** This Method is deprecated. Use CMake if at all possible. Makefile support is limited to fixing bugs.

Returns a heap allocated string, you are required to free it after use.

Returns a heap allocated string, you are required to free it after use.

ANSI C is not C++ therefore it shouldn't be compiled with a C++ compiler. You can compile it with a C compiler and link it with your C++ code however. Although compiling with a C++ compiler might work, correct behavior is not guaranteed.

Can overflow here. Cannot be fixed without breaking the API */

Do this the proper way, this is just a fix for now */

cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */

This modifies objects in 'from' and 'to' by sorting the elements by their key */

This modifies objects in 'from' and 'to' by sorting the elements by their key */

Cannot test this easily in C89! */

Could not make OPENSSL_ROOT_DIR work. CMake seems to prepend sysroot to it.

You must specify options and their arguments on the same line.

The telnet protocol does not specify any way to login with a specified

** On Windows, the %-symbol is a special symbol used to expand

if you want this example to work on Windows with libcurl as a DLL,

if you want chunked transfer too, you need to combine these two

like to get rid off this */

this API is deprecated since it is not working on win64 where the SOCKET

** you must call curl_slist_free_all(3)

This call set CURLOPT_HTTPAUTH(3) to CURLAUTH_AWS_SIGV4. Calling

We use two nested 'if' statements here instead of the && operator, in

these macros MUST NOT EVALUATE their arguments! The argument is

if you have the receiving paused and you call this function to remove

This is one of few API functions that are allowed to be called from

this function should set 'done' TRUE, as the other auth

this function should set 'done' TRUE, as the other auth

that there is a

if you add a state here, add the name to the statenames[] array

'data' may be passed in as NULL when coming from external API without

This is one of few API functions that are allowed to be called from

when the last node of the tree is removed, there is no tree left so

that the *url is curlx_malloc()ed. */

mbedTLS has mbedtls_ssl_get_ciphersuite_id() to

also see tests/unit/unit3205.c */

this is a changed behavior since the released 4.1!

Translate this into something that approximates a valid curl test:-)

add negative tests for these

just uses a single connection for h2/h3. Not sure how to prevent that

we would like to reuse the first connection for the

specify specific exceptions here

specify specific exceptions here

if you want this code to work on Windows with libcurl as a DLL, you

this code does not remove the handle from the multi handle

activate when a minus is detected at the end of statement e.g. {% for ttt in range() -%}

little hack to retrieve IF statement without build a new function

loop done in inverse mode to allow to have index Name overloaded by the loop one

loop done in inverse mode to allow to have index Name overloaded by the loop one

maybe ensure that at least one event happens when jumping forward? */

really do this? */

use adjustheap and recalculation */

check .head */

timer is not always active*/

returns INVALID_SOCKET on winsock accept, not < 0. fix it */

Unfortunately, there are problems with the above when trying

remove this flag sometime in the future.

Find the place where the list is rebuilt in the wrong

Pedantically, this is the right thing to do, so

should test the right _cmds variable.

$output_objdir/$libname.filter potentially contains lots of

could optimize this to just extract one archive.

$output_objdir/$libname.filter potentially contains lots of

should reinstall the best remaining shared library.

64 bit store + 32 bit load-modify-store is suboptimal. */

64 bit store + 32 bit load-modify-store is suboptimal. */

64 bit store + 32 bit load-modify-store is suboptimal. */

optionally dump state. */

Handle file name and include it in error messages. */

Replace with BC_IITERN. */

There are probably more optimization opportunities. */

The API differs from lua_createtable()!

This function currently assumes that the input is a valid

cmake will now create CMakeCache.txt and CMakeFiles/*.\

See gl_VISIBILITY in visibility.m4. Need to perform

Turn on warnings.

Also check if these functions are declared by the

AX_PTHREAD does a lot. Need to implement the

- FIPS

detect platform from other options

Logic here isn't complete, yet (see AX_PTHREAD)

- DTLS-SCTP

- IPv6 test apps

- Lean PSK

- AES-GCM stream

- Session certs

- Compressed key

- TLSv1.0

- Track memory

- RSA public only

- Anonymous

verify that this is correct

- Base16

- AES-XTS

- RC2

- XCHACHA

- FFDHE params only

- TLS extensions

rest of stunnel support

- SCRYPT

- Fast huge math

- LIBZ

- Session export

- Memory tests

- Bit of logic after optimization flags option (above)

- Build shared/static libs based on enables. Check CMake

add support for the various ports

Distro build + rules for what to include in the distro.

* --enable-heapmath is deprecated

* --enable-heapmath is deprecated

* wolfSSL is now GPLv3 instead of GPLv2

* --enable-heapmath is deprecated

* --enable-heapmath is being deprecated and will be removed by end of 2024

* --enable-heapmath is being deprecated and will be removed by end of 2024

* --enable-heapmath is being deprecated and will be removed by end of 2024

In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition.  This option should only be used in backward compatibility scenarios, as it is inherently insecure.

This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.

* --enable-heapmath is being deprecated and will be removed by 2024

* --enable-heapmath is being deprecated and will be removed by 2024

* --enable-heapmath is being deprecated and will be removed by 2024

* --enable-heapmath is being deprecated and will be removed by 2024

Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

Implement real RNG */

Component location is based on the location of the CMakeList.txt

Component location is based on the location of the CMakeList.txt

Component location is based on the location of the CMakeList.txt

Component location is based on the location of the CMakeList.txt

IP Address is problematic in RTOS SDK 3.4 */

Component location is based on the location of the CMakeList.txt

Revisit ESP8266 */

Exchange data over your own transport */

Implement your own recv data transport

Exchange data over your own transport */

Implement your own send data transport

Exchange data over your own transport */

Implement your own recv data transport

Exchange data over your own transport */

Implement your own send data transport

Implement real RTC */

Implement real RNG */

Change core voltage one level at a time.. */

this process should terminate

react to a Windows host that has come back

react to a Windows blue screen

react to the INtime kernel stopping

react to the Windows host going in hibernation

react to the Windows host going in standby mode

react to a Windows host that is about to shutdown

This more customized step has been provided for easier execution in the

These files are for use with the wolfCrypt FIPS module and are not

improve this */

Implement real RNG */

Customize for actual hardware

** "ucIPAddress" is "192.168.1.241" by default. (See wolfssl_thread_entry.h)

** The port 11111 is the DEFAULT_PORT inside wolfssl_thread_entry.h.\

** This may need to be done outside of the e2studio environment (e.g. File Explorer).

** "ucIPAddress" is "192.168.1.241" by default. (See wolfssl_thread_entry.h)

** The port 11111 is the DEFAULT_PORT inside wolfssl_thread_entry.h.

** この作業は、e2studio ではなく、Explorer などを使用します。

** "ucIPAddress" はデフォルトでは "192.168.1.241"  (参照： wolfssl_thread_entry.h)

** wolfssl_thread_entry.h中にデフォルトのポート番号 11111 定義(DEFAULT_PORT)

add your own code here */ line at sce_tst_thread_entry.c

add your own code here */

add your own code here */

_WIN32_WCE defined by system */

If NO_OLD_TLS is not defined this needs to be set to '#if 1' */

If NO_OLD_TLS is not defined this needs to be set to '#if 1' */

_WIN32_WCE defined by system */

Incompatible with wolfEngine and

Can not be on for operational testing */

Incompatible with wolfEngine and

Must provide real seed to RNG */

CERT_PATH macro is set relative to Xcode $(PROJECT_DIR) environment

All files relative to wolfSSL home dir)

リアルタイム作業をここで呼び出すことができます

_ Regarding using same API for encryption

If using wc_AesSetKeyDirect with Aes Counter mode (Stream cipher)

Only RSA and ECC key types are supported. Ed25519, Ed448, and

This function does NOT support async crypto (WOLFSSL_ASYNC_CRYPT).

by returning zero, we are accepting this extension and

Real-time work can be called here

All files relative to wolfSSL home dir\n");

All files relative to wolfSSL home dir\n",          /* 0 */

optimize client / server to fit in 32K flash?

Revisit ESP8266 */

known PlatformIO problem if SINGLE_THREADED is not enabled.  */

there may be a problem with HAVE_CAMELLIA with HW AES disabled.

this is after the hashing section to override the potential SHA3 undef

All files relative to wolfSSL home dir\n",               /* 0 */

Need Japanese translation */

Need Japanese translation */

Need Japanese translation */

add max function */

be more smart about when doing retransmission looking in the

Not needed for Nginx or httpd */

consider changing strings to byte arrays. */

OpenSSL returns 1 and 0 only.

OpenSSL returns 1 and 0 only.

consider switch statement or calculating directly from hex string

Use WOLFSSL_MSG_EX()?

OpenSSL doesn't change point when Jacobian. Do the same?

use the heap filed of one of the points? */

support using the KDF. */

Support use of the password callback and callback context.

use wolfCrypt RSA key to get emLen and bits? */

use wolfCrypt RSA key to get emLen and bits? */

Do we support more schemes in later versions of FIPS? */

Do we support more schemes in later versions of FIPS? */

RSA_X931_PADDING not supported */

RSA_X931_PADDING not supported */

there is some fiddling in OpenSSL+quic in regard to CCM ciphers

the caller is responsible for locking and unlocking the server list

currently wolfSSL_KeepHandshakeResources(WOLFSSL* ssl) must be called

*/

*/

maybe? */

lookup by cipherSuite0 / cipherSuite */

update short names in wolfssl_object_info and check OID sums

Doesn't currently track SSL_VERIFY_CLIENT_ONCE */

Change this to use a bitfield. */

Add callback for private key check? */

compatibility with OpenSSL? OpenSSL assumes data not DER encoded.

Unprintable characters conversion is destructive.

Assumes length is only one byte ie less than 128 characters long.

mp_mod_2d()

small stack */

for FIPS and selftest 0 == WC_HASH_TYPE_MD5 instead. */

'len' should be a signed type.

make fields static.

Is this necessary? Length should not change. */

OpenSSL checks parity and weak keys.

Encrypt one block at a time instead of allocating a large amount.

OpenSSL expects a length that is a multiple of the block size but

Validate parameters?

OpenSSL expects a length that is a multiple of the block size but

Validate parameters?

OpenSSL expects a length that is a multiple of the block size but

Validate parameters?

check bits value?

takes ownership even on failure below but not on above failure. */

Add SESSION_CACHE_DYNAMIC_MEM support for PERSIST_SESSION_CACHE.

no function to free new session.

do NOT pass &length to any *_GET_SIZE function

TLSX_SIGNED_CERTIFICATE_TIMESTAMP, OID_FILTERS

TLSX_SIGNED_CERTIFICATE_TIMESTAMP, TLSX_OID_FILTERS

TLSX_SIGNED_CERTIFICATE_TIMESTAMP,

TLSX_SIGNED_CERTIFICATE_TIMESTAMP,

May be TLSv1_MINOR when sending first ClientHello. */

Add support for more extensions:

check this now before other calls can overwrite ret */

add WOLFSSL_ERROR_ALREADY_IN_PROGRESS type of error here */

for unknown extension NIDs, a X509_EXTENSION is populated with the

WC_NID_subject_key_identifier is currently the only extension

Add support for no nid case */

Inefficient

never do this in a production environment, as it is inherently insecure). To enable sniffer support for keylog files, use the following configure command line and build as before:

more invalid cases */

figure out a way to get a WOLFSSL_CIPHER to test with. */

add cert gen for testing positive case */

test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy

limited to NO_PKCS7_STREAM because the streaming parser's stage 3

translate below */

Add japenese version */

Why doesn't esp_cpu_get_cycle_count work for Xtensa?

Why doesn't esp_cpu_get_cycle_count work for Xtensa

Determine a mechanism for reset that does not interfere

why does Espressif esp_cpu_get_cycle_count() cause

no support for AES-CTR/GCM/CCM/Direct */

SP800-38E - Restrict data unit to 2^20 blocks per key. A block is

store parameters so that usage can be checked. */

support RSA PSS */

msg is leaked if wc_CmacFinal() is not called

Consider linked list with mutex */

Not implemented - use software for now */

Not implemented - use software for now */

This is a pre-FIPS 204 API without context support. New code should

This is a pre-FIPS 204 API without context support. New code should

This is a pre-FIPS 204 API without context support. New code should

Not implemented */

FIPS v6.0.0 or greater, no restriction on imported keys, only

FIPS v6.0.0 or greater, no restriction on imported keys, only

FIPS v6.0.0 or greater, no restriction on imported keys, only

OpenSSL_add_all_ciphers() should be called first before using this

Chacha??? */

Add X448 and ChaCha20

Add X448 */

Add X448 */

Add X448 */

Add X448 */

Add X448 */

Add X448 */

Add X448 */

can parse with USER RSA enabled but may return cert that is not the

can parse with USER RSA enabled but may return cert that is not the

keeps previously set pkcs7 heap hint, devId and isDynamic */

An attribute has the ASN1 format of

this check returns success whenever fewer than 6 bytes

EnvelopedData does not currently support

When implementing DS (Digital Signature HW), need to

When implementing DS (Digital Signature HW), need to

Future interleave. */

Future interleave. */

allow for SHA interleave on chips that support it.

conditional bundle */

Manually edit sort order in gen_crt_bundle.py

Move to common header in ESP-IDF. (requires ESP-IDF modification).

To save memory, the store `cert` from above is overwritten below.

optional gate out serial check for performance.       */

When sorting, see `esp_crt_bundle.c`;

Find ESP32-S2 equivalent */

Find ESP32-S2 equivalent of bss */

something equivalent? */

something equivalent? */

use event in wc_wifi_show_ip - logging the IP string causes a panic. */

Use on-board TRNG */

Try MeCRT */

RSA */

RSA callbacks */

It assumes you have built wolfSSL using the SDK or Evkit.

Get rid of publicKeyIndex. Pass in the information it is parsing.

this function also does verification of the signature as well! */

*/

Both can be defined with no problem.

Perhaps always do mod reduce depending on hardware performance */

Perhaps always do mod reduce depending on hardware performance */

if we don't know the  mode or the direction (@alg == 0) the key

the value for `WC_RESEED_INTERVAL` here is just an example. You should find what is

These are example keys

The raw entropy seed gathered at instantiation / reseed is        */

confirm this is proper random number on Arduino STM32 */

Pull requests appreciated for new targets.

Not implemented */

WOLFSSL_SP_SMALL is incompatible with clang-12+ -Os. */

Handle error case */

maybe have to use tx_thread_delete? */

Use the following once k_thread_stack_alloc makes it into a

Use the following once k_thread_stack_free makes it into a

"Simple and Memory-efficient Signature Generation of XMSS^MT"

we do not have this in our QUIC api and HAProxy does not use it

signal(SIGPIPE, SIG_IGN); */

If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified

Long-term, it would be helpful if we made this struct and other OCSP

1024-bit sign disabled in FIPS mode */

Must be called in OS initialization section outside user control

Tune this value to get best performance */

If other curves are enabled, these values change!

cyassl_nucleus_defs.h is akin to user_settings.h */

define other Arduino boards here */

there may be a problem with HAVE_CAMELLIA with HW AES disabled.

Use logging API?

board specific features */