More portable fix for the qidx issue.

We still don't really understand why it's happening. As long as that init
happens after the pthread_rwlock_rdlock(&aes_mt_ctx->tid_lock); line it's fine.
Tentatively thinking it's a weird compiler optimization problem. Commentted in line
as well.

Also add a fix (from OpenSSH) to compile failures if there is no EC in
openssl.

Author: rapier1

cipher-ctr-mt-functions.c

@@ -280,10 +280,16 @@ thread_loop(void *job)
 	 * a draining queue to become empty.
 	 *
 	 * Multiple threads may be waiting on a draining queue and awoken
-	 * when empty.  The first thread to wake will mark it as filling,
+	 * when empty. qThe first thread to wake will mark it as filling,
 	 * others will move on to fill, skip, or wait on the next queue.
+	 * We init qidx here because if we do it at the top of the function
+	 * we get a warning about it possibly being clobbered. The exact reason
+	 * doesn't make a lot of sense but it has to happen after the
+	 * first pthread_rwlock_rdlock(). Might have something to do with
+	 * incorrect compiler optimizations.
 	 */
-	for (int qidx = 1;; qidx = (qidx + 1) % numkq) {
+	int qidx;
+	for (qidx = 1;; qidx = (qidx + 1) % numkq) {
 		/* Check if I was cancelled, also checked in cond_wait */
 		pthread_testcancel();
 

ssh-pkcs11-client.c

@@ -457,6 +457,7 @@ pkcs11_make_cert(const struct sshkey *priv,
 		RSA_set_method(ret->rsa, helper->rsa_meth);
 		if (helper->nrsa++ >= INT_MAX)
 			fatal_f("RSA refcount error");
+#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
 	} else if (priv->type == KEY_ECDSA) {
 		if ((helper = helper_by_ec(priv->ecdsa)) == NULL ||
 		    helper->fd == -1)
@@ -466,6 +467,7 @@ pkcs11_make_cert(const struct sshkey *priv,
 		EC_KEY_set_method(ret->ecdsa, helper->ec_meth);
 		if (helper->nec++ >= INT_MAX)
 			fatal_f("EC refcount error");
+#endif
 	} else
 		fatal_f("unknown key type %s", sshkey_type(priv));