session tls BUGFIX init mbedtls lib

Roytak · Roytak · commit 3f1bdf71c7aa · 2025-04-10T14:19:52.000+02:00
Fixes #530
diff --git a/src/session_client.c b/src/session_client.c
@@ -2006,6 +2006,10 @@ nc_client_init(void)
     }
 
 #ifdef NC_ENABLED_SSH_TLS
+    if (nc_tls_backend_init_wrap()) {
+        ERR(NULL, "%s: failed to init the SSL library backend.", __func__);
+        return -1;
+    }
     if (ssh_init()) {
         ERR(NULL, "%s: failed to init libssh.", __func__);
         return -1;
@@ -2024,6 +2028,7 @@ nc_client_destroy(void)
     nc_client_ch_del_bind(NULL, 0, 0);
     nc_client_ssh_destroy_opts();
     nc_client_tls_destroy_opts();
+    nc_tls_backend_destroy_wrap();
     ssh_finalize();
 #endif /* NC_ENABLED_SSH_TLS */
 }
diff --git a/src/session_mbedtls.c b/src/session_mbedtls.c
@@ -194,6 +194,27 @@ nc_tls_get_verify_err_str(int err)
     return err_buf;
 }
 
+int
+nc_tls_backend_init_wrap(void)
+{
+    int r;
+
+    r = psa_crypto_init();
+
+    if (r) {
+        ERR(NULL, "Failed to initialize PSA crypto (%s).", nc_get_mbedtls_str_err(r));
+        return -1;
+    }
+
+    return 0;
+}
+
+void
+nc_tls_backend_destroy_wrap(void)
+{
+    mbedtls_psa_crypto_free();
+}
+
 void *
 nc_tls_session_new_wrap(void *tls_cfg)
 {
diff --git a/src/session_openssl.c b/src/session_openssl.c
@@ -44,6 +44,20 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+int
+nc_tls_backend_init_wrap(void)
+{
+    /* nothing to do */
+    return 0;
+}
+
+void
+nc_tls_backend_destroy_wrap(void)
+{
+    /* nothing to do */
+    return;
+}
+
 void *
 nc_tls_session_new_wrap(void *tls_cfg)
 {
diff --git a/src/session_server.c b/src/session_server.c
@@ -864,6 +864,11 @@ nc_server_init(void)
         goto error;
     }
 
+    if (nc_tls_backend_init_wrap()) {
+        ERR(NULL, "%s: failed to init the SSL library backend.", __func__);
+        return -1;
+    }
+
     /* optional for dynamic library, mandatory for static */
     if (ssh_init()) {
         ERR(NULL, "%s: failed to init libssh.", __func__);
@@ -946,6 +951,7 @@ nc_server_destroy(void)
     nc_server_config_ks_keystore(NULL, NC_OP_DELETE);
     nc_server_config_ts_truststore(NULL, NC_OP_DELETE);
     curl_global_cleanup();
+    nc_tls_backend_destroy_wrap();
     ssh_finalize();
 
     /* close the TLS keylog file */
diff --git a/src/session_wrapper.h b/src/session_wrapper.h
@@ -69,6 +69,20 @@ struct nc_tls_verify_cb_data {
     void *chain;                        /**< Certificate chain used to verify the client cert. */
 };
 
+/**
+ * @brief Initializes the TLS backend.
+ *
+ * Does nothing for OpenSSL, required for MbedTLS version 3.6.0 and later.
+ */
+int nc_tls_backend_init_wrap(void);
+
+/**
+ * @brief Destroys the TLS backend.
+ *
+ * Does nothing for OpenSSL, required for MbedTLS version 3.6.0 and later.
+ */
+void nc_tls_backend_destroy_wrap(void);
+
 /**
  * @brief Creates a new TLS session from the given configuration.
  *
