From 6b980011e512cbf8d26f042010e478499b223308 Mon Sep 17 00:00:00 2001
From: Xiaokang Qian <xiaokang.qian@arm.com>
Date: Tue, 7 Feb 2023 03:17:45 +0000
Subject: [PATCH] Replace session_negotiate->ciphersuite with
 handshake->ciphersuite_info->id

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c  | 5 -----
 library/ssl_tls13_generic.c | 5 ++---
 library/ssl_tls13_keys.c    | 6 +++---
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index e8f79317ef..f7f9f99927 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1712,11 +1712,6 @@ static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl,
     mbedtls_ssl_optimize_checksum(ssl, ciphersuite_info);
 
     handshake->ciphersuite_info = ciphersuite_info;
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if (handshake->resume == 0)
-#endif
-    ssl->session_negotiate->ciphersuite = cipher_suite;
-
     MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: ( %04x ) - %s",
                               cipher_suite, ciphersuite_info->name));
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 513937e0e9..4fb73f91b9 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1378,9 +1378,8 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char hash_transcript[PSA_HASH_MAX_SIZE + 4];
     size_t hash_len;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite);
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+        ssl->handshake->ciphersuite_info;
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR"));
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index b92f12e6df..2e34ee8733 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1238,7 +1238,7 @@ int mbedtls_ssl_tls13_compute_early_transform(mbedtls_ssl_context *ssl)
     ret = mbedtls_ssl_tls13_populate_transform(
         transform_earlydata,
         ssl->conf->endpoint,
-        ssl->session_negotiate->ciphersuite,
+        handshake->ciphersuite_info->id,
         &traffic_keys,
         ssl);
     if (ret != 0) {
@@ -1699,7 +1699,7 @@ int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl)
     ret = mbedtls_ssl_tls13_populate_transform(
         transform_handshake,
         ssl->conf->endpoint,
-        ssl->session_negotiate->ciphersuite,
+        handshake->ciphersuite_info->id,
         &traffic_keys,
         ssl);
     if (ret != 0) {
@@ -1789,7 +1789,7 @@ int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl)
     ret = mbedtls_ssl_tls13_populate_transform(
         transform_application,
         ssl->conf->endpoint,
-        ssl->session_negotiate->ciphersuite,
+        ssl->handshake->ciphersuite_info->id,
         &traffic_keys,
         ssl);
     if (ret != 0) {