MT#59178 remove already applied patches

Change-Id: Ie4f68a60e4b4ecfc798efef940cfd944b2b85f9d (cherry picked from commit 8becf82158) (cherry picked from commit e1233a185d)
1 year ago · a46e882a3a
parent 1ae53feaa6
commit a46e882a3a
22 changed files with 10 additions and 989 deletions
--- a/debian/patches/debian/no_lib64_on_64_bits.patch
+++ b/debian/patches/debian/no_lib64_on_64_bits.patch
@ -7,7 +7,7 @@ Subject: no_lib64_on_64_bits
 1 file changed, 1 insertion(+), 9 deletions(-)

 diff --git a/src/Makefile.defs b/src/Makefile.defs
-index 5d485bb..33b83ad 100644
+index d393653..f43d100 100644
 --- a/src/Makefile.defs
 +++ b/src/Makefile.defs
@@ -458,15 +458,7 @@ endif
--- a/debian/patches/series
+++ b/debian/patches/series
@ -32,18 +32,7 @@ sipwise/sca-debug.patch
 sipwise/sca-fix-notify-after-bye.patch
 sipwise/sca-add-pai_avp-parameter.patch
 ## upstream 5.7
-upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch
-upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch
-upstream/tls-init-early-the-local-lock-for-memory.patch
-upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch
-upstream/tls-OpenSSL-3.x-thread-local-init-libssl-in-thread-o.patch
-upstream/tls-fix-compilation-with-OpenSSL-1.1.1.patch
-upstream/tls-OpenSSL-1.1.1-thread-local-init-libssl-in-thread.patch
-upstream/tls-thread-local-revert-1a9b0b6361-as-double-layer-l.patch
-upstream/tls-OpenSSL-3.x-1.1.1-thread-local-clean-up-dead-cod.patch
-upstream/outbound-OpenSSL-3.x-thread-local-init-libssl-in-thr.patch
-upstream/outbound-OpenSSL-1.1.1-thread-local-init-libssl-in-t.patch
-upstream/outbound-build-fix-missing-argument-name.patch
+#
 ## upstream master
 sipwise/pv_headers-rework-pvh_remove_header_param-take-two.patch
 upstream/pv_headers-compare-result-of-pvh_set_xavi-with-NULL-.patch
--- a/debian/patches/sipwise/add_lcr_rate_module.patch
+++ b/debian/patches/sipwise/add_lcr_rate_module.patch
@ -13,7 +13,7 @@ Subject: add_lcr_rate_module
 create mode 100644 src/modules/lcr_rate/lcr_rate_mod.c

 diff --git a/src/Makefile.groups b/src/Makefile.groups
-index 15fec0d..87e624a 100644
+index 4dcac9e..c419f7d 100644
 --- a/src/Makefile.groups
 +++ b/src/Makefile.groups
@@ -112,6 +112,9 @@ mod_list_sctp=sctp
--- a/debian/patches/sipwise/add_pcem_module.patch
+++ b/debian/patches/sipwise/add_pcem_module.patch
@ -17,7 +17,7 @@ Subject: add_pcem_module
 create mode 100644 src/modules/pcem/pcem_mod.h

 diff --git a/src/Makefile.groups b/src/Makefile.groups
-index 7d05dc1..15fec0d 100644
+index ee4ec90..4dcac9e 100644
 --- a/src/Makefile.groups
 +++ b/src/Makefile.groups
@@ -30,8 +30,8 @@ mod_list_db=acc alias_db auth_db avpops cfg_db db_text db_flatstore \
--- a/debian/patches/sipwise/add_presence_dfks_module.patch
+++ b/debian/patches/sipwise/add_presence_dfks_module.patch
@ -22,7 +22,7 @@ Subject: add_presence_dfks_module
 create mode 100644 src/modules/presence_dfks/presence_dfks.h

 diff --git a/src/Makefile.groups b/src/Makefile.groups
-index 4aee35f..ec0d8ac 100644
+index b85c1c5..f61bcec 100644
 --- a/src/Makefile.groups
 +++ b/src/Makefile.groups
@@ -121,7 +121,7 @@ mod_list_presence=presence presence_conference presence_dialoginfo \
--- a/debian/patches/sipwise/add_tcap_module.patch
+++ b/debian/patches/sipwise/add_tcap_module.patch
@ -11,7 +11,7 @@ Subject: add_tcap_module
 create mode 100644 src/modules/tcap/tcap_mod.c

 diff --git a/src/Makefile.groups b/src/Makefile.groups
-index 87e624a..4aee35f 100644
+index c419f7d..b85c1c5 100644
 --- a/src/Makefile.groups
 +++ b/src/Makefile.groups
@@ -217,6 +217,9 @@ mod_list_erlang=erlang
--- a/debian/patches/sipwise/dialog-dlg_get_ttag.patch
+++ b/debian/patches/sipwise/dialog-dlg_get_ttag.patch
@ -9,7 +9,7 @@ Subject: dialog: dlg_get_ttag()
 3 files changed, 211 insertions(+)

 diff --git a/src/modules/dialog/dialog.c b/src/modules/dialog/dialog.c
-index 7a416ee..02c8b1b 100644
+index 0127e61..a0d654d 100644
 --- a/src/modules/dialog/dialog.c
 +++ b/src/modules/dialog/dialog.c
@@ -54,6 +54,7 @@
--- a/debian/patches/sipwise/dialog-support-profile_get_size-for-all-profiles.patch
+++ b/debian/patches/sipwise/dialog-support-profile_get_size-for-all-profiles.patch
@ -10,7 +10,7 @@ Subject: dialog: support profile_get_size for all profiles
 4 files changed, 69 insertions(+)

 diff --git a/src/modules/dialog/dialog.c b/src/modules/dialog/dialog.c
-index e937947..7a416ee 100644
+index 79221a1..0127e61 100644
 --- a/src/modules/dialog/dialog.c
 +++ b/src/modules/dialog/dialog.c
@@ -3026,6 +3026,31 @@ static void internal_rpc_profile_get_size(
--- a/debian/patches/sipwise/pv_trans_eval_uri.patch
+++ b/debian/patches/sipwise/pv_trans_eval_uri.patch
@ -7,7 +7,7 @@ Subject: pv_trans_eval_uri
 1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/src/modules/pv/pv_trans.c b/src/modules/pv/pv_trans.c
-index 5204c8f..80c42ef 100644
+index e4754e7..07a3957 100644
 --- a/src/modules/pv/pv_trans.c
 +++ b/src/modules/pv/pv_trans.c
@@ -1542,7 +1542,8 @@ int tr_eval_uri(
--- a/debian/patches/sipwise/usrloc_dbro.patch
+++ b/debian/patches/sipwise/usrloc_dbro.patch
@ -8,7 +8,7 @@ Subject: usrloc_dbro
 2 files changed, 69 insertions(+), 1 deletion(-)

 diff --git a/src/modules/usrloc/usrloc_mod.c b/src/modules/usrloc/usrloc_mod.c
-index de75545..fcbb171 100644
+index 16a48e4..2c77f29 100644
 --- a/src/modules/usrloc/usrloc_mod.c
 +++ b/src/modules/usrloc/usrloc_mod.c
@@ -198,6 +198,7 @@ str ulattrs_last_mod_col = str_init(
--- a/debian/patches/upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch
+++ b/debian/patches/upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch
@ -1,48 +0,0 @@
-From: Daniel-Constantin Mierla <miconda@gmail.com>
-Date: Fri, 24 Nov 2023 10:38:49 +0100
-Subject: Makefile.groups: tlsa in packaging group ktls if
- KTLS_INCLUDE_TLSA=yes
-
- if not, then it is in separate group module_group_ktlsa
-
-(cherry picked from commit a49c8d8d968e31a539e47db6c06a0756e4be55e3)
---
- src/Makefile.groups | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/src/Makefile.groups b/src/Makefile.groups
-index ec0d8ac..7cb9586 100644
--- a/src/Makefile.groups
-+++ b/src/Makefile.groups
-@@ -88,12 +88,12 @@ mod_list_memcached=memcached
- # - modules depending on openssl library
- mod_list_tlsdeps=crypto tls
- 
-# - modules depending on openssl (+curl) library
-mod_list_tlsdeps_curl=auth_identity
-
- # - modules depending on static openssl library
- mod_list_tlsa=tlsa
- 
-+# - modules depending on openssl (+curl) library
-+mod_list_tlsdeps_curl=auth_identity
-+
- # - modules depending on static wolfssl library
- mod_list_tls_wolfssl=tls_wolfssl
- 
-@@ -414,11 +414,13 @@ module_group_kmemcached=$(mod_list_memcached)
- # pkg tls module
- module_group_ktls_basic=$(mod_list_tlsdeps)
- 
-+ifeq ($(KTLS_INCLUDE_TLSA),yes)
- # pkg tls module with curl
-module_group_ktls=$(mod_list_tlsdeps) $(mod_list_tlsdeps_curl)
-
-+module_group_ktls=$(mod_list_tlsdeps) $(mod_list_tlsdeps_curl) $(mod_list_tlsa)
-+else
- # pkg tlsa module
- module_group_ktlsa=$(mod_list_tlsa)
-+endif
- 
- # pkg tls_wolfssl module
- module_group_ktls_wolfssl=$(mod_list_tls_wolfssl)
--- a/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch
+++ b/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch
@ -1,30 +0,0 @@
-From: Daniel-Constantin Mierla <miconda@gmail.com>
-Date: Fri, 8 Dec 2023 22:10:36 +0100
-Subject: core: parse privacy recompute lenght of rest to parse
-
-(cherry picked from commit 804ee651b45498727196886c97cb55d20b254c4a)
---
- src/core/parser/parse_privacy.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/src/core/parser/parse_privacy.c b/src/core/parser/parse_privacy.c
-index 6443146..89423c1 100644
--- a/src/core/parser/parse_privacy.c
-+++ b/src/core/parser/parse_privacy.c
-@@ -178,14 +178,13 @@ int parse_privacy(struct sip_msg *msg)
- 
- 	values = 0;
- 	p = next.s;
-	len = next.len;
-	beyond = p + len;
-+	beyond = next.s + next.len;
- 
- 	while(p < beyond) {
-+		len = beyond - p;
- 		if((val_len = parse_priv_value(p, len, &value)) != 0) {
- 			values |= value;
- 			p = p + val_len;
-			len = len - val_len;
- 		} else {
- 			LM_ERR("invalid privacy value\n");
- 			return -1;
--- a/debian/patches/upstream/outbound-OpenSSL-1.1.1-thread-local-init-libssl-in-t.patch
+++ b/debian/patches/upstream/outbound-OpenSSL-1.1.1-thread-local-init-libssl-in-t.patch
@ -1,22 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Thu, 4 Jan 2024 21:47:23 +0800
-Subject: outbound: OpenSSL 1.1.1 thread-local, init libssl in thread
-
-(cherry-pick from 689de2736f5c92f11860e5854ccd95c84239f032)
---
- src/modules/outbound/outbound_mod.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/modules/outbound/outbound_mod.c b/src/modules/outbound/outbound_mod.c
-index 00c0a66..a797eb8 100644
--- a/src/modules/outbound/outbound_mod.c
-+++ b/src/modules/outbound/outbound_mod.c
-@@ -110,7 +110,7 @@ static int mod_init(void)
- 	}
- 	ob_key.len = OB_KEY_LEN;
- 
-#if OPENSSL_VERSION_NUMBER < 0x030000000L
-+#if OPENSSL_VERSION_NUMBER < 0x010101000L
-         mod_init_openssl(NULL);
- #else
-         pthread_t tid;
--- a/debian/patches/upstream/outbound-OpenSSL-3.x-thread-local-init-libssl-in-thr.patch
+++ b/debian/patches/upstream/outbound-OpenSSL-3.x-thread-local-init-libssl-in-thr.patch
@ -1,64 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Thu, 4 Jan 2024 20:11:21 +0800
-Subject: outbound: OpenSSL 3.x thread-local, init libssl in thread
-
-(cherry-pick from 4742c8131aba878c4fc954e42b656b9d4bafdd24)
---
- src/modules/outbound/outbound_mod.c | 37 +++++++++++++++++++++++++------------
- 1 file changed, 25 insertions(+), 12 deletions(-)
-
-diff --git a/src/modules/outbound/outbound_mod.c b/src/modules/outbound/outbound_mod.c
-index 4e408e2..00c0a66 100644
--- a/src/modules/outbound/outbound_mod.c
-+++ b/src/modules/outbound/outbound_mod.c
-@@ -75,6 +75,23 @@ struct module_exports exports = {
- 		destroy						 /* destroy function */
- };
- 
-+static void *mod_init_openssl(void *) {
-+    if(flow_token_secret.s) {
-+        assert(ob_key.len == SHA_DIGEST_LENGTH);
-+        LM_DBG("flow_token_secret mod param set. use persistent ob_key");
-+        SHA1((const unsigned char *)flow_token_secret.s, flow_token_secret.len,
-+             (unsigned char *)ob_key.s);
-+    } else {
-+        if(RAND_bytes((unsigned char *)ob_key.s, ob_key.len) == 0) {
-+            LM_ERR("unable to get %d cryptographically strong pseudo-"
-+                   "random bytes\n",
-+                   ob_key.len);
-+        }
-+    }
-+
-+    return NULL;
-+}
-+
- static int mod_init(void)
- {
- 	if(ob_force_flag != -1 && !flag_in_range(ob_force_flag)) {
-@@ -93,18 +110,14 @@ static int mod_init(void)
- 	}
- 	ob_key.len = OB_KEY_LEN;
- 
-	if(flow_token_secret.s) {
-		assert(ob_key.len == SHA_DIGEST_LENGTH);
-		LM_DBG("flow_token_secret mod param set. use persistent ob_key");
-		SHA1((const unsigned char *)flow_token_secret.s, flow_token_secret.len,
-				(unsigned char *)ob_key.s);
-	} else {
-		if(RAND_bytes((unsigned char *)ob_key.s, ob_key.len) == 0) {
-			LM_ERR("unable to get %d cryptographically strong pseudo-"
-				   "random bytes\n",
-					ob_key.len);
-		}
-	}
-+#if OPENSSL_VERSION_NUMBER < 0x030000000L
-+        mod_init_openssl(NULL);
-+#else
-+        pthread_t tid;
-+        void *retval;
-+        pthread_create(&tid, NULL, mod_init_openssl, NULL);
-+        pthread_join(tid, &retval);
-+#endif
- 
- 	if(cfg_declare("outbound", outbound_cfg_def, &default_outbound_cfg,
- 			   cfg_sizeof(outbound), &outbound_cfg)) {
--- a/debian/patches/upstream/outbound-build-fix-missing-argument-name.patch
+++ b/debian/patches/upstream/outbound-build-fix-missing-argument-name.patch
@ -1,22 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Fri, 5 Jan 2024 20:56:39 +0800
-Subject: outbound: build, fix missing argument name
-
-(cherry-pick from 4708f537d7f5d28123b48cd89474a4931dd698ad)
---
- src/modules/outbound/outbound_mod.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/modules/outbound/outbound_mod.c b/src/modules/outbound/outbound_mod.c
-index a797eb8..32f10f6 100644
--- a/src/modules/outbound/outbound_mod.c
-+++ b/src/modules/outbound/outbound_mod.c
-@@ -75,7 +75,7 @@ struct module_exports exports = {
- 		destroy						 /* destroy function */
- };
- 
-static void *mod_init_openssl(void *) {
-+static void *mod_init_openssl(void *arg) {
-     if(flow_token_secret.s) {
-         assert(ob_key.len == SHA_DIGEST_LENGTH);
-         LM_DBG("flow_token_secret mod param set. use persistent ob_key");
--- a/debian/patches/upstream/tls-OpenSSL-1.1.1-thread-local-init-libssl-in-thread.patch
+++ b/debian/patches/upstream/tls-OpenSSL-1.1.1-thread-local-init-libssl-in-thread.patch
@ -1,94 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Thu, 4 Jan 2024 21:56:00 +0800
-Subject: tls: OpenSSL 1.1.1 thread-local, init libssl in thread
-
- no need for RAND workaround; default is OpenSSL 1.1.1 RAND
- linux/pthreads will handle forking
-
-(cherry-pick from 7b531cfe038fae5e3414ac74c4e076c10e32b86c)
---
- src/modules/tls/tls_init.c |  5 +++--
- src/modules/tls/tls_mod.c  | 22 ++++++++++++----------
- 2 files changed, 15 insertions(+), 12 deletions(-)
-
-diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
-index 872fdb2..2d5a9e1 100644
--- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -825,7 +825,8 @@ int tls_h_mod_pre_init_f(void)
- #if OPENSSL_VERSION_NUMBER >= 0x030000000L
-         // skip init for 3.x
- #elif OPENSSL_VERSION_NUMBER >= 0x010101000L
-	OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL);
-+        //not needed on Linux
-+	//OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL);
- #else
- 	OPENSSL_init_ssl(0, NULL);
- #endif
-@@ -833,7 +834,7 @@ int tls_h_mod_pre_init_f(void)
- 	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
- 	SSL_library_init();
- #endif
-#if OPENSSL_VERSION_NUMBER < 0x030000000L
-+#if OPENSSL_VERSION_NUMBER < 0x010101000L
- 	SSL_load_error_strings();
- #endif
- 
-diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
-index 1e74ba0..03874ed 100644
--- a/src/modules/tls/tls_mod.c
-+++ b/src/modules/tls/tls_mod.c
-@@ -440,8 +440,16 @@ static int mod_child(int rank)
- 
- 	/* fix tls config only from the main proc/PROC_INIT., when we know
- 	 * the exact process number and before any other process starts*/
-+        if(rank == PROC_INIT) {
-+#if OPENSSL_VERSION_NUMBER >= 0x010101000L      \
-+    && OPENSSL_VERSION_NUMBER < 0x030000000L
-+            if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) {
-+                // not needed on Linux: OPENSSL_fork_prepare();
-+            }
-+#endif
-+        }
- 
-#if OPENSSL_VERSION_NUMBER >= 0x030000000L
-+#if OPENSSL_VERSION_NUMBER >= 0x010101000L
-         /*
-          * OpenSSL 3.x: create shared SSL_CTX* in worker to avoid init of
-          * libssl in rank 0(thread#1)
-@@ -460,12 +468,6 @@ static int mod_child(int rank)
- 					< 0)
- 				return -1;
- 		}
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L \
-		&& OPENSSL_VERSION_NUMBER < 0x030000000L
-		if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) {
-			OPENSSL_fork_prepare();
-		}
-#endif
- 		return 0;
- 	}
- 
-@@ -476,11 +478,11 @@ static int mod_child(int rank)
- 			/*
- 			 * this is called after forking of all child processes
- 			 */
-			OPENSSL_fork_parent();
-+			// not needed on Linux: OPENSSL_fork_parent();
- 			return 0;
- 		}
- 		if(!_ksr_is_main) {
-			OPENSSL_fork_child();
-+                    // not needed on Linux: OPENSSL_fork_child();
- 		}
- 	}
- #endif
-@@ -691,7 +693,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L \
- 		&& OPENSSL_VERSION_NUMBER < 0x030000000L
- 	LM_DBG("setting cryptorand random engine\n");
-	RAND_set_rand_method(RAND_ksr_cryptorand_method());
-+	// RAND_set_rand_method(RAND_ksr_cryptorand_method());
- #endif
- 
- 	sr_kemi_modules_add(sr_kemi_tls_exports);
--- a/debian/patches/upstream/tls-OpenSSL-3.x-1.1.1-thread-local-clean-up-dead-cod.patch
+++ b/debian/patches/upstream/tls-OpenSSL-3.x-1.1.1-thread-local-clean-up-dead-cod.patch
@ -1,107 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Fri, 5 Jan 2024 07:38:56 +0800
-Subject: tls: OpenSSL 3.x/1.1.1 thread-local,
- clean-up dead code and preprocessor blocks
-
-(cherry-pick from 798cc26908395d2ba21015684ad6f0ac4f012b2e)
---
- src/modules/tls/tls_init.c |  7 +------
- src/modules/tls/tls_mod.c  | 44 ++++++++++----------------------------------
- 2 files changed, 11 insertions(+), 40 deletions(-)
-
-diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
-index 58289c6..65f5ae7 100644
--- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -783,12 +783,7 @@ int tls_h_mod_pre_init_f(void)
- 	LM_DBG("preparing tls env for modules initialization\n");
- #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
-#if OPENSSL_VERSION_NUMBER >= 0x030000000L
-        // skip init for 3.x
-#elif OPENSSL_VERSION_NUMBER >= 0x010101000L
-        //not needed on Linux
-	//OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL);
-#else
-+#if OPENSSL_VERSION_NUMBER < 0x010100000L
- 	OPENSSL_init_ssl(0, NULL);
- #endif
- #else
-diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
-index 03874ed..7cad1b0 100644
--- a/src/modules/tls/tls_mod.c
-+++ b/src/modules/tls/tls_mod.c
-@@ -438,20 +438,9 @@ static int mod_child(int rank)
- 	if(tls_disable || (tls_domains_cfg == 0))
- 		return 0;
- 
-	/* fix tls config only from the main proc/PROC_INIT., when we know
-	 * the exact process number and before any other process starts*/
-        if(rank == PROC_INIT) {
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L      \
-    && OPENSSL_VERSION_NUMBER < 0x030000000L
-            if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) {
-                // not needed on Linux: OPENSSL_fork_prepare();
-            }
-#endif
-        }
-
- #if OPENSSL_VERSION_NUMBER >= 0x010101000L
-         /*
-         * OpenSSL 3.x: create shared SSL_CTX* in worker to avoid init of
-+         * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of
-          * libssl in rank 0(thread#1)
-          */
-         if(rank == PROC_SIPINIT) {
-@@ -471,22 +460,6 @@ static int mod_child(int rank)
- 		return 0;
- 	}
- 
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L \
-		&& OPENSSL_VERSION_NUMBER < 0x030000000L
-	if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) {
-		if(rank == PROC_POSTCHILDINIT) {
-			/*
-			 * this is called after forking of all child processes
-			 */
-			// not needed on Linux: OPENSSL_fork_parent();
-			return 0;
-		}
-		if(!_ksr_is_main) {
-                    // not needed on Linux: OPENSSL_fork_child();
-		}
-	}
-#endif
-
- #ifndef OPENSSL_NO_ENGINE
- 	/*
- 	 * after the child is fork()ed we go through the TLS domains
-@@ -514,6 +487,11 @@ static void mod_destroy(void)
- 	 *   => nothing to do here */
- }
- 
-+/*
-+ * GH #3695: OpenSSL 1.1.1: it is no longer necessary to replace RAND
-+ * - early init in rank 0 causes workers to inherit public_drbg/private_drbg
-+ *   which are not thread-safe
-+ */
- 
- int ksr_rand_engine_param(modparam_t type, void *val)
- {
-@@ -690,12 +668,10 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
- 
- 	register_tls_hooks(&tls_h);
- 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
-		&& OPENSSL_VERSION_NUMBER < 0x030000000L
-	LM_DBG("setting cryptorand random engine\n");
-	// RAND_set_rand_method(RAND_ksr_cryptorand_method());
-#endif
-
-+        /*
-+         * GH #3695: OpenSSL 1.1.1 historical note: it is no longer
-+         * needed to replace RAND with cryptorand
-+         */
- 	sr_kemi_modules_add(sr_kemi_tls_exports);
- 
- 	return 0;
--- a/debian/patches/upstream/tls-OpenSSL-3.x-thread-local-init-libssl-in-thread-o.patch
+++ b/debian/patches/upstream/tls-OpenSSL-3.x-thread-local-init-libssl-in-thread-o.patch
@ -1,145 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Thu, 4 Jan 2024 20:00:09 +0800
-Subject: tls: OpenSSL 3.x thread-local, init libssl in thread or PROC_SIPINIT
-
- avoid initialising ERR_STATE in rank 0(thread#1)
-
-(cherry-pick from e49a60e1052c6c1dcebe7f78f2ac970338eabe2e)
---
- src/modules/tls/tls_init.c | 83 +++++++++++++++++++++++++++-------------------
- src/modules/tls/tls_mod.c  | 11 +++++-
- 2 files changed, 59 insertions(+), 35 deletions(-)
-
-diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
-index 57be9ca..0bc12d3 100644
--- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -769,6 +769,44 @@ int tls_pre_init(void)
-  * tls mod pre-init function
-  * - executed before any mod_init()
-  */
-+long tls_h_mod_randctx(void *) {
-+    do {
-+        OSSL_LIB_CTX *osslglobal = NULL;
-+        EVP_RAND_CTX *randctx = NULL;
-+
-+        LM_DBG("enabling locking for rand ctx\n");
-+
-+        osslglobal = OSSL_LIB_CTX_get0_global_default();
-+        if(osslglobal == NULL) {
-+            LM_ERR("failed to get lib ssl global ctx\n");
-+            return -1L;
-+        }
-+
-+        randctx = RAND_get0_primary(osslglobal);
-+        if(randctx == NULL) {
-+            LM_ERR("primary rand ctx is null\n");
-+            return -1L;
-+        }
-+        EVP_RAND_enable_locking(randctx);
-+
-+        randctx = RAND_get0_public(osslglobal);
-+        if(randctx == NULL) {
-+            LM_ERR("public rand ctx is null\n");
-+            return -1L;
-+        }
-+        EVP_RAND_enable_locking(randctx);
-+
-+        randctx = RAND_get0_private(osslglobal);
-+        if(randctx == NULL) {
-+            LM_ERR("private rand ctx is null\n");
-+            return -1L;
-+        }
-+        EVP_RAND_enable_locking(randctx);
-+    } while(0);
-+
-+    return 0L;
-+}
-+
- int tls_h_mod_pre_init_f(void)
- {
- 	if(tls_mod_preinitialized == 1) {
-@@ -782,7 +820,9 @@ int tls_h_mod_pre_init_f(void)
- 	LM_DBG("preparing tls env for modules initialization\n");
- #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x030000000L
-+        // skip init for 3.x
-+#elif OPENSSL_VERSION_NUMBER >= 0x010101000L
- 	OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL);
- #else
- 	OPENSSL_init_ssl(0, NULL);
-@@ -791,42 +831,17 @@ int tls_h_mod_pre_init_f(void)
- 	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
- 	SSL_library_init();
- #endif
-+#if OPENSSL_VERSION_NUMBER < 0x030000000L
- 	SSL_load_error_strings();
-+#endif
- 
- #if OPENSSL_VERSION_NUMBER >= 0x030000000L
-	do {
-		OSSL_LIB_CTX *osslglobal = NULL;
-		EVP_RAND_CTX *randctx = NULL;
-
-		LM_DBG("enabling locking for rand ctx\n");
-
-		osslglobal = OSSL_LIB_CTX_get0_global_default();
-		if(osslglobal == NULL) {
-			LM_ERR("failed to get lib ssl global ctx\n");
-			return -1;
-		}
-
-		randctx = RAND_get0_primary(osslglobal);
-		if(randctx == NULL) {
-			LM_ERR("primary rand ctx is null\n");
-			return -1;
-		}
-		EVP_RAND_enable_locking(randctx);
-
-		randctx = RAND_get0_public(osslglobal);
-		if(randctx == NULL) {
-			LM_ERR("public rand ctx is null\n");
-			return -1;
-		}
-		EVP_RAND_enable_locking(randctx);
-
-		randctx = RAND_get0_private(osslglobal);
-		if(randctx == NULL) {
-			LM_ERR("private rand ctx is null\n");
-			return -1;
-		}
-		EVP_RAND_enable_locking(randctx);
-	} while(0);
-+        pthread_t tid;
-+        long rl;
-+        pthread_create(&tid, NULL, (void *(*)(void *))tls_h_mod_randctx, NULL);
-+        pthread_join(tid, (void **)&rl);
-+        if ((int)rl)
-+            return (int)rl;
- #endif
- 
- 	tls_mod_preinitialized = 1;
-diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
-index 3a04776..1e74ba0 100644
--- a/src/modules/tls/tls_mod.c
-+++ b/src/modules/tls/tls_mod.c
-@@ -440,7 +440,16 @@ static int mod_child(int rank)
- 
- 	/* fix tls config only from the main proc/PROC_INIT., when we know
- 	 * the exact process number and before any other process starts*/
-	if(rank == PROC_INIT) {
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x030000000L
-+        /*
-+         * OpenSSL 3.x: create shared SSL_CTX* in worker to avoid init of
-+         * libssl in rank 0(thread#1)
-+         */
-+        if(rank == PROC_SIPINIT) {
-+#else
-+        if(rank == PROC_INIT) {
-+#endif
- 		if(cfg_get(tls, tls_cfg, config_file).s) {
- 			if(tls_fix_domains_cfg(
- 					   *tls_domains_cfg, &srv_defaults, &cli_defaults)
--- a/debian/patches/upstream/tls-fix-compilation-with-OpenSSL-1.1.1.patch
+++ b/debian/patches/upstream/tls-fix-compilation-with-OpenSSL-1.1.1.patch
@ -1,29 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Thu, 4 Jan 2024 21:51:15 +0800
-Subject: tls: fix compilation with OpenSSL <= 1.1.1
-
-(cherry-pick from 7111687e1107261bcdd7a9f8cc90959754c93272)
---
- src/modules/tls/tls_init.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
-index 0bc12d3..872fdb2 100644
--- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -769,6 +769,7 @@ int tls_pre_init(void)
-  * tls mod pre-init function
-  * - executed before any mod_init()
-  */
-+#if OPENSSL_VERSION_NUMBER >= 0x030000000L
- long tls_h_mod_randctx(void *) {
-     do {
-         OSSL_LIB_CTX *osslglobal = NULL;
-@@ -806,6 +807,7 @@ long tls_h_mod_randctx(void *) {
- 
-     return 0L;
- }
-+#endif
- 
- int tls_h_mod_pre_init_f(void)
- {
--- a/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch
+++ b/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch
@ -1,49 +0,0 @@
-From: Daniel-Constantin Mierla <miconda@gmail.com>
-Date: Fri, 8 Dec 2023 12:34:56 +0100
-Subject: tls: init early the local lock for memory
-
- needed to done before mod param init_mode is set
- runtime uses the modparam to do lock/unlock
- #3668
-
-(cherry picked from commit 1a9b0b63617afebcee2aecb3b2240d7684ecabc2)
---
- src/modules/tls/tls_init.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
-index 6106cc7..57be9ca 100644
--- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -78,7 +78,7 @@ int ksr_tls_lock_init(void)
- {
- 	pthread_mutexattr_t attr;
- 
-	if(!(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)) {
-+	if(ksr_tls_lock_shm != NULL) {
- 		return 0;
- 	}
- 	ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t));
-@@ -723,6 +723,11 @@ int tls_pre_init(void)
- 	LM_INFO("libssl linked mode: static\n");
- #endif
- 
-+	if(ksr_tls_lock_init() < 0) {
-+		LM_ERR("failed to init local lock\n");
-+		return -1;
-+	}
-+
- 	/*
- 	 * this has to be called before any function calling CRYPTO_malloc,
- 	 * CRYPTO_malloc will set allow_customize in openssl to 0
-@@ -770,6 +775,10 @@ int tls_h_mod_pre_init_f(void)
- 		LM_DBG("already mod pre-initialized\n");
- 		return 0;
- 	}
-+	if(ksr_tls_lock_init() < 0) {
-+		LM_ERR("failed to init local lock\n");
-+		return -1;
-+	}
- 	LM_DBG("preparing tls env for modules initialization\n");
- #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
--- a/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch
+++ b/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch
@ -1,218 +0,0 @@
-From: Daniel-Constantin Mierla <miconda@gmail.com>
-Date: Thu, 7 Dec 2023 13:00:50 +0100
-Subject: tls: rework init mode 1 to set PTHREAD_PROCESS_SHARED
-
- pthread mutex set in shm
- GH #3635
-
-(cherry picked from commit 4b068f49b618dca5fa85a1687bd9054c1d98ae6a)
---
- src/modules/tls/tls_init.c | 62 ++++++++++++++++++++++++++++++++--------------
- src/modules/tls/tls_mod.c  |  8 +++---
- 2 files changed, 47 insertions(+), 23 deletions(-)
-
-diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
-index d7399e8..6106cc7 100644
--- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -69,20 +69,31 @@ static int tls_mod_preinitialized = 0;
- static int tls_mod_initialized = 0;
- 
- extern int ksr_tls_init_mode;
-pthread_mutex_t ksr_tls_lock_shm;
-+static pthread_mutex_t *ksr_tls_lock_shm = NULL;
- 
- /**
-  *
-  */
- int ksr_tls_lock_init(void)
- {
-+	pthread_mutexattr_t attr;
-+
- 	if(!(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)) {
- 		return 0;
- 	}
-	if(pthread_mutex_init(&ksr_tls_lock_shm, NULL) != 0) {
-+	ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t));
-+	if(ksr_tls_lock_shm == NULL) {
-+		LM_ERR("mutex allocation failed\n");
-+		return -1;
-+	}
-+	pthread_mutexattr_init(&attr);
-+	pthread_mutexattr_setpshared(&attr, PTHREAD_PROCESS_SHARED);
-+	if(pthread_mutex_init(ksr_tls_lock_shm, &attr) != 0) {
-+		pthread_mutexattr_destroy(&attr);
- 		LM_ERR("mutex init failed\n");
- 		return -1;
- 	}
-+	pthread_mutexattr_destroy(&attr);
- 	return 0;
- }
- 
-@@ -94,7 +105,8 @@ void ksr_tls_lock_destroy(void)
- 	if(!(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)) {
- 		return;
- 	}
-	pthread_mutex_destroy(&ksr_tls_lock_shm);
-+	pthread_mutex_destroy(ksr_tls_lock_shm);
-+	shm_free(ksr_tls_lock_shm);
- 	return;
- }
- 
-@@ -248,7 +260,7 @@ static void *ser_malloc(size_t size, const char *file, int line)
- #endif
- 
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 
- #ifdef RAND_NULL_MALLOC
- 	/* start random null returns only after
-@@ -278,7 +290,7 @@ static void *ser_malloc(size_t size, const char *file, int line)
- 	}
- #endif
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- 
-@@ -293,7 +305,7 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line)
- #endif
- 
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 
- #ifdef RAND_NULL_MALLOC
- 	/* start random null returns only after
-@@ -324,10 +336,22 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line)
- #endif
- 
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- 
- 	return p;
- }
-+
-+static void ser_free(void *ptr, const char *fname, int fline)
-+{
-+	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-+		pthread_mutex_lock(ksr_tls_lock_shm);
-+	if(ptr) {
-+		shm_free(ptr);
-+	}
-+	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
-+}
-+
- #endif /* LIBRESSL_VERSION_NUMBER */
- 
- #else /*TLS_MALLOC_DBG */
-@@ -340,10 +364,10 @@ static void *ser_malloc(size_t size)
- 	void *p;
- 
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_malloc(size);
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- 
-@@ -352,10 +376,10 @@ static void *ser_realloc(void *ptr, size_t size)
- {
- 	void *p;
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_realloc(ptr, size);
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- #else
-@@ -363,10 +387,10 @@ static void *ser_malloc(size_t size, const char *fname, int fline)
- {
- 	void *p;
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_malloc(size);
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- 
-@@ -375,10 +399,10 @@ static void *ser_realloc(void *ptr, size_t size, const char *fname, int fline)
- {
- 	void *p;
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_realloc(ptr, size);
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- #endif
-@@ -396,23 +420,23 @@ static void ser_free(void *ptr)
- 	 * here in the wrapper function.
- 	 */
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 	if(ptr) {
- 		shm_free(ptr);
- 	}
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- }
- #else
- static void ser_free(void *ptr, const char *fname, int fline)
- {
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(&ksr_tls_lock_shm);
-+		pthread_mutex_lock(ksr_tls_lock_shm);
- 	if(ptr) {
- 		shm_free(ptr);
- 	}
- 	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(&ksr_tls_lock_shm);
-+		pthread_mutex_unlock(ksr_tls_lock_shm);
- }
- #endif
- 
-diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
-index c966e34..3a04776 100644
--- a/src/modules/tls/tls_mod.c
-+++ b/src/modules/tls/tls_mod.c
-@@ -402,10 +402,6 @@ static int mod_init(void)
- 	if(tls_check_sockets(*tls_domains_cfg) < 0)
- 		goto error;
- 
-	if(ksr_tls_lock_init() < 0) {
-		goto error;
-	}
-
- 	LM_INFO("use OpenSSL version: %08x\n", (uint32_t)(OPENSSL_VERSION_NUMBER));
- #ifndef OPENSSL_NO_ECDH
- 	LM_INFO("With ECDH-Support!\n");
-@@ -674,6 +670,10 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
- 	if(!shm_initialized() && init_shm() < 0)
- 		return -1;
- 
-+	if(ksr_tls_lock_init() < 0) {
-+		return -1;
-+	}
-+
- 	if(tls_pre_init() < 0)
- 		return -1;
- 
--- a/debian/patches/upstream/tls-thread-local-revert-1a9b0b6361-as-double-layer-l.patch
+++ b/debian/patches/upstream/tls-thread-local-revert-1a9b0b6361-as-double-layer-l.patch
@ -1,140 +0,0 @@
-From: S-P Chan <shihping.chan@gmail.com>
-Date: Fri, 5 Jan 2024 08:09:34 +0800
-Subject: tls: thread-local,
- revert 1a9b0b6361 as double-layer locking is redundant
-
- the 2nd lock was put in place as defensive programming for shm contention
- GH #3695: the underlying issue is early init of thread-locals
-
-(cherry-pick from 1c70775530b1a3a905e8a983610cb0d092b0d240)
---
- src/modules/tls/tls_init.c | 39 ---------------------------------------
- 1 file changed, 39 deletions(-)
-
-diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
-index 2d5a9e1..58289c6 100644
--- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -259,9 +259,6 @@ static void *ser_malloc(size_t size, const char *file, int line)
- 	static ticks_t st = 0;
- #endif
- 
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
-
- #ifdef RAND_NULL_MALLOC
- 	/* start random null returns only after
- 	 * NULL_GRACE_PERIOD from first call */
-@@ -289,8 +286,6 @@ static void *ser_malloc(size_t size, const char *file, int line)
- 				size, file, line, bt_buf);
- 	}
- #endif
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- 
-@@ -304,9 +299,6 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line)
- 	static ticks_t st = 0;
- #endif
- 
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
-
- #ifdef RAND_NULL_MALLOC
- 	/* start random null returns only after
- 	 * NULL_GRACE_PERIOD from first call */
-@@ -335,21 +327,14 @@ static void *ser_realloc(void *ptr, size_t size, const char *file, int line)
- 	}
- #endif
- 
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
-
- 	return p;
- }
- 
- static void ser_free(void *ptr, const char *fname, int fline)
- {
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
- 	if(ptr) {
- 		shm_free(ptr);
- 	}
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- }
- 
- #endif /* LIBRESSL_VERSION_NUMBER */
-@@ -363,11 +348,7 @@ static void *ser_malloc(size_t size)
- {
- 	void *p;
- 
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_malloc(size);
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- 
-@@ -375,22 +356,14 @@ static void *ser_malloc(size_t size)
- static void *ser_realloc(void *ptr, size_t size)
- {
- 	void *p;
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_realloc(ptr, size);
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- #else
- static void *ser_malloc(size_t size, const char *fname, int fline)
- {
- 	void *p;
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_malloc(size);
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- 
-@@ -398,11 +371,7 @@ static void *ser_malloc(size_t size, const char *fname, int fline)
- static void *ser_realloc(void *ptr, size_t size, const char *fname, int fline)
- {
- 	void *p;
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
- 	p = shm_realloc(ptr, size);
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- 	return p;
- }
- #endif
-@@ -419,24 +388,16 @@ static void ser_free(void *ptr)
- 	 * As shm_free() aborts on null pointers, we have to check for null pointer
- 	 * here in the wrapper function.
- 	 */
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
- 	if(ptr) {
- 		shm_free(ptr);
- 	}
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- }
- #else
- static void ser_free(void *ptr, const char *fname, int fline)
- {
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_lock(ksr_tls_lock_shm);
- 	if(ptr) {
- 		shm_free(ptr);
- 	}
-	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
-		pthread_mutex_unlock(ksr_tls_lock_shm);
- }
- #endif
-