psa: Initialize crypto in tests that need to

Don't unconditionally enable PSA Crypto for all tests. Only enable it in
tests that require it. This allows crypto tests to check that
psa_crypto_init() fails when it is supposed to fail, since we want to
perform some action in a test, and then call psa_crypto_init() and check
the result without it having been called previously.

Author: Patater

tests/suites/main_test.function

@@ -255,20 +255,6 @@ int main( int argc, const char *argv[] )
         return( -1 );
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    {
-        psa_status_t status;
-        status = psa_crypto_init();
-        if( status != PSA_SUCCESS )
-        {
-            mbedtls_fprintf( stderr,
-                          "FATAL: Failed to initialize PSA Crypto - error %d\n",
-                          status );
-            return( -1 );
-        }
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
     ret = execute_tests( argc, argv );
     platform_teardown();
     return( ret );

tests/suites/test_suite_cipher.function

@@ -962,6 +962,8 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
 #else
     if( use_psa == 1 )
     {
+        TEST_ASSERT( psa_crypto_init() == 0 );
+
         /* PSA requires that the tag immediately follows the ciphertext. */
         tmp_cipher = mbedtls_calloc( 1, cipher->len + tag->len );
         TEST_ASSERT( tmp_cipher != NULL );
@@ -1104,6 +1106,7 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key,
 #else
     if( use_psa == 1 )
     {
+        TEST_ASSERT( psa_crypto_init() == 0 );
         TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
                               mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
     }

tests/suites/test_suite_pk.function

@@ -124,6 +124,8 @@ void pk_psa_utils(  )
     size_t len;
     mbedtls_pk_debug_item dbg;
 
+    TEST_ASSERT( psa_crypto_init() == 0 );
+
     mbedtls_pk_init( &pk );
     mbedtls_pk_init( &pk2 );
 

tests/suites/test_suite_x509parse.function

@@ -334,6 +334,10 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
     char *      cn_name = NULL;
     const mbedtls_x509_crt_profile *profile;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
     mbedtls_x509_crt_init( &crt );
     mbedtls_x509_crt_init( &ca );
     mbedtls_x509_crl_init( &crl );
@@ -387,6 +391,10 @@ void x509_verify_callback( char *crt_file, char *ca_file, char *name,
     uint32_t flags = 0;
     verify_print_context vrfy_ctx;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
     mbedtls_x509_crt_init( &crt );
     mbedtls_x509_crt_init( &ca );
     verify_print_init( &vrfy_ctx );
@@ -605,6 +613,10 @@ void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
     uint32_t flags;
     mbedtls_x509_crt trusted, chain;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
     /*
      * We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
      * with NN.crt signed by NN-1.crt
@@ -646,6 +658,10 @@ void mbedtls_x509_crt_verify_chain(  char *chain_paths, char *trusted_ca,
     mbedtls_x509_crt trusted, chain;
     const mbedtls_x509_crt_profile *profile = NULL;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
     mbedtls_x509_crt_init( &chain );
     mbedtls_x509_crt_init( &trusted );