From 06f23223e40ebbddeff204d7587f9591b42c490e Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 3 Apr 2020 12:50:06 +0200
Subject: [PATCH] Allow wolfSSL to include options.h with EXTERNAL_OPTS_OPENVPN
 header

---
 src/internal.c               |  8 ++++++++
 src/ssl.c                    | 13 ++++++++++++-
 wolfssl/wolfcrypt/settings.h |  6 ++++--
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 320bb78e3..6e166246a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -39,6 +39,12 @@
  *     and ignoring no signer failures for CA's up the chain to root.
  */
 
+
+#ifdef EXTERNAL_OPTS_OPENVPN
+#error EXTERNAL_OPTS_OPENVPN should not be defined\
+    when building wolfSSL
+#endif
+
 #ifndef WOLFCRYPT_ONLY
 
 #include <wolfssl/internal.h>
@@ -6281,6 +6287,8 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     if (ssl->biord != ssl->biowr)        /* only free write if different */
         wolfSSL_BIO_free(ssl->biowr);
     wolfSSL_BIO_free(ssl->biord);        /* always free read bio */
+    ssl->biowr = NULL;
+    ssl->biord = NULL;
 #endif
 #ifdef HAVE_LIBZ
     FreeStreams(ssl);
diff --git a/src/ssl.c b/src/ssl.c
index 92e8b78dd..059371772 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -14761,6 +14761,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) {
             ssl->CBIOSend = BioSend;
         }
+
+        /* User programs should always retry reading from these BIOs */
+        if (rd) {
+            /* User writes to rd */
+            BIO_set_retry_write(rd);
+        }
+        if (wr) {
+            /* User reads from wr */
+            BIO_set_retry_read(wr);
+        }
     }
 #endif
 
@@ -39966,6 +39976,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
 
         if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
+            /* No certificate in buffer */
             WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
     #endif
             return NULL;
@@ -46222,7 +46233,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
                 ret = -ret;
             }
 
-            if (ret == ASN_NO_PEM_HEADER)
+            if (ret == -ASN_NO_PEM_HEADER)
                 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
             if (ret != WANT_READ && ret != WANT_WRITE &&
                     ret != ZERO_RETURN && ret != WOLFSSL_ERROR_ZERO_RETURN &&
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index d84d5b3f7..e0620a9f9 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -31,8 +31,10 @@
     extern "C" {
 #endif
 
-/* include the options.h file ourselves for OpenVPN */
-#ifdef ENABLE_CRYPTO_WOLFSSL
+/* This flag allows wolfSSL to include options.h instead of having client
+ * projects do it themselves. This should *NEVER* be defined when building
+ * wolfSSL as it can cause hard to debug problems. */
+#ifdef EXTERNAL_OPTS_OPENVPN
 #include <wolfssl/options.h>
 #endif