Always call psa_crypto_init before using TLS

In Mbed TLS 4.0, all cryptography goes through PSA, so calling psa_crypto_init() is now mandatory before starting a TLS connection (as was the case in Mbed TLS 3.x with MBEDTLS_USE_PSA_CRYPTO enabled). Switch the TLS sample programs to calling psa_crypto_init() unconditionally. Otherwise TLS 1.3 connections fail, and (D)TLS 1.2 connections soon will. This commit omits the test programs ssl_client2 and ssl_server2, which don't require a change right now. They will be covered when we make MBEDTLS_USE_PSA_CRYPTO always on. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-07 06:42:56 +03:00 · 2024-09-25 21:12:57 +02:00
parent f9ad8303f1
commit 5333425891
9 changed files with 0 additions and 36 deletions
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -327,7 +327,6 @@ int main(void)
     */
    mbedtls_entropy_init(&entropy);

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status = psa_crypto_init();
    if (status != PSA_SUCCESS) {
        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -335,7 +334,6 @@ int main(void)
        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
        goto exit;
    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    /*
     * 1a. Seed the random number generator
@@ -484,9 +482,7 @@ exit:
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
    mbedtls_memory_buffer_alloc_free();
 #endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    mbedtls_exit(ret);
 }