Merged main into fix-conversion with conflict resolution

.github/workflows/coverity-scan-fixes.yml

@@ -0,0 +1,53 @@
+name: Coverity Scan master branch
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1-5'
+    - cron: '0 0 * * 0'
+    - cron: '0 12 * * 0'
+
+jobs:
+  coverity:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: master
+
+    - name: Configure wolfSSL with enable-all M-F
+      if: github.event.schedule == '0 0 * * 1-5'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all
+
+    - name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
+      if: github.event.schedule == '0 0 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all --enable-smallstack
+
+    - name: Configure wolfSSL with bigendian Sun at 12:00
+      if: github.event.schedule == '0 12 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
+
+    - name: Check secrets
+      env:
+        token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
+      run: |
+        token_len=${#token_var}
+        echo "$token_len"
+        email_len=${#email_var}
+        echo "$email_len"
+
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        build_language: 'cxx'
+        project: "wolfSSL/wolfssl"
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        command: "make"

.github/workflows/curl.yml

@@ -52,8 +52,7 @@ jobs:
     - name: Install test dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install nghttp2 libpsl5 libpsl-dev
-        sudo pip install impacket
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
 
     - name: Download lib
       uses: actions/download-artifact@v4

.github/workflows/hostap-vm.yml

@@ -196,8 +196,7 @@ jobs:
           # hostap dependencies
           sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
             libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
-            libnl-route-3-dev libdbus-1-dev bridge-utils tshark
-          sudo pip3 install pycryptodome
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
 
       - name: Checkout hostap
         uses: actions/checkout@v4

.github/workflows/ipmitool.yml

@@ -51,6 +51,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: build_wolfssl
     steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
       - name: Download lib
         uses: actions/download-artifact@v4
         with:

.github/workflows/jwt-cpp.yml

@@ -41,13 +41,17 @@ jobs:
           retention-days: 5
 
   build_pam-ipmi:
+    if: github.repository_owner == 'wolfssl'
     strategy:
       fail-fast: false
       matrix:
-        ref: [ 0.6.0 ]
-    name: ${{ matrix.ref }}
-    if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-latest
+        config:
+          - ref: 0.7.0
+            runner: ubuntu-latest
+          - ref: 0.6.0
+            runner: ubuntu-22.04
+    name: ${{ matrix.config.ref }}
+    runs-on: ${{ matrix.config.runner }}
     needs: build_wolfssl
     steps:
       - name: Install dependencies
@@ -76,12 +80,12 @@ jobs:
         with:
           repository: Thalhammer/jwt-cpp
           path: jwt-cpp
-          ref: v${{ matrix.ref }}
+          ref: v${{ matrix.config.ref }}
 
       - name: Build pam-ipmi
         working-directory: jwt-cpp
         run: |
-          patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch
+          patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
           PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
             cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
           make -j -C build

.github/workflows/mosquitto.yml

@@ -68,8 +68,7 @@ jobs:
         run: |
             export DEBIAN_FRONTEND=noninteractive
             sudo apt-get update
-            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
-            sudo pip install --upgrade psutil
+            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
 
       - name: Checkout mosquitto
         uses: actions/checkout@v4

.github/workflows/multi-compiler.yml

@@ -51,6 +51,8 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
       - uses: actions/checkout@v4
       - name: Build
         env:

.github/workflows/openvpn.yml

@@ -43,7 +43,7 @@ jobs:
       fail-fast: false
       matrix:
         # List of refs to test
-        ref: [ release/2.6, v2.6.0, master ]
+        ref: [ release/2.6, master ]
     name: ${{ matrix.ref }}
     if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest

.github/workflows/pam-ipmi.yml

@@ -56,8 +56,7 @@ jobs:
           # Don't prompt for anything
           export DEBIAN_FRONTEND=noninteractive
           sudo apt-get update
-          sudo apt-get install libpam-dev ninja-build
-          sudo pip3 install meson
+          sudo apt-get install libpam-dev ninja-build meson
 
       - name: Download lib
         uses: actions/download-artifact@v4

.github/workflows/softhsm.yml

@@ -0,0 +1,94 @@
+name: SoftHSMv2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-softhsm
+          path: build-dir.tgz
+          retention-days: 5
+
+  softhsm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.6.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcppunit-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-softhsm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout SoftHSMv2
+        uses: actions/checkout@v4
+        with:
+          repository: opendnssec/SoftHSMv2
+          path: softhsm
+          ref: ${{ matrix.ref }}
+
+      # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
+      - name: Build softhsm
+        working-directory: softhsm
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
+          autoreconf -if
+          ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          make -j
+
+      - name: Test softhsm
+        working-directory: softhsm
+        run: make -j check

.github/workflows/sssd.yml

@@ -14,6 +14,7 @@ concurrency:
 
 jobs:
   build_wolfssl:
+    if: github.repository_owner == 'wolfssl'
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
@@ -39,6 +40,7 @@ jobs:
           retention-days: 5
 
   sssd_check:
+    if: github.repository_owner == 'wolfssl'
     strategy:
       fail-fast: false
       matrix:

.github/workflows/win-csharp-test.yml

@@ -0,0 +1,58 @@
+name: Windows CSharp Build Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    if: github.repository_owner == 'wolfssl'
+    runs-on: windows-latest
+
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Debug
+      BUILD_PLATFORM: x64
+
+    steps:
+        - name: Pull wolfssl
+          uses: actions/checkout@master
+          with:
+            repository: wolfssl/wolfssl
+            path: wolfssl
+
+        - name: Create FIPS stub files (autogen)
+          working-directory: wolfssl
+          run: |
+            echo $null >> wolfcrypt\src\fips.c
+            echo $null >> wolfcrypt\src\fips_test.c
+            echo $null >> wolfcrypt\src\wolfcrypt_first.c
+            echo $null >> wolfcrypt\src\wolfcrypt_last.c
+
+        - name: Add MSBuild to PATH
+          uses: microsoft/setup-msbuild@v1
+
+        - name: Build
+          working-directory: ${{env.GITHUB_WORKSPACE}}
+          # Add additional options to the MSBuild command line here (like platform or verbosity level).
+          # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+          run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+        - name: Run wolfCrypt test
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfCrypt-test.exe
+
+        - name: Run wolfSSL client/server example
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe

.github/workflows/zephyr.yml

@@ -46,7 +46,7 @@ jobs:
             libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
             libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
             net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
-            python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
+            python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
             texinfo unzip wget ovmf xz-utils
 
       - name: Install west

.gitignore

@@ -10,6 +10,7 @@ ctaocrypt/src/src/
 *.cache
 .dirstamp
 *.user
+!*-VS2022.vcxproj.user
 configure
 config.*
 !cmake/config.in

CMakeLists.txt

@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.7.2 LANGUAGES C ASM)
+project(wolfssl VERSION 5.7.4 LANGUAGES C ASM)
 
 # Set WOLFSSL_ROOT if not already defined
 if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -53,7 +53,7 @@ set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
 
 # increment if interfaces have been added
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
-set(WOLFSSL_LIBRARY_VERSION_SECOND 2)
+set(WOLFSSL_LIBRARY_VERSION_SECOND 3)
 
 # increment if source code has changed
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or