From dd7b501c92366f9d1773eab9045a1f8769b6c4bb Mon Sep 17 00:00:00 2001
From: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 17 Jan 2022 15:28:57 +0100
Subject: [PATCH] Move PSA init after taglen is set

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/ssl_tls13_keys.c | 42 ++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index af01a0428f..e7c8e722c6 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -900,6 +900,27 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
         return( ret );
     }
 
+    /*
+     * Setup other fields in SSL transform
+     */
+
+    if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 )
+        transform->taglen  = 8;
+    else
+        transform->taglen  = 16;
+
+    transform->ivlen       = traffic_keys->iv_len;
+    transform->maclen      = 0;
+    transform->fixed_ivlen = transform->ivlen;
+    transform->minor_ver   = MBEDTLS_SSL_MINOR_VERSION_4;
+
+    /* We add the true record content type (1 Byte) to the plaintext and
+     * then pad to the configured granularity. The mimimum length of the
+     * type-extended and padded plaintext is therefore the padding
+     * granularity. */
+    transform->minlen =
+        transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ( status = mbedtls_cipher_to_psa( cipher_info->type,
                                  transform->taglen,
@@ -934,27 +955,6 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    /*
-     * Setup other fields in SSL transform
-     */
-
-    if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 )
-        transform->taglen  = 8;
-    else
-        transform->taglen  = 16;
-
-    transform->ivlen       = traffic_keys->iv_len;
-    transform->maclen      = 0;
-    transform->fixed_ivlen = transform->ivlen;
-    transform->minor_ver   = MBEDTLS_SSL_MINOR_VERSION_4;
-
-    /* We add the true record content type (1 Byte) to the plaintext and
-     * then pad to the configured granularity. The mimimum length of the
-     * type-extended and padded plaintext is therefore the padding
-     * granularity. */
-    transform->minlen =
-        transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
-
     return( 0 );
 }