Always call psa_crypto_init before using TLS

In Mbed TLS 4.0, all cryptography goes through PSA, so calling psa_crypto_init() is now mandatory before starting a TLS connection (as was the case in Mbed TLS 3.x with MBEDTLS_USE_PSA_CRYPTO enabled). Switch the TLS sample programs to calling psa_crypto_init() unconditionally. Otherwise TLS 1.3 connections fail, and (D)TLS 1.2 connections soon will. This commit omits the test programs ssl_client2 and ssl_server2, which don't require a change right now. They will be covered when we make MBEDTLS_USE_PSA_CRYPTO always on. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-08 17:42:09 +03:00 · 2024-09-25 21:12:57 +02:00
parent f9ad8303f1
commit 5333425891
9 changed files with 0 additions and 36 deletions
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -78,14 +78,12 @@ int main(void)
    mbedtls_ctr_drbg_init(&ctr_drbg);
    mbedtls_entropy_init(&entropy);

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status = psa_crypto_init();
    if (status != PSA_SUCCESS) {
        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                        (int) status);
        goto exit;
    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    mbedtls_printf("\n  . Seeding the random number generator...");
    fflush(stdout);
@@ -279,9 +277,7 @@ exit:
    mbedtls_ssl_config_free(&conf);
    mbedtls_ctr_drbg_free(&ctr_drbg);
    mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    mbedtls_exit(exit_code);
 }