diff --git a/debian/patches/debian/no_lib64_on_64_bits.patch b/debian/patches/debian/no_lib64_on_64_bits.patch index 7275dfe49..a16c3e853 100644 --- a/debian/patches/debian/no_lib64_on_64_bits.patch +++ b/debian/patches/debian/no_lib64_on_64_bits.patch @@ -7,7 +7,7 @@ Subject: no_lib64_on_64_bits 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/Makefile.defs b/src/Makefile.defs -index 5d485bb..33b83ad 100644 +index d393653..f43d100 100644 --- a/src/Makefile.defs +++ b/src/Makefile.defs @@ -458,15 +458,7 @@ endif diff --git a/debian/patches/series b/debian/patches/series index 6784cec4d..6663e9701 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -32,18 +32,7 @@ sipwise/sca-debug.patch sipwise/sca-fix-notify-after-bye.patch sipwise/sca-add-pai_avp-parameter.patch ## upstream 5.7 -upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch -upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch -upstream/tls-init-early-the-local-lock-for-memory.patch -upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch -upstream/tls-OpenSSL-3.x-thread-local-init-libssl-in-thread-o.patch -upstream/tls-fix-compilation-with-OpenSSL-1.1.1.patch -upstream/tls-OpenSSL-1.1.1-thread-local-init-libssl-in-thread.patch -upstream/tls-thread-local-revert-1a9b0b6361-as-double-layer-l.patch -upstream/tls-OpenSSL-3.x-1.1.1-thread-local-clean-up-dead-cod.patch -upstream/outbound-OpenSSL-3.x-thread-local-init-libssl-in-thr.patch -upstream/outbound-OpenSSL-1.1.1-thread-local-init-libssl-in-t.patch -upstream/outbound-build-fix-missing-argument-name.patch +# ## upstream master sipwise/pv_headers-rework-pvh_remove_header_param-take-two.patch upstream/pv_headers-compare-result-of-pvh_set_xavi-with-NULL-.patch diff --git a/debian/patches/sipwise/add_lcr_rate_module.patch b/debian/patches/sipwise/add_lcr_rate_module.patch index bdf9189ff..e577143db 100644 --- a/debian/patches/sipwise/add_lcr_rate_module.patch +++ b/debian/patches/sipwise/add_lcr_rate_module.patch @@ -13,7 +13,7 @@ Subject: add_lcr_rate_module create mode 100644 src/modules/lcr_rate/lcr_rate_mod.c diff --git a/src/Makefile.groups b/src/Makefile.groups -index 15fec0d..87e624a 100644 +index 4dcac9e..c419f7d 100644 --- a/src/Makefile.groups +++ b/src/Makefile.groups @@ -112,6 +112,9 @@ mod_list_sctp=sctp diff --git a/debian/patches/sipwise/add_pcem_module.patch b/debian/patches/sipwise/add_pcem_module.patch index 495cb881f..f34301c34 100644 --- a/debian/patches/sipwise/add_pcem_module.patch +++ b/debian/patches/sipwise/add_pcem_module.patch @@ -17,7 +17,7 @@ Subject: add_pcem_module create mode 100644 src/modules/pcem/pcem_mod.h diff --git a/src/Makefile.groups b/src/Makefile.groups -index 7d05dc1..15fec0d 100644 +index ee4ec90..4dcac9e 100644 --- a/src/Makefile.groups +++ b/src/Makefile.groups @@ -30,8 +30,8 @@ mod_list_db=acc alias_db auth_db avpops cfg_db db_text db_flatstore \ diff --git a/debian/patches/sipwise/add_presence_dfks_module.patch b/debian/patches/sipwise/add_presence_dfks_module.patch index 4a62037f3..cc5e271f1 100644 --- a/debian/patches/sipwise/add_presence_dfks_module.patch +++ b/debian/patches/sipwise/add_presence_dfks_module.patch @@ -22,7 +22,7 @@ Subject: add_presence_dfks_module create mode 100644 src/modules/presence_dfks/presence_dfks.h diff --git a/src/Makefile.groups b/src/Makefile.groups -index 4aee35f..ec0d8ac 100644 +index b85c1c5..f61bcec 100644 --- a/src/Makefile.groups +++ b/src/Makefile.groups @@ -121,7 +121,7 @@ mod_list_presence=presence presence_conference presence_dialoginfo \ diff --git a/debian/patches/sipwise/add_tcap_module.patch b/debian/patches/sipwise/add_tcap_module.patch index 61c1af485..55a017fe2 100644 --- a/debian/patches/sipwise/add_tcap_module.patch +++ b/debian/patches/sipwise/add_tcap_module.patch @@ -11,7 +11,7 @@ Subject: add_tcap_module create mode 100644 src/modules/tcap/tcap_mod.c diff --git a/src/Makefile.groups b/src/Makefile.groups -index 87e624a..4aee35f 100644 +index c419f7d..b85c1c5 100644 --- a/src/Makefile.groups +++ b/src/Makefile.groups @@ -217,6 +217,9 @@ mod_list_erlang=erlang diff --git a/debian/patches/sipwise/dialog-dlg_get_ttag.patch b/debian/patches/sipwise/dialog-dlg_get_ttag.patch index c2e302dd6..c04ded3c6 100644 --- a/debian/patches/sipwise/dialog-dlg_get_ttag.patch +++ b/debian/patches/sipwise/dialog-dlg_get_ttag.patch @@ -9,7 +9,7 @@ Subject: dialog: dlg_get_ttag() 3 files changed, 211 insertions(+) diff --git a/src/modules/dialog/dialog.c b/src/modules/dialog/dialog.c -index 7a416ee..02c8b1b 100644 +index 0127e61..a0d654d 100644 --- a/src/modules/dialog/dialog.c +++ b/src/modules/dialog/dialog.c @@ -54,6 +54,7 @@ diff --git a/debian/patches/sipwise/dialog-support-profile_get_size-for-all-profiles.patch b/debian/patches/sipwise/dialog-support-profile_get_size-for-all-profiles.patch index 8023bba73..c7b506ea3 100644 --- a/debian/patches/sipwise/dialog-support-profile_get_size-for-all-profiles.patch +++ b/debian/patches/sipwise/dialog-support-profile_get_size-for-all-profiles.patch @@ -10,7 +10,7 @@ Subject: dialog: support profile_get_size for all profiles 4 files changed, 69 insertions(+) diff --git a/src/modules/dialog/dialog.c b/src/modules/dialog/dialog.c -index e937947..7a416ee 100644 +index 79221a1..0127e61 100644 --- a/src/modules/dialog/dialog.c +++ b/src/modules/dialog/dialog.c @@ -3026,6 +3026,31 @@ static void internal_rpc_profile_get_size( diff --git a/debian/patches/sipwise/presence_vqr.patch b/debian/patches/sipwise/presence_vqr.patch index 87127a4fb..ebf952c4c 100644 --- a/debian/patches/sipwise/presence_vqr.patch +++ b/debian/patches/sipwise/presence_vqr.patch @@ -25,7 +25,7 @@ Subject: presence_vqr create mode 100644 src/modules/presence_vqr/presence_vqr.h diff --git a/src/Makefile.groups b/src/Makefile.groups -index ec0d8ac..df52698 100644 +index f61bcec..be89aae 100644 --- a/src/Makefile.groups +++ b/src/Makefile.groups @@ -121,7 +121,7 @@ mod_list_presence=presence presence_conference presence_dialoginfo \ diff --git a/debian/patches/sipwise/pv_trans_eval_uri.patch b/debian/patches/sipwise/pv_trans_eval_uri.patch index 11fd0b1fa..483c98a1c 100644 --- a/debian/patches/sipwise/pv_trans_eval_uri.patch +++ b/debian/patches/sipwise/pv_trans_eval_uri.patch @@ -7,7 +7,7 @@ Subject: pv_trans_eval_uri 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/modules/pv/pv_trans.c b/src/modules/pv/pv_trans.c -index 5204c8f..80c42ef 100644 +index e4754e7..07a3957 100644 --- a/src/modules/pv/pv_trans.c +++ b/src/modules/pv/pv_trans.c @@ -1542,7 +1542,8 @@ int tr_eval_uri( diff --git a/debian/patches/sipwise/usrloc_dbro.patch b/debian/patches/sipwise/usrloc_dbro.patch index 826a2a0c3..856e608e8 100644 --- a/debian/patches/sipwise/usrloc_dbro.patch +++ b/debian/patches/sipwise/usrloc_dbro.patch @@ -8,7 +8,7 @@ Subject: usrloc_dbro 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/src/modules/usrloc/usrloc_mod.c b/src/modules/usrloc/usrloc_mod.c -index de75545..fcbb171 100644 +index 16a48e4..2c77f29 100644 --- a/src/modules/usrloc/usrloc_mod.c +++ b/src/modules/usrloc/usrloc_mod.c @@ -198,6 +198,7 @@ str ulattrs_last_mod_col = str_init( diff --git a/debian/patches/upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch b/debian/patches/upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch deleted file mode 100644 index f58b02c38..000000000 --- a/debian/patches/upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Daniel-Constantin Mierla -Date: Fri, 24 Nov 2023 10:38:49 +0100 -Subject: Makefile.groups: tlsa in packaging group ktls if - KTLS_INCLUDE_TLSA=yes - -- if not, then it is in separate group module_group_ktlsa - -(cherry picked from commit a49c8d8d968e31a539e47db6c06a0756e4be55e3) ---- - src/Makefile.groups | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/src/Makefile.groups b/src/Makefile.groups -index df52698..0c74b3e 100644 ---- a/src/Makefile.groups -+++ b/src/Makefile.groups -@@ -88,12 +88,12 @@ mod_list_memcached=memcached - # - modules depending on openssl library - mod_list_tlsdeps=crypto tls - --# - modules depending on openssl (+curl) library --mod_list_tlsdeps_curl=auth_identity -- - # - modules depending on static openssl library - mod_list_tlsa=tlsa - -+# - modules depending on openssl (+curl) library -+mod_list_tlsdeps_curl=auth_identity -+ - # - modules depending on static wolfssl library - mod_list_tls_wolfssl=tls_wolfssl - -@@ -414,11 +414,13 @@ module_group_kmemcached=$(mod_list_memcached) - # pkg tls module - module_group_ktls_basic=$(mod_list_tlsdeps) - -+ifeq ($(KTLS_INCLUDE_TLSA),yes) - # pkg tls module with curl --module_group_ktls=$(mod_list_tlsdeps) $(mod_list_tlsdeps_curl) -- -+module_group_ktls=$(mod_list_tlsdeps) $(mod_list_tlsdeps_curl) $(mod_list_tlsa) -+else - # pkg tlsa module - module_group_ktlsa=$(mod_list_tlsa) -+endif - - # pkg tls_wolfssl module - module_group_ktls_wolfssl=$(mod_list_tls_wolfssl) diff --git a/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch b/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch deleted file mode 100644 index 4f22bfe06..000000000 --- a/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Daniel-Constantin Mierla -Date: Fri, 8 Dec 2023 22:10:36 +0100 -Subject: core: parse privacy recompute lenght of rest to parse - -(cherry picked from commit 804ee651b45498727196886c97cb55d20b254c4a) ---- - src/core/parser/parse_privacy.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/core/parser/parse_privacy.c b/src/core/parser/parse_privacy.c -index 6443146..89423c1 100644 ---- a/src/core/parser/parse_privacy.c -+++ b/src/core/parser/parse_privacy.c -@@ -178,14 +178,13 @@ int parse_privacy(struct sip_msg *msg) - - values = 0; - p = next.s; -- len = next.len; -- beyond = p + len; -+ beyond = next.s + next.len; - - while(p < beyond) { -+ len = beyond - p; - if((val_len = parse_priv_value(p, len, &value)) != 0) { - values |= value; - p = p + val_len; -- len = len - val_len; - } else { - LM_ERR("invalid privacy value\n"); - return -1; diff --git a/debian/patches/upstream/outbound-OpenSSL-1.1.1-thread-local-init-libssl-in-t.patch b/debian/patches/upstream/outbound-OpenSSL-1.1.1-thread-local-init-libssl-in-t.patch deleted file mode 100644 index 91677c07b..000000000 --- a/debian/patches/upstream/outbound-OpenSSL-1.1.1-thread-local-init-libssl-in-t.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: S-P Chan -Date: Thu, 4 Jan 2024 21:47:23 +0800 -Subject: outbound: OpenSSL 1.1.1 thread-local, init libssl in thread - -(cherry-pick from 689de2736f5c92f11860e5854ccd95c84239f032) ---- - src/modules/outbound/outbound_mod.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/modules/outbound/outbound_mod.c b/src/modules/outbound/outbound_mod.c -index 00c0a66..a797eb8 100644 ---- a/src/modules/outbound/outbound_mod.c -+++ b/src/modules/outbound/outbound_mod.c -@@ -110,7 +110,7 @@ static int mod_init(void) - } - ob_key.len = OB_KEY_LEN; - --#if OPENSSL_VERSION_NUMBER < 0x030000000L -+#if OPENSSL_VERSION_NUMBER < 0x010101000L - mod_init_openssl(NULL); - #else - pthread_t tid; diff --git a/debian/patches/upstream/outbound-OpenSSL-3.x-thread-local-init-libssl-in-thr.patch b/debian/patches/upstream/outbound-OpenSSL-3.x-thread-local-init-libssl-in-thr.patch deleted file mode 100644 index 713702ada..000000000 --- a/debian/patches/upstream/outbound-OpenSSL-3.x-thread-local-init-libssl-in-thr.patch +++ /dev/null @@ -1,64 +0,0 @@ -From: S-P Chan -Date: Thu, 4 Jan 2024 20:11:21 +0800 -Subject: outbound: OpenSSL 3.x thread-local, init libssl in thread - -(cherry-pick from 4742c8131aba878c4fc954e42b656b9d4bafdd24) ---- - src/modules/outbound/outbound_mod.c | 37 +++++++++++++++++++++++++------------ - 1 file changed, 25 insertions(+), 12 deletions(-) - -diff --git a/src/modules/outbound/outbound_mod.c b/src/modules/outbound/outbound_mod.c -index 4e408e2..00c0a66 100644 ---- a/src/modules/outbound/outbound_mod.c -+++ b/src/modules/outbound/outbound_mod.c -@@ -75,6 +75,23 @@ struct module_exports exports = { - destroy /* destroy function */ - }; - -+static void *mod_init_openssl(void *) { -+ if(flow_token_secret.s) { -+ assert(ob_key.len == SHA_DIGEST_LENGTH); -+ LM_DBG("flow_token_secret mod param set. use persistent ob_key"); -+ SHA1((const unsigned char *)flow_token_secret.s, flow_token_secret.len, -+ (unsigned char *)ob_key.s); -+ } else { -+ if(RAND_bytes((unsigned char *)ob_key.s, ob_key.len) == 0) { -+ LM_ERR("unable to get %d cryptographically strong pseudo-" -+ "random bytes\n", -+ ob_key.len); -+ } -+ } -+ -+ return NULL; -+} -+ - static int mod_init(void) - { - if(ob_force_flag != -1 && !flag_in_range(ob_force_flag)) { -@@ -93,18 +110,14 @@ static int mod_init(void) - } - ob_key.len = OB_KEY_LEN; - -- if(flow_token_secret.s) { -- assert(ob_key.len == SHA_DIGEST_LENGTH); -- LM_DBG("flow_token_secret mod param set. use persistent ob_key"); -- SHA1((const unsigned char *)flow_token_secret.s, flow_token_secret.len, -- (unsigned char *)ob_key.s); -- } else { -- if(RAND_bytes((unsigned char *)ob_key.s, ob_key.len) == 0) { -- LM_ERR("unable to get %d cryptographically strong pseudo-" -- "random bytes\n", -- ob_key.len); -- } -- } -+#if OPENSSL_VERSION_NUMBER < 0x030000000L -+ mod_init_openssl(NULL); -+#else -+ pthread_t tid; -+ void *retval; -+ pthread_create(&tid, NULL, mod_init_openssl, NULL); -+ pthread_join(tid, &retval); -+#endif - - if(cfg_declare("outbound", outbound_cfg_def, &default_outbound_cfg, - cfg_sizeof(outbound), &outbound_cfg)) { diff --git a/debian/patches/upstream/outbound-build-fix-missing-argument-name.patch b/debian/patches/upstream/outbound-build-fix-missing-argument-name.patch deleted file mode 100644 index 95dc260e8..000000000 --- a/debian/patches/upstream/outbound-build-fix-missing-argument-name.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: S-P Chan -Date: Fri, 5 Jan 2024 20:56:39 +0800 -Subject: outbound: build, fix missing argument name - -(cherry-pick from 4708f537d7f5d28123b48cd89474a4931dd698ad) ---- - src/modules/outbound/outbound_mod.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/modules/outbound/outbound_mod.c b/src/modules/outbound/outbound_mod.c -index a797eb8..32f10f6 100644 ---- a/src/modules/outbound/outbound_mod.c -+++ b/src/modules/outbound/outbound_mod.c -@@ -75,7 +75,7 @@ struct module_exports exports = { - destroy /* destroy function */ - }; - --static void *mod_init_openssl(void *) { -+static void *mod_init_openssl(void *arg) { - if(flow_token_secret.s) { - assert(ob_key.len == SHA_DIGEST_LENGTH); - LM_DBG("flow_token_secret mod param set. use persistent ob_key"); diff --git a/debian/patches/upstream/tls-OpenSSL-1.1.1-thread-local-init-libssl-in-thread.patch b/debian/patches/upstream/tls-OpenSSL-1.1.1-thread-local-init-libssl-in-thread.patch deleted file mode 100644 index bf30952c8..000000000 --- a/debian/patches/upstream/tls-OpenSSL-1.1.1-thread-local-init-libssl-in-thread.patch +++ /dev/null @@ -1,94 +0,0 @@ -From: S-P Chan -Date: Thu, 4 Jan 2024 21:56:00 +0800 -Subject: tls: OpenSSL 1.1.1 thread-local, init libssl in thread - -- no need for RAND workaround; default is OpenSSL 1.1.1 RAND -- linux/pthreads will handle forking - -(cherry-pick from 7b531cfe038fae5e3414ac74c4e076c10e32b86c) ---- - src/modules/tls/tls_init.c | 5 +++-- - src/modules/tls/tls_mod.c | 22 ++++++++++++---------- - 2 files changed, 15 insertions(+), 12 deletions(-) - -diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c -index 872fdb2..2d5a9e1 100644 ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -825,7 +825,8 @@ int tls_h_mod_pre_init_f(void) - #if OPENSSL_VERSION_NUMBER >= 0x030000000L - // skip init for 3.x - #elif OPENSSL_VERSION_NUMBER >= 0x010101000L -- OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL); -+ //not needed on Linux -+ //OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL); - #else - OPENSSL_init_ssl(0, NULL); - #endif -@@ -833,7 +834,7 @@ int tls_h_mod_pre_init_f(void) - LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n"); - SSL_library_init(); - #endif --#if OPENSSL_VERSION_NUMBER < 0x030000000L -+#if OPENSSL_VERSION_NUMBER < 0x010101000L - SSL_load_error_strings(); - #endif - -diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c -index 1e74ba0..03874ed 100644 ---- a/src/modules/tls/tls_mod.c -+++ b/src/modules/tls/tls_mod.c -@@ -440,8 +440,16 @@ static int mod_child(int rank) - - /* fix tls config only from the main proc/PROC_INIT., when we know - * the exact process number and before any other process starts*/ -+ if(rank == PROC_INIT) { -+#if OPENSSL_VERSION_NUMBER >= 0x010101000L \ -+ && OPENSSL_VERSION_NUMBER < 0x030000000L -+ if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) { -+ // not needed on Linux: OPENSSL_fork_prepare(); -+ } -+#endif -+ } - --#if OPENSSL_VERSION_NUMBER >= 0x030000000L -+#if OPENSSL_VERSION_NUMBER >= 0x010101000L - /* - * OpenSSL 3.x: create shared SSL_CTX* in worker to avoid init of - * libssl in rank 0(thread#1) -@@ -460,12 +468,6 @@ static int mod_child(int rank) - < 0) - return -1; - } --#if OPENSSL_VERSION_NUMBER >= 0x010101000L \ -- && OPENSSL_VERSION_NUMBER < 0x030000000L -- if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) { -- OPENSSL_fork_prepare(); -- } --#endif - return 0; - } - -@@ -476,11 +478,11 @@ static int mod_child(int rank) - /* - * this is called after forking of all child processes - */ -- OPENSSL_fork_parent(); -+ // not needed on Linux: OPENSSL_fork_parent(); - return 0; - } - if(!_ksr_is_main) { -- OPENSSL_fork_child(); -+ // not needed on Linux: OPENSSL_fork_child(); - } - } - #endif -@@ -691,7 +693,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) - #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ - && OPENSSL_VERSION_NUMBER < 0x030000000L - LM_DBG("setting cryptorand random engine\n"); -- RAND_set_rand_method(RAND_ksr_cryptorand_method()); -+ // RAND_set_rand_method(RAND_ksr_cryptorand_method()); - #endif - - sr_kemi_modules_add(sr_kemi_tls_exports); diff --git a/debian/patches/upstream/tls-OpenSSL-3.x-1.1.1-thread-local-clean-up-dead-cod.patch b/debian/patches/upstream/tls-OpenSSL-3.x-1.1.1-thread-local-clean-up-dead-cod.patch deleted file mode 100644 index 4b6cb7f33..000000000 --- a/debian/patches/upstream/tls-OpenSSL-3.x-1.1.1-thread-local-clean-up-dead-cod.patch +++ /dev/null @@ -1,107 +0,0 @@ -From: S-P Chan -Date: Fri, 5 Jan 2024 07:38:56 +0800 -Subject: tls: OpenSSL 3.x/1.1.1 thread-local, - clean-up dead code and preprocessor blocks - -(cherry-pick from 798cc26908395d2ba21015684ad6f0ac4f012b2e) ---- - src/modules/tls/tls_init.c | 7 +------ - src/modules/tls/tls_mod.c | 44 ++++++++++---------------------------------- - 2 files changed, 11 insertions(+), 40 deletions(-) - -diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c -index 58289c6..65f5ae7 100644 ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -783,12 +783,7 @@ int tls_h_mod_pre_init_f(void) - LM_DBG("preparing tls env for modules initialization\n"); - #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER) - LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n"); --#if OPENSSL_VERSION_NUMBER >= 0x030000000L -- // skip init for 3.x --#elif OPENSSL_VERSION_NUMBER >= 0x010101000L -- //not needed on Linux -- //OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL); --#else -+#if OPENSSL_VERSION_NUMBER < 0x010100000L - OPENSSL_init_ssl(0, NULL); - #endif - #else -diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c -index 03874ed..7cad1b0 100644 ---- a/src/modules/tls/tls_mod.c -+++ b/src/modules/tls/tls_mod.c -@@ -438,20 +438,9 @@ static int mod_child(int rank) - if(tls_disable || (tls_domains_cfg == 0)) - return 0; - -- /* fix tls config only from the main proc/PROC_INIT., when we know -- * the exact process number and before any other process starts*/ -- if(rank == PROC_INIT) { --#if OPENSSL_VERSION_NUMBER >= 0x010101000L \ -- && OPENSSL_VERSION_NUMBER < 0x030000000L -- if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) { -- // not needed on Linux: OPENSSL_fork_prepare(); -- } --#endif -- } -- - #if OPENSSL_VERSION_NUMBER >= 0x010101000L - /* -- * OpenSSL 3.x: create shared SSL_CTX* in worker to avoid init of -+ * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of - * libssl in rank 0(thread#1) - */ - if(rank == PROC_SIPINIT) { -@@ -471,22 +460,6 @@ static int mod_child(int rank) - return 0; - } - --#if OPENSSL_VERSION_NUMBER >= 0x010101000L \ -- && OPENSSL_VERSION_NUMBER < 0x030000000L -- if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) { -- if(rank == PROC_POSTCHILDINIT) { -- /* -- * this is called after forking of all child processes -- */ -- // not needed on Linux: OPENSSL_fork_parent(); -- return 0; -- } -- if(!_ksr_is_main) { -- // not needed on Linux: OPENSSL_fork_child(); -- } -- } --#endif -- - #ifndef OPENSSL_NO_ENGINE - /* - * after the child is fork()ed we go through the TLS domains -@@ -514,6 +487,11 @@ static void mod_destroy(void) - * => nothing to do here */ - } - -+/* -+ * GH #3695: OpenSSL 1.1.1: it is no longer necessary to replace RAND -+ * - early init in rank 0 causes workers to inherit public_drbg/private_drbg -+ * which are not thread-safe -+ */ - - int ksr_rand_engine_param(modparam_t type, void *val) - { -@@ -690,12 +668,10 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) - - register_tls_hooks(&tls_h); - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L \ -- && OPENSSL_VERSION_NUMBER < 0x030000000L -- LM_DBG("setting cryptorand random engine\n"); -- // RAND_set_rand_method(RAND_ksr_cryptorand_method()); --#endif -- -+ /* -+ * GH #3695: OpenSSL 1.1.1 historical note: it is no longer -+ * needed to replace RAND with cryptorand -+ */ - sr_kemi_modules_add(sr_kemi_tls_exports); - - return 0; diff --git a/debian/patches/upstream/tls-OpenSSL-3.x-thread-local-init-libssl-in-thread-o.patch b/debian/patches/upstream/tls-OpenSSL-3.x-thread-local-init-libssl-in-thread-o.patch deleted file mode 100644 index f61b0cc02..000000000 --- a/debian/patches/upstream/tls-OpenSSL-3.x-thread-local-init-libssl-in-thread-o.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: S-P Chan -Date: Thu, 4 Jan 2024 20:00:09 +0800 -Subject: tls: OpenSSL 3.x thread-local, init libssl in thread or PROC_SIPINIT - -- avoid initialising ERR_STATE in rank 0(thread#1) - -(cherry-pick from e49a60e1052c6c1dcebe7f78f2ac970338eabe2e) ---- - src/modules/tls/tls_init.c | 83 +++++++++++++++++++++++++++------------------- - src/modules/tls/tls_mod.c | 11 +++++- - 2 files changed, 59 insertions(+), 35 deletions(-) - -diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c -index 57be9ca..0bc12d3 100644 ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -769,6 +769,44 @@ int tls_pre_init(void) - * tls mod pre-init function - * - executed before any mod_init() - */ -+long tls_h_mod_randctx(void *) { -+ do { -+ OSSL_LIB_CTX *osslglobal = NULL; -+ EVP_RAND_CTX *randctx = NULL; -+ -+ LM_DBG("enabling locking for rand ctx\n"); -+ -+ osslglobal = OSSL_LIB_CTX_get0_global_default(); -+ if(osslglobal == NULL) { -+ LM_ERR("failed to get lib ssl global ctx\n"); -+ return -1L; -+ } -+ -+ randctx = RAND_get0_primary(osslglobal); -+ if(randctx == NULL) { -+ LM_ERR("primary rand ctx is null\n"); -+ return -1L; -+ } -+ EVP_RAND_enable_locking(randctx); -+ -+ randctx = RAND_get0_public(osslglobal); -+ if(randctx == NULL) { -+ LM_ERR("public rand ctx is null\n"); -+ return -1L; -+ } -+ EVP_RAND_enable_locking(randctx); -+ -+ randctx = RAND_get0_private(osslglobal); -+ if(randctx == NULL) { -+ LM_ERR("private rand ctx is null\n"); -+ return -1L; -+ } -+ EVP_RAND_enable_locking(randctx); -+ } while(0); -+ -+ return 0L; -+} -+ - int tls_h_mod_pre_init_f(void) - { - if(tls_mod_preinitialized == 1) { -@@ -782,7 +820,9 @@ int tls_h_mod_pre_init_f(void) - LM_DBG("preparing tls env for modules initialization\n"); - #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER) - LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n"); --#if OPENSSL_VERSION_NUMBER >= 0x010101000L -+#if OPENSSL_VERSION_NUMBER >= 0x030000000L -+ // skip init for 3.x -+#elif OPENSSL_VERSION_NUMBER >= 0x010101000L - OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL); - #else - OPENSSL_init_ssl(0, NULL); -@@ -791,42 +831,17 @@ int tls_h_mod_pre_init_f(void) - LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n"); - SSL_library_init(); - #endif -+#if OPENSSL_VERSION_NUMBER < 0x030000000L - SSL_load_error_strings(); -+#endif - - #if OPENSSL_VERSION_NUMBER >= 0x030000000L -- do { -- OSSL_LIB_CTX *osslglobal = NULL; -- EVP_RAND_CTX *randctx = NULL; -- -- LM_DBG("enabling locking for rand ctx\n"); -- -- osslglobal = OSSL_LIB_CTX_get0_global_default(); -- if(osslglobal == NULL) { -- LM_ERR("failed to get lib ssl global ctx\n"); -- return -1; -- } -- -- randctx = RAND_get0_primary(osslglobal); -- if(randctx == NULL) { -- LM_ERR("primary rand ctx is null\n"); -- return -1; -- } -- EVP_RAND_enable_locking(randctx); -- -- randctx = RAND_get0_public(osslglobal); -- if(randctx == NULL) { -- LM_ERR("public rand ctx is null\n"); -- return -1; -- } -- EVP_RAND_enable_locking(randctx); -- -- randctx = RAND_get0_private(osslglobal); -- if(randctx == NULL) { -- LM_ERR("private rand ctx is null\n"); -- return -1; -- } -- EVP_RAND_enable_locking(randctx); -- } while(0); -+ pthread_t tid; -+ long rl; -+ pthread_create(&tid, NULL, (void *(*)(void *))tls_h_mod_randctx, NULL); -+ pthread_join(tid, (void **)&rl); -+ if ((int)rl) -+ return (int)rl; - #endif - - tls_mod_preinitialized = 1; -diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c -index 3a04776..1e74ba0 100644 ---- a/src/modules/tls/tls_mod.c -+++ b/src/modules/tls/tls_mod.c -@@ -440,7 +440,16 @@ static int mod_child(int rank) - - /* fix tls config only from the main proc/PROC_INIT., when we know - * the exact process number and before any other process starts*/ -- if(rank == PROC_INIT) { -+ -+#if OPENSSL_VERSION_NUMBER >= 0x030000000L -+ /* -+ * OpenSSL 3.x: create shared SSL_CTX* in worker to avoid init of -+ * libssl in rank 0(thread#1) -+ */ -+ if(rank == PROC_SIPINIT) { -+#else -+ if(rank == PROC_INIT) { -+#endif - if(cfg_get(tls, tls_cfg, config_file).s) { - if(tls_fix_domains_cfg( - *tls_domains_cfg, &srv_defaults, &cli_defaults) diff --git a/debian/patches/upstream/tls-fix-compilation-with-OpenSSL-1.1.1.patch b/debian/patches/upstream/tls-fix-compilation-with-OpenSSL-1.1.1.patch deleted file mode 100644 index fc48944c2..000000000 --- a/debian/patches/upstream/tls-fix-compilation-with-OpenSSL-1.1.1.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: S-P Chan -Date: Thu, 4 Jan 2024 21:51:15 +0800 -Subject: tls: fix compilation with OpenSSL <= 1.1.1 - -(cherry-pick from 7111687e1107261bcdd7a9f8cc90959754c93272) ---- - src/modules/tls/tls_init.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c -index 0bc12d3..872fdb2 100644 ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -769,6 +769,7 @@ int tls_pre_init(void) - * tls mod pre-init function - * - executed before any mod_init() - */ -+#if OPENSSL_VERSION_NUMBER >= 0x030000000L - long tls_h_mod_randctx(void *) { - do { - OSSL_LIB_CTX *osslglobal = NULL; -@@ -806,6 +807,7 @@ long tls_h_mod_randctx(void *) { - - return 0L; - } -+#endif - - int tls_h_mod_pre_init_f(void) - { diff --git a/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch b/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch deleted file mode 100644 index 74eaf7f6c..000000000 --- a/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Daniel-Constantin Mierla -Date: Fri, 8 Dec 2023 12:34:56 +0100 -Subject: tls: init early the local lock for memory - -- needed to done before mod param init_mode is set -- runtime uses the modparam to do lock/unlock -- #3668 - -(cherry picked from commit 1a9b0b63617afebcee2aecb3b2240d7684ecabc2) ---- - src/modules/tls/tls_init.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c -index 6106cc7..57be9ca 100644 ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -78,7 +78,7 @@ int ksr_tls_lock_init(void) - { - pthread_mutexattr_t attr; - -- if(!(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)) { -+ if(ksr_tls_lock_shm != NULL) { - return 0; - } - ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t)); -@@ -723,6 +723,11 @@ int tls_pre_init(void) - LM_INFO("libssl linked mode: static\n"); - #endif - -+ if(ksr_tls_lock_init() < 0) { -+ LM_ERR("failed to init local lock\n"); -+ return -1; -+ } -+ - /* - * this has to be called before any function calling CRYPTO_malloc, - * CRYPTO_malloc will set allow_customize in openssl to 0 -@@ -770,6 +775,10 @@ int tls_h_mod_pre_init_f(void) - LM_DBG("already mod pre-initialized\n"); - return 0; - } -+ if(ksr_tls_lock_init() < 0) { -+ LM_ERR("failed to init local lock\n"); -+ return -1; -+ } - LM_DBG("preparing tls env for modules initialization\n"); - #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER) - LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n"); diff --git a/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch b/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch deleted file mode 100644 index c10aa538f..000000000 --- a/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch +++ /dev/null @@ -1,218 +0,0 @@ -From: Daniel-Constantin Mierla -Date: Thu, 7 Dec 2023 13:00:50 +0100 -Subject: tls: rework init mode 1 to set PTHREAD_PROCESS_SHARED - -- pthread mutex set in shm -- GH #3635 - -(cherry picked from commit 4b068f49b618dca5fa85a1687bd9054c1d98ae6a) ---- - src/modules/tls/tls_init.c | 62 ++++++++++++++++++++++++++++++++-------------- - src/modules/tls/tls_mod.c | 8 +++--- - 2 files changed, 47 insertions(+), 23 deletions(-) - -diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c -index d7399e8..6106cc7 100644 ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -69,20 +69,31 @@ static int tls_mod_preinitialized = 0; - static int tls_mod_initialized = 0; - - extern int ksr_tls_init_mode; --pthread_mutex_t ksr_tls_lock_shm; -+static pthread_mutex_t *ksr_tls_lock_shm = NULL; - - /** - * - */ - int ksr_tls_lock_init(void) - { -+ pthread_mutexattr_t attr; -+ - if(!(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)) { - return 0; - } -- if(pthread_mutex_init(&ksr_tls_lock_shm, NULL) != 0) { -+ ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t)); -+ if(ksr_tls_lock_shm == NULL) { -+ LM_ERR("mutex allocation failed\n"); -+ return -1; -+ } -+ pthread_mutexattr_init(&attr); -+ pthread_mutexattr_setpshared(&attr, PTHREAD_PROCESS_SHARED); -+ if(pthread_mutex_init(ksr_tls_lock_shm, &attr) != 0) { -+ pthread_mutexattr_destroy(&attr); - LM_ERR("mutex init failed\n"); - return -1; - } -+ pthread_mutexattr_destroy(&attr); - return 0; - } - -@@ -94,7 +105,8 @@ void ksr_tls_lock_destroy(void) - if(!(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)) { - return; - } -- pthread_mutex_destroy(&ksr_tls_lock_shm); -+ pthread_mutex_destroy(ksr_tls_lock_shm); -+ shm_free(ksr_tls_lock_shm); - return; - } - -@@ -248,7 +260,7 @@ static void *ser_malloc(size_t size, const char *file, int line) - #endif - - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - - #ifdef RAND_NULL_MALLOC - /* start random null returns only after -@@ -278,7 +290,7 @@ static void *ser_malloc(size_t size, const char *file, int line) - } - #endif - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - -@@ -293,7 +305,7 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line) - #endif - - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - - #ifdef RAND_NULL_MALLOC - /* start random null returns only after -@@ -324,10 +336,22 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line) - #endif - - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - - return p; - } -+ -+static void ser_free(void *ptr, const char *fname, int fline) -+{ -+ if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -+ pthread_mutex_lock(ksr_tls_lock_shm); -+ if(ptr) { -+ shm_free(ptr); -+ } -+ if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -+ pthread_mutex_unlock(ksr_tls_lock_shm); -+} -+ - #endif /* LIBRESSL_VERSION_NUMBER */ - - #else /*TLS_MALLOC_DBG */ -@@ -340,10 +364,10 @@ static void *ser_malloc(size_t size) - void *p; - - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_malloc(size); - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - -@@ -352,10 +376,10 @@ static void *ser_realloc(void *ptr, size_t size) - { - void *p; - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_realloc(ptr, size); - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - #else -@@ -363,10 +387,10 @@ static void *ser_malloc(size_t size, const char *fname, int fline) - { - void *p; - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_malloc(size); - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - -@@ -375,10 +399,10 @@ static void *ser_realloc(void *ptr, size_t size, const char *fname, int fline) - { - void *p; - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_realloc(ptr, size); - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - #endif -@@ -396,23 +420,23 @@ static void ser_free(void *ptr) - * here in the wrapper function. - */ - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - if(ptr) { - shm_free(ptr); - } - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - } - #else - static void ser_free(void *ptr, const char *fname, int fline) - { - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(&ksr_tls_lock_shm); -+ pthread_mutex_lock(ksr_tls_lock_shm); - if(ptr) { - shm_free(ptr); - } - if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(&ksr_tls_lock_shm); -+ pthread_mutex_unlock(ksr_tls_lock_shm); - } - #endif - -diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c -index c966e34..3a04776 100644 ---- a/src/modules/tls/tls_mod.c -+++ b/src/modules/tls/tls_mod.c -@@ -402,10 +402,6 @@ static int mod_init(void) - if(tls_check_sockets(*tls_domains_cfg) < 0) - goto error; - -- if(ksr_tls_lock_init() < 0) { -- goto error; -- } -- - LM_INFO("use OpenSSL version: %08x\n", (uint32_t)(OPENSSL_VERSION_NUMBER)); - #ifndef OPENSSL_NO_ECDH - LM_INFO("With ECDH-Support!\n"); -@@ -674,6 +670,10 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) - if(!shm_initialized() && init_shm() < 0) - return -1; - -+ if(ksr_tls_lock_init() < 0) { -+ return -1; -+ } -+ - if(tls_pre_init() < 0) - return -1; - diff --git a/debian/patches/upstream/tls-thread-local-revert-1a9b0b6361-as-double-layer-l.patch b/debian/patches/upstream/tls-thread-local-revert-1a9b0b6361-as-double-layer-l.patch deleted file mode 100644 index de3e5b298..000000000 --- a/debian/patches/upstream/tls-thread-local-revert-1a9b0b6361-as-double-layer-l.patch +++ /dev/null @@ -1,140 +0,0 @@ -From: S-P Chan -Date: Fri, 5 Jan 2024 08:09:34 +0800 -Subject: tls: thread-local, - revert 1a9b0b6361 as double-layer locking is redundant - -- the 2nd lock was put in place as defensive programming for shm contention -- GH #3695: the underlying issue is early init of thread-locals - -(cherry-pick from 1c70775530b1a3a905e8a983610cb0d092b0d240) ---- - src/modules/tls/tls_init.c | 39 --------------------------------------- - 1 file changed, 39 deletions(-) - -diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c -index 2d5a9e1..58289c6 100644 ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -259,9 +259,6 @@ static void *ser_malloc(size_t size, const char *file, int line) - static ticks_t st = 0; - #endif - -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); -- - #ifdef RAND_NULL_MALLOC - /* start random null returns only after - * NULL_GRACE_PERIOD from first call */ -@@ -289,8 +286,6 @@ static void *ser_malloc(size_t size, const char *file, int line) - size, file, line, bt_buf); - } - #endif -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - -@@ -304,9 +299,6 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line) - static ticks_t st = 0; - #endif - -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); -- - #ifdef RAND_NULL_MALLOC - /* start random null returns only after - * NULL_GRACE_PERIOD from first call */ -@@ -335,21 +327,14 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line) - } - #endif - -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); -- - return p; - } - - static void ser_free(void *ptr, const char *fname, int fline) - { -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); - if(ptr) { - shm_free(ptr); - } -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - } - - #endif /* LIBRESSL_VERSION_NUMBER */ -@@ -363,11 +348,7 @@ static void *ser_malloc(size_t size) - { - void *p; - -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_malloc(size); -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - -@@ -375,22 +356,14 @@ static void *ser_malloc(size_t size) - static void *ser_realloc(void *ptr, size_t size) - { - void *p; -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_realloc(ptr, size); -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - #else - static void *ser_malloc(size_t size, const char *fname, int fline) - { - void *p; -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_malloc(size); -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - -@@ -398,11 +371,7 @@ static void *ser_malloc(size_t size, const char *fname, int fline) - static void *ser_realloc(void *ptr, size_t size, const char *fname, int fline) - { - void *p; -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); - p = shm_realloc(ptr, size); -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - return p; - } - #endif -@@ -419,24 +388,16 @@ static void ser_free(void *ptr) - * As shm_free() aborts on null pointers, we have to check for null pointer - * here in the wrapper function. - */ -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); - if(ptr) { - shm_free(ptr); - } -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - } - #else - static void ser_free(void *ptr, const char *fname, int fline) - { -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_lock(ksr_tls_lock_shm); - if(ptr) { - shm_free(ptr); - } -- if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) -- pthread_mutex_unlock(ksr_tls_lock_shm); - } - #endif -