From 39b54baa36e8625fd29d0a1ed6482f83fa78d322 Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor@novg.net>
Date: Tue, 28 Feb 2012 15:16:01 +0400
Subject: Remove calls to OpenSSL when building with --disable-ssl

Move OpenSSL calls out from the generic crypto layer and into the
OpenSSL specific layer.  Also don't load all algortihms if SSL
isn't enabled.

Error strings will also not be loaded into memory if ENABLE_SMALL
is configured.

Signed-off-by: Igor Novgorodov <igor@novg.net>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
---
 src/openvpn/crypto.c         |  4 ----
 src/openvpn/crypto_openssl.c | 15 +++++++++++++++
 src/openvpn/ssl_openssl.c    |  4 ++++
 3 files changed, 19 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index f811966..03781fc 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1384,8 +1384,6 @@ get_random()
 void
 init_ssl_lib (void)
 {
-  ERR_load_crypto_strings ();
-  OpenSSL_add_all_algorithms ();
   crypto_init_lib ();
 }
 
@@ -1394,8 +1392,6 @@ free_ssl_lib (void)
 {
   crypto_uninit_lib ();
   prng_uninit();
-  EVP_cleanup ();
-  ERR_free_strings ();
 }
 
 #endif /* ENABLE_SSL */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4a3be1e..5342502 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -194,11 +194,19 @@ crypto_init_lib_engine (const char *engine_name)
 void
 crypto_init_lib (void)
 {
+#ifndef USE_SSL
+#ifndef ENABLE_SMALL
+  ERR_load_crypto_strings ();
+#endif
+  OpenSSL_add_all_algorithms ();
+#endif
+
   /*
    * If you build the OpenSSL library and OpenVPN with
    * CRYPTO_MDEBUG, you will get a listing of OpenSSL
    * memory leaks on program termination.
    */
+
 #ifdef CRYPTO_MDEBUG
   CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 #endif
@@ -207,6 +215,13 @@ crypto_init_lib (void)
 void
 crypto_uninit_lib (void)
 {
+#ifndef USE_SSL
+  EVP_cleanup ();
+#ifndef ENABLE_SMALL
+  ERR_free_strings ();
+#endif
+#endif
+
 #ifdef CRYPTO_MDEBUG
   FILE* fp = fopen ("sdlog", "w");
   ASSERT (fp);
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index d712c66..8f35325 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -69,7 +69,9 @@ void
 tls_init_lib()
 {
   SSL_library_init();
+#ifndef ENABLE_SMALL
   SSL_load_error_strings();
+#endif
   OpenSSL_add_all_algorithms ();
 
   mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
@@ -80,7 +82,9 @@ void
 tls_free_lib()
 {
   EVP_cleanup();
+#ifndef ENABLE_SMALL
   ERR_free_strings();
+#endif
 }
 
 void
-- 
cgit