In OpenSSL 1.1 the thread model atomically initialized the library so
there is no need to invoke the init calls, like it was needed for 1.0.2
and earlier. The may be needed for non-standard inits like no-error
strings or so (not the case here). So the ifdef avoids them.
Also, in 1.1 there is no need to teach OpenSSL how to do locking and so
on. Infect, those functions are null-macros as for 1.0.2 compat. So
another ifdef avoids them, too.
I made four function static and removed them the header file since they
don't seem to be used outside of that openssl.c file.
This leaves us the 1.1 init part down to openssl_seed_prng(). I would
actually suggest to get rid of it. OpenSSL is able to gather some
entropy if needed. I don't think reading 2x 1024KiB from system's
entropy on each invocation of the program is wise. But I leave it to
the maintainer to make a decision, I just point it out.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
/* Are we initialized? */
static int crypto_initialized = false;
/* Are we initialized? */
static int crypto_initialized = false;
-
-/* Array of mutexes for use with OpenSSL static locking */
-static pthread_mutex_t *mutexes;
-
-/* OpenSSL dynamic locking structure */
-struct CRYPTO_dynlock_value {
- pthread_mutex_t mutex;
-};
-
/*
* ***FIXME*** this is a sort of dummy to avoid having to
* change all the existing code to pass either a jcr or
/*
* ***FIXME*** this is a sort of dummy to avoid having to
* change all the existing code to pass either a jcr or
openssl_post_errors(NULL, code, errstring);
}
openssl_post_errors(NULL, code, errstring);
}
/*
* Post all per-thread openssl errors
*/
/*
* Post all per-thread openssl errors
*/
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+/* Array of mutexes for use with OpenSSL static locking */
+static pthread_mutex_t *mutexes;
+
+/* OpenSSL dynamic locking structure */
+struct CRYPTO_dynlock_value {
+ pthread_mutex_t mutex;
+};
+
/*
* Return an OpenSSL thread ID
* Returns: thread ID
/*
* Return an OpenSSL thread ID
* Returns: thread ID
* Returns: 0 on success
* errno on failure
*/
* Returns: 0 on success
* errno on failure
*/
-int openssl_init_threads (void)
+static int openssl_init_threads (void)
{
int i, numlocks;
int stat;
{
int i, numlocks;
int stat;
/* Set thread ID callback */
CRYPTO_set_id_callback(get_openssl_thread_id);
/* Set thread ID callback */
CRYPTO_set_id_callback(get_openssl_thread_id);
/*
* Clean up OpenSSL threading support
*/
/*
* Clean up OpenSSL threading support
*/
-void openssl_cleanup_threads(void)
+static void openssl_cleanup_threads(void)
{
int i, numlocks;
int stat;
{
int i, numlocks;
int stat;
CRYPTO_set_dynlock_destroy_callback(NULL);
}
CRYPTO_set_dynlock_destroy_callback(NULL);
}
/*
* Seed OpenSSL PRNG
* Returns: 1 on success
* 0 on failure
*/
/*
* Seed OpenSSL PRNG
* Returns: 1 on success
* 0 on failure
*/
-int openssl_seed_prng (void)
+static int openssl_seed_prng (void)
{
const char *names[] = { "/dev/urandom", "/dev/random", NULL };
int i;
{
const char *names[] = { "/dev/urandom", "/dev/random", NULL };
int i;
* Returns: 1 on success
* 0 on failure
*/
* Returns: 1 on success
* 0 on failure
*/
-int openssl_save_prng (void)
+static int openssl_save_prng (void)
{
// ***FIXME***
// Implement PRNG state save
{
// ***FIXME***
// Implement PRNG state save
*/
int init_crypto (void)
{
*/
int init_crypto (void)
{
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
if ((stat = openssl_init_threads()) != 0) {
berrno be;
Jmsg1(NULL, M_ABORT, 0,
if ((stat = openssl_init_threads()) != 0) {
berrno be;
Jmsg1(NULL, M_ABORT, 0,
/* Register OpenSSL ciphers and digests */
OpenSSL_add_all_algorithms();
/* Register OpenSSL ciphers and digests */
OpenSSL_add_all_algorithms();
if (!openssl_seed_prng()) {
Jmsg0(NULL, M_ERROR_TERM, 0, _("Failed to seed OpenSSL PRNG\n"));
if (!openssl_seed_prng()) {
Jmsg0(NULL, M_ERROR_TERM, 0, _("Failed to seed OpenSSL PRNG\n"));
Jmsg0(NULL, M_ERROR, 0, _("Failed to save OpenSSL PRNG\n"));
}
Jmsg0(NULL, M_ERROR, 0, _("Failed to save OpenSSL PRNG\n"));
}
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
openssl_cleanup_threads();
/* Free libssl and libcrypto error strings */
openssl_cleanup_threads();
/* Free libssl and libcrypto error strings */
/* Free memory used by PRNG */
RAND_cleanup();
/* Free memory used by PRNG */
RAND_cleanup();
crypto_initialized = false;
crypto_initialized = false;
#ifdef HAVE_OPENSSL
void openssl_post_errors (int code, const char *errstring);
void openssl_post_errors (JCR *jcr, int code, const char *errstring);
#ifdef HAVE_OPENSSL
void openssl_post_errors (int code, const char *errstring);
void openssl_post_errors (JCR *jcr, int code, const char *errstring);
-int openssl_init_threads (void);
-void openssl_cleanup_threads (void);
-int openssl_seed_prng (void);
-int openssl_save_prng (void);
#endif /* HAVE_OPENSSL */
#endif /* __OPENSSL_H_ */
#endif /* HAVE_OPENSSL */
#endif /* __OPENSSL_H_ */