From: Igor Novgorodov <igor@novg.net>
Date: Tue, 28 Feb 2012 11:16:01 +0000 (+0400)
Subject: Remove calls to OpenSSL when building with --disable-ssl
X-Git-Tag: v2.3_alpha2~74
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39b54baa36e8625fd29d0a1ed6482f83fa78d322;p=thirdparty%2Fopenvpn.git

Remove calls to OpenSSL when building with --disable-ssl

Move OpenSSL calls out from the generic crypto layer and into the
OpenSSL specific layer.  Also don't load all algortihms if SSL
isn't enabled.

Error strings will also not be loaded into memory if ENABLE_SMALL
is configured.

Signed-off-by: Igor Novgorodov <igor@novg.net>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
---

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index f81196656..03781fc43 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1384,8 +1384,6 @@ get_random()
 void
 init_ssl_lib (void)
 {
-  ERR_load_crypto_strings ();
-  OpenSSL_add_all_algorithms ();
   crypto_init_lib ();
 }
 
@@ -1394,8 +1392,6 @@ free_ssl_lib (void)
 {
   crypto_uninit_lib ();
   prng_uninit();
-  EVP_cleanup ();
-  ERR_free_strings ();
 }
 
 #endif /* ENABLE_SSL */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4a3be1e05..534250297 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -194,11 +194,19 @@ crypto_init_lib_engine (const char *engine_name)
 void
 crypto_init_lib (void)
 {
+#ifndef USE_SSL
+#ifndef ENABLE_SMALL
+  ERR_load_crypto_strings ();
+#endif
+  OpenSSL_add_all_algorithms ();
+#endif
+
   /*
    * If you build the OpenSSL library and OpenVPN with
    * CRYPTO_MDEBUG, you will get a listing of OpenSSL
    * memory leaks on program termination.
    */
+
 #ifdef CRYPTO_MDEBUG
   CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 #endif
@@ -207,6 +215,13 @@ crypto_init_lib (void)
 void
 crypto_uninit_lib (void)
 {
+#ifndef USE_SSL
+  EVP_cleanup ();
+#ifndef ENABLE_SMALL
+  ERR_free_strings ();
+#endif
+#endif
+
 #ifdef CRYPTO_MDEBUG
   FILE* fp = fopen ("sdlog", "w");
   ASSERT (fp);
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index d712c66a3..8f353253a 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -69,7 +69,9 @@ void
 tls_init_lib()
 {
   SSL_library_init();
+#ifndef ENABLE_SMALL
   SSL_load_error_strings();
+#endif
   OpenSSL_add_all_algorithms ();
 
   mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
@@ -80,7 +82,9 @@ void
 tls_free_lib()
 {
   EVP_cleanup();
+#ifndef ENABLE_SMALL
   ERR_free_strings();
+#endif
 }
 
 void