extmod/modssl_mbedtls: Call func psa_crypto_init if PSA is used.

Whenever the PSA interface is used (if MBEDTLS_PSA_CRYPTO is defined),
psa_crypto_init() needs to be called to initialise the global PSA data
struct, before any PSA related operations.

TLSv1.3 depends on the PSA interface, TLSv1.2 only uses the PSA stack if
MBEDTLS_USE_PSA_CRYPTO is defined.

Without psa_crypto_init() every PSA related call will result in
-0x6C00/-27648 which translates to "SSL - Internal error (eg, unexpected
failure in lower-level module)".

The error is misleading, especially since mbedtls in its docs itself
advices "to return #PSA_ERROR_BAD_STATE or some other applicable error.".

Signed-off-by: Mirko Vogt <mirko-dev|mpy@nanl.de>
This commit is contained in:
Mirko Vogt 2023-08-01 09:53:14 +00:00 committed by Damien George
parent ffb43b2dd3
commit 1b03518e37
1 changed files with 6 additions and 0 deletions

View File

@ -168,6 +168,12 @@ STATIC mp_obj_t ssl_context_make_new(const mp_obj_type_t *type_in, size_t n_args
mbedtls_debug_set_threshold(3);
#endif
// Whenever the PSA interface is used (if MBEDTLS_PSA_CRYPTO), psa_crypto_init() needs to be called before any TLS related operations.
// TLSv1.3 depends on the PSA interface, TLSv1.2 only uses the PSA stack if MBEDTLS_USE_PSA_CRYPTO is defined.
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_USE_PSA_CRYPTO)
psa_crypto_init();
#endif
const byte seed[] = "upy";
int ret = mbedtls_ctr_drbg_seed(&self->ctr_drbg, mbedtls_entropy_func, &self->entropy, seed, sizeof(seed));
if (ret != 0) {