OpenSSL compatibility for libodbc

src/internal.c

@@ -2642,6 +2642,12 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 
     XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
 
+#ifdef WOLFSSL_VERIFY_NONE_DEFAULT
+    /* OpenSSL compat: default to SSL_VERIFY_NONE unless the app
+     * sets SSL_VERIFY_PEER. */
+    ctx->verifyNone = 1;
+#endif
+
     ctx->method   = method;
     if (heap == NULL) {
         ctx->heap = ctx;  /* defaults to self */

wolfssl/openssl/bio.h

@@ -188,6 +188,37 @@
 #define BIO_meth_set_create        wolfSSL_BIO_meth_set_create
 #define BIO_meth_set_destroy       wolfSSL_BIO_meth_set_destroy
 
+#define WOLFSSL_BIO_TYPE_DESCRIPTOR  0x0100
+#define WOLFSSL_BIO_TYPE_SOURCE_SINK 0x0400
+
+/* OpenSSL allocates a fresh BIO type index per call; wolfSSL
+ * untracked, so return a fixed app-range index. */
+static WC_INLINE int wolfSSL_BIO_get_new_index(void) { return 1000; }
+
+/* wolfSSL does not store these BIO method callbacks; getters
+ * report none, set_callback_ctrl is a no-op. */
+static WC_INLINE void *
+wolfSSL_BIO_meth_get_gets(WOLFSSL_BIO_METHOD *m)
+{ (void)m; return NULL; }
+static WC_INLINE void *
+wolfSSL_BIO_meth_get_puts(WOLFSSL_BIO_METHOD *m)
+{ (void)m; return NULL; }
+static WC_INLINE void *
+wolfSSL_BIO_meth_get_ctrl(WOLFSSL_BIO_METHOD *m)
+{ (void)m; return NULL; }
+static WC_INLINE void *
+wolfSSL_BIO_meth_get_create(WOLFSSL_BIO_METHOD *m)
+{ (void)m; return NULL; }
+static WC_INLINE void *
+wolfSSL_BIO_meth_get_destroy(WOLFSSL_BIO_METHOD *m)
+{ (void)m; return NULL; }
+static WC_INLINE void *
+wolfSSL_BIO_meth_get_callback_ctrl(WOLFSSL_BIO_METHOD *m)
+{ (void)m; return NULL; }
+static WC_INLINE int
+wolfSSL_BIO_meth_set_callback_ctrl(WOLFSSL_BIO_METHOD *m, void *cb)
+{ (void)m; (void)cb; return 1; }
+
 #define BIO_snprintf               XSNPRINTF
 
 /* BIO CTRL */

wolfssl/openssl/err.h

@@ -38,10 +38,21 @@
 #define WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
 #define WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY                3
 #define WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT            4
+#define WOLFSSL_SSL_F_SSL_SET_FD                        5
 
 /* reasons */
 #define WOLFSSL_ERR_R_SYS_LIB                           1
 #define WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE             2
+#define WOLFSSL_ERR_R_BUF_LIB                           0
+#define WOLFSSL_SSL_R_UNKNOWN_PROTOCOL                  252
+#define WOLFSSL_SSL_R_WRONG_VERSION_NUMBER              267
+#define WOLFSSL_SSL_R_UNSUPPORTED_PROTOCOL              258
+#define WOLFSSL_SSL_R_NO_PROTOCOLS_AVAILABLE            194
+#define WOLFSSL_SSL_R_BAD_PROTOCOL_VERSION_NUMBER       182
+#define WOLFSSL_SSL_R_UNKNOWN_SSL_VERSION               254
+#define WOLFSSL_SSL_R_UNSUPPORTED_SSL_VERSION           259
+#define WOLFSSL_SSL_R_WRONG_SSL_VERSION                 266
+#define WOLFSSL_SSL_R_TLSV1_ALERT_PROTOCOL_VERSION      1070
 
 #ifndef OPENSSL_COEXIST
 

wolfssl/openssl/hmac.h

@@ -37,6 +37,12 @@
 
 #include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/openssl/opensslv.h>
+/* OpenSSL's hmac.h pulls in evp.h; mirror it, but only on standalone
+ * include (WOLFSSL_SSL_H unset) to avoid an include cycle during
+ * wolfssl/ssl.h's own parse. */
+#ifndef WOLFSSL_SSL_H
+#include <wolfssl/openssl/evp.h>
+#endif
 
 #ifdef __cplusplus
     extern "C" {

wolfssl/openssl/objects.h

@@ -74,6 +74,20 @@
 #define NID_ad_OCSP WC_NID_ad_OCSP
 #define NID_ad_ca_issuers WC_NID_ad_ca_issuers
 
+/* OBJ_find_sigid_algs(): report SHA-256 / RSA for libpq's
+ * RSA-with-SHA-256 channel binding. Literal NIDs (672, 6) keep
+ * this self-contained even when ASN is disabled. */
+#ifndef BUILDING_WOLFSSL
+static WC_INLINE int
+wolfSSL_OBJ_find_sigid_algs(int sigid, int *pdig, int *ppkey)
+{
+    (void)sigid;
+    if (pdig  != NULL) *pdig  = 672; /* NID_sha256 */
+    if (ppkey != NULL) *ppkey = 6;   /* NID_rsaEncryption */
+    return 1;
+}
+#endif
+
 #endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */

wolfssl/openssl/ssl.h

@@ -44,6 +44,7 @@
 #include <wolfssl/openssl/evp.h>
 #endif
 #include <wolfssl/openssl/bio.h>
+#include <wolfssl/openssl/err.h>
 #ifdef OPENSSL_EXTRA
 #include <wolfssl/openssl/crypto.h>
 #endif
@@ -1568,6 +1569,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_get_state                   wolfSSL_get_state
 #define SSL_state_string_long           wolfSSL_state_string_long
 
+#define WOLFSSL_TLS_ST_OK               16
+#define WOLFSSL_SSL_ST_OK               WOLFSSL_TLS_ST_OK
+#define TLS_ST_OK                       WOLFSSL_TLS_ST_OK
+#define SSL_ST_OK                       WOLFSSL_SSL_ST_OK
+#define SSL_F_SSL_SET_FD                WOLFSSL_SSL_F_SSL_SET_FD
+
 #define GENERAL_NAME_new                wolfSSL_GENERAL_NAME_new
 #define GENERAL_NAME_free               wolfSSL_GENERAL_NAME_free
 #define GENERAL_NAME_dup                wolfSSL_GENERAL_NAME_dup
@@ -1738,16 +1745,43 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_R_DATA_LENGTH_TOO_LONG                 BUFFER_ERROR
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG            BUFFER_ERROR
 #define SSL_R_BAD_LENGTH                           BUFFER_ERROR
-#define SSL_R_UNKNOWN_PROTOCOL                     VERSION_ERROR
-#define SSL_R_WRONG_VERSION_NUMBER                 VERSION_ERROR
+#define SSL_R_UNKNOWN_PROTOCOL WOLFSSL_SSL_R_UNKNOWN_PROTOCOL
+#define SSL_R_WRONG_VERSION_NUMBER WOLFSSL_SSL_R_WRONG_VERSION_NUMBER
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC  ENCRYPT_ERROR
 #define SSL_R_HTTPS_PROXY_REQUEST                  PARSE_ERROR
 #define SSL_R_HTTP_REQUEST                         PARSE_ERROR
-#define SSL_R_UNSUPPORTED_PROTOCOL                 VERSION_ERROR
+#define SSL_R_UNSUPPORTED_PROTOCOL WOLFSSL_SSL_R_UNSUPPORTED_PROTOCOL
+#define SSL_R_NO_PROTOCOLS_AVAILABLE \
+    WOLFSSL_SSL_R_NO_PROTOCOLS_AVAILABLE
+#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER \
+    WOLFSSL_SSL_R_BAD_PROTOCOL_VERSION_NUMBER
+#define SSL_R_UNKNOWN_SSL_VERSION WOLFSSL_SSL_R_UNKNOWN_SSL_VERSION
+#define SSL_R_UNSUPPORTED_SSL_VERSION \
+    WOLFSSL_SSL_R_UNSUPPORTED_SSL_VERSION
+#define SSL_R_WRONG_SSL_VERSION WOLFSSL_SSL_R_WRONG_SSL_VERSION
+#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION \
+    WOLFSSL_SSL_R_TLSV1_ALERT_PROTOCOL_VERSION
 #define SSL_R_CERTIFICATE_VERIFY_FAILED            VERIFY_CERT_ERROR
 #define SSL_R_CERT_CB_ERROR                        CLIENT_CERT_CB_ERROR
 #define SSL_R_NULL_SSL_METHOD_PASSED               BAD_FUNC_ARG
 #define SSL_R_CCS_RECEIVED_EARLY                   OUT_OF_ORDER_E
+#define ERR_R_BUF_LIB WOLFSSL_ERR_R_BUF_LIB
+#define BIO_TYPE_DESCRIPTOR WOLFSSL_BIO_TYPE_DESCRIPTOR
+#define BIO_TYPE_SOURCE_SINK WOLFSSL_BIO_TYPE_SOURCE_SINK
+#define BIO_get_app_data(bio) wolfSSL_BIO_get_data(bio)
+#define BIO_set_app_data(bio, data) \
+    wolfSSL_BIO_set_data((bio), (data))
+#define BIO_get_new_index wolfSSL_BIO_get_new_index
+#define BIO_meth_get_gets wolfSSL_BIO_meth_get_gets
+#define BIO_meth_get_puts wolfSSL_BIO_meth_get_puts
+#define BIO_meth_get_ctrl wolfSSL_BIO_meth_get_ctrl
+#define BIO_meth_get_create wolfSSL_BIO_meth_get_create
+#define BIO_meth_get_destroy wolfSSL_BIO_meth_get_destroy
+#define BIO_meth_get_callback_ctrl wolfSSL_BIO_meth_get_callback_ctrl
+#define BIO_meth_set_callback_ctrl wolfSSL_BIO_meth_set_callback_ctrl
+#ifndef BUILDING_WOLFSSL
+#define OBJ_find_sigid_algs wolfSSL_OBJ_find_sigid_algs
+#endif
 
 #ifdef HAVE_SESSION_TICKET
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72