From 7c7b1233f77e350beaff2b6f5f03f2fd18e11447 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 4 Jan 2017 11:00:08 -0800
Subject: [PATCH 1/2] Additional enums needed for compatibility with openssl
 for paho c mqtt client SSLSocket.c layer.

---
 wolfssl/ssl.h | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 5db4f8270..282a4b060 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -806,6 +806,9 @@ enum {
     SSL_CB_ALERT   = 7,
     SSL_CB_READ    = 8,
     SSL_CB_HANDSHAKE_DONE = 9,
+    /* additional SSL_CB_* enums not used in wolfSSL */
+    SSL_CB_HANDSHAKE_START,
+    SSL_CB_EXIT,
 
     SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
 
@@ -819,6 +822,7 @@ enum {
     X509_LU_X509      = 9,
     X509_LU_CRL       = 12,
 
+    X509_V_OK = 0,
     X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
     X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
     X509_V_ERR_CRL_HAS_EXPIRED                = 15,
@@ -830,7 +834,39 @@ enum {
     X509_V_ERR_CERT_HAS_EXPIRED               = 21,
     X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD  = 22,
     X509_V_ERR_CERT_REJECTED                  = 23,
-    X509_V_OK = 0,
+    /* additional X509_V_ERR_* enums not used in wolfSSL */
+    X509_V_ERR_UNABLE_TO_GET_CRL,
+    X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
+    X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
+    X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
+    X509_V_ERR_CERT_SIGNATURE_FAILURE,
+    X509_V_ERR_CRL_NOT_YET_VALID,
+    X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
+    X509_V_ERR_OUT_OF_MEM,
+    X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+    X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
+    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+    X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
+    X509_V_ERR_INVALID_CA,
+    X509_V_ERR_PATH_LENGTH_EXCEEDED,
+    X509_V_ERR_INVALID_PURPOSE,
+    X509_V_ERR_CERT_UNTRUSTED,
+    X509_V_ERR_SUBJECT_ISSUER_MISMATCH,
+    X509_V_ERR_AKID_SKID_MISMATCH,
+    X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
+    X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
+    X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER,
+    X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION,
+    X509_V_ERR_KEYUSAGE_NO_CRL_SIGN,
+    X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
+    X509_V_ERR_INVALID_NON_CA,
+    X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED,
+    X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE,
+    X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED,
+    X509_V_ERR_INVALID_EXTENSION,
+    X509_V_ERR_INVALID_POLICY_EXTENSION,
+    X509_V_ERR_NO_EXPLICIT_POLICY,
+    X509_V_ERR_UNNESTED_RESOURCE,
 
     XN_FLAG_SPC_EQ  = (1 << 23),
     XN_FLAG_ONELINE = 0,

From fc6217e4f6b5e285069126adfbd5d1e8395644f5 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 4 Jan 2017 12:14:09 -0800
Subject: [PATCH 2/2] Added stubs for the set_msg_callback functions. Cleanup
 of the SSL_ST_* and SSL_CB_* enums.

---
 src/ssl.c             | 31 +++++++++++++++++++++++++++++++
 wolfssl/openssl/ssl.h | 10 +++++++---
 wolfssl/ssl.h         | 35 ++++++++++++++++++++++++++---------
 3 files changed, 64 insertions(+), 12 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 6397d65ab..1d7bbf6db 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -21602,4 +21602,35 @@ int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
 
+#ifdef OPENSSL_EXTRA
+int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)
+{
+    WOLFSSL_STUB("SSL_CTX_set_msg_callback");
+    (void)ctx;
+    (void)cb;
+    return SSL_FAILURE;
+}
+int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
+{
+    WOLFSSL_STUB("SSL_set_msg_callback");
+    (void)ssl;
+    (void)cb;
+    return SSL_FAILURE;
+}
+int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg)
+{
+    WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg");
+    (void)ctx;
+    (void)arg;
+    return SSL_FAILURE;
+}
+int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
+{
+    WOLFSSL_STUB("SSL_set_msg_callback_arg");
+    (void)ssl;
+    (void)arg;
+    return SSL_FAILURE;
+}
+#endif
+
 #endif /* WOLFCRYPT_ONLY */
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index d0b114c10..f89c3608c 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -476,7 +476,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL)
 typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
-#define SSL_CB_HANDSHAKE_START          0x10
 #define X509_NAME_free wolfSSL_X509_NAME_free
 #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
 #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
@@ -603,8 +602,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #ifdef HAVE_STUNNEL
 #include <wolfssl/openssl/asn1.h>
 
-/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/
-#define SSL_CB_ACCEPT_LOOP               0x2001
 #define SSL2_VERSION                     0x0002
 #define SSL3_VERSION                     0x0300
 #define TLS1_VERSION                     0x0301
@@ -681,6 +678,13 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
 #define NID_inhibit_any_policy        168 /* 2.5.29.54 */
 #define NID_tlsfeature                92  /* id-pe 24 */
 
+
+#define SSL_CTX_set_msg_callback        wolfSSL_CTX_set_msg_callback
+#define SSL_set_msg_callback            wolfSSL_set_msg_callback
+#define SSL_CTX_set_msg_callback_arg    wolfSSL_CTX_set_msg_callback_arg
+#define SSL_set_msg_callback_arg        wolfSSL_set_msg_callback_arg
+
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 282a4b060..dc74b6b19 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -800,15 +800,22 @@ enum {
 
     EVP_R_BAD_DECRYPT = 2,
 
-    SSL_CB_LOOP = 4,
-    SSL_ST_CONNECT = 5,
-    SSL_ST_ACCEPT  = 6,
-    SSL_CB_ALERT   = 7,
-    SSL_CB_READ    = 8,
-    SSL_CB_HANDSHAKE_DONE = 9,
-    /* additional SSL_CB_* enums not used in wolfSSL */
-    SSL_CB_HANDSHAKE_START,
-    SSL_CB_EXIT,
+    SSL_ST_CONNECT = 0x1000,
+    SSL_ST_ACCEPT  = 0x2000,
+
+    SSL_CB_LOOP = 0x01,
+    SSL_CB_EXIT = 0x02,
+    SSL_CB_READ = 0x04,
+    SSL_CB_WRITE = 0x08,
+    SSL_CB_HANDSHAKE_START = 0x10,
+    SSL_CB_HANDSHAKE_DONE = 0x20,
+    SSL_CB_ALERT = 0x4000,
+    SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
+    SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
+    SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
+    SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
+    SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
+    SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
 
     SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
 
@@ -2173,6 +2180,16 @@ WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int
     WOLF_EVENT_FLAG flags, int* eventCount);
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
+#ifdef OPENSSL_EXTRA
+typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type,
+    const void *buf, size_t len, WOLFSSL *ssl, void *arg);
+
+WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb);
+WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
+WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg);
+WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
+#endif
+
 
 #ifdef __cplusplus
     }  /* extern "C" */