Revert "Merge branch 'master' into lpc55s69_crypto"

This reverts commit 498f8f8, reversing
changes made to b604b14.

Author: twcook86

.github/workflows/hostap-vm.yml

@@ -76,21 +76,12 @@ jobs:
         with:
           path: hostap
           key: hostap-repo
+          lookup-only: true
 
       - name: Checkout hostap
         if: steps.cache.outputs.cache-hit != 'true'
         run: git clone https://w1.fi/hostap.git hostap
 
-      - name: tar hostap
-        run: tar -zcf hostap.tgz hostap
-
-      - name: Upload hostap repo
-        uses: actions/upload-artifact@v4
-        with:
-          name: hostap-repo
-          path: hostap.tgz
-          retention-days: 1
-
   build_uml_linux:
     name: Build UML (UserMode Linux)
     if: github.repository_owner == 'wolfssl'
@@ -105,16 +96,15 @@ jobs:
         with:
           path: linux/linux
           key: hostap-linux-${{ env.LINUX_REF }}
+          lookup-only: true
 
-      - name: Download hostap repo
+      - name: Checking if we have hostap in cache
         if: steps.cache.outputs.cache-hit != 'true'
-        uses: actions/download-artifact@v4
+        uses: actions/cache/restore@v4
         with:
-          name: hostap-repo
-
-      - name: untar hostap
-        if: steps.cache.outputs.cache-hit != 'true'
-        run: tar -xf hostap.tgz
+          path: hostap
+          key: hostap-repo
+          fail-on-cache-miss: true
 
       - name: Checkout linux
         if: steps.cache.outputs.cache-hit != 'true'
@@ -132,13 +122,6 @@ jobs:
           cd linux
           yes "" | ARCH=um make -j $(nproc)
 
-      - name: Upload kernel binary
-        uses: actions/upload-artifact@v4
-        with:
-          name: uml-linux-kernel
-          path: linux/linux
-          retention-days: 1
-
   hostap_test:
     strategy:
       fail-fast: false
@@ -187,14 +170,13 @@ jobs:
     timeout-minutes: 45
     needs: [build_wolfssl, build_uml_linux, checkout_hostap]
     steps:
-      - name: Download kernel binary
-        uses: actions/download-artifact@v4
+      - name: Checking if we have kernel in cache
+        uses: actions/cache/restore@v4
+        id: cache
         with:
-          name: uml-linux-kernel
-          path: linux
-
-      - name: Restore kernel binary executable bit
-        run: chmod +x linux/linux
+          path: linux/linux
+          key: hostap-linux-${{ env.LINUX_REF }}
+          fail-on-cache-miss: true
 
         # No way to view the full strategy in the browser (really weird)
       - name: Print strategy
@@ -233,13 +215,12 @@ jobs:
       - name: Install pip dependencies
         run: sudo pip install pycryptodome
 
-      - name: Download hostap repo
-        uses: actions/download-artifact@v4
+      - name: Checking if we have hostap in cache
+        uses: actions/cache/restore@v4
         with:
-          name: hostap-repo
-
-      - name: untar hostap
-        run: tar -xf hostap.tgz
+          path: hostap
+          key: hostap-repo
+          fail-on-cache-miss: true
 
       - name: Checkout correct ref
         working-directory: hostap

.github/workflows/os-check.yml

@@ -13,13 +13,14 @@ concurrency:
 # END OF COMMON SECTION
 
 jobs:
-  # Ubuntu config matrix. macOS is covered separately by make_check_macos
-  # below with a curated subset; configs here either have equivalent macOS
-  # coverage there or exercise no Darwin-specific code.
-  make_check_linux:
+  # Configs that interact with platform-specific features (sys-ca-certs,
+  # Apple Security.framework, OpenSSL compat layer, networking).
+  # Run on both Ubuntu and macOS.
+  make_check:
     strategy:
       fail-fast: false
       matrix:
+        os: [ ubuntu-24.04, macos-latest ]
         config: [
           # Add new configs here
           '',
@@ -88,6 +89,26 @@ jobs:
           '--enable-ocsp --enable-ocsp-responder --enable-ocspstapling CPPFLAGS="-DWOLFSSL_NONBLOCK_OCSP" --enable-maxfragment',
           '--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP',
           '--enable-all --enable-writedup',
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
+    steps:
+      - name: Build and test wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          configure: CFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -Wno-overlength-strings -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" ${{ matrix.config }}
+          check: true
+
+  # Platform-agnostic configs: pure crypto algorithms, preprocessor guards,
+  # or features with no macOS-specific code paths. Linux only.
+  make_check_linux:
+    strategy:
+      fail-fast: false
+      matrix:
+        config: [
           '--enable-ascon --enable-experimental',
           '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
           # PKCS#7 with RSA-PSS (CMS RSASSA-PSS signers)
@@ -109,7 +130,7 @@ jobs:
           '--enable-curve25519=nonblock --enable-ecc=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"',
           '--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"',
         ]
-    name: make check linux
+    name: make check (Linux only)
     if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-24.04
     # This should be a safe limit for the tests to run.
@@ -121,55 +142,6 @@ jobs:
           configure: CFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -Wno-overlength-strings -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" ${{ matrix.config }}
           check: true
 
-  # Curated macOS subset. Each config exists for a Darwin-specific reason;
-  # do not add entries that only re-test platform-agnostic crypto already
-  # covered by the corresponding Linux run.
-  make_check_macos:
-    strategy:
-      fail-fast: false
-      matrix:
-        config: [
-          # Default build: --enable-sys-ca-certs is auto-on on macOS, so
-          # this exercises Apple keychain / system trust loading in
-          # src/ssl_load.c that has no Linux equivalent.
-          '',
-          # Broad key-crypto + Security.framework + opensslextra in one run
-          # (RSA, ECC, AES, SHA-2/3, ChaCha20-Poly1305, Curve25519/448, HMAC,
-          # sniffer, DTLS, OCSP, ...). Note: --enable-all does NOT enable
-          # cryptocb or SHE, so those have their own entries below.
-          '--enable-all --enable-asn=template',
-          # Validates the configure-time auto-enable override and that the
-          # build compiles out the Security.framework code path cleanly --
-          # macOS is the only OS where sys-ca-certs is auto-on by default.
-          '--disable-sys-ca-certs',
-          # DTLS over BSD sockets on Darwin: connection-ID, fragmented
-          # ClientHello, secure renegotiation, PSK, AES-CCM, null cipher --
-          # exercises recvmsg/MTU/datagram handling that differs from Linux.
-          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
-            --enable-psk --enable-aesccm --enable-nullcipher
-            CPPFLAGS=-DWOLFSSL_STATIC_RSA',
-          # Crypto-callback dispatcher under Apple clang. Not covered by
-          # --enable-all; verifies the cryptocb find/setkey/keygen path
-          # compiles and runs on the macOS toolchain.
-          '--enable-cryptocb --enable-keygen --enable-cryptocbutils=setkey',
-        ]
-    name: make check macos
-    if: github.repository_owner == 'wolfssl'
-    runs-on: macos-latest
-    # This should be a safe limit for the tests to run.
-    timeout-minutes: 14
-    steps:
-      - name: Build and test wolfSSL
-        uses: wolfSSL/actions-build-autotools-project@v1
-        with:
-          configure: CFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -Wno-overlength-strings -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" ${{ matrix.config }}
-          check: true
-
-  # Run on both OSes: the user_settings.h header-driven build path is
-  # distinct from the autotools-driven --enable-all path in
-  # make_check_linux / make_check_macos, and macOS-specific guard ordering
-  # (e.g. WOLFSSL_SYS_CA_CERTS pulling in Security.framework) needs to be
-  # exercised under Apple clang here.
   make_user_settings:
     strategy:
       fail-fast: false
@@ -193,11 +165,12 @@ jobs:
           user-settings: ${{ matrix.user-settings }}
 
   make_user_settings_testwolfcrypt:
-    # testwolfcrypt runs pure crypto tests with no platform-specific
-    # features, so Linux-only is sufficient for these user_settings.
     strategy:
       fail-fast: false
       matrix:
+        # testwolfcrypt runs pure crypto tests with no platform-specific
+        # features, so Linux-only is sufficient for these user_settings.
+        os: [ ubuntu-24.04 ]
         user-settings: [
           # Add new user_settings.h here (alphabetical order)
           'examples/configs/user_settings_ca.h',
@@ -221,7 +194,7 @@ jobs:
         ]
     name: make user_setting.h (testwolfcrypt only)
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-24.04
+    runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
     steps:
@@ -235,18 +208,21 @@ jobs:
       - name: Run wolfcrypt/test/testwolfcrypt
         run: ./wolfcrypt/test/testwolfcrypt
 
-  # Has to be dedicated function due to the sed call.
-  # Platform-agnostic; --enable-all macOS coverage in make_check_macos and
-  # the macOS user_settings_all.h run in make_user_settings already cover
-  # the equivalent code paths on Darwin.
+  # Has to be dedicated function due to the sed call
   make_user_all:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-24.04, macos-latest ]
     name: make user_setting.h (with sed)
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-24.04
+    runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
     steps:
     - uses: actions/checkout@v4
+    - if: ${{ matrix.os == 'macos-latest' }}
+      run: brew install automake libtool
     - run: ./autogen.sh
     - name: user_settings_all.h with compatibility layer
       run: |

.github/workflows/pq-all.yml

@@ -44,7 +44,7 @@ jobs:
     if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-24.04
     # This should be a safe limit for the tests to run.
-    timeout-minutes: 10
+    timeout-minutes: 6
     steps:
       - uses: actions/checkout@v4
         name: Checkout wolfSSL

.wolfssl_known_macro_extras

@@ -563,7 +563,6 @@ STM32L552xx
 STM32L562xx
 STM32MP135Fxx
 STM32N657xx
-STM32U385xx
 STM32U575xx
 STM32U585xx
 STM32U5A9xx
@@ -834,6 +833,7 @@ WOLFSSL_NO_DH186
 WOLFSSL_NO_DTLS_SIZE_CHECK
 WOLFSSL_NO_ETM_ALERT
 WOLFSSL_NO_FENCE
+WOLFSSL_NO_INIT_CTX_KEY
 WOLFSSL_NO_ISSUERHASH_TDPEER
 WOLFSSL_NO_KCAPI_AES_CBC
 WOLFSSL_NO_KCAPI_HMAC_SHA1
@@ -852,6 +852,7 @@ WOLFSSL_NO_SERVER_GROUPS_EXT
 WOLFSSL_NO_SESSION_STATS
 WOLFSSL_NO_SIGALG
 WOLFSSL_NO_SOCKADDR_UN
+WOLFSSL_NO_SPHINCS
 WOLFSSL_NO_STRICT_CIPHER_SUITE
 WOLFSSL_NO_TICKET_EXPIRE
 WOLFSSL_NO_TRUSTED_CERTS_VERIFY
@@ -920,7 +921,6 @@ WOLFSSL_SHA512_HASHTYPE
 WOLFSSL_SHUTDOWNONCE
 WOLFSSL_SILABS_TRNG
 WOLFSSL_SLHDSA_FULL_HASH
-WOLFSSL_SLHDSA_NO_VERIFY_ONLY
 WOLFSSL_SNIFFER_NO_RECOVERY
 WOLFSSL_SP_ARM32_UDIV
 WOLFSSL_SP_FAST_NCT_EXPTMOD