From 74475a26ba5077aa0fe54c40300f975ed3e87398 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 8 Mar 2018 11:06:40 -0700
Subject: [PATCH 1/4] compile more functions in with OPENSSL_EXTRA

---
 src/ssl.c     | 7 ++++++-
 wolfssl/ssl.h | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 6e0c63db8..31cd796dc 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -31991,7 +31991,7 @@ void wolfSSL_OPENSSL_config(char *config_name)
 #endif
 #endif
 
-#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
 int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
 {
     static int x509_idx = 0;
@@ -32372,6 +32372,9 @@ int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, int (*cb)(
 }
 #endif /* HAVE_SESSION_TICKET */
 
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA */
+
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
 #ifdef HAVE_OCSP
 /* Not an OpenSSL API. */
 int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response)
@@ -32395,7 +32398,9 @@ int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
     ssl->url = url;
     return WOLFSSL_SUCCESS;
 }
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */
 
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
 int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain)
 {
     word32         idx;
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 3c5c613ba..5032b5f76 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2735,7 +2735,9 @@ WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
 WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
 /* Not an OpenSSL API. */
 WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
+#endif
 
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
 WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
     void *b, void *c);

From 2a0ef55a66421036c00c963c960744093e0ba57a Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 8 Mar 2018 11:26:22 -0700
Subject: [PATCH 2/4] fix for check on return value with mutex error case

---
 src/ssl.c | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 31cd796dc..78e1044c5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12532,7 +12532,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return ret;
         }
 #elif (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
-        return wc_PullErrorNode(NULL, NULL, NULL);
+        {
+            int ret = wc_PullErrorNode(NULL, NULL, NULL);
+
+            if (ret < 0) {
+                WOLFSSL_MSG("Error with pulling error node!");
+                WOLFSSL_LEAVE("wolfSSL_ERR_get_error", ret);
+                ret = 0 - ret; /* return absolute value of error */
+            }
+
+            return (unsigned long)ret;
+        }
 #else
         return (unsigned long)(0 - NOT_COMPILED_IN);
 #endif
@@ -14951,15 +14961,31 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
     unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
                                                   const char** data, int *flags)
     {
+        int ret;
+
         WOLFSSL_STUB("wolfSSL_ERR_get_error_line_data");
 
         if (flags != NULL) {
             if ((*flags & ERR_TXT_STRING) == ERR_TXT_STRING) {
-                return wc_PullErrorNode(file, data, line);
+                ret = wc_PullErrorNode(file, data, line);
+                if (ret < 0) {
+                    WOLFSSL_MSG("Error with pulling error node!");
+                    WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
+                    ret = 0 - ret; /* return absolute value of error */
+                }
+
+                return (unsigned long)ret;
             }
         }
 
-        return wc_PullErrorNode(file, NULL, line);
+        ret = wc_PullErrorNode(file, NULL, line);
+        if (ret < 0) {
+            WOLFSSL_MSG("Error with pulling error node!");
+            WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
+            ret = 0 - ret; /* return absolute value of error */
+        }
+
+        return (unsigned long)ret;
     }
 
 

From e960e0544a361aa8033b34a619396d3a0291b76c Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 8 Mar 2018 11:49:16 -0700
Subject: [PATCH 3/4] try to clear out error queue with failing mutex

---
 src/ssl.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 78e1044c5..e96a31079 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12536,9 +12536,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             int ret = wc_PullErrorNode(NULL, NULL, NULL);
 
             if (ret < 0) {
+                if (ret == BAD_STATE_E) return 0; /* no errors in queue */
                 WOLFSSL_MSG("Error with pulling error node!");
                 WOLFSSL_LEAVE("wolfSSL_ERR_get_error", ret);
                 ret = 0 - ret; /* return absolute value of error */
+
+                /* panic and try to clear out nodes */
+                wc_ClearErrorNodes();
             }
 
             return (unsigned long)ret;
@@ -14870,8 +14874,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
     #ifdef DEBUG_WOLFSSL
         int ret = wc_PullErrorNode(file, NULL, line);
         if (ret < 0) {
+            if (ret == BAD_STATE_E) return 0; /* no errors in queue */
             WOLFSSL_MSG("Issue getting error node");
-            return 0;
+            WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line", ret);
+            ret = 0 - ret; /* return absolute value of error */
+
+            /* panic and try to clear out nodes */
+            wc_ClearErrorNodes();
         }
         return (unsigned long)ret;
     #else
@@ -14956,7 +14965,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
      * data  output data. Is a string if ERR_TXT_STRING flag is used
      * flags bit flag to adjust data output
      *
-     * Returns the error value
+     * Returns the error value or 0 if no errors are in the queue
      */
     unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
                                                   const char** data, int *flags)
@@ -14969,9 +14978,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
             if ((*flags & ERR_TXT_STRING) == ERR_TXT_STRING) {
                 ret = wc_PullErrorNode(file, data, line);
                 if (ret < 0) {
+                    if (ret == BAD_STATE_E) return 0; /* no errors in queue */
                     WOLFSSL_MSG("Error with pulling error node!");
                     WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
                     ret = 0 - ret; /* return absolute value of error */
+
+                    /* panic and try to clear out nodes */
+                    wc_ClearErrorNodes();
                 }
 
                 return (unsigned long)ret;
@@ -14980,9 +14993,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
 
         ret = wc_PullErrorNode(file, NULL, line);
         if (ret < 0) {
+            if (ret == BAD_STATE_E) return 0; /* no errors in queue */
             WOLFSSL_MSG("Error with pulling error node!");
             WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
             ret = 0 - ret; /* return absolute value of error */
+
+            /* panic and try to clear out nodes */
+            wc_ClearErrorNodes();
         }
 
         return (unsigned long)ret;

From e0afec06006802971f37b3468e8ccdcd4dca0e17 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 8 Mar 2018 14:36:43 -0700
Subject: [PATCH 4/4] fix RSA macro, tickets without server, and add test case

---
 src/ssl.c             | 16 ++++++++++++++--
 tests/api.c           |  1 +
 wolfssl/openssl/rsa.h | 18 +++---------------
 3 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index e96a31079..ed1952051 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -32170,9 +32170,21 @@ int wolfSSL_SSL_do_handshake(WOLFSSL *s)
     if (s == NULL)
         return WOLFSSL_FAILURE;
 
-    if (s->options.side == WOLFSSL_CLIENT_END)
+    if (s->options.side == WOLFSSL_CLIENT_END) {
+    #ifndef NO_WOLFSSL_CLIENT
         return wolfSSL_connect(s);
+    #else
+        WOLFSSL_MSG("Client not compiled in");
+        return WOLFSSL_FAILURE;
+    #endif
+    }
+
+#ifndef NO_WOLFSSL_SERVER
     return wolfSSL_accept(s);
+#else
+    WOLFSSL_MSG("Server not compiled in");
+    return WOLFSSL_FAILURE;
+#endif
 }
 
 int wolfSSL_SSL_in_init(WOLFSSL *s)
@@ -32298,7 +32310,7 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
 }
 
 
-#ifdef HAVE_SESSION_TICKET
+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
 /* Expected return values from implementations of OpenSSL ticket key callback.
  */
 #define TICKET_KEY_CB_RET_FAILURE    -1
diff --git a/tests/api.c b/tests/api.c
index dc4983bbe..c9729915e 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -15844,6 +15844,7 @@ static void test_wolfSSL_ERR_put_error(void)
     file = NULL;
     AssertIntEQ(ERR_get_error_line(&file, &line), 0);
     AssertNull(file);
+    AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
 
     /* Empty and free up all error nodes */
     ERR_clear_error();
diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h
index d86a4a30f..ea8f319f5 100644
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -32,21 +32,9 @@
     extern "C" {
 #endif
 
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-#if defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION < 2))
-    /*
-    choice of padding added after fips, so not available when using fips RSA
-    */
-
-    /* Padding types */
-    #define RSA_PKCS1_PADDING      0
-    #define RSA_PKCS1_OAEP_PADDING 1
-#else
-    #define RSA_PKCS1_PADDING      WC_RSA_PKCSV15_PAD
-    #define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD
-#endif /* HAVE_FIPS */
-#endif
+/* Padding types */
+#define RSA_PKCS1_PADDING      0
+#define RSA_PKCS1_OAEP_PADDING 1
 
 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
 typedef struct WOLFSSL_RSA            WOLFSSL_RSA;