From 0d7b4c3aa7dcbe510f3a0034cb5a1ead392e5ab3 Mon Sep 17 00:00:00 2001
From: Ali Gholami Rudi <ali@rudi.ir>
Date: Thu, 14 Jan 2016 08:32:38 +0330
Subject: [PATCH] conn: support openssl

Now smtp can use either polarssl or openssl.
---
 Makefile                 | 21 ++++++++++-----
 config.h => conf.h       |  0
 conn.c => conn_mbedtls.c |  0
 conn.c => conn_openssl.c | 66 ++++++++++++++++++++----------------------------
 smtp.c                   |  4 +--
 5 files changed, 44 insertions(+), 47 deletions(-)
 rename config.h => conf.h (100%)
 copy conn.c => conn_mbedtls.c (100%)
 rename conn.c => conn_openssl.c (50%)

diff --git a/Makefile b/Makefile
index 371ed38..0d61364 100644
--- a/Makefile
+++ b/Makefile
@@ -1,13 +1,20 @@
-POLARPATH = /opt
+# common options
 CC = cc
-CFLAGS = -Wall -O2 -I$(POLARPATH)/include/
-LDFLAGS = -L$(POLARPATH)/lib -lpolarssl
+
+# for openssl
+OBJS = smtp.o conn_openssl.o
+CFLAGS = -Wall -O2
+LDFLAGS = -lssl
+
+# for mbedtls (polarssl)
+#OBJS = smtp.o conn_mbedtls.o
+#CFLAGS = -Wall -O2
+#LDFLAGS = -lpolarssl
 
 all: smtp
-.c.o:
+%.o: %.c conf.h
 	$(CC) -c $(CFLAGS) $<
-smtp.o: config.h
-smtp: smtp.o conn.o
-	$(CC) -o $@ $^ $(LDFLAGS)
+smtp: $(OBJS)
+	$(CC) -o $@ $(OBJS) $(LDFLAGS)
 clean:
 	rm -f *.o smtp
diff --git a/config.h b/conf.h
similarity index 100%
rename from config.h
rename to conf.h
diff --git a/conn.c b/conn_mbedtls.c
similarity index 100%
copy from conn.c
copy to conn_mbedtls.c
diff --git a/conn.c b/conn_openssl.c
similarity index 50%
rename from conn.c
rename to conn_openssl.c
index af148f7..05c5f99 100644
--- a/conn.c
+++ b/conn_openssl.c
@@ -10,58 +10,49 @@
 #include <sys/types.h>
 #include <time.h>
 #include <unistd.h>
-#include <polarssl/ssl.h>
-#include <polarssl/entropy.h>
-#include <polarssl/ctr_drbg.h>
+
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 struct conn {
 	int fd;
-	ssl_context ssl;
-	ssl_session ssn;
-	ctr_drbg_context ctr_drbg;
-	x509_crt cert;
+	SSL_CTX *ctx;
+	SSL *ssl;
 };
 
-static int ps_send(void *ctx, const unsigned char *buf, size_t len)
-{
-	return write(*(int *) ctx, buf, len);
-}
-
-static int ps_recv(void *ctx, unsigned char *buf, size_t len)
-{
-	return read(*(int *) ctx, buf, len);
-}
-
 int conn_read(struct conn *conn, char *buf, int len)
 {
-	return ssl_read(&conn->ssl, (unsigned char *) buf, sizeof(buf));
+	return SSL_read(conn->ssl, buf, sizeof(buf) - 1);
 }
 
 int conn_write(struct conn *conn, char *buf, int len)
 {
-	return ssl_write(&conn->ssl, (unsigned char *) buf, len);
+	return SSL_write(conn->ssl, buf, len);
 }
 
 static int conns_init(struct conn *conn, char *certfile)
 {
-	entropy_context entropy;
-	entropy_init(&entropy);
-	ctr_drbg_init(&conn->ctr_drbg, entropy_func, &entropy, NULL, 0);
-	if (ssl_init(&conn->ssl))
+	SSLeay_add_ssl_algorithms();
+	SSL_load_error_strings();
+	conn->ctx = SSL_CTX_new(SSLv23_method());
+	if (!conn->ctx)
+		return 1;
+	conn->ssl = SSL_new(conn->ctx);
+	if (!conn->ssl)
 		return 1;
-	ssl_set_endpoint(&conn->ssl, SSL_IS_CLIENT);
 	if (certfile) {
-		x509_crt_parse_file(&conn->cert, certfile);
-		ssl_set_ca_chain(&conn->ssl, &conn->cert, NULL, NULL);
-		ssl_set_authmode(&conn->ssl, SSL_VERIFY_REQUIRED);
-	} else{
-		ssl_set_authmode(&conn->ssl, SSL_VERIFY_NONE);
+		SSL_CTX_set_verify(conn->ctx, SSL_VERIFY_PEER, NULL);
+		SSL_CTX_load_verify_locations(conn->ctx, certfile, NULL);
 	}
-	ssl_set_rng(&conn->ssl, ctr_drbg_random, &conn->ctr_drbg);
-	ssl_set_bio(&conn->ssl, ps_recv, &conn->fd, ps_send, &conn->fd);
-	ssl_set_ciphersuites(&conn->ssl, ssl_list_ciphersuites());
-	ssl_set_session(&conn->ssl, &conn->ssn);
-	return ssl_handshake(&conn->ssl);
+	SSL_set_fd(conn->ssl, conn->fd);
+	if (SSL_connect(conn->ssl) != 1)
+		return 1;
+	if (SSL_get_verify_result(conn->ssl) != X509_V_OK)
+		return 1;
+	return 0;
 }
 
 struct conn *conn_connect(char *addr, char *port, char *certfile)
@@ -99,10 +90,9 @@ struct conn *conn_connect(char *addr, char *port, char *certfile)
 
 int conn_close(struct conn *conn)
 {
-	ssl_close_notify(&conn->ssl);
-	x509_crt_free(&conn->cert);
-	ssl_free(&conn->ssl);
-
+	SSL_shutdown(conn->ssl);
+	SSL_free(conn->ssl);
+	SSL_CTX_free(conn->ctx);
 	close(conn->fd);
 	free(conn);
 	return 0;
diff --git a/smtp.c b/smtp.c
index 993b116..a74ee58 100644
--- a/smtp.c
+++ b/smtp.c
@@ -1,7 +1,7 @@
 /*
  * A simple SMTP mail sender
  *
- * Copyright (C) 2010-2015 Ali Gholami Rudi <ali at rudi dot ir>
+ * Copyright (C) 2010-2016 Ali Gholami Rudi <ali at rudi dot ir>
  *
  * This program is released under the Modified BSD license.
  */
@@ -14,7 +14,7 @@
 #include <strings.h>
 #include <time.h>
 #include <unistd.h>
-#include "config.h"
+#include "conf.h"
 #include "conn.h"
 
 #define LNLEN			(1 << 12)
-- 
2.11.4.GIT