diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 504d897895..28090ebcb5 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1506,17 +1506,16 @@ cleanup: int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl ) { - int ret = 0; - + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_type; - - unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_compute_resumption_master_secret" ) ); - md_type = ssl->handshake->ciphersuite_info->mac; + md_type = handshake->ciphersuite_info->mac; ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, transcript, sizeof( transcript ), @@ -1526,20 +1525,21 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl ret = mbedtls_ssl_tls13_derive_resumption_master_secret( mbedtls_psa_translate_md( md_type ), - ssl->handshake->tls13_master_secrets.app, + handshake->tls13_master_secrets.app, transcript, transcript_len, &ssl->session_negotiate->app_secrets ); if( ret != 0 ) return( ret ); /* Erase master secrets */ - mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets, - sizeof( ssl->handshake->tls13_master_secrets ) ); + mbedtls_platform_zeroize( &handshake->tls13_master_secrets, + sizeof( handshake->tls13_master_secrets ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret", ssl->session_negotiate->app_secrets.resumption_master_secret, mbedtls_md_get_size( mbedtls_md_info_from_type( md_type ) ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_compute_resumption_master_secret" ) ); return( 0 );