fixing various things regarding OpenSSL

* fix linking with no dynamic loading in CMakeLists.txt
* make sha1.inl API compatible with the OpenSSL one
* fix various warnings related to the NO_SSL_DL define
* fix various deprecation warnings regarding ERR_remove_state

src/CMakeLists.txt

@@ -39,13 +39,15 @@ if (CIVETWEB_ENABLE_WEBSOCKETS AND CIVETWEB_ENABLE_LUA AND LIBRT_FOUND)
 endif()
 
 # We need to link OpenSSL if not dynamically loading
-if (CIVETWEB_ENABLE_SLL AND NOT CIVETWEB_ENABLE_OPENSLL_DYNAMIC_LOADING)
-  find_package(OpenSSL)
-  target_link_libraries(c-library ${OPENSSL_LIBRARIES})
-else()
-  find_package(LibDl)
-  if (LIBDL_FOUND)
-    target_link_libraries(c-library -ldl)
+if (CIVETWEB_ENABLE_SSL)
+  if (CIVETWEB_ENABLE_SSL_DYNAMIC_LOADING)
+    find_package(LibDl)
+    if (LIBDL_FOUND)
+      target_link_libraries(c-library -ldl)
+    endif()
+  else()
+    find_package(OpenSSL)
+    target_link_libraries(c-library ${OPENSSL_LIBRARIES})
   endif()
 endif()
 

src/civetweb.c

@@ -1347,12 +1347,11 @@ struct ssl_func {
 #define SSL_CTX_set_session_id_context                                         \
 	(*(int (*)(SSL_CTX *, const unsigned char *, unsigned int))ssl_sw[28].ptr)
 #define SSL_CTX_ctrl (*(long (*)(SSL_CTX *, int, long, void *))ssl_sw[29].ptr)
+#define SSL_CTX_set_options (*(unsigned long (*)(SSL_CTX *, unsigned long))ssl_sw[30].ptr)
 
 
 #define SSL_CTX_set_cipher_list                                                \
 	(*(int (*)(SSL_CTX *, const char *))ssl_sw[30].ptr)
-#define SSL_CTX_set_options(ctx, op)                                           \
-	SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, (op), NULL)
 #define SSL_CTX_clear_options(ctx, op)                                         \
 	SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_OPTIONS, (op), NULL)
 #define SSL_CTX_set_ecdh_auto(ctx, onoff)                                      \
@@ -1421,6 +1420,7 @@ static struct ssl_func ssl_sw[] = {{"SSL_free", NULL},
                                    {"SSL_CTX_set_session_id_context", NULL},
                                    {"SSL_CTX_ctrl", NULL},
                                    {"SSL_CTX_set_cipher_list", NULL},
+                                   {"SSL_CTX_set_options", NULL},
                                    {NULL, NULL}};
 
 
@@ -6838,6 +6838,7 @@ connect_socket(struct mg_context *ctx /* may be NULL */,
 	}
 
 #if !defined(NO_SSL)
+#if !defined(NO_SSL_DL)
 #ifdef OPENSSL_API_1_1
 	if (use_ssl && (TLS_client_method == NULL)) {
 		mg_snprintf(NULL,
@@ -6862,6 +6863,9 @@ connect_socket(struct mg_context *ctx /* may be NULL */,
 #endif /* OPENSSL_API_1_1 */
 #else
 	(void)use_ssl;
+#endif /* NO_SSL_DL */
+#else
+	(void)use_ssl;
 #endif /* !defined(NO_SSL) */
 
 	if (mg_inet_pton(AF_INET, host, &sa->sin, sizeof(sa->sin))) {
@@ -9526,15 +9530,17 @@ mg_unlock_context(struct mg_context *ctx)
 
 #if defined(USE_WEBSOCKET)
 
+#if !defined(NO_SSL_DL)
 #define SHA_API static
 #include "sha1.inl"
+#endif
 
 static int
 send_websocket_handshake(struct mg_connection *conn, const char *websock_key)
 {
 	static const char *magic = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
 	char buf[100], sha[20], b64_sha[sizeof(sha) * 2];
-	SHA1_CTX sha_ctx;
+	SHA_CTX sha_ctx;
 	int truncated;
 
 	/* Calculate Sec-WebSocket-Accept reply from Sec-WebSocket-Key. */
@@ -9546,7 +9552,7 @@ send_websocket_handshake(struct mg_connection *conn, const char *websock_key)
 
 	SHA1_Init(&sha_ctx);
 	SHA1_Update(&sha_ctx, (unsigned char *)buf, (uint32_t)strlen(buf));
-	SHA1_Final(&sha_ctx, (unsigned char *)sha);
+	SHA1_Final((unsigned char *)sha, &sha_ctx);
 	base64_encode((unsigned char *)sha, sizeof(sha), b64_sha);
 	mg_printf(conn,
 	          "HTTP/1.1 101 Switching Protocols\r\n"
@@ -11871,7 +11877,9 @@ sslize(struct mg_connection *conn,
 		conn->ssl = NULL;
 		/* Avoid CRYPTO_cleanup_all_ex_data(); See discussion:
 		 * https://wiki.openssl.org/index.php/Talk:Library_Initialization */
+#ifndef OPENSSL_API_1_1
 		ERR_remove_state(0);
+#endif
 		return 0;
 	}
 
@@ -11917,7 +11925,9 @@ sslize(struct mg_connection *conn,
 		conn->ssl = NULL;
 		/* Avoid CRYPTO_cleanup_all_ex_data(); See discussion:
 		 * https://wiki.openssl.org/index.php/Talk:Library_Initialization */
+#ifndef OPENSSL_API_1_1
 		ERR_remove_state(0);
+#endif
 		return 0;
 	}
 
@@ -12103,6 +12113,8 @@ initialize_ssl(struct mg_context *ctx)
 			return 0;
 		}
 	}
+#else
+    (void)ctx;
 #endif /* NO_SSL_DL */
 
 	if (mg_atomic_inc(&cryptolib_users) > 1) {
@@ -12120,6 +12132,8 @@ initialize_ssl(struct mg_context *ctx)
 			return 0;
 		}
 	}
+#else
+    (void)ctx;
 #endif /* NO_SSL_DL */
 
 	if (mg_atomic_inc(&cryptolib_users) > 1) {
@@ -12196,10 +12210,10 @@ ssl_use_pem_file(struct mg_context *ctx, const char *pem)
 }
 
 
-static long
+static unsigned long
 ssl_get_protocol(int version_id)
 {
-	long ret = SSL_OP_ALL;
+	long unsigned ret = SSL_OP_ALL;
 	if (version_id > 0)
 		ret |= SSL_OP_NO_SSLv2;
 	if (version_id > 1)
@@ -12388,7 +12402,6 @@ uninitialize_ssl(struct mg_context *ctx)
 		 * http://stackoverflow.com/questions/29845527/how-to-properly-uninitialize-openssl
 		 */
 		CONF_modules_unload(1);
-		ERR_remove_state(0);
 #else
 	int i;
 	(void)ctx;
@@ -12663,7 +12676,9 @@ close_connection(struct mg_connection *conn)
 		SSL_free(conn->ssl);
 		/* Avoid CRYPTO_cleanup_all_ex_data(); See discussion:
 		 * https://wiki.openssl.org/index.php/Talk:Library_Initialization */
+#ifndef OPENSSL_API_1_1
 		ERR_remove_state(0);
+#endif
 		conn->ssl = NULL;
 	}
 #endif

src/sha1.inl

@@ -10,10 +10,10 @@ Still 100% Public Domain
 
 Corrected a problem which generated improper hash values on 16 bit machines
 Routine SHA1Update changed from
-    void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int
+    void SHA1Update(SHA_CTX* context, unsigned char* data, unsigned int
 len)
 to
-    void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned
+    void SHA1Update(SHA_CTX* context, unsigned char* data, unsigned
 long len)
 
 The 'len' parameter was declared an int which works fine on 32 bit machines.
@@ -92,7 +92,7 @@ typedef struct {
 	uint32_t state[5];
 	uint32_t count[2];
 	uint8_t buffer[64];
-} SHA1_CTX;
+} SHA_CTX;
 
 #define SHA1_DIGEST_SIZE 20
 
@@ -256,7 +256,7 @@ SHA1_Transform(uint32_t state[5], const uint8_t buffer[64])
 
 /* SHA1Init - Initialize new context */
 SHA_API void
-SHA1_Init(SHA1_CTX *context)
+SHA1_Init(SHA_CTX *context)
 {
 	/* SHA1 initialization constants */
 	context->state[0] = 0x67452301;
@@ -269,7 +269,7 @@ SHA1_Init(SHA1_CTX *context)
 
 
 SHA_API void
-SHA1_Update(SHA1_CTX *context, const uint8_t *data, const uint32_t len)
+SHA1_Update(SHA_CTX *context, const uint8_t *data, const uint32_t len)
 {
 	uint32_t i, j;
 
@@ -296,7 +296,7 @@ SHA1_Update(SHA1_CTX *context, const uint8_t *data, const uint32_t len)
 
 /* Add padding and return the message digest. */
 SHA_API void
-SHA1_Final(SHA1_CTX *context, uint8_t digest[SHA1_DIGEST_SIZE])
+SHA1_Final(unsigned char *digest, SHA_CTX *context)
 {
 	uint32_t i;
 	uint8_t finalcount[8];

test/private.c

@@ -669,7 +669,7 @@ END_TEST
 START_TEST(test_sha1)
 {
 #ifdef SHA1_DIGEST_SIZE
-	SHA1_CTX sha_ctx;
+	SHA_CTX sha_ctx;
 	uint8_t digest[SHA1_DIGEST_SIZE] = {0};
 	char str[48] = {0};
 	int i;
@@ -680,7 +680,7 @@ START_TEST(test_sha1)
 
 	/* empty string */
 	SHA1_Init(&sha_ctx);
-	SHA1_Final(&sha_ctx, digest);
+	SHA1_Final(digest, &sha_ctx);
 	bin2str(str, digest, sizeof(digest));
 	ck_assert_uint_eq(strlen(str), 40);
 	ck_assert_str_eq(str, "da39a3ee5e6b4b0d3255bfef95601890afd80709");
@@ -688,7 +688,7 @@ START_TEST(test_sha1)
 	/* empty string */
 	SHA1_Init(&sha_ctx);
 	SHA1_Update(&sha_ctx, (uint8_t *)"abc", 0);
-	SHA1_Final(&sha_ctx, digest);
+	SHA1_Final(digest, &sha_ctx);
 	bin2str(str, digest, sizeof(digest));
 	ck_assert_uint_eq(strlen(str), 40);
 	ck_assert_str_eq(str, "da39a3ee5e6b4b0d3255bfef95601890afd80709");
@@ -696,7 +696,7 @@ START_TEST(test_sha1)
 	/* "abc" */
 	SHA1_Init(&sha_ctx);
 	SHA1_Update(&sha_ctx, (uint8_t *)"abc", 3);
-	SHA1_Final(&sha_ctx, digest);
+	SHA1_Final(digest, &sha_ctx);
 	bin2str(str, digest, sizeof(digest));
 	ck_assert_uint_eq(strlen(str), 40);
 	ck_assert_str_eq(str, "a9993e364706816aba3e25717850c26c9cd0d89d");
@@ -705,7 +705,7 @@ START_TEST(test_sha1)
 	test_str = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
 	SHA1_Init(&sha_ctx);
 	SHA1_Update(&sha_ctx, (uint8_t *)test_str, (uint32_t)strlen(test_str));
-	SHA1_Final(&sha_ctx, digest);
+	SHA1_Final(digest, &sha_ctx);
 	bin2str(str, digest, sizeof(digest));
 	ck_assert_uint_eq(strlen(str), 40);
 	ck_assert_str_eq(str, "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
@@ -715,7 +715,7 @@ START_TEST(test_sha1)
 	for (i = 0; i < 1000000; i++) {
 		SHA1_Update(&sha_ctx, (uint8_t *)"a", 1);
 	}
-	SHA1_Final(&sha_ctx, digest);
+	SHA1_Final(digest, &sha_ctx);
 	bin2str(str, digest, sizeof(digest));
 	ck_assert_uint_eq(strlen(str), 40);
 	ck_assert_str_eq(str, "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
@@ -725,7 +725,7 @@ START_TEST(test_sha1)
 	for (i = 0; i < 100000; i++) {
 		SHA1_Update(&sha_ctx, (uint8_t *)"aaaaaaaaaa", 10);
 	}
-	SHA1_Final(&sha_ctx, digest);
+	SHA1_Final(digest, &sha_ctx);
 	bin2str(str, digest, sizeof(digest));
 	ck_assert_uint_eq(strlen(str), 40);
 	ck_assert_str_eq(str, "34aa973cd4c4daa4f61eeb2bdbad27316534016f");