* Allows custom "custom_time()" function to be used for benchmark */
+#define WOLFSSL_USER_CURRTIME
+#define WOLFSSL_GMTIME
+#define USER_TICKS
+extern unsigned long my_time(unsigned long* timer);
+#define XTIME my_time
+
+/* Use built-in P-RNG (SHA256 based) with HW RNG */
+#undef  HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+/* Custom Seed Source */
+#define CUSTOM_RAND_TYPE      unsigned int
+extern unsigned int my_rng_seed_gen(void);
+#undef  CUSTOM_RAND_GENERATE
+#define CUSTOM_RAND_GENERATE  my_rng_seed_gen
+
+/* Standard Lib - C89 */
+#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))


 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
-#undef  USE_FAST_MATH
-#define USE_FAST_MATH
-
-#ifdef USE_FAST_MATH
-    #undef  TFM_TIMING_RESISTANT
-    #define TFM_TIMING_RESISTANT
-
-    #undef  TFM_NO_ASM
-    //#define TFM_NO_ASM
-
-    /* Optimizations (TFM_ARM, TFM_ASM or none) */
-    //#define TFM_ASM
-#endif
-
-/* Wolf Single Precision Math */
+#undef USE_FAST_MATH
 #undef WOLFSSL_SP
-#if 0
-    #define WOLFSSL_SP
-    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+#if 1
+    /* Wolf Single Precision Math */
    #define WOLFSSL_HAVE_SP_RSA
    //#define WOLFSSL_HAVE_SP_DH
    #define WOLFSSL_HAVE_SP_ECC
-    #define WOLFSSL_SP_CACHE_RESISTANT
-    #define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
+    #define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
+    #define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */

-    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
+    #define WOLFSSL_SP_MATH     /* only SP math - disables integer.c/tfm.c */
+    //#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
+
+    #define WOLFSSL_SP_NO_MALLOC
+    //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
+
+    /* use smaller version of code */
+    #define WOLFSSL_SP_SMALL
+
+    /* SP Assembly Speedups - specific to chip type */
+    //#define WOLFSSL_SP_ASM
+    //#define WOLFSSL_SP_ARM32_ASM
+    //#define WOLFSSL_SP_ARM64_ASM
+    //#define WOLFSSL_SP_ARM_THUMB_ASM
    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
 #endif

+#ifndef WOLFSSL_SP_MATH
+    #if 0
+        /* fast math (tfmc.) (stack based and timing resistant) */
+        #define USE_FAST_MATH
+        #define TFM_TIMING_RESISTANT
+    #else
+        /* normal heap based integer.c (not timing resistant) */
+        #define USE_INTEGER_HEAP_MATH
+    #endif
+#endif

 /* ------------------------------------------------------------------------- */
 /* Crypto */
@ -107,115 +129,112 @@ extern "C" {
 #if 1
    #ifdef USE_FAST_MATH
        /* Maximum math bits (Max RSA key bits * 2) */
-        #undef  FP_MAX_BITS
-        #define FP_MAX_BITS     4096
+        #define FP_MAX_BITS 4096
    #endif

    /* half as much memory but twice as slow */
-    #undef  RSA_LOW_MEM
    //#define RSA_LOW_MEM

    /* Enables blinding mode, to prevent timing attacks */
-    #undef  WC_RSA_BLINDING
    #define WC_RSA_BLINDING

-    /* RSA PSS Support (required for TLS v1.3)*/
-    #if 0
-        #define WC_RSA_PSS
-    #endif
+    /* RSA PSS Support */
+    #define WC_RSA_PSS
 #else
    #define NO_RSA
 #endif

-/* ECC */
-#if 1
-    #undef  HAVE_ECC
-    #define HAVE_ECC
-
-    /* Manually define enabled curves */
-    #undef  ECC_USER_CURVES
-    #define ECC_USER_CURVES
-
-    //#define HAVE_ECC192
-    //#define HAVE_ECC224
-    #undef NO_ECC256
-    //#define HAVE_ECC384
-    //#define HAVE_ECC521
-
-    /* Fixed point cache (speeds repeated operations against same private key) */
-    #undef  FP_ECC
-    //#define FP_ECC
-    #ifdef FP_ECC
-        /* Bits / Entries */
-        #undef  FP_ENTRIES
-        #define FP_ENTRIES  2
-        #undef  FP_LUT
-        #define FP_LUT      4
-    #endif
-
-    /* Optional ECC calculation method */
-    /* Note: doubles heap usage, but slightly faster */
-    #undef  ECC_SHAMIR
-    #define ECC_SHAMIR
-
-    /* Reduces heap usage, but slower */
-    #undef  ECC_TIMING_RESISTANT
-    #define ECC_TIMING_RESISTANT
-
-    #ifdef USE_FAST_MATH
-        #ifdef NO_RSA
-            /* Custom fastmath size if not using RSA */
-            /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
-            #undef  FP_MAX_BITS
-            #define FP_MAX_BITS     (256 + 32)
-        #else
-            #undef  ALT_ECC_SIZE
-            #define ALT_ECC_SIZE
-        #endif
-
-        /* Enable TFM optimizations for ECC */
-        //#define TFM_ECC192
-        //#define TFM_ECC224
-        #define TFM_ECC256
-        //#define TFM_ECC384
-        //#define TFM_ECC521
-    #endif
-#endif
-
 /* DH */
 #undef  NO_DH
 #if 0
-    #define HAVE_DH /* freeRTOS settings.h requires this */
+    /* Use table for DH instead of -lm (math) lib dependency */
+    #if 1
+        #define WOLFSSL_DH_CONST
+        #define HAVE_FFDHE_2048
+        //#define HAVE_FFDHE_4096
+        //#define HAVE_FFDHE_6144
+        //#define HAVE_FFDHE_8192
+    #endif
 #else
-    //#define NO_DH
+    #define NO_DH
 #endif

+/* ECC */
+#undef HAVE_ECC
+#if 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #define ECC_USER_CURVES
+
+    #ifdef ECC_USER_CURVES
+        /* Manual Curve Selection */
+        //#define HAVE_ECC192
+        //#define HAVE_ECC224
+        #undef NO_ECC256
+        #define HAVE_ECC384
+        //#define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #define FP_ENTRIES  2
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #define ECC_TIMING_RESISTANT
+
+    /* Compressed ECC Key Support */
+    //#define HAVE_COMP_KEY
+
+    /* Use alternate ECC size for ECC math */
+    #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        #if defined(NO_RSA) && defined(NO_DH)
+            /* Custom fastmath size if not using RSA/DH */
+            #define FP_MAX_BITS     (256 * 2)
+        #else
+            /* use heap allocation for ECC points */
+            #define ALT_ECC_SIZE
+
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
+            //#define FP_MAX_BITS_ECC (256 * 2)
+        #endif
+
+        /* Speedups specific to curve */
+        #ifndef NO_ECC256
+            #define TFM_ECC256
+        #endif
+    #endif
+#endif
+
+
 /* AES */
 #undef NO_AES
 #if 1
-    #undef  HAVE_AESGCM
-    #define HAVE_AESGCM
+    #define HAVE_AES_CBC

-	/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
-    #undef  GCM_SMALL
+    /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    #define HAVE_AESGCM
    #define GCM_SMALL

-	#undef  WOLFSSL_AES_COUNTER
-	#define WOLFSSL_AES_COUNTER
-
-	#undef  WOLFSSL_AES_DIRECT
-	#define WOLFSSL_AES_DIRECT
-
-	#undef  HAVE_AES_ECB
-	#define HAVE_AES_ECB
+    #define WOLFSSL_AES_DIRECT
+    #define HAVE_AES_ECB
 #else
    #define NO_AES
 #endif

-/* DES */
-#undef  NO_DES3
-#if 1

+/* DES3 */
+#undef NO_DES3
+#if 0
 #else
    #define NO_DES3
 #endif
@ -228,7 +247,6 @@ extern "C" {
    #define HAVE_POLY1305

    /* Needed for Poly1305 */
-    #undef  HAVE_ONE_TIME_AUTH
    #define HAVE_ONE_TIME_AUTH
 #endif

@ -237,10 +255,10 @@ extern "C" {
 #undef HAVE_ED25519
 #if 0
    #define HAVE_CURVE25519
-    #define HAVE_ED25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */

    /* Optionally use small math (less flash usage, but much slower) */
-    #if 0
+    #if 1
        #define CURVED25519_SMALL
    #endif
 #endif
@ -252,6 +270,7 @@ extern "C" {
 /* Sha */
 #undef NO_SHA
 #if 1
+    /* on by default */
    /* 1k smaller, but 25% slower */
    //#define USE_SLOW_SHA
 #else
@ -274,124 +293,128 @@ extern "C" {

 /* Sha512 */
 #undef WOLFSSL_SHA512
-#if 1
-    /* over twice as small, but 50% slower */
-    //#define USE_SLOW_SHA512
-
+#if 0
    #define WOLFSSL_SHA512
-    #define HAVE_SHA512 /* freeRTOS settings.h requires this */

    /* Sha384 */
    #undef  WOLFSSL_SHA384
-    #if 1
+    #if 0
        #define WOLFSSL_SHA384
    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+#endif
+
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if 0
+    #define WOLFSSL_SHA3
 #endif

 /* MD5 */
-#if 1
-	/* enabled */
+#undef NO_MD5
+#if 0
+    /* on by default */
 #else
    #define NO_MD5
 #endif

+/* HKDF */
+#undef HAVE_HKDF
+#if 1
+    #define HAVE_HKDF
+#endif
+
+/* CMAC */
+#undef WOLFSSL_CMAC
+#if 1
+    #define WOLFSSL_CMAC
+    /* Note: requires WOLFSSL_AES_DIRECT */
+#endif
+
+/* HMAC - on by default */
+#undef NO_HMAC
+#if 1
+    /* on by default */
+#else
+    #define NO_HMAC
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* ASN */
+/* ------------------------------------------------------------------------- */
+#if 0
+    /* Use the newer ASN template code */
+    #define WOLFSSL_ASN_TEMPLATE
+    //#define WOLFSSL_CUSTOM_OID
+    //#define HAVE_OID_ENCODING
+    //#define HAVE_OID_DECODING
+#else
+    /* Use the original custom ASN code */
+#endif
+/* Optionally disable time checking for ASN */
+//#define NO_ASN_TIME
+

 /* ------------------------------------------------------------------------- */
 /* Benchmark / Test */
 /* ------------------------------------------------------------------------- */
 /* Use reduced benchmark / test sizes */
-#undef  BENCH_EMBEDDED
 #define BENCH_EMBEDDED

-#undef  USE_CERT_BUFFERS_2048
-#define USE_CERT_BUFFERS_2048
-
-#undef  USE_CERT_BUFFERS_256
+/* Use test buffers from array (not filesystem) */
+#ifndef NO_FILESYSTEM
 #define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+#endif


 /* ------------------------------------------------------------------------- */
 /* Debugging */
 /* ------------------------------------------------------------------------- */
-#undef  DEBUG_WOLFSSL
-//#define DEBUG_WOLFSSL

-#ifdef DEBUG_WOLFSSL
-    /* Use this to measure / print heap usage */
-    #if 0
-        #undef  USE_WOLFSSL_MEMORY
-        #define USE_WOLFSSL_MEMORY
-
-        #undef  WOLFSSL_TRACK_MEMORY
-        #define WOLFSSL_TRACK_MEMORY
-
-		#define WOLFSSL_DEBUG_MEMORY
-		#define WOLFSSL_DEBUG_MEMORY_PRINT
-    #endif
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 0
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_LOG_PRINTF
 #else
-    #undef  NO_WOLFSSL_MEMORY
-    //#define NO_WOLFSSL_MEMORY
-
-    #undef  NO_ERROR_STRINGS
-    //#define NO_ERROR_STRINGS
+    #if 0
+        #define NO_ERROR_STRINGS
+    #endif
 #endif


 /* ------------------------------------------------------------------------- */
-/* Port */
+/* Memory */
 /* ------------------------------------------------------------------------- */
+#if 0
+    /* Static memory requires fast math or SP math with no malloc */
+    #define WOLFSSL_STATIC_MEMORY

-/* Override Current Time */
-/* Allows custom "custom_time()" function to be used for benchmark */
-#define WOLFSSL_USER_CURRTIME
-
-
-/* ------------------------------------------------------------------------- */
-/* RNG */
-/* ------------------------------------------------------------------------- */
-/* Size of returned HW RNG value */
-#define NO_OLD_RNGNAME
-
-/* Choose RNG method */
-#if 1
-	#ifndef STM32_RNG
-		#define WOLFSSL_GENSEED_FORTEST
-	#endif
-
-    /* Use built-in P-RNG (SHA256 based) with HW RNG */
-    /* P-RNG + HW RNG (P-RNG is ~8K) */
-    #undef  HAVE_HASHDRBG
-    #define HAVE_HASHDRBG
-#else
-    /* Bypass P-RNG and use only HW RNG */
-    extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
-    #undef  CUSTOM_RAND_GENERATE_BLOCK
-    #define CUSTOM_RAND_GENERATE_BLOCK  custom_rand_generate_block
+    /* Disable fallback malloc/free */
+    #define WOLFSSL_NO_MALLOC
+    #if 1
+        #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
+    #endif
 #endif


 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
-#undef WOLFSSL_TLS13
-#if 0
-    #define WOLFSSL_TLS13
-#endif

-#undef  KEEP_PEER_CERT
-//#define KEEP_PEER_CERT
-
-#undef  HAVE_COMP_KEY
-//#define HAVE_COMP_KEY
-
-#undef  HAVE_TLS_EXTENSIONS
+#define WOLFSSL_TLS13
+#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
 #define HAVE_TLS_EXTENSIONS
-
-#undef  HAVE_SUPPORTED_CURVES
 #define HAVE_SUPPORTED_CURVES
+#define WOLFSSL_BASE64_ENCODE

-#undef  WOLFSSL_BASE64_ENCODE
-//#define WOLFSSL_BASE64_ENCODE
+//#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
+//#define KEEP_PEER_CERT
+//#define HAVE_COMP_KEY

 /* TLS Session Cache */
 #if 0
@ -404,67 +427,31 @@ extern "C" {
 /* ------------------------------------------------------------------------- */
 /* Disable Features */
 /* ------------------------------------------------------------------------- */
-#undef  NO_WOLFSSL_SERVER
 //#define NO_WOLFSSL_SERVER
-
-#undef  NO_WOLFSSL_CLIENT
 //#define NO_WOLFSSL_CLIENT
-
-#undef  NO_CRYPT_TEST
 //#define NO_CRYPT_TEST
-
-#undef  NO_CRYPT_BENCHMARK
 //#define NO_CRYPT_BENCHMARK
+//#define WOLFCRYPT_ONLY

 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
 /* Slower, but about 1k smaller */
-#undef  NO_INLINE
 //#define NO_INLINE

-#undef  NO_FILESYSTEM
-#define NO_FILESYSTEM
-
-#undef  NO_WRITEV
 #define NO_WRITEV
-
-#undef  NO_MAIN_DRIVER
 #define NO_MAIN_DRIVER
+//#define NO_DEV_RANDOM

-#undef  NO_DEV_RANDOM
-#define NO_DEV_RANDOM
-
-#undef  NO_DSA
-#define NO_DSA
-
-#undef  NO_RC4
-#define NO_RC4
-
-#undef  NO_OLD_TLS
 #define NO_OLD_TLS
-
-#undef  NO_HC128
-#define NO_HC128
-
-#undef  NO_RABBIT
-#define NO_RABBIT
-
-#undef  NO_PSK
 #define NO_PSK

-#undef  NO_MD4
+#define NO_DSA
+#define NO_RC4
 #define NO_MD4
-
-#undef  NO_PWDBASED
 #define NO_PWDBASED
-
-#undef  NO_CODING
 //#define NO_CODING
-
-/* bypass certificate date checking, due to lack of properly configured RTC source */
-#undef  NO_ASN_TIME
-#define NO_ASN_TIME
-
+//#define NO_CERTS
+//#define NO_SIG_WRAPPER

 #ifdef __cplusplus
 }
--- a/IDE/AURIX/wolf_main.c
+++ b/IDE/AURIX/wolf_main.c
@ -0,0 +1,150 @@
+/* wolf_main.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* wolfSSL includes */
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/random.h> /* for CUSTOM_RAND_TYPE */
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+
+/* Infineon Includes */
+#include "Ifx_Types.h"
+#include "IfxStm.h"
+
+extern int send_UART(const char* str);
+static void my_logging_cb(const int logLevel, const char *const logMessage)
+{
+    send_UART(logMessage);
+    send_UART("\r\n");
+    (void)logLevel; /* not used */
+}
+
+/* TIME CODE */
+/* Optionally you can define NO_ASN_TIME to disable all cert time checks */
+static int hw_get_time_sec(void)
+{
+    /* get time in seconds */
+    return IfxStm_get(&MODULE_STM0) / IfxStm_getFrequency(&MODULE_STM0);
+}
+
+/* This is used by wolfCrypt asn.c for cert time checking */
+unsigned long my_time(unsigned long* timer)
+{
+    (void)timer;
+    return hw_get_time_sec();
+}
+
+#ifndef WOLFCRYPT_ONLY
+/* This is used by TLS only */
+unsigned int LowResTimer(void)
+{
+    return hw_get_time_sec();
+}
+#endif
+
+#ifndef NO_CRYPT_BENCHMARK
+/* This is used by wolfCrypt benchmark tool only */
+double current_time(int reset)
+{
+    double timeNow;
+    uint64_t timeMs, ticks = IfxStm_get(&MODULE_STM0);
+    (void)reset;
+    timeMs = ticks / (IfxStm_getFrequency(&MODULE_STM0) / 1000);
+    timeNow = (timeMs / 1000); // sec
+    timeNow += (double)(timeMs % 1000) / 1000; // ms
+    return timeNow;
+}
+#endif
+
+/* RNG CODE */
+/* TODO: Implement real RNG */
+static unsigned int gCounter;
+unsigned int hw_rand(void)
+{
+    //#warning Must implement your own random source
+
+    return ++gCounter;
+}
+
+unsigned int my_rng_seed_gen(void)
+{
+    return hw_rand();
+}
+
+typedef struct func_args {
+    int    argc;
+    char** argv;
+    int    return_code;
+} func_args;
+
+void run_wolf_tests(void)
+{
+    func_args args;
+
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_ON();
+#endif
+    wolfSSL_SetLoggingCb(my_logging_cb);
+
+    /* initialize wolfSSL */
+#ifdef WOLFCRYPT_ONLY
+    wolfCrypt_Init();
+#else
+    wolfSSL_Init();
+#endif
+
+    memset(&args, 0, sizeof(args));
+    args.return_code = NOT_COMPILED_IN; /* default */
+
+    printf("Running wolfCrypt Tests...\n");
+#ifndef NO_CRYPT_TEST
+    args.return_code = 0;
+    wolfcrypt_test(&args);
+    printf("Crypt Test: Return code %d\n", args.return_code);
+#else
+    args.return_code = NOT_COMPILED_IN;
+#endif
+
+    printf("Running wolfCrypt Benchmarks...\n");
+#ifndef NO_CRYPT_BENCHMARK
+    args.return_code = 0;
+    benchmark_test(&args);
+#else
+    args.return_code = NOT_COMPILED_IN;
+#endif
+    printf("Benchmark Test: Return code %d\n", args.return_code);
+
+#ifdef WOLFCRYPT_ONLY
+    wolfCrypt_Cleanup();
+#else
+    wolfSSL_Cleanup();
+#endif
+}
--- a/IDE/Android/Android.bp
+++ b/IDE/Android/Android.bp
@ -0,0 +1,119 @@
+cc_library_shared {
+
+    name: "libwolfssl",
+
+    arch: {
+        arm: {
+            instruction_set: "arm",
+        },
+        arm64: {
+            cflags: ["-DARM64"],
+        },
+    },
+    compile_multilib: "both",
+    export_include_dirs: ["."],
+    shared_libs: ["liblog"],
+    cflags: [
+        "-DWOLFSSL_USER_SETTINGS",
+        "-Os",
+        "-fomit-frame-pointer",
+
+        /* If using WOLFSSL_ARMASM then add these cflags for ARM crypto extensions */
+        /* "-mcpu=cortex-a73+crypto", */
+        /* "-march=armv8-a", */
+        /* "-mstrict-align", */
+    ],
+    include_dirs: [
+        "external/wolfssl/wolfssl",
+        "external/wolfssl",
+    ],
+
+    srcs: [
+        "./src/crl.c",
+        "./src/internal.c",
+        "./src/keys.c",
+        "./src/ocsp.c",
+        "./src/sniffer.c",
+        "./src/ssl.c",
+        "./src/tls.c",
+        "./src/tls13.c",
+        "./src/wolfio.c",
+    ] + [
+        "./wolfcrypt/src/aes.c",
+        "./wolfcrypt/src/arc4.c",
+        "./wolfcrypt/src/asm.c",
+        "./wolfcrypt/src/asn.c",
+        "./wolfcrypt/src/blake2b.c",
+        "./wolfcrypt/src/blake2s.c",
+        "./wolfcrypt/src/camellia.c",
+        "./wolfcrypt/src/chacha.c",
+        "./wolfcrypt/src/chacha20_poly1305.c",
+        "./wolfcrypt/src/cmac.c",
+        "./wolfcrypt/src/coding.c",
+        "./wolfcrypt/src/compress.c",
+        "./wolfcrypt/src/cpuid.c",
+        "./wolfcrypt/src/cryptocb.c",
+        "./wolfcrypt/src/curve25519.c",
+        "./wolfcrypt/src/curve448.c",
+        "./wolfcrypt/src/des3.c",
+        "./wolfcrypt/src/dh.c",
+        "./wolfcrypt/src/dsa.c",
+        "./wolfcrypt/src/ecc.c",
+        "./wolfcrypt/src/ecc_fp.c",
+        "./wolfcrypt/src/ed25519.c",
+        "./wolfcrypt/src/ed448.c",
+        "./wolfcrypt/src/error.c",
+        "./wolfcrypt/src/fe_448.c",
+        "./wolfcrypt/src/fe_low_mem.c",
+        "./wolfcrypt/src/fe_operations.c",
+        "./wolfcrypt/src/fips.c",
+        "./wolfcrypt/src/fips_test.c",
+        "./wolfcrypt/src/ge_448.c",
+        "./wolfcrypt/src/ge_low_mem.c",
+        "./wolfcrypt/src/ge_operations.c",
+        "./wolfcrypt/src/hash.c",
+        "./wolfcrypt/src/kdf.c",
+        "./wolfcrypt/src/hmac.c",
+        "./wolfcrypt/src/integer.c",
+        "./wolfcrypt/src/kdf.c",
+        "./wolfcrypt/src/logging.c",
+        "./wolfcrypt/src/md2.c",
+        "./wolfcrypt/src/md4.c",
+        "./wolfcrypt/src/md5.c",
+        "./wolfcrypt/src/memory.c",
+        "./wolfcrypt/src/pkcs12.c",
+        "./wolfcrypt/src/pkcs7.c",
+        "./wolfcrypt/src/poly1305.c",
+        "./wolfcrypt/src/pwdbased.c",
+        "./wolfcrypt/src/random.c",
+        "./wolfcrypt/src/rc2.c",
+        "./wolfcrypt/src/ripemd.c",
+        "./wolfcrypt/src/rsa.c",
+        "./wolfcrypt/src/selftest.c",
+        "./wolfcrypt/src/sha256.c",
+        "./wolfcrypt/src/sha3.c",
+        "./wolfcrypt/src/sha512.c",
+        "./wolfcrypt/src/sha.c",
+        "./wolfcrypt/src/signature.c",
+        "./wolfcrypt/src/sp_arm32.c",
+        "./wolfcrypt/src/sp_arm64.c",
+        "./wolfcrypt/src/sp_armthumb.c",
+        "./wolfcrypt/src/sp_c32.c",
+        "./wolfcrypt/src/sp_c64.c",
+        "./wolfcrypt/src/sp_cortexm.c",
+        "./wolfcrypt/src/sp_dsp32.c",
+        "./wolfcrypt/src/sp_int.c",
+        "./wolfcrypt/src/sp_x86_64.c",
+        "./wolfcrypt/src/srp.c",
+        "./wolfcrypt/src/tfm.c",
+        "./wolfcrypt/src/wc_dsp.c",
+        "./wolfcrypt/src/wc_encrypt.c",
+        "./wolfcrypt/src/wc_pkcs11.c",
+        "./wolfcrypt/src/wc_port.c",
+        "./wolfcrypt/src/wolfcrypt_first.c",
+        "./wolfcrypt/src/wolfcrypt_last.c",
+        "./wolfcrypt/src/wolfevent.c",
+        "./wolfcrypt/src/wolfmath.c",
+    ],
+
+}
--- a/IDE/Android/README.md
+++ b/IDE/Android/README.md
@ -0,0 +1,37 @@
+# Android wolfSSL Support
+
+Tested on Android v8.1 with WPA Supplicant and KeyStore to replace BoringSSL.
+
+## Files
+
+* `Android.bp`: Template build system file for wolfSSL.
+* `user_settings.h`: Template build settings for wolfSSL
+
+## Installation
+
+1) Place the wolfSSL library into `./external/wolfssl`
+2) Copy `Android.bp` into `./external/wolfssl`
+3) Copy `user_settings.h` into `./external/wolfssl`
+4) Add `PRODUCT_PACKAGES += libwolfssl` to your device .mk.
+
+## Typical Android build instruction
+
+```sh
+source build/envsetup.sh
+lunch [num]
+mm -j8
+```
+
+## Using wolfSSL in your Application
+
+In your `Android.mk` build file for your application add the following:
+
+```makefile
+# Crypto Provider - wolfSSL
+LOCAL_CFLAGS += -DWOLFSSL_USER_SETTINGS -Iexternal/wolfssl -Iexternal/wolfssl/wolfssl
+LOCAL_SHARED_LIBRARIES += libwolfssl
+```
+
+## Support
+
+For questions please email support@wolfssl.com
--- a/IDE/Android/include.am
+++ b/IDE/Android/include.am
@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/Android/Android.bp \
+    IDE/Android/README.md \
+    IDE/Android/user_settings.h
--- a/IDE/Android/user_settings.h
+++ b/IDE/Android/user_settings.h
@ -0,0 +1,138 @@
+/* Custom build settings for Android */
+
+#ifndef _WOLF_USER_SETTINGS_H_
+#define _WOLF_USER_SETTINGS_H_
+
+#if 0
+    #define HAVE_FIPS_VERSION 2
+    #define HAVE_FIPS
+#endif
+
+#ifdef __aarch64__
+    #if !defined(__clang__) || \
+        (defined(__clang__) && defined(__clang_major__) && __clang_major__ >= 5)
+        /* older clang v4 has issue with inline assembly constraints */
+        #define WOLFSSL_ARMASM
+    #endif
+#endif
+
+#if 1 /* SP Assembly Speedups (wPAA) */
+    #define WOLFSSL_SP
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_DH
+    #define WOLFSSL_HAVE_SP_ECC
+    #ifdef WOLFSSL_ARMASM
+        #define WOLFSSL_SP_ARM64_ASM
+    #endif
+#endif
+
+/* WPA Supplicant Support */
+#define WOLFSSL_WPAS_SMALL
+#define OPENSSL_ALL
+#define HAVE_THREAD_LS
+
+#define USE_FAST_MATH
+#define FP_MAX_BITS (4096*2) /* Maximum math bits (Max RSA key bits * 2) */
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+#define HAVE_HASHDRBG
+
+#if 1
+    #define WOLFSSL_TLS13
+#endif
+#define WC_RSA_PSS
+#define HAVE_SESSION_TICKET
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_EXTENDED_MASTER
+#define HAVE_ENCRYPT_THEN_MAC
+#define WOLFSSL_ENCRYPTED_KEYS
+#define HAVE_KEYING_MATERIAL
+#define NO_OLD_TLS
+#define NO_CHECK_PRIVATE_KEY
+
+/* enable PK callback support for signing operations to key store */
+#define HAVE_PK_CALLBACKS
+/* crypto callback support is not in FIPS 3389 */
+#ifndef HAVE_FIPS
+    #define WOLF_CRYPTO_CB
+#endif
+
+#define KEEP_OUR_CERT
+#define KEEP_PEER_CERT
+#define WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_KEEP_SNI
+#define HAVE_EX_DATA
+#define HAVE_EXT_CACHE
+#define WOLFSSL_EITHER_SIDE
+#define WOLFSSL_PUBLIC_MP
+#define WOLFSSL_DER_LOAD
+
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_REQ
+
+#define WOLFSSL_KEY_GEN
+#define WC_RSA_NO_PADDING
+
+#define WOLFSSL_DH_CONST
+#define HAVE_FFDHE_2048
+#define HAVE_FFDHE_3072
+#define HAVE_FFDHE_4096
+#define HAVE_DH_DEFAULT_PARAMS
+#ifdef HAVE_FIPS
+    #define WOLFSSL_VALIDATE_FFC_IMPORT
+    #define HAVE_FFDHE_Q
+#endif
+
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA384
+#define WOLFSSL_NOSHA512_256
+#define WOLFSSL_NOSHA512_224
+#define WOLFSSL_SHA3
+
+#define HAVE_HKDF
+#define HAVE_PKCS8
+
+#define HAVE_ECC
+#define TFM_ECC256
+#define ECC_SHAMIR
+#define HAVE_COMP_KEY
+#ifdef HAVE_FIPS
+    #define HAVE_ECC_CDH
+    #define WOLFSSL_VALIDATE_ECC_IMPORT
+#endif
+#ifdef __i386
+    #define TFM_NO_ASM
+#endif
+
+#define HAVE_AESGCM
+#define HAVE_AESCCM
+#define WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_COUNTER
+#define HAVE_AES_ECB
+#define WOLFSSL_CMAC
+
+#define WOLFSSL_BASE64_ENCODE
+#define HAVE_CRL
+
+#define NO_DSA
+#define NO_RC4
+#define NO_PSK
+#define WOLFSSL_NO_SHAKE256
+#define NO_MD4
+#define NO_OLD_MD5_NAME
+#define NO_OLD_SHA_NAMES
+#define NO_OLD_SHA256_NAMES
+#define NO_OLD_WC_NAMES
+
+#if 0
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_ANDROID_DEBUG
+#endif
+
+#endif /* _WOLF_USER_SETTINGS_H_ */
--- a/IDE/CRYPTOCELL/README.md
+++ b/IDE/CRYPTOCELL/README.md
@ -22,13 +22,15 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s
 - SHA-256
 - AES CBC
 - CryptoCell 310 RNG
- RSA sign/verify and RSA key gen
+- RSA sign/verify and RSA key gen (2048 bit in PKCSv1.5 padding mode)
 - RSA encrypt/decrypt
 - ECC sign/verify/shared secret
 - ECC key import/export and key gen pairs
 - Hardware RNG
 - RTC for benchmark timing source

+Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet.
+
 ## Setup
 ### Setting up Nordic SDK with wolfSSL
 1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source.
--- a/IDE/CRYPTOCELL/main.c
+++ b/IDE/CRYPTOCELL/main.c
@ -1,6 +1,6 @@
 /* main.c
 *
- * Copyright (C) 2019 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -18,6 +18,8 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
+
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfcrypt/test/test.h>
 #include <wolfcrypt/benchmark/benchmark.h>
@ -25,7 +27,7 @@
 /* wolfCrypt_Init/wolfCrypt_Cleanup to turn CryptoCell hardware on/off */
 #include <wolfssl/wolfcrypt/wc_port.h>

-/* SEGGER_RTT_Init, you can potential replace it with other serial terminal */
+/* SEGGER_RTT_Init, you can potentially replace it with other serial terminal */
 #include "SEGGER_RTT.h"

 int main(void)
--- a/IDE/CRYPTOCELL/user_settings.h
+++ b/IDE/CRYPTOCELL/user_settings.h
@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2019 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -41,6 +41,7 @@ extern "C" {
 #endif

 #if defined(WOLFSSL_CRYPTOCELL)
+    /* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */
    #define AES_MAX_KEY_SIZE    128
 #endif /* WOLFSSL_CRYPTOCELL*/

@ -87,7 +88,6 @@ extern "C" {
    #define WOLFSSL_HAVE_SP_RSA
    #define WOLFSSL_HAVE_SP_DH
    #define WOLFSSL_HAVE_SP_ECC
-    #define WOLFSSL_SP_CACHE_RESISTANT
    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */

    /* Assembly */
@ -137,6 +137,9 @@ extern "C" {
 #if 1
    #define HAVE_ECC

+    #include <strings.h>
+    /* strings.h required for strncasecmp */
+
    /* Manually define enabled curves */
    #undef  ECC_USER_CURVES
    #define ECC_USER_CURVES
@ -554,12 +557,6 @@ extern "C" {
 #undef  NO_OLD_TLS
 #define NO_OLD_TLS

-#undef  NO_HC128
-#define NO_HC128
-
-#undef  NO_RABBIT
-#define NO_RABBIT
-
 #undef  NO_PSK
 #define NO_PSK

--- a/IDE/ECLIPSE/DEOS/README.md
+++ b/IDE/ECLIPSE/DEOS/README.md
@ -1,71 +1,64 @@
-
-
 # Deos Port
+
 ## Overview
-You can enable the wolfSSL support for Deos RTOS available [here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using the `#define WOLFSSL_DEOS`.
-Deos is a time & space partitioned, multi-core enabled, DO-178C DAL A certifiable RTOS.
+
+You can enable the wolfSSL support for Deos RTOS available
+[here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using
+the `#define WOLFSSL_DEOS`.  Deos is a time & space partitioned,
+multi-core enabled, DO-178C DAL A certifiable RTOS.
+
 ## Usage

-You can start with your OpenArbor IDE-based example project for Deos with the network stack (lwip) to integrate wolfSSL source code.
+You can start with your OpenArbor IDE-based example project for Deos
+with the network stack (lwip) to integrate wolfSSL source code.

-wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/DEOS/user_settings.h` file.
+wolfSSL supports a compile-time user configurable options in the
+`IDE/ECLIPSE/DEOS/user_settings.h` file.

-The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can undefine any of these macro options to run a test.
-```
-       1. #undef NO_CRYPT_TEST
-       2. #undef NO_CRYPT_BENCHMARK
-       3. #undef NO_WOLFSSL_CLIENT
-       4. #undef NO_WOLFSSL_SERVER
-```
-Do one of the following steps for building and running wolfSSL with the Deos kernel examples, which are included in the DDS release:
-If you want to create a project from scratch, skip the Importing the project section and follow the steps in the other sections.
+### Importing the project

-If you want to use an pre-configured example project, go to the Importing the project section, skip the other sections and follow the Building and Running section.
-
-#### Importing the project
 In this section you will import a pre-configured example project.
+
+Note: To work wolfssl directory must not be under the workspace directory.
+
 1. Launch the OpenArbor IDE as an administrator
-2. In the Workspace Launcher dialog, in the Workspace field, enter your
-workspace
+2. In the Workspace Launcher dialog, in the Workspace field, enter
+   your workspace
 3. Right-click in the Project Explorer view and select Import
-4. In the Import dialog, select General > Existing Projects into Workspace, then click Next.
-5. In the Import Projects dialog, select Select archive file, then browse to `IDE/ECLIPSE/DEOS/` and double-click `deosWolfssl.zip` file
+4. In the Import dialog, select General > Existing Projects into
+   Workspace, then click Next.
+5. In the Import Projects dialog, select `Select root directory` and
+   browse to `IDE/ECLIPSE/DEOS/deos_wolfssl` and select the wolfssl
+   project
 6. In the Import Projects dialog, click Finish

+#### Dependencies
+
+* ansi
+* gnu-language
+* deos-time
+
+### Setting up a Deos project with wolfSSL
+
+The `tls_wolfssl.c` example application provides a simple function to
+run the selected examples at compile time through the following four
+`#defines` in `user_settings.h`. You can undefine any of these macro
+options to run a test.

-#### Setting up a Deos project with wolfSSL
- 1. Download the wolfSSL source code or a zip file from GitHub. You can remove all of the files except for these folders and its contents. The top folder for this example is wolfsslPort.
 ```
-wolfsslPort
-      |-- IDE
-          | -- ECLIPSE
-               | -- DEOS
-      |-- src
-      |-- wolfcrypt
-          | -- benchmark
-          | -- src
-          | -- test
-      |-- wolfssl
-          |-- openssl
-          |-- wolfcrypt
-              |-- port
+#undef NO_CRYPT_TEST
+#undef NO_CRYPT_BENCHMARK
+#undef NO_WOLFSSL_CLIENT
+#undef NO_WOLFSSL_SERVER
 ```
- 2. Remove these two platform specific assembly source files:
-    -   wolfsslPort/wolfcrypt/src/aes_asm.asm
-    -   wolfsslPort/wolfcrypt/src/aes_asm.S

- 3. Launch the OpenArbor IDE as an administrator
- 4. Create a DDC-I Deos example project. In the main menu, go to File >DDC-I Deos example project > socket > udp-vs-tcp
- 5. Import the `wolfSSLPort` source code into your project.
-    -   Right-click the ` udp-vs-tcp` project and choose File -> Import.
-    -   Expand the General folder and select File System, then click Next. You should now see the Import File system dialog.
-    -   Browse to the location containing the wolfSSL code and choose OK. Select the `wolfsslPort` folder and check the `Create top-level folder` button, then select Finish. You should see the folder hierarchy the same as wolfSSL folder structures.
-6. Review the configuration in $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h
+1. Launch the OpenArbor IDE

-7.  Review the custom malloc/realloc/free configuration $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/deos_malloc.c . Memory allocated with malloc() is never freed.
+2. Create a DDC-I Deos example project. In the main menu, go to File >
+   DDC-I Deos example project > socket > udp-vs-tcp
+
+3. Customize your config/udp-vs-tcp.pd.xml with the following changes:

-#### Configuring the Deos Project
- 1. Customize your config/udp-vs-tcp.pd.xml with the following changes:
 ```
 <processTemplate
     mutexQuota = "5"
@ -90,35 +83,54 @@ wolfsslPort

 </processTemplate>
 ```
-Depending on your configuration, wolfSSL uses upto four mutexes. You also need to configure enough memory for the stack of each threads and the process logical memory pool.

+Depending on your configuration, wolfSSL uses upto four mutexes. You
+also need to configure enough memory for the stack of each threads and
+the process logical memory pool.
+
+4. Right click on the `udp-vs-tcp` project, select properties and add
+   the following macros in the DDC-I Options > C Compile >
+   Preprocessor
+
+  * WOLFSSL_USER_SETTINGS
+
+5.  Add the following directory paths in the DDC-I Options > C Compile >
+    Directories and in the DDC-I Options > C++ Compile > Directories
+
+  * $(PROJECT_DIR.wolfssl)/../../../..
+  * $(PROJECT_DIR.wolfssl)/..
+  * $(PROJECT_DIR.printx)/code
+
+6.  Add the following library dependencies in the
+    DDC-I Options > Deos > Dependencies
+
+  * math
+  * ansi
+  * deos-time
+
+  For benchmark and test code:
+
+    * printx - You must add printx into your workspace, File >DDC-I
+      Deos example project > training > printx
+
+7.  Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to
+    customize your configuration. For example, you can undef or define
+    these tests.
+
+ * `#undef NO_CRYPT_TEST`
+ * `#undef NO_CRYPT_BENCHMARK`
+ * `#undef NO_WOLFSSL_CLIENT`
+ * `#undef NO_WOLFSSL_SERVER`
+
+8.  Edit your application source file where main() thread is defined
+and add the following:
+
+  * #include "printx.h"
+  * #include "tls_wolfssl.h"
+  * and a call to `wolfsslRunTests()`

- 2. Right click on the `udp-vs-tcp` project, select properties and add the following macros in the DDC-I Options > C Compile > Preprocessor
-      -   DEOS_ALLOW_OBSOLETE_DEFINITIONS
-      -   WOLFSSL_USER_SETTINGS
- 3.  Add the following directory paths in the DDC-I Options > C Compile > Directories and in the DDC-I Options > C++ Compile > Directories
-      -   $(PROJECT_DIR)/wolfsslPort
-      -   $(PROJECT_DIR)/wolfsslPort/wolfssl
-      -   $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS
-      -   $(PROJECT_DIR.printx)/code
- 4.  Change the optimization level in the DDC-I Options > C Compile > Code Generation > Optimization level:g
-      -   g
- 5.  Add the following library dependencies in the DDC-I Options > Deos > Dependencies
-      -   math
-      -   dart
-      -   ansi
-      -   printx
-          - You must add printx into your workspace, File >DDC-I Deos example project > training > printx
- 6.  Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to customize your configuration. For example, you can undef or define these tests.
-      -   #undef NO_CRYPT_TEST
-      -   #undef NO_CRYPT_BENCHMARK
-      -   #undef NO_WOLFSSL_CLIENT
-      -   #undef NO_WOLFSSL_SERVER
- 7.  Edit your application source file where main() thread is defined and add the following:
-      -   #include "printx.h"
-      -   #include "tls_wolfssl.h"
-      -   and a call to `wolfsslRunTests()`
 Here's an example:
+
 ```
 #include <deos.h>
 #include <printx.h>
@ -137,7 +149,10 @@ int main(void)
 }

 ```
- 8.  Review $(PROJECT_DIR)/udp-vs-tcp/mailbox-transport.config configuration.
+
+9.  Review `$(PROJECT_DIR)/udp-vs-tcp/mailbox-transport.config`
+    configuration.
+
 ```
 transportConfigurationId
 2                              # Client thread quota - for client and server TCP
@ -166,45 +181,62 @@ userServiceThread              # Server thread template name
 /
 ```

-   #### Building and Running
- 1.  Build your project, then load and run your image on a target platform. Review the test results on the console output.
+#### Building and Running
+
+1.  Build your project, then load and run your image on a target
+    platform. Review the test results on the console output.


 ### `wolfcrypt_test()`
-wolfcrypt_test() prints a message on the target console similar to the following output:
+
+`wolfcrypt_test()` prints a message on similar to the following:
+
 ```
 error    test passed!
 base64   test passed!
 asn      test passed!
 ...
 ```
+
 This example doesn't show the whole output.

 ### `benchmark_test()`
-benchmark_test() prints a message on the target console similar to the following output.
+
+`benchmark_test()` prints a message on the similar to the following:

 ```
 ------------------------------------------------------------------------------
- wolfSSL version 3.15.5
+wolfSSL version 4.6.0
 ------------------------------------------------------------------------------
 wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
-RNG               225 KB tooks 1.026 seconds,  219.313 KB/s
-AES-128-CBC-enc    250 KB toks 1.105 seconds  226.210 KB/s
-AES-128-CBC-dec    225 KB tooks 1.005 seconds,  223.922 KB/s
+RNG                  2 MB took 1.000 seconds,    2.124 MB/s
+AES-128-CBC-enc      5 MB took 1.000 seconds,    5.127 MB/s
+AES-128-CBC-dec      5 MB took 1.000 seconds,    4.907 MB/s
+AES-192-CBC-enc      5 MB took 1.000 seconds,    4.736 MB/s
+AES-192-CBC-dec      5 MB took 1.000 seconds,    4.761 MB/s
 ...
 ```
+
 This example doesn't show the whole output.

 ### `wolfssl_client_test()`

-You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros in the `tls_wolfssl.c` file to configure the host address and port. You will also need to define the server certificate. The example client uses the GET request to get a web resource from the server at https://google.com.
+You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros
+in the `tls_wolfssl.c` file to configure the host address and
+port. You will also need to define the server certificate. The example
+client uses the GET request to get a web resource from the server at
+https://google.com.

 ### `wolfssl_server_test()`

-You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to configure the port number to listen on a local-host.
-Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections.
+You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to
+configure the port number to listen on a local-host.  Once you start
+the TLS server and `Listening for client connection` displays on the
+serial console, the server is ready to accept client connections.
+
+You can connect to the server using the wolfssl TLS client example
+from your Linux or Windows host as follows:

-You can connect to the server using the wolfssl TLS client example from your Linux or Windows host as follows:
 ```
 $ ./examples/client/client.exe -h TLS_SERVER_IP_ADDRESS

@ -218,8 +250,10 @@ I hear ya fa shizzle!

 ## References

-The test results were collected from the qemu-x86 reference platform target with the following software and tool chains:
- OpenArbor, eclipse based IDE, toolVersion = "3.31.0"
+The following software and tool chains were used for testing:
+
+- OpenArbor 7.0.0
 - wolfssl [latest version](https://github.com/wolfSSL/wolfssl)

-For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)
+For more information or questions, please email
+[support@wolfssl.com](mailto:support@wolfssl.com)
--- a/IDE/ECLIPSE/DEOS/deos_malloc.c
+++ b/IDE/ECLIPSE/DEOS/deos_malloc.c
@ -1,6 +1,6 @@
 /* deos_malloc.c
 *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@ -19,27 +19,11 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/ssl.h>
-
-#define ROUND_UP(x, align)  (((int) (x) + (align - 1)) & ~(align - 1))
-#define SIZEOF_HEADER sizeof(size_t)  /* tracks size of allocated block */
-
-#define HEAP_SIZE_MAX   (1*1024*1024)
-
-static size_t allocatedMemory = 0;
-
-size_t getMemAllocatedSize_deos(size_t* size){
-
-    if (size)
-        *size = allocatedMemory;
-
-    return allocatedMemory;
-}
-
-/* Simply returns without freeing any memory. */
+#include <wolfssl/wolfcrypt/types.h>
+#include <deos.h>

 void free_deos(void *ptr) {
-    //printf("fake free_deos()\n");
+    free(ptr);
    return;
 }

@ -51,10 +35,6 @@ void *realloc_deos(void *ptr, size_t size) {
    newptr = malloc_deos(size);

    if (ptr != NULL && newptr != NULL) {
-
-        if ( *((char *)ptr - SIZEOF_HEADER) < *((char *)newptr - SIZEOF_HEADER))
-            size = *((char *)ptr - SIZEOF_HEADER);
-
        XMEMCPY((char *) newptr, (const char *) ptr, size);
        free_deos(ptr);
    }
@ -63,46 +43,5 @@ void *realloc_deos(void *ptr, size_t size) {
 }

 void *malloc_deos(size_t size) {
-    PDEOS_SYSTEM_INFO systemInfoPtr;
-    static VirtualAddressTYP heapAddr = NULL;
-    static VirtualAddressTYP freeAddr = NULL;
-    VirtualAddressTYP retAddr = NULL;
-    DWORD allocationSize = 0;
-    static int initialized = 0;
-
-    if (size <= 0)
-        return NULL;
-
-    if (!initialized) {
-        systemInfoPtr = (PDEOS_SYSTEM_INFO)getSystemInfoDEOS();
-        freeAddr = (VirtualAddressTYP)getNextLibraryStartAddress();
-        allocationSize = (((HEAP_SIZE_MAX - 1) / systemInfoPtr->dwPageSize) + 1) *
-                         systemInfoPtr->dwPageSize;
-
-        if (virtualAllocDEOS(freeAddr, allocationSize) != allocSuccess){
-            printf("ERROR: virtualAllocDEOS failed\n");
-            return NULL;
-        }
-
-        setNextLibraryStartAddress(freeAddr + allocationSize);
-        heapAddr = freeAddr;
-
-        initialized = 1;
-    }
-
-    size = ROUND_UP(size, sizeof(size_t));
-
-    if ((size + SIZEOF_HEADER) > (HEAP_SIZE_MAX - (freeAddr - heapAddr))){
-        printf("ERROR: malloc_deos cannot allocate from heap memory anymore\n");
-        return NULL;
-    }
-
-    *freeAddr = size;
-    freeAddr += SIZEOF_HEADER;
-    retAddr = freeAddr;
-    XMEMSET(retAddr, 0, size);
-    freeAddr += size;
-    allocatedMemory += size;
-
-    return retAddr;
+  return malloc(size);
 }
--- a/IDE/ECLIPSE/DEOS/deos_wolfssl/.cproject
+++ b/IDE/ECLIPSE/DEOS/deos_wolfssl/.cproject
@ -0,0 +1,344 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="org.eclipse.cdt.core.default.config.472844465">
+			<storageModule buildSystemId="org.eclipse.cdt.core.defaultConfigDataProvider" id="org.eclipse.cdt.core.default.config.472844465" moduleId="org.eclipse.cdt.core.settings" name="Configuration">
+				<externalSettings/>
+				<extensions/>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+	<storageModule moduleId="org.eclipse.cdt.core.pathentry">
+		<pathentry base-path="C:/DDC-I/desk/ppc/include" include="./" kind="inc" path="" system="true"/>
+		<pathentry base-path="C:/DDC-I/desk/include" include="./" kind="inc" path="" system="true"/>
+		<pathentry base-path="C:/" include="./" kind="inc" path="" system="true"/>
+		<pathentry kind="mac" name="DIAGNOSTIC" path="" value=""/>
+		<pathentry kind="mac" name="WOLFSSL_USER_SETTINGS" path="" value=""/>
+		<pathentry kind="mac" name="__OpenArbor_editor" path="" value=""/>
+		<pathentry kind="mac" name="__DBL_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__FLT32X_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubmsp" path="" value="__builtin_vsx_xvmsubsp"/>
+		<pathentry kind="mac" name="__UINT_LEAST16_MAX__" path="" value="0xffff"/>
+		<pathentry kind="mac" name="__ATOMIC_ACQUIRE" path="" value="2"/>
+		<pathentry kind="mac" name="__FLT_MIN__" path="" value="1.1754943508222875e-38F"/>
+		<pathentry kind="mac" name="__GCC_IEC_559_COMPLEX" path="" value="2"/>
+		<pathentry kind="mac" name="__UINT_LEAST8_TYPE__" path="" value="unsigned char"/>
+		<pathentry kind="mac" name="__INTMAX_C(c)" path="" value="c ## LL"/>
+		<pathentry kind="mac" name="__CHAR_BIT__" path="" value="8"/>
+		<pathentry kind="mac" name="__UINT8_MAX__" path="" value="0xff"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddadp" path="" value="__builtin_vsx_xvnmadddp"/>
+		<pathentry kind="mac" name="__WINT_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__FLT32_MIN_EXP__" path="" value="(-125)"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlnor" path="" value="__builtin_vec_nor"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubmdp" path="" value="__builtin_vsx_xvnmsubdp"/>
+		<pathentry kind="mac" name="__ORDER_LITTLE_ENDIAN__" path="" value="1234"/>
+		<pathentry kind="mac" name="__SIZE_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__WCHAR_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1" path="" value="1"/>
+		<pathentry kind="mac" name="__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2" path="" value="1"/>
+		<pathentry kind="mac" name="__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4" path="" value="1"/>
+		<pathentry kind="mac" name="__DBL_DENORM_MIN__" path="" value="((double)4.9406564584124654e-324L)"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_CHAR_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__GCC_IEC_559" path="" value="2"/>
+		<pathentry kind="mac" name="__FLT32X_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__FLT_EVAL_METHOD__" path="" value="0"/>
+		<pathentry kind="mac" name="__unix__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_CHAR32_T_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="pixel" path="" value="pixel"/>
+		<pathentry kind="mac" name="bool" path="" value="bool"/>
+		<pathentry kind="mac" name="__UINT_FAST64_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__DBL_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__FINITE_MATH_ONLY__" path="" value="0"/>
+		<pathentry kind="mac" name="__GNUC_PATCHLEVEL__" path="" value="0"/>
+		<pathentry kind="mac" name="__FLT32_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddasp" path="" value="__builtin_vsx_xvnmaddsp"/>
+		<pathentry kind="mac" name="__UINT_FAST8_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__has_include(STR)" path="" value="__has_include__(STR)"/>
+		<pathentry kind="mac" name="__DEC64_MAX_EXP__" path="" value="385"/>
+		<pathentry kind="mac" name="__INT8_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="__INT_LEAST8_WIDTH__" path="" value="8"/>
+		<pathentry kind="mac" name="__UINT_LEAST64_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__SHRT_MAX__" path="" value="0x7fff"/>
+		<pathentry kind="mac" name="__LDBL_MAX__" path="" value="1.7976931348623157e+308L"/>
+		<pathentry kind="mac" name="__UINT_LEAST8_MAX__" path="" value="0xff"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_BOOL_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="_ARCH_PPC" path="" value="1"/>
+		<pathentry kind="mac" name="__UINTMAX_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__DEC32_EPSILON__" path="" value="1E-6DF"/>
+		<pathentry kind="mac" name="__FLT_EVAL_METHOD_TS_18661_3__" path="" value="0"/>
+		<pathentry kind="mac" name="__CHAR_UNSIGNED__" path="" value="1"/>
+		<pathentry kind="mac" name="__UINT32_MAX__" path="" value="0xffffffffUL"/>
+		<pathentry kind="mac" name="__LDBL_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__WINT_MIN__" path="" value="0U"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddmdp" path="" value="__builtin_vsx_xvmadddp"/>
+		<pathentry kind="mac" name="__builtin_vsx_vperm" path="" value="__builtin_vec_perm"/>
+		<pathentry kind="mac" name="__INT_LEAST16_WIDTH__" path="" value="16"/>
+		<pathentry kind="mac" name="__SCHAR_MAX__" path="" value="0x7f"/>
+		<pathentry kind="mac" name="__WCHAR_MIN__" path="" value="(-__WCHAR_MAX__ - 1)"/>
+		<pathentry kind="mac" name="vector" path="" value="vector"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubmsp" path="" value="__builtin_vsx_xvnmsubsp"/>
+		<pathentry kind="mac" name="__INT64_C(c)" path="" value="c ## LL"/>
+		<pathentry kind="mac" name="__DBL_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_POINTER_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__SIZEOF_INT__" path="" value="4"/>
+		<pathentry kind="mac" name="__SIZEOF_POINTER__" path="" value="4"/>
+		<pathentry kind="mac" name="__USER_LABEL_PREFIX__" path="" value=""/>
+		<pathentry kind="mac" name="__STDC_HOSTED__" path="" value="1"/>
+		<pathentry kind="mac" name="__LDBL_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddmsp" path="" value="__builtin_vsx_xvmaddsp"/>
+		<pathentry kind="mac" name="__FLT32_DIG__" path="" value="6"/>
+		<pathentry kind="mac" name="__FLT_EPSILON__" path="" value="1.1920928955078125e-7F"/>
+		<pathentry kind="mac" name="__SHRT_WIDTH__" path="" value="16"/>
+		<pathentry kind="mac" name="_CALL_SYSV" path="" value="1"/>
+		<pathentry kind="mac" name="__LDBL_MIN__" path="" value="2.2250738585072014e-308L"/>
+		<pathentry kind="mac" name="__STDC_UTF_16__" path="" value="1"/>
+		<pathentry kind="mac" name="__DEC32_MAX__" path="" value="9.999999E96DF"/>
+		<pathentry kind="mac" name="__FLT32X_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__INT32_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__INT_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__SIZEOF_LONG__" path="" value="4"/>
+		<pathentry kind="mac" name="__UINT16_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="__PTRDIFF_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__FLT64_EPSILON__" path="" value="2.2204460492503131e-16F64"/>
+		<pathentry kind="mac" name="__INTMAX_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__has_include_next(STR)" path="" value="__has_include_next__(STR)"/>
+		<pathentry kind="mac" name="__LDBL_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__GNUC__" path="" value="7"/>
+		<pathentry kind="mac" name="__FLT_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__SIZEOF_LONG_DOUBLE__" path="" value="8"/>
+		<pathentry kind="mac" name="__BIGGEST_ALIGNMENT__" path="" value="16"/>
+		<pathentry kind="mac" name="__FLT64_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__DBL_MAX__" path="" value="((double)1.7976931348623157e+308L)"/>
+		<pathentry kind="mac" name="__INT_FAST32_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__DBL_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddmdp" path="" value="__builtin_vsx_xvnmadddp"/>
+		<pathentry kind="mac" name="__DEC32_MIN_EXP__" path="" value="(-94)"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlandc" path="" value="__builtin_vec_andc"/>
+		<pathentry kind="mac" name="__INTPTR_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__FLT32X_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__INT_FAST16_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__LDBL_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__DEC128_MAX__" path="" value="9.999999999999999999999999999999999E6144DL"/>
+		<pathentry kind="mac" name="__INT_LEAST32_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__DEC32_MIN__" path="" value="1E-95DF"/>
+		<pathentry kind="mac" name="__DBL_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__WCHAR_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__FLT32_MAX__" path="" value="3.4028234663852886e+38F32"/>
+		<pathentry kind="mac" name="__DEC128_EPSILON__" path="" value="1E-33DL"/>
+		<pathentry kind="mac" name="__PTRDIFF_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__FLT32_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__LONG_LONG_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__SIZEOF_SIZE_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddmsp" path="" value="__builtin_vsx_xvnmaddsp"/>
+		<pathentry kind="mac" name="__PPC__" path="" value="1"/>
+		<pathentry kind="mac" name="__SIZEOF_WINT_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__LONG_LONG_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__FLT32_MAX_EXP__" path="" value="128"/>
+		<pathentry kind="mac" name="__GXX_ABI_VERSION" path="" value="1011"/>
+		<pathentry kind="mac" name="__FLT_MIN_EXP__" path="" value="(-125)"/>
+		<pathentry kind="mac" name="__INT_FAST64_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__FP_FAST_FMAF" path="" value="1"/>
+		<pathentry kind="mac" name="__FP_FAST_FMAL" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_DENORM_MIN__" path="" value="4.9406564584124654e-324F64"/>
+		<pathentry kind="mac" name="__DBL_MIN__" path="" value="((double)2.2250738585072014e-308L)"/>
+		<pathentry kind="mac" name="__FLT32X_EPSILON__" path="" value="2.2204460492503131e-16F32x"/>
+		<pathentry kind="mac" name="__FLT64_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__FLT64_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__DEC128_MIN__" path="" value="1E-6143DL"/>
+		<pathentry kind="mac" name="__REGISTER_PREFIX__" path="" value=""/>
+		<pathentry kind="mac" name="__UINT16_MAX__" path="" value="0xffff"/>
+		<pathentry kind="mac" name="__DBL_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxland" path="" value="__builtin_vec_and"/>
+		<pathentry kind="mac" name="__FLT32_MIN__" path="" value="1.1754943508222875e-38F32"/>
+		<pathentry kind="mac" name="__UINT8_TYPE__" path="" value="unsigned char"/>
+		<pathentry kind="mac" name="__NO_INLINE__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT_MANT_DIG__" path="" value="24"/>
+		<pathentry kind="mac" name="__LDBL_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__VERSION__" path="" value="&quot;7.3.0&quot;"/>
+		<pathentry kind="mac" name="__UINT64_C(c)" path="" value="c ## ULL"/>
+		<pathentry kind="mac" name="__BIG_ENDIAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_INT_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__pixel" path="" value="__attribute__((altivec(pixel__))) unsigned short"/>
+		<pathentry kind="mac" name="__FLT32_MANT_DIG__" path="" value="24"/>
+		<pathentry kind="mac" name="__FLOAT_WORD_ORDER__" path="" value="__ORDER_BIG_ENDIAN__"/>
+		<pathentry kind="mac" name="__SCHAR_WIDTH__" path="" value="8"/>
+		<pathentry kind="mac" name="__INT32_C(c)" path="" value="c ## L"/>
+		<pathentry kind="mac" name="__DEC64_EPSILON__" path="" value="1E-15DD"/>
+		<pathentry kind="mac" name="__ORDER_PDP_ENDIAN__" path="" value="3412"/>
+		<pathentry kind="mac" name="__DEC128_MIN_EXP__" path="" value="(-6142)"/>
+		<pathentry kind="mac" name="__FLT32_MAX_10_EXP__" path="" value="38"/>
+		<pathentry kind="mac" name="__INT_FAST32_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__UINT_LEAST16_TYPE__" path="" value="short unsigned int"/>
+		<pathentry kind="mac" name="unix" path="" value="1"/>
+		<pathentry kind="mac" name="__INT16_MAX__" path="" value="0x7fff"/>
+		<pathentry kind="mac" name="__SIZE_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__UINT64_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__INT8_TYPE__" path="" value="signed char"/>
+		<pathentry kind="mac" name="__ELF__" path="" value="1"/>
+		<pathentry kind="mac" name="__HAVE_BSWAP__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT_RADIX__" path="" value="2"/>
+		<pathentry kind="mac" name="__INT_LEAST16_TYPE__" path="" value="short int"/>
+		<pathentry kind="mac" name="__LDBL_EPSILON__" path="" value="2.2204460492503131e-16L"/>
+		<pathentry kind="mac" name="__UINTMAX_C(c)" path="" value="c ## ULL"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_WCHAR_T_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__SIZEOF_PTRDIFF_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__FLT32X_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__FLT32X_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__DEC32_SUBNORMAL_MIN__" path="" value="0.000001E-95DF"/>
+		<pathentry kind="mac" name="__INT_FAST16_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__vector" path="" value="__attribute__((altivec(vector__)))"/>
+		<pathentry kind="mac" name="__FLT64_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__UINT_FAST32_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__UINT_LEAST64_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubadp" path="" value="__builtin_vsx_xvmsubdp"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxsel" path="" value="__builtin_vec_sel"/>
+		<pathentry kind="mac" name="__FLT_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__bool" path="" value="__attribute__((altivec(bool__))) unsigned"/>
+		<pathentry kind="mac" name="__FLT_MAX_10_EXP__" path="" value="38"/>
+		<pathentry kind="mac" name="__LONG_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__DEC128_SUBNORMAL_MIN__" path="" value="0.000000000000000000000000000000001E-6143DL"/>
+		<pathentry kind="mac" name="__FLT_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__unix" path="" value="1"/>
+		<pathentry kind="mac" name="__UINT_FAST16_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__DEC64_MAX__" path="" value="9.999999999999999E384DD"/>
+		<pathentry kind="mac" name="__INT_FAST32_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__CHAR16_TYPE__" path="" value="short unsigned int"/>
+		<pathentry kind="mac" name="__PRAGMA_REDEFINE_EXTNAME" path="" value="1"/>
+		<pathentry kind="mac" name="__SIZE_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INT_LEAST16_MAX__" path="" value="0x7fff"/>
+		<pathentry kind="mac" name="__DEC64_MANT_DIG__" path="" value="16"/>
+		<pathentry kind="mac" name="__INT64_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__UINT_LEAST32_MAX__" path="" value="0xffffffffUL"/>
+		<pathentry kind="mac" name="__FLT32_DENORM_MIN__" path="" value="1.4012984643248171e-45F32"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_LONG_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INT_LEAST64_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__INT16_TYPE__" path="" value="short int"/>
+		<pathentry kind="mac" name="__INT_LEAST8_TYPE__" path="" value="signed char"/>
+		<pathentry kind="mac" name="__STDC_VERSION__" path="" value="201112L"/>
+		<pathentry kind="mac" name="__DEC32_MAX_EXP__" path="" value="97"/>
+		<pathentry kind="mac" name="_BIG_ENDIAN" path="" value="1"/>
+		<pathentry kind="mac" name="__INT_FAST8_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__INTPTR_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__FLT64_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__PPC" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT32_MIN_10_EXP__" path="" value="(-37)"/>
+		<pathentry kind="mac" name="__FLT32X_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubasp" path="" value="__builtin_vsx_xvmsubsp"/>
+		<pathentry kind="mac" name="__LDBL_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__svr4__" path="" value="1"/>
+		<pathentry kind="mac" name="__DBL_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_MIN__" path="" value="(-__SIG_ATOMIC_MAX__ - 1)"/>
+		<pathentry kind="mac" name="__INTPTR_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__UINT16_TYPE__" path="" value="short unsigned int"/>
+		<pathentry kind="mac" name="__WCHAR_TYPE__" path="" value="long int"/>
+		<pathentry kind="mac" name="__SIZEOF_FLOAT__" path="" value="4"/>
+		<pathentry kind="mac" name="__UINTPTR_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__INT_FAST64_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__DEC64_MIN_EXP__" path="" value="(-382)"/>
+		<pathentry kind="mac" name="__FLT32_DECIMAL_DIG__" path="" value="9"/>
+		<pathentry kind="mac" name="__INT_FAST64_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_TEST_AND_SET_TRUEVAL" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT_DIG__" path="" value="6"/>
+		<pathentry kind="mac" name="__FLT32_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__UINT_FAST64_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__INT_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__INT64_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__FLT_MAX_EXP__" path="" value="128"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlor" path="" value="__builtin_vec_or"/>
+		<pathentry kind="mac" name="__DBL_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__INT_LEAST64_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_CHAR16_T_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlxor" path="" value="__builtin_vec_xor"/>
+		<pathentry kind="mac" name="__DEC64_MIN__" path="" value="1E-383DD"/>
+		<pathentry kind="mac" name="__WINT_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__UINT_LEAST32_TYPE__" path="" value="long unsigned int"/>
+		<pathentry kind="mac" name="__SIZEOF_SHORT__" path="" value="2"/>
+		<pathentry kind="mac" name="__LDBL_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__FLT64_MAX__" path="" value="1.7976931348623157e+308F64"/>
+		<pathentry kind="mac" name="__WINT_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INT_LEAST8_MAX__" path="" value="0x7f"/>
+		<pathentry kind="mac" name="__FLT32X_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__LDBL_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__ATOMIC_RELAXED" path="" value="0"/>
+		<pathentry kind="mac" name="__DBL_EPSILON__" path="" value="((double)2.2204460492503131e-16L)"/>
+		<pathentry kind="mac" name="__UINT8_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="PPC" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__INT_LEAST32_TYPE__" path="" value="long int"/>
+		<pathentry kind="mac" name="__SIZEOF_WCHAR_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__UINT64_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubadp" path="" value="__builtin_vsx_xvnmsubdp"/>
+		<pathentry kind="mac" name="__INT_FAST8_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__GNUC_STDC_INLINE__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT32_EPSILON__" path="" value="1.1920928955078125e-7F32"/>
+		<pathentry kind="mac" name="__DBL_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__STDC_UTF_32__" path="" value="1"/>
+		<pathentry kind="mac" name="__INT_FAST8_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__DEC_EVAL_METHOD__" path="" value="2"/>
+		<pathentry kind="mac" name="__FLT32X_MAX__" path="" value="1.7976931348623157e+308F32x"/>
+		<pathentry kind="mac" name="__VEC_ELEMENT_REG_ORDER__" path="" value="__ORDER_BIG_ENDIAN__"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddadp" path="" value="__builtin_vsx_xvmadddp"/>
+		<pathentry kind="mac" name="__ORDER_BIG_ENDIAN__" path="" value="4321"/>
+		<pathentry kind="mac" name="__UINT32_C(c)" path="" value="c ## UL"/>
+		<pathentry kind="mac" name="__INTMAX_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__BYTE_ORDER__" path="" value="__ORDER_BIG_ENDIAN__"/>
+		<pathentry kind="mac" name="__FLT_DENORM_MIN__" path="" value="1.4012984643248171e-45F"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubasp" path="" value="__builtin_vsx_xvnmsubsp"/>
+		<pathentry kind="mac" name="__INT8_MAX__" path="" value="0x7f"/>
+		<pathentry kind="mac" name="__LONG_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__UINT_FAST32_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__CHAR32_TYPE__" path="" value="long unsigned int"/>
+		<pathentry kind="mac" name="__FLT_MAX__" path="" value="3.4028234663852886e+38F"/>
+		<pathentry kind="mac" name="__FP_FAST_FMA" path="" value="1"/>
+		<pathentry kind="mac" name="__INT32_TYPE__" path="" value="long int"/>
+		<pathentry kind="mac" name="__SIZEOF_DOUBLE__" path="" value="8"/>
+		<pathentry kind="mac" name="__FLT_MIN_10_EXP__" path="" value="(-37)"/>
+		<pathentry kind="mac" name="__FLT64_MIN__" path="" value="2.2250738585072014e-308F64"/>
+		<pathentry kind="mac" name="__INT_LEAST32_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INTMAX_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__DEC128_MAX_EXP__" path="" value="6145"/>
+		<pathentry kind="mac" name="__FLT32X_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__ATOMIC_CONSUME" path="" value="1"/>
+		<pathentry kind="mac" name="__GNUC_MINOR__" path="" value="3"/>
+		<pathentry kind="mac" name="__INT_FAST16_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__UINTMAX_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__DEC32_MANT_DIG__" path="" value="7"/>
+		<pathentry kind="mac" name="__FLT32X_DENORM_MIN__" path="" value="4.9406564584124654e-324F32x"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddasp" path="" value="__builtin_vsx_xvmaddsp"/>
+		<pathentry kind="mac" name="__DBL_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__LDBL_DENORM_MIN__" path="" value="4.9406564584124654e-324L"/>
+		<pathentry kind="mac" name="__INT16_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="__STDC__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubmdp" path="" value="__builtin_vsx_xvmsubdp"/>
+		<pathentry kind="mac" name="__PTRDIFF_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__ATOMIC_SEQ_CST" path="" value="5"/>
+		<pathentry kind="mac" name="__UINT32_TYPE__" path="" value="long unsigned int"/>
+		<pathentry kind="mac" name="__FLT32X_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__UINTPTR_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__DEC64_SUBNORMAL_MIN__" path="" value="0.000000000000001E-383DD"/>
+		<pathentry kind="mac" name="__DEC128_MANT_DIG__" path="" value="34"/>
+		<pathentry kind="mac" name="__LDBL_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__SIZEOF_LONG_LONG__" path="" value="8"/>
+		<pathentry kind="mac" name="_Bool" path="" value="_Bool"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_LLONG_LOCK_FREE" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT32X_MIN__" path="" value="2.2250738585072014e-308F32x"/>
+		<pathentry kind="mac" name="__LDBL_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__FLT_DECIMAL_DIG__" path="" value="9"/>
+		<pathentry kind="mac" name="__UINT_FAST16_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_SHORT_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__INT_LEAST64_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__UINT_FAST8_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__ATOMIC_ACQ_REL" path="" value="4"/>
+		<pathentry kind="mac" name="__ATOMIC_RELEASE" path="" value="3"/>
+	</storageModule>
+</cproject>
--- a/IDE/ECLIPSE/DEOS/deos_wolfssl/.options
+++ b/IDE/ECLIPSE/DEOS/deos_wolfssl/.options
@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project xmlns="http://www.ddci.com/DEOS_SHARED_OBJECToptions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="ddci:/xsd/DEOS_SHARED_OBJECT.xsd http://www.ddci.com/DEOS_SHARED_OBJECToptions">
+  <version>26</version>
+  <targetArch>ppc</targetArch>
+  <variant>diagnostic</variant>
+  <depend>kernel</depend>
+  <depend variant="diagnostic">video</depend>
+  <depend>ansi</depend>
+  <depend>math</depend>
+  <depend>deos-time</depend>
+  <depend>sal</depend>
+  <depend>mtl</depend>
+  <depend>printx</depend>
+  <depend>gnu-language</depend>
+  <kernelFile kfs="hypstart">lib$(PROJECT_NAME).so</kernelFile>
+  <copyToAppbin>$(BINARY)</copyToAppbin>
+  <copyToAppbin>$(BINARY).dbg</copyToAppbin>
+  <gccCCompileDirectories targetArch="arm">$(DESK_DIR)/arm/include</gccCCompileDirectories>
+  <gccCCompileDirectories targetArch="ppc">$(DESK_DIR)/ppc/include</gccCCompileDirectories>
+  <gccCCompileDirectories targetArch="x86">$(DESK_DIR)/x86/include</gccCCompileDirectories>
+  <gccCCompileDirectories>$(DESK_DIR)/include</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR)/../../../..</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR)/../../../../fips</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR)/..</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR.printx)/code</gccCCompileDirectories>
+  <gccCCompileDefinedMacros>WOLFSSL_USER_SETTINGS</gccCCompileDefinedMacros>
+  <gccCppLinkDirectories targetArch="arm">$(DESK_DIR)/arm/appbin</gccCppLinkDirectories>
+  <gccCppLinkDirectories targetArch="ppc">$(DESK_DIR)/ppc/appbin</gccCppLinkDirectories>
+  <gccCppLinkDirectories targetArch="x86">$(DESK_DIR)/x86/appbin</gccCppLinkDirectories>
+  <gccCppLinkUseIntermediateArchive>true</gccCppLinkUseIntermediateArchive>
+  <gccCppLinkAdditionalOptions>-L $(PROJECT_DIR.printx)/output/powerpc-motorola-elf/diagnostic</gccCppLinkAdditionalOptions>
+  <fpuType>none</fpuType>
+  <ignore>fips.c</ignore>
+  <ignore>fips_test.c</ignore>
+  <ignore>selftest.c</ignore>
+</project>
--- a/IDE/ECLIPSE/DEOS/deos_wolfssl/.project
+++ b/IDE/ECLIPSE/DEOS/deos_wolfssl/.project
@ -0,0 +1,619 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>wolfssl</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.ddci.common.ide.Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.ddci.common.ide.DdciNature</nature>
+		<nature>com.ddci.common.ide.ExecutableNature</nature>
+		<nature>com.ddci.deos.common.deosLoadListNature</nature>
+		<nature>com.ddci.common.ide.DEOS_SHARED_OBJECT</nature>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>deos_malloc.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/IDE/ECLIPSE/DEOS/deos_malloc.c</locationURI>
+		</link>
+		<link>
+			<name>fips.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/fips/fips.c</locationURI>
+		</link>
+		<link>
+			<name>fips_test.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/fips/fips_test.c</locationURI>
+		</link>
+		<link>
+			<name>selftest.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/fips/selftest.c</locationURI>
+		</link>
+		<link>
+			<name>user_settings.h</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/IDE/ECLIPSE/DEOS/user_settings.h</locationURI>
+		</link>
+		<link>
+			<name>wolfssl</name>
+			<type>2</type>
+			<locationURI>WOLFSSL_ROOT/wolfssl</locationURI>
+		</link>
+		<link>
+			<name>src/crl.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/crl.c</locationURI>
+		</link>
+		<link>
+			<name>src/internal.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/internal.c</locationURI>
+		</link>
+		<link>
+			<name>src/keys.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/keys.c</locationURI>
+		</link>
+		<link>
+			<name>src/ocsp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/ocsp.c</locationURI>
+		</link>
+		<link>
+			<name>src/sniffer.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/sniffer.c</locationURI>
+		</link>
+		<link>
+			<name>src/ssl.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/ssl.c</locationURI>
+		</link>
+		<link>
+			<name>src/tls.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/tls.c</locationURI>
+		</link>
+		<link>
+			<name>src/tls13.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/tls13.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfio.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/wolfio.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/benchmark</name>
+			<type>2</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/benchmark</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/test</name>
+			<type>2</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/test</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/aes.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/aes.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/arc4.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/arc4.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/asm.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/asm.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/asn.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/asn.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/blake2b.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/blake2b.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/blake2s.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/blake2s.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/camellia.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/camellia.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/chacha.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/chacha.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/chacha20_poly1305.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/chacha20_poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/cmac.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/cmac.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/coding.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/coding.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/compress.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/compress.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/cpuid.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/cpuid.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/cryptocb.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/cryptocb.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/curve25519.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/curve25519.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/curve448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/curve448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/des3.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/des3.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/dh.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/dh.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/dsa.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/dsa.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ecc.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ecc.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ecc_fp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ecc_fp.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ed25519.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ed25519.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ed448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ed448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/error.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/error.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_low_mem.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_operations.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_operations.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_x25519_128.h</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.h</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mont_small.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mont_small.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_12.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_12.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_17.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_17.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_20.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_20.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_24.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_24.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_28.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_28.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_3.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_3.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_32.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_32.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_4.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_4.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_48.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_48.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_6.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_6.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_64.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_64.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_7.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_7.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_8.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_8.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_9.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_9.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_small_set.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_small_set.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_12.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_12.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_17.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_17.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_20.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_20.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_24.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_24.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_28.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_28.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_3.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_3.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_32.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_32.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_4.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_4.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_48.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_48.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_6.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_6.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_64.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_64.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_7.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_7.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_8.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_8.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_9.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_9.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_small_set.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_small_set.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ge_448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ge_448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ge_low_mem.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ge_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ge_operations.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ge_operations.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/kdf.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/kdf.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/hash.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hash.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/hmac.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hmac.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/integer.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/integer.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/logging.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/logging.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/md2.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/md2.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/md4.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/md4.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/md5.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/md5.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/memory.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/memory.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/pkcs12.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/pkcs12.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/pkcs7.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/pkcs7.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/poly1305.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/pwdbased.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/pwdbased.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/random.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/random.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/rc2.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/rc2.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ripemd.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ripemd.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/rsa.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/rsa.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha256.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha256.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha3.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha3.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha512.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha512.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/signature.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/signature.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_arm32.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_arm32.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_arm64.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_arm64.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_armthumb.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_armthumb.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_c32.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_c32.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_c64.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_c64.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_cortexm.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_cortexm.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_dsp32.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_dsp32.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_int.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_int.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_x86_64.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_x86_64.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/srp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/srp.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/tfm.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/tfm.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_dsp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_dsp.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_encrypt.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_encrypt.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_pkcs11.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_pkcs11.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_port.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_port.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wolfevent.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wolfevent.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wolfmath.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wolfmath.c</locationURI>
+		</link>
+	</linkedResources>
+	<variableList>
+		<variable>
+			<name>WOLFSSL_ROOT</name>
+			<value>$%7BPARENT-4-PROJECT_LOC%7D</value>
+		</variable>
+	</variableList>
+</projectDescription>
--- a/IDE/ECLIPSE/DEOS/include.am
+++ b/IDE/ECLIPSE/DEOS/include.am
@ -7,4 +7,7 @@ EXTRA_DIST += \
    IDE/ECLIPSE/DEOS/user_settings.h \
    IDE/ECLIPSE/DEOS/tls_wolfssl.h \
    IDE/ECLIPSE/DEOS/tls_wolfssl.c \
-    IDE/ECLIPSE/DEOS/deos_malloc.c
+    IDE/ECLIPSE/DEOS/deos_malloc.c \
+    IDE/ECLIPSE/DEOS/deos_wolfssl/.cproject \
+    IDE/ECLIPSE/DEOS/deos_wolfssl/.options \
+    IDE/ECLIPSE/DEOS/deos_wolfssl/.project
--- a/Show More
+++ b/Show More