From 929956d16a9d645ab18f733a2dcdb15660b9f4a8 Mon Sep 17 00:00:00 2001
From: Lingkai Dong <lingkai.dong@arm.com>
Date: Tue, 29 Jun 2021 17:43:10 +0100
Subject: [PATCH] TLSSocketWrapper: Initialize PSA Crypto if used by Mbed TLS

When `MBEDTLS_USE_PSA_CRYPTO` is set, Mbed TLS uses the PSA Crypto API
where possible. It is necessary to initialize PSA Crypto beforehand.
---
 connectivity/netsocket/source/TLSSocketWrapper.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/connectivity/netsocket/source/TLSSocketWrapper.cpp b/connectivity/netsocket/source/TLSSocketWrapper.cpp
index d3f06c96bd..9879af9e91 100644
--- a/connectivity/netsocket/source/TLSSocketWrapper.cpp
+++ b/connectivity/netsocket/source/TLSSocketWrapper.cpp
@@ -28,6 +28,10 @@
 #include "mbed_error.h"
 #include "rtos/Kernel.h"
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
 // This class requires Mbed TLS SSL/TLS client code
 #if defined(MBEDTLS_SSL_CLI_C)
 
@@ -41,6 +45,16 @@ TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, cont
     _clicert_allocated(false),
     _ssl_conf_allocated(false)
 {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    // It is safe to call psa_crypto_init() any number of times as
+    // defined by the PSA Crypto API. There is no standard "deinit"
+    // function.
+    psa_status_t status = psa_crypto_init();
+    if (status != PSA_SUCCESS) {
+        tr_err("psa_crypto_init() failed (" PRIu32 ")", status);
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_PLATFORM_C)
     int ret = mbedtls_platform_setup(nullptr);
     if (ret != 0) {