Merge branch 'master' into feature/integrate_openssl_comp_fixes

# Conflicts:
#	tests/api/test_tls.h

Author: Roy-Carter

.github/actions/install-apt-deps/action.yml

@@ -0,0 +1,92 @@
+name: 'Install apt dependencies'
+description: 'Install apt packages with retry logic and caching'
+inputs:
+  packages:
+    description: 'Space-separated list of apt packages to install'
+    required: true
+  retries:
+    description: 'Number of retry attempts'
+    required: false
+    default: '3'
+  retry-delay:
+    description: 'Initial delay between retries (seconds, doubles each attempt)'
+    required: false
+    default: '5'
+  no-install-recommends:
+    description: 'Pass --no-install-recommends to apt-get install'
+    required: false
+    default: 'false'
+  cache:
+    description: 'Cache apt archives (disable for dynamic package names)'
+    required: false
+    default: 'true'
+runs:
+  using: 'composite'
+  steps:
+    - name: Compute cache key
+      if: inputs.cache == 'true'
+      id: cache-key
+      shell: bash
+      run: |
+        SORTED_PKGS=$(echo "${{ inputs.packages }}" | tr ' ' '\n' | sort -u | tr '\n' ' ')
+        PKG_HASH=$(echo "$SORTED_PKGS" | sha256sum | cut -d' ' -f1 | head -c 16)
+        OS_VERSION=$(lsb_release -rs 2>/dev/null || echo "unknown")
+        echo "key=apt-deps-${{ runner.os }}-${{ runner.arch }}-${OS_VERSION}-${PKG_HASH}" >> $GITHUB_OUTPUT
+        echo "restore-key=apt-deps-${{ runner.os }}-${{ runner.arch }}-${OS_VERSION}-" >> $GITHUB_OUTPUT
+
+    - name: Restore apt cache
+      if: inputs.cache == 'true'
+      id: apt-cache
+      uses: actions/cache/restore@v4
+      with:
+        path: ~/apt-cache
+        key: ${{ steps.cache-key.outputs.key }}
+        restore-keys: ${{ steps.cache-key.outputs.restore-key }}
+
+    - name: Pre-seed apt archives from cache
+      if: inputs.cache == 'true' && steps.apt-cache.outputs.cache-hit == 'true'
+      shell: bash
+      run: |
+        if [ -d ~/apt-cache ] && ls ~/apt-cache/*.deb >/dev/null 2>&1; then
+          sudo cp ~/apt-cache/*.deb /var/cache/apt/archives/
+          echo "Restored $(ls ~/apt-cache/*.deb | wc -l) cached .deb files"
+        fi
+
+    - name: Install packages
+      shell: bash
+      run: |
+        export DEBIAN_FRONTEND=noninteractive
+        RETRIES=${{ inputs.retries }}
+        DELAY=${{ inputs.retry-delay }}
+        NO_REC=""
+        if [ "${{ inputs.no-install-recommends }}" = "true" ]; then
+          NO_REC="--no-install-recommends"
+        fi
+        for i in $(seq 1 $RETRIES); do
+          if sudo apt-get update -q && \
+             sudo apt-get install -y $NO_REC ${{ inputs.packages }}; then
+            exit 0
+          fi
+          if [ "$i" -eq "$RETRIES" ]; then
+            echo "::error::apt-get failed after $RETRIES attempts"
+            exit 1
+          fi
+          echo "::warning::apt-get failed (attempt $i/$RETRIES), retrying in ${DELAY}s..."
+          sleep $DELAY
+          DELAY=$((DELAY * 2))
+        done
+
+    - name: Collect .deb files for cache
+      if: inputs.cache == 'true' && steps.apt-cache.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        mkdir -p ~/apt-cache
+        cp /var/cache/apt/archives/*.deb ~/apt-cache/ 2>/dev/null || true
+        echo "Cached $(ls ~/apt-cache/*.deb 2>/dev/null | wc -l) .deb files"
+
+    - name: Save apt cache
+      if: inputs.cache == 'true' && steps.apt-cache.outputs.cache-hit != 'true'
+      uses: actions/cache/save@v4
+      with:
+        path: ~/apt-cache
+        key: ${{ steps.cache-key.outputs.key }}

.github/workflows/ada.yml

@@ -10,7 +10,7 @@ jobs:
   build:
 
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
     - uses: actions/checkout@v4
@@ -56,11 +56,14 @@ jobs:
       if: ${{ failure() && steps.examples.outcome == 'failure' }}
       run: cat ./wrapper/Ada/examples/server.log
 
+    - name: Install valgrind
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: valgrind
+
     - name: Run Ada wrapper tests (valgrind)
       working-directory: ./wrapper/Ada/tests
       run: |
-        sudo apt-get update
-        sudo apt-get install -y valgrind
         valgrind --leak-check=full --error-exitcode=1 \
           --suppressions=valgrind.supp ./bin/tests
 

.github/workflows/arduino.yml

@@ -77,7 +77,7 @@ concurrency:
 jobs:
   build:
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     strategy:
       fail-fast: false

.github/workflows/async-examples.yml

@@ -31,7 +31,7 @@ jobs:
       - name: Build async examples (no configure)
         run: |
           make -C examples/async clean
-          make -C examples/async ASYNC_MODE=${{ matrix.async_mode }} EXTRA_CFLAGS="${{ matrix.extra_cflags }}"
+          make -j -C examples/async ASYNC_MODE=${{ matrix.async_mode }} EXTRA_CFLAGS="${{ matrix.extra_cflags }}"
 
       - name: Run async examples
         run: |

.github/workflows/async.yml

@@ -20,8 +20,6 @@ jobs:
           # Add new configs here
           '--enable-asynccrypt --enable-all --enable-dtls13 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"',
           '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
-          '--enable-asynccrypt --enable-all --enable-dtls13 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"',
-          '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-asynccrypt --enable-all --enable-dtls13 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"',
           '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',

.github/workflows/bind.yml

@@ -52,6 +52,12 @@ jobs:
     timeout-minutes: 10
     needs: build_wolfssl
     steps:
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          fetch-depth: 1
+
       - name: Download lib
         uses: actions/download-artifact@v4
         with:
@@ -61,25 +67,24 @@ jobs:
         run: tar -xf build-dir.tgz
 
       - name: Install dependencies
-        run: |
-          # Don't prompt for anything
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          # hostap dependencies
-          sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev liburcu-dev
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev liburcu-dev
 
       - name: Checkout OSP
         uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
+          fetch-depth: 1
 
       - name: Checkout bind9
         uses: actions/checkout@v4
         with:
           repository: isc-projects/bind9
           path: bind
           ref: v${{ matrix.ref }}
+          fetch-depth: 1
 
       - name: Build and test bind9
         working-directory: bind

.github/workflows/cmake-autoconf.yml

@@ -9,17 +9,16 @@ on:
 jobs:
   build:
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
 # pull wolfSSL
     - uses: actions/checkout@v4
 
-# install cmake and autotools
-    - name: Install cmake
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y cmake autoconf automake libtool
+    - name: Install cmake and autotools
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: cmake autoconf automake libtool
 
 # build and install wolfssl via autotools for CMake consumer test
     - name: Build wolfssl with autotools

.github/workflows/cmake.yml

@@ -9,17 +9,16 @@ on:
 jobs:
   build:
     if: github.repository_owner == 'wolfssl'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
 # pull wolfSSL
     - uses: actions/checkout@v4
 
-# install cmake
     - name: Install cmake
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y cmake
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: cmake
 
 # build wolfssl
     - name: Build wolfssl

.github/workflows/curl.yml

@@ -49,10 +49,16 @@ jobs:
       matrix:
         curl_ref: [ 'master', 'curl-8_4_0' ]
     steps:
+    - name: Checkout wolfSSL CI actions
+      uses: actions/checkout@v4
+      with:
+        sparse-checkout: .github/actions
+        fetch-depth: 1
+
     - name: Install test dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket apache2 apache2-dev
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: nghttp2 libpsl5 libpsl-dev python3-impacket apache2 apache2-dev
 
     - name: Download lib
       uses: actions/download-artifact@v4

.github/workflows/cyrus-sasl.yml

@@ -53,13 +53,16 @@ jobs:
     timeout-minutes: 4
     needs: build_wolfssl
     steps:
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          fetch-depth: 1
+
       - name: Install dependencies
-        run: |
-          # Don't prompt for anything
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
-            libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: krb5-kdc krb5-otp libkrb5-dev libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
 
       - name: Download lib
         uses: actions/download-artifact@v4
@@ -74,13 +77,15 @@ jobs:
         with:
           repository: wolfssl/osp
           path: osp
+          fetch-depth: 1
 
       - name: Checkout sasl
         uses: actions/checkout@v4
         with:
           repository: cyrusimap/cyrus-sasl
           ref: cyrus-sasl-${{ matrix.ref }}
           path: sasl
+          fetch-depth: 1
 
       - name: Build cyrus-sasl
         working-directory: sasl