Merge branch 'hans/crypto/use_openssl_NO-flags/OTP-15683'

* hans/crypto/use_openssl_NO-flags/OTP-15683:
  crypto: Fixup unused label warning
  crypto: Fixup 'break strict-aliasing rules' warning
  crypto: Fixup 'break strict-aliasing rules' warning
  crypto: Fixup the ripemd160 macro chaos
  crypto: Test suite fix for unavailable CMAC
  crypto: Handle additional OPENSSL_NO_* flags

9 files changed, 118 insertions, 29 deletions

diff --git a/lib/crypto/c_src/algorithms.c b/lib/crypto/c_src/algorithms.c
index 06cd109fc1..1d45ed9df2 100644
--- a/lib/crypto/c_src/algorithms.c
+++ b/lib/crypto/c_src/algorithms.c
@@ -68,9 +68,15 @@ void init_algorithms_types(ErlNifEnv* env)
 
     // Non-validated algorithms follow
     algo_hash_fips_cnt = algo_hash_cnt;
+#ifdef HAVE_MD4
     algo_hash[algo_hash_cnt++] = enif_make_atom(env, "md4");
+#endif
+#ifdef HAVE_MD5
     algo_hash[algo_hash_cnt++] = enif_make_atom(env, "md5");
+#endif
+#ifdef HAVE_RIPEMD160
     algo_hash[algo_hash_cnt++] = enif_make_atom(env, "ripemd160");
+#endif
 
     algo_pubkey_cnt = 0;
     algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "rsa");
diff --git a/lib/crypto/c_src/api_ng.c b/lib/crypto/c_src/api_ng.c
index 6a833a0984..f4312114ed 100644
--- a/lib/crypto/c_src/api_ng.c
+++ b/lib/crypto/c_src/api_ng.c
@@ -207,7 +207,7 @@ static int get_init_args(ErlNifEnv* env,
             goto err;
         }
 
-
+#ifdef HAVE_RC2
     if (EVP_CIPHER_type((*cipherp)->cipher.p) == NID_rc2_cbc) {
         if (key_bin.size > INT_MAX / 8) {
             *return_term = EXCP_BADARG(env, "To large rc2_cbc key");
@@ -218,6 +218,7 @@ static int get_init_args(ErlNifEnv* env,
             goto err;
         }
     }
+#endif
 
     if (ivec_arg == atom_undefined || ivec_len == 0)
         {
@@ -346,7 +347,7 @@ ERL_NIF_TERM ng_crypto_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM arg
         ret = enif_make_resource(env, ctx_res);
         if(ctx_res) enif_release_resource(ctx_res);
 
-    } else if (enif_get_resource(env, argv[0], evp_cipher_ctx_rtype, (void**)&ctx_res)) {
+    } else if (enif_get_resource(env, argv[0], (ErlNifResourceType*)evp_cipher_ctx_rtype, (void**)&ctx_res)) {
         /* Fetch the flag telling if we are going to encrypt (=true) or decrypt (=false) */
         if (argv[3] == atom_true)
             encflg = 1;
@@ -426,7 +427,7 @@ ERL_NIF_TERM ng_crypto_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
     struct evp_cipher_ctx *ctx_res;
     ERL_NIF_TERM ret;
 
-    if (!enif_get_resource(env, argv[0], evp_cipher_ctx_rtype, (void**)&ctx_res))
+    if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)evp_cipher_ctx_rtype, (void**)&ctx_res))
         return EXCP_BADARG(env, "Bad 1:st arg");
     
     if (argc == 3) {
diff --git a/lib/crypto/c_src/cipher.c b/lib/crypto/c_src/cipher.c
index 5c57898c50..9d60254a3c 100644
--- a/lib/crypto/c_src/cipher.c
+++ b/lib/crypto/c_src/cipher.c
@@ -28,12 +28,12 @@
 
 static struct cipher_type_t cipher_types[] =
 {
-#ifndef OPENSSL_NO_RC2
+#ifdef HAVE_RC2
     {{"rc2_cbc"}, {&EVP_rc2_cbc}, 0, NO_FIPS_CIPHER},
 #else
     {{"rc2_cbc"}, {NULL}, 0, NO_FIPS_CIPHER},
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifdef HAVE_RC4
     {{"rc4"},     {&EVP_rc4}, 0, NO_FIPS_CIPHER},
 #else
     {{"rc4"},     {NULL}, 0, NO_FIPS_CIPHER},
diff --git a/lib/crypto/c_src/digest.c b/lib/crypto/c_src/digest.c
index fec286c000..c987a664d5 100644
--- a/lib/crypto/c_src/digest.c
+++ b/lib/crypto/c_src/digest.c
@@ -22,10 +22,32 @@
 
 static struct digest_type_t digest_types[] =
 {
-    {{"md4"}, {&EVP_md4}},
-    {{"md5"}, {&EVP_md5}},
-    {{"ripemd160"}, {&EVP_ripemd160}},
+    {{"md4"},
+#ifdef HAVE_MD4
+     {&EVP_md4}
+#else
+    {NULL}
+#endif
+    },
+
+    {{"md5"},
+#ifdef HAVE_MD5
+     {&EVP_md5}
+#else
+     {NULL}
+#endif
+    },
+
+    {{"ripemd160"},
+#ifdef HAVE_RIPEMD160
+     {&EVP_ripemd160}
+#else
+     {NULL}
+#endif
+    },
+
     {{"sha"}, {&EVP_sha1}},
+
     {{"sha224"},
 #ifdef HAVE_SHA224
      {&EVP_sha224}
@@ -33,6 +55,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"sha256"},
 #ifdef HAVE_SHA256
      {&EVP_sha256}
@@ -40,6 +63,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"sha384"},
 #ifdef HAVE_SHA384
      {&EVP_sha384}
@@ -47,6 +71,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"sha512"},
 #ifdef HAVE_SHA512
      {&EVP_sha512}
@@ -54,6 +79,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"sha3_224"},
 #ifdef HAVE_SHA3_224
      {&EVP_sha3_224}
@@ -61,6 +87,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"sha3_256"},
 #ifdef HAVE_SHA3_256
      {&EVP_sha3_256}
@@ -68,6 +95,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"sha3_384"},
 #ifdef HAVE_SHA3_384
      {&EVP_sha3_384}
@@ -75,6 +103,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"sha3_512"},
 #ifdef HAVE_SHA3_512
      {&EVP_sha3_512}
@@ -82,6 +111,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"blake2b"},
 #ifdef HAVE_BLAKE2
      {&EVP_blake2b512}
@@ -89,6 +119,7 @@ static struct digest_type_t digest_types[] =
      {NULL}
 #endif
     },
+
     {{"blake2s"},
 #ifdef HAVE_BLAKE2
      {&EVP_blake2s256}
diff --git a/lib/crypto/c_src/engine.c b/lib/crypto/c_src/engine.c
index 7ffbb9e70d..ea5d9a588f 100644
--- a/lib/crypto/c_src/engine.c
+++ b/lib/crypto/c_src/engine.c
@@ -106,15 +106,13 @@ int init_engine_ctx(ErlNifEnv *env) {
                                                    (ErlNifResourceDtor*) engine_ctx_dtor,
                                                    ERL_NIF_RT_CREATE|ERL_NIF_RT_TAKEOVER,
                                                    NULL);
-    if (engine_ctx_rtype == NULL)
-        goto err;
+    if (engine_ctx_rtype == NULL) {
+        PRINTF_ERR0("CRYPTO: Could not open resource type 'ENGINE_CTX'");
+        return 0;
+    }
 #endif
 
     return 1;
-
- err:
-    PRINTF_ERR0("CRYPTO: Could not open resource type 'ENGINE_CTX'");
-    return 0;
 }
 
 ERL_NIF_TERM engine_by_id_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
diff --git a/lib/crypto/c_src/hash.c b/lib/crypto/c_src/hash.c
index 0a9f64acef..9b79258585 100644
--- a/lib/crypto/c_src/hash.c
+++ b/lib/crypto/c_src/hash.c
@@ -21,9 +21,15 @@
 #include "hash.h"
 #include "digest.h"
 
-#define MD5_CTX_LEN       (sizeof(MD5_CTX))
-#define MD4_CTX_LEN       (sizeof(MD4_CTX))
-#define RIPEMD160_CTX_LEN (sizeof(RIPEMD160_CTX))
+#ifdef HAVE_MD5
+#  define MD5_CTX_LEN       (sizeof(MD5_CTX))
+#endif
+#ifdef HAVE_MD4
+#  define MD4_CTX_LEN       (sizeof(MD4_CTX))
+#endif
+#ifdef HAVE_RIPEMD160
+#  define RIPEMD160_CTX_LEN (sizeof(RIPEMD160_CTX))
+#endif
 
 #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,0,0)
 struct evp_md_ctx {
@@ -261,18 +267,24 @@ ERL_NIF_TERM hash_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 
     switch (EVP_MD_type(digp->md.p))
     {
+#ifdef HAVE_MD4
     case NID_md4:
         ctx_size = MD4_CTX_LEN;
         ctx_init = (init_fun)(&MD4_Init);
         break;
+#endif
+#ifdef HAVE_MD5
     case NID_md5:
         ctx_size = MD5_CTX_LEN;
         ctx_init = (init_fun)(&MD5_Init);
         break;
+#endif
+#ifdef HAVE_RIPEMD160
     case NID_ripemd160:
         ctx_size = RIPEMD160_CTX_LEN;
         ctx_init = (init_fun)(&RIPEMD160_Init);
         break;
+#endif
     case NID_sha1:
         ctx_size = sizeof(SHA_CTX);
         ctx_init = (init_fun)(&SHA1_Init);
@@ -352,18 +364,24 @@ ERL_NIF_TERM hash_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
 
     switch (EVP_MD_type(digp->md.p))
     {
+#ifdef HAVE_MD4
     case NID_md4:
         ctx_size   = MD4_CTX_LEN;
         ctx_update = (update_fun)(&MD4_Update);
         break;
+#endif
+#ifdef HAVE_MD5
     case NID_md5:
         ctx_size   = MD5_CTX_LEN;
         ctx_update = (update_fun)(&MD5_Update);
         break;
+#endif
+#ifdef HAVE_RIPEMD160
     case NID_ripemd160:
         ctx_size   = RIPEMD160_CTX_LEN;
         ctx_update = (update_fun)(&RIPEMD160_Update);
         break;
+#endif
     case NID_sha1:
         ctx_size   = sizeof(SHA_CTX);
         ctx_update = (update_fun)(&SHA1_Update);
@@ -448,18 +466,24 @@ ERL_NIF_TERM hash_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 
     switch (EVP_MD_type(md))
     {
+#ifdef HAVE_MD4
     case NID_md4:
         ctx_size  = MD4_CTX_LEN;
         ctx_final = (final_fun)(&MD4_Final);
         break;
+#endif
+#ifdef HAVE_MD5
     case NID_md5:
         ctx_size  = MD5_CTX_LEN;
         ctx_final = (final_fun)(&MD5_Final);
         break;
-    case NID_ripemd160:
+#endif
+#ifdef HAVE_RIPEMD160
+   case NID_ripemd160:
         ctx_size  = RIPEMD160_CTX_LEN;
         ctx_final = (final_fun)(&RIPEMD160_Final);
         break;
+#endif
     case NID_sha1:
         ctx_size  = sizeof(SHA_CTX);
         ctx_final = (final_fun)(&SHA1_Final);
diff --git a/lib/crypto/c_src/hmac.c b/lib/crypto/c_src/hmac.c
index c41e50eb35..ff7005d75e 100644
--- a/lib/crypto/c_src/hmac.c
+++ b/lib/crypto/c_src/hmac.c
@@ -181,7 +181,7 @@ ERL_NIF_TERM hmac_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
 
     ASSERT(argc == 2);
 
-    if (!enif_get_resource(env, argv[0], hmac_context_rtype, (void**)&obj))
+    if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)hmac_context_rtype, (void**)&obj))
         goto bad_arg;
     if (!enif_inspect_iolist_as_binary(env, argv[1], &data))
         goto bad_arg;
@@ -224,7 +224,7 @@ ERL_NIF_TERM hmac_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 
     ASSERT(argc == 1 || argc == 2);
 
-    if (!enif_get_resource(env, argv[0], hmac_context_rtype, (void**)&obj))
+    if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)hmac_context_rtype, (void**)&obj))
         goto bad_arg;
     if (argc == 2) {
         if (!enif_get_uint(env, argv[1], &req_len))
diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h
index 46868cb987..f926f8af13 100644
--- a/lib/crypto/c_src/openssl_config.h
+++ b/lib/crypto/c_src/openssl_config.h
@@ -166,6 +166,28 @@
 # define HAVE_BLAKE2
 #endif
 
+#ifndef OPENSSL_NO_MD4
+# define HAVE_MD4
+#endif
+
+#ifndef OPENSSL_NO_MD5
+# define HAVE_MD5
+#endif
+
+#ifndef OPENSSL_NO_RC2
+# define HAVE_RC2
+#endif
+
+#ifndef OPENSSL_NO_RC4
+# define HAVE_RC4
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+/* Note RMD160 vs RIPEMD160 */
+# define HAVE_RIPEMD160
+#endif
+
+
 #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'o') \
 	&& !defined(OPENSSL_NO_EC) \
 	&& !defined(OPENSSL_NO_ECDH) \
@@ -192,7 +214,9 @@
 # define HAVE_AEAD
 # define HAVE_GCM
 # define HAVE_CCM
-# define HAVE_CMAC
+# ifndef OPENSSL_NO_CMAC
+#   define HAVE_CMAC
+# endif
 # if defined(RSA_PKCS1_OAEP_PADDING)
 #   define HAVE_RSA_OAEP_PADDING
 # endif
@@ -204,21 +228,27 @@
 
 #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,1,0)
 # ifndef HAS_LIBRESSL
-#  define HAVE_CHACHA20_POLY1305
+#  if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+#    define HAVE_CHACHA20_POLY1305
+#  endif
 #  define HAVE_RSA_OAEP_MD
 # endif
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(1,1,0,'d')
 # ifndef HAS_LIBRESSL
-#  define HAVE_CHACHA20
+#  ifndef OPENSSL_NO_CHACHA
+#    define HAVE_CHACHA20
+#  endif
 # endif
 #endif
 
 // OPENSSL_VERSION_NUMBER >= 1.1.1-pre8
 #if OPENSSL_VERSION_NUMBER >= (PACKED_OPENSSL_VERSION_PLAIN(1,1,1)-7)
 # ifndef HAS_LIBRESSL
-#  define HAVE_POLY1305
+#  if !defined(OPENSSL_NO_POLY1305)
+#    define HAVE_POLY1305
+#  endif
 # endif
 #endif
 
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 7dbbde68e9..5aa19a6ae0 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -323,12 +323,11 @@ end_per_group(_GroupName, Config) ->
 init_per_testcase(info, Config) ->
     Config;
 init_per_testcase(cmac, Config) ->
-    case crypto:info_lib() of
-        [{<<"OpenSSL">>,LibVer,_}] when is_integer(LibVer), LibVer > 16#10001000 ->
+    case is_supported(cmac) of
+        true ->
             Config;
-        _Else ->
-            % The CMAC functionality was introduced in OpenSSL 1.0.1
-            {skip, "OpenSSL is too old"}
+        false ->
+            {skip, "CMAC is not supported"}
     end;
 init_per_testcase(generate, Config) ->
     case proplists:get_value(type, Config) of