From patchwork Tue May 22 12:04:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: gio--- via openwrt-devel
 <openwrt-devel@lists.openwrt.org>
X-Patchwork-Id: 918222
X-Patchwork-Delegate: blogic@openwrt.org
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=lists.openwrt.org
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="If8Jo54d";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40qvSp6kWzz9s55
	for <incoming@patchwork.ozlabs.org>;
	Tue, 22 May 2018 22:04:10 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209;
	h=Date:Sender:Content-Type:
	Subject:List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:Cc:
	From:List-Post:List-Id:Message-ID:MIME-Version:References:In-Reply-To:To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=dqKImjtxuPPhBFY/W7H3TZxdLl549klZHk/QVyoRQ4A=;
	b=If8Jo54d4QYuZ527QkyhT/P4W
	MCnsmqgTysoNk3nQUlpU/V0dKAukGy/qvhY0t5J5lzJsYu2NLGrc49rMwNkiUeiVMfbIOvSC0uO9r
	MP9Ic6XhCy+R89WShRkDgecnRV7Q9qj27y8KDOnbdZP+39PxNVpB8p8MlkK3px9lj9YQRa12VRNzY
	G0nymjKP3u4jqlYA2iLPp4eLfqXX0juC2yAN54USTSH9/2WhnzlEIajIkoD00W59ItVgW7qARPXiB
	0bAvMACFYJxoc6rWfiDFJyMhQhtpjm80D3sj8w2FLCJ1nPzmJVnegrNommEKfAW3Gi5UVhLr6viSz
	cLLyYK9XQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1fL61P-0007c3-5t; Tue, 22 May 2018 12:04:07 +0000
To: openwrt-devel@lists.openwrt.org
In-Reply-To: <20180522120215.13360-1-cote2004-github@yahoo.com>
References: <30f4d3c4-ed06-521a-28ee-d5b2e61ce667@phrozen.org>
	<20180522120215.13360-1-cote2004-github@yahoo.com>
MIME-Version: 1.0
Message-ID: <mailman.1092.1526990624.28140.openwrt-devel@lists.openwrt.org>
List-Id: <openwrt-devel.lists.openwrt.org>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
X-Patchwork-Original-From: Eneas U de Queiroz via openwrt-devel
 <openwrt-devel@lists.openwrt.org>
From: gio--- via openwrt-devel <openwrt-devel@lists.openwrt.org>
Precedence: list
Cc: Eneas U de Queiroz <cote2004-github@yahoo.com>,
	John Crispin <john@phrozen.org>
X-Mailman-Version: 2.1.21
X-BeenThere: openwrt-devel@lists.openwrt.org
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/openwrt-devel/>
Reply-To: Eneas U de Queiroz <cote2004-github@yahoo.com>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
Subject: [OpenWrt-Devel] [PATCH 4/4] ustream-ssl: openssl-1.1 compatibility
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Date: Tue, 22 May 2018 12:04:07 +0000
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Patch to compile ustream-ssl with openssl-1.1.0.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
---
 ustream-io-openssl.c | 37 +++++++++++++++++++++++++++++++++++++
 ustream-openssl.c    | 12 +++++++++++-
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c
index 6711055..73a2ba6 100644
--- a/ustream-io-openssl.c
+++ b/ustream-io-openssl.c
@@ -26,10 +26,16 @@
 static int
 s_ustream_new(BIO *b)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	BIO_set_init(b, 1);
+	BIO_set_data(b, NULL);
+	BIO_set_shutdown(b, 0);
+#else
 	b->init = 1;
 	b->num = 0;
 	b->ptr = NULL;
 	b->flags = 0;
+#endif
 	return 1;
 }
 
@@ -39,9 +45,15 @@ s_ustream_free(BIO *b)
 	if (!b)
 		return 0;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	BIO_set_data(b, NULL);
+	BIO_set_init(b, 0);
+	BIO_set_shutdown(b, 0);
+#else
 	b->ptr = NULL;
 	b->init = 0;
 	b->flags = 0;
+#endif
 	return 1;
 }
 
@@ -55,7 +67,11 @@ s_ustream_read(BIO *b, char *buf, int len)
 	if (!buf || len <= 0)
 		return 0;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	s = (struct ustream *)BIO_get_data(b);
+#else
 	s = (struct ustream *)b->ptr;
+#endif
 	if (!s)
 		return 0;
 
@@ -84,7 +100,11 @@ s_ustream_write(BIO *b, const char *buf, int len)
 	if (!buf || len <= 0)
 		return 0;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	s = (struct ustream *)BIO_get_data(b);
+#else
 	s = (struct ustream *)b->ptr;
+#endif
 	if (!s)
 		return 0;
 
@@ -116,6 +136,7 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr)
 	};
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static BIO_METHOD methods_ustream = {
 	100 | BIO_TYPE_SOURCE_SINK,
 	"ustream",
@@ -128,13 +149,29 @@ static BIO_METHOD methods_ustream = {
 	s_ustream_free,
 	NULL,
 };
+#endif
 
 static BIO *ustream_bio_new(struct ustream *s)
 {
 	BIO *bio;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	BIO_METHOD *methods_ustream;
+
+	methods_ustream = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "ustream");
+	BIO_meth_set_write(methods_ustream, s_ustream_write);
+	BIO_meth_set_read(methods_ustream, s_ustream_read);
+	BIO_meth_set_puts(methods_ustream, s_ustream_puts);
+	BIO_meth_set_gets(methods_ustream, s_ustream_gets);
+	BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl);
+	BIO_meth_set_create(methods_ustream, s_ustream_new);
+	BIO_meth_set_destroy(methods_ustream, s_ustream_free);
+	bio = BIO_new(methods_ustream);
+	BIO_set_data(bio, s);
+#else
 	bio = BIO_new(&methods_ustream);
 	bio->ptr = s;
+#endif
 	return bio;
 }
 
diff --git a/ustream-openssl.c b/ustream-openssl.c
index eb03dab..52b7c21 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -38,11 +38,17 @@ __ustream_ssl_context_new(bool server)
 	if (server)
 #ifdef CYASSL_OPENSSL_H_
 		m = SSLv23_server_method();
+#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
+		m = TLS_server_method();
 #else
 		m = TLSv1_2_server_method();
 #endif
 	else
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		m = TLS_client_method();
+#else
 		m = SSLv23_client_method();
+#endif
 
 	c = SSL_CTX_new((void *) m);
 	if (!c)
@@ -52,8 +58,12 @@ __ustream_ssl_context_new(bool server)
 #ifndef OPENSSL_NO_ECDH
 	SSL_CTX_set_ecdh_auto(c, 1);
 #endif
-	if (server)
+	if (server) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION);
+#endif
 		SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
+	}
 	SSL_CTX_set_quiet_shutdown(c, 1);
 
 	return (void *) c;