From 37fa2d1ebe851323d27f190b1ffd5960977532eb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Oct 2024 20:00:27 +0100 Subject: [PATCH] Re-add special case for 3.6 Take into account the fact that TLS 1.3 auto-calls psa_crypto_init() Signed-off-by: David Horstmann --- tests/include/test/psa_crypto_helpers.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 483c3203ce..dc2f4ebdbf 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -345,9 +345,19 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #USE_PSA_INIT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_USE_PSA_CRYPTO) \ + || (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_SSL_PROTO_TLS1_3)) #define USE_PSA_INIT() PSA_INIT() #define USE_PSA_DONE() PSA_DONE() +#elif (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_SSL_PROTO_TLS1_3)) +/* TLS 1.3 must work without having called psa_crypto_init(), for backward + * compatibility with Mbed TLS <= 3.5 when connecting with a peer that + * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init() + * and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */ +#define USE_PSA_INIT() ((void) 0) +/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly, + * otherwise Asan and Valgrind would notice a resource leak. */ +#define USE_PSA_DONE() PSA_DONE() #else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* Define empty macros so that we can use them in the preamble and teardown * of every test function that uses PSA conditionally based on