From 4582761e377a2e1e4cbbbefd26e127b9488f3a48 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior Date: Thu, 9 Nov 2017 21:55:20 +0100 Subject: [PATCH] crypto: remove most of OpenSSL initcallbacks for 1.1 In OpenSSL 1.1 the thread model atomically initialized the library so there is no need to invoke the init calls, like it was needed for 1.0.2 and earlier. The may be needed for non-standard inits like no-error strings or so (not the case here). So the ifdef avoids them. Also, in 1.1 there is no need to teach OpenSSL how to do locking and so on. Infect, those functions are null-macros as for 1.0.2 compat. So another ifdef avoids them, too. I made four function static and removed them the header file since they don't seem to be used outside of that openssl.c file. This leaves us the 1.1 init part down to openssl_seed_prng(). I would actually suggest to get rid of it. OpenSSL is able to gather some entropy if needed. I don't think reading 2x 1024KiB from system's entropy on each invocation of the program is wise. But I leave it to the maintainer to make a decision, I just point it out. Signed-off-by: Sebastian Andrzej Siewior --- bacula/src/lib/openssl.c | 35 +++++++++++++++++++---------------- bacula/src/lib/openssl.h | 4 ---- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/bacula/src/lib/openssl.c b/bacula/src/lib/openssl.c index 64b0e96009..23ac946cfa 100644 --- a/bacula/src/lib/openssl.c +++ b/bacula/src/lib/openssl.c @@ -41,15 +41,6 @@ /* Are we initialized? */ static int crypto_initialized = false; - -/* Array of mutexes for use with OpenSSL static locking */ -static pthread_mutex_t *mutexes; - -/* OpenSSL dynamic locking structure */ -struct CRYPTO_dynlock_value { - pthread_mutex_t mutex; -}; - /* * ***FIXME*** this is a sort of dummy to avoid having to * change all the existing code to pass either a jcr or @@ -61,7 +52,6 @@ void openssl_post_errors(int code, const char *errstring) openssl_post_errors(NULL, code, errstring); } - /* * Post all per-thread openssl errors */ @@ -79,6 +69,15 @@ void openssl_post_errors(JCR *jcr, int code, const char *errstring) } } +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +/* Array of mutexes for use with OpenSSL static locking */ +static pthread_mutex_t *mutexes; + +/* OpenSSL dynamic locking structure */ +struct CRYPTO_dynlock_value { + pthread_mutex_t mutex; +}; + /* * Return an OpenSSL thread ID * Returns: thread ID @@ -151,12 +150,11 @@ static void openssl_update_static_mutex (int mode, int i, const char *file, int * Returns: 0 on success * errno on failure */ -int openssl_init_threads (void) +static int openssl_init_threads (void) { int i, numlocks; int stat; - /* Set thread ID callback */ CRYPTO_set_id_callback(get_openssl_thread_id); @@ -185,7 +183,7 @@ int openssl_init_threads (void) /* * Clean up OpenSSL threading support */ -void openssl_cleanup_threads(void) +static void openssl_cleanup_threads(void) { int i, numlocks; int stat; @@ -216,13 +214,14 @@ void openssl_cleanup_threads(void) CRYPTO_set_dynlock_destroy_callback(NULL); } +#endif /* * Seed OpenSSL PRNG * Returns: 1 on success * 0 on failure */ -int openssl_seed_prng (void) +static int openssl_seed_prng (void) { const char *names[] = { "/dev/urandom", "/dev/random", NULL }; int i; @@ -247,7 +246,7 @@ int openssl_seed_prng (void) * Returns: 1 on success * 0 on failure */ -int openssl_save_prng (void) +static int openssl_save_prng (void) { // ***FIXME*** // Implement PRNG state save @@ -262,8 +261,9 @@ int openssl_save_prng (void) */ int init_crypto (void) { - int stat; + int stat = 0; +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) if ((stat = openssl_init_threads()) != 0) { berrno be; Jmsg1(NULL, M_ABORT, 0, @@ -278,6 +278,7 @@ int init_crypto (void) /* Register OpenSSL ciphers and digests */ OpenSSL_add_all_algorithms(); +#endif if (!openssl_seed_prng()) { Jmsg0(NULL, M_ERROR_TERM, 0, _("Failed to seed OpenSSL PRNG\n")); @@ -309,6 +310,7 @@ int cleanup_crypto (void) Jmsg0(NULL, M_ERROR, 0, _("Failed to save OpenSSL PRNG\n")); } +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) openssl_cleanup_threads(); /* Free libssl and libcrypto error strings */ @@ -319,6 +321,7 @@ int cleanup_crypto (void) /* Free memory used by PRNG */ RAND_cleanup(); +#endif crypto_initialized = false; diff --git a/bacula/src/lib/openssl.h b/bacula/src/lib/openssl.h index 597517a4fd..9374a581c7 100644 --- a/bacula/src/lib/openssl.h +++ b/bacula/src/lib/openssl.h @@ -39,10 +39,6 @@ #ifdef HAVE_OPENSSL void openssl_post_errors (int code, const char *errstring); void openssl_post_errors (JCR *jcr, int code, const char *errstring); -int openssl_init_threads (void); -void openssl_cleanup_threads (void); -int openssl_seed_prng (void); -int openssl_save_prng (void); #endif /* HAVE_OPENSSL */ #endif /* __OPENSSL_H_ */ -- 2.39.5