diff --git a/library/ssl_client.c b/library/ssl_client.c index 2a9868a601..73a854d61b 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -848,6 +848,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) defined(MBEDTLS_HAVE_TIME) /* Check if a tls13 ticket has been configured. */ if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + ssl->handshake->resume != 0 && ssl->session_negotiate != NULL && ssl->session_negotiate->ticket != NULL ) { diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0450b3d77f..afacb76f01 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1911,10 +1911,6 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( size_t *out_len ); #endif /* MBEDTLS_ECDH_C */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, - int ciphersuite, - psa_algorithm_t *psa_alg ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 892a868482..616df07de8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1373,15 +1373,6 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session if( ssl->handshake->resume == 1 ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ( ( ret = mbedtls_ssl_tls13_ciphersuite_to_alg( - ssl, session->ciphersuite, NULL ) ) != 0 ) ) - { - return( ret ); - } -#endif - if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) return( ret ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7b85c70e57..b0c2a3fb35 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -668,19 +668,17 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, static psa_algorithm_t ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, int ciphersuite ) { + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - psa_algorithm_t psa_alg; - if( mbedtls_ssl_tls13_ciphersuite_to_alg( - ssl, ciphersuite, &psa_alg ) != 0 ) + if( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, + MBEDTLS_SSL_VERSION_TLS1_3, + MBEDTLS_SSL_VERSION_TLS1_3 ) == 0 ) { - /* ciphersuite is `ssl->session_negotiate->ciphersuite` or - * PSA_ALG_SHA256, both are validated before writting pre_shared_key. - */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); - return( PSA_ALG_NONE ); + return( mbedtls_psa_translate_md( ciphersuite_info->mac ) ); } - - return( psa_alg ); + return( PSA_ALG_NONE ); } #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 56841c4ed1..abb7a14816 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1485,36 +1485,4 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ -int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, - int ciphersuite, - psa_algorithm_t *psa_alg ) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; - psa_algorithm_t alg; - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - if( psa_alg ) - *psa_alg = PSA_ALG_NONE; - - if( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, - MBEDTLS_SSL_VERSION_TLS1_3, - MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } - - alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); - if( alg == PSA_ALG_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } - - if( psa_alg ) - *psa_alg = alg; - return( 0 ); -} - #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */