From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 17 Oct 2025 20:47:28 +0000 (+0200)
Subject: mbedtls: move the crypto init into the vtls init function
X-Git-Tag: rc-8_17_0-2~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e29706d6e24f7327d3b3393b1f93b06aef642e7b;p=thirdparty%2Fcurl.git

mbedtls: move the crypto init into the vtls init function

Follow-up to 3a305831d1a9d10b2bfd4fa3939

Closes #19108
---

diff --git a/lib/easy.c b/lib/easy.c
index f12a8b143f..793a18f33e 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -80,10 +80,6 @@
 
 #include "easy_lock.h"
 
-#ifdef USE_MBEDTLS
-#include <psa/crypto.h>
-#endif
-
 /* The last 2 #include files should be in this order */
 #include "curl_memory.h"
 #include "memdebug.h"
@@ -141,24 +137,6 @@ curl_calloc_callback Curl_ccalloc = (curl_calloc_callback)calloc;
 static char *leakpointer;
 #endif
 
-static CURLcode crypto_init(void)
-{
-#ifdef USE_MBEDTLS
-  psa_status_t status;
-  status = psa_crypto_init();
-  if(status != PSA_SUCCESS)
-    return CURLE_FAILED_INIT;
-#endif
-  return CURLE_OK;
-}
-
-static void crypto_cleanup(void)
-{
-#ifdef USE_MBEDTLS
-  mbedtls_psa_crypto_free();
-#endif
-}
-
 /**
  * curl_global_init() globally initializes curl given a bitwise set of the
  * different features of what to initialize.
@@ -182,11 +160,6 @@ static CURLcode global_init(long flags, bool memoryfuncs)
     goto fail;
   }
 
-  if(crypto_init()) {
-    DEBUGF(curl_mfprintf(stderr, "Error: crypto_init failed\n"));
-    goto fail;
-  }
-
   if(!Curl_ssl_init()) {
     DEBUGF(curl_mfprintf(stderr, "Error: Curl_ssl_init failed\n"));
     goto fail;
@@ -325,8 +298,6 @@ void curl_global_cleanup(void)
 
   Curl_ssh_cleanup();
 
-  crypto_cleanup();
-
 #ifdef DEBUGBUILD
   free(leakpointer);
 #endif
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index ebb8a4abc0..5ee0c814fd 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -1449,6 +1449,10 @@ static CURLcode mbedtls_connect(struct Curl_cfilter *cf,
  */
 static int mbedtls_init(void)
 {
+  psa_status_t status;
+  status = psa_crypto_init();
+  if(status != PSA_SUCCESS)
+    return 0;
   if(!Curl_mbedtlsthreadlock_thread_setup())
     return 0;
 #if defined(CURL_MBEDTLS_DRBG) && defined(HAS_THREADING_SUPPORT)
@@ -1463,6 +1467,7 @@ static void mbedtls_cleanup(void)
   entropy_cleanup_mutex(&ts_entropy);
 #endif
   (void)Curl_mbedtlsthreadlock_thread_cleanup();
+  mbedtls_psa_crypto_free();
 }
 
 static bool mbedtls_data_pending(struct Curl_cfilter *cf,