Add missing PSA (Platform Security Architecture) cryptography API initialization

It is mandatory when PSA is used which is, in turn, mandatory when using TLS 1.3 (`MBEDTLS_SSL_PROTO_TLS1_3`). When not being initialized, the server will finish startup but any encrypted traffic will cause errors deep inside the mbedTLS library (return code `0x6c00 == MBEDTLS_ERR_SSL_INTERNAL_ERROR`).

Signed-off-by: DL6ER <dl6er@dl6er.de>

src/mod_mbedtls.inl

@@ -88,6 +88,18 @@ mbed_sslctx_init(SSL_CTX *ctx, const char *crt)
 	mbedtls_ctr_drbg_init(&ctx->ctr);
 	mbedtls_x509_crt_init(&ctx->cert);
 
+#ifdef MBEDTLS_PSA_CRYPTO_C
+	/* Initialize PSA crypto (mandatory with TLS 1.3)
+	 * This must be done before calling any other PSA Crypto
+	 * functions or they will fail with PSA_ERROR_BAD_STATE
+	 */
+	const psa_status_t status = psa_crypto_init();
+	if (status != PSA_SUCCESS) {
+		DEBUG_TRACE("Failed to initialize PSA crypto, returned %d\n", (int) status);
+		return -1;
+	}
+#endif
+
 	rc = mbedtls_ctr_drbg_seed(&ctx->ctr,
 	                           mbedtls_entropy_func,
 	                           &ctx->entropy,