diff --git a/INSTALL b/INSTALL index b9249c0e5..8a11c3e23 100644 --- a/INSTALL +++ b/INSTALL @@ -1,7 +1,7 @@ 0. Building on *nix from git repository - Run the autogen script to generate configure, you'll need the autoconf tools - installed, then proceed to step 1. + Run the autogen script to generate configure, then proceed to step 1. + Prerequisites: You'll need autoconf, automake and libtool installed. $ ./autogen.sh @@ -43,3 +43,7 @@ Please see section 2.4 in the manual: http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html +9. Building with Rowley CrossWorks for ARM + + Use the CrossWorks project in IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp + There is a README.md in IDE/ROWLEY-CROSSWORKS-ARM with more information diff --git a/README b/README index 9cfcbf97d..2c5586532 100644 --- a/README +++ b/README @@ -999,7 +999,7 @@ aren't fully implemented at this time but will be for the next release. For general build instructions see rc1 below. -*****************CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009) +*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for @@ -1010,7 +1010,7 @@ lost when cyassl i/o was re-implemented but is now fixed. For general build instructions see rc1 below. -*****************CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009) +*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream @@ -1039,7 +1039,7 @@ LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" For general build instructions see rc1 below. -********************CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008) +********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several diff --git a/README.md b/README.md index 38f1bc112..eb2437b10 100644 --- a/README.md +++ b/README.md @@ -1031,7 +1031,7 @@ aren't fully implemented at this time but will be for the next release. For general build instructions see rc1 below. -## CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009) +## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for @@ -1042,7 +1042,7 @@ lost when cyassl i/o was re-implemented but is now fixed. For general build instructions see rc1 below. -## CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009) +## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream @@ -1077,7 +1077,7 @@ For linking purposes you'll need For general build instructions see rc1 below. -## CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008) +## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several diff --git a/certs/wolfssl-website-ca.pem b/certs/wolfssl-website-ca.pem index f4ce4ca43..ee4d6c445 100644 --- a/certs/wolfssl-website-ca.pem +++ b/certs/wolfssl-website-ca.pem @@ -19,3 +19,28 @@ AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- diff --git a/cyassl/openssl/dsa.h b/cyassl/openssl/dsa.h index 2bb476bbd..39ddf8ce7 100644 --- a/cyassl/openssl/dsa.h +++ b/cyassl/openssl/dsa.h @@ -1,3 +1,12 @@ /* dsa.h for openSSL */ +#ifndef CYASSL_OPENSSL_DSA +#define CYASSL_OPENSSL_DSA + +#define CyaSSL_DSA_LoadDer wolfSSL_DSA_LoadDer +#define CyaSSL_DSA_do_sign wolfSSL_DSA_do_sign + +#include #include +#endif + diff --git a/cyassl/openssl/evp.h b/cyassl/openssl/evp.h index fe9f42410..a0715587c 100644 --- a/cyassl/openssl/evp.h +++ b/cyassl/openssl/evp.h @@ -24,4 +24,17 @@ * */ +#ifndef CYASSL_OPENSSL_EVP +#define CYASSL_OPENSSL_EVP + +#define CyaSSL_StoreExternalIV wolfSSL_StoreExternalIV +#define CyaSSL_SetInternalIV wolfSSL_SetInternalIV +#define CYASSL_EVP_MD WOLFSSL_EVP_MD +#define CyaSSL_EVP_X_STATE wolfSSL_EVP_X_STATE +#define CyaSSL_EVP_X_STATE_LEN wolfSSL_EVP_X_STATE_LEN +#define CyaSSL_3des_iv wolfSSL_3des_iv +#define CyaSSL_aes_ctr_iv wolfSSL_aes_ctr_iv + #include +#endif + diff --git a/cyassl/openssl/rsa.h b/cyassl/openssl/rsa.h index 06f10a573..f4f24b825 100644 --- a/cyassl/openssl/rsa.h +++ b/cyassl/openssl/rsa.h @@ -1,3 +1,12 @@ /* rsa.h for openSSL */ +#ifndef CYASSL_OPENSSL_RSA +#define CYASSL_OPENSSL_RSA + +#define CyaSSL_RSA_GenAdd wolfSSL_RSA_GenAdd +#define CyaSSL_RSA_LoadDer wolfSSL_RSA_LoadDer + +#include #include +#endif + diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index 094b9943b..ebf8dfa3b 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -20,8 +20,14 @@ */ -/* ssl.h defines openssl compatibility layer +/* ssl.h defines openssl compatibility layer * */ +#ifndef CYASSL_OPENSSL_H_ +#define CYASSL_OPENSSL_H_ +#include #include + +#endif + diff --git a/scripts/external.test b/scripts/external.test index 0438b0ea4..f2ba8d125 100755 --- a/scripts/external.test +++ b/scripts/external.test @@ -7,6 +7,14 @@ ca=./certs/wolfssl-website-ca.pem [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +# cloudflare seems to change CAs quickly, disabled by default +if test -n "$WOLFSSL_EXTERNAL_TEST"; then + echo "WOLFSSL_EXTERNAL_TEST set, running test..." +else + echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run" + exit 0 +fi + # is our desired server there? ping -c 2 $server RESULT=$? diff --git a/src/sniffer.c b/src/sniffer.c index f26e83f0b..273b16694 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1973,7 +1973,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) #ifdef HAVE_AESGCM case wolfssl_aes_gcm: - if (sz >= AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size) + if (sz >= (word32)(AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size)) { byte nonce[AEAD_NONCE_SZ]; XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); @@ -1986,12 +1986,15 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) nonce, AEAD_NONCE_SZ, NULL, 0, NULL, 0) < 0) { + Trace(BAD_DECRYPT); ret = -1; } ForceZero(nonce, AEAD_NONCE_SZ); } - else + else { Trace(BAD_DECRYPT_SIZE); + ret = -1; + } break; #endif