extmod/modssl_mbedtls: Call func psa_crypto_init if PSA is used.
Whenever the PSA interface is used (if MBEDTLS_PSA_CRYPTO is defined), psa_crypto_init() needs to be called to initialise the global PSA data struct, before any PSA related operations. TLSv1.3 depends on the PSA interface, TLSv1.2 only uses the PSA stack if MBEDTLS_USE_PSA_CRYPTO is defined. Without psa_crypto_init() every PSA related call will result in -0x6C00/-27648 which translates to "SSL - Internal error (eg, unexpected failure in lower-level module)". The error is misleading, especially since mbedtls in its docs itself advices "to return #PSA_ERROR_BAD_STATE or some other applicable error.". Signed-off-by: Mirko Vogt <mirko-dev|mpy@nanl.de>
This commit is contained in:
parent
ffb43b2dd3
commit
1b03518e37
|
@ -168,6 +168,12 @@ STATIC mp_obj_t ssl_context_make_new(const mp_obj_type_t *type_in, size_t n_args
|
|||
mbedtls_debug_set_threshold(3);
|
||||
#endif
|
||||
|
||||
// Whenever the PSA interface is used (if MBEDTLS_PSA_CRYPTO), psa_crypto_init() needs to be called before any TLS related operations.
|
||||
// TLSv1.3 depends on the PSA interface, TLSv1.2 only uses the PSA stack if MBEDTLS_USE_PSA_CRYPTO is defined.
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_crypto_init();
|
||||
#endif
|
||||
|
||||
const byte seed[] = "upy";
|
||||
int ret = mbedtls_ctr_drbg_seed(&self->ctr_drbg, mbedtls_entropy_func, &self->entropy, seed, sizeof(seed));
|
||||
if (ret != 0) {
|
||||
|
|
Loading…
Reference in New Issue