Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing Use a more straightforward condition to note that session resumption is happening. Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: 21b50808cdc379cee4533c4b4bddd75a56a246e5 [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 06 03:26:55 2022 -0400
committer: Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 06 03:26:55 2022 -0400
tree: af320305b4988945933c21574b0c3373021fab0d
parent: 3a29e9cf579948cc39fd84f34bb5a8f1a8701782 [diff]
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 3388f10..3f2ef31 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c

@@ -1644,7 +1644,12 @@
         }
     }
 
-    if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+    /*
+     * mbedtls_ssl_derive_keys() has to be called after the parsing of the
+     * extensions. It sets the transform data for the resumed session which in
+     * case of DTLS includes the server CID extracted from the CID extension.
+     */
+    if( ssl->handshake->resume )
     {
         if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
         {
commit	21b50808cdc379cee4533c4b4bddd75a56a246e5	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Jul 06 03:26:55 2022 -0400
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Jul 06 03:26:55 2022 -0400
tree	af320305b4988945933c21574b0c3373021fab0d
parent	3a29e9cf579948cc39fd84f34bb5a8f1a8701782 [diff]