Merge pull request #2825 from julek-wolfssl/self-include-options

OpenVPN changes
2025-07-29 18:27:29 +02:00 · 2020-04-13 13:11:18 -07:00
parent aadec345ab 06f23223e4
commit ee0289bea6
6 changed files with 30 additions and 3 deletions
--- a/configure.ac
+++ b/configure.ac
@ -3531,7 +3531,7 @@ fi

 if test "$ENABLED_OPENVPN" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN"
 fi


--- a/src/internal.c
+++ b/src/internal.c
@ -39,6 +39,12 @@
 *     and ignoring no signer failures for CA's up the chain to root.
 */

+
+#ifdef EXTERNAL_OPTS_OPENVPN
+#error EXTERNAL_OPTS_OPENVPN should not be defined\
+    when building wolfSSL
+#endif
+
 #ifndef WOLFCRYPT_ONLY

 #include <wolfssl/internal.h>
@ -6286,6 +6292,8 @@ void SSL_ResourceFree(WOLFSSL* ssl)
    if (ssl->biord != ssl->biowr)        /* only free write if different */
        wolfSSL_BIO_free(ssl->biowr);
    wolfSSL_BIO_free(ssl->biord);        /* always free read bio */
+    ssl->biowr = NULL;
+    ssl->biord = NULL;
 #endif
 #ifdef HAVE_LIBZ
    FreeStreams(ssl);
--- a/src/ssl.c
+++ b/src/ssl.c
@ -14766,6 +14766,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
            (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) {
            ssl->CBIOSend = BioSend;
        }
+
+        /* User programs should always retry reading from these BIOs */
+        if (rd) {
+            /* User writes to rd */
+            BIO_set_retry_write(rd);
+        }
+        if (wr) {
+            /* User reads from wr */
+            BIO_set_retry_read(wr);
+        }
    }
 #endif

@ -39970,6 +39980,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)

        if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
+            /* No certificate in buffer */
            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
    #endif
            return NULL;
@ -46226,7 +46237,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
                ret = -ret;
            }

-            if (ret == ASN_NO_PEM_HEADER)
+            if (ret == -ASN_NO_PEM_HEADER)
                return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
            if (ret != WANT_READ && ret != WANT_WRITE &&
                    ret != ZERO_RETURN && ret != WOLFSSL_ERROR_ZERO_RETURN &&
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@ -22,7 +22,7 @@
 #ifndef WOLFSSL_OPENSSL_ERR_
 #define WOLFSSL_OPENSSL_ERR_

-#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/wolfcrypt/logging.h>

 /* err.h for openssl */
 #define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@ -26,6 +26,7 @@
 #define WOLFSSL_RSA_H_

 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/err.h>
 #include <wolfssl/wolfcrypt/types.h>

 #ifdef __cplusplus
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -31,6 +31,13 @@
    extern "C" {
 #endif

+/* This flag allows wolfSSL to include options.h instead of having client
+ * projects do it themselves. This should *NEVER* be defined when building
+ * wolfSSL as it can cause hard to debug problems. */
+#ifdef EXTERNAL_OPTS_OPENVPN
+#include <wolfssl/options.h>
+#endif
+
 /* Uncomment next line if using IPHONE */
 /* #define IPHONE */