From b00688fb1472259a9ddf67b761d741eda5dfaa2a Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 17 Apr 2023 11:10:05 +0200
Subject: [PATCH] Move psa_crypto_init() after other init calls

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/ssl/dtls_client.c        | 22 +++++++++++-----------
 programs/ssl/dtls_server.c        | 20 ++++++++++----------
 programs/ssl/mini_client.c        | 22 +++++++++++-----------
 programs/ssl/ssl_client1.c        | 21 +++++++++++----------
 programs/ssl/ssl_fork_server.c    | 18 +++++++++---------
 programs/ssl/ssl_mail_client.c    | 20 ++++++++++----------
 programs/ssl/ssl_pthread_server.c | 20 ++++++++++----------
 programs/ssl/ssl_server.c         | 20 ++++++++++----------
 programs/x509/cert_app.c          | 18 +++++++++---------
 programs/x509/cert_req.c          | 18 +++++++++---------
 programs/x509/cert_write.c        | 18 +++++++++---------
 programs/x509/crl_app.c           | 10 +++++-----
 programs/x509/req_app.c           | 10 +++++-----
 13 files changed, 119 insertions(+), 118 deletions(-)

diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 01f6cd8723..d696932248 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -101,16 +101,6 @@ int main(int argc, char *argv[])
     ((void) argc);
     ((void) argv);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_debug_set_threshold(DEBUG_LEVEL);
 #endif
@@ -123,11 +113,21 @@ int main(int argc, char *argv[])
     mbedtls_ssl_config_init(&conf);
     mbedtls_x509_crt_init(&cacert);
     mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf("\n  . Seeding the random number generator...");
     fflush(stdout);
 
-    mbedtls_entropy_init(&entropy);
     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                      (const unsigned char *) pers,
                                      strlen(pers))) != 0) {
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 93d5bfed03..631cfcdbc7 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -111,16 +111,6 @@ int main(void)
     mbedtls_ssl_cache_context cache;
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     mbedtls_net_init(&listen_fd);
     mbedtls_net_init(&client_fd);
     mbedtls_ssl_init(&ssl);
@@ -134,6 +124,16 @@ int main(void)
     mbedtls_entropy_init(&entropy);
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_debug_set_threshold(DEBUG_LEVEL);
 #endif
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 58e3d787b1..3a629b0255 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -170,6 +170,17 @@ int main(void)
     mbedtls_ssl_config conf;
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
+    /*
+     * 0. Initialize and setup stuff
+     */
+    mbedtls_net_init(&server_fd);
+    mbedtls_ssl_init(&ssl);
+    mbedtls_ssl_config_init(&conf);
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_crt_init(&ca);
+#endif
+    mbedtls_entropy_init(&entropy);
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -180,17 +191,6 @@ int main(void)
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    /*
-     * 0. Initialize and setup stuff
-     */
-    mbedtls_net_init(&server_fd);
-    mbedtls_ssl_init(&ssl);
-    mbedtls_ssl_config_init(&conf);
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_x509_crt_init(&ca);
-#endif
-
-    mbedtls_entropy_init(&entropy);
     if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                               (const unsigned char *) pers, strlen(pers)) != 0) {
         ret = ctr_drbg_seed_failed;
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 1c68d1cd82..c30f7b8ab7 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -87,6 +87,16 @@ int main(void)
     mbedtls_debug_set_threshold(DEBUG_LEVEL);
 #endif
 
+    /*
+     * 0. Initialize the RNG and the session data
+     */
+    mbedtls_net_init(&server_fd);
+    mbedtls_ssl_init(&ssl);
+    mbedtls_ssl_config_init(&conf);
+    mbedtls_x509_crt_init(&cacert);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(&entropy);
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -96,19 +106,10 @@ int main(void)
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    /*
-     * 0. Initialize the RNG and the session data
-     */
-    mbedtls_net_init(&server_fd);
-    mbedtls_ssl_init(&ssl);
-    mbedtls_ssl_config_init(&conf);
-    mbedtls_x509_crt_init(&cacert);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
     mbedtls_printf("\n  . Seeding the random number generator...");
     fflush(stdout);
 
-    mbedtls_entropy_init(&entropy);
+
     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                      (const unsigned char *) pers,
                                      strlen(pers))) != 0) {
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index df8da055db..d75bb3c596 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -100,15 +100,6 @@ int main(void)
     mbedtls_x509_crt srvcert;
     mbedtls_pk_context pkey;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     mbedtls_net_init(&listen_fd);
     mbedtls_net_init(&client_fd);
     mbedtls_ssl_init(&ssl);
@@ -118,6 +109,15 @@ int main(void)
     mbedtls_x509_crt_init(&srvcert);
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     signal(SIGCHLD, SIG_IGN);
 
     /*
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index decbdbb3f5..a9742a2eb0 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -355,15 +355,6 @@ int main(int argc, char *argv[])
     char *p, *q;
     const int *list;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     /*
      * Make sure memory references are valid in case we exit early.
      */
@@ -375,6 +366,16 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt_init(&clicert);
     mbedtls_pk_init(&pkey);
     mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc < 2) {
 usage:
@@ -464,7 +465,6 @@ usage:
     mbedtls_printf("\n  . Seeding the random number generator...");
     fflush(stdout);
 
-    mbedtls_entropy_init(&entropy);
     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                      (const unsigned char *) pers,
                                      strlen(pers))) != 0) {
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index ba28b254e0..14fc6a4633 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -311,16 +311,6 @@ int main(void)
     mbedtls_ssl_cache_context cache;
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
 #endif
@@ -347,6 +337,16 @@ int main(void)
      */
     mbedtls_entropy_init(&entropy);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     /*
      * 1. Load the certificates and private RSA key
      */
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index c0a09a233c..d4e0dbc569 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -97,16 +97,6 @@ int main(void)
     mbedtls_ssl_cache_context cache;
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     mbedtls_net_init(&listen_fd);
     mbedtls_net_init(&client_fd);
     mbedtls_ssl_init(&ssl);
@@ -119,6 +109,16 @@ int main(void)
     mbedtls_entropy_init(&entropy);
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_debug_set_threshold(DEBUG_LEVEL);
 #endif
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 4fae3b2d99..07016e49f1 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -149,15 +149,6 @@ int main(int argc, char *argv[])
     char *p, *q;
     const char *pers = "cert_app";
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     /*
      * Set to sane values
      */
@@ -175,6 +166,15 @@ int main(int argc, char *argv[])
     memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 2f4bd0e127..a3fd6e2dc9 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -155,6 +155,15 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_context ctr_drbg;
     const char *pers = "csr example app";
 
+    /*
+     * Set to sane values
+     */
+    mbedtls_x509write_csr_init(&req);
+    mbedtls_pk_init(&key);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    memset(buf, 0, sizeof(buf));
+    mbedtls_entropy_init(&entropy);
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -164,14 +173,6 @@ int main(int argc, char *argv[])
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    /*
-     * Set to sane values
-     */
-    mbedtls_x509write_csr_init(&req);
-    mbedtls_pk_init(&key);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    memset(buf, 0, sizeof(buf));
-
     if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
@@ -303,7 +304,6 @@ usage:
     mbedtls_printf("  . Seeding the random number generator...");
     fflush(stdout);
 
-    mbedtls_entropy_init(&entropy);
     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                      (const unsigned char *) pers,
                                      strlen(pers))) != 0) {
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 18a05caef9..f7cf7121c8 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -226,15 +226,6 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_context ctr_drbg;
     const char *pers = "crt example app";
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     /*
      * Set to sane values
      */
@@ -250,6 +241,15 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt_init(&issuer_crt);
     memset(buf, 0, 1024);
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+                        (int) status);
+        goto exit;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 5a07963778..1208f040fb 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -67,6 +67,11 @@ int main(int argc, char *argv[])
     int i;
     char *p, *q;
 
+    /*
+     * Set to sane values
+     */
+    mbedtls_x509_crl_init(&crl);
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -76,11 +81,6 @@ int main(int argc, char *argv[])
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    /*
-     * Set to sane values
-     */
-    mbedtls_x509_crl_init(&crl);
-
     if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index a5fb1b6ac2..07cbd4fb7c 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -67,6 +67,11 @@ int main(int argc, char *argv[])
     int i;
     char *p, *q;
 
+    /*
+     * Set to sane values
+     */
+    mbedtls_x509_csr_init(&csr);
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -76,11 +81,6 @@ int main(int argc, char *argv[])
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    /*
-     * Set to sane values
-     */
-    mbedtls_x509_csr_init(&csr);
-
     if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);