Merge https://github.com/wolfssl/wolfssl

INSTALL

@@ -1,7 +1,7 @@
 0. Building on *nix from git repository
 
-    Run the autogen script to generate configure, you'll need the autoconf tools
-    installed, then proceed to step 1.
+    Run the autogen script to generate configure, then proceed to step 1.
+    Prerequisites: You'll need autoconf, automake and libtool installed.
 
     $ ./autogen.sh
 
@@ -43,3 +43,7 @@
     Please see section 2.4 in the manual:
     http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html
 
+9. Building with Rowley CrossWorks for ARM
+
+    Use the CrossWorks project in IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
+    There is a README.md in IDE/ROWLEY-CROSSWORKS-ARM with more information

README

@@ -999,7 +999,7 @@ aren't fully implemented at this time but will be for the next release.
 
 For general build instructions see rc1 below.
 
-*****************CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009)
+*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009)
 
 
 Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for
@@ -1010,7 +1010,7 @@ lost when cyassl i/o was re-implemented but is now fixed.
 
 For general build instructions see rc1 below.
 
-*****************CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009)
+*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009)
 
 
 Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream
@@ -1039,7 +1039,7 @@ LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"
 For general build instructions see rc1 below.
 
 
-********************CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008)
+********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008)
 
 
 Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes.  Several

README.md

@@ -1031,7 +1031,7 @@ aren't fully implemented at this time but will be for the next release.
 
 For general build instructions see rc1 below.
 
-## CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009)
+## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009)
 
 
 Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for
@@ -1042,7 +1042,7 @@ lost when cyassl i/o was re-implemented but is now fixed.
 
 For general build instructions see rc1 below.
 
-## CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009)
+## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009)
 
 
 Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream
@@ -1077,7 +1077,7 @@ For linking purposes you'll need
 For general build instructions see rc1 below.
 
 
-## CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008)
+## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008)
 
 
 Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes.  Several

certs/wolfssl-website-ca.pem

@@ -19,3 +19,28 @@ AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
 DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
 HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----

cyassl/openssl/dsa.h

@@ -1,3 +1,12 @@
 /* dsa.h for openSSL */
 
+#ifndef CYASSL_OPENSSL_DSA
+#define CYASSL_OPENSSL_DSA
+
+#define CyaSSL_DSA_LoadDer  wolfSSL_DSA_LoadDer
+#define CyaSSL_DSA_do_sign  wolfSSL_DSA_do_sign
+
+#include <cyassl/openssl/ssl.h>
 #include <wolfssl/openssl/dsa.h>
+#endif
+

cyassl/openssl/evp.h

@@ -24,4 +24,17 @@
  *
  */
 
+#ifndef CYASSL_OPENSSL_EVP
+#define CYASSL_OPENSSL_EVP
+
+#define CyaSSL_StoreExternalIV       wolfSSL_StoreExternalIV
+#define CyaSSL_SetInternalIV         wolfSSL_SetInternalIV
+#define CYASSL_EVP_MD                WOLFSSL_EVP_MD
+#define CyaSSL_EVP_X_STATE           wolfSSL_EVP_X_STATE
+#define CyaSSL_EVP_X_STATE_LEN       wolfSSL_EVP_X_STATE_LEN
+#define CyaSSL_3des_iv               wolfSSL_3des_iv
+#define CyaSSL_aes_ctr_iv            wolfSSL_aes_ctr_iv
+
 #include <wolfssl/openssl/evp.h>
+#endif
+

cyassl/openssl/rsa.h

@@ -1,3 +1,12 @@
 /* rsa.h for openSSL */
 
+#ifndef CYASSL_OPENSSL_RSA
+#define CYASSL_OPENSSL_RSA
+
+#define CyaSSL_RSA_GenAdd   wolfSSL_RSA_GenAdd
+#define CyaSSL_RSA_LoadDer  wolfSSL_RSA_LoadDer
+
+#include <cyassl/openssl/ssl.h>
 #include <wolfssl/openssl/rsa.h>
+#endif
+

cyassl/openssl/ssl.h

@@ -20,8 +20,14 @@
  */
 
 
-/*  ssl.h defines openssl compatibility layer 
+/*  ssl.h defines openssl compatibility layer
  *
  */
+#ifndef CYASSL_OPENSSL_H_
+#define CYASSL_OPENSSL_H_
 
+#include <cyassl/ssl.h>
 #include <wolfssl/openssl/ssl.h>
+
+#endif
+

scripts/external.test

@@ -7,6 +7,14 @@ ca=./certs/wolfssl-website-ca.pem
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
+# cloudflare seems to change CAs quickly, disabled by default
+if test -n "$WOLFSSL_EXTERNAL_TEST"; then
+    echo "WOLFSSL_EXTERNAL_TEST set, running test..."
+else
+    echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
+    exit 0
+fi
+
 # is our desired server there?
 ping -c 2 $server
 RESULT=$?

src/sniffer.c

@@ -1973,7 +1973,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
 
         #ifdef HAVE_AESGCM
         case wolfssl_aes_gcm:
-            if (sz >= AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size)
+            if (sz >= (word32)(AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size))
             {
                 byte nonce[AEAD_NONCE_SZ];
                 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
@@ -1986,12 +1986,15 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
                             nonce, AEAD_NONCE_SZ,
                             NULL, 0,
                             NULL, 0) < 0) {
+                    Trace(BAD_DECRYPT);
                     ret = -1;
                 }
                 ForceZero(nonce, AEAD_NONCE_SZ);
             }
-            else
+            else {
                 Trace(BAD_DECRYPT_SIZE);
+                ret = -1;
+            }
             break;
          #endif