6 files changed, 28 insertions, 11 deletions

diff --git a/src/lib/libtls/man/tls_init.3 b/src/lib/libtls/man/tls_init.3
index dfafa612c1..f5f63fa326 100644
--- a/src/lib/libtls/man/tls_init.3
+++ b/src/lib/libtls/man/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.10 2018/03/08 16:12:00 beck Exp $
+.\" $OpenBSD: tls_init.3,v 1.11 2018/03/19 16:34:47 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\" Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 8 2018 $
+.Dd $Mdocdate: March 19 2018 $
 .Dt TLS_INIT 3
 .Os
 .Sh NAME
@@ -45,7 +45,8 @@ Both clients and servers are supported.
 The
 .Fn tls_init
 function initializes global data structures.
-It should be called once before any other functions.
+It may be called once before any other functions, however this is no
+longer necessary since it will be handled internally on demand.
 It may be called more than once, and may be called concurrently.
 .Pp
 Before a connection is created, a configuration must be created.
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index e7a485bcec..467db164d5 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.78 2018/03/08 16:12:00 beck Exp $ */
+/* $OpenBSD: tls.c,v 1.79 2018/03/19 16:34:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -47,13 +47,12 @@ tls_do_init(void)
         if (BIO_sock_init() != 1)
                 return;
 
-        if ((tls_config_default = tls_config_new()) == NULL)
+        if ((tls_config_default = tls_config_new_internal()) == NULL)
                 return;
 
         tls_config_default->refcount++;
 
         tls_init_rv = 0;
-        return;
 }
 
 int
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 14c716fa17..04e44020ef 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.44 2018/02/10 04:41:24 jsing Exp $ */
+/* $OpenBSD: tls_client.c,v 1.45 2018/03/19 16:34:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -38,6 +38,9 @@ tls_client(void)
 {
         struct tls *ctx;
 
+        if (tls_init() == -1)
+                return (NULL);
+
         if ((ctx = tls_new()) == NULL)
                 return (NULL);
 
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 2dab4fc7d8..02f2b3c6e9 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.49 2018/02/10 04:57:35 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.50 2018/03/19 16:34:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -77,7 +77,7 @@ tls_config_load_file(struct tls_error *error, const char *filetype,
 }
 
 struct tls_config *
-tls_config_new(void)
+tls_config_new_internal(void)
 {
         struct tls_config *config;
         unsigned char sid[TLS_MAX_SESSION_ID_LENGTH];
@@ -128,6 +128,15 @@ tls_config_new(void)
         return (NULL);
 }
 
+struct tls_config *
+tls_config_new(void)
+{
+        if (tls_init() == -1)
+                return (NULL);
+
+        return tls_config_new_internal();
+}
+
 void
 tls_config_free(struct tls_config *config)
 {
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index f8b9e6118e..0d7e2289d3 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.70 2018/02/10 04:57:35 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.71 2018/03/19 16:34:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -219,6 +219,8 @@ int tls_keypair_load_cert(struct tls_keypair *_keypair,
 struct tls_sni_ctx *tls_sni_ctx_new(void);
 void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);
 
+struct tls_config *tls_config_new_internal(void);
+
 struct tls *tls_new(void);
 struct tls *tls_server_conn(struct tls *ctx);
 
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 98b0957437..44bef6bb11 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.43 2018/02/08 05:56:49 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.44 2018/03/19 16:34:47 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -31,6 +31,9 @@ tls_server(void)
 {
         struct tls *ctx;
 
+        if (tls_init() == -1)
+                return (NULL);
+
         if ((ctx = tls_new()) == NULL)
                 return (NULL);