Don't call mbedtls_cipher_setkey twice
The documentation doesn't explicitly say whether it's allowed or not.
This currently works with the default software implementation, but
only by accident. It isn't guaranteed to work with new ciphers or with
alternative implementations of individual ciphers, and it doesn't work
with the PSA wrappers. So don't do it.
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 9a0637e..f35bbbf 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1011,6 +1011,20 @@
TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
/* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
+ TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == 0 );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( use_psa == 1 )
+ {
+ TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ),
+ tag->len ) );
+ }
+ else
+#endif
+ {
+ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ) ) );
+ }
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
MBEDTLS_ENCRYPT ) );