Browse Source

Update Espressif Examples and Libraries

gojimmypi 2 months ago
parent
commit
5cab707d8e
81 changed files with 5581 additions and 1138 deletions
  1. 26 4
      IDE/Espressif/ESP-IDF/README.md
  2. 1 1
      IDE/Espressif/ESP-IDF/dummy_test_paths.h
  3. 2 2
      IDE/Espressif/ESP-IDF/examples/README.md
  4. 3 3
      IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
  5. 12 3
      IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
  6. 264 61
      IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
  7. 1 1
      IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
  8. 34 5
      IDE/Espressif/ESP-IDF/examples/template/main/main.c
  9. 14 6
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
  10. 4 3
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
  11. 7 0
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
  12. 5 5
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj
  13. 261 41
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
  14. 240 40
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
  15. 366 64
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
  16. 2 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
  17. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
  18. 70 5
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
  19. 59 6
      IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
  20. 29 0
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
  21. 3 3
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
  22. 13 2
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
  23. 12 6
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
  24. 67 23
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
  25. 113 19
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
  26. 18 4
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
  27. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
  28. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
  29. 7 6
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
  30. 78 0
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
  31. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
  32. 13 0
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
  33. 3 3
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
  34. 14 3
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
  35. 248 40
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
  36. 201 53
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
  37. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
  38. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
  39. 3 2
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
  40. 10 4
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
  41. 3 12
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
  42. 49 47
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
  43. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
  44. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
  45. 5 69
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
  46. 6 3
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
  47. 2 2
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj
  48. 261 41
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
  49. 240 40
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
  50. 367 65
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
  51. 4 75
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
  52. 8 2
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
  53. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
  54. 0 32
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h
  55. 67 72
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
  56. 0 120
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c
  57. 0 32
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h
  58. 61 14
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
  59. 67 0
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
  60. 227 0
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
  61. 292 0
      IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
  62. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
  63. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
  64. 1 1
      IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
  65. 1 1
      IDE/Espressif/ESP-IDF/libs/component.mk
  66. 1 1
      IDE/Espressif/ESP-IDF/user_settings.h
  67. 4 3
      IDE/Espressif/include.am
  68. 90 39
      wolfcrypt/benchmark/benchmark.c
  69. 3 0
      wolfcrypt/src/include.am
  70. 23 0
      wolfcrypt/src/port/Espressif/README.md
  71. 1 1
      wolfcrypt/src/port/Espressif/esp32_aes.c
  72. 1 1
      wolfcrypt/src/port/Espressif/esp32_mp.c
  73. 1 1
      wolfcrypt/src/port/Espressif/esp32_sha.c
  74. 120 24
      wolfcrypt/src/port/Espressif/esp32_util.c
  75. 275 0
      wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
  76. 441 0
      wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
  77. 468 0
      wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
  78. 1 0
      wolfssl/wolfcrypt/include.am
  79. 229 0
      wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
  80. 19 1
      wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
  81. 29 9
      wolfssl/wolfcrypt/settings.h

+ 26 - 4
IDE/Espressif/ESP-IDF/README.md

@@ -1,8 +1,8 @@
 # ESP-IDF Port
 # ESP-IDF Port
 
 
 These Espressif examples have been created and tested with the latest stable release branch of 
 These Espressif examples have been created and tested with the latest stable release branch of 
-[ESP-IDF V5.1](https://docs.espressif.com/projects/esp-idf/en/release-v5.1/esp32/get-started/index.html).
-The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended.
+[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
+The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
 Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
 Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
 
 
 See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
 See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
@@ -44,6 +44,28 @@ default configuration items in the wolfssl `settings.h`. With the latest version
 wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized
 wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized
 in your project `user_settings.h` as desired.
 in your project `user_settings.h` as desired.
 
 
+The `user_settings.h` include file should not be explicitly included in an project source files. Be
+sure to include `settings.h` (which pulls in `user_settings.h`) before any other wolfSSL include files.
+
+A new project should also include a compiler option suc as `CFLAGS +=-DWOLFSSL_USER_SETTINGS"` to ensure
+the `user_settings.h` is included properly. See the [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/main/main.c).
+
+```
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
 See the respective project directory:
 See the respective project directory:
 
 
   `[project-dir]/components/wolfssl/user_settings.h`
   `[project-dir]/components/wolfssl/user_settings.h`
@@ -116,7 +138,7 @@ See the specific examples for additional details.
 
 
 ## Setup for Linux (wolfSSL local copy)
 ## Setup for Linux (wolfSSL local copy)
 
 
-This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
+This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
 
  1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
  1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
@@ -124,7 +146,7 @@ This is a legacy method for installation. It is recommended to use the new `CMak
 
 
 ## Setup for Windows
 ## Setup for Windows
 
 
-This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
+This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
 
  1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
  1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
  2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
  2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`

+ 1 - 1
IDE/Espressif/ESP-IDF/dummy_test_paths.h

@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
 /* wolfcrypt/test/test_paths.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 2 - 2
IDE/Espressif/ESP-IDF/examples/README.md

@@ -10,9 +10,9 @@ These are the core examples for wolfSSL:
 
 
 - [Test](./wolfssl_test/README.md)
 - [Test](./wolfssl_test/README.md)
 
 
-- [TLS Client](./wolfssl_client/README.md)
+- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).
 
 
-- [TLS Server](./wolfssl_server/README.md)
+- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server) 
 
 
 ## Other Espressif wolfSSL Examples
 ## Other Espressif wolfSSL Examples
 
 

+ 3 - 3
IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj

@@ -18,7 +18,7 @@
     <ToolchainID>
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
       <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
         <GDB>12.1</GDB>
         <GDB>12.1</GDB>
         <Revision>1</Revision>
         <Revision>1</Revision>
       </Version>
       </Version>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
       <ESPIDFExtension>
         <IDFCheckout>
         <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         </IDFCheckout>
         <COMPort>COM37</COMPort>
         <COMPort>COM37</COMPort>

+ 12 - 3
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #
 #  This file is part of wolfSSL.
 #  This file is part of wolfSSL.
 #
 #
@@ -45,6 +45,11 @@ else()
 endif()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 message(STATUS "THIS_USER = ${THIS_USER}")
 
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
 
 
 # COMPONENT_NAME = wolfssl
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # The component name is the directory name. "No feature to change this".
@@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          # esp_timer
+                                          # driver # this will typically only be needed for wolfSSL benchmark
                            )
                            )
 
 
 else()
 else()
@@ -363,6 +368,10 @@ else()
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${RTOS_IDF_PATH}/\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
         )
 
 
 
 

+ 264 - 61
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
 /* user_settings.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -19,12 +19,22 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
  */
 
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here
+ *
+ * When editing this file:
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
+ */
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 
 /* The Espressif sdkconfig will have chipset info.
 /* The Espressif sdkconfig will have chipset info.
 **
 **
-** Possible values:
+** Some possible values:
 **
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +46,54 @@
 #undef  WOLFSSL_ESPIDF
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
 
+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+#define NO_ESP_SDK_WIFI
+
+/* Experimental Kyber */
+#if 0
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+#endif
+
 /*
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESP32
- * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
  * WOLFSSL_ESP8266
  */
  */
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP32
 #undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+
 
 
-#define WOLFSSL_ESP32
 
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +107,6 @@
 /* #define NO_OLD_TLS */
 /* #define NO_OLD_TLS */
 
 
 #define BENCH_EMBEDDED
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 
 /* TLS 1.3                                 */
 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
 #define WOLFSSL_TLS13
@@ -79,7 +124,9 @@
 
 
 #define HAVE_AESGCM
 #define HAVE_AESGCM
 
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 #define WOLFSSL_SHA224
 
 
@@ -92,22 +139,31 @@
 /* when you want to use SHA3 */
 /* when you want to use SHA3 */
 #define WOLFSSL_SHA3
 #define WOLFSSL_SHA3
 
 
-/* Reminder: ED25519 requires SHA512 */
+ /* ED25519 requires SHA512 */
 #define HAVE_ED25519
 #define HAVE_ED25519
 
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* TODO determine low memory configuration for ECC. */
+#else
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+#endif
+
 #define HAVE_ED25519
 #define HAVE_ED25519
 
 
 /* Optional OPENSSL compatibility */
 /* Optional OPENSSL compatibility */
 #define OPENSSL_EXTRA
 #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
-/* #define HAVE_PKCS7 */
 
 
-#define HAVE_PKCS7
+/* #Optional HAVE_PKCS7 */
+/* #define HAVE_PKCS7 */
 
 
 #if defined(HAVE_PKCS7)
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT
@@ -127,27 +183,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 #endif
 
 
-/* RSA primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
-
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
 
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
 
@@ -159,9 +199,10 @@
 
 
 
 
 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+#define ESP_RSA_TIMEOUT_CNT    0x349F00
 
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 
 /* USE_FAST_MATH is default */
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 #define USE_FAST_MATH
@@ -170,6 +211,7 @@
 /* #undef USE_FAST_MATH          */
 /* #undef USE_FAST_MATH          */
 /* #define SP_MATH               */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 
 /***** Use Integer Heap Math *****/
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #undef USE_FAST_MATH          */
@@ -205,7 +247,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 */
 
 
-/*
+/* command-line options
 --enable-keygen
 --enable-keygen
 --enable-certgen
 --enable-certgen
 --enable-certreq
 --enable-certreq
@@ -213,10 +255,14 @@
 --enable-asn-template
 --enable-asn-template
 */
 */
 
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -234,6 +280,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -246,6 +293,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -259,6 +307,7 @@
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -284,6 +333,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -301,6 +351,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -317,6 +368,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -325,21 +377,63 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
 #else
 #else
     /* Anything else encountered, disable HW accleration */
     /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 #endif /* CONFIG_IDF_TARGET Check */
 
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
 
 #define ESP_VERIFY_MEMBLOCK
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL
@@ -353,14 +447,26 @@
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
 #define ESP_DISABLE_HW_TASK_LOCK
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 */
 
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+#define WOLFSSL_ESPIDF_ERROR_PAUSE
+
 #define WOLFSSL_HW_METRICS
 #define WOLFSSL_HW_METRICS
 
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -383,8 +489,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 
 /* when turning on ECC508 / ECC608 support
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
 #define WOLFSSL_ESPWROOM32SE
@@ -393,12 +499,75 @@
 #define ATCA_WOLFSSL
 #define ATCA_WOLFSSL
 */
 */
 
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 #define WOLFSSL_SM4
 */
 */
 
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
     #define CTX_CA_CERT          root_sm2
@@ -414,15 +583,49 @@
     #undef  WOLFSSL_BASE16
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/template/main/include/main.h

@@ -1,6 +1,6 @@
 /* template main.h
 /* template main.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 34 - 5
IDE/Espressif/ESP-IDF/examples/template/main/main.c

@@ -1,6 +1,6 @@
 /* main.c
 /* main.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -22,8 +22,23 @@
 /* Espressif */
 /* Espressif */
 #include <esp_log.h>
 #include <esp_log.h>
 
 
-/* wolfSSL  */
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+
 
 
 /* project */
 /* project */
 #include "main.h"
 #include "main.h"
@@ -32,18 +47,32 @@ static const char* const TAG = "My Project";
 
 
 void app_main(void)
 void app_main(void)
 {
 {
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    int ret = 0;
+#endif
     ESP_LOGI(TAG, "Hello wolfSSL!");
     ESP_LOGI(TAG, "Hello wolfSSL!");
 
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
 #ifdef HAVE_VERSION_EXTENDED_INFO
-    esp_ShowExtendedSystemInfo();
+    ret = esp_ShowExtendedSystemInfo();
 #endif
 #endif
 
 
 #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
 #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
-    esp_hw_show_metrics();
+    ret += esp_hw_show_metrics();
 #endif
 #endif
 
 
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#else
     ESP_LOGI(TAG, "\n\nDone!"
     ESP_LOGI(TAG, "\n\nDone!"
                   "If running from idf.py monitor, press twice: Ctrl+]\n\n"
                   "If running from idf.py monitor, press twice: Ctrl+]\n\n"
                   "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */
                   "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */
             );
             );
+#endif
 }
 }

+ 14 - 6
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt

@@ -5,6 +5,7 @@
 # CMakeLists in this exact order for cmake to work correctly
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 cmake_minimum_required(VERSION 3.16)
 
 
+add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
 # The wolfSSL CMake file should be able to find the source code.
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 # Otherwise, assign an environment variable or set it here:
 #
 #
@@ -21,13 +22,20 @@ cmake_minimum_required(VERSION 3.16)
 #
 #
 
 
 # Optionally specify a location for wolfSSL component source code
 # Optionally specify a location for wolfSSL component source code
-# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" )
+# set(WOLFSSL_ROOT "c:/mydir/wolfssl" )
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+#
+#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+#    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+#    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+#    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+#else()
+#    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+#endif()
 
 
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 
-set(COMPONENTS
-  main
-  wolfssl
-) # set components
-
 project(wolfssl_benchmark)
 project(wolfssl_benchmark)

+ 4 - 3
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile

@@ -3,9 +3,10 @@
 # project subdirectory.
 # project subdirectory.
 #
 #
 
 
-PROJECT_NAME := wolfssl_benchmark
-
 CFLAGS += -DWOLFSSL_USER_SETTINGS
 CFLAGS += -DWOLFSSL_USER_SETTINGS
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG
 
 
+PROJECT_NAME := wolfssl_benchmark
 include $(IDF_PATH)/make/project.mk
 include $(IDF_PATH)/make/project.mk
-

+ 7 - 0
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md

@@ -19,6 +19,13 @@ other local port to `COM20` as needed:
 change port com20=com23
 change port com20=com23
 ```
 ```
 
 
+## Bulk Testing
+
+If you have a test jig with multiple ESP32 devices and you'd like to run this wolfcrypt benchmark on all of them, check out
+the `testAll.sh` and `testMonitor.sh` scripts in the [../wolfssl_test](../wolfssl_test/README.md) directory. Copy those
+bash script files to this project. See the `esp32[NN]_PORT` and `esp32[NN]_PUTTY` settings in `testMonitor.sh` that will
+be machine-specific.
+
 ## VisualGDB
 ## VisualGDB
 
 
 Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
 Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.

+ 5 - 5
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj

@@ -18,9 +18,9 @@
     <ToolchainID>
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
       <Version>
-        <GCC>11.2.0</GCC>
-        <GDB>9.2.90</GDB>
-        <Revision>2</Revision>
+        <GCC>13.2.0</GCC>
+        <GDB>12.1</GDB>
+        <Revision>1</Revision>
       </Version>
       </Version>
     </ToolchainID>
     </ToolchainID>
     <RelativeSourceDirectory>..</RelativeSourceDirectory>
     <RelativeSourceDirectory>..</RelativeSourceDirectory>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
       <ESPIDFExtension>
         <IDFCheckout>
         <IDFCheckout>
-          <Version>release/v5.0</Version>
-          <Subdirectory>esp-idf/v5.0</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         </IDFCheckout>
         <COMPort>COM20</COMPort>
         <COMPort>COM20</COMPort>

+ 261 - 41
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #
 #  This file is part of wolfSSL.
 #  This file is part of wolfSSL.
 #
 #
@@ -19,16 +19,95 @@
 #
 #
 # cmake for wolfssl Espressif projects
 # cmake for wolfssl Espressif projects
 #
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.0 template update + THIS_IDF_PATH
 #
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
 #
 
 
 cmake_minimum_required(VERSION 3.16)
 cmake_minimum_required(VERSION 3.16)
+
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message("Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message("Detected UNIX")
+    endif()
+    if(APPLE)
+        message("Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message("Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message("Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message("Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+endif()
 
 
 # find the user name to search for possible "wolfssl-username"
 # find the user name to search for possible "wolfssl-username"
 message(STATUS "USERNAME = $ENV{USERNAME}")
 message(STATUS "USERNAME = $ENV{USERNAME}")
@@ -45,6 +124,11 @@ else()
 endif()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 message(STATUS "THIS_USER = ${THIS_USER}")
 
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
 
 
 # COMPONENT_NAME = wolfssl
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # The component name is the directory name. "No feature to change this".
@@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
     endif()
 endfunction()
 endfunction()
 
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+        else()
+            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+            if( FOUND_WOLFSSL )
+                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            else()
+                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+                message(STATUS "$ENV{WOLFSSL_ROOT}")
+            endif()
+        endif()
     else()
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
-            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
-            return()
+            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
         else()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
         endif()
         endif()
     endif()
     endif()
 
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
             return()
         endif()
         endif()
 
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
                 return()
             endif()
             endif()
         endif()
         endif()
@@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
             set(CURRENT_SEARCH_DIR "")
         endif()
         endif()
     endwhile()
     endwhile()
@@ -149,17 +279,47 @@ endfunction()
 
 
 
 
 # Example usage:
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
 
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
 
 
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "")
+    set(THIS_INCLUDE_DRIVER "")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_INCLUDE_DRIVER "driver")
+endif()
 
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          ${THIS_INCLUDE_TIMER}
+                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
                            )
                            )
 
 
 else()
 else()
@@ -171,24 +331,52 @@ else()
     # search for wolfSSL
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Searching for wolfSL source code...")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        message(STATUS "Failed: wolfssl directory not found.")
         # Abort. We need wolfssl _somewhere_.
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        # Abort CMake after fatal error.
     endif()
     endif()
 
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
 
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
     endif()
 
 
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
@@ -200,16 +388,19 @@ else()
 
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
 
+    # wolfSSL user_settings.h is in the local project.
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
 
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
 
 
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -232,11 +423,13 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
         message(STATUS "")
 
 
+        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
+        # Abort CMake after fatal error.
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
 
@@ -286,6 +479,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -355,17 +549,22 @@ else()
             message(STATUS "Could not find RTOS path")
             message(STATUS "Could not find RTOS path")
         endif()
         endif()
     endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
     set(COMPONENT_ADD_INCLUDEDIRS
         "./include" # this is the location of wolfssl user_settings.h
         "./include" # this is the location of wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
         )
 
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
     endif()
@@ -374,7 +573,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -387,6 +586,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -423,17 +624,34 @@ else()
                             INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
                             INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
                             EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                            PRIV_REQUIRES
+                              "${THIS_INCLUDE_TIMER}"
+                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
                            )
-    # some optional diagnostics
-    if (1)
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         endforeach()
         message(STATUS "")
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
         message(STATUS "ALL VARIABLES END")
@@ -520,6 +738,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION)
     execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
 
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
     message(STATUS "************************************************************************************************")
     message(STATUS "************************************************************************************************")
     message(STATUS "wolfssl component config complete!")
     message(STATUS "wolfssl component config complete!")
     message(STATUS "************************************************************************************************")
     message(STATUS "************************************************************************************************")

+ 240 - 40
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk

@@ -1,40 +1,240 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# In the wolfSSL GitHub examples for Espressif,
+# the root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../../
+
+# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+
+# WOLFSSL_ROOT := ""
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
+COMPONENT_SRCDIRS += include
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+
+##
+## wolfcrypt
+##
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src

+ 366 - 64
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
 /* user_settings.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -19,12 +19,22 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
  */
 
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here
+ *
+ * When editing this file:
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
+ */
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 
 /* The Espressif sdkconfig will have chipset info.
 /* The Espressif sdkconfig will have chipset info.
 **
 **
-** Possible values:
+** Some possible values:
 **
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +46,175 @@
 #undef  WOLFSSL_ESPIDF
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
 
+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+#define NO_ESP_SDK_WIFI
+
+/* Experimental Kyber */
+#if 0
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+#endif
+
 /*
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESP32
- * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
  * WOLFSSL_ESP8266
  */
  */
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP32
 #undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
 
 
-#define WOLFSSL_ESP32
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+/* Uncommon settings for testing only */
+#define TEST_ESPIDF_ALL_WOLFSSL
+#ifdef  TEST_ESPIDF_ALL_WOLFSSL
+    #define WOLFSSL_MD2
+    #define HAVE_BLAKE2
+    #define HAVE_BLAKE2B
+    #define HAVE_BLAKE2S
+
+    #define WC_RC2
+    #define WOLFSSL_ALLOW_RC4
+
+    #define HAVE_POLY1305
+
+    #define WOLFSSL_AES_128
+    #define WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_CFB
+    #define WOLFSSL_AES_XTS
+
+    /* #define WC_SRTP_KDF */
+    /* TODO Causes failure with Espressif AES HW Enabled */
+    /* #define HAVE_AES_ECB */
+    /* #define HAVE_AESCCM  */
+    /* TODO sanity check when missing HAVE_AES_ECB */
+    #define WOLFSSL_WOLFSSH
+
+    #define HAVE_AESGCM
+    #define WOLFSSL_AES_COUNTER
+
+    #define HAVE_FFDHE
+    #define HAVE_FFDHE_2048
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* TODO Full size SRP is disabled on the ESP8266 at this time.
+         * Low memory issue? */
+        #define WOLFCRYPT_HAVE_SRP
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+          defined(CONFIG_IDF_TARGET_ESP32S2) || \
+          defined(CONFIG_IDF_TARGET_ESP32S3)
+        /* TODO: SRP Not enabled, known to fail on this target
+         * See https://github.com/wolfSSL/wolfssl/issues/7210 */
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32H2)
+        /* SRP Known to be working on this target::*/
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #else
+        /* For everything else, give a try and see if SRP working: */
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+
+    #define HAVE_DH
+
+    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+    /* #define HAVE_CAMELLIA */
+
+    /* DSA requires old SHA */
+    #define HAVE_DSA
+
+    /* Needs SHA512 ? */
+    #define HAVE_HPKE
+
+    /* Not for Espressif? */
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP32H2) || \
+        defined(CONFIG_IDF_TARGET_ESP8266)
+
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            #undef HAVE_ECC
+            #undef HAVE_ECC_CDH
+            #undef HAVE_CURVE25519
+
+            /* TODO does CHACHA also need alignment? Failing on ESP8266
+             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
+            #ifdef HAVE_CHACHA
+                #error "HAVE_CHACHA not supported on ESP8266"
+            #endif
+            #ifdef HAVE_XCHACHA
+                #error "HAVE_XCHACHA not supported on ESP8266"
+            #endif
+        #else
+            #define HAVE_XCHACHA
+            #define HAVE_CHACHA
+            /* TODO Not enabled at this time, needs further testing:
+             *   #define WC_SRTP_KDF
+             *   #define HAVE_COMP_KEY
+             *   #define WOLFSSL_HAVE_XMSS
+             */
+        #endif
+        /* TODO AES-EAX not working on this platform */
+
+        /* Optionally disable DH
+         *   #undef HAVE_DH
+         *   #undef HAVE_FFDHE
+         */
+
+        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+        #ifndef HAVE_ECC
+            #define ECC_SHAMIR
+        #endif
+    #else
+        #define WOLFSSL_AES_EAX
+
+        #define ECC_SHAMIR
+    #endif
+
+    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+    /* #define WOLFSSL_CAAM      */
+    /* #define WOLFSSL_CAAM_BLOB */
+
+    #define WOLFSSL_AES_SIV
+    #define WOLFSSL_CMAC
+
+    #define WOLFSSL_CERT_PIV
+
+    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+    /* #define HAVE_SCRYPT */
+    #define SCRYPT_TEST_ALL
+    #define HAVE_X963_KDF
+#endif
 
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +228,6 @@
 /* #define NO_OLD_TLS */
 /* #define NO_OLD_TLS */
 
 
 #define BENCH_EMBEDDED
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 
 /* TLS 1.3                                 */
 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
 #define WOLFSSL_TLS13
@@ -79,7 +245,9 @@
 
 
 #define HAVE_AESGCM
 #define HAVE_AESGCM
 
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 #define WOLFSSL_SHA224
 
 
@@ -95,24 +263,34 @@
  /* ED25519 requires SHA512 */
  /* ED25519 requires SHA512 */
 #define HAVE_ED25519
 #define HAVE_ED25519
 
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* TODO determine low memory configuration for ECC. */
+#else
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+#endif
+
 #define HAVE_ED25519
 #define HAVE_ED25519
 
 
+/* Optional OPENSSL compatibility */
 #define OPENSSL_EXTRA
 #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
-/* #define HAVE_PKCS7 */
 
 
+/* #Optional HAVE_PKCS7 */
 #define HAVE_PKCS7
 #define HAVE_PKCS7
 
 
 #if defined(HAVE_PKCS7)
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT
 #endif
 #endif
 
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 /* #define WOLFSSL_AES_COUNTER */
 
 
@@ -126,27 +304,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 #endif
 
 
-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
-
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
 
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
 
@@ -206,7 +368,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 */
 
 
-/*
+/* command-line options
 --enable-keygen
 --enable-keygen
 --enable-certgen
 --enable-certgen
 --enable-certreq
 --enable-certreq
@@ -214,10 +376,14 @@
 --enable-asn-template
 --enable-asn-template
 */
 */
 
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -235,6 +401,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -247,6 +414,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -260,6 +428,7 @@
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -285,6 +454,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -302,6 +472,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -318,6 +489,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -326,7 +498,11 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -343,13 +519,42 @@
 
 
 #else
 #else
     /* Anything else encountered, disable HW accleration */
     /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 #endif /* CONFIG_IDF_TARGET Check */
 
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
 
 #define ESP_VERIFY_MEMBLOCK
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL
@@ -363,6 +568,14 @@
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
 #define ESP_DISABLE_HW_TASK_LOCK
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 */
 
 
 /* Pause in a loop rather than exit. */
 /* Pause in a loop rather than exit. */
@@ -396,8 +609,9 @@
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 
 /* when turning on ECC508 / ECC608 support
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
 #define WOLFSSL_ESPWROOM32SE
@@ -406,12 +620,75 @@
 #define ATCA_WOLFSSL
 #define ATCA_WOLFSSL
 */
 */
 
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 #define WOLFSSL_SM4
 */
 */
 
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
     #define CTX_CA_CERT          root_sm2
@@ -427,24 +704,49 @@
     #undef  WOLFSSL_BASE16
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
-
-/* See settings.h for some of the possible hardening options:
- *
- *  #define NO_ESPIDF_DEFAULT
- *  #define WC_NO_CACHE_RESISTANT
- *  #define WC_AES_BITSLICED
- *  #define HAVE_AES_ECB
- *  #define HAVE_AES_DIRECT
- */
+    #if defined(USE_CERT_BUFFERS_2048)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */

+ 2 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk

@@ -3,6 +3,7 @@
 #
 #
 # This Makefile can be left empty. By default, it will take the sources in the
 # This Makefile can be left empty. By default, it will take the sources in the
 # src/ directory, compile them and link them into lib(subdirectory_name).a
 # src/ directory, compile them and link them into lib(subdirectory_name).a
-# in the build directory. This behaviour is entirely configurable,
+# in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 # please read the ESP-IDF documents if you need to do this.
 #
 #
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h

@@ -1,6 +1,6 @@
 /* benchmark main.h
 /* benchmark main.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 70 - 5
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c

@@ -1,6 +1,6 @@
 /* benchmark main.c
 /* benchmark main.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -20,8 +20,8 @@
  */
  */
 
 
 /* ESP-IDF */
 /* ESP-IDF */
-#include <esp_log.h>
 #include "sdkconfig.h"
 #include "sdkconfig.h"
+#include <esp_log.h>
 
 
 /* wolfSSL */
 /* wolfSSL */
 /* The wolfSSL user_settings.h file is automatically included by the settings.h
 /* The wolfSSL user_settings.h file is automatically included by the settings.h
@@ -29,6 +29,7 @@
  * The settings.h should also be listed above wolfssl library include files. */
  * The settings.h should also be listed above wolfssl library include files. */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/version.h>
 #include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
 #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #ifndef WOLFSSL_ESPIDF
 #ifndef WOLFSSL_ESPIDF
     #error "Problem with wolfSSL user_settings. "           \
     #error "Problem with wolfSSL user_settings. "           \
@@ -40,10 +41,24 @@
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfcrypt/benchmark/benchmark.h>
 #include <wolfcrypt/benchmark/benchmark.h>
 
 
+/* Hardware; include after other libraries,
+ * particularly after freeRTOS from settings.h */
+#include <driver/uart.h>
+
 /* set to 0 for one benchmark,
 /* set to 0 for one benchmark,
 ** set to 1 for continuous benchmark loop */
 ** set to 1 for continuous benchmark loop */
 #define BENCHMARK_LOOP 0
 #define BENCHMARK_LOOP 0
 
 
+#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200
+
+#ifdef CONFIG_ESP8266_XTAL_FREQ_26
+    /* 26MHz crystal: 74880 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 74880
+#else
+    /* 40MHz crystal: 115200 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 115200
+#endif
+
 /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */
 /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */
 #ifdef CONFIG_BENCH_ARGV
 #ifdef CONFIG_BENCH_ARGV
     #define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV
     #define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV
@@ -199,17 +214,42 @@ void app_main(void)
 {
 {
     int stack_start = 0;
     int stack_start = 0;
 
 
+    uart_config_t uart_config = {
+        .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
+        .data_bits = UART_DATA_8_BITS,
+        .parity    = UART_PARITY_DISABLE,
+        .stop_bits = UART_STOP_BITS_1,
+    };
+    esp_err_t ret = 0;
+    stack_start = esp_sdk_stack_pointer();
+
+    /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
+     *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
+
+    /* Some targets may need to have UART speed set, such as ESP8266 */
+    ESP_LOGI(TAG, "UART init");
+    uart_param_config(UART_NUM_0, &uart_config);
+    uart_driver_install(UART_NUM_0,
+                        THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0);
+
     ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------");
     ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
+
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
+    esp_DisableWatchdog();
+#endif
 
 
 #if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS)
 #if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS)
     esp_ShowExtendedSystemInfo();
     esp_ShowExtendedSystemInfo();
 #endif
 #endif
 
 
+    /* all platforms: stack high water mark check */
     ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV);
     ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV);
 
 
 /* when using atecc608a on esp32-wroom-32se */
 /* when using atecc608a on esp32-wroom-32se */
@@ -238,7 +278,7 @@ void app_main(void)
     do {
     do {
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 
 
-        wolf_benchmark_task();
+        wolf_benchmark_task(); /* TODO capture return value! */
         ESP_LOGI(TAG, "Stack used: %d\n",
         ESP_LOGI(TAG, "Stack used: %d\n",
                       stack_start - uxTaskGetStackHighWaterMark(NULL));
                       stack_start - uxTaskGetStackHighWaterMark(NULL));
 
 
@@ -255,8 +295,33 @@ void app_main(void)
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 #endif
 #endif
 
 
-#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
-    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+    /* note wolfCrypt_Cleanup() should always be called when finished.
+    ** This is called at the end of wolf_test_task();
+    */
+
+#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
+    esp_hw_show_mp_metrics();
+#endif
+
+#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+
+        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                        - (uxTaskGetStackHighWaterMark(NULL)));
+#endif
+
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
+     ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#else
+    ESP_LOGI(TAG, "\n\nDone!\n\n"
+                  "If running from idf.py monitor, press twice: Ctrl+]");
 #endif
 #endif
 
 
     /* after the test, we'll just wait */
     /* after the test, we'll just wait */

+ 59 - 6
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults

@@ -1,34 +1,87 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
 CONFIG_BENCH_ARGV="-lng 0"
 CONFIG_BENCH_ARGV="-lng 0"
 CONFIG_FREERTOS_HZ=1000
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 
 #
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
-#
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
 
 # Legacy stack size for older ESP-IDF versions
 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+CONFIG_MAIN_TASK_STACK_SIZE=10500
 
 
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
 #
 #
 # Watchdog Timers
 # Watchdog Timers
 #
 #
-# We don't want to have the watchdog timeout during tests
+# We don't want to have the watchdog timeout during tests & benchmarks
 #
 #
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
 
 
 #
 #
 # Compiler options
 # Compiler options
 #
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 
 #
 #
 # Partition Table
 # Partition Table

+ 29 - 0
IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md

@@ -185,4 +185,33 @@ I hear you fa shizzle!
 ./examples/server/server                   -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3     -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem     -A ./certs/sm2/client-sm2.pem -V
 ./examples/server/server                   -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3     -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem     -A ./certs/sm2/client-sm2.pem -V
 ```
 ```
 
 
+
+#### Linux Client using Kyber to ESP32 Server
+
+```
+# Ensure build with Kyber enabled:
+# ./configure --enable-kyber=all --enable-experimental && make
+
+./examples/client/client  -h 192.168.1.38 -v 4 -l  TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5
+```
+
+#### ESP32 Client to WSL Linux Server
+
+In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server:
+
+```bash
+netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
+```
+
+After the server exits, remove the port proxy forward:
+
+```bash
+netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
+```
+
+For additional information, see [Accessing network applications with WSL](https://learn.microsoft.com/en-us/windows/wsl/networking).
+
+
+## Additional Information
+
 See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
 See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).

+ 3 - 3
IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj

@@ -18,7 +18,7 @@
     <ToolchainID>
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
       <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
         <GDB>12.1</GDB>
         <GDB>12.1</GDB>
         <Revision>1</Revision>
         <Revision>1</Revision>
       </Version>
       </Version>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
       <ESPIDFExtension>
         <IDFCheckout>
         <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         </IDFCheckout>
         <COMPort>COM19</COMPort>
         <COMPort>COM19</COMPort>

+ 13 - 2
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #
 #  This file is part of wolfSSL.
 #  This file is part of wolfSSL.
 #
 #
@@ -45,6 +45,11 @@ else()
 endif()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 message(STATUS "THIS_USER = ${THIS_USER}")
 
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
 
 
 # COMPONENT_NAME = wolfssl
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # The component name is the directory name. "No feature to change this".
@@ -363,6 +368,10 @@ else()
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${RTOS_IDF_PATH}/\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        ${THIS_IDF_PATH}/components/esp_event/include
+        ${THIS_IDF_PATH}/components/esp_netif/include
+        ${THIS_IDF_PATH}/components/esp_wifi/include
         )
         )
 
 
 
 
@@ -374,7 +383,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -387,6 +396,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""

+ 12 - 6
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk

@@ -1,5 +1,5 @@
 #
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #
 # This file is part of wolfSSL.
 # This file is part of wolfSSL.
 #
 #
@@ -56,13 +56,15 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
 # The root is 7 directories up from here:
 # The root is 7 directories up from here:
 WOLFSSL_ROOT := ../../../../../../..
 WOLFSSL_ROOT := ../../../../../../..
 
 
-# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
 # located HERE in THIS project, and *not* in the wolfSSL root.
-COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
 
@@ -142,15 +144,15 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
@@ -223,6 +225,9 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
 
 
 ##
 ##
 ## wolfcrypt benchmark  (optional)
 ## wolfcrypt benchmark  (optional)
@@ -242,3 +247,4 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
 ## wolfcrypt
 ## wolfcrypt
 ##
 ##
 # COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
 # COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src

+ 67 - 23
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h

@@ -22,9 +22,30 @@
 /* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
 /* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
 
 
 /* This user_settings.h is for Espressif ESP-IDF */
 /* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
-#define DEBUG_WOLFSSL
-#define DEBUG_WOLFSSL_VERBOSE
+
+#include "sdkconfig.h"
+
+/* #define DEBUG_WOLFSSL */
+/* #define DEBUG_WOLFSSL_VERBOSE */
+
+/* Experimental Kyber */
+#if 0
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
 
 
 /* The Espressif sdkconfig will have chipset info.
 /* The Espressif sdkconfig will have chipset info.
 **
 **
@@ -40,23 +61,34 @@
 #undef  WOLFSSL_ESPIDF
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
 
+/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
+#define NO_ESP_SDK_WIFI
+
 /*
 /*
  * ONE of these Espressif chipsets should be defined:
  * ONE of these Espressif chipsets should be defined:
  *
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */
 /* See below for chipset detection from sdkconfig.h */
 
 
 /* Small session cache saves a lot of RAM for ClientCache and SessionCache.
 /* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
- * When really desparate, try NO_SESSION_CACHE.  */
-#define SMALL_SESSION_CACHE
+ * When really desperate, try NO_SESSION_CACHE.  */
+#define MICRO_SESSION_CACHE
 
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -70,7 +102,7 @@
 /* #define NO_OLD_TLS */
 /* #define NO_OLD_TLS */
 
 
 #define BENCH_EMBEDDED
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
+
 #define WOLFSSL_SMALL_STACK
 #define WOLFSSL_SMALL_STACK
 #define HAVE_ECC
 #define HAVE_ECC
 #define RSA_LOW_MEM
 #define RSA_LOW_MEM
@@ -100,25 +132,36 @@
 /* when you want to use SHA384 */
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 #define WOLFSSL_SHA384
 
 
-/* when you want to use SHA512 */
-/* #define WOLFSSL_SHA512 */
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    /* Some known low-memory devices have features not enabled by default. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    #define WOLFSSL_SHA3
 
 
-/* when you want to use SHA3 */
-/* #define WOLFSSL_SHA3 */
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
 
 
-/* ED25519 requires SHA512 */
-/* #define HAVE_ED25519 */
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+    #define HAVE_ED25519
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 
 /* when you want to use pkcs7 */
 /* when you want to use pkcs7 */
 /* #define HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
-
 #if defined(HAVE_PKCS7)
 #if defined(HAVE_PKCS7)
     #define HAVE_AES_KEYWRAP
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT
 #endif
 #endif
 
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 /* #define WOLFSSL_AES_COUNTER */
 
 
@@ -181,7 +224,9 @@
 #define HAVE_VERSION_EXTENDED_INFO
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 /* #define HAVE_WC_INTROSPECTION */
 
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 
 /* #define HAVE_HASHDRBG */
 /* #define HAVE_HASHDRBG */
 
 
@@ -359,6 +404,7 @@
 #endif /* CONFIG_IDF_TARGET Check */
 #endif /* CONFIG_IDF_TARGET Check */
 
 
 /* Debug options:
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
 
 #define ESP_VERIFY_MEMBLOCK
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL
@@ -379,7 +425,7 @@
 
 
 /* #define HASH_SIZE_LIMIT */ /* for test.c */
 /* #define HASH_SIZE_LIMIT */ /* for test.c */
 
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
 
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -402,8 +448,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 
 /* when turning on ECC508 / ECC608 support
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
 #define WOLFSSL_ESPWROOM32SE
@@ -497,7 +543,6 @@
     #define WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
 #else
     #if defined(USE_CERT_BUFFERS_2048)
     #if defined(USE_CERT_BUFFERS_2048)
-        #include <wolfssl/certs_test.h>
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -517,7 +562,6 @@
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
 
     #elif defined(USE_CERT_BUFFERS_1024)
     #elif defined(USE_CERT_BUFFERS_1024)
-        #include <wolfssl/certs_test.h>
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1

+ 113 - 19
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -38,6 +38,13 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/ssl.h>
 
 
+#if defined(WOLFSSL_WC_KYBER)
+    #include <wolfssl/wolfcrypt/kyber.h>
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+    #include <wolfssl/certs_test.h>
+#endif
 #ifdef WOLFSSL_TRACK_MEMORY
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 #endif
@@ -180,18 +187,23 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     struct hostent *hp;
     struct hostent *hp;
     struct ip4_addr *ip4_addr;
     struct ip4_addr *ip4_addr;
     int ret_i; /* interim return values */
     int ret_i; /* interim return values */
+    int err; /* interim return values */
     int sockfd;
     int sockfd;
     int doPeerCheck;
     int doPeerCheck;
     int sendGet;
     int sendGet;
+#ifdef DEBUG_WOLFSSL
+    int this_heap = 0;
+#endif
 #ifndef NO_DH
 #ifndef NO_DH
     int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
     int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
 #endif
 #endif
-    size_t len;
 
 
     /* declare wolfSSL objects */
     /* declare wolfSSL objects */
     WOLFSSL_CTX* ctx;
     WOLFSSL_CTX* ctx;
     WOLFSSL*     ssl;
     WOLFSSL*     ssl;
 
 
+    size_t len;
+
     wolfSSL_Debugging_ON();
     wolfSSL_Debugging_ON();
     WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
     WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
 
 
@@ -351,11 +363,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 
 
     /* Connect to the server */
     /* Connect to the server */
     sprintf(buff,
     sprintf(buff,
-            "Connecting to server....%s(port:%d)",
+            "Connecting to server....%s (port:%d)",
             TLS_SMP_TARGET_HOST,
             TLS_SMP_TARGET_HOST,
             TLS_SMP_DEFAULT_PORT);
             TLS_SMP_DEFAULT_PORT);
-    WOLFSSL_MSG(buff);
-    printf("%s\n", buff);
+    ESP_LOGI(TAG, "%s\n", buff);
 
 
     if ((ret_i = connect(sockfd,
     if ((ret_i = connect(sockfd,
                        (struct sockaddr *)&servAddr,
                        (struct sockaddr *)&servAddr,
@@ -363,6 +374,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
         ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i);
         ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i);
     }
     }
 
 
+#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+        ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled");
+#endif
+
     WOLFSSL_MSG("Create a WOLFSSL object");
     WOLFSSL_MSG("Create a WOLFSSL object");
     /* Create a WOLFSSL object */
     /* Create a WOLFSSL object */
     if ((ssl = wolfSSL_new(ctx)) == NULL) {
     if ((ssl = wolfSSL_new(ctx)) == NULL) {
@@ -372,6 +387,36 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 #ifdef DEBUG_WOLFSSL
 #ifdef DEBUG_WOLFSSL
         ESP_LOGI(TAG, "\nCreated WOLFSSL object:");
         ESP_LOGI(TAG, "\nCreated WOLFSSL object:");
         ShowCiphers(ssl);
         ShowCiphers(ssl);
+        this_heap = esp_get_free_heap_size();
+        ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
+                      &this_heap, this_heap);
+#endif
+#if defined(WOLFSSL_HAVE_KYBER)
+    #if defined(WOLFSSL_KYBER1024)
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL5");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
+    #elif defined(WOLFSSL_KYBER768)
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL3");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
+    #elif defined(WOLFSSL_KYBER512)
+        /* This will typically be a low memory situation, such as ESP8266 */
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL1");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
+    #else
+        ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available.");
+        ret_i = ESP_FAIL;
+    #endif
+        if (ret_i == SSL_SUCCESS) {
+            ESP_LOGI(TAG, "UseKeyShare Kyber success");
+        }
+        else {
+            ESP_LOGE(TAG, "UseKeyShare Kyber failed");
+        }
+#else
+    ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
 #endif
 #endif
     }
     }
 
 
@@ -396,7 +441,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
     atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
     #endif
     #endif
 #endif
 #endif
-
+#ifdef DEBUG_WOLFSSL
+        this_heap = esp_get_free_heap_size();
+        ESP_LOGI(TAG, "tls_smp_client_task heap(2) @ %p = %d",
+                      &this_heap, this_heap);
+#endif
     /* Attach wolfSSL to the socket */
     /* Attach wolfSSL to the socket */
     ret_i = wolfSSL_set_fd(ssl, sockfd);
     ret_i = wolfSSL_set_fd(ssl, sockfd);
     if (ret_i == WOLFSSL_SUCCESS) {
     if (ret_i == WOLFSSL_SUCCESS) {
@@ -406,42 +455,86 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
         ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i);
         ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i);
     }
     }
 
 
-    WOLFSSL_MSG("Connect to wolfSSL on the server side");
-    /* Connect to wolfSSL on the server side */
+    ESP_LOGI(TAG, "Connect to wolfSSL server...");
     ret_i = wolfSSL_connect(ssl);
     ret_i = wolfSSL_connect(ssl);
-    if (wolfSSL_connect(ssl) == SSL_SUCCESS) {
+#ifdef DEBUG_WOLFSSL
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "tls_smp_client_task heap(3) @ %p = %d",
+                    &this_heap, this_heap);
+#endif
+    if (ret_i == SSL_SUCCESS) {
 #ifdef DEBUG_WOLFSSL
 #ifdef DEBUG_WOLFSSL
         ShowCiphers(ssl);
         ShowCiphers(ssl);
 #endif
 #endif
+        ESP_LOGI(TAG, "Connect success! Sending message...");
         /* Get a message for the server from stdin */
         /* Get a message for the server from stdin */
         WOLFSSL_MSG("Message for server: ");
         WOLFSSL_MSG("Message for server: ");
         memset(buff, 0, sizeof(buff));
         memset(buff, 0, sizeof(buff));
 
 
         if (sendGet) {
         if (sendGet) {
-            printf("SSL connect ok, sending GET...\n");
             len = XSTRLEN(sndMsg);
             len = XSTRLEN(sndMsg);
             strncpy(buff, sndMsg, len);
             strncpy(buff, sndMsg, len);
-            buff[len] = '\0';
         }
         }
         else {
         else {
-            sprintf(buff, "message from esp32 tls client\n");
+            sprintf(buff, "Hello from Espressif wolfSSL TLS client!\n");
             len = strnlen(buff, sizeof(buff));
             len = strnlen(buff, sizeof(buff));
         }
         }
+        buff[len] = '\0';
+        ESP_LOGI(TAG, "SSL connect ok, sending message:\n\n%s\n", buff);
+
         /* Send the message to the server */
         /* Send the message to the server */
-        if (wolfSSL_write(ssl, buff, len) != len) {
+        do {
+            err = 0; /* reset error */
+            ret_i = wolfSSL_write(ssl, buff, len);
+            if (ret_i <= 0) {
+                err = wolfSSL_get_error(ssl, 0);
+            }
+        } while (err == WOLFSSL_ERROR_WANT_WRITE ||
+                 err == WOLFSSL_ERROR_WANT_READ);
+
+        if (ret_i != len) {
             ESP_LOGE(TAG, "ERROR: failed to write\n");
             ESP_LOGE(TAG, "ERROR: failed to write\n");
         }
         }
+        else {
+            ESP_LOGI(TAG, "Message sent! Awaiting response...");
+        }
 
 
         /* Read the server data into our buff array */
         /* Read the server data into our buff array */
         memset(buff, 0, sizeof(buff));
         memset(buff, 0, sizeof(buff));
-        if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
+
+        do {
+            err = 0; /* reset error */
+            ret_i =wolfSSL_read(ssl, buff, sizeof(buff));
+            if (ret_i <= 0) {
+                err = wolfSSL_get_error(ssl, 0);
+            }
+        } while ((err == WOLFSSL_ERROR_WANT_READ) ||
+                 (err == WOLFSSL_ERROR_WANT_WRITE) );
+
+        if (ret_i < 0) {
             ESP_LOGE(TAG, "ERROR: failed to read\n");
             ESP_LOGE(TAG, "ERROR: failed to read\n");
         }
         }
 
 
-        /* Print to stdout any data the server sends */
-        printf("Server: ");
-        printf("%s\n", buff);
+        /* Show any data the server sends */
+        ESP_LOGI(TAG, "Server response: \n\n%s\n", buff);
+
+        ret_i = wolfSSL_shutdown(ssl);
+        while (ret_i == WOLFSSL_SHUTDOWN_NOT_DONE) {
+            ret_i = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+            if (ret_i == WOLFSSL_SUCCESS) {
+                ESP_LOGI(TAG, "Bidirectional shutdown complete\n");
+                break;
+            }
+            else if (ret_i != WOLFSSL_SHUTDOWN_NOT_DONE) {
+                ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
+                break;
+            }
         }
         }
+        if (ret_i != WOLFSSL_SUCCESS) {
+            ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
+        }
+
+    } /* wolfSSL_connect(ssl) == SSL_SUCCESS) */
     else {
     else {
         ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. "
         ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. "
                       "Error: %d\n", ret_i);
                       "Error: %d\n", ret_i);
@@ -450,8 +543,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     ShowCiphers(ssl);
     ShowCiphers(ssl);
 #endif
 #endif
 
 
-    /* Cleanup and return */
-    wolfSSL_free(ssl);     /* Free the wolfSSL object                  */
+    ESP_LOGI(TAG, "Cleanup and exit");
+    wolfSSL_free(ssl);     /* Release the wolfSSL object memory        */
     wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
     wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
     wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
     wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
     close(sockfd);         /* Close the connection to the server       */
     close(sockfd);         /* Close the connection to the server       */
@@ -485,7 +578,8 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #endif
 #endif
 
 
     /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
     /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
-     * Espressif uses BYTES for the task stack size here: */
+     * Espressif uses BYTES for the task stack size here.
+     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
     ret = xTaskCreate(tls_smp_client_task,
     ret = xTaskCreate(tls_smp_client_task,
                       TLS_SMP_CLIENT_TASK_NAME,
                       TLS_SMP_CLIENT_TASK_NAME,
                       TLS_SMP_CLIENT_TASK_BYTES,
                       TLS_SMP_CLIENT_TASK_BYTES,

+ 18 - 4
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h

@@ -29,9 +29,9 @@
 
 
 /* See main/Kconfig.projbuild for default configuration settings */
 /* See main/Kconfig.projbuild for default configuration settings */
 #ifdef CONFIG_WOLFSSL_TARGET_HOST
 #ifdef CONFIG_WOLFSSL_TARGET_HOST
-    #define TLS_SMP_TARGET_HOST         CONFIG_WOLFSSL_TARGET_HOST
+    #define TLS_SMP_TARGET_HOST         "192.168.1.36"
 #else
 #else
-    #define TLS_SMP_TARGET_HOST         "192.168.1.37"
+    #define TLS_SMP_TARGET_HOST         "192.168.1.41"
 #endif
 #endif
 
 
 #ifdef CONFIG_WOLFSSL_TARGET_PORT
 #ifdef CONFIG_WOLFSSL_TARGET_PORT
@@ -44,9 +44,23 @@
 
 
 /* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
 /* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
 #if defined(WOLFSSL_ESP8266)
 #if defined(WOLFSSL_ESP8266)
-    #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
+    #if defined(WOLFSSL_HAVE_KYBER)
+        /* Minimum ESP8266 stack size = 10K with Kyber.
+         * Note there's a maximum not far away as Kyber needs heap
+         * and the total DRAM is typically only 80KB total. */
+        #define TLS_SMP_CLIENT_TASK_BYTES (11 * 1024)
+    #else
+        /* Minimum ESP8266 stack size = 6K without Kyber */
+        #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
+    #endif
 #else
 #else
-    #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
+    #if defined(WOLFSSL_HAVE_KYBER)
+        /* Minimum ESP32 stack size = 12K with Kyber enabled. */
+        #define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
+    #else
+        /* Minimum ESP32 stack size = 8K without Kyber */
+        #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
+    #endif
 #endif
 #endif
 
 
 #define TLS_SMP_CLIENT_TASK_PRIORITY    8
 #define TLS_SMP_CLIENT_TASK_PRIORITY    8

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* wifi_connect.h
 /* wifi_connect.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c

@@ -124,6 +124,7 @@ void my_atmel_free(int slotId)
 void app_main(void)
 void app_main(void)
 {
 {
     int stack_start = 0;
     int stack_start = 0;
+    int this_heap = 0;
     esp_err_t ret = 0;
     esp_err_t ret = 0;
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -260,7 +261,6 @@ void app_main(void)
 
 
     /* HWM is maximum amount of stack space that has been unused, in bytes
     /* HWM is maximum amount of stack space that has been unused, in bytes
      * not words (unlike vanilla freeRTOS). */
      * not words (unlike vanilla freeRTOS). */
-    int this_heap;
     this_heap = esp_get_free_heap_size();
     this_heap = esp_get_free_heap_size();
     ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
     ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE

+ 7 - 6
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c

@@ -117,8 +117,8 @@ int set_fixed_default_time(void)
      * but let's set a default time, just in case */
      * but let's set a default time, just in case */
     struct tm timeinfo = {
     struct tm timeinfo = {
         .tm_year = 2024 - 1900,
         .tm_year = 2024 - 1900,
-        .tm_mon  = 1,
-        .tm_mday = 05,
+        .tm_mon  = 3,
+        .tm_mday = 01,
         .tm_hour = 13,
         .tm_hour = 13,
         .tm_min  = 01,
         .tm_min  = 01,
         .tm_sec  = 05
         .tm_sec  = 05
@@ -203,7 +203,8 @@ int set_time_from_string(const char* time_buffer)
             /* we found a match for all componets */
             /* we found a match for all componets */
 
 
             const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
             const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };
 
 
             for (int i = 0; i < 12; i++) {
             for (int i = 0; i < 12; i++) {
                 if (strcmp(month_str, months[i]) == 0) {
                 if (strcmp(month_str, months[i]) == 0) {
@@ -216,7 +217,7 @@ int set_time_from_string(const char* time_buffer)
             this_timeinfo.tm_hour = hour;
             this_timeinfo.tm_hour = hour;
             this_timeinfo.tm_min = minute;
             this_timeinfo.tm_min = minute;
             this_timeinfo.tm_sec = second;
             this_timeinfo.tm_sec = second;
-            this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */
 
 
             interim_time = mktime(&this_timeinfo);
             interim_time = mktime(&this_timeinfo);
             now = (struct timeval){ .tv_sec = interim_time };
             now = (struct timeval){ .tv_sec = interim_time };
@@ -350,7 +351,7 @@ int set_time_wait_for_ntp(void)
 
 
     ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
     ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
 #else
 #else
-    ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined");
+    ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined");
 #endif /* HAS_ESP_NETIF_SNTP */
 #endif /* HAS_ESP_NETIF_SNTP */
     esp_show_current_datetime();
     esp_show_current_datetime();
 
 
@@ -370,7 +371,7 @@ int set_time_wait_for_ntp(void)
 #endif
 #endif
 
 
     if (ret == ESP_OK) {
     if (ret == ESP_OK) {
-        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        ESP_LOGI(TAG, "Successfully set time via NTP servers.");
         }
         }
     else {
     else {
         ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
         ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "

+ 78 - 0
IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults

@@ -1,5 +1,41 @@
 # sdkconfig.defaults for ESP8266 + ESP32
 # sdkconfig.defaults for ESP8266 + ESP32
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+CONFIG_BENCH_ARGV="-lng 0"
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
+
+#
+# Default main stack size. See user_settings.h
+#
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+
+# Legacy stack size for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
 
 
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
 # CONFIG_ESP_PANIC_PRINT_REBOOT is not set
 # CONFIG_ESP_PANIC_PRINT_REBOOT is not set
 CONFIG_ESP_PANIC_PRINT_REBOOT=n
 CONFIG_ESP_PANIC_PRINT_REBOOT=n
 CONFIG_ESP_PANIC_PRINT_HALT=y
 CONFIG_ESP_PANIC_PRINT_HALT=y
@@ -7,9 +43,51 @@ CONFIG_ESP_PANIC_PRINT_HALT=y
 # CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
 # CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
 CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
 CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
 
 
+# ESP8266 Memory
 CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
 CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
 CONFIG_HEAP_DISABLE_IRAM=y
 CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_FREERTOS_HZ=1000
+
+#
+# Compiler options
+#
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
+CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
+CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
+CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
+
 #
 #
 # Partition Table
 # Partition Table
 #
 #

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj

@@ -53,7 +53,7 @@
   </CustomDebug>
   </CustomDebug>
   <DeviceTerminalSettings>
   <DeviceTerminalSettings>
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM70</ComPortName>
+      <ComPortName>COM80</ComPortName>
       <AdvancedSettings>
       <AdvancedSettings>
         <BaudRate>74880</BaudRate>
         <BaudRate>74880</BaudRate>
         <DataBits>8</DataBits>
         <DataBits>8</DataBits>

+ 13 - 0
IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md

@@ -68,6 +68,19 @@ Linux Server
 ./examples/server/server                   -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
 ./examples/server/server                   -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
 ```
 ```
 
 
+#### ESP32 Client to WSL Linux Server
+
+In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server:
+
+```bash
+netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
+```
+
+After the server exits, remove the port proxy forward:
+
+```bash
+netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
+```
 
 
 Cipers to consider
 Cipers to consider
 
 

+ 3 - 3
IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj

@@ -18,7 +18,7 @@
     <ToolchainID>
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
       <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
         <GDB>12.1</GDB>
         <GDB>12.1</GDB>
         <Revision>1</Revision>
         <Revision>1</Revision>
       </Version>
       </Version>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
       <ESPIDFExtension>
         <IDFCheckout>
         <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         </IDFCheckout>
         <COMPort>COM19</COMPort>
         <COMPort>COM19</COMPort>

+ 14 - 3
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #
 #  This file is part of wolfSSL.
 #  This file is part of wolfSSL.
 #
 #
@@ -45,6 +45,11 @@ else()
 endif()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 message(STATUS "THIS_USER = ${THIS_USER}")
 
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
 
 
 # COMPONENT_NAME = wolfssl
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # The component name is the directory name. "No feature to change this".
@@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          # esp_timer
+                                          # driver # this will typically only be needed for wolfSSL benchmark
                            )
                            )
 
 
 else()
 else()
@@ -363,6 +368,10 @@ else()
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${RTOS_IDF_PATH}/\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        ${THIS_IDF_PATH}/components/esp_event/include
+        ${THIS_IDF_PATH}/components/esp_netif/include
+        ${THIS_IDF_PATH}/components/esp_wifi/include
         )
         )
 
 
 
 
@@ -387,6 +396,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""

+ 248 - 40
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk

@@ -1,40 +1,248 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../..
+
+# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
+
+##
+## wolfcrypt
+##
+# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src

+ 201 - 53
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
 /* user_settings.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -19,12 +19,36 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
  */
 
 
+/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
+
 /* This user_settings.h is for Espressif ESP-IDF */
 /* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+
+#include "sdkconfig.h"
+
+#define DEBUG_WOLFSSL
+/* #define DEBUG_WOLFSSL_VERBOSE */
+
+/* Experimental Kyber */
+#if 0
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+    #endif
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
 
 
 /* The Espressif sdkconfig will have chipset info.
 /* The Espressif sdkconfig will have chipset info.
 **
 **
-** Possible values:
+** Some possible values:
 **
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +60,34 @@
 #undef  WOLFSSL_ESPIDF
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
 
+/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
+#define NO_ESP_SDK_WIFI
+
 /*
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chipsets should be defined:
  *
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
 
 
-#define WOLFSSL_ESP32
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate, try NO_SESSION_CACHE.  */
+#define MICRO_SESSION_CACHE
 
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +101,10 @@
 /* #define NO_OLD_TLS */
 /* #define NO_OLD_TLS */
 
 
 #define BENCH_EMBEDDED
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
+
+#define WOLFSSL_SMALL_STACK
+#define HAVE_ECC
+#define RSA_LOW_MEM
 
 
 /* TLS 1.3                                 */
 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
 #define WOLFSSL_TLS13
@@ -79,39 +122,45 @@
 
 
 #define HAVE_AESGCM
 #define HAVE_AESGCM
 
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 #define WOLFSSL_SHA224
 
 
 /* when you want to use SHA384 */
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 #define WOLFSSL_SHA384
 
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+	/* Some known low-memory devices have features not enabled by default. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
 
 
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+    /* when you want to use SHA3 */
+    #define WOLFSSL_SHA3
 
 
-#define HAVE_ED25519 /* ED25519 requires SHA512 */
+	/* ED25519 requires SHA512 */
+    #define HAVE_ED25519
 
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+    #define HAVE_ED25519
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 
- #define OPENSSL_EXTRA
 /* when you want to use pkcs7 */
 /* when you want to use pkcs7 */
 /* #define HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
-
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
 #if defined(HAVE_PKCS7)
     #define HAVE_AES_KEYWRAP
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT
 #endif
 #endif
 
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 /* #define WOLFSSL_AES_COUNTER */
 
 
@@ -125,7 +174,7 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 #endif
 
 
-/* rsa primitive specific definition */
+/* RSA primitive specific definition */
 #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
 #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     /* Define USE_FAST_MATH and SMALL_STACK                        */
     /* Define USE_FAST_MATH and SMALL_STACK                        */
     #define ESP32_USE_RSA_PRIMITIVE
     #define ESP32_USE_RSA_PRIMITIVE
@@ -145,8 +194,6 @@
     #endif
     #endif
 #endif
 #endif
 
 
-#define RSA_LOW_MEM
-
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
 
 /* date/time                               */
 /* date/time                               */
@@ -173,10 +220,6 @@
 /* #undef USE_FAST_MATH          */
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 /* #define USE_INTEGER_HEAP_MATH */
 
 
-
-#define WOLFSSL_SMALL_STACK
-
-
 #define HAVE_VERSION_EXTENDED_INFO
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 /* #define HAVE_WC_INTROSPECTION */
 
 
@@ -190,7 +233,6 @@
 #define WOLFSSL_CERT_EXT
 #define WOLFSSL_CERT_EXT
 #define WOLFSSL_SYS_CA_CERTS
 #define WOLFSSL_SYS_CA_CERTS
 
 
-
 #define WOLFSSL_CERT_TEXT
 #define WOLFSSL_CERT_TEXT
 
 
 #define WOLFSSL_ASN_TEMPLATE
 #define WOLFSSL_ASN_TEMPLATE
@@ -203,7 +245,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 */
 
 
-/*
+/* command-line options
 --enable-keygen
 --enable-keygen
 --enable-certgen
 --enable-certgen
 --enable-certreq
 --enable-certreq
@@ -211,10 +253,11 @@
 --enable-asn-template
 --enable-asn-template
 */
 */
 
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -232,6 +275,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -244,6 +288,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -257,6 +302,7 @@
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -282,6 +328,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -299,6 +346,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -315,6 +363,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -323,7 +372,11 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -340,6 +393,7 @@
 
 
 #else
 #else
     /* Anything else encountered, disable HW accleration */
     /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -347,6 +401,7 @@
 #endif /* CONFIG_IDF_TARGET Check */
 #endif /* CONFIG_IDF_TARGET Check */
 
 
 /* Debug options:
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
 
 #define ESP_VERIFY_MEMBLOCK
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL
@@ -367,7 +422,7 @@
 
 
 /* #define HASH_SIZE_LIMIT */ /* for test.c */
 /* #define HASH_SIZE_LIMIT */ /* for test.c */
 
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
 
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -390,8 +445,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 
 /* when turning on ECC508 / ECC608 support
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
 #define WOLFSSL_ESPWROOM32SE
@@ -400,12 +455,75 @@
 #define ATCA_WOLFSSL
 #define ATCA_WOLFSSL
 */
 */
 
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 #define WOLFSSL_SM4
 */
 */
 
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
     #define CTX_CA_CERT          root_sm2
@@ -421,15 +539,45 @@
     #undef  WOLFSSL_BASE16
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h

@@ -1,6 +1,6 @@
 /* template main.h
 /* template main.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h

@@ -1,6 +1,6 @@
 /* server-tls.h
 /* server-tls.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 3 - 2
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h

@@ -1,5 +1,5 @@
 /*
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -38,7 +38,8 @@ int esp_show_current_datetime();
 int set_fixed_default_time(void);
 int set_fixed_default_time(void);
 
 
 /* set time from string (e.g. GitHub commit time) */
 /* set time from string (e.g. GitHub commit time) */
-int set_time_from_string(char* time_buffer);
+/* When not using the new esp-sdk-lib.h helpers: */
+/* int set_time_from_string(char* time_buffer); */
 
 
 /* set time from NTP servers,
 /* set time from NTP servers,
  * also initially calls set_fixed_default_time or set_time_from_string */
  * also initially calls set_fixed_default_time or set_time_from_string */

+ 10 - 4
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* wifi_connect.h
 /* wifi_connect.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -28,7 +28,7 @@
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 
 
 #define TLS_SMP_SERVER_TASK_NAME         "tls_sever_example"
 #define TLS_SMP_SERVER_TASK_NAME         "tls_sever_example"
-#define TLS_SMP_SERVER_TASK_WORDS        22240
+#define TLS_SMP_SERVER_TASK_BYTES        22240
 #define TLS_SMP_SERVER_TASK_PRIORITY     8
 #define TLS_SMP_SERVER_TASK_PRIORITY     8
 
 
 #define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
 #define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
@@ -77,13 +77,19 @@
     #ifdef CONFIG_ESP_WIFI_SSID
     #ifdef CONFIG_ESP_WIFI_SSID
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
     #else
     #else
-        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_SSID
+            #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        #endif
     #endif
     #endif
 
 
     #ifdef CONFIG_ESP_WIFI_PASSWORD
     #ifdef CONFIG_ESP_WIFI_PASSWORD
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
     #else
     #else
-        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_PASS
+            #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        #endif
     #endif
     #endif
 #endif
 #endif
 
 

+ 3 - 12
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c

@@ -1,6 +1,6 @@
 /* main.c
 /* main.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -234,24 +234,15 @@ void app_main(void)
 
 
     /* done */
     /* done */
     while (1) {
     while (1) {
-        ESP_LOGV(TAG, "\n\nLoop...\n\n");
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
-        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
-
-        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                     - uxTaskGetStackHighWaterMark(NULL));
-        ESP_LOGI(TAG, "Stack delta: %d\n", stack_start
-                                     - uxTaskGetStackHighWaterMark(NULL));
-#endif
 
 
 #if defined(SINGLE_THREADED)
 #if defined(SINGLE_THREADED)
         ESP_LOGV(TAG, "\n\nDone!\n\n");
         ESP_LOGV(TAG, "\n\nDone!\n\n");
         while (1);
         while (1);
 #else
 #else
-        vTaskDelay(60000);
+        /* Delete this main task to free up memory */
         ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
         ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
         vTaskDelete(NULL);
         vTaskDelete(NULL);
 #endif
 #endif
-    } /* done whle */
+    } /* done while */
 
 
 } /* app_main */
 } /* app_main */

+ 49 - 47
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c

@@ -1,6 +1,6 @@
 /* server-tls.c
 /* server-tls.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -31,10 +31,16 @@
 /* socket includes */
 /* socket includes */
 #include <lwip/netdb.h>
 #include <lwip/netdb.h>
 #include <lwip/sockets.h>
 #include <lwip/sockets.h>
+#include <netinet/tcp.h> /* For TCP options */
+#include <sys/socket.h>
+
+#ifndef TCP_RTO_MIN
+    #define TCP_RTO_MIN 1500
+#endif
 
 
 /* wolfSSL */
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/settings.h>
-#include "user_settings.h"
+#include <wolfssl/certs_test.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/ssl.h>
 
 
 #ifdef WOLFSSL_TRACK_MEMORY
 #ifdef WOLFSSL_TRACK_MEMORY
@@ -50,30 +56,6 @@
     #define DEFAULT_MAX_DHKEY_BITS 2048
     #define DEFAULT_MAX_DHKEY_BITS 2048
 #endif
 #endif
 
 
-#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
-    #include <wolfssl/certs_test_sm.h>
-    #define CTX_CA_CERT          root_sm2
-    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
-    #define CTX_SERVER_CERT      server_sm2
-    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
-    #define CTX_SERVER_KEY       server_sm2_priv
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
-#else
-    #include <wolfssl/certs_test.h>
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
-
 /* Project */
 /* Project */
 #include "wifi_connect.h"
 #include "wifi_connect.h"
 #include "time_helper.h"
 #include "time_helper.h"
@@ -112,7 +94,6 @@ int ShowCiphers(WOLFSSL* ssl)
     return ret;
     return ret;
 }
 }
 
 
-
 /* FreeRTOS */
 /* FreeRTOS */
 /* server task */
 /* server task */
 WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
 WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
@@ -133,7 +114,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
     int                ret;
     int                ret;
     socklen_t          size = sizeof(clientAddr);
     socklen_t          size = sizeof(clientAddr);
     size_t             len;
     size_t             len;
-
+#if 0
+    /* optionally set TCP RTO. See also below. */
+    int rto_min = 200; /* Minimum TCP RTO in milliseconds */
+#endif
     /* declare wolfSSL objects */
     /* declare wolfSSL objects */
     WOLFSSL_CTX* ctx;
     WOLFSSL_CTX* ctx;
     WOLFSSL*     ssl;
     WOLFSSL*     ssl;
@@ -157,16 +141,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
         ESP_LOGE(TAG, "ERROR: failed to create the socket");
         ESP_LOGE(TAG, "ERROR: failed to create the socket");
     }
     }
 
 
+    /* Optionally set TCP RTO
+    setsockopt(sockfd, IPPROTO_TCP, TCP_RTO_MIN, &rto_min, sizeof(rto_min)); */
+
     /* Create and initialize WOLFSSL_CTX */
     /* Create and initialize WOLFSSL_CTX */
     WOLFSSL_MSG("Create and initialize WOLFSSL_CTX");
     WOLFSSL_MSG("Create and initialize WOLFSSL_CTX");
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
     ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
-    // ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());  /* only TLS 1.3 */
+    /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); for only TLS 1.3 */
     if (ctx == NULL) {
     if (ctx == NULL) {
         ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
         ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
     }
     }
 #else
 #else
-    /* TODO remove duplicate */
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
         ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
         ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
     }
     }
@@ -304,8 +290,8 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
     ESP_LOGI(TAG, "accept clients...");
     ESP_LOGI(TAG, "accept clients...");
     /* Continue to accept clients until shutdown is issued */
     /* Continue to accept clients until shutdown is issued */
     while (!shutdown) {
     while (!shutdown) {
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES
+                                        - uxTaskGetStackHighWaterMark(NULL) );
         WOLFSSL_MSG("Waiting for a connection...");
         WOLFSSL_MSG("Waiting for a connection...");
         wifi_show_ip();
         wifi_show_ip();
 
 
@@ -314,16 +300,33 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
             == -1) {
             == -1) {
              ESP_LOGE(TAG, "ERROR: failed to accept the connection");
              ESP_LOGE(TAG, "ERROR: failed to accept the connection");
         }
         }
+#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+        ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled");
+#endif
         /* Create a WOLFSSL object */
         /* Create a WOLFSSL object */
         if ((ssl = wolfSSL_new(ctx)) == NULL) {
         if ((ssl = wolfSSL_new(ctx)) == NULL) {
             ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
             ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
         }
         }
-
+#if defined(WOLFSSL_HAVE_KYBER)
+        else {
+            /* If success creating CTX and Kyber enabled, set key share: */
+            ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
+            if (ret == SSL_SUCCESS) {
+                ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success");
+            }
+            else {
+                ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed");
+            }
+        }
+#else
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
+#endif
         /* show what cipher connected for this WOLFSSL* object */
         /* show what cipher connected for this WOLFSSL* object */
         ShowCiphers(ssl);
         ShowCiphers(ssl);
 
 
         /* Attach wolfSSL to the socket */
         /* Attach wolfSSL to the socket */
         wolfSSL_set_fd(ssl, connd);
         wolfSSL_set_fd(ssl, connd);
+
         /* Establish TLS connection */
         /* Establish TLS connection */
         ret = wolfSSL_accept(ssl);
         ret = wolfSSL_accept(ssl);
         if (ret == SSL_SUCCESS) {
         if (ret == SSL_SUCCESS) {
@@ -333,23 +336,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
             ESP_LOGE(TAG, "wolfSSL_accept error %d",
             ESP_LOGE(TAG, "wolfSSL_accept error %d",
                            wolfSSL_get_error(ssl, ret));
                            wolfSSL_get_error(ssl, ret));
         }
         }
-        WOLFSSL_MSG("Client connected successfully");
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "Client connected successfully");
 
 
         /* Read the client data into our buff array */
         /* Read the client data into our buff array */
         memset(buff, 0, sizeof(buff));
         memset(buff, 0, sizeof(buff));
         if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
         if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
             ESP_LOGE(TAG, "ERROR: failed to read");
             ESP_LOGE(TAG, "ERROR: failed to read");
         }
         }
-        /* Print to stdout any data the client sends */
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
-        WOLFSSL_MSG("Client sends:");
-        WOLFSSL_MSG(buff);
+
+        ESP_LOGI(TAG, "Client sends: %s", buff);
         /* Check for server shutdown command */
         /* Check for server shutdown command */
         if (strncmp(buff, "shutdown", 8) == 0) {
         if (strncmp(buff, "shutdown", 8) == 0) {
-            WOLFSSL_MSG("Shutdown command issued!");
+            ESP_LOGI(TAG, "Shutdown command issued!");
             shutdown = 1;
             shutdown = 1;
         }
         }
         /* Write our reply into buff */
         /* Write our reply into buff */
@@ -360,10 +358,12 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
         if (wolfSSL_write(ssl, buff, len) != len) {
         if (wolfSSL_write(ssl, buff, len) != len) {
             ESP_LOGE(TAG, "ERROR: failed to write");
             ESP_LOGE(TAG, "ERROR: failed to write");
         }
         }
+
+        ESP_LOGI(TAG, "Done! Cleanup...");
         /* Cleanup after this connection */
         /* Cleanup after this connection */
         wolfSSL_free(ssl);      /* Free the wolfSSL object              */
         wolfSSL_free(ssl);      /* Free the wolfSSL object              */
         close(connd);           /* Close the connection to the client   */
         close(connd);           /* Close the connection to the client   */
-    }
+    } /* !shutdown */
     /* Cleanup and return */
     /* Cleanup and return */
     wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
     wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
     wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
     wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
@@ -397,12 +397,14 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
 #else
 #else
     xTaskHandle _handle;
     xTaskHandle _handle;
 #endif
 #endif
-    /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */
+    /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
+     * Espressif uses BYTES for the task stack size here.
+     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
     ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d",
     ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d",
-                   TLS_SMP_SERVER_TASK_WORDS);
+                   TLS_SMP_SERVER_TASK_BYTES);
     ret_i = xTaskCreate(tls_smp_server_task,
     ret_i = xTaskCreate(tls_smp_server_task,
                       TLS_SMP_SERVER_TASK_NAME,
                       TLS_SMP_SERVER_TASK_NAME,
-                      TLS_SMP_SERVER_TASK_WORDS, /* not bytes! */
+                      TLS_SMP_SERVER_TASK_BYTES,
                       (void*)&thisPort,
                       (void*)&thisPort,
                       TLS_SMP_SERVER_TASK_PRIORITY,
                       TLS_SMP_SERVER_TASK_PRIORITY,
                       &_handle);
                       &_handle);
@@ -411,7 +413,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
         ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME);
         ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME);
     }
     }
 
 
-    /* vTaskStartScheduler(); // called automatically in ESP-IDF */
+    /* vTaskStartScheduler();  called automatically in ESP-IDF */
     return TLS_SMP_CLIENT_TASK_RET;
     return TLS_SMP_CLIENT_TASK_RET;
 }
 }
 #endif
 #endif

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c

@@ -1,6 +1,6 @@
 /* time_helper.c
 /* time_helper.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c
 /* wifi_connect.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 5 - 69
IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt

@@ -1,79 +1,15 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.1
 #
 #
 # The following lines of boilerplate have to be in your project's
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.16)
+cmake_minimum_required(VERSION 3.5)
 
 
-# The wolfSSL CMake file should be able to find the source code.
-# Otherwise, assign an environment variable or set it here:
-#
-# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
-#
-# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
-# USE_MY_PRIVATE_CONFIG path for my_private_config.h
-#
-# Expected path varies:
-#
-#     WSL:  /mnt/c/workspace
-#   Linux:  ~/workspace
-# Windows:  C:\workspace
-#
-if(WIN32)
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
-endif()
-if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
-endif()
-if(APPLE)
-    message("Detected APPLE")
-endif()
-if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
-endif()
-if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
-endif()
-if(APPLE)
-    # Windows-specific configuration here
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
-endif()
-# End optional WOLFSSL_CMAKE_SYSTEM_NAME
-
-# Check that there are not conflicting wolfSSL components
-# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
-# The local component wolfSSL directory will be in ./components/wolfssl
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
-    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
-    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
-    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
-    # So we'll error out and let the user decide how to proceed:
-    message(WARNING "\nFound wolfSSL components in\n"
-                    "./managed_components/wolfssl__wolfssl\n"
-                    "and\n"
-                    "./components/wolfssl\n"
-                    "in project directory: \n"
-                    "${CMAKE_HOME_DIRECTORY}")
-    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
-                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
-                        "or rename the idf_component.yml file typically found in ./main/")
-else()
-    message(STATUS "No conflicting wolfSSL components found.")
-endif()
+add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
 
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 
-set(COMPONENTS
-  main
-  wolfssl
-  # cryptoauthlib
-) # set components
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
 
 project(wolfssl_test)
 project(wolfssl_test)

+ 6 - 3
IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile

@@ -3,9 +3,12 @@
 # project subdirectory.
 # project subdirectory.
 #
 #
 
 
-PROJECT_NAME := wolfssl_test
-
 CFLAGS += -DWOLFSSL_USER_SETTINGS
 CFLAGS += -DWOLFSSL_USER_SETTINGS
 
 
-include $(IDF_PATH)/make/project.mk
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG
 
 
+PROJECT_NAME := wolfssl_test
+
+include $(IDF_PATH)/make/project.mk

+ 2 - 2
IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj

@@ -71,7 +71,7 @@
           <Subdirectory>esp-idf/v5.0</Subdirectory>
           <Subdirectory>esp-idf/v5.0</Subdirectory>
           <Type>ESPIDF</Type>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         </IDFCheckout>
-        <COMPort>COM9</COMPort>
+        <COMPort>COM19</COMPort>
         <SuppressTestPrerequisiteChecks>false</SuppressTestPrerequisiteChecks>
         <SuppressTestPrerequisiteChecks>false</SuppressTestPrerequisiteChecks>
         <UseCCache>false</UseCCache>
         <UseCCache>false</UseCCache>
         <DeviceID>ESP32</DeviceID>
         <DeviceID>ESP32</DeviceID>
@@ -93,7 +93,7 @@
   </CustomDebug>
   </CustomDebug>
   <DeviceTerminalSettings>
   <DeviceTerminalSettings>
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM20</ComPortName>
+      <ComPortName>COM19</ComPortName>
       <AdvancedSettings>
       <AdvancedSettings>
         <BaudRate>115200</BaudRate>
         <BaudRate>115200</BaudRate>
         <DataBits>8</DataBits>
         <DataBits>8</DataBits>

+ 261 - 41
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt

@@ -1,5 +1,5 @@
 #
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+#  Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #
 #  This file is part of wolfSSL.
 #  This file is part of wolfSSL.
 #
 #
@@ -19,16 +19,95 @@
 #
 #
 # cmake for wolfssl Espressif projects
 # cmake for wolfssl Espressif projects
 #
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.0 template update + THIS_IDF_PATH
 #
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
 #
 
 
 cmake_minimum_required(VERSION 3.16)
 cmake_minimum_required(VERSION 3.16)
+
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message("Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message("Detected UNIX")
+    endif()
+    if(APPLE)
+        message("Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message("Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message("Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message("Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+endif()
 
 
 # find the user name to search for possible "wolfssl-username"
 # find the user name to search for possible "wolfssl-username"
 message(STATUS "USERNAME = $ENV{USERNAME}")
 message(STATUS "USERNAME = $ENV{USERNAME}")
@@ -45,6 +124,11 @@ else()
 endif()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 message(STATUS "THIS_USER = ${THIS_USER}")
 
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
 
 
 # COMPONENT_NAME = wolfssl
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # The component name is the directory name. "No feature to change this".
@@ -71,27 +155,41 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
     endif()
 endfunction()
 endfunction()
 
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+        else()
+            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
+            if( FOUND_WOLFSSL )
+                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            else()
+                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
+                message(STATUS "$ENV{WOLFSSL_ROOT}")
+            endif()
+        endif()
     else()
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
-            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
-            return()
+            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
         else()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
         endif()
         endif()
     endif()
     endif()
 
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
             return()
         endif()
         endif()
 
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
                 return()
             endif()
             endif()
         endif()
         endif()
@@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
             set(CURRENT_SEARCH_DIR "")
         endif()
         endif()
     endwhile()
     endwhile()
@@ -149,17 +279,47 @@ endfunction()
 
 
 
 
 # Example usage:
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
 
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
 
 
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "")
+    set(THIS_INCLUDE_DRIVER "")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_INCLUDE_DRIVER "driver")
+endif()
 
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          ${THIS_INCLUDE_TIMER}
+                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
                            )
                            )
 
 
 else()
 else()
@@ -171,24 +331,52 @@ else()
     # search for wolfSSL
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Searching for wolfSL source code...")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        message(STATUS "Failed: wolfssl directory not found.")
         # Abort. We need wolfssl _somewhere_.
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        # Abort CMake after fatal error.
     endif()
     endif()
 
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
 
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
     endif()
 
 
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
@@ -200,16 +388,19 @@ else()
 
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
 
+    # wolfSSL user_settings.h is in the local project.
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
 
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
 
 
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -232,11 +423,13 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
         message(STATUS "")
 
 
+        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
+        # Abort CMake after fatal error.
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
 
@@ -286,6 +479,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -355,17 +549,22 @@ else()
             message(STATUS "Could not find RTOS path")
             message(STATUS "Could not find RTOS path")
         endif()
         endif()
     endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
     set(COMPONENT_ADD_INCLUDEDIRS
         "./include" # this is the location of wolfssl user_settings.h
         "./include" # this is the location of wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
         )
 
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
     endif()
@@ -374,7 +573,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -387,6 +586,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -423,17 +624,34 @@ else()
                             INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
                             INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             REQUIRES "${COMPONENT_REQUIRES}"
                             EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
                             EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
+                            PRIV_REQUIRES
+                              "${THIS_INCLUDE_TIMER}"
+                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
                            )
-    # some optional diagnostics
-    if (1)
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         endforeach()
         message(STATUS "")
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
         message(STATUS "ALL VARIABLES END")
@@ -520,6 +738,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION)
     execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
 
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
     message(STATUS "************************************************************************************************")
     message(STATUS "************************************************************************************************")
     message(STATUS "wolfssl component config complete!")
     message(STATUS "wolfssl component config complete!")
     message(STATUS "************************************************************************************************")
     message(STATUS "************************************************************************************************")

+ 240 - 40
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk

@@ -1,40 +1,240 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# In the wolfSSL GitHub examples for Espressif,
+# the root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../../
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+
+# WOLFSSL_ROOT := ""
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
+COMPONENT_SRCDIRS += include
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+
+##
+## wolfcrypt test (optional)
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+
+##
+## wolfcrypt
+##
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src

+ 367 - 65
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
 /* user_settings.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -19,12 +19,22 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
  */
 
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here
+ *
+ * When editing this file:
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
+ */
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 
 /* The Espressif sdkconfig will have chipset info.
 /* The Espressif sdkconfig will have chipset info.
 **
 **
-** Possible values:
+** Some possible values:
 **
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +46,175 @@
 #undef  WOLFSSL_ESPIDF
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
 
+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+#define NO_ESP_SDK_WIFI
+
+/* Experimental Kyber */
+#if 0
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+#endif
+
 /*
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESP32
- * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
  * WOLFSSL_ESP8266
  */
  */
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP32
 #undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
 
 
-#define WOLFSSL_ESP32
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+/* Uncommon settings for testing only */
+#define TEST_ESPIDF_ALL_WOLFSSL
+#ifdef  TEST_ESPIDF_ALL_WOLFSSL
+    #define WOLFSSL_MD2
+    #define HAVE_BLAKE2
+    #define HAVE_BLAKE2B
+    #define HAVE_BLAKE2S
+
+    #define WC_RC2
+    #define WOLFSSL_ALLOW_RC4
+
+    #define HAVE_POLY1305
+
+    #define WOLFSSL_AES_128
+    #define WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_CFB
+    #define WOLFSSL_AES_XTS
+
+    /* #define WC_SRTP_KDF */
+    /* TODO Causes failure with Espressif AES HW Enabled */
+    /* #define HAVE_AES_ECB */
+    /* #define HAVE_AESCCM  */
+    /* TODO sanity check when missing HAVE_AES_ECB */
+    #define WOLFSSL_WOLFSSH
+
+    #define HAVE_AESGCM
+    #define WOLFSSL_AES_COUNTER
+
+    #define HAVE_FFDHE
+    #define HAVE_FFDHE_2048
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* TODO Full size SRP is disabled on the ESP8266 at this time.
+         * Low memory issue? */
+        #define WOLFCRYPT_HAVE_SRP
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+          defined(CONFIG_IDF_TARGET_ESP32S2) || \
+          defined(CONFIG_IDF_TARGET_ESP32S3)
+        /* TODO: SRP Not enabled, known to fail on this target
+         * See https://github.com/wolfSSL/wolfssl/issues/7210 */
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32H2)
+        /* SRP Known to be working on this target::*/
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #else
+        /* For everything else, give a try and see if SRP working: */
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+
+    #define HAVE_DH
+
+    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+    /* #define HAVE_CAMELLIA */
+
+    /* DSA requires old SHA */
+    #define HAVE_DSA
+
+    /* Needs SHA512 ? */
+    #define HAVE_HPKE
+
+    /* Not for Espressif? */
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP32H2) || \
+        defined(CONFIG_IDF_TARGET_ESP8266)
+
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            #undef HAVE_ECC
+            #undef HAVE_ECC_CDH
+            #undef HAVE_CURVE25519
+
+            /* TODO does CHACHA also need alignment? Failing on ESP8266
+             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
+            #ifdef HAVE_CHACHA
+                #error "HAVE_CHACHA not supported on ESP8266"
+            #endif
+            #ifdef HAVE_XCHACHA
+                #error "HAVE_XCHACHA not supported on ESP8266"
+            #endif
+        #else
+            #define HAVE_XCHACHA
+            #define HAVE_CHACHA
+            /* TODO Not enabled at this time, needs further testing:
+             *   #define WC_SRTP_KDF
+             *   #define HAVE_COMP_KEY
+             *   #define WOLFSSL_HAVE_XMSS
+             */
+        #endif
+        /* TODO AES-EAX not working on this platform */
+
+        /* Optionally disable DH
+         *   #undef HAVE_DH
+         *   #undef HAVE_FFDHE
+         */
+
+        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+        #ifndef HAVE_ECC
+            #define ECC_SHAMIR
+        #endif
+    #else
+        #define WOLFSSL_AES_EAX
+
+        #define ECC_SHAMIR
+    #endif
+
+    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+    /* #define WOLFSSL_CAAM      */
+    /* #define WOLFSSL_CAAM_BLOB */
+
+    #define WOLFSSL_AES_SIV
+    #define WOLFSSL_CMAC
+
+    #define WOLFSSL_CERT_PIV
+
+    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+    /* #define HAVE_SCRYPT */
+    #define SCRYPT_TEST_ALL
+    #define HAVE_X963_KDF
+#endif
 
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,7 +228,6 @@
 /* #define NO_OLD_TLS */
 /* #define NO_OLD_TLS */
 
 
 #define BENCH_EMBEDDED
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 
 /* TLS 1.3                                 */
 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
 #define WOLFSSL_TLS13
@@ -79,7 +245,9 @@
 
 
 #define HAVE_AESGCM
 #define HAVE_AESGCM
 
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 #define WOLFSSL_SHA224
 
 
@@ -95,24 +263,34 @@
  /* ED25519 requires SHA512 */
  /* ED25519 requires SHA512 */
 #define HAVE_ED25519
 #define HAVE_ED25519
 
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* TODO determine low memory configuration for ECC. */
+#else
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+#endif
+
 #define HAVE_ED25519
 #define HAVE_ED25519
 
 
+/* Optional OPENSSL compatibility */
 #define OPENSSL_EXTRA
 #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
-/* #define HAVE_PKCS7 */
 
 
+/* #Optional HAVE_PKCS7 */
 #define HAVE_PKCS7
 #define HAVE_PKCS7
 
 
 #if defined(HAVE_PKCS7)
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT
 #endif
 #endif
 
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 /* #define WOLFSSL_AES_COUNTER */
 
 
@@ -126,27 +304,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 #endif
 
 
-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
-
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
 
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
 
@@ -158,7 +320,7 @@
 
 
 
 
 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+#define ESP_RSA_TIMEOUT_CNT    0x349F00
 
 
 /* hash limit for test.c */
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
 #define HASH_SIZE_LIMIT
@@ -206,7 +368,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 */
 
 
-/*
+/* command-line options
 --enable-keygen
 --enable-keygen
 --enable-certgen
 --enable-certgen
 --enable-certreq
 --enable-certreq
@@ -214,10 +376,14 @@
 --enable-asn-template
 --enable-asn-template
 */
 */
 
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -235,6 +401,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -247,6 +414,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -260,6 +428,7 @@
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -285,6 +454,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -302,6 +472,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
 
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_ESP32_CRYPT                 */
@@ -318,6 +489,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -326,7 +498,11 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -343,13 +519,42 @@
 
 
 #else
 #else
     /* Anything else encountered, disable HW accleration */
     /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 #endif /* CONFIG_IDF_TARGET Check */
 
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
 
 #define ESP_VERIFY_MEMBLOCK
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL
@@ -363,6 +568,14 @@
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
 #define ESP_DISABLE_HW_TASK_LOCK
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 */
 
 
 /* Pause in a loop rather than exit. */
 /* Pause in a loop rather than exit. */
@@ -396,8 +609,9 @@
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 
 /* when turning on ECC508 / ECC608 support
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
 #define WOLFSSL_ESPWROOM32SE
@@ -406,12 +620,75 @@
 #define ATCA_WOLFSSL
 #define ATCA_WOLFSSL
 */
 */
 
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 #define WOLFSSL_SM4
 */
 */
 
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
     #define CTX_CA_CERT          root_sm2
@@ -427,24 +704,49 @@
     #undef  WOLFSSL_BASE16
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
-
-/* See settings.h for some of the possible hardening options:
- *
- *  #define NO_ESPIDF_DEFAULT
- *  #define WC_NO_CACHE_RESISTANT
- *  #define WC_AES_BITSLICED
- *  #define HAVE_AES_ECB
- *  #define HAVE_AES_DIRECT
- */
+    #if defined(USE_CERT_BUFFERS_2048)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+    	/* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */

+ 4 - 75
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt

@@ -3,78 +3,7 @@
 #
 #
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 
-set(COMPONENT_SRCS "main.c")
-
-# when using time helper:
-# set(COMPONENT_SRCS "main.c" "time_helper.c")
-
-set(COMPONENT_ADD_INCLUDEDIRS ".")
-
-set (git_cmd "git")
-
-if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
-    #
-    # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
-    #
-    message(STATUS "")
-    message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH")
-    message(STATUS "")
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
-endif()
-
-idf_component_register(SRCS main.c
-                       INCLUDE_DIRS "." 
-                       "./include")
-
-#
-# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
-#
-# Save the THIS_VAR as a string in a macro called VAR_OUPUT
-#
-# VAR_OUPUT:  the name of the macro to define
-# THIS_VAR:   the OUTPUT_VARIABLE result from a execute_process()
-# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
-#
-function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
-    # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
-    string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
-
-    # if we had a successful operation, save the THIS_VAR in VAR_OUPUT
-    if(${IS_VALID_VALUE})
-        # strip newline chars in THIS_VAR parameter and save in VAR_VALUE
-        string(REPLACE "\n" ""  VAR_VALUE  ${THIS_VAR})
-
-        # we'll could percolate the value to the parent for possible later use
-        # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
-
-        # but we're only using it here in this function
-        set(${VAR_OUPUT} ${VAR_VALUE})
-
-        # we'll print what we found to the console
-        message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
-
-        # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
-    else()
-        # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
-        set(${VAR_OUPUT} "Unknown")
-    endif()
-endfunction() # LIBWOLFSSL_SAVE_INFO
-
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
-    # LIBWOLFSSL_VERSION_GIT_HASH
-    execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
-
-    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH
-    execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
-
-    # LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
-endif()
-
-message(STATUS "")
-
+idf_component_register(SRCS
+                         "main.c"
+                       INCLUDE_DIRS
+                         ".")

+ 8 - 2
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk

@@ -1,3 +1,9 @@
 #
 #
-# Main Makefile. This is basically the same as a component makefile.
-#
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h

@@ -1,6 +1,6 @@
 /* template main.h
 /* template main.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 0 - 32
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h

@@ -1,32 +0,0 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-#ifndef _TIME_HELPER_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int set_time(void);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* #ifndef _TIME_HELPER_H */

+ 67 - 72
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c

@@ -1,6 +1,6 @@
 /* main.c
 /* main.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -24,22 +24,43 @@
 #include "sdkconfig.h"
 #include "sdkconfig.h"
 
 
 /* wolfSSL */
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef WOLFSSL_ESPIDF
-#warning "problem with wolfSSL user settings. Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/version.h>
+    #include <wolfssl/wolfcrypt/types.h>
+    #include <wolfcrypt/test/test.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 #endif
 
 
-#include <wolfcrypt/test/test.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#include "driver/uart.h"
 
 
-/* set to 0 for one benchmark,
-** set to 1 for continuous benchmark loop */
+
+/* set to 0 for one test,
+** set to 1 for continuous test loop */
 #define TEST_LOOP 0
 #define TEST_LOOP 0
 
 
+#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200
+
+#ifdef CONFIG_ESP8266_XTAL_FREQ_26
+    /* 26MHz crystal: 74880 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 74880
+#else
+    /* 40MHz crystal: 115200 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 115200
+#endif
+
 /*
 /*
 ** the wolfssl component can be installed in either:
 ** the wolfssl component can be installed in either:
 **
 **
@@ -55,13 +76,9 @@
 
 
 /*
 /*
 ** although the wolfcrypt/test includes a default time setting,
 ** although the wolfcrypt/test includes a default time setting,
-** see the enclosed optional time helper for adding NNTP.
-** be sure to add "time_helper.c" in main/CMakeLists.txt
-*/
+** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */
+
 #undef WOLFSSL_USE_TIME_HELPER
 #undef WOLFSSL_USE_TIME_HELPER
-#if defined(WOLFSSL_USE_TIME_HELPER)
-    #include "time_helper.h" */
-#endif
 
 
 /* see wolfssl/wolfcrypt/test/test.h */
 /* see wolfssl/wolfcrypt/test/test.h */
 extern void wolf_crypt_task();
 extern void wolf_crypt_task();
@@ -132,14 +149,36 @@ void my_atmel_free(int slotId)
 /* entry point */
 /* entry point */
 void app_main(void)
 void app_main(void)
 {
 {
-    int stack_start = 0;
+    uart_config_t uart_config = {
+        .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
+        .data_bits = UART_DATA_8_BITS,
+        .parity    = UART_PARITY_DISABLE,
+        .stop_bits = UART_STOP_BITS_1,
+    };
     esp_err_t ret = 0;
     esp_err_t ret = 0;
+    wc_ptr_t stack_start = esp_sdk_stack_pointer();
+
+    /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
+     *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
+
+    /* Some targets may need to have UART speed set. TODO: which? */
+    ESP_LOGI(TAG, "UART init");
+    uart_param_config(UART_NUM_0, &uart_config);
+    uart_driver_install(UART_NUM_0,
+                        THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0);
+
     ESP_LOGI(TAG, "------------------ wolfSSL Test Example ----------------");
     ESP_LOGI(TAG, "------------------ wolfSSL Test Example ----------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
+
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
+    esp_DisableWatchdog();
+#endif
 
 
 #ifdef ESP_TASK_MAIN_STACK
 #ifdef ESP_TASK_MAIN_STACK
      ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
      ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
@@ -166,51 +205,9 @@ void app_main(void)
     esp_ShowExtendedSystemInfo();
     esp_ShowExtendedSystemInfo();
 #endif
 #endif
 
 
-    /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32)
-    ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
-            );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#elif defined(CONFIG_IDF_TARGET_ESP32S2)
-    ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#elif defined(CONFIG_IDF_TARGET_ESP32S3)
-    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#else
-    /* not available for other platformas at this time */
-#endif
-
     /* all platforms: stack high water mark check */
     /* all platforms: stack high water mark check */
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 
 
-    /* check to see if we are using hardware encryption
-     * TODO: move this to esp_util.c  */
-#if defined(NO_ESP32_CRYPT)
-    ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED.");
-#else
-    #if defined(CONFIG_IDF_TARGET_ESP32C2)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C2.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C3.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32S2)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S2.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32S3)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S3.");
-
-    #else
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled.");
-    #endif
-#endif
-
 #if defined (WOLFSSL_USE_TIME_HELPER)
 #if defined (WOLFSSL_USE_TIME_HELPER)
     set_time();
     set_time();
 #endif
 #endif
@@ -256,19 +253,10 @@ void app_main(void)
     ** This is called at the end of wolf_test_task();
     ** This is called at the end of wolf_test_task();
     */
     */
 
 
-    if (ret == 0) {
-        ESP_LOGI(TAG, "wolf_test_task complete success result code = %d", ret);
-    }
-    else {
-        ESP_LOGE(TAG, "wolf_test_task FAIL result code = %d", ret);
-        /* see wolfssl/wolfcrypt/error-crypt.h */
-    }
-
-#if defined(DEBUG_WOLFSSL) && !defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI)
+#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
     esp_hw_show_mp_metrics();
     esp_hw_show_mp_metrics();
 #endif
 #endif
 
 
-    /* after the test, we'll just wait */
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
         ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
         ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
 
@@ -276,7 +264,14 @@ void app_main(void)
                                         - (uxTaskGetStackHighWaterMark(NULL)));
                                         - (uxTaskGetStackHighWaterMark(NULL)));
 #endif
 #endif
 
 
-#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
     ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
     ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
 #else
 #else
     ESP_LOGI(TAG, "\n\nDone!\n\n"
     ESP_LOGI(TAG, "\n\nDone!\n\n"

+ 0 - 120
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c

@@ -1,120 +0,0 @@
-/* time_helper.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#include <string.h>
-#include <lwip/apps/sntp.h>
-
-#include "sdkconfig.h"
-#include "esp_log.h"
-
-#include "time_helper.h"
-
-const static char* TAG = "Time Helper";
-
-#define TIME_ZONE "PST-8"
-/* NELEMS(x) number of elements
- * To determine the number of elements in the array, we can divide the total size of
- * the array by the size of the array element
- * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c
- **/
-#define NELEMS(x)  ( (int)(sizeof(x) / sizeof((x)[0])) )
-#define NTP_SERVER_LIST ( (char*[]) {                        \
-                                     "pool.ntp.org",         \
-                                     "time.nist.gov",        \
-                                     "utcnist.colorado.edu"  \
-                                     }                       \
-                        )
-/* #define NTP_SERVER_COUNT using NELEMS:
- *
- *  (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0]))
- */
-#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST)
-char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
-
-/* our NTP server list is global info */
-extern char* ntpServerList[NTP_SERVER_COUNT];
-
-
-int set_time(void)
-{
-    /* we'll also return a result code of zero */
-    int res = 0;
-    int i = 0; /* counter for time servers */
-    time_t interim_time;
-
-    /* ideally, we'd like to set time from network,
-     * but let's set a default time, just in case */
-    struct tm timeinfo = {
-        .tm_year = 2022 - 1900,
-        .tm_mon = 11,
-        .tm_mday = 15,
-        .tm_hour = 3,
-        .tm_min = 25,
-        .tm_sec = 0
-    };
-    struct timeval now;
-
-#ifndef NTP_SERVER_COUNT
-    #define NTP_SERVER_COUNT 0
-    char* ntpServerList[NTP_SERVER_COUNT];
-#endif /* not defined: NTP_SERVER_COUNT */
-
-#ifndef TIME_ZONE
-    #define TIME_ZONE "PST-8"
-#endif /* not defined: TIME_ZONE */
-
-
-    /* set interim static time */
-    interim_time = mktime(&timeinfo);
-    now = (struct timeval){ .tv_sec = interim_time };
-    settimeofday(&now, NULL);
-
-
-    /* set timezone */
-    setenv("TZ", TIME_ZONE, 1);
-    tzset();
-
-    if (NTP_SERVER_COUNT) {
-        /* next, let's setup NTP time servers
-         *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
-         */
-        sntp_setoperatingmode(SNTP_OPMODE_POLL);
-
-        ESP_LOGI(TAG, "sntp_setservername:");
-        for (i = 0; i < NTP_SERVER_COUNT; i++) {
-            const char* thisServer = ntpServerList[i];
-            if (strncmp(thisServer, "\x00", 1) == 0) {
-                /* just in case we run out of NTP servers */
-                break;
-            }
-            ESP_LOGI(TAG, "%s", thisServer);
-            sntp_setservername(i, thisServer);
-        }
-        sntp_init();
-        ESP_LOGI(TAG, "sntp_init done.");
-    }
-    else {
-        ESP_LOGI(TAG, "No sntp time servers found.");
-    }
-    return res;
-}
-

+ 0 - 32
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h

@@ -1,32 +0,0 @@
-#ifndef _TIME_HELPER_H
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int set_time(void);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* #ifndef _TIME_HELPER_H */

+ 61 - 14
IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults

@@ -1,41 +1,88 @@
-# This tag is used to include this file in the ESP Component Registry:
+# sdkconfig.defaults for ESP8266 + ESP32
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+CONFIG_BENCH_ARGV="-lng 0"
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 
 #
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
-#
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55000
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
 
 # Legacy stack size for older ESP-IDF versions
 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55000
+CONFIG_MAIN_TASK_STACK_SIZE=10500
 
 
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
 #
 #
 # Watchdog Timers
 # Watchdog Timers
 #
 #
-# We don't want to have the watchdog timeout during tests
+# We don't want to have the watchdog timeout during tests & benchmarks
 #
 #
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
 
 
 #
 #
 # Compiler options
 # Compiler options
 #
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
 
 
-# minimum C3 chip revision known to work is 2.
-# rev 0 and 1 not available for testing.
-# all revisions expected to work.
-CONFIG_ESP32C3_REV_MIN_0=
-CONFIG_ESP32C3_REV_MIN_1=
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
 CONFIG_ESP32C3_REV_MIN_2=y
 CONFIG_ESP32C3_REV_MIN_2=y
-CONFIG_ESP32C3_REV_MIN_3=
-
 
 
 #
 #
 # Partition Table
 # Partition Table

+ 67 - 0
IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+#
+# testAll.sh [keyword suffix]
+#
+# Build and compile the wolfssl_test for all platforms.
+#
+# Supply optional keyword suffix value for log file names.
+#
+# See testMonitor.sh for USB port settings.
+#
+# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty.
+# instead of using `idf.py monitor`
+#==============================================================================
+
+# Run shell check to ensure this a good script.
+shellcheck "$0"
+
+# Save the current PATH to a temporary variable
+ORIGINAL_PATH="$PATH"
+
+export ESPIDF_PUTTY_MONITOR="TRUE"
+
+THIS_SUFFIX="$1"
+
+# Clear IDF path to ensure it is set by export.sh
+IDF_PATH=
+
+# set the path for this workspace IDF path (where export.sh is located)
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+echo "Run ESP32 export.sh from ${WRK_IDF_PATH}"
+
+# shell check should not follow into the ESP-IDF export.sh
+# shellcheck disable=SC1091
+. "${WRK_IDF_PATH}"/export.sh
+
+echo "IDF_PATH = $IDF_PATH"
+
+./testMonitor.sh wolfssl_test esp32   "$THIS_SUFFIX" || exit 1
+./testMonitor.sh wolfssl_test esp32c2 "$THIS_SUFFIX" || exit 1
+./testMonitor.sh wolfssl_test esp32c3 "$THIS_SUFFIX" || exit 1
+./testMonitor.sh wolfssl_test esp32c6 "$THIS_SUFFIX" || exit 1
+./testMonitor.sh wolfssl_test esp32s2 "$THIS_SUFFIX" || exit 1
+./testMonitor.sh wolfssl_test esp32s3 "$THIS_SUFFIX" || exit 1
+./testMonitor.sh wolfssl_test esp32h2 "$THIS_SUFFIX" || exit 1
+./testMonitor.sh wolfssl_test esp8684 "$THIS_SUFFIX" || exit 1
+
+# ESP8266 uses a different toolchain
+
+# Restore the original PATH
+export PATH=$ORIGINAL_PATH
+
+IDF_PATH=
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+echo "Run ESP8266 export.sh from ${WRK_IDF_PATH}"
+
+# shell check should not follow into the ESP-IDF export.sh
+# shellcheck disable=SC1091
+. "$WRK_IDF_PATH"/export.sh
+
+echo "IDF_PATH = $IDF_PATH"
+
+./testMonitor.sh wolfssl_test esp8266 PR || exit 1
+
+# Restore the original PATH
+export PATH=$ORIGINAL_PATH
+
+echo "Done!"

+ 227 - 0
IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh

@@ -0,0 +1,227 @@
+#!/bin/bash
+#
+# Syntax:
+#   ./testMonitor.sh <example_name> <target> <keyword>
+#
+# Example:
+#
+#   ./testMonitor.sh wolfssl_test esp32c6 WIP
+#
+# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty
+# instead of using `idf.py monitor`
+#========================================================================================
+
+# Run shell check to ensure this a good script.
+shellcheck "$0"
+
+PUTTY_EXE="/mnt/c/tools/putty.exe"
+
+THIS_HOME_DIR="$(pwd)"
+# export WOLFSSL_ESPIDF="/mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples"
+
+# the first parameter is expected to be a project name in the WOLFSSL_ESPIDF directory.
+if [ $# -lt 3 ]; then
+    echo "Usage: $0 <example_name> <target> <keyword>"
+    exit 1
+else
+    THIS_EXAMPLE="$1"
+#    pushd "${WOLFSSL_ESPIDF}" || exit 1
+#    pushd "./${THIS_EXAMPLE}" || exit 1
+
+    THIS_TARGET="$2"
+    THIS_KEYWORD="$3"
+fi
+
+echo "testMonitor current path:"
+pwd
+
+#ESP32c2 monitor is 78800
+# These are the WSL Serial Ports for each respective ESP32 SoC Device.
+# Unfortunately they are currently hard coded and computer-specific.
+esp32_PORT="/dev/ttyS9"
+esp32c2_PORT="/dev/ttyS79"
+esp32c3_PORT="/dev/ttyS35"
+esp32c6_PORT="/dev/ttyS36"
+esp32h2_PORT="/dev/ttyS31"
+esp32s2_PORT="/dev/ttyS30"
+esp32s3_PORT="/dev/ttyS24"
+esp8266_PORT="/dev/ttyS70"
+
+esp8684_PORT="/dev/ttyS49"
+# esp32c2_PORT="/dev/ttyS49" #8684
+
+# Load putty profiles. Note profiles names need to have been previously
+# defined and saved in putty! These are the saved sessions in putty:
+esp32_PUTTY="COM9"
+esp32c2_PUTTY="COM79 - ESP32-C2 74880"
+esp32c3_PUTTY="COM35"
+esp32c6_PUTTY="COM36"
+esp32h2_PUTTY="COM31"
+esp32s2_PUTTY="COM30"
+esp32s3_PUTTY="COM24"
+esp8684_PUTTY="COM49"
+esp8266_PUTTY="COM70 - 74880"
+
+echo "esp32_PORT:   $esp32_PORT"
+echo "esp32c2_PORT: $esp32c2_PORT"
+echo "esp32c3_PORT: $esp32c3_PORT"
+echo "esp32c6_PORT: $esp32c6_PORT"
+echo "esp32s2_PORT: $esp32s2_PORT"
+echo "esp32s3_PORT: $esp32s3_PORT"
+echo "esp32h2_PORT: $esp32h2_PORT"
+echo "esp8266_PORT: $esp8266_PORT"
+echo "esp8684_PORT: $esp8684_PORT"
+
+# given a THIS_TARGET, assign THIS_TARGET_PORT to the respective port.
+THIS_TARGET_PORT="${THIS_TARGET}_PORT"
+
+# Check that THIS_TARGET_PORT is defined.
+if [ -z "$THIS_TARGET_PORT" ]; then
+    echo "Error: No port defined for ${THIS_TARGET}"
+    exit 1
+else
+    echo "THIS_TARGET_PORT=${THIS_TARGET_PORT}"
+fi
+
+THIS_TARGET_PORT="${!THIS_TARGET_PORT}"
+echo THIS_TARGET_PORT="${THIS_TARGET_PORT}"
+
+
+# The use of putty is optional
+THIS_TARGET_PUTTY="${THIS_TARGET}_PUTTY"
+
+if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then
+    echo "Using ESP-IDF monitor"
+else
+    # Check that THIS_TARGET_PUTTY is defined.
+    echo ""
+    echo "Using saved putty profile session names:"
+    echo "esp32_PUTTY:   $esp32_PUTTY"
+    echo "esp32c2_PUTTY: $esp32c2_PUTTY"
+    echo "esp32c3_PUTTY: $esp32c3_PUTTY"
+    echo "esp32c6_PUTTY: $esp32c6_PUTTY"
+    echo "esp32s2_PUTTY: $esp32s2_PUTTY"
+    echo "esp32s3_PUTTY: $esp32s3_PUTTY"
+    echo "esp32h2_PUTTY: $esp32h2_PUTTY"
+    echo "esp8684_PUTTY: $esp8684_PUTTY"
+    echo "esp8266_PUTTY: $esp8266_PUTTY"
+    echo ""
+
+    if [ -z "$THIS_TARGET_PUTTY" ]; then
+        echo "Error: No putty profile defined for ${THIS_TARGET}"
+        exit 1
+    else
+        echo "THIS_TARGET_PUTTY=${THIS_TARGET_PUTTY}"
+    fi
+
+    THIS_TARGET_PUTTY="${!THIS_TARGET_PUTTY}"
+    echo THIS_TARGET_PUTTY="${THIS_TARGET_PUTTY}"
+fi
+
+if [[ "$THIS_TARGET" == "esp8684" ]]; then
+    echo "Treating esp8684 like an esp32c2"
+    THIS_TARGET=esp32c2
+fi
+
+
+# Assemble some log file names.
+echo ""
+BUILD_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_build_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+FLASH_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_flash_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_output_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_CFG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_user_settings_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+
+# cp ./components/wolfssl/include/user_settings.h "${THIS_CFG}"
+
+echo  "BUILD_LOG = ${BUILD_LOG}"
+echo  "FLASH_LOG = ${FLASH_LOG}"
+echo  "THIS_LOG  = ${THIS_LOG}"
+echo  "THIS_CFG  = ${THIS_CFG}"
+
+
+if [[ "$THIS_TARGET" == "esp8266" ]]; then
+    # idf.py for the ESP8266  does not support --version
+    echo "ESP8266 using $IDF_PATH"
+else
+    idf.py --version                            > "${BUILD_LOG}" 2>&1
+fi
+
+echo "Full clean for $THIS_TARGET..."
+#---------------------------------------------------------------------
+idf.py fullclean                                >> "${BUILD_LOG}" 2>&1
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    echo "Error during fullclean. Deleting build directory."
+    rm -rf ./build
+fi
+
+#---------------------------------------------------------------------
+if [[ "$THIS_TARGET" == "esp8266" ]]; then
+    #always start with a fresh sdkconfig-debug (or sdkconfig-release) from defaults
+    rm -f ./sdkconfig-debug
+    rm -f ./sdkconfig-release
+
+    # idf.py for the ESP8266  does not support --set-target
+    echo "Target is $THIS_TARGET"
+
+    # Since we don't "set-target" for the ESP8266, ensure the sdkconfig is not present
+    rm -f ./sdkconfig
+else
+    # Start with fresh sdkconfig
+    rm -f ./sdkconfig
+
+    # ESP8266 debug and release files not used for non-ESP8266 targets here,delete anyhow:
+    rm -f ./sdkconfig-debug
+    rm -f ./sdkconfig-release
+
+    echo "idf.py set-target $THIS_TARGET"
+    idf.py "set-target" "$THIS_TARGET"              >> "${BUILD_LOG}" 2>&1
+    THIS_ERROR_CODE=$?
+    if [ $THIS_ERROR_CODE -ne 0 ]; then
+        echo ""
+        echo "Error during set-target"
+        exit 1
+    fi
+fi
+
+#---------------------------------------------------------------------
+echo ""
+echo "Build $THIS_TARGET..."
+echo "idf.py build"
+idf.py build                                    >> "${BUILD_LOG}" 2>&1
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    echo "Error during build for $THIS_TARGET"
+    echo ""
+    echo ""
+    exit 1
+fi
+
+#---------------------------------------------------------------------
+echo ""
+echo "Flash $THIS_TARGET..."
+echo "idf.py flash -p ${THIS_TARGET_PORT} -b 115200"
+idf.py flash -p "${THIS_TARGET_PORT}" -b 115200 2>&1 | tee -a "${FLASH_LOG}"
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    echo "Error during flash"
+    exit 1
+fi
+
+# popd || exit 1
+# popd || exit 1
+
+# Note both of the options spawn a separate process:
+if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then
+    echo "Monitor..."
+    echo  ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}"
+
+    ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}" &
+else
+    echo "Calling putty..."
+    echo "$PUTTY_EXE -load \"$THIS_TARGET_PUTTY\""
+    $PUTTY_EXE -load "$THIS_TARGET_PUTTY" &
+fi

+ 292 - 0
IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj

@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM80</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>true</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c

@@ -1,6 +1,6 @@
 /* main.c
 /* main.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c

@@ -1,6 +1,6 @@
 /* time_helper.c
 /* time_helper.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h

@@ -1,6 +1,6 @@
 #ifndef _TIME_HELPER_H
 #ifndef _TIME_HELPER_H
 /*
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
IDE/Espressif/ESP-IDF/libs/component.mk

@@ -1,5 +1,5 @@
 #
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 #
 # This file is part of wolfSSL.
 # This file is part of wolfSSL.
 #
 #

+ 1 - 1
IDE/Espressif/ESP-IDF/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
 /* user_settings.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 4 - 3
IDE/Espressif/include.am

@@ -133,6 +133,9 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_ser
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
 
 
 #  wolfSSL Test
 #  wolfSSL Test
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
+
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
@@ -151,11 +154,9 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h
 
 
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C3.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C3.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C6.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C6.sln

+ 90 - 39
wolfcrypt/benchmark/benchmark.c

@@ -1,6 +1,6 @@
 /* benchmark.c
 /* benchmark.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -53,6 +53,8 @@
  * Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
  * Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
  * DEBUG_WOLFSSL_BENCHMARK_TIMING
  * DEBUG_WOLFSSL_BENCHMARK_TIMING
  *
  *
+ * Turn on timer debugging (used when CPU cycles not available)
+ * WOLFSSL_BENCHMARK_TIMER_DEBUG
  */
  */
 
 
 #ifdef HAVE_CONFIG_H
 #ifdef HAVE_CONFIG_H
@@ -310,16 +312,36 @@
 #endif /* WOLFSSL_NO_FLOAT_FMT */
 #endif /* WOLFSSL_NO_FLOAT_FMT */
 
 
 #ifdef WOLFSSL_ESPIDF
 #ifdef WOLFSSL_ESPIDF
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+
+    /* Benchmark uses 64 bit integer formatting support. When new nanolib is
+     * enabled, all if the values in report are blank. */
+    #ifdef CONFIG_NEWLIB_NANO_FORMAT
+        #if CONFIG_NEWLIB_NANO_FORMAT == 1
+            #error "Nano newlib fomatting must not be enabled for benchmark"
+        #endif
+    #endif
+
     #ifdef configTICK_RATE_HZ
     #ifdef configTICK_RATE_HZ
         /* Define CPU clock cycles per tick of FreeRTOS clock
         /* Define CPU clock cycles per tick of FreeRTOS clock
          *   CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ is typically a value like 240
          *   CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ is typically a value like 240
          *   configTICK_RATE_HZ is typically 100 or 1000.
          *   configTICK_RATE_HZ is typically 100 or 1000.
          **/
          **/
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ
+            #endif
+            #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ
+            #endif
+        #endif
         #define CPU_TICK_CYCLES (                               \
         #define CPU_TICK_CYCLES (                               \
               (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \
               (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \
               / configTICK_RATE_HZ                              \
               / configTICK_RATE_HZ                              \
             )
             )
-    #endif
+    #endif /* WOLFSSL_ESPIDF configTICK_RATE_HZ */
+
     #if defined(CONFIG_IDF_TARGET_ESP32C2)
     #if defined(CONFIG_IDF_TARGET_ESP32C2)
         #include "driver/gptimer.h"
         #include "driver/gptimer.h"
         static gptimer_handle_t esp_gptimer = NULL;
         static gptimer_handle_t esp_gptimer = NULL;
@@ -336,18 +358,24 @@
             #define RESOLUTION_SCALE 100
             #define RESOLUTION_SCALE 100
             static gptimer_handle_t esp_gptimer = NULL;
             static gptimer_handle_t esp_gptimer = NULL;
             static gptimer_config_t esp_timer_config = {
             static gptimer_config_t esp_timer_config = {
-                                .clk_src = GPTIMER_CLK_SRC_DEFAULT,
-                                .direction = GPTIMER_COUNT_UP,
-                                .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * (MILLION_VALUE / RESOLUTION_SCALE), /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160  */
-                             };
+                .clk_src = GPTIMER_CLK_SRC_DEFAULT,
+                .direction = GPTIMER_COUNT_UP,
+                /* CONFIG_XTAL_FREQ = 40,
+                 * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160  */
+                .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ *
+                                 (MILLION_VALUE / RESOLUTION_SCALE),
+                };
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
 
 
     #elif defined(CONFIG_IDF_TARGET_ESP32) || \
     #elif defined(CONFIG_IDF_TARGET_ESP32) || \
           defined(CONFIG_IDF_TARGET_ESP32S2) || \
           defined(CONFIG_IDF_TARGET_ESP32S2) || \
           defined(CONFIG_IDF_TARGET_ESP32S3)
           defined(CONFIG_IDF_TARGET_ESP32S3)
         #include <xtensa/hal.h>
         #include <xtensa/hal.h>
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        /* no CPU HAL for ESP8266, we'll use RTOS tick calc extimates */
+        #include <FreeRTOS.h>
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
-
+        /* TODO add ESP32-H2 benchmark support */
     #else
     #else
         /* Other platform */
         /* Other platform */
     #endif
     #endif
@@ -1285,10 +1313,10 @@ static const char* bench_result_words3[][5] = {
     /* TAG for ESP_LOGx() */
     /* TAG for ESP_LOGx() */
     static const char* TAG = "wolfssl_benchmark";
     static const char* TAG = "wolfssl_benchmark";
 
 
-    static THREAD_LS_T word64 begin_cycles;
-    static THREAD_LS_T word64 begin_cycles_ticks;
-    static THREAD_LS_T word64 end_cycles;
-    static THREAD_LS_T word64 total_cycles;
+    static THREAD_LS_T word64 begin_cycles = 0;
+    static THREAD_LS_T word64 begin_cycles_ticks = 0;
+    static THREAD_LS_T word64 end_cycles = 0;
+    static THREAD_LS_T word64 total_cycles = 0;
 
 
     /* the return value, as a global var */
     /* the return value, as a global var */
     static THREAD_LS_T word64 _esp_get_cycle_count_ex = 0;
     static THREAD_LS_T word64 _esp_get_cycle_count_ex = 0;
@@ -1380,19 +1408,20 @@ static const char* bench_result_words3[][5] = {
         uint64_t thisIncrement = 0; /* The adjusted increment amount.       */
         uint64_t thisIncrement = 0; /* The adjusted increment amount.       */
         uint64_t expected_diff = 0; /* FreeRTOS estimated expected CPU diff.*/
         uint64_t expected_diff = 0; /* FreeRTOS estimated expected CPU diff.*/
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        uint32_t tickCount = 0; /* Current rtos tick counter.               */
-        uint32_t tickDiff = 0;  /* Tick difference from last check.         */
-        uint32_t tickBeginDiff = 0; /* Tick difference from beginning.      */
+        uint64_t tickCount = 0; /* Currrent rtos tick counter.              */
+        uint64_t tickDiff = 0;  /* Tick difference from last check.         */
+        uint64_t tickBeginDiff = 0; /* Tick difference from beginning.      */
+    #endif
+    #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
+        uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */
+        uint64_t diffDiff = 0;   /* Difference between CPU & Timer differences:
+                                  * (current - last) */
     #endif
     #endif
-
     #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
         defined(CONFIG_IDF_TARGET_ESP32C3) || \
         defined(CONFIG_IDF_TARGET_ESP32C3) || \
         defined(CONFIG_IDF_TARGET_ESP32C6)
         defined(CONFIG_IDF_TARGET_ESP32C6)
 
 
         #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
         #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
-            uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */
-            uint64_t diffDiff = 0;     /* Difference between CPU & Timer differences:
-                                        * (current - last) */
             ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &thisTimerVal));
             ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &thisTimerVal));
             thisTimerVal = thisTimerVal * RESOLUTION_SCALE;
             thisTimerVal = thisTimerVal * RESOLUTION_SCALE;
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
@@ -1405,9 +1434,19 @@ static const char* bench_result_words3[][5] = {
         /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa?
         /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa?
          * Calling current_time(1) to reset time causes thisVal overflow,
          * Calling current_time(1) to reset time causes thisVal overflow,
          * on Xtensa, but not on RISC-V architecture. See also, below */
          * on Xtensa, but not on RISC-V architecture. See also, below */
-        #ifndef __XTENSA__
+        #if defined(CONFIG_IDF_TARGET_ESP8266) || (ESP_IDF_VERSION_MAJOR < 5)
+            #ifndef configCPU_CLOCK_HZ
+                /* esp_cpu_get_cycle_count not available in ESP-IDF v4 */
+                #define configCPU_CLOCK_HZ \
+                       (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
+            #endif
+            /* There's no CPU counter on the ESP8266 (Tensilica). Using RTOS */
+            thisVal =  (uint64_t)xTaskGetTickCount() *
+                        (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ);
+        #elif defined(__XTENSA__)
             thisVal = esp_cpu_get_cycle_count();
             thisVal = esp_cpu_get_cycle_count();
         #else
         #else
+            /* Not Tensilica(ESP8266), not Xtensa(ESP32/-S2/-S3, then RISC-V */
             thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */
             thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */
         #endif
         #endif
     #endif
     #endif
@@ -1418,9 +1457,9 @@ static const char* bench_result_words3[][5] = {
             tickDiff = tickCount - last_tickCount; /* ticks since bench start */
             tickDiff = tickCount - last_tickCount; /* ticks since bench start */
             expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */
             expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */
             ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES);
             ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES);
-            ESP_LOGV(TAG, "tickCount           = %lu", tickCount);
-            ESP_LOGV(TAG, "last_tickCount      = %lu", last_tickCount);
-            ESP_LOGV(TAG, "tickDiff            = %lu", tickDiff);
+            ESP_LOGV(TAG, "tickCount           = %llu", tickCount);
+            ESP_LOGV(TAG, "last_tickCount      = %u",   last_tickCount);
+            ESP_LOGV(TAG, "tickDiff            = %llu", tickDiff);
             ESP_LOGV(TAG, "expected_diff1      = %llu", expected_diff);
             ESP_LOGV(TAG, "expected_diff1      = %llu", expected_diff);
         }
         }
         #endif
         #endif
@@ -1444,10 +1483,13 @@ static const char* bench_result_words3[][5] = {
             ** overflow CPU tick count, all will be well.
             ** overflow CPU tick count, all will be well.
             */
             */
             #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
             #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-                ESP_LOGW(TAG,
-                    "Alert: Detected xthal_get_ccount overflow at %llu, "
-                              "adding UINT_MAX.",
-                    thisVal);
+                ESP_LOGW(TAG, "Alert: Detected xthal_get_ccount overflow at "
+                              "(%llu < %llu) adding UINT_MAX = %llu.",
+                         thisVal, _esp_cpu_count_last, (uint64_t) UINT_MAX);
+            #endif
+            #if !defined(CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ) && \
+                !defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+                #error "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ not found"
             #endif
             #endif
 
 
             /* double check expected diff calc */
             /* double check expected diff calc */
@@ -1474,9 +1516,9 @@ static const char* bench_result_words3[][5] = {
                 tickBeginDiff = tickCount - begin_cycles_ticks;
                 tickBeginDiff = tickCount - begin_cycles_ticks;
 
 
                 ESP_LOGI(TAG, "begin_cycles_ticks  = %llu", begin_cycles_ticks);
                 ESP_LOGI(TAG, "begin_cycles_ticks  = %llu", begin_cycles_ticks);
-                ESP_LOGI(TAG, "tickDiff            = %lu", tickDiff);
+                ESP_LOGI(TAG, "tickDiff            = %llu", tickDiff);
                 ESP_LOGI(TAG, "expected_diff       = %llu", expected_diff);
                 ESP_LOGI(TAG, "expected_diff       = %llu", expected_diff);
-                ESP_LOGI(TAG, "tickBeginDiff       = %lu", tickBeginDiff);
+                ESP_LOGI(TAG, "tickBeginDiff       = %llu", tickBeginDiff);
 
 
                 ESP_LOGW(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
                 ESP_LOGW(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
             }
             }
@@ -1541,16 +1583,26 @@ static const char* bench_result_words3[][5] = {
              * when resetting CPU cycle counter? FreeRTOS tick collision?
              * when resetting CPU cycle counter? FreeRTOS tick collision?
              *    thisVal = esp_cpu_get_cycle_count(); See also, above
              *    thisVal = esp_cpu_get_cycle_count(); See also, above
              * or thisVal = xthal_get_ccount(); */
              * or thisVal = xthal_get_ccount(); */
-            #if ESP_IDF_VERSION_MAJOR < 5
+            #if defined(CONFIG_IDF_TARGET_ESP8266)
+                /* There's no CPU counter on the ESP8266, so we'll estimate
+                 * cycles based on defined CPU frequency from sdkconfig and
+                 * the RTOS tick frequency */
+                _esp_cpu_count_last = (uint64_t)xTaskGetTickCount() *
+                           (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ);
+            #elif ESP_IDF_VERSION_MAJOR < 5
                 _esp_cpu_count_last = xthal_get_ccount();
                 _esp_cpu_count_last = xthal_get_ccount();
             #else
             #else
                 _esp_cpu_count_last = esp_cpu_get_cycle_count();
                 _esp_cpu_count_last = esp_cpu_get_cycle_count();
             #endif
             #endif
         #endif
         #endif
 
 
+        #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
+            ESP_LOGI(TAG, "_esp_cpu_count_last = %llu", _esp_cpu_count_last);
+        #endif
+
         /* Return the 64 bit extended total from 32 bit counter. */
         /* Return the 64 bit extended total from 32 bit counter. */
         return _esp_get_cycle_count_ex;
         return _esp_get_cycle_count_ex;
-    }
+    } /* esp_get_cycle_count_ex for esp_get_cpu_benchmark_cycles() */
 
 
 /* implement other architecture cycle counters here */
 /* implement other architecture cycle counters here */
 
 
@@ -2200,11 +2252,10 @@ static WC_INLINE int bench_stats_check(double start)
     int ret = 0;
     int ret = 0;
     double this_current_time;
     double this_current_time;
     this_current_time = current_time(0); /* get the timestamp, no reset */
     this_current_time = current_time(0); /* get the timestamp, no reset */
-#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING)
-    #if (WOLFSSL_ESPIDF)
-        ESP_LOGI(TAG, "bench_stats_check Current time %f, start %f",
-                        this_current_time, start );
-    #endif
+
+#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF)
+    ESP_LOGV(TAG, "bench_stats_check: Current time %f, start %f",
+                    this_current_time, start );
 #endif
 #endif
 
 
     ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC
     ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC
@@ -12861,9 +12912,9 @@ void bench_sphincsKeySign(byte level, byte optim)
       typiclly in app_startup.c */
       typiclly in app_startup.c */
 
 
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        ESP_LOGV(TAG, "tickCount = %lu", tickCount);
+        ESP_LOGV(TAG, "tickCount = %d", tickCount);
         if (tickCount == last_tickCount) {
         if (tickCount == last_tickCount) {
-            ESP_LOGW(TAG, "last_tickCount unchanged? %lu", tickCount);
+            ESP_LOGW(TAG, "last_tickCount unchanged? %d", tickCount);
 
 
         }
         }
         if (tickCount < last_tickCount) {
         if (tickCount < last_tickCount) {
@@ -12873,13 +12924,13 @@ void bench_sphincsKeySign(byte level, byte optim)
 
 
     if (reset) {
     if (reset) {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGW(TAG, "Assign last_tickCount = %lu", tickCount);
+            ESP_LOGW(TAG, "Assign last_tickCount = %d", tickCount);
         #endif
         #endif
         last_tickCount = tickCount;
         last_tickCount = tickCount;
     }
     }
     else {
     else {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGW(TAG, "No Reset last_tickCount = %lu", tickCount);
+            ESP_LOGV(TAG, "No Reset last_tickCount = %d", tickCount);
         #endif
         #endif
     }
     }
 
 

+ 3 - 0
wolfcrypt/src/include.am

@@ -117,6 +117,9 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Espressif/esp32_sha.c \
               wolfcrypt/src/port/Espressif/esp32_sha.c \
               wolfcrypt/src/port/Espressif/esp32_util.c \
               wolfcrypt/src/port/Espressif/esp32_util.c \
               wolfcrypt/src/port/Espressif/esp32_mp.c \
               wolfcrypt/src/port/Espressif/esp32_mp.c \
+              wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c \
+              wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c \
+              wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c \
               wolfcrypt/src/port/Espressif/README.md \
               wolfcrypt/src/port/Espressif/README.md \
               wolfcrypt/src/port/arm/cryptoCell.c \
               wolfcrypt/src/port/arm/cryptoCell.c \
               wolfcrypt/src/port/arm/cryptoCellHash.c \
               wolfcrypt/src/port/arm/cryptoCellHash.c \

+ 23 - 0
wolfcrypt/src/port/Espressif/README.md

@@ -70,6 +70,29 @@ To view disassembly, add `__attribute__((section(".iram1")))` decorator. Foe exa
 static int __attribute__((section(".iram1"))) memblock_peek(volatile u_int32_t mem_address)
 static int __attribute__((section(".iram1"))) memblock_peek(volatile u_int32_t mem_address)
 ```
 ```
 
 
+### VisualGDB
+
+Each project example has a `VisuaGDB` directory with sample project files for [Sysprogs VisualGDB](https://visualgdb.com).
+
+For installing multiple toolchains, see the [documentation](https://visualgdb.com/documentation/espidf/).
+
+The library naming format used at wolfSSL:
+
+```
+HKEY_CURRENT_USER\Software\Sysprogs\GNUToolchains
+```
+
+| Registry String Value Name       | Value Data             |
+| -------------------------------- |----------------------- |
+| `SysGCC-xtensa-lx106-elf-8.4.0`  | `C:\SysGCC\esp8266`    |
+| `SysGCC-xtensa-esp32-elf-8.4.0`  | `C:\SysGCC\esp32-8.4`  |
+| `SysGCC-xtensa-esp32-elf-13.2.0` | `C:\SysGCC\esp32`      |
+| `SysGCC-xtensa-esp32-elf-12.4.0` | `C:\SysGCC\esp32-12.4` |
+| `SysGCC-xtensa-esp32-elf-11.2.0` | `C:\SysGCC\esp32-11.2` |
+
+Note the latest toolchain value is the default install name of `C:\SysGCC\esp32`.
+
+
 ### Benchmarks
 ### Benchmarks
 
 
 w/ `USE_FAST_MATH` and `WOLFSSL_SMALL_STACK` options
 w/ `USE_FAST_MATH` and `WOLFSSL_SMALL_STACK` options

+ 1 - 1
wolfcrypt/src/port/Espressif/esp32_aes.c

@@ -1,6 +1,6 @@
 /* esp32_aes.c
 /* esp32_aes.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
wolfcrypt/src/port/Espressif/esp32_mp.c

@@ -1,6 +1,6 @@
 /* esp32_mp.c
 /* esp32_mp.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 1 - 1
wolfcrypt/src/port/Espressif/esp32_sha.c

@@ -1,6 +1,6 @@
 /* esp32_sha.c
 /* esp32_sha.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *

+ 120 - 24
wolfcrypt/src/port/Espressif/esp32_util.c

@@ -1,6 +1,6 @@
 /* esp32_util.c
 /* esp32_util.c
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -36,6 +36,7 @@
 #include <esp_err.h>
 #include <esp_err.h>
 #if ESP_IDF_VERSION_MAJOR > 4
 #if ESP_IDF_VERSION_MAJOR > 4
     #include <hal/efuse_hal.h>
     #include <hal/efuse_hal.h>
+    #include <rtc_wdt.h>
 #endif
 #endif
 /* wolfSSL */
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/wolfmath.h> /* needed to print MATH_INT_T value */
 #include <wolfssl/wolfcrypt/wolfmath.h> /* needed to print MATH_INT_T value */
@@ -118,7 +119,7 @@ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) {
  * call the ESP-IDF mutex UNlock; xSemaphoreGive
  * call the ESP-IDF mutex UNlock; xSemaphoreGive
  *
  *
  */
  */
-int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
+esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
     if (mutex == NULL) {
     if (mutex == NULL) {
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         return BAD_MUTEX_E;
         return BAD_MUTEX_E;
@@ -151,6 +152,13 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
 #if defined(WOLFSSL_ESPIDF)
 #if defined(WOLFSSL_ESPIDF)
 static int ShowExtendedSystemInfo_platform_espressif(void)
 static int ShowExtendedSystemInfo_platform_espressif(void)
 {
 {
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGI(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG");
+#else
+    ESP_LOGW(TAG, "Watchdog active; "
+                  "missing WOLFSSL_ESP_NO_WATCHDOG definition.");
+#endif
+
 #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
 #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
     WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz",
     WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz",
                            CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ);
                            CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ);
@@ -219,8 +227,10 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
     /* not supported at this time */
     /* not supported at this time */
 #endif
 #endif
 
 
-    /* check to see if we are using hardware encryption */
-#if defined(NO_ESP32_CRYPT)
+/* check to see if we are using hardware encryption */
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    WOLFSSL_VERSION_PRINTF("No HW acceleration on ESP8266.");
+#elif defined(NO_ESP32_CRYPT)
     WOLFSSL_VERSION_PRINTF("NO_ESP32_CRYPT defined! "
     WOLFSSL_VERSION_PRINTF("NO_ESP32_CRYPT defined! "
                            "HW acceleration DISABLED.");
                            "HW acceleration DISABLED.");
 #else
 #else
@@ -246,7 +256,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
         #error "ESP32_CRYPT not yet supported on this IDF TARGET"
         #error "ESP32_CRYPT not yet supported on this IDF TARGET"
     #endif
     #endif
 
 
-        /* Even though enabled, some specifics may be disabled */
+    /* Even though enabled, some specifics may be disabled */
     #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
     #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
         WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_HASH is defined!"
         WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_HASH is defined!"
                                "(disabled HW SHA).");
                                "(disabled HW SHA).");
@@ -385,11 +395,11 @@ int esp_current_boot_count(void)
 /* See macro helpers above; not_defined is macro name when *not* defined */
 /* See macro helpers above; not_defined is macro name when *not* defined */
 static int show_macro(char* s, char* not_defined)
 static int show_macro(char* s, char* not_defined)
 {
 {
-    char hd1[] = "Macro Name                 Defined   Not Defined";
-    char hd2[] = "------------------------- --------- -------------";
-    char msg[] = ".........................                        ";
-        /*        012345678901234567890123456789012345678901234567890    */
-        /*                  1         2         3         4         5    */
+    const char hd1[] = "Macro Name                 Defined   Not Defined";
+          char hd2[] = "------------------------- --------- -------------";
+          char msg[] = ".........................                        ";
+             /*        012345678901234567890123456789012345678901234567890 */
+             /*                  1         2         3         4         5 */
     size_t i = 0;
     size_t i = 0;
     #define MAX_STATUS_NAME_LENGTH 25
     #define MAX_STATUS_NAME_LENGTH 25
     #define ESP_SMS_ENA_POS 30
     #define ESP_SMS_ENA_POS 30
@@ -424,7 +434,7 @@ static int show_macro(char* s, char* not_defined)
 }
 }
 
 
 /* Show some interesting settings */
 /* Show some interesting settings */
-int ShowExtendedSystemInfo_config(void)
+esp_err_t ShowExtendedSystemInfo_config(void)
 {
 {
     esp_ShowMacroStatus_need_header = 1;
     esp_ShowMacroStatus_need_header = 1;
 
 
@@ -454,6 +464,7 @@ int ShowExtendedSystemInfo_config(void)
 
 
     /* Optimizations */
     /* Optimizations */
     show_macro("RSA_LOW_MEM",               STR_IFNDEF(RSA_LOW_MEM));
     show_macro("RSA_LOW_MEM",               STR_IFNDEF(RSA_LOW_MEM));
+    show_macro("SMALL_SESSION_CACHE",       STR_IFNDEF(SMALL_SESSION_CACHE));
 
 
     /* Security Hardening */
     /* Security Hardening */
     show_macro("WC_NO_HARDEN",              STR_IFNDEF(WC_NO_HARDEN));
     show_macro("WC_NO_HARDEN",              STR_IFNDEF(WC_NO_HARDEN));
@@ -473,6 +484,8 @@ int ShowExtendedSystemInfo_config(void)
     show_macro("WOLFSSL_AES_NO_UNROLL",     STR_IFNDEF(WOLFSSL_AES_NO_UNROLL));
     show_macro("WOLFSSL_AES_NO_UNROLL",     STR_IFNDEF(WOLFSSL_AES_NO_UNROLL));
     show_macro("TFM_TIMING_RESISTANT",      STR_IFNDEF(TFM_TIMING_RESISTANT));
     show_macro("TFM_TIMING_RESISTANT",      STR_IFNDEF(TFM_TIMING_RESISTANT));
     show_macro("ECC_TIMING_RESISTANT",      STR_IFNDEF(ECC_TIMING_RESISTANT));
     show_macro("ECC_TIMING_RESISTANT",      STR_IFNDEF(ECC_TIMING_RESISTANT));
+
+    /* WC_RSA_BLINDING takes up additional space: */
     show_macro("WC_RSA_BLINDING",           STR_IFNDEF(WC_RSA_BLINDING));
     show_macro("WC_RSA_BLINDING",           STR_IFNDEF(WC_RSA_BLINDING));
     show_macro("NO_WRITEV",                 STR_IFNDEF(NO_WRITEV));
     show_macro("NO_WRITEV",                 STR_IFNDEF(NO_WRITEV));
 
 
@@ -482,7 +495,7 @@ int ShowExtendedSystemInfo_config(void)
     show_macro("WOLFSSL_NO_CURRDIR",        STR_IFNDEF(WOLFSSL_NO_CURRDIR));
     show_macro("WOLFSSL_NO_CURRDIR",        STR_IFNDEF(WOLFSSL_NO_CURRDIR));
     show_macro("WOLFSSL_LWIP",              STR_IFNDEF(WOLFSSL_LWIP));
     show_macro("WOLFSSL_LWIP",              STR_IFNDEF(WOLFSSL_LWIP));
 
 
-    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT)
 #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT)
     ESP_LOGI(TAG, "Compiler Optimization: Default");
     ESP_LOGI(TAG, "Compiler Optimization: Default");
 #elif defined(CONFIG_COMPILER_OPTIMIZATION_SIZE)
 #elif defined(CONFIG_COMPILER_OPTIMIZATION_SIZE)
@@ -494,7 +507,7 @@ int ShowExtendedSystemInfo_config(void)
 #else
 #else
     ESP_LOGI(TAG, "Compiler Optimization: Unknown");
     ESP_LOGI(TAG, "Compiler Optimization: Unknown");
 #endif
 #endif
-    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
 
     return ESP_OK;
     return ESP_OK;
 }
 }
@@ -629,7 +642,7 @@ int ShowExtendedSystemInfo(void)
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
     ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
     ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 #endif
 #endif
-    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
 
     ShowExtendedSystemInfo_config();
     ShowExtendedSystemInfo_config();
     ShowExtendedSystemInfo_git();
     ShowExtendedSystemInfo_git();
@@ -643,29 +656,111 @@ int ShowExtendedSystemInfo(void)
     return ESP_OK;
     return ESP_OK;
 }
 }
 
 
-int esp_ShowExtendedSystemInfo(void)
+esp_err_t esp_ShowExtendedSystemInfo(void)
 {
 {
     /* Someday the ShowExtendedSystemInfo may be global.
     /* Someday the ShowExtendedSystemInfo may be global.
      * See https://github.com/wolfSSL/wolfssl/pull/6149 */
      * See https://github.com/wolfSSL/wolfssl/pull/6149 */
     return ShowExtendedSystemInfo();
     return ShowExtendedSystemInfo();
 }
 }
 
 
+/*
+ *  Disable the watchdog timer (use with caution)
+ */
+
+esp_err_t esp_DisableWatchdog(void)
+{
+    esp_err_t ret = ESP_OK;
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    /* magic bit twiddle to disable WDT on ESP8266 */
+    *((volatile uint32_t*) 0x60000900) &= ~(1);
+#elif CONFIG_IDF_TARGET_ESP32S3
+    ESP_LOGW(TAG, "esp_DisableWatchdog TODO S3");
+#else
+    #if ESP_IDF_VERSION_MAJOR >= 5
+    {
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            rtc_wdt_protect_off();
+            rtc_wdt_disable();
+        #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+              defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32C6) || \
+              defined(CONFIG_IDF_TARGET_ESP32H2)
+            ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform.");
+        #else
+            rtc_wdt_protect_off();
+            rtc_wdt_disable();
+        #endif
+    }
+    #else
+        ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d",
+                      ESP_IDF_VERSION_MAJOR);
+    #endif
+#endif
+
+#ifdef DEBUG_WOLFSSL
+    ESP_LOGI(TAG, "Watchdog disabled.");
+#endif
+
+    return ret;
+}
+
+/*
+ *  Enable the watchdog timer.
+ */
+
+esp_err_t esp_EnabledWatchdog(void)
+{
+    esp_err_t ret = ESP_OK;
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+     /* magic bit twiddle to enable WDT on ESP8266 */
+     *((volatile uint32_t*) 0x60000900) |= 1;
+#elif CONFIG_IDF_TARGET_ESP32S3
+    ESP_LOGW(TAG, "esp_EnableWatchdog TODO S3");
+#else
+    #if ESP_IDF_VERSION_MAJOR >= 5
+    {
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            rtc_wdt_protect_on();
+            rtc_wdt_enable();
+        #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+              defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32C6) || \
+              defined(CONFIG_IDF_TARGET_ESP32H2)
+            ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform.");
+        #else
+            rtc_wdt_protect_on();
+            rtc_wdt_enable();
+        #endif
+    }
+    #else
+        ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d",
+                      ESP_IDF_VERSION_MAJOR);
+    #endif
+#endif
+
+#ifdef DEBUG_WOLFSSL
+    ESP_LOGI(TAG, "Watchdog enabled.");
+#endif
+
+    return ret;
+}
+
 /* Print a MATH_INT_T attribute list.
 /* Print a MATH_INT_T attribute list.
  *
  *
  * Note with the right string parameters, the result can be pasted as
  * Note with the right string parameters, the result can be pasted as
  * initialization code.
  * initialization code.
  */
  */
-int esp_show_mp_attributes(char* c, MATH_INT_T* X)
+esp_err_t esp_show_mp_attributes(char* c, MATH_INT_T* X)
 {
 {
     static const char* MP_TAG = "MATH_INT_T";
     static const char* MP_TAG = "MATH_INT_T";
-    int ret = ESP_OK;
+    esp_err_t ret = ESP_OK;
 
 
     if (X == NULL) {
     if (X == NULL) {
         ret = ESP_FAIL;
         ret = ESP_FAIL;
         ESP_LOGV(MP_TAG, "esp_show_mp_attributes called with X == NULL");
         ESP_LOGV(MP_TAG, "esp_show_mp_attributes called with X == NULL");
     }
     }
     else {
     else {
-        ESP_LOGI(MP_TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
+        ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
         ESP_LOGI(MP_TAG, "%s.used = %d;", c, X->used);
         ESP_LOGI(MP_TAG, "%s.used = %d;", c, X->used);
 #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH)
 #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH)
         ESP_LOGI(MP_TAG, "%s.sign = %d;", c, X->sign);
         ESP_LOGI(MP_TAG, "%s.sign = %d;", c, X->sign);
@@ -679,10 +774,10 @@ int esp_show_mp_attributes(char* c, MATH_INT_T* X)
  * Note with the right string parameters, the result can be pasted as
  * Note with the right string parameters, the result can be pasted as
  * initialization code.
  * initialization code.
  */
  */
-int esp_show_mp(char* c, MATH_INT_T* X)
+esp_err_t esp_show_mp(char* c, MATH_INT_T* X)
 {
 {
     static const char* MP_TAG = "MATH_INT_T";
     static const char* MP_TAG = "MATH_INT_T";
-    int ret = MP_OKAY;
+    esp_err_t ret = ESP_OK;
     int words_to_show = 0;
     int words_to_show = 0;
 
 
     if (X == NULL) {
     if (X == NULL) {
@@ -717,16 +812,16 @@ int esp_show_mp(char* c, MATH_INT_T* X)
                                    i  /* the index, again, for comment   */
                                    i  /* the index, again, for comment   */
                      );
                      );
         }
         }
-        ESP_LOGI(MP_TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
+        ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
     }
     }
     return ret;
     return ret;
 }
 }
 
 
 /* Perform a full mp_cmp and binary compare.
 /* Perform a full mp_cmp and binary compare.
  * (typically only used during debugging) */
  * (typically only used during debugging) */
-int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
+esp_err_t esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
 {
 {
-    int ret = MP_OKAY;
+    esp_err_t ret = ESP_OK;
     int e = memcmp(A, B, sizeof(mp_int));
     int e = memcmp(A, B, sizeof(mp_int));
     if (mp_cmp(A, B) == MP_EQ) {
     if (mp_cmp(A, B) == MP_EQ) {
         if (e == 0) {
         if (e == 0) {
@@ -769,6 +864,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
     }
     }
 
 
     if (ret == MP_OKAY) {
     if (ret == MP_OKAY) {
+        ret = ESP_OK;
         ESP_LOGV(TAG, "esp_mp_cmp equal for %s and %s!",
         ESP_LOGV(TAG, "esp_mp_cmp equal for %s and %s!",
                        name_A, name_B);
                        name_A, name_B);
     }
     }
@@ -779,7 +875,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
     return ret;
     return ret;
 }
 }
 
 
-int esp_hw_show_metrics(void)
+esp_err_t esp_hw_show_metrics(void)
 {
 {
 #if  defined(WOLFSSL_HW_METRICS)
 #if  defined(WOLFSSL_HW_METRICS)
     #if defined(WOLFSSL_ESP32_CRYPT)
     #if defined(WOLFSSL_ESP32_CRYPT)

+ 275 - 0
wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c

@@ -0,0 +1,275 @@
+/* esp_sdk_mem_lib.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+#endif
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/types.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+
+/* Espressif */
+#include "sdkconfig.h" /* programmatically generated from sdkconfig */
+#include <esp_log.h>
+#include <esp_err.h>
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+static const char* TAG = "mem lib";
+static intptr_t _starting_stack_pointer = 0;
+static int _stack_used = 0;
+
+
+/* see
+ * C:\SysGCC\esp8266\rtos-sdk\v3.4\components\esp8266\ld\esp8266.project.ld.in
+ */
+extern wc_ptr_t _data_start[];
+extern wc_ptr_t _data_end[];
+extern wc_ptr_t _rodata_start[];
+extern wc_ptr_t _rodata_end[];
+extern wc_ptr_t _bss_start[];
+extern wc_ptr_t _bss_end[];
+extern wc_ptr_t _rtc_data_start[];
+extern wc_ptr_t _rtc_data_end[];
+extern wc_ptr_t _rtc_bss_start[];
+extern wc_ptr_t _rtc_bss_end[];
+extern wc_ptr_t _iram_start[];
+extern wc_ptr_t _iram_end[];
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+extern wc_ptr_t _init_start[];
+extern wc_ptr_t _init_end[];
+#endif
+extern wc_ptr_t _iram_text_start[];
+extern wc_ptr_t _iram_text_end[];
+extern wc_ptr_t _iram_bss_start[];
+extern wc_ptr_t _iram_bss_end[];
+extern wc_ptr_t _noinit_start[];
+extern wc_ptr_t _noinit_end[];
+extern wc_ptr_t _text_start[];
+extern wc_ptr_t _text_end[];
+extern wc_ptr_t _heap_start[];
+extern wc_ptr_t _heap_end[];
+extern wc_ptr_t _rtc_data_start[];
+extern wc_ptr_t _rtc_data_end[];
+extern void* _thread_local_start;
+extern void* _thread_local_end;
+
+/* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */
+#define MEM_MAP_IO_START  ((void*)(0x3FF00000))
+#define MEM_MAP_IO_END    ((void*)(0x3FF0FFFF))
+#define USER_DATA_START   ((void*)(0x3FFE8000))
+#define USER_DATA_END     ((void*)(0x3FFE8000 + 0x14000))
+#define ETS_SYS_START     ((void*)(0x3FFFC000))
+#define ETS_SYS_END       ((void*)(0x3FFFC000 + 0x4000))
+#define IRAM1_START       ((void*)(0x40100000))
+#define IRAM1_END         ((void*)(0x40100000 + 0x8000))
+#define IRAMF1_START      ((void*)(0x40108000))
+#define IRAMF1_END        ((void*)(0x40108000 + 0x4000))
+#define IRAMF2_START      ((void*)(0x4010C000))
+#define IRAMF2_END        ((void*)(0x4010C000 + 0x4000))
+
+enum sdk_memory_segment
+{
+    /* Ensure this list exactly matches order in sdk_memory_segment_text */
+    mem_map_io = 0,
+    thread_local,
+    data,
+    user_data_ram,
+    bss,
+    noinit,
+    ets_system,
+    iram1,
+    iramf1,
+    iramf2,
+    iram,
+    iram_text,
+    iram_bss,
+    init,
+    text,
+    rodata,
+    rtc_data,
+    SDK_MEMORY_SEGMENT_COUNT
+};
+
+static void*      sdk_memory_segment_start[SDK_MEMORY_SEGMENT_COUNT + 1] = {};
+static void*        sdk_memory_segment_end[SDK_MEMORY_SEGMENT_COUNT + 1] = {};
+static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = {
+    "C memory map io ",
+    "* thread_local  ",
+    "C data          ",
+    "* user data ram ",
+    "* bss           ",
+    "* noinit        ",
+    "C ets system    ",
+    "C iram1         ",
+    "C iramf1        ",
+    "C iramf2        ",
+    "* iram          ",
+    "* iram_text     ",
+    "* iram_bss      ",
+    "* init          ",
+    "* text          ",
+    "* rodata        ",
+    "* rtc data      ",
+    "last item",
+};
+
+/* Given a given memory segment [m]: assign text names, starting and ending
+ * addresses. See also sdk_var_whereis() that requires this initialization. */
+int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end)
+{
+    const char* str;
+    int len = 0;
+    str = sdk_memory_segment_text[m];
+    sdk_memory_segment_start[m] = start;
+    sdk_memory_segment_end[m] = end;
+    /* For ESP8266 See ./build/[Debug|Release]/esp8266/esp8266.project.ld */
+    /* For ESP32   See ./build/VisualGDB/Debug/esp-idf/esp_system/ld/     */
+    if (m == SDK_MEMORY_SEGMENT_COUNT) {
+        ESP_LOGI(TAG, "                    Linker Memory Map");
+        ESP_LOGI(TAG, "-----------------------------------------------------");
+        ESP_LOGI(TAG, "                  Start         End          Length");
+    }
+    else {
+        len = (uint32_t)end - (uint32_t)start;
+        ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len );
+    }
+    return ESP_OK;
+}
+
+/* Show all known linker memory segment names, starting & ending addresses. */
+int sdk_init_meminfo(void) {
+    void* sample_heap_var;
+    int sample_stack_var = 0;
+
+    sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */
+    sdk_log_meminfo(mem_map_io,    MEM_MAP_IO_START,    MEM_MAP_IO_END);
+    sdk_log_meminfo(thread_local,  _thread_local_start, _thread_local_end);
+    sdk_log_meminfo(data,          _data_start,         _data_end);
+    sdk_log_meminfo(user_data_ram, USER_DATA_START,     USER_DATA_END);
+    sdk_log_meminfo(bss,           _bss_start,          _bss_end);
+    sdk_log_meminfo(noinit,        _noinit_start,       _noinit_end);
+    sdk_log_meminfo(ets_system,    ETS_SYS_START,       ETS_SYS_END);
+    sdk_log_meminfo(rodata,        _rodata_start,       _rodata_end);
+    sdk_log_meminfo(iram1,         IRAM1_START,         IRAM1_END);
+    sdk_log_meminfo(iramf1,        IRAMF1_START,        IRAMF1_END);
+    sdk_log_meminfo(iramf2,        IRAMF2_START,        IRAMF2_END);
+    sdk_log_meminfo(iram,          _iram_start,         _iram_end);
+    sdk_log_meminfo(iram_text,     _iram_text_start,    _iram_text_end);
+    sdk_log_meminfo(iram_bss,      _iram_bss_start,     _iram_bss_end);
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    sdk_log_meminfo(init,          _init_start,         _init_end);
+#endif
+    sdk_log_meminfo(text,          _text_start,         _text_end);
+    sdk_log_meminfo(rtc_data,      _rtc_data_start,     _rtc_data_end);
+    ESP_LOGI(TAG, "-----------------------------------------------------");
+    sample_heap_var = malloc(1);
+    if (sample_heap_var == NULL) {
+        ESP_LOGE(TAG, "Unable to allocate heap memory in sdk_var_whereis().");
+    }
+    else {
+        sdk_var_whereis("sample_stack_var", (void*)&sample_stack_var);
+        sdk_var_whereis("sample_heap_var", sample_heap_var);
+        free(sample_heap_var);
+    }
+    return ESP_OK;
+}
+
+/* Returns ESP_OK if found in known memory map, ESP_FAIL otherwise */
+esp_err_t sdk_var_whereis(const char* v_name, void* v) {
+    esp_err_t ret = ESP_FAIL;
+
+    for (enum sdk_memory_segment m = 0 ;m < SDK_MEMORY_SEGMENT_COUNT; m++) {
+        if (v >= sdk_memory_segment_start[m] &&
+            v <= sdk_memory_segment_end[m]) {
+                ret = ESP_OK;
+                ESP_LOGI(TAG, "Variable [%s] found at %p in %s", v_name, v,
+                              sdk_memory_segment_text[m]);
+                if (m == user_data_ram) {
+
+                }
+            }
+    }
+
+    if (ret == ESP_FAIL) {
+        ESP_LOGW(TAG, "%s not found in known memory map: %p", v_name, v);
+    }
+    return ret;
+}
+
+intptr_t esp_sdk_stack_pointer(void)
+{
+    intptr_t sp = 0;
+#if defined(CONFIG_IDF_TARGET_ARCH_RISCV)
+    if (CONFIG_IDF_TARGET_ARCH_RISCV == 1) {
+        __asm volatile("mv %0, sp" : "=r" (sp));
+    }
+#elif defined(CONFIG_IDF_TARGET_ARCH_XTENSA)
+    if (CONFIG_IDF_TARGET_ARCH_XTENSA == 1) {
+        __asm volatile("mov %0, sp" : "=r"(sp));
+    }
+#endif
+    if (_starting_stack_pointer == 0) {
+        _starting_stack_pointer = sp;
+    }
+    _stack_used = _starting_stack_pointer - sp;
+    return sp;
+}
+
+esp_err_t esp_sdk_mem_lib_init(void)
+{
+    int ret = ESP_OK;
+    sdk_init_meminfo();
+    ESP_LOGI(TAG, "esp_sdk_mem_lib_init Ver %d", ESP_SDK_MEM_LIB_VERSION);
+    return ret;
+}
+    #ifndef SINGLE_THREADED
+        #include "semphr.h"
+    #endif
+
+void* wc_debug_pvPortMalloc(size_t size,
+                           const char* file, int line, const char* fname) {
+    void* ret = NULL;
+    ret = pvPortMalloc(size);
+    if (ret == NULL) {
+        ESP_LOGE("malloc", "%s:%d (%s)", file, line, fname);
+        ESP_LOGE("malloc", "Failed Allocating memory of size: %d bytes", size);
+    }
+    return ret;
+}
+
+#endif

+ 441 - 0
wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c

@@ -0,0 +1,441 @@
+/* esp_sdk_time_lib.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* Reminder: user_settings.h is needed and included from settings.h
+ * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+
+/* Espressif */
+#include "sdkconfig.h" /* programmatically generated from sdkconfig */
+#include <esp_log.h>
+#include <esp_err.h>
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+#define ESP_SDK_TIME_LIB_VERSION 1
+
+static const char* TAG = "time lib";
+
+esp_err_t esp_sdk_time_lib_init(void)
+{
+    int ret = ESP_OK;
+    ESP_LOGI(TAG, "esp_sdk_time_lib_init Ver %d", ESP_SDK_TIME_LIB_VERSION);
+    return ret;
+}
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    #include <time.h>
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+    #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR == 1)
+        #define HAS_ESP_NETIF_SNTP 1
+        #include <lwip/apps/sntp.h>
+        #include <esp_netif_sntp.h>
+    #elif (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR > 1)
+        #define HAS_ESP_NETIF_SNTP 1
+        #include <lwip/apps/sntp.h>
+        #include <esp_netif_sntp.h>
+    #else
+        #include <string.h>
+        #include <esp_sntp.h>
+    #endif
+
+#else
+    /* TODO Consider non ESP-IDF environments */
+#endif
+
+/* ESP-IDF uses a 64-bit signed integer to represent time_t
+ * starting from release v5.0
+ * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+ */
+
+/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
+#ifndef TIME_ZONE
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time),
+     *   indicating that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0)
+     *   of November (11)
+     */
+    #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
+#endif /* not defined: TIME_ZONE, so we are setting our own */
+
+#define NTP_RETRY_COUNT 10
+
+/* NELEMS(x) number of elements
+ * To determine the number of elements in the array, we can divide the total
+ * size of the array by the size of the array element.
+ * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c
+ **/
+#define NELEMS(x)  ( (int)(sizeof(x) / sizeof((x)[0])) )
+
+/* See also CONFIG_LWIP_SNTP_MAX_SERVERS in sdkconfig */
+#define NTP_SERVER_LIST ( (char*[]) {                        \
+                                     "pool.ntp.org",         \
+                                     "time.nist.gov",        \
+                                     "utcnist.colorado.edu"  \
+                                     }                       \
+                        )
+/* #define NTP_SERVER_COUNT using NELEMS:
+ *
+ *  (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0]))
+ */
+#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST)
+
+#ifndef CONFIG_LWIP_SNTP_MAX_SERVERS
+    /* We should find max value in sdkconfig, if not set it to our count:*/
+    #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT
+#endif
+
+/* our NTP server list is global info */
+extern char* ntpServerList[NTP_SERVER_COUNT];
+
+char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
+
+/* Show the current date and time */
+int esp_show_current_datetime(void)
+{
+    time_t now;
+    char strftime_buf[64];
+    struct tm timeinfo;
+
+    time(&now);
+    setenv("TZ", TIME_ZONE, 1);
+    tzset();
+
+    localtime_r(&now, &timeinfo);
+    strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
+    ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
+    return ESP_OK;
+}
+
+/* the worst-case scenario is a hard-coded date/time */
+int set_fixed_default_time(void)
+{
+    /* ideally, we'd like to set time from network,
+     * but let's set a default time, just in case */
+    struct tm timeinfo = {
+        .tm_year = 2024 - 1900,
+        .tm_mon  = 1,
+        .tm_mday = 05,
+        .tm_hour = 13,
+        .tm_min  = 01,
+        .tm_sec  = 05
+    };
+    struct timeval now;
+    time_t interim_time;
+    int ret = -1;
+
+    /* set interim static time */
+    interim_time = mktime(&timeinfo);
+
+    ESP_LOGI(TAG, "Adjusting time from fixed value");
+    now = (struct timeval){ .tv_sec = interim_time };
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    (void)now;
+#else
+    ret = settimeofday(&now, NULL);
+#endif
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
+
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
+
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
+    return ret;
+}
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+/* TODO implement time functions for ESP8266 */
+int set_time_from_string(const char* time_buffer)
+{
+    ESP_LOGE(TAG, "set_time_from_string not implemented for ESP8266");
+    return ESP_FAIL;
+}
+
+int set_time(void)
+{
+    ESP_LOGE(TAG, "set_time not implemented for ESP8266");
+    return ESP_FAIL;
+}
+
+int set_time_wait_for_ntp(void)
+{
+    ESP_LOGE(TAG, "set_time_wait_for_ntp not implemented for ESP8266");
+    return ESP_FAIL;
+}
+
+#else
+/* ESP32 Time Helpers */
+
+/* set_time_from_string(s)
+ *
+ * returns 0 = success if able to set the time from the provided string
+ * error for any other value, typically -1 */
+int set_time_from_string(const char* time_buffer)
+{
+    /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
+    const char *format = "%3s %3s %d %d:%d:%d %d %s";
+    struct tm this_timeinfo;
+    struct timeval now;
+    time_t interim_time;
+    int day, year, hour, minute, second;
+    int quote_offset = 0;
+    int ret = 0;
+
+    /* perform some basic sanity checkes */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
+        }
+
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
+
+        if (ret == 8) {
+            /* we found a match for all componets */
+
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };
+
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
+            }
+
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */
+
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
+    }
+
+    return ret;
+}
+
+/* set time; returns 0 if succecssfully configured with NTP */
+int set_time(void)
+{
+#ifndef NTP_SERVER_COUNT
+    ESP_LOGW(TAG, "Warning: no sntp server names defined. "
+                  "Setting to empty list");
+    #define NTP_SERVER_COUNT 0
+    #warning "NTP not properly configured"
+#endif /* not defined: NTP_SERVER_COUNT */
+
+#ifdef HAS_ESP_NETIF_SNTP
+    #if CONFIG_LWIP_SNTP_MAX_SERVERS > 1
+        esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG_MULTIPLE(
+                                       NTP_SERVER_COUNT,
+                                       ESP_SNTP_SERVER_LIST(ntpServerList[0])
+                                   );
+    #else
+        esp_sntp_config_t config =
+            ESP_NETIF_SNTP_DEFAULT_CONFIG(ntpServerList[0]);
+    #endif /* CONFIG_LWIP_SNTP_MAX_SERVERS > 1 */
+#endif /* HAS_ESP_NETIF_SNTP */
+
+    int ret = 0;
+    int i = 0; /* counter for time servers */
+
+    ESP_LOGI(TAG, "Setting the time. Startup time:");
+    esp_show_current_datetime();
+
+#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
+    /* initialy set a default approximate time from recent git commit */
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
+    esp_show_current_datetime();
+
+    ret = -4;
+#else
+    /* otherwise set a fixed time that was hard coded */
+    set_fixed_default_time();
+    esp_show_current_datetime();
+    ret = -3;
+#endif
+
+#ifdef CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
+    config.smooth_sync = true;
+#endif
+
+    if (NTP_SERVER_COUNT) {
+        /* next, let's setup NTP time servers
+         *
+         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         *
+         * WARNING: do not set operating mode while SNTP client is running!
+         */
+        /* TODO Consider esp_sntp_setoperatingmode(SNTP_OPMODE_POLL);  */
+        sntp_setoperatingmode(SNTP_OPMODE_POLL);
+        if (NTP_SERVER_COUNT > CONFIG_LWIP_SNTP_MAX_SERVERS) {
+            ESP_LOGW(TAG, "WARNING: %d NTP Servers defined, but "
+                          "CONFIG_LWIP_SNTP_MAX_SERVERS = %d",
+                           NTP_SERVER_COUNT,CONFIG_LWIP_SNTP_MAX_SERVERS);
+        }
+        ESP_LOGI(TAG, "sntp_setservername:");
+        for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) {
+            const char* thisServer = ntpServerList[i];
+            if (strncmp(thisServer, "\x00", 1) == 0) {
+                /* just in case we run out of NTP servers */
+                break;
+            }
+            ESP_LOGI(TAG, "%s", thisServer);
+            sntp_setservername(i, thisServer);
+            ret = ESP_OK;
+        }
+    #ifdef HAS_ESP_NETIF_SNTP
+        ret = esp_netif_sntp_init(&config);
+    #else
+        ESP_LOGW(TAG,"Warning: Consider upgrading ESP-IDF to take advantage "
+                     "of updated SNTP libraries");
+    #endif
+        if (ret == ESP_OK) {
+            ESP_LOGV(TAG, "Successfully called esp_netif_sntp_init");
+        }
+        else {
+            ESP_LOGE(TAG, "ERROR: esp_netif_sntp_init return = %d", ret);
+        }
+
+        sntp_init();
+        switch (ret) {
+            case ESP_ERR_INVALID_STATE:
+                break;
+            default:
+                break;
+        }
+        ESP_LOGI(TAG, "sntp_init done.");
+    }
+    else {
+        ESP_LOGW(TAG, "No sntp time servers found.");
+        ret = -1;
+    }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
+    return ret;
+}
+
+/* wait for NTP to actually set the time */
+int set_time_wait_for_ntp(void)
+{
+    int ret = 0;
+#ifdef HAS_ESP_NETIF_SNTP
+    int ntp_retry = 0;
+    const int ntp_retry_count = NTP_RETRY_COUNT;
+
+    ret = esp_netif_sntp_start();
+
+    ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined");
+#endif /* HAS_ESP_NETIF_SNTP */
+    esp_show_current_datetime();
+
+#ifdef HAS_ESP_NETIF_SNTP
+    while (ret == ESP_ERR_TIMEOUT && (ntp_retry++ < ntp_retry_count)) {
+        ret = esp_netif_sntp_sync_wait(1000 / portTICK_PERIOD_MS);
+        ESP_LOGI(TAG, "Waiting for NTP to sync time... (%d/%d)",
+                       ntp_retry,
+                       ntp_retry_count);
+        esp_show_current_datetime();
+    }
+#endif /* HAS_ESP_NETIF_SNTP */
+
+#ifdef TIME_ZONE
+    setenv("TZ", TIME_ZONE, 1);
+    tzset();
+#endif
+
+    if (ret == ESP_OK) {
+        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        }
+    else {
+        ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
+                      "result = 0x%0x: %s",
+                       ret, esp_err_to_name(ret));
+    }
+    return ret;
+}
+#endif /* ESP32 or ESP8266 time helpers */
+
+#endif

+ 468 - 0
wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c

@@ -0,0 +1,468 @@
+/* esp_sdk_wifi_lib.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* Reminder: user_settings.h is needed and included from settings.h
+ * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+#ifndef NO_ESP_SDK_WIFI
+
+/* Espressif */
+#include "sdkconfig.h" /* programmatically generated from sdkconfig */
+#include <esp_log.h>
+#include <esp_err.h>
+#include <esp_wifi.h>
+
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+#define ESP_SDK_WIFI_LIB_VERSION 1
+
+static const char* TAG = "wifi lib";
+
+esp_err_t esp_sdk_wifi_lib_init(void)
+{
+    int ret = ESP_OK;
+    ESP_LOGI(TAG, "esp_sdk_wifi_lib_init Ver %d", ESP_SDK_WIFI_LIB_VERSION);
+    return ret;
+}
+
+
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR)
+    /* example path set in cmake file */
+#elif ESP_IDF_VERSION_MAJOR >= 4
+    #include "protocol_examples_common.h"
+#else
+    const static int CONNECTED_BIT = BIT0;
+    static EventGroupHandle_t wifi_event_group;
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+    #if ESP_IDF_VERSION_MAJOR >= 4
+        /* likely using examples, see wifi_connect.h */
+    #else
+        /* TODO - still supporting pre V4 ? */
+        const static int CONNECTED_BIT = BIT0;
+        static EventGroupHandle_t wifi_event_group;
+    #endif
+    #if (ESP_IDF_VERSION_MAJOR == 5)
+        #define HAS_WPA3_FEATURES
+    #else
+        #undef HAS_WPA3_FEATURES
+    #endif
+#else
+    /* TODO Consider pre IDF v5? */
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+
+#if 0
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+#else
+static void event_handler(void* arg, esp_event_base_t event_base,
+                          int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT) {
+        if (event_id == WIFI_EVENT_STA_START) {
+            esp_wifi_connect();
+            ESP_LOGV(TAG, "Connect event!!");
+        }
+        else {
+            if (event_id == WIFI_EVENT_STA_DISCONNECTED) {
+                if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+                    esp_wifi_connect();
+                    s_retry_num++;
+                    ESP_LOGI(TAG, ">> Retry to connect to the AP");
+                }
+                else {
+                    xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+                }
+                ESP_LOGI(TAG, ">> Connect to the AP fail");
+            } /* WIFI_EVENT_STA_DISCONNECTED */
+            else if(event_id == IP_EVENT_STA_GOT_IP) {
+                ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+                ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->ip_info.ip));
+                s_retry_num = 0;
+                xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+            } /* IP_EVENT_STA_GOT_IP */
+        } /* not WIFI_EVENT_STA_START */
+    } /* event_base == WIFI_EVENT */
+} /* event_handler */
+
+#endif
+esp_err_t esp_sdk_wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID,
+                                               &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP,
+                                               &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes
+     * including WEP/WPA. However these modes are deprecated and not advisable
+     * to be used. In case your Access point doesn't support WPA2, these mode
+     * can be enabled by commenting below line */
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT)
+     * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT).
+     * The bits are set by event_handler()
+     * (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+#if 0
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+#else
+    /* xEventGroupWaitBits() returns the bits before the call returned,
+     * hence we can test which event actually happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "Connected to AP SSID: %s",
+                       EXAMPLE_ESP_WIFI_SSID);
+    }
+    else {
+        if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID: %s, password:%s",
+                       EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+        }
+        else {
+            ESP_LOGE(TAG, "UNEXPECTED EVENT");
+        }
+    }
+
+#endif
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP,
+                                                 &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID,
+                                                 &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
+/* event handler for wifi events */
+static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
+{
+    switch (event->event_id)
+    {
+    case SYSTEM_EVENT_STA_START:
+        esp_wifi_connect();
+        break;
+    case SYSTEM_EVENT_STA_GOT_IP:
+    #if ESP_IDF_VERSION_MAJOR >= 4
+        ESP_LOGI(TAG, "got ip:" IPSTR "\n",
+                 IP2STR(&event->event_info.got_ip.ip_info.ip));
+    #else
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
+    #endif
+        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
+        break;
+    case SYSTEM_EVENT_STA_DISCONNECTED:
+        esp_wifi_connect();
+        xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
+        break;
+    default:
+        break;
+    }
+    return ESP_OK;
+}
+#else
+
+#ifdef CONFIG_ESP_MAXIMUM_RETRY
+    #define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+#else
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+
+#if CONFIG_ESP_WIFI_AUTH_OPEN
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN
+#elif CONFIG_ESP_WIFI_AUTH_WEP
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WEP
+#elif CONFIG_ESP_WIFI_AUTH_WPA_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA2_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA_WPA2_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_WPA2_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA3_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA3_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA2_WPA3_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_WPA3_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WAPI_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WAPI_PSK
+#endif
+
+#ifndef ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD
+    #define CONFIG_ESP_WIFI_AUTH_WPA2_PSK 1
+    #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD CONFIG_ESP_WIFI_AUTH_WPA2_PSK
+#endif
+
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+
+/* The event group allows multiple bits for each event,
+ * but we only care about two events:
+ *   - we are connected to the AP with an IP
+ *   - we failed to connect after the maximum amount of retries */
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+
+
+static int s_retry_num = 0;
+ip_event_got_ip_t* event;
+
+
+static void event_handler(void* arg,
+                          esp_event_base_t event_base,
+                          int32_t event_id,
+                          void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    }
+    else if (event_base == WIFI_EVENT &&
+             event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        }
+        else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG, "connect to the AP fail");
+    }
+    else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        event = (ip_event_got_ip_t*) event_data;
+        /* wifi_show_ip(); */
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+
+esp_err_t wc_wifi_init_sta(void)
+{
+    esp_err_t ret = ESP_OK;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    ESP_ERROR_CHECK(esp_netif_init());
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+    esp_netif_create_default_wifi_sta();
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    esp_event_handler_instance_t instance_any_id;
+    esp_event_handler_instance_t instance_got_ip;
+    ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT,
+                                                        ESP_EVENT_ANY_ID,
+                                                        &event_handler,
+                                                        NULL,
+                                                        &instance_any_id));
+    ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT,
+                                                        IP_EVENT_STA_GOT_IP,
+                                                        &event_handler,
+                                                        NULL,
+                                                        &instance_got_ip));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS,
+            /* Authmode threshold resets to WPA2 as default if password matches
+             * WPA2 standards (pasword len => 8). If you want to connect the
+             * device to deprecated WEP/WPA networks, Please set the threshold
+             * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
+             * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
+             * standards. */
+            .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD,
+        #ifdef HAS_WPA3_FEATURES
+            .sae_pwe_h2e = WPA3_SAE_PWE_BOTH,
+        #endif
+        },
+    };
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
+
+#ifdef CONFIG_EXAMPLE_WIFI_SSID
+    if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) {
+        ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\".");
+        ESP_LOGW(TAG, "  Do you have a WiFi AP called \"myssid\", ");
+        ESP_LOGW(TAG, "  or did you forget the ESP-IDF configuration?");
+    }
+#else
+    ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined.");
+#endif
+
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished.");
+
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT)
+     * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT).
+     * The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    /* xEventGroupWaitBits() returns the bits before the call returned,
+     * hence we can test which event actually happened. */
+#if defined(SHOW_SSID_AND_PASSWORD)
+    ESP_LOGW(TAG, "Undefine SHOW_SSID_AND_PASSWORD to not show SSID/password");
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s password:%s",
+                       EXAMPLE_ESP_WIFI_SSID,
+                       EXAMPLE_ESP_WIFI_PASS);
+    }
+    else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                       EXAMPLE_ESP_WIFI_SSID,
+                       EXAMPLE_ESP_WIFI_PASS);
+    }
+    else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+#else
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "Connected to AP");
+    }
+    else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to AP");
+        ret = -1;
+    }
+    else {
+        ESP_LOGE(TAG, "AP UNEXPECTED EVENT");
+        ret = -2;
+    }
+#endif
+    return ret;
+}
+
+esp_err_t wc_wifi_show_ip(void)
+{
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
+}
+
+#endif
+
+
+#endif /* !NO_ESP_SDK_WIFI */
+#endif /* WOLFSSL_ESPIDF */

+ 1 - 0
wolfssl/wolfcrypt/include.am

@@ -108,6 +108,7 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/st/stm32.h \
                          wolfssl/wolfcrypt/port/st/stm32.h \
                          wolfssl/wolfcrypt/port/st/stsafe.h \
                          wolfssl/wolfcrypt/port/st/stsafe.h \
                          wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
                          wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
+                         wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \
                          wolfssl/wolfcrypt/port/arm/cryptoCell.h \
                          wolfssl/wolfcrypt/port/arm/cryptoCell.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \

+ 229 - 0
wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h

@@ -0,0 +1,229 @@
+/* esp-sdk-lib.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#ifndef __ESP_SDK_LIB_H__
+
+#define __ESP_SDK_LIB_H__
+
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.      */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here.   */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF   */
+
+/* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: */
+/*    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")        */
+#ifndef WOLFSSL_USER_SETTINGS
+    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targts"
+#endif
+
+/* FreeRTOS */
+#include <freertos/FreeRTOS.h>
+#include <freertos/task.h>
+#include <freertos/event_groups.h>
+
+/* Espressif */
+#include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */
+#include <esp_idf_version.h>
+#include <esp_log.h>
+
+#define ESP_SDK_MEM_LIB_VERSION 1
+
+/**
+ ******************************************************************************
+ ******************************************************************************
+ ** USER APPLICATION SETTINGS BEGIN
+ ******************************************************************************
+ ******************************************************************************
+ **/
+
+/* when using a private config with plain text passwords,
+ * file my_private_config.h should be excluded from git updates */
+/* #define  USE_MY_PRIVATE_CONFIG */
+
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
+    #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
+        #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
+    #else
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
+    #endif
+#else
+
+    /*
+    ** The examples use WiFi configuration that you can set via project
+    ** configuration menu
+    **
+    ** If you'd rather not, just change the below entries to strings with
+    ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
+    */
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* tyically from ESP32 with ESP-IDF v4 ot v5 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #undef  EXAMPLE_ESP_WIFI_SSID
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
+    #else
+        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+    #endif
+
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #undef  EXAMPLE_ESP_WIFI_PASS
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
+    #else
+        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+    #endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void);
+
+WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v);
+
+WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void);
+
+/******************************************************************************
+* Time helpers
+******************************************************************************/
+WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void);
+
+/* a function to show the current data and time */
+WOLFSSL_LOCAL esp_err_t esp_show_current_datetime(void);
+
+/* worst case, if GitHub time not available, used fixed time */
+WOLFSSL_LOCAL esp_err_t set_fixed_default_time(void);
+
+/* set time from string (e.g. GitHub commit time) */
+WOLFSSL_LOCAL esp_err_t set_time_from_string(const char* time_buffer);
+
+/* set time from NTP servers,
+ * also initially calls set_fixed_default_time or set_time_from_string */
+WOLFSSL_LOCAL esp_err_t set_time(void);
+
+/* wait NTP_RETRY_COUNT seconds before giving up on NTP time */
+WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void);
+
+#ifndef NO_ESP_SDK_WIFI
+
+/******************************************************************************
+* WiFi helpers
+******************************************************************************/
+/* ESP lwip */
+#define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
+
+#define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
+#define TLS_SMP_WIFI_PASS                CONFIG_WIFI_PASSWORD
+
+/* Optionally enable WiFi. Typically not used for wolfcrypt tests */
+/* #define USE_WIFI_EXAMPLE */
+#ifdef USE_WIFI_EXAMPLE
+    #include "esp_netif.h"
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* TODO find and implement ESP8266 example include */
+    #else
+        #include "protocol_examples_common.h" /* see project CMakeLists.txt */
+    #endif
+#endif
+
+
+/* ESP lwip */
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_lib_init(void);
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void);
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void);
+
+#endif /* !NO_ESP_SDK_WIFI */
+
+
+/******************************************************************************
+* Debug helpers
+******************************************************************************/
+WOLFSSL_LOCAL esp_err_t sdk_init_meminfo(void);
+WOLFSSL_LOCAL void* wc_debug_pvPortMalloc(size_t size,
+                                const char* file, int line, const char* fname);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+/* Check for traps */
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    #if !defined(NO_SESSION_CACHE)    && \
+        !defined(MICRO_SESSION_CACHE) && \
+        !defined(SMALL_SESSION_CACHE)
+        #warning "Limited DRAM/IRAM on ESP8266. Check session cache settings"
+    #endif
+#endif
+
+#endif /* WOLFSSL_ESPIDF */
+
+#endif /* __ESP_SDK_LIB_H__ */

+ 19 - 1
wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h

@@ -1,6 +1,6 @@
 /* esp32-crypt.h
 /* esp32-crypt.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -51,6 +51,12 @@
     #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE "."
     #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE "."
 #endif
 #endif
 
 
+#if defined(CONFIG_IDF_TARGET)
+    #define FOUND_CONFIG_IDF_TARGET CONFIG_IDF_TARGET
+#else
+    #define FOUND_CONFIG_IDF_TARGET "(unknown device)"
+#endif
+
 /* Optional exit message.
 /* Optional exit message.
  * The WOLFSSL_COMPLETE keyword exits wolfSSL test harness script. */
  * The WOLFSSL_COMPLETE keyword exits wolfSSL test harness script. */
 #define WOLFSSL_ESPIDF_EXIT_MESSAGE \
 #define WOLFSSL_ESPIDF_EXIT_MESSAGE \
@@ -58,6 +64,14 @@
     "\n\nWOLFSSL_COMPLETE"      \
     "\n\nWOLFSSL_COMPLETE"      \
     "\n\nIf running from idf.py monitor, press twice: Ctrl+]"
     "\n\nIf running from idf.py monitor, press twice: Ctrl+]"
 
 
+#define WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE(s, err) \
+    "\n\nDevice: " FOUND_CONFIG_IDF_TARGET  \
+    "\n\nExit code: %d "        \
+    "\n\n"s                     \
+    "\n\nWOLFSSL_COMPLETE"      \
+    "\n\nIf running from idf.py monitor, press twice: Ctrl+]", \
+    (err)
+
 /* exit codes to be used in tfm.c, sp_int.c, integer.c, etc.
 /* exit codes to be used in tfm.c, sp_int.c, integer.c, etc.
  *
  *
  * see wolfssl/wolfcrypt/error-crypt.h
  * see wolfssl/wolfcrypt/error-crypt.h
@@ -495,6 +509,10 @@ extern "C"
 
 
     WOLFSSL_LOCAL int esp_ShowExtendedSystemInfo(void);
     WOLFSSL_LOCAL int esp_ShowExtendedSystemInfo(void);
 
 
+    WOLFSSL_LOCAL esp_err_t esp_DisableWatchdog(void);
+
+    WOLFSSL_LOCAL esp_err_t esp_EnableWatchdog(void);
+
     /* Compare MATH_INT_T A to MATH_INT_T B
     /* Compare MATH_INT_T A to MATH_INT_T B
      * During debug, the strings name_A and name_B can help
      * During debug, the strings name_A and name_B can help
      * identify variable name. */
      * identify variable name. */

+ 29 - 9
wolfssl/wolfcrypt/settings.h

@@ -1,6 +1,6 @@
 /* settings.h
 /* settings.h
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  *
  * This file is part of wolfSSL.
  * This file is part of wolfSSL.
  *
  *
@@ -452,6 +452,9 @@
 
 
         /* WC_RSA_BLINDING takes up extra space! */
         /* WC_RSA_BLINDING takes up extra space! */
         #define WC_RSA_BLINDING
         #define WC_RSA_BLINDING
+
+        /* Cache Resistant features are  on by default, but has performance
+         * penalty on embedded systems. May not be needed here. Disabled: */
         #define WC_NO_CACHE_RESISTANT
         #define WC_NO_CACHE_RESISTANT
     #endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */
     #endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */
 
 
@@ -1000,17 +1003,34 @@ extern void uITRON4_free(void *p) ;
 
 
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY)
         !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
+
+        /* XMALLOC */
+        #if defined(WOLFSSL_ESPIDF) && \
+           (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC))
+            #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+            #define XMALLOC(s, h, type)  \
+                           ((void)(h), (void)(type), wc_debug_pvPortMalloc( \
+                           (s), (__FILE__), (__LINE__), (__FUNCTION__) ))
+        #else
+            #define XMALLOC(s, h, type)  \
+                           ((void)(h), (void)(type), pvPortMalloc((s)))
+        #endif
+
+        /* XFREE */
         #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
         #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+
+        /* XREALLOC */
         #if defined(WOLFSSL_ESPIDF)
         #if defined(WOLFSSL_ESPIDF)
-                /* In IDF, realloc(p, n) is equivalent to
-                 * heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
-                 *  there's no pvPortRealloc available  */
-                #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
-        /* FreeRTOS pvPortRealloc() implementation can be found here:
-         * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
+            /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to
+             *     heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
+             * There's no pvPortRealloc available:  */
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
         #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA)
         #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA)
-                #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n)))
+            /* FreeRTOS pvPortRealloc() implementation can be found here:
+             * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n)))
+        #else
+            /* no XREALLOC available */
         #endif
         #endif
     #endif
     #endif