FreeRTOSv.9.0.0源码

# Notes - Please read ## Note 1 ``` wolfSSL now needs all examples and tests to be run from the wolfSSL home directory. This is because it finds certs and keys from ./certs/. Trying to maintain the ability to run each program from its own directory, the testsuite directory, the main directory (for make check/test), and for the various different project layouts (with or without config) was becoming harder and harder. Now to run testsuite just do: ./testsuite/testsuite or make check (when using autoconf) On *nix or Windows the examples and testsuite will check to see if the current directory is the source directory and if so, attempt to change to the wolfSSL home directory. This should work in most setup cases, if not, just follow the beginning of the note and specify the full path. ``` ## Note 2 ``` wolfSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, no signer error to confirm failure (-188). If you want to mimic OpenSSL behavior of having SSL_connect succeed even if verifying the server fails and reducing security you can do this by calling: wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error add -fdebug-types-section to C_EXTRA_FLAGS #wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) ##Release 3.4.8 of wolfSSL has bug fixes and new features including: - FIPS version submitted for iOS. - Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. - Improvements to usage of time code. - Improvements to VS solution files. See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html #wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) ##Release 3.4.6 of wolfSSL has bug fixes and new features including: - Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. These speedup the use of RNG, SHA2, and public key algorithms. - Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples in wolcrypt/test/test.c ed25519_test(). - Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes of memory per secure connection including cipher state. - wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and ctaocrypt headers which will enable the compatibility APIs for the foreseeable future - INSTALL file to help direct users to build instructions for their environment - For ECC users with the normal math library a fix that prevents a crash when verify signature fails. Users of 3.4.0 with ECC and the normal math library must update - RC4 is now disabled by default in autoconf mode - AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers available without a switch - External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution - DHE-PSK cipher suites can now be built without ASN or Cert support - Fix some NO MD5 build issues with optional features - Freescale CodeWarrior project updates - ECC curves can be individually turned on/off at build time. - Sniffer handles Cert Status message and other minor fixes - SetMinVersion() at the wolfSSL Context level instead of just SSL session level to allow minimum protocol version allowed at runtime - RNG failure resource cleanup fix - No high level security fixes that requires an update though we always recommend updating to the latest (except note 6 use case of ecc/normal math) See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html #wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) ## Release 3.4.0 wolfSSL has bug fixes and new features including: - wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt headers which will enable the compatibility APIs for the foreseeable future - Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c - Example use of the wolfSSL API can be found in examples/client/client.c - Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon - Improvements in the build configuration under AIX - Microchip Pic32 MZ updates - TIRTOS updates - PowerPC updates - Xcode project update - Bidirectional shutdown examples in client/server with -w (wait for full shutdown) option - Cycle counts on benchmarks for x86_64, more coming soon - ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA keys - Various compile warnings - Scan-build warning fixes - Changed a memcpy to memmove in the sniffer (if using sniffer please update) - No high level security fixes that requires an update though we always recommend updating to the latest # CyaSSL Release 3.3.0 (12/05/2014) - Countermeasuers for Handshake message duplicates, CHANGE CIPHER without FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from the Prosecco team at INRIA Paris-Rocquencourt for the report. - FIPS version submitted - Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED - User can set mimimum downgrade version with CyaSSL_SetMinVersion() - Small stack improvements at TLS/SSL layer - TLS Master Secret generation and Key Expansion are now exposed - Adds client side Secure Renegotiation, * not recommended * - Client side session ticket support, not fully tested with Secure Renegotiation - Allows up to 4096bit DHE at TLS Key Exchange layer - Handles non standard SessionID sizes in Hello Messages - PicoTCP Support - Sniffer now supports SNI Virtual Hosts - Sniffer now handles non HTTPS protocols using STARTTLS - Sniffer can now parse records with multiple messages - TI-RTOS updates - Fix for ColdFire optimized fp_digit read only in explicit 32bit case - ADH Cipher Suite ADH-AES128-SHA for EAP-FAST The CyaSSL manual is available at: http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. # CyaSSL Release 3.2.0 (09/10/2014) #### Release 3.2.0 CyaSSL has bug fixes and new features including: - ChaCha20 and Poly1305 crypto and suites - Small stack improvements for OCSP, CRL, TLS, DTLS - NTRU Encrypt and Decrypt benchmarks - Updated Visual Studio project files - Updated Keil MDK5 project files - Fix for DTLS sequence numbers with GCM/CCM - Updated HashDRBG with more secure struct declaration - TI-RTOS support and example Code Composer Studio project files - Ability to get enabled cipher suites, CyaSSL_get_ciphers() - AES-GCM/CCM/Direct support for Freescale mmCAU and CAU - Sniffer improvement checking for decrypt key setup - Support for raw ECC key import - Ability to convert ecc_key to DER, EccKeyToDer() - Security fix for RSA Padding check vulnerability reported by Intel Security Advanced Threat Research team The CyaSSL manual is available at: http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions and comments about the new features please check the manual. # CyaSSL Release 3.1.0 (07/14/2014) #### Release 3.1.0 CyaSSL has bug fixes and new features including: - Fix for older versions of icc without 128-bit type - Intel ASM syntax for AES-NI - Updated NTRU support, keygen benchmark - FIPS check for minimum required HMAC key length - Small stack (--enable-smallstack) improvements for PKCS#7, ASN - TLS extension support for DTLS - Default I/O callbacks external to user - Updated example client with bad clock test - Ability to set optional ECC context info - Ability to enable/disable DH separate from opensslextra - Additional test key/cert buffers for CA and server - Updated example certificates The CyaSSL manual is available at: http://www.yassl