git:5.7:9905c4ff: tls: enable locking for rand ctx if libssl version is 3.0+ - sr-dev

26 Jun 2023

Module: kamailio
Branch: 5.7
Commit: 9905c4ffc181f5a3e32bc20965c78542c7f15d12
URL: https://github.com/kamailio/kamailio/commit/9905c4ffc181f5a3e32bc20965c78542...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2023-06-26T12:04:13+02:00
tls: enable locking for rand ctx if libssl version is 3.0+
(cherry picked from commit 81be9e78c3731d45734480285d7afc17f8f9e87a)
---
Modified: src/modules/tls/tls_init.c
---
Diff:  https://github.com/kamailio/kamailio/commit/9905c4ffc181f5a3e32bc20965c78542...
Patch: https://github.com/kamailio/kamailio/commit/9905c4ffc181f5a3e32bc20965c78542...
---

diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
index 82a850cf9ac..ae06e858e35 100644
--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
@@ -45,6 +45,10 @@
 #include <pthread.h>
 #include <openssl/ssl.h>
+#if OPENSSL_VERSION_NUMBER >= 0x030000000L
+#include <openssl/rand.h>
+#endif
+
 #include "../../core/dprint.h"
 #include "../../core/mem/shm_mem.h"
 #include "../../core/tcp_init.h"
@@ -750,7 +754,44 @@ int tls_h_mod_pre_init_f(void)
    SSL_library_init();
 #endif
    SSL_load_error_strings();
-	tls_mod_preinitialized=1;
+
+#if OPENSSL_VERSION_NUMBER >= 0x030000000L
+	do {
+		OSSL_LIB_CTX *osslglobal = NULL;
+		EVP_RAND_CTX *randctx = NULL;
+
+		LM_DBG("enabling locking for rand ctx\n");
+
+		osslglobal = OSSL_LIB_CTX_get0_global_default();
+		if(osslglobal == NULL) {
+			LM_ERR("failed to get lib ssl global ctx\n");
+			return -1;
+		}
+
+		randctx = RAND_get0_primary(osslglobal);
+		if(randctx == NULL) {
+			LM_ERR("primary rand ctx is null\n");
+			return -1;
+		}
+		EVP_RAND_enable_locking(randctx);
+
+		randctx = RAND_get0_public(osslglobal);
+		if(randctx == NULL) {
+			LM_ERR("public rand ctx is null\n");
+			return -1;
+		}
+		EVP_RAND_enable_locking(randctx);
+
+		randctx = RAND_get0_private(osslglobal);
+		if(randctx == NULL) {
+			LM_ERR("private rand ctx is null\n");
+			return -1;
+		}
+		EVP_RAND_enable_locking(randctx);
+	} while(0);
+#endif
+
+	tls_mod_preinitialized = 1;
    return 0;
 }

    