From 1b03518e379208d4ee37362ee68ec6696c366efa Mon Sep 17 00:00:00 2001 From: Mirko Vogt Date: Tue, 1 Aug 2023 09:53:14 +0000 Subject: [PATCH] extmod/modssl_mbedtls: Call func psa_crypto_init if PSA is used. Whenever the PSA interface is used (if MBEDTLS_PSA_CRYPTO is defined), psa_crypto_init() needs to be called to initialise the global PSA data struct, before any PSA related operations. TLSv1.3 depends on the PSA interface, TLSv1.2 only uses the PSA stack if MBEDTLS_USE_PSA_CRYPTO is defined. Without psa_crypto_init() every PSA related call will result in -0x6C00/-27648 which translates to "SSL - Internal error (eg, unexpected failure in lower-level module)". The error is misleading, especially since mbedtls in its docs itself advices "to return #PSA_ERROR_BAD_STATE or some other applicable error.". Signed-off-by: Mirko Vogt --- extmod/modssl_mbedtls.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/extmod/modssl_mbedtls.c b/extmod/modssl_mbedtls.c index 445978e0c3..98baf572e4 100644 --- a/extmod/modssl_mbedtls.c +++ b/extmod/modssl_mbedtls.c @@ -168,6 +168,12 @@ STATIC mp_obj_t ssl_context_make_new(const mp_obj_type_t *type_in, size_t n_args mbedtls_debug_set_threshold(3); #endif + // Whenever the PSA interface is used (if MBEDTLS_PSA_CRYPTO), psa_crypto_init() needs to be called before any TLS related operations. + // TLSv1.3 depends on the PSA interface, TLSv1.2 only uses the PSA stack if MBEDTLS_USE_PSA_CRYPTO is defined. + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_USE_PSA_CRYPTO) + psa_crypto_init(); + #endif + const byte seed[] = "upy"; int ret = mbedtls_ctr_drbg_seed(&self->ctr_drbg, mbedtls_entropy_func, &self->entropy, seed, sizeof(seed)); if (ret != 0) {