Fix ASN implementation to support both template and original modes

- Add support for extracting hash type from PBES2 parameters
- Handle both WOLFSSL_ASN_TEMPLATE and original ASN implementations
- Return ASN_PARSE_E if hash type cannot be determined
- Add proper error handling and messages

Co-Authored-By: lealem@wolfssl.com <lealem@wolfssl.com>

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -6,8 +6,10 @@ body:
   - type: markdown
     attributes:
       value: >
-        Thanks for reporting an bug. If you would prefer a private method,
-        please email support@wolfssl.com
+        Thanks for reporting a bug. If you would prefer a private method,
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: contact
     attributes:

.github/ISSUE_TEMPLATE/other.yaml

@@ -6,7 +6,9 @@ body:
     attributes:
       value: >
         Thanks for reporting an issue. If you would prefer a private method,
-        please email support@wolfssl.com
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: version
     attributes:

.github/workflows/bind.yml

@@ -0,0 +1,93 @@
+name: bind9 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-bind
+          path: build-dir.tgz
+          retention-days: 5
+
+  bind_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 9.18.0, 9.18.28 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-bind
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout bind9
+        uses: actions/checkout@v4
+        with:
+          repository: isc-projects/bind9
+          path: bind
+          ref: v${{ matrix.ref }}
+
+      - name: Build and test bind9
+        working-directory: bind
+        run: |
+          export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig
+          patch -p1 < $GITHUB_WORKSPACE/osp/bind9/${{ matrix.ref }}.patch
+          autoreconf -ivf
+          ./configure --with-wolfssl
+          sed -i 's/SUBDIRS = system//g' bin/tests/Makefile # remove failing tests
+          make -j V=1
+          make -j V=1 check

.github/workflows/cmake.yml

@@ -0,0 +1,87 @@
+name: WolfSSL CMake Build Tests
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+# pull wolfSSL
+    - uses: actions/checkout@master
+
+# install cmake
+    - name: Install cmake
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y cmake
+
+# pull wolfssl
+    - name: Checkout wolfssl
+      uses: actions/checkout@master
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+# build wolfssl
+    - name: Build wolfssl
+      working-directory: ./wolfssl
+      run: |
+        mkdir build
+        cd build
+        cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
+            -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
+            -DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
+            -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
+            -DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
+            -DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
+            -DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
+            -DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
+            -DWOLFSSL_CERTREQ:BOOL=yes -DWOLFSSL_CHACHA:STRING=yes -DWOLFSSL_CMAC:BOOL=yes \
+            -DWOLFSSL_CODING:BOOL=yes -DWOLFSSL_CONFIG_H:BOOL=yes -DWOLFSSL_CRL:STRING=yes \
+            -DWOLFSSL_CRYPTOCB:BOOL=yes -DWOLFSSL_CRYPTOCB_NO_SW_TEST:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS:BOOL=yes -DWOLFSSL_CRYPT_TESTS_HELP:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS_LIBS:BOOL=no -DWOLFSSL_CURL:BOOL=yes -DWOLFSSL_CURVE25519:STRING=yes \
+            -DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
+            -DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
+            -DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
+            -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
+            -DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
+            -DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
+            -DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
+            -DWOLFSSL_ERROR_STRINGS:BOOL=yes -DWOLFSSL_EXAMPLES:BOOL=yes -DWOLFSSL_EXPERIMENTAL:BOOL=yes \
+            -DWOLFSSL_EXTENDED_MASTER:BOOL=yes -DWOLFSSL_EX_DATA:BOOL=yes -DWOLFSSL_FAST_MATH:BOOL=no \
+            -DWOLFSSL_FILESYSTEM:BOOL=yes -DWOLFSSL_HARDEN:BOOL=yes -DWOLFSSL_HASH_DRBG:BOOL=yes \
+            -DWOLFSSL_HKDF:BOOL=yes -DWOLFSSL_HPKE:BOOL=yes -DWOLFSSL_HRR_COOKIE:STRING=yes \
+            -DWOLFSSL_INLINE:BOOL=yes -DWOLFSSL_INSTALL:BOOL=yes -DWOLFSSL_IP_ALT_NAME:BOOL=ON \
+            -DWOLFSSL_KEYGEN:BOOL=yes -DWOLFSSL_KEYING_MATERIAL:BOOL=ON \
+            -DWOLFSSL_MD4:BOOL=ON -DWOLFSSL_MD5:BOOL=yes -DWOLFSSL_MEMORY:BOOL=yes -DWOLFSSL_NO_STUB:BOOL=no \
+            -DWOLFSSL_OAEP:BOOL=yes -DWOLFSSL_OCSP:BOOL=yes -DWOLFSSL_OCSPSTAPLING:BOOL=ON \
+            -DWOLFSSL_OCSPSTAPLING_V2:BOOL=ON -DWOLFSSL_OLD_NAMES:BOOL=yes -DWOLFSSL_OLD_TLS:BOOL=yes \
+            -DWOLFSSL_OPENSSLALL:BOOL=yes -DWOLFSSL_OPENSSLEXTRA:BOOL=ON -DWOLFSSL_OPTFLAGS:BOOL=yes \
+            -DWOLFSSL_OQS:BOOL=no -DWOLFSSL_PKCALLBACKS:BOOL=yes -DWOLFSSL_PKCS12:BOOL=yes \
+            -DWOLFSSL_PKCS7:BOOL=yes -DWOLFSSL_POLY1305:BOOL=yes -DWOLFSSL_POSTAUTH:BOOL=yes \
+            -DWOLFSSL_PWDBASED:BOOL=yes -DWOLFSSL_QUIC:BOOL=yes -DWOLFSSL_REPRODUCIBLE_BUILD:BOOL=no \
+            -DWOLFSSL_RNG:BOOL=yes -DWOLFSSL_RSA:BOOL=yes -DWOLFSSL_RSA_PSS:BOOL=yes \
+            -DWOLFSSL_SESSION_TICKET:BOOL=ON -DWOLFSSL_SHA:BOOL=yes -DWOLFSSL_SHA224:BOOL=yes \
+            -DWOLFSSL_SHA3:STRING=yes -DWOLFSSL_SHA384:BOOL=yes -DWOLFSSL_SHA512:BOOL=yes \
+            -DWOLFSSL_SHAKE128:STRING=yes -DWOLFSSL_SHAKE256:STRING=yes -DWOLFSSL_SINGLE_THREADED:BOOL=no \
+            -DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
+            -DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
+            -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
+            -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
+            -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
+            -DWOLFSSL_X963KDF:BOOL=yes \
+            -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
+            ..
+        cmake --build .
+        cmake --install .
+
+        # Kyber Cmake broken
+        # -DWOLFSSL_KYBER:BOOL=yes

.github/workflows/codespell.yml

@@ -23,7 +23,7 @@ jobs:
         check_filenames: true
         check_hidden: true
           # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
-        ignore_words_list: adin,aNULL,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
+        ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
           # The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
         exclude_file: '.codespellexcludelines'
           # To skip files entirely from being processed, add it to the following list:

.github/workflows/intelasm-c-fallback.yml

@@ -0,0 +1,52 @@
+name: Dynamic C Fallback Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_AES_C_DYNAMIC_FALLBACK -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL with WC_C_DYNAMIC_FALLBACK and DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+        run: |
+          ./autogen.sh
+          randseed=$(head -c 4 /dev/urandom | od -t u4 --address-radix=n)
+          randseed="${randseed#"${randseed%%[![:space:]]*}"}"
+          echo "fuzzing seed=${randseed}"
+          ./configure ${{ matrix.config }} CFLAGS="-DWC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED=$randseed -fsanitize=leak -g -fno-omit-frame-pointer"
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done

.github/workflows/krb5.yml

@@ -92,7 +92,7 @@ jobs:
           # Using rpath because LD_LIBRARY_PATH is overwritten during testing
           export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl  -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
           export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
-          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
+          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit --with-spake-openssl \
             CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
           CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j
 

.github/workflows/libssh2.yml

@@ -17,7 +17,7 @@ jobs:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -44,10 +44,10 @@ jobs:
       fail-fast: false
       matrix:
         # List of releases to test
-        ref: [ 1.11.0 ]
+        ref: [ 1.11.1 ]
     name: ${{ matrix.ref }}
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 8
     needs: build_wolfssl
@@ -70,5 +70,8 @@ jobs:
           check: true
 
       - name: Confirm libssh2 built with wolfSSL
-        working-directory: ./libssh2
-        run: ldd src/.libs/libssh2.so | grep wolfssl
+        run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: tail -n +1 libssh2/tests/*.log

.github/workflows/libvncserver.yml

@@ -44,7 +44,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ref: [ 0.9.13 ]
+        ref: [ 0.9.13, 0.9.14 ]
     name: ${{ matrix.ref }}
     if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-22.04

.github/workflows/ntp.yml

@@ -44,7 +44,7 @@ jobs:
       fail-fast: false
       matrix:
         # List of releases to test
-        ref: [ 4.2.8p15 ]
+        ref: [ 4.2.8p15, 4.2.8p17 ]
     name: ${{ matrix.ref }}
     if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-22.04

.github/workflows/openldap.yml

@@ -46,6 +46,8 @@ jobs:
           # List of releases to test
           - osp_ref: 2.5.13
             git_ref: OPENLDAP_REL_ENG_2_5_13
+          - osp_ref: 2.6.7
+            git_ref: OPENLDAP_REL_ENG_2_6_7
     name: ${{ matrix.osp_ref }}
     runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.

.github/workflows/os-check.yml

@@ -40,6 +40,8 @@ jobs:
            --enable-dtls-mtu',
           '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
             --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
+          '--enable-ascon --enable-experimental',
+          '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'

.github/workflows/pq-all.yml

@@ -0,0 +1,49 @@
+name: Quantum Resistant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=all,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done

.github/workflows/watcomc.yml

@@ -0,0 +1,84 @@
+name: Build Watcom C
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  wolfssl_watcomc_windows:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        common:
+          - cmake:    '-G "Watcom WMake" -DCMAKE_VERBOSE_MAKEFILE=TRUE -DWOLFSSL_ASM=no -DWOLFSSL_EXAMPLES=no -DWOLFSSL_CRYPT_TESTS=no'
+        platform:
+          - title:   'Windows OW 2.0'
+            system:   'Windows'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'win32ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'Linux OW 2.0'
+            system:   'Linux'
+            image:    'ubuntu-latest'
+            owimage:  '2.0'
+            id:       'linuxow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'OS/2 OW 2.0'
+            system:   'OS2'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'os2ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=OS2 -DCMAKE_SYSTEM_PROCESSOR=x86'
+        thread:
+          - id:       'multi'
+            cmake:    ''
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=MultiThreaded'
+          - id:       'single'
+            cmake:    '-DWOLFSSL_SINGLE_THREADED=yes'
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=SingleThreaded'
+        library:
+          - id:       'dll'
+            cmake:    ''
+            owcmake:  'DLL'
+          - id:       'static'
+            cmake:    '-DBUILD_SHARED_LIBS=no'
+            owcmake:  ''
+        exclude:
+          - { platform: { system: 'Linux' }, library: { id: 'dll' } }
+    runs-on: ${{ matrix.platform.image }}
+    name: ${{ matrix.platform.title }} (${{ matrix.thread.id }} ${{ matrix.library.id }})
+    steps:
+      - name: Setup Open Watcom ${{ matrix.platform.owimage }}
+        uses: open-watcom/setup-watcom@v0
+        with:
+          version: ${{ matrix.platform.owimage }}
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Build wolfSSL
+        working-directory: wolfssl
+        shell: bash
+        run: |
+          cmake -B build ${{matrix.common.cmake}} ${{ matrix.platform.cmake }} ${{ matrix.thread.cmake }} ${{ matrix.library.cmake }} ${{ matrix.thread.owcmake }}${{ matrix.library.owcmake }}
+          cmake --build build
+
+      - name: Upload build errors
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.platform.id }}-${{ matrix.thread.id }}-${{ matrix.library.id }}
+          path: |
+            build/**

.gitignore

@@ -418,11 +418,16 @@ user_settings_asm.h
 # ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
 /IDE/Espressif/**/sdkconfig.debug
 /IDE/Espressif/**/sdkconfig.release
+/IDE/Espressif/**/sdkconfig-debug
+/IDE/Espressif/**/sdkconfig-release
 
 # Always include Espressif makefiles (typically only used for ESP8266)
 !/IDE/Espressif/**/Makefile
 !/IDE/Espressif/**/component.mk
 
+# Ignore all the example logs
+/IDE/Espressif/ESP-IDF/examples/**/logs/*
+
 # MPLAB
 /IDE/MPLABX16/wolfssl.X/dist/default/
 /IDE/MPLABX16/wolfssl.X/.generated_files

.wolfssl_known_macro_extras

@@ -28,6 +28,7 @@ BSP_SDCARD_ESDHC_CHANNEL
 BSP_SDCARD_SDHC_CHANNEL
 BSP_SDCARD_SPI_CHANNEL
 CAAM_OUT_INVALIDATE
+CERT_REL_PREFIX
 CIOCASYMFEAT
 CIOCGSESSINFO
 CMSIS_OS2_H_
@@ -138,6 +139,7 @@ CONFIG_WOLFSSL_TLS13_ENABLED
 CONFIG_WOLFSSL_TLS_VERSION_1_2
 CONFIG_WOLFSSL_TLS_VERSION_1_3
 CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+CONFIG_WOLFTPM
 CONFIG_X86
 CONV_WITH_DIV
 CPA_CY_API_VERSION_NUM_MAJOR
@@ -372,6 +374,7 @@ NO_WOLFSSL_AUTOSAR_CRYIF
 NO_WOLFSSL_AUTOSAR_CRYPTO
 NO_WOLFSSL_AUTOSAR_CSM
 NO_WOLFSSL_BASE64_DECODE
+NO_WOLFSSL_BN_CTX
 NO_WOLFSSL_MSG_EX
 NO_WOLFSSL_RENESAS_FSPSM_AES
 NO_WOLFSSL_RENESAS_FSPSM_HASH
@@ -563,6 +566,7 @@ WOLFSSL_ALLOW_TLS_SHA1
 WOLFSSL_ALTERNATIVE_DOWNGRADE
 WOLFSSL_ALT_NAMES_NO_REV
 WOLFSSL_ARM_ARCH_NEON_64BIT
+WOLFSSL_ASCON_UNROLL
 WOLFSSL_ASNC_CRYPT
 WOLFSSL_ASN_EXTRA
 WOLFSSL_ASN_INT_LEAD_0_ANY
@@ -597,6 +601,7 @@ WOLFSSL_CLANG_TIDY
 WOLFSSL_COMMERCIAL_LICENSE
 WOLFSSL_CONTIKI
 WOLFSSL_CRL_ALLOW_MISSING_CDP
+WOLFSSL_CURVE25519_BLINDING
 WOLFSSL_CUSTOM_CONFIG
 WOLFSSL_DILITHIUM_ASSIGN_KEY
 WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
@@ -638,7 +643,6 @@ WOLFSSL_FRDM_K64
 WOLFSSL_FRDM_K64_JENKINS
 WOLFSSL_FUNC_TIME
 WOLFSSL_FUNC_TIME_LOG
-WOLFSSL_GAISLER_BCC
 WOLFSSL_GEN_CERT
 WOLFSSL_GETRANDOM
 WOLFSSL_GNRC
@@ -647,6 +651,7 @@ WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
 WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
 WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
 WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
+WOLFSSL_HMAC_COPY_HASH
 WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
 WOLFSSL_I2D_ECDSA_SIG_ALLOC
 WOLFSSL_IAR_ARM_TIME
@@ -675,6 +680,8 @@ WOLFSSL_MAKE_SYSTEM_NAME_LINUX
 WOLFSSL_MAKE_SYSTEM_NAME_WSL
 WOLFSSL_MDK5
 WOLFSSL_MEM_FAIL_COUNT
+WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
 WOLFSSL_MONT_RED_CT
 WOLFSSL_MP_COND_COPY
 WOLFSSL_MP_INVMOD_CONSTANT_TIME
@@ -682,7 +689,6 @@ WOLFSSL_MULTICIRCULATE_ALTNAMELIST
 WOLFSSL_NONBLOCK_OCSP
 WOLFSSL_NOSHA3_384
 WOLFSSL_NOT_WINDOWS_API
-WOLFSSL_NO_AES_CFB_1_8
 WOLFSSL_NO_BIO_ADDR_IN
 WOLFSSL_NO_CLIENT
 WOLFSSL_NO_CLIENT_CERT_ERROR
@@ -756,9 +762,11 @@ WOLFSSL_RSA_DECRYPT_TO_0_LEN
 WOLFSSL_RW_THREADED
 WOLFSSL_SAKKE_SMALL
 WOLFSSL_SAKKE_SMALL_MODEXP
+WOLFSSL_SE050_AUTO_ERASE
 WOLFSSL_SE050_CRYPT
 WOLFSSL_SE050_HASH
 WOLFSSL_SE050_INIT
+WOLFSSL_SE050_NO_RSA
 WOLFSSL_SE050_NO_TRNG
 WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
 WOLFSSL_SETTINGS_FILE
@@ -898,6 +906,7 @@ __INTEGRITY
 __INTEL_COMPILER
 __KEIL__
 __KEY_DATA_H__
+__LINUX__
 __LP64
 __LP64__
 __MACH__
@@ -906,7 +915,9 @@ __MINGW32__
 __MINGW64_VERSION_MAJOR
 __MINGW64__
 __MWERKS__
+__NT__
 __OpenBSD__
+__OS2__
 __PIE__
 __POWERPC__
 __PPC__

CMakeLists.txt

@@ -153,9 +153,14 @@ endif()
 # Thread local storage
 include(CheckCSourceCompiles)
 
-set(TLS_KEYWORDS "__thread" "__declspec(thread)")
-foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
-    set(TLS_CODE "#include <stdlib.h>
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
+    endif()
+else()
+    set(TLS_KEYWORDS "__thread" "__declspec(thread)")
+    foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
+        set(TLS_CODE "#include <stdlib.h>
                   static void foo(void) {
                      static ${TLS_KEYWORD} int bar\;
                      exit(1)\;
@@ -164,21 +169,22 @@ foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
                   int main() {
                     return 0\;
                   }"
-    )
-    check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
+        )
+        check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
 
-    if(THREAD_LS_ON)
-        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
-        break()
-    else()
-        # THREAD_LS_ON is cached after each call to
-        # check_c_source_compiles, and the function
-        # won't run subsequent times if the variable
-        # is in the cache. To make it run again, we
-        # need to remove the variable from the cache.
-        unset(THREAD_LS_ON CACHE)
-    endif()
-endforeach()
+        if(THREAD_LS_ON)
+            list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
+            break()
+        else()
+            # THREAD_LS_ON is cached after each call to
+            # check_c_source_compiles, and the function
+            # won't run subsequent times if the variable
+            # is in the cache. To make it run again, we
+            # need to remove the variable from the cache.
+            unset(THREAD_LS_ON CACHE)
+        endif()
+    endforeach()
+endif()
 
 # TODO: AX_PTHREAD does a lot. Need to implement the
 #       rest of its logic.
@@ -198,13 +204,20 @@ find_package(Threads)
 # Example for map file and custom linker script
 #set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
 
+message(STATUS "C Compiler ID: ${CMAKE_C_COMPILER_ID}")
+
 if(DEFINED WARNING_C_FLAGS)
-set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
+endif()
+
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wx -wcd=202")
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX -DNO_WRITEV")
 elseif(WIN32)
-# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
-set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
+    # Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
+    set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
 else()
-set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
 endif()
 
 ####################################################
@@ -281,9 +294,7 @@ if(NOT WOLFSSL_SINGLE_THREADED)
     if(CMAKE_USE_PTHREADS_INIT)
         list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
         set(HAVE_PTHREAD 1)
-        list(APPEND WOLFSSL_DEFINITIONS
-            "-DHAVE_PTHREAD"
-            "-D_POSIX_THREADS")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PTHREAD")
     endif()
 else()
     list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED")
@@ -2409,17 +2420,21 @@ target_include_directories(wolfssl
 
 target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS})
 
-if(WIN32)
-    # For Windows link ws2_32
+if (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "^MSYS" OR ${CMAKE_SYSTEM_NAME} MATCHES "^MINGW")
+    # For Windows link required libraries
+    message("Building on Windows/MSYS/MINGW")
     target_link_libraries(wolfssl PUBLIC
-        $<$<PLATFORM_ID:Windows>:ws2_32 crypt32>)
+        ws2_32 crypt32 advapi32)
+elseif(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
 elseif(APPLE)
+    message("Building on Apple")
     if(WOLFSSL_SYS_CA_CERTS)
         target_link_libraries(wolfssl PUBLIC
             ${CORE_FOUNDATION_FRAMEWORK}
             ${SECURITY_FRAMEWORK})
     endif()
 else()
+    message("Building on Linux (or other)")
     if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST)
         # DH requires math (m) library
         target_link_libraries(wolfssl
@@ -2485,6 +2500,16 @@ if(WOLFSSL_EXAMPLES)
     # Build unit tests
     add_executable(unit_test
         tests/api.c
+        tests/api/test_md5.c
+        tests/api/test_sha.c
+        tests/api/test_sha256.c
+        tests/api/test_sha512.c
+        tests/api/test_sha3.c
+        tests/api/test_blake2.c
+        tests/api/test_sm3.c
+        tests/api/test_ripemd.c
+        tests/api/test_hash.c
+        tests/api/test_ascon.c
         tests/hash.c
         tests/srp.c
         tests/suites.c
@@ -2747,14 +2772,17 @@ if(WOLFSSL_INSTALL)
     set(includedir "\${prefix}/include")
     set(VERSION ${PROJECT_VERSION})
 
-    # Setting libm in Libs.private of wolfssl.pc.
-    # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
-    get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
-    list(FIND _wolfssl_dep_libs m _dep_libm)
-    if ("${_dep_libm}" GREATER -1)
-      set(LIBM -lm)
+    if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
     else()
-      set(LIBM)
+        # Setting libm in Libs.private of wolfssl.pc.
+        # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
+        get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
+        list(FIND _wolfssl_dep_libs m _dep_libm)
+        if ("${_dep_libm}" GREATER -1)
+            set(LIBM -lm)
+        else()
+            set(LIBM)
+        endif()
     endif()
 
     configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)

IDE/ARDUINO/Arduino_README_prepend.md

@@ -4,16 +4,46 @@ This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/)
 
 The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
 
-See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
+See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
+
+Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
+
+## wolfSSL Configuration
+
+As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
+## wolfSSL Examples
+
+Additional wolfSSL examples can be found at:
+
+- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
+
+- https://github.com/wolfSSL/wolfssl/tree/master/examples
+
+- https://github.com/wolfSSL/wolfssl-examples/
 
 ## Arduino Releases
 
-This release of wolfSSL is version [5.7.4](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.4-stable).
+This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
 
-Version [5.7.2](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable) of the Arduino wolfSSL was published August 3, 2024.
-
-The next Official wolfSSL Arduino Library was [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
+See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
 
 The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
 
-See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
+The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

IDE/ARDUINO/README.md

@@ -7,13 +7,33 @@ See the [example sketches](./sketches/README.md):
 
 When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
 
+## Getting Started
+
+See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
 ## Boards
 
 Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
 and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
 
 STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
-from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started)   .
+from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
 
 ```
 https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json

IDE/ARDUINO/sketches/README.md

@@ -10,3 +10,25 @@ Examples have been most recently confirmed operational on the
 
 For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
 Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+## Using wolfSSL
+
+The typical include will look something like this:
+
+```
+#include <Arduino.h>
+
+ /* wolfSSL user_settings.h must be included from settings.h
+  * Make all configurations changes in user_settings.h
+  * Do not edit wolfSSL `settings.h` or `configh.h` files.
+  * Do not explicitly include user_settings.h in any source code.
+  * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+  * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+  * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+  * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+  */
+#include <wolfssl.h>
+#include <wolfssl/version.h>
+```
+
+For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)

IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino

@@ -1,6 +1,6 @@
 /* wolfssl_client.ino
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -85,6 +85,15 @@ Tested with:
     #include <NTPClient.h>
 #endif
 
+/* wolfSSL user_settings.h must be included from settings.h
+ * Make all configurations changes in user_settings.h
+ * Do not edit wolfSSL `settings.h` or `config.h` files.
+ * Do not explicitly include user_settings.h in any source code.
+ * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+ * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+ * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+ * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+ */
 #include <wolfssl.h>
 /* Important: make sure settings.h appears before any other wolfSSL headers */
 #include <wolfssl/wolfcrypt/settings.h>

IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino

@@ -1,6 +1,6 @@
 /* wolfssl_server.ino
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -85,6 +85,15 @@ Tested with:
     #include <NTPClient.h>
 #endif
 
+/* wolfSSL user_settings.h must be included from settings.h
+ * Make all configurations changes in user_settings.h
+ * Do not edit wolfSSL `settings.h` or `config.h` files.
+ * Do not explicitly include user_settings.h in any source code.
+ * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+ * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+ * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+ * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+ */
 #include <wolfssl.h>
 /* Important: make sure settings.h appears before any other wolfSSL headers */
 #include <wolfssl/wolfcrypt/settings.h>

IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino

@@ -1,24 +1,55 @@
-#include <Arduino.h>
-#include <wolfssl.h>
-#include <wolfssl/version.h>
-
-/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
-#define SERIAL_BAUD 115200
-
-/* Arduino setup */
-void setup() {
-    Serial.begin(SERIAL_BAUD);
-    while (!Serial) {
-        /* wait for serial port to connect. Needed for native USB port only */
-    }
-    Serial.println(F(""));
-    Serial.println(F(""));
-    Serial.println(F("wolfSSL setup complete!"));
-}
-
-/* Arduino main application loop. */
-void loop() {
-    Serial.print("wolfSSL Version: ");
-    Serial.println(LIBWOLFSSL_VERSION_STRING);
-    delay(60000);
-}
+/* wolfssl_server.ino
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <Arduino.h>
+
+ /* wolfSSL user_settings.h must be included from settings.h
+  * Make all configurations changes in user_settings.h
+  * Do not edit wolfSSL `settings.h` or `config.h` files.
+  * Do not explicitly include user_settings.h in any source code.
+  * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+  * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+  * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+  * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+  */
+#include <wolfssl.h>
+#include <wolfssl/version.h>
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* Arduino setup */
+void setup() {
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial) {
+        /* wait for serial port to connect. Needed for native USB port only */
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL setup complete!"));
+}
+
+/* Arduino main application loop. */
+void loop() {
+    Serial.print("wolfSSL Version: ");
+    Serial.println(LIBWOLFSSL_VERSION_STRING);
+    delay(60000);
+}

IDE/ARDUINO/wolfssl.h

@@ -1,6 +1,6 @@
 /* wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,15 @@
 
 #include <Arduino.h>
 
-/* wolfSSL user_settings.h must be included from settings.h */
+/* wolfSSL user_settings.h must be included from settings.h
+ * Make all configurations changes in user_settings.h
+ * Do not edit wolfSSL `settings.h` or `config.h` files.
+ * Do not explicitly include user_settings.h in any source code.
+ * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+ * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+ * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+ * The wolfSSL "settings.h" must be listed before any other wolfSSL include.
+ */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 

IDE/AURIX/Cpu0_Main.c

@@ -1,6 +1,6 @@
 /* Cpu0_Main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/AURIX/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/AURIX/wolf_main.c

@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/CRYPTOCELL/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/CRYPTOCELL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/deos_malloc.c

@@ -1,6 +1,6 @@
 /* deos_malloc.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/tls_wolfssl.c

@@ -1,6 +1,6 @@
 /* tls_wolfssl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/tls_wolfssl.h

@@ -1,6 +1,6 @@
 /* tls_wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/client_wolfssl.c

@@ -1,6 +1,6 @@
 /* client_wolfssl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/client_wolfssl.h

@@ -1,6 +1,6 @@
 /* client_wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.c

@@ -1,6 +1,6 @@
 /* server_wolfssl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.h

@@ -1,6 +1,6 @@
 /* server_wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c

@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/RTTHREAD/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/RTTHREAD/wolfssl_test.c

@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/dummy_config_h

@@ -1,6 +1,6 @@
 /* config.h - dummy
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/dummy_test_paths.h

@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt

@@ -8,7 +8,12 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 cmake_minimum_required(VERSION 3.16)
 
 # Optional no watchdog typically used for test & benchmark
-add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
@@ -123,8 +128,8 @@ endif()
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
-message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
 if(0)
+	message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
     # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
     set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
@@ -135,9 +140,10 @@ if(0)
     else()
         message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     endif()
+	message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-message(STATUS "end optional include")
 
 project(wolfssl_template)
 message(STATUS "end project")

IDE/Espressif/ESP-IDF/examples/template/Makefile

@@ -0,0 +1,14 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+CFLAGS += -DWOLFSSL_USER_SETTINGS
+
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
+
+PROJECT_NAME := wolfssl_template
+
+include $(IDF_PATH)/make/project.mk

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -408,17 +408,22 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "")
-    set(THIS_INCLUDE_DRIVER "")
-    set(THIS_ESP_TLS "")
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_ESP_TLS        "esp-tls")
     set(THIS_INCLUDE_DRIVER "driver")
-    set(THIS_ESP_TLS "esp-tls")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
     # Let the app know that we've included the esp-tls component requirement.
     # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
@@ -430,6 +435,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                                           "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
                                           "${THIS_INCLUDE_TIMER}"
                                           "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig

@@ -1,6 +1,6 @@
 # Kconfig template
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -66,7 +66,19 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
 # The root is 7 directories up from here (the location of of this component.mk):
-WOLFSSL_ROOT := ../../../../../../..
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
 
 # To set the location of a different location, it is best to use relative paths.
 #
@@ -92,14 +104,16 @@ WOLFSSL_ROOT := ../../../../../../..
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 
-abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
 
 # print-wolfssl-path-value:
 #	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
 #	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
 
-$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
-$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
 
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
@@ -109,6 +123,7 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
@@ -122,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
-
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
-# COMPONENT_OBJS += src/conf.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -154,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
@@ -276,21 +291,16 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 ## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
-
-##
-## wolfcrypt
-##
-## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
 $(info ********** end wolfssl component **********)

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,6 +20,11 @@
  */
 #define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
 /* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
@@ -219,6 +224,17 @@
     #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
 /* Pick a cert buffer size: */
 /* #define USE_CERT_BUFFERS_2048 */
 /* #define USE_CERT_BUFFERS_1024 */
@@ -273,6 +289,10 @@
 
 /* Optionally enable some wolfSSH settings */
 #if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
     /* The default SSH Windows size is massive for an embedded target.
      * Limit it: */
     #define DEFAULT_WINDOW_SZ 2000
@@ -386,7 +406,10 @@
 #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     defined(CONFIG_IDF_TARGET_ESP8684)
     /* Optionally set smaller size here */
-    #define HAVE_FFDHE_4096
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
 #else
     #define HAVE_FFDHE_4096
 #endif

IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt

@@ -1,11 +1,18 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.1
+#   v1.2
 #
 # wolfssl template
 #
 message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
@@ -57,7 +64,9 @@ endif()
 idf_component_register(SRCS main.c
                        INCLUDE_DIRS "."
                             "./include"
-                       PRIV_REQUIRES driver "${MAIN_WOLFSSL_COMPONENT_NAME}")
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)

IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild

@@ -1,6 +1,6 @@
 # Kconfig main
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #

IDE/Espressif/ESP-IDF/examples/template/main/component.mk

@@ -0,0 +1,23 @@
+#
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif

IDE/Espressif/ESP-IDF/examples/template/main/include/main.h

@@ -1,6 +1,6 @@
 /* template main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/template/main/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults

@@ -1,5 +1,6 @@
 # Set the known example app config to template example (see user_settings.h)
 CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
+
 # CONFIG_EXAMPLE_WIFI_SSID="myssid"
 # CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
 
@@ -23,6 +24,7 @@ CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
 # We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
 CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+
 # Legacy stack size name for older ESP-IDF versions
 CONFIG_MAIN_TASK_STACK_SIZE=10500
 

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt

@@ -8,7 +8,11 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 cmake_minimum_required(VERSION 3.16)
 
 # Optional no watchdog typically used for test & benchmark
-add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
 
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
@@ -52,6 +56,34 @@ if(APPLE)
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
@@ -95,8 +127,8 @@ endif()
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
-message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
 if(0)
+    message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
     # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
     set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
@@ -107,9 +139,10 @@ if(0)
     else()
         message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     endif()
+    message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-message(STATUS "end optional include")
 
 project(wolfssl_benchmark)
 message(STATUS "end project")

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile

@@ -4,9 +4,11 @@
 #
 
 CFLAGS += -DWOLFSSL_USER_SETTINGS
+
 # Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
 # There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
-EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
 
 PROJECT_NAME := wolfssl_benchmark
+
 include $(IDF_PATH)/make/project.mk

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -159,7 +159,8 @@ else()
     set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
-# find the user name to search for possible "wolfssl-username"
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -407,17 +408,22 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "")
-    set(THIS_INCLUDE_DRIVER "")
-    set(THIS_ESP_TLS "")
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_ESP_TLS        "esp-tls")
     set(THIS_INCLUDE_DRIVER "driver")
-    set(THIS_ESP_TLS "esp-tls")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
     # Let the app know that we've included the esp-tls component requirement.
     # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
@@ -429,6 +435,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                                           "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
                                           "${THIS_INCLUDE_TIMER}"
                                           "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig

@@ -1,6 +1,6 @@
 # Kconfig template
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -66,7 +66,19 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
 # The root is 7 directories up from here (the location of of this component.mk):
-WOLFSSL_ROOT := ../../../../../../..
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
 
 # To set the location of a different location, it is best to use relative paths.
 #
@@ -92,14 +104,16 @@ WOLFSSL_ROOT := ../../../../../../..
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 
-abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
 
 # print-wolfssl-path-value:
 #	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
 #	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
 
-$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
-$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
 
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
@@ -109,6 +123,7 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
@@ -122,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
-
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
-# COMPONENT_OBJS += src/conf.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -154,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
@@ -274,22 +289,18 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
 
 ##
-## wolfcrypt benchmark  (optional)
+## wolfcrypt benchmark  (needed for this benchmark example)
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+COMPONENT_OBJS               += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+COMPONENT_SRCDIRS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS    += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
-##
-## wolfcrypt
-##
-# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
 $(info ********** end wolfssl component **********)

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,6 +20,11 @@
  */
 #define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
 /* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
@@ -219,6 +224,17 @@
     #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
 /* Pick a cert buffer size: */
 /* #define USE_CERT_BUFFERS_2048 */
 /* #define USE_CERT_BUFFERS_1024 */
@@ -273,6 +289,10 @@
 
 /* Optionally enable some wolfSSH settings */
 #if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
     /* The default SSH Windows size is massive for an embedded target.
      * Limit it: */
     #define DEFAULT_WINDOW_SZ 2000
@@ -386,7 +406,10 @@
 #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     defined(CONFIG_IDF_TARGET_ESP8684)
     /* Optionally set smaller size here */
-    #define HAVE_FFDHE_4096
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
 #else
     #define HAVE_FFDHE_4096
 #endif
@@ -765,7 +788,7 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt

@@ -1,12 +1,17 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.1
+#   v1.2
 #
 # wolfssl benchmark test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-set(COMPONENT_SRCS "main.c")
-set(COMPONENT_ADD_INCLUDEDIRS ".")
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
 
 if(WIN32)
     # Windows-specific configuration here
@@ -59,7 +64,9 @@ endif()
 idf_component_register(SRCS main.c
                        INCLUDE_DIRS "."
                             "./include"
-                       PRIV_REQUIRES driver "${MAIN_WOLFSSL_COMPONENT_NAME}")
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild

@@ -22,7 +22,7 @@ config BENCH_ARGV
         -lng <num>  Display benchmark result by specified language.
                     0: English, 1: Japanese
         <num>       Size of block in bytes
-        
+
         e.g -lng 1
         e.g sha
 

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk

@@ -7,3 +7,17 @@
 # please read the ESP-IDF documents if you need to do this.
 #
 # (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h

@@ -1,6 +1,6 @@
 /* wolfssl_benchmark main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c

@@ -1,6 +1,6 @@
 /* benchmark main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults

@@ -1,5 +1,6 @@
 # Set the known example app config to template example (see user_settings.h)
 CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y
+
 # CONFIG_EXAMPLE_WIFI_SSID="myssid"
 # CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
 
@@ -7,6 +8,7 @@ CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y
 CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
 
 # sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
 CONFIG_BENCH_ARGV="-lng 0"
 # FreeRTOS ticks at 1ms interval

IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt

@@ -8,7 +8,12 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 cmake_minimum_required(VERSION 3.16)
 
 # Optional no watchdog typically used for test & benchmark
-add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
@@ -124,7 +129,7 @@ endif()
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
 if(0)
-    message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
+	message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
     # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
     set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
@@ -135,8 +140,9 @@ if(0)
     else()
         message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     endif()
-    message(STATUS "end optional include")
+	message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_client)

IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile

@@ -1,6 +1,6 @@
 # ESP8266 Project Makefile for wolfssl_client
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -159,7 +159,8 @@ else()
     set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
-# find the user name to search for possible "wolfssl-username"
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -407,17 +408,22 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "")
-    set(THIS_INCLUDE_DRIVER "")
-    set(THIS_ESP_TLS "")
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_ESP_TLS        "esp-tls")
     set(THIS_INCLUDE_DRIVER "driver")
-    set(THIS_ESP_TLS "esp-tls")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
     # Let the app know that we've included the esp-tls component requirement.
     # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
@@ -429,6 +435,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                                           "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
                                           "${THIS_INCLUDE_TIMER}"
                                           "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig

@@ -1,6 +1,6 @@
 # Kconfig template
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -66,7 +66,19 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
 # The root is 7 directories up from here (the location of of this component.mk):
-WOLFSSL_ROOT := ../../../../../../..
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
 
 # To set the location of a different location, it is best to use relative paths.
 #
@@ -92,14 +104,16 @@ WOLFSSL_ROOT := ../../../../../../..
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 
-abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
 
 # print-wolfssl-path-value:
 #	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
 #	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
 
-$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
-$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
 
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
@@ -109,6 +123,7 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
@@ -122,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
-
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
-# COMPONENT_OBJS += src/conf.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -154,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
@@ -276,21 +291,16 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 ## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
-
-##
-## wolfcrypt
-##
-## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
 $(info ********** end wolfssl component **********)

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,6 +20,11 @@
  */
 #define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
 /* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
@@ -219,6 +224,17 @@
     #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
 /* Pick a cert buffer size: */
 /* #define USE_CERT_BUFFERS_2048 */
 /* #define USE_CERT_BUFFERS_1024 */
@@ -273,6 +289,10 @@
 
 /* Optionally enable some wolfSSH settings */
 #if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
     /* The default SSH Windows size is massive for an embedded target.
      * Limit it: */
     #define DEFAULT_WINDOW_SZ 2000
@@ -386,7 +406,10 @@
 #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     defined(CONFIG_IDF_TARGET_ESP8684)
     /* Optionally set smaller size here */
-    #define HAVE_FFDHE_4096
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
 #else
     #define HAVE_FFDHE_4096
 #endif

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt

@@ -1,11 +1,18 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.1
+#   v1.2
 #
 # wolfssl client test
 #
 message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
@@ -61,7 +68,7 @@ idf_component_register(SRCS main.c
                        INCLUDE_DIRS "."
                             "./include"
                        PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
-                                     driver
+                                     "${THIS_PRIV_REQUIRES_DRIVER}"
                                      nvs_flash
                                      protocol_examples_common)
 

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild

@@ -1,3 +1,26 @@
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
 menu "Example wolfSSL Configuration"
 
 choice WOLFSSL_EXAMPLE_CHOOSE
@@ -72,6 +95,12 @@ choice WOLFSSL_EXAMPLE_CHOOSE
         help
             See wolfSSL/wolfTPM on GitHub.
 
+    config WOLFSSL_APPLE_HOMEKIT
+        bool "Apple HomeKit for the ESP32"
+        help
+            See AchimPieters/esp32-homekit-demo on GitHub.
+
+
     config WOLFSSL_EXAMPLE_NAME_NONE
         bool "Other"
         help

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h

@@ -1,6 +1,6 @@
 /* client-tls.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h

@@ -1,6 +1,6 @@
 /* wolfssl_client main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h

@@ -1,6 +1,6 @@
 /* time_helper.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c

@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults

@@ -1,5 +1,6 @@
 # Set the known example app config to TLS Client (see user_settings.h)
 CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y
+
 # CONFIG_EXAMPLE_WIFI_SSID="myssid"
 # CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
 
@@ -7,7 +8,7 @@ CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y
 CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
 
 # sdkconfig.defaults for ESP8266 + ESP32
-
+# See separate sdkconfig.defaults.esp8266
 # FreeRTOS ticks at 1ms interval
 CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000

IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt

@@ -8,7 +8,12 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 cmake_minimum_required(VERSION 3.16)
 
 # Optional no watchdog typically used for test & benchmark
-add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
@@ -123,8 +128,8 @@ endif()
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
-message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
 if(0)
+	message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
     # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
     set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
@@ -135,9 +140,10 @@ if(0)
     else()
         message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     endif()
+	message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-message(STATUS "end include")
 
 project(wolfssl_server)
 message(STATUS "end project")

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -159,7 +159,8 @@ else()
     set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
-# find the user name to search for possible "wolfssl-username"
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -407,17 +408,22 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "")
-    set(THIS_INCLUDE_DRIVER "")
-    set(THIS_ESP_TLS "")
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_ESP_TLS        "esp-tls")
     set(THIS_INCLUDE_DRIVER "driver")
-    set(THIS_ESP_TLS "esp-tls")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
     # Let the app know that we've included the esp-tls component requirement.
     # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
@@ -429,6 +435,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                                           "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
                                           "${THIS_INCLUDE_TIMER}"
                                           "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig

@@ -1,6 +1,6 @@
 # Kconfig template
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -66,7 +66,19 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
 # The root is 7 directories up from here (the location of of this component.mk):
-WOLFSSL_ROOT := ../../../../../../..
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
 
 # To set the location of a different location, it is best to use relative paths.
 #
@@ -92,14 +104,16 @@ WOLFSSL_ROOT := ../../../../../../..
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 
-abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
 
 # print-wolfssl-path-value:
 #	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
 #	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
 
-$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
-$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
 
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
@@ -109,6 +123,7 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
@@ -122,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
-
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
-# COMPONENT_OBJS += src/conf.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -154,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
@@ -276,21 +291,16 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 ## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
-
-##
-## wolfcrypt
-##
-## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
 $(info ********** end wolfssl component **********)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,6 +20,11 @@
  */
 #define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
 /* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
@@ -219,6 +224,17 @@
     #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
 /* Pick a cert buffer size: */
 /* #define USE_CERT_BUFFERS_2048 */
 /* #define USE_CERT_BUFFERS_1024 */
@@ -273,6 +289,10 @@
 
 /* Optionally enable some wolfSSH settings */
 #if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
     /* The default SSH Windows size is massive for an embedded target.
      * Limit it: */
     #define DEFAULT_WINDOW_SZ 2000
@@ -386,7 +406,10 @@
 #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     defined(CONFIG_IDF_TARGET_ESP8684)
     /* Optionally set smaller size here */
-    #define HAVE_FFDHE_4096
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
 #else
     #define HAVE_FFDHE_4096
 #endif

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt

@@ -1,11 +1,18 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.1
+#   v1.2
 #
 # wolfssl server test
 #
 message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
@@ -61,7 +68,7 @@ idf_component_register(SRCS main.c
                        INCLUDE_DIRS "."
                             "./include"
                        PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
-                                     driver
+                                     "${THIS_PRIV_REQUIRES_DRIVER}"
                                      nvs_flash
                                      protocol_examples_common)
 
@@ -113,7 +120,7 @@ execute_process(
 if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild

@@ -1,3 +1,26 @@
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
 menu "Example wolfSSL Configuration"
 
 choice WOLFSSL_EXAMPLE_CHOOSE
@@ -72,6 +95,12 @@ choice WOLFSSL_EXAMPLE_CHOOSE
         help
             See wolfSSL/wolfTPM on GitHub.
 
+    config WOLFSSL_APPLE_HOMEKIT
+        bool "Apple HomeKit for the ESP32"
+        help
+            See AchimPieters/esp32-homekit-demo on GitHub.
+
+
     config WOLFSSL_EXAMPLE_NAME_NONE
         bool "Other"
         help

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h

@@ -1,6 +1,6 @@
 /* wolfssl_server main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h

@@ -1,6 +1,6 @@
 /* server-tls.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h

@@ -1,6 +1,6 @@
 /* time_helper.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -109,7 +109,7 @@
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
     #if defined(CONFIG_ESP_WIFI_SSID)
-        /* tyically from ESP32 with ESP-IDF v4 to v5 */
+        /* typically from ESP32 with ESP-IDF v4 to v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
     #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
         /* typically from ESP8266 rtos-sdk/v3.4 */

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c

@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c

@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults

@@ -24,7 +24,8 @@ CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
 # We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
 CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
-# Legacy stack size for older ESP-IDF versions
+
+# Legacy stack size name for older ESP-IDF versions
 CONFIG_MAIN_TASK_STACK_SIZE=10500
 
 #