git:5.7:bbbcb270: tls: remove thread-enablement on EVP_RAND_CTX - sr-dev

14 Jan 2024

Module: kamailio
Branch: 5.7
Commit: bbbcb27040c632642c50209455efbb8225888723
URL: https://github.com/kamailio/kamailio/commit/bbbcb27040c632642c50209455efbb82...
Author: S-P Chan shihping.chan@gmail.com
Committer: S-P Chan shihping.chan@gmail.com
Date: 2024-01-14T14:44:47+08:00
tls: remove thread-enablement on EVP_RAND_CTX
- with late initialisation it is not necessary to enable thread locking
  on EVP_RAND_CTX
- the function remains but is not used in case requirements change
  with OpenSSL >= 3.2
(cherry-pick from 8dffc45ee91aeed839efb38d17040359dcac953a)
---
Modified: src/modules/tls/tls_init.c
---
Diff:  https://github.com/kamailio/kamailio/commit/bbbcb27040c632642c50209455efbb82...
Patch: https://github.com/kamailio/kamailio/commit/bbbcb27040c632642c50209455efbb82...
---

diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
index 65f5ae72c65..629f69ad6b3 100644
--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
@@ -731,6 +731,12 @@ int tls_pre_init(void)
  * - executed before any mod_init()
  */
 #if OPENSSL_VERSION_NUMBER >= 0x030000000L
+/*
+ * With late initialisation it is not necessary to
+ * enable threading on the EVP_RAND_CTX. This function
+ * left here in case more complex requirements arise in
+ * OpenSSL >= 3.2.
+ */
 long tls_h_mod_randctx(void *) {
     do {
         OSSL_LIB_CTX *osslglobal = NULL;
@@ -768,7 +774,7 @@ long tls_h_mod_randctx(void *) {
return 0L;
 }
-#endif
+#endif /* OPENSSL_VERSION_NUMBER */
int tls_h_mod_pre_init_f(void)
 {
@@ -794,14 +800,21 @@ int tls_h_mod_pre_init_f(void)
    SSL_load_error_strings();
 #endif
+#if 0
 #if OPENSSL_VERSION_NUMBER >= 0x030000000L
+        /*
+         * With deferred initialisation it is not necessary to enable threading
+         * on the EVP_RAND_CTX. We leave this block here as an example of how
+         * to do it in case of future requirements.
+         */
         pthread_t tid;
         long rl;
         pthread_create(&tid, NULL, (void *(*)(void *))tls_h_mod_randctx, NULL);
         pthread_join(tid, (void **)&rl);
         if ((int)rl)
             return (int)rl;
-#endif
+#endif /* OPENSSL_VERSION_NUMBER */
+#endif /* 0 */
tls_mod_preinitialized = 1;
    return 0;

    