From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Wed, 23 Nov 2016 08:27:45 +0000 (+0200)
Subject: Do not assign OpenSSL callbacks if not needed
X-Git-Tag: release_3_0_13~92^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1850%2Fhead;p=thirdparty%2Ffreeradius-server.git

Do not assign OpenSSL callbacks if not needed

Check if CRYPTO_set_id_callback and CRYPTO_set_locking_callback are
defined as functions (as opposed to stub macros), and if they aren't,
don't call them and don't define the corresponding callbacks.

This avoids the "unused function" warnings with OpenSSL v1.1.
---

diff --git a/configure b/configure
index 7ccfc171931..05860f885c1 100755
--- a/configure
+++ b/configure
@@ -8790,6 +8790,8 @@ fi
       HMAC_CTX_free \
       ASN1_STRING_get0_data \
       CONF_modules_load_file \
+      CRYPTO_set_id_callback \
+      CRYPTO_set_locking_callback
 
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
diff --git a/configure.ac b/configure.ac
index 53a27a1015f..9ead51dbb66 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1188,6 +1188,8 @@ if test "x$WITH_OPENSSL" = xyes; then
       HMAC_CTX_free \
       ASN1_STRING_get0_data \
       CONF_modules_load_file \
+      CRYPTO_set_id_callback \
+      CRYPTO_set_locking_callback
     )
     CPPFLAGS="$old_CPPFLAGS"
   fi
diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in
index d38228199c4..7fc5127704f 100644
--- a/src/include/autoconf.h.in
+++ b/src/include/autoconf.h.in
@@ -72,6 +72,12 @@
 /* Do we have the crypt function */
 #undef HAVE_CRYPT
 
+/* Define to 1 if you have the `CRYPTO_set_id_callback' function. */
+#undef HAVE_CRYPTO_SET_ID_CALLBACK
+
+/* Define to 1 if you have the `CRYPTO_set_locking_callback' function. */
+#undef HAVE_CRYPTO_SET_LOCKING_CALLBACK
+
 /* Define to 1 if you have the <crypt.h> header file. */
 #undef HAVE_CRYPT_H
 
diff --git a/src/main/threads.c b/src/main/threads.c
index cc79d0c555a..ae5a5ae06c1 100644
--- a/src/main/threads.c
+++ b/src/main/threads.c
@@ -222,6 +222,7 @@ static const CONF_PARSER thread_config[] = {
 
 static pthread_mutex_t *ssl_mutexes = NULL;
 
+#ifdef HAVE_CRYPTO_SET_ID_CALLBACK
 static unsigned long ssl_id_function(void)
 {
 	unsigned long ret;
@@ -235,7 +236,9 @@ static unsigned long ssl_id_function(void)
 
 	return ret;
 }
+#endif
 
+#ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
 static void ssl_locking_function(int mode, int n, UNUSED char const *file, UNUSED int line)
 {
 	if (mode & CRYPTO_LOCK) {
@@ -244,6 +247,7 @@ static void ssl_locking_function(int mode, int n, UNUSED char const *file, UNUSE
 		pthread_mutex_unlock(&(ssl_mutexes[n]));
 	}
 }
+#endif
 
 static int setup_ssl_mutexes(void)
 {
@@ -259,8 +263,12 @@ static int setup_ssl_mutexes(void)
 		pthread_mutex_init(&(ssl_mutexes[i]), NULL);
 	}
 
+#ifdef HAVE_CRYPTO_SET_ID_CALLBACK
 	CRYPTO_set_id_callback(ssl_id_function);
+#endif
+#ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
 	CRYPTO_set_locking_callback(ssl_locking_function);
+#endif
 
 	return 1;
 }
@@ -1105,8 +1113,12 @@ void thread_pool_stop(void)
 	 *	We're no longer threaded.  Remove the mutexes and free
 	 *	the memory.
 	 */
+#ifdef HAVE_CRYPTO_SET_ID_CALLBACK
 	CRYPTO_set_id_callback(NULL);
+#endif
+#ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
 	CRYPTO_set_locking_callback(NULL);
+#endif
 
 	free(ssl_mutexes);
 #endif