TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6b980011e512cbf8d26f042010e478499b223308^! / . / library
commit6b980011e512cbf8d26f042010e478499b223308[log] [tgz]
authorXiaokang Qian <xiaokang.qian@arm.com>Tue Feb 07 03:17:45 2023 +0000
committerXiaokang Qian <xiaokang.qian@arm.com>Wed Feb 08 05:47:48 2023 +0000
tree008808845e4ac7e2bc474ae18fd89e7d157415cb
parent53c4c27d3514931e97404497368eb2f771359620 [diff]
Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index e8f7931..f7f9f99 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -1712,11 +1712,6 @@
     mbedtls_ssl_optimize_checksum(ssl, ciphersuite_info);
 
     handshake->ciphersuite_info = ciphersuite_info;
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if (handshake->resume == 0)
-#endif
-    ssl->session_negotiate->ciphersuite = cipher_suite;
-
     MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: ( %04x ) - %s",
                               cipher_suite, ciphersuite_info->name));
 

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 513937e..4fb73f9 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -1378,9 +1378,8 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char hash_transcript[PSA_HASH_MAX_SIZE + 4];
     size_t hash_len;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite);
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+        ssl->handshake->ciphersuite_info;
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR"));
 

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index b92f12e..2e34ee8 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c

@@ -1238,7 +1238,7 @@
     ret = mbedtls_ssl_tls13_populate_transform(
         transform_earlydata,
         ssl->conf->endpoint,
-        ssl->session_negotiate->ciphersuite,
+        handshake->ciphersuite_info->id,
         &traffic_keys,
         ssl);
     if (ret != 0) {
@@ -1699,7 +1699,7 @@
     ret = mbedtls_ssl_tls13_populate_transform(
         transform_handshake,
         ssl->conf->endpoint,
-        ssl->session_negotiate->ciphersuite,
+        handshake->ciphersuite_info->id,
         &traffic_keys,
         ssl);
     if (ret != 0) {
@@ -1789,7 +1789,7 @@
     ret = mbedtls_ssl_tls13_populate_transform(
         transform_application,
         ssl->conf->endpoint,
-        ssl->session_negotiate->ciphersuite,
+        ssl->handshake->ciphersuite_info->id,
         &traffic_keys,
         ssl);
     if (ret != 0) {