wolfSSL
diff --git a/‎.github/workflows/pq-all.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/pq-all.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.wolfssl_known_macro_extras‎
Lines changed: 6 additions & 0 deletions b/‎.wolfssl_known_macro_extras‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt‎
Lines changed: 275 additions & 78 deletions b/‎IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt‎
Lines changed: 275 additions & 78 deletions
diff --git a/‎IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig‎
Lines changed: 24 additions & 0 deletions b/‎IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h‎
Lines changed: 8 additions & 3 deletions b/‎IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h‎
Lines changed: 8 additions & 3 deletions
@@ -18,7 +18,7 @@ jobs:
       matrix:
         config: [
           # Add new configs here
-          '--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS=-DWOLFSSL_ML_KEM_USE_OLD_IDS'
+          '--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"',
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
 
@@ -96,6 +96,7 @@ CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
 CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
 CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
 CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
 CONFIG_FREERTOS_HZ
 CONFIG_FREERTOS_UNICORE
 CONFIG_IDF_TARGET
@@ -286,6 +287,7 @@ IOTSAFE_NO_GETDATA
 IOTSAFE_SIG_8BIT_LENGTH
 KCAPI_USE_XMALLOC
 K_SERIES
+LIBWOLFSSL_CMAKE_OUTPUT
 LIBWOLFSSL_VERSION_GIT_BRANCH
 LIBWOLFSSL_VERSION_GIT_HASH
 LIBWOLFSSL_VERSION_GIT_HASH_DATE
@@ -415,6 +417,7 @@ NO_WOLFSSL_SHA256_INTERLEAVE
 NO_WOLFSSL_SHA512_INTERLEAVE
 NO_WOLFSSL_SKIP_TRAILING_PAD
 NO_WOLFSSL_SMALL_STACK_STATIC
+NO_WOLFSSL_USE_ASM_CERT
 NO_WOLFSSL_XILINX_TAG_MALLOC
 NRF52
 NRF52_SERIES
@@ -456,6 +459,7 @@ SHOW_CERTS
 SHOW_GEN
 SHOW_SIZES
 SHOW_SSID_AND_PASSWORD
+SHOW_WOLFSSL_BUNDLE_ERROR
 SIM_SCGC3_RNGA_MASK
 SIM_SCGC5_PORTC_MASK
 SIM_SCGC5_PORTD_MASK
@@ -518,6 +522,8 @@ TI_DUMMY_BUILD
 TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
 TSIP_RSAES_1024
 TSIP_RSAES_2048
+TSIP_RSASSA_1024
+TSIP_RSASSA_2048
 UNICODE
 USER_CA_CB
 USER_CUSTOM_SNIFFX
 
@@ -274,10 +274,28 @@ menu "wolfSSL"
                     bool "Do not use the default certificate bundle"
             endchoice
 
+            config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Use alternate certificate bundle"
+                help
+                    Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
+                    Enable this option to specify a fixed wolfSSL certificate file path and file name.
+
+            config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
+                depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Default certificate bundle alternate path and name"
+                default "./certs/x509_crt_bundle_wolfssl"
+                help
+                    Name of the default certificate bundle directory. Typically used only with PlatformIO.
+                    Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
+                    paths are with respect to root of this project.
+
             config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
                 depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
                 default n
                 bool "Add custom certificates to the default bundle"
+
             config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
                 depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
                 string "Custom certificate bundle path"
@@ -430,6 +448,12 @@ menu "wolfSSL"
             help
                 Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
 
+        config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
+            bool "Suppress build-time warnings for main stack size"
+            default n
+            help
+                Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
+
         config ESP_WOLFSSL_TEST_LOOP
             bool "Run test apps in a loop until failure"
             default y
 
@@ -853,13 +853,18 @@
     #ifndef NO_RSA
         #define ESP32_USE_RSA_PRIMITIVE
 
-        #if defined(CONFIG_IDF_TARGET_ESP32)
-            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+        #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+            /* See idf.py menuconfig for stack warning settings */
+            #if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
                 #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
-                    #warning "RSA may be difficult with less than 10KB Stack "/
+                    #warning "RSA may be difficult with less than 10KB Stack"
                 #endif
+            #else
+                /* Implement your own stack warning here */
             #endif
+        #endif
 
+        #if defined(CONFIG_IDF_TARGET_ESP32)
             /* NOTE HW unreliable for small values! */
             /* threshold for performance adjustment for HW primitive use   */
             /* X bits of G^X mod P greater than                            */