From 2445afd92c99ec0901a0e1a00fadda12aad15220 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Fri, 3 Feb 2023 18:07:47 +0100
Subject: [PATCH] Require openssl >= 1.1.1

Versions older this are sufficiently old that we don't want to support
them, and they require extra support code.
---
 configure.ac        |  2 +-
 src/libutil/hash.cc | 23 -----------------------
 src/libutil/util.cc |  1 -
 src/libutil/util.hh |  2 --
 4 files changed, 1 insertion(+), 27 deletions(-)

diff --git a/configure.ac b/configure.ac
index f1f45f868..ba5756169 100644
--- a/configure.ac
+++ b/configure.ac
@@ -184,7 +184,7 @@ fi
 
 # Look for OpenSSL, a required dependency. FIXME: this is only (maybe)
 # used by S3BinaryCacheStore.
-PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
+PKG_CHECK_MODULES([OPENSSL], [libcrypto >= 1.1.1], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
 
 
 # Look for libarchive.
diff --git a/src/libutil/hash.cc b/src/libutil/hash.cc
index 9df8bcfb4..02bddc8d9 100644
--- a/src/libutil/hash.cc
+++ b/src/libutil/hash.cc
@@ -17,29 +17,6 @@
 
 namespace nix {
 
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
-/* OpenSSL is not thread-safe by default - it will randomly crash
-   unless the user supplies a mutex locking function. So let's do
-   that. */
-static std::vector<std::mutex> opensslLocks;
-
-static void opensslLockCallback(int mode, int type, const char * file, int line)
-{
-    if (mode & CRYPTO_LOCK)
-        opensslLocks[type].lock();
-    else
-        opensslLocks[type].unlock();
-}
-#endif
-
-void initOpenSSL() {
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
-    /* Initialise OpenSSL locking. */
-    opensslLocks = std::vector<std::mutex>(CRYPTO_num_locks());
-    CRYPTO_set_locking_callback(opensslLockCallback);
-#endif
-}
-
 static size_t regularHashSize(HashType type) {
     switch (type) {
     case htMD5: return md5HashSize;
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index 5c19dc737..21d1c8dcd 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -48,7 +48,6 @@ extern char * * environ __attribute__((weak));
 namespace nix {
 
 void initLibUtil() {
-    initOpenSSL();
 }
 
 std::optional<std::string> getEnv(const std::string & key)
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index 08993e1cf..6ff9d2524 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -34,8 +34,6 @@ struct Source;
 
 void initLibUtil();
 
-void initOpenSSL();
-
 /**
  * The system for which Nix is compiled.
  */