Allow wolfSSL to include options.h with EXTERNAL_OPTS_OPENVPN header

2025-07-30 18:57:27 +02:00 · 2020-04-03 12:50:06 +02:00
parent 48e40fac2b
commit 06f23223e4
3 changed files with 24 additions and 3 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -39,6 +39,12 @@
 *     and ignoring no signer failures for CA's up the chain to root.
 */

+
+#ifdef EXTERNAL_OPTS_OPENVPN
+#error EXTERNAL_OPTS_OPENVPN should not be defined\
+    when building wolfSSL
+#endif
+
 #ifndef WOLFCRYPT_ONLY

 #include <wolfssl/internal.h>
@ -6281,6 +6287,8 @@ void SSL_ResourceFree(WOLFSSL* ssl)
    if (ssl->biord != ssl->biowr)        /* only free write if different */
        wolfSSL_BIO_free(ssl->biowr);
    wolfSSL_BIO_free(ssl->biord);        /* always free read bio */
+    ssl->biowr = NULL;
+    ssl->biord = NULL;
 #endif
 #ifdef HAVE_LIBZ
    FreeStreams(ssl);
--- a/src/ssl.c
+++ b/src/ssl.c
@ -14761,6 +14761,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
            (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) {
            ssl->CBIOSend = BioSend;
        }
+
+        /* User programs should always retry reading from these BIOs */
+        if (rd) {
+            /* User writes to rd */
+            BIO_set_retry_write(rd);
+        }
+        if (wr) {
+            /* User reads from wr */
+            BIO_set_retry_read(wr);
+        }
    }
 #endif

@ -39966,6 +39976,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)

        if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
+            /* No certificate in buffer */
            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
    #endif
            return NULL;
@ -46222,7 +46233,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
                ret = -ret;
            }

-            if (ret == ASN_NO_PEM_HEADER)
+            if (ret == -ASN_NO_PEM_HEADER)
                return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
            if (ret != WANT_READ && ret != WANT_WRITE &&
                    ret != ZERO_RETURN && ret != WOLFSSL_ERROR_ZERO_RETURN &&
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -31,8 +31,10 @@
    extern "C" {
 #endif

-/* include the options.h file ourselves for OpenVPN */
-#ifdef ENABLE_CRYPTO_WOLFSSL
+/* This flag allows wolfSSL to include options.h instead of having client
+ * projects do it themselves. This should *NEVER* be defined when building
+ * wolfSSL as it can cause hard to debug problems. */
+#ifdef EXTERNAL_OPTS_OPENVPN
 #include <wolfssl/options.h>
 #endif