Always call psa_crypto_init before using TLS

In Mbed TLS 4.0, all cryptography goes through PSA, so calling psa_crypto_init() is now mandatory before starting a TLS connection (as was the case in Mbed TLS 3.x with MBEDTLS_USE_PSA_CRYPTO enabled). Switch the TLS sample programs to calling psa_crypto_init() unconditionally. Otherwise TLS 1.3 connections fail, and (D)TLS 1.2 connections soon will. This commit omits the test programs ssl_client2 and ssl_server2, which don't require a change right now. They will be covered when we make MBEDTLS_USE_PSA_CRYPTO always on. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-08 17:42:09 +03:00 · 2024-09-25 21:12:57 +02:00
parent f9ad8303f1
commit 5333425891
9 changed files with 0 additions and 36 deletions
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -89,7 +89,6 @@ int main(void)
    mbedtls_entropy_init(&entropy);
    mbedtls_ctr_drbg_init(&ctr_drbg);

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status = psa_crypto_init();
    if (status != PSA_SUCCESS) {
        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -97,7 +96,6 @@ int main(void)
        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
        goto exit;
    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

 #if defined(MBEDTLS_DEBUG_C)
    mbedtls_debug_set_threshold(DEBUG_LEVEL);
@@ -350,9 +348,7 @@ exit:
 #endif
    mbedtls_ctr_drbg_free(&ctr_drbg);
    mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    mbedtls_exit(ret);
 }