Header | Supported | Comments |
---|---|---|
assert.h | Yes | - |
complex.h | Partial | Unsupported functions: cacos(), cacosh(), cacoshl(), cacosl(), casin(), casinh(), casinhl(), casinl(), csqrt(), csqrtl(), cpow(), cpowf(), cpowl() |
ctype.h | Partial | Only basic support for C/POSIX locale. |
errno.h | Yes | - |
execinfo.h | Partial | Supported functions: backtrace(), backtrace_symbols(). Enclaves must be compiled with -fno-omit-frame-pointer for accurate backtraces. |
fenv.h | Yes | - |
float.h | Yes | - |
inttypes.h | Yes | - |
iso646.h | Yes | - |
limits.h | Yes | - |
locale.h | Partial | Only basic support for C/POSIX locale |
malloc.h | Partial | - |
math.h | Partial | Unsupported functions: fmal(), tgamma() |
setjmp.h | Yes | - |
signal.h | No | - |
stdalign.h | No | - |
stdarg.h | Yes | - |
stdatomic.h | No | - |
socket.h | Partial | Functions implicitly call out to untrusted host. Full support available on Linux hosts. Partial support available on Windows hosts. |
stdbool.h | Yes | - |
stddef.h | Yes | - |
stdint.h | Yes | - |
stdio.h | Partial | All I/O functions implicitly call out to untrusted host. Supported functions: snprintf(), sscanf(), vfscanf()*, vsnprintf(), vsscanf(), sprintf(), vsprintf(), puts(), putchar(), vprintf(), printf(), fprintf()*, getc()*, ungetc()*, fwrite()*, fflush()*, fputs()*, fputc()* * Only has support for the streams stderr and stdout, and does not set ferror |
stdlib.h | Yes | - |
stdnoreturn.h | No | - |
string.h | Partial | Only basic support for C/POSIX locale. |
tgmath.h | Partial | Unsupported functions: fmal(), scalbn(), scalbnf(), scalbnl(), tgamma() |
pthread.h | Partial | Synchronization primitives are not secure across calls to host. Threads are still scheduled by the untrusted host process and an enclave cannot rely on threads making forward progress. Supported functions: - General: pthread_self(), pthread_equal(), pthread_once() - Spinlock: pthread_spin_init(), pthread_spin_lock(), pthread_spin_unlock(), pthread_spin_destroy() - Mutex: pthread_mutexattr_init(), pthread_mutexattr_settype(), pthread_mutexattr_destroy(), pthread_mutex_init(), pthread_mutex_lock(), pthread_mutex_trylock(), pthread_mutex_unlock(), pthread_mutex_destroy() - RW Lock: pthread_rwlock_init(), pthread_rwlock_rdlock(), pthread_rwlock_wrlock(), pthread_rwlock_unlock(), pthread_rwlock_destroy() - Cond: pthread_cond_init(), pthread_cond_wait(), pthread_cond_timedwait(), pthread_cond_signal(), pthread_cond_broadcast(), pthread_cond_destroy() - Thread local storage: pthread_key_create(), pthread_key_delete(), pthread_setspecific(), pthread_getspecific() |
threads.h | No | - |
time.h | Partial | All time functions implicitly call out to untrusted host for time values. The resulting time values should not be used for security purposes. Supported functions: time(), gettimeofday(), clock_gettime(), nanosleep(). Please note that clock_gettime() only supports CLOCK_REALTIME |
uchar.h | Yes | - |
wchar.h | Partial | Only basic support for C/POSIX locale. Unsupported functions: - All I/O (e.g. swprintf()) - All multi-byte & wide string conversions (e.g. mbrtowc()) |
wctype.h | Yes | - |
Function | OCall | Linux Support | Windows Support | Comments |
---|---|---|---|---|
accept | Yes | Yes | Yes | - |
bind | Yes | Yes | Yes | - |
connect | Yes | Yes | Yes | - |
getpeername | Yes | Yes | Yes | - |
getsockname | Yes | Yes | Yes | - |
getsockopt | Yes | Yes | Partial | Only socket-level options are supported on Windows. |
listen | Yes | Yes | Yes | - |
recv | Yes | Yes | Yes | - |
recvfrom | Yes | Yes | Yes | - |
recvmsg | Yes | Yes | No | - |
send | Yes | Yes | Yes | - |
sendmsg | Yes | Yes | No | - |
sendto | Yes | Yes | Yes | - |
setsockopt | Yes | Yes | Partial | Only socket-level options are supported on Windows. |
shutdown | Yes | Yes | Yes | - |
socket | Yes | Yes | Yes | - |
socketpair | Yes | Yes | No | - |