Merge pull request #378 from tim-weller-wolfssl/example-updates

wolfSSL example updates based on testing with wolfSSL v5.5.4-stable
2023-04-05 15:25:08 -06:00 · 2023-04-05 15:25:08 -06:00 · ccfd90982b
parent 9688f1b635 013a6da63d
commit ccfd90982b
33 changed files with 209 additions and 104 deletions
--- a/SE050/README.md
+++ b/SE050/README.md
@ -8,7 +8,7 @@ written for and tested on a Raspberry Pi with NXP SE050 EdgeLock development
 kit.
 For complete details on wolfSSL's support for NXP SE050, see
-[README_SE050.md](https://www.github.com/wolfssl/wolfssl/wolfcrypt/src/port/nxp/README_SE050.md).
+[README_SE050.md](https://www.github.com/wolfssl/wolfssl/tree/master/wolfcrypt/src/port/nxp/README_SE050.md).
 That document also describes how to download, build, and compile the SE05x
 Middleware. It should be followed first before moving on to installing and
 running these examples.
--- a/certgen/certgen_ca_example.c
+++ b/certgen/certgen_ca_example.c
@ -30,6 +30,9 @@
 #ifdef WOLFSSL_CAAM
    #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
    static int devId = WOLFSSL_CAAM_DEVID;
 #else
    static int devId = INVALID_DEVID;
 #endif
 #if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \
@ -37,7 +40,6 @@
 #define HEAP_HINT NULL
 #define LARGE_TEMP_SZ 4096
 static int devId = WOLFSSL_CAAM_DEVID;
 static int do_cagen(int argc, char** argv)
 {
--- a/certmanager/README.md
+++ b/certmanager/README.md
@ -8,6 +8,7 @@ in a standalone manner, separate from an SSL/TLS connection.
 ## Compiling and Running the Example
 ```
 $ ./configure --enable-opensslextra
 $ make
 $ ./certverify
 ```
--- a/crypto/3des/README.md
+++ b/crypto/3des/README.md
@ -5,7 +5,7 @@ How to use 3des-file-encrypt.c
   b. In the crypto/3des directory run the Makefile by typing 'make'.
 2)  Make a file to encode. Can be any file (ex. .txt .in .out .file etc.)
 3)  run the executable, for help run with -h flag. Basic command is as follows:
-        ./3des-file-encrypt <-option> <KeySize> <input.file> <output.file>
+        ./3des-file-encrypt <-option> <KeySize> -i <input.file> -o <output.file>
        KeySize examples: 56, 112, or 168
--- a/crypto/aes/README.md
+++ b/crypto/aes/README.md
@ -6,7 +6,7 @@ How to use aes-file-encrypt.c
 2)  Make a file to encode. Can be any file (ex. .txt .in .out .file etc.)
 3)  run the executable, for help run with -h flag. Basic command is as follows:
-        ./aes-file-encrypt <-option> <KeySize> <input.file> <output.file>
+        ./aes-file-encrypt <-option> <KeySize> -i <input.file> -o <output.file>
        KeySize (in bits) allowed values: 128, 192, 256
--- a/crypto/camellia/README.md
+++ b/crypto/camellia/README.md
@ -6,7 +6,7 @@ How to use camellia-encrypt.c
 2)  Make a file to encode. Can be any file (ex. .txt .in .out .file etc.)
 3)  run the executable, for help run with -h flag. Basic command is as follows:
-        ./camellia-encrypt <-option> <input.file> <KeySize> <output.file>
+        ./camellia-encrypt <option> <KeySize> -i <input.file> -o <output.file>
        KeySize examples: 128, 192, 256
--- a/custom-io-callbacks/README.md
+++ b/custom-io-callbacks/README.md
@ -13,12 +13,26 @@ Other transports might be:
 These examples use the wolfSSL Custom IO Callbacks to read and write to the file
 system and perform a successful handshake.
-The configuration used for these examples:
+Building the examples:
-`./configure --enable-debug`
+From the wolfssl directory:
 ```
 ./configure --enable-debug
 sudo make install
 ```
-Debug was enabled in case a user wishes to use the verbose flag to see what is
+**NOTE:** Debug was enabled in case a user wishes to use the verbose flag to see
-happening in real time:
+          what is happening in real time:
 From the file-server directory:
 ```
 make
 ```
 From the file-client directory:
 ```
 make
 ```
 Usage examples:
--- a/dtls/client-dtls.c
+++ b/dtls/client-dtls.c
@ -56,7 +56,7 @@ int main (int argc, char** argv)
    /* Program argument checking */
    if (argc != 2) {
-        printf("usage: udpcli <IP address>\n");
+        printf("usage: %s <IP address>\n", argv[0]);
        return 1;
    }
--- a/ecc/README.md
+++ b/ecc/README.md
@ -5,7 +5,7 @@
 ### Build and install wolfSSL
 ```
-./configure --enable-ecc --enable-ecccustcurves CFLAGS="-DWOLFSSL_TEST_CERT -DWOLFSSL_DER_TO_PEM -DHAVE_ECC_KOBLITZ" && make && sudo make install
+./configure --enable-ecc --enable-ecccustcurves CFLAGS="-DWOLFSSL_TEST_CERT -DWOLFSSL_DER_TO_PEM -DHAVE_ECC_KOBLITZ -DWOLFSSL_PUBLIC_MP" && make && sudo make install
 ```
 ### Build Example
@ -119,7 +119,7 @@ This example demonstrates using a Koblitz (SECP256K1) curve.
 hash_firmware_verify: 0
 ```
-### `ecc-key-decode`
+### `ecc-key-export`
 This example shows exporting an ECC private key and public key.
--- a/ocsp/ocsp_nonblock/README.md
+++ b/ocsp/ocsp_nonblock/README.md
@ -35,8 +35,12 @@ Ret = 1: success
 ## OCSP non-blocking Async example
-This uses your system certificate chain to demonstrate validating revocation status using an OCSP 
+This uses your system certificate chain to demonstrate validating revocation status using an OCSP
-public server with wolfSSL's Asynchronous crypto.
+public server with wolfSSL's Asynchronous cryptography support.  i
 **NOTE:** Before building this example the asynchronous support must be obtained from
 (https://github.com/wolfSSL/wolfAsyncCrypt) and installed into wolfSSL by following the
 instructions in the *README* file contained in the wolfAsyncCrypt repository.
 The example uses youtube.com as the public server.
--- a/ocsp/ocsp_nonblock/google.pem
+++ b/ocsp/ocsp_nonblock/google.pem
@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
-MIIEhjCCA26gAwIBAgIQWwvxxxXoxEkSWJsftFiO7jANBgkqhkiG9w0BAQsFADBG
+MIIEijCCA3KgAwIBAgIRAMMsR1VjA2bdChxuYQ+kZZcwDQYJKoZIhvcNAQELBQAw
-MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
+RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
-QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMjA1MDQxNzQwMDVaFw0yMjA3Mjcx
+TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjMwMjAxMTk0MzU5WhcNMjMwNDI2
-NzQwMDRaMBkxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYI
+MTk0MzU4WjAZMRcwFQYDVQQDEw53d3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEG
-KoZIzj0DAQcDQgAEy3kqjk9F7+Ap8XWjvvDnAUfiJXV6bHblqegicb6Krq3zUw8T
+CCqGSM49AwEHA0IABPYtARyiqyABnq+cSe6WFmr7zNlagYL5OyskmRWhsP3A6wbP
-KUQ8wxMtRoZXHv9DtZgC1ErW6qAPt0BWdzP7waOCAmYwggJiMA4GA1UdDwEB/wQE
+cNwK7D7d39DPep+J9t3zRbV6N4M0ENnK0dRStDOjggJpMIICZTAOBgNVHQ8BAf8E
-AwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
-BBSoMrJUWSIVHdDkqXgfi2VI5nQ2TjAfBgNVHSMEGDAWgBSKdH+vhc3ulc09nNDi
+FgQUO0vK2Vu9yiiGhuDdx6cnv4ips20wHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ
-RhTzcTUdJzBqBggrBgEFBQcBAQReMFwwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3Nw
+4kYU83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2Nz
-LnBraS5nb29nL2d0czFjMzAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3Jl
+cC5wa2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9y
-cG8vY2VydHMvZ3RzMWMzLmRlcjAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTAh
+ZXBvL2NlcnRzL2d0czFjMy5kZXIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20w
-BgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAv
+IQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGg
-oC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFjMy9RT3ZKME4xc1QyQS5jcmww
+L6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvZlZKeGJWLUt0bWsuY3Js
-ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBByMqx3yJGShDGoToJQodeTjGLGwPr
+MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcArfe++nz/EMiLnT2cHj4YarRnKV3P
-60vHaPCQYpYG9gAAAYCQX05XAAAEAwBGMEQCIA/HX1T2lssgnL8weEBFzPsILM4q
+sQwkyoWGNOvcgooAAAGGDrjY8QAABAMASDBGAiEAiGtpyVO3J7pErGIS++BFCCrR
-/3iJ5FyXJgZZ9ZMQAiBi0HochB+UgZMpslJ72ei48hvzGErcXvUJUwXVx4x6ZwB2
+m1ch8C/mcLUjFspJ2gUCIQCqJteA+V8oZs1zIRWFsODsim1Cq8OarB6CXiJlum4G
-ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABgJBfTiYAAAQDAEcw
+XQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhg642JMAAAQD
-RQIhAIcwKuzq6j1VwM1F3P/3L0Un5LKUt4o52+KREIULHJ6yAiAIVxHlI0vTToyP
+AEgwRgIhAPvhrZVsgY5IpVRBNkYD+grWKlmPexdriLtIAMoJfQOiAiEA2Knc568e
-N96UQkuM0FvPus2vGZLfIimVHrqrQzANBgkqhkiG9w0BAQsFAAOCAQEAw/wVl+C1
+NSHDC1svyE3jkQsLHKDtCNuZkVTB0yqj6IcwDQYJKoZIhvcNAQELBQADggEBAOhy
-0mjwVu3NCu9sbnX47TuPz2lwT/6aUOMmRQg5Z3I9qWwRs5TdwYS/RXjGbATG8STu
+ZroJaTS5jZ6KI1Z8X0K20W+Zmxz2qEiV4PyYA0cB2Zmzn5rul9Yo/bfS922BKTx+
-Qmq5h4GRil5523D2OKmJ2ZBc033tk/aDJzf3bRQrFnzYNDIo2zW7rrdg0yUE2ytq
+4m7pwugvJf9cOohZ0YNQ0JfBLYJ9QUQpsl7nag8lJz2BxWksaqLW3od3wlGZS2gh
-30pP0so32wVtqAKZOdtgYyQs1WXEgOVouGkecgdKv2pMyWa6TVjMNnMxCwqq4MRG
+rsnRqp/4UtjEk7ppSy8TaRALMMbG41k8nADB03Wnzbj0hcPcJr1k+6YT8JO/xDr0
-R5thr5l5tg20zvpGM7bE/VuYegTSqQyaF6arUpjpOX7xclfERZ1RUOh1EHHnH4gf
+2B/ZD4V1Mt8uUj0fP9QaZkTwujM2StPf+HHaqUM11Rdj/gEx5jcOY5+E1AY3edw2
-l7eOUXh950nbb3bjp2bUF1CjsnveJI1UfqcUrp3Tuoh7ScT1gEiJ82qGsVtyq3AU
+uU1gkK1HhsJ3HbMDC7RwoHj/SN77dXP0EV8+z7xYheV1oLG4ladh2jM/wJjXDf2N
-FvKz0TJH0ipymA==
+le6YwStMhTnhte3TcxA=
-----END CERTIFICATE-----
+-----END CERTIFICATE-----
--- a/ocsp/ocsp_nonblock/ocsp_nonblock_async.c
+++ b/ocsp/ocsp_nonblock/ocsp_nonblock_async.c
@ -361,7 +361,7 @@ int main(int argc, char** argv)
    printf("WolfSSL AsyncCrypt Enabled\n");
 #if defined(HAVE_INTEL_QA)
    printf("WolfSSL AsyncCrypt with IntelQA Mode\n");
-#elif defined(WOLFSSL_ASYNC_CRYPT_TEST)
+#elif defined(WOLFSSL_ASYNC_CRYPT_SW)
    printf("WolfSSL AsyncCrypt with Simulation Mode\n");
 #else
    #error Unknown HW Acceleration device
@ -477,7 +477,7 @@ exit:
    printf("Please compile wolfSSL with  ./configure --enable-asynccrypt --enable-sni" 
           " --enable-alpn --enable-ocspstapling --enable-ocspstapling2 --enable-opensslextra"
-           " --enable-curve25519 CFLAGS=-DWOLFSSL_NONBLOCK_OCSP")
+           " --enable-curve25519 CFLAGS=-DWOLFSSL_NONBLOCK_OCSP");
    return -1;
 #endif
 }
--- a/picotcp/README.md
+++ b/picotcp/README.md
@ -8,12 +8,12 @@ This TLS server runs in userspace, using picoTCP as compiled-in TCP/IP stack.
 ### Requirements
 - PicoTCP v.1.7 or later
- wolfSSL
+- wolfSSL (default configuration)
 - Access to `/dev/net/tun` on the host system (typically root privileges)
 ### How to compile picotcp-server
- clone or download picoTCP
+- clone or download [picoTCP](https://github.com/tass-belgium/picotcp.git)
 - compile picoTCP with `make ARCH=shared TAP=1 WOLFSSL=1`
 - modify `PICOTCP_PATH` at the top of Makefile, pointing to the picoTCP root directory
 - run `make`
--- a/pk/rsa-kg/rsa-kg-sv.c
+++ b/pk/rsa-kg/rsa-kg-sv.c
@ -96,8 +96,8 @@ int main(int argc, char *argv[])
    int ret;
    RsaKey key;
    WC_RNG rng;
-    unsigned char hash[SHA512_DIGEST_SIZE];
+    unsigned char hash[WC_SHA512_DIGEST_SIZE];
-    int hashSz = SHA512_DIGEST_SIZE;
+    int hashSz = WC_SHA512_DIGEST_SIZE;
    int hashAlg = WC_HASH_TYPE_SHA512;
    unsigned char sig[MAX_RSA_BITS/8];
    int sig_len;
@ -227,9 +227,9 @@ int main(int argc, char *argv[])
        return 1;
    }
    /* Check hash size is valid */
-    if (hashSz < 1 || hashSz > SHA512_DIGEST_SIZE) {
+    if (hashSz < 1 || hashSz > WC_SHA512_DIGEST_SIZE) {
        fprintf(stderr, "Hash size out of range (1-%d): %d\n",
-                SHA512_DIGEST_SIZE, hashSz);
+                WC_SHA512_DIGEST_SIZE, hashSz);
        usage();
        return 1;
    }
--- a/pkcs7/README.md
+++ b/pkcs7/README.md
@ -16,11 +16,11 @@ $ make
 $ sudo make install
 ```
-Note, some examples require "--with-libz" and "--enable-pwdbased". To build
+Note, some examples require additional features, such as "--with-libz" and 
-wolfSSL with support for all examples, use:
+"--enable-pwdbased". To build wolfSSL with support for all examples, use:
 ```
-$ ./configure --enable-pkcs7 --enable-pwdbased --with-libz
+$ ./configure --enable-pkcs7 --enable-pwdbased --enable-cryptocb --with-libz CFLAGS="-DWOLFSSL_DER_TO_PEM"
 $ make
 $ sudo make install
 ```
@ -574,6 +574,8 @@ Successfully extracted and verified bundle contents
 ### Converting P7B Certificate Bundle to PEM using PKCS7 SignedData API
 Build wolfssl using: `./configure --enable-pkcs7 CFLAGS="-DWOLFSSL_DER_TO_PEM"`
 Example file: `signedData-p7b.c`
 This example parses a .p7b certificate bundle using wolfCrypt's PKCS#7
--- a/psk/README.md
+++ b/psk/README.md
@ -1,11 +1,30 @@
-TCP/PSK Tutorial
+This folder contains examples related to PSK, including:
-================
+* Quick-Start section to simply build and run some of the examples
 * Tutorial section detailing the process of adding PSK support to a
  client/server system.
 # Quick Start
 To build and run the basic PSK example:
 In the wolfSSL directory:
 ```
 $ ./configure --enable-psk --enable-opensslextra CFLAGS="-DWOLFSSL_STATIC_PSK"
 $ make && make install
 ```
 In the psk directory:
 ```
 $ make
 $ ./server-psk
 $ ./client-psk
 ```
 # TCP/PSK Tutorial
 ## **Tutorial for adding wolfSSL Security to a Simple Client.**
 1. Include the wolfSSL compatibility header:
 ``#include <wolfssl/ssl.h>``
-* Change all calls from read() or recv() to wolfSSL_read(), in the simple client
+2. Change all calls from read() or recv() to wolfSSL_read(), in the simple client
    ``read(sockfd, recvline, MAXLINE)`` becomes ``wolfSSL_read(ssl, recvline, MAXLINE)``
@ -418,16 +437,16 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca
     * enum used for tcp_select function
     */
    enum {
-        TEST_SELECT_FAIL,
+        TEST_SELECT_FAIL,
-        TEST_TIMEOUT,
+        TEST_TIMEOUT,
-        TEST_RECV_READY,
+        TEST_RECV_READY,
-        TEST_ERROR_READY
+        TEST_ERROR_READY
    };
    static inline int tcp_select(int socketfd, int to_sec)
    {
-        fd_set recvfds, errfds;
+        fd_set recvfds, errfds;
-        int nfds = socketfd + 1;
+        int nfds = socketfd + 1;
        struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
        int result;
@ -439,14 +458,14 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca
        result = select(nfds, &recvfds, NULL, &errfds, &timeout);
        if (result == 0)
-            return TEST_TIMEOUT;
+            return TEST_TIMEOUT;
        else if (result > 0) {
-            if (FD_ISSET(socketfd, &recvfds))
+            if (FD_ISSET(socketfd, &recvfds))
-                return TEST_RECV_READY;
+                return TEST_RECV_READY;
-            else if(FD_ISSET(socketfd, &errfds))
+            else if(FD_ISSET(socketfd, &errfds))
-                return TEST_ERROR_READY;
+                return TEST_ERROR_READY;
        }
-        return TEST_SELECT_FAIL;
+        return TEST_SELECT_FAIL;
        }
    ```
@ -465,7 +484,7 @@ When a socket is setup as non-blocking, reads and writes to the socket do not ca
 	int select_ret;
 	while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
-	                           error == SSL_ERROR_WANT_WRITE)) {
+	                           error == SSL_ERROR_WANT_WRITE)) {
 		int currTimeout = 1;
 		if (error == SSL_ERROR_WANT_READ)
@ -521,15 +540,15 @@ Nonblocking on the server side allows for switching between multiple client conn
    ```
 	/* timed loop to continue checking for a client message */
 	do {
-     	if (n < 0) {
+     	if (n < 0) {
-         	err = wolfSSL_get_error(ssl, 0);
+         	err = wolfSSL_get_error(ssl, 0);
-         	if (err != SSL_ERROR_WANT_READ)
+         	if (err != SSL_ERROR_WANT_READ)
-             	err_sys("respond: read error");
+             	err_sys("respond: read error");
-         	n = wolfSSL_read(ssl, buf, MAXLINE);
+         	n = wolfSSL_read(ssl, buf, MAXLINE);
-         	time(&current_time);
+         	time(&current_time);
-     	}
+     	}
 	} while (err == SSL_ERROR_WANT_READ && n < 0 &&
-          	difftime(current_time, start_time) < seconds);
+          	difftime(current_time, start_time) < seconds);
    ```
--- a/psk/server-psk-nonblocking.c
+++ b/psk/server-psk-nonblocking.c
@ -356,6 +356,7 @@ int main()
            }
            wolfSSL_shutdown(ssl);
            wolfSSL_free(ssl);
            ssl = NULL;
        }
    }
--- a/psk/server-psk-threaded.c
+++ b/psk/server-psk-threaded.c
@ -91,6 +91,7 @@ void* wolfssl_thread(void* fd)
    if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) {
        printf("wolfSSL_accept failed with %d\n", ret);
        wolfSSL_free(ssl);
        ssl = NULL;
        close(connfd);
        pthread_exit(NULL);
    }
@ -113,6 +114,7 @@ void* wolfssl_thread(void* fd)
    /* closes the connections after responding */
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    ssl = NULL;
    if (close(connfd) == -1) {
        printf("Fatal error : close error\n");
        /* place signal for forced error exit here */
--- a/psk/server-psk-tls13-multi-id.c
+++ b/psk/server-psk-tls13-multi-id.c
@ -208,6 +208,7 @@ int main()
            /* closes the connections after responding */
            wolfSSL_shutdown(ssl);
            wolfSSL_free(ssl);
            ssl = NULL;
            if (close(connfd) == -1) {
                printf("Fatal error : close error\n");
--- a/psk/server-psk.c
+++ b/psk/server-psk.c
@ -212,6 +212,7 @@ int main()
            /* closes the connections after responding */
            wolfSSL_shutdown(ssl);
            wolfSSL_free(ssl);
            ssl = NULL;
            if (close(connfd) == -1) {
                printf("Fatal error : close error\n");
--- a/signature/rsa_buffer/README.md
+++ b/signature/rsa_buffer/README.md
@ -1,28 +1,35 @@
-Configure and install wolfSSL with these options:
+# RSA sign and verify example
 ## Configure, build and install wolfSSL
 ```
 ./configure
 make
-make install
+sudo make install
 ```
-(if any build issues due to previous installations please run 'ldconfig`)
+**NOTE:** if any build issues due to previous installations please run `ldconfig`
-To compile without Makefile:
+## Build and run example
 **NOTE:** The `sign_vfy.sh` script performs the steps below.
 ```
 make sign
 ./sign "This is the message" > signature.h
 make verify
 ./verify
 ```
 **NOTE:** To Build and run example without Makefile:
 ```
 gcc -o sign sign.c -lwolfssl
 ./sign <message> > signature.h
 gcc -o verify verify.c -lwolfssl
 To sign a message:
 ./sign <message>
 To verify the signature with the message:
 ./verify
 ```
 Please contact support@wolfssl.com with any questions or concerns!
 Best wishes in all your testing!
 - The wolfSSL Team
--- a/signature/rsa_vfy_only/Makefile
+++ b/signature/rsa_vfy_only/Makefile
@ -14,8 +14,8 @@ OPTIMIZE        = -Os
 # Options
 #CFLAGS+=$(DEBUG_FLAGS)
 CFLAGS+=$(OPTIMIZE)
-LIBS+=$(STATIC_LIB)
+#LIBS+=$(STATIC_LIB)
-#LIBS+=$(DYN_LIB)
+LIBS+=$(DYN_LIB)
 # build targets
 SRC=$(wildcard *.c)
--- a/signature/rsa_vfy_only/README.md
+++ b/signature/rsa_vfy_only/README.md
@ -1,24 +1,32 @@
-Configure and install wolfSSL with these options:
+# RSA Verify-only example
 ## Configure, build and install wolfSSL
 ```
 ./configure --disable-asn --disable-filesystem \
    --enable-cryptonly --enable-sp=smallrsa2048 --enable-sp-math \
    --disable-dh --disable-ecc --disable-sha224 --enable-rsavfy \
    CFLAGS="-DWOLFSSL_PUBLIC_MP"
 make
-make install
+sudo make install
 ```
-(if any build issues due to previous installations please run 'ldconfig`)
+**NOTE:** If any build issues due to previous installations please run 'ldconfig`
 To compile without Makefile:
 gcc -Os -o verify verify.c /usr/local/lib/libwolfssl.a
 To verify the signature with the message:
 ## Build and run example
 ```
 make
 ./verify
 ```
 **NOTE:** To compile without Makefile:
 ```
 gcc -Os -o verify verify.c /usr/local/lib/libwolfssl.a
 ./verify
 ```
 Please contact support@wolfssl.com with any questions for concerns!
 Best wishes in all your testing!
 - The wolfSSL Team
--- a/signature/sigtest/README.md
+++ b/signature/sigtest/README.md
@ -74,3 +74,5 @@ ECC Curve BRAINPOOLP384R1, KeySz 48, Sig: CurveMax 104, ActMax 104, CalcMax 104
 ```
 Note: The extra 2-bytes of padding is to account for the case where R or S has the Most Significant Bit (MSB) set.
 Please contact support@wolfssl.com with any questions or concerns!
--- a/tls/README.md
+++ b/tls/README.md
@ -23,6 +23,39 @@ leaks, especially in error conditions.
 For Visual Studio users with the VisualGDB extension, there are additional
 example files in [VisualGDB-tls](./VisualGDB-tls/).
 Quick Start
 ===========
 This portion of the `README` will show you how to quickly build and run some of
 the examples in this directory. For more detail on the examples and further 
 variations and features please see the *Tutorial* section.
 Build wolfSSL:
 ```sh
 ./configure --enable-asynccrypt && make && sudo make install
 ```
 In wolfssl-examples/tls:
 ```sh
 make clean && make
 ```
 To run simple TLS example, in separate terminals enter:
 ```sh
 ./server-tls
 ./client-tls 127.0.0.1
 ```
 To run non-blocking / threaded TLS example, in separate terminals enter:
 ```sh
 ./server-tls-threaded
 ./client-tls-nonblocking 127.0.0.1
 ```
 Tutorial
 ========
@ -1305,4 +1338,4 @@ To generate your own cert text, see the [DER to C script](https://github.com/wol
 ## Support
 Please contact wolfSSL at support@wolfssl.com with any questions, bug fixes,
-or suggested feature additions.
+or suggested feature additions.
--- a/tls/server-tls-callback.c
+++ b/tls/server-tls-callback.c
@ -303,6 +303,7 @@ int main()
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        ssl = NULL;
        close(connd);           /* Close the connection to the client   */
    }
--- a/tls/server-tls-ecdhe.c
+++ b/tls/server-tls-ecdhe.c
@ -203,6 +203,7 @@ int main()
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        ssl = NULL;
        close(connd);           /* Close the connection to the client   */
    }
--- a/tls/server-tls-nonblocking.c
+++ b/tls/server-tls-nonblocking.c
@ -282,6 +282,7 @@ int main()
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        ssl = NULL;
        close(connd);           /* Close the connection to the client   */
        connd = SOCKET_INVALID;
    }
--- a/tls/server-tls-pkcallback.c
+++ b/tls/server-tls-pkcallback.c
@ -530,6 +530,7 @@ int main(int argc, char** argv)
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        ssl = NULL;
        close(connd);           /* Close the connection to the client   */
        connd = SOCKET_INVALID;
    }
--- a/tls/server-tls-threaded.c
+++ b/tls/server-tls-threaded.c
@ -113,6 +113,7 @@ void* ClientHandler(void* args)
        printf("wolfSSL_read encountered an error with code %d and msg %s\n",
               ret, wolfSSL_ERR_error_string(ret, buff));
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        ssl = NULL;
        close(pkg->connd);      /* Close the connection to the server   */
        pkg->open = 1;          /* Indicate that execution is over      */
        pthread_exit(NULL);     /* End thread execution                */
@ -145,6 +146,7 @@ void* ClientHandler(void* args)
    /* Cleanup after this connection */
    wolfSSL_free(ssl);      /* Free the wolfSSL object              */
    ssl = NULL;
    close(pkg->connd);      /* Close the connection to the server   */
    pkg->open = 1;          /* Indicate that execution is over      */
 #if defined(HAVE_ECC) && defined(FP_ECC)
--- a/tls/server-tls-verifycallback.c
+++ b/tls/server-tls-verifycallback.c
@ -308,6 +308,7 @@ int main()
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        ssl = NULL;
        close(connd);           /* Close the connection to the client   */
    }
@ -326,6 +327,6 @@ exit:
    if (ctx)
        wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
    wolfSSL_Cleanup();          /* Cleanup the wolfSSL environment          */
-    
+
    return ret;               /* Return reporting a success               */
 }
--- a/tls/server-tls-writedup.c
+++ b/tls/server-tls-writedup.c
@ -43,7 +43,7 @@
 int main()
 {
-    int                ret;
+    int                ret = 0;
 #ifdef HAVE_WRITE_DUP
    int                sockfd = SOCKET_INVALID;
    int                connd = SOCKET_INVALID;
--- a/tls/server-tls.c
+++ b/tls/server-tls.c
@ -197,6 +197,7 @@ int main()
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
        ssl = NULL;
        close(connd);           /* Close the connection to the client   */
    }