From ae71576f748dea17b9a55e83ae9a62c5f78595ae Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Mon, 14 Nov 2022 19:09:45 -0500
Subject: [PATCH] ssl_tls12_populate_transform using PSA_ALG_AEAD

- ssl_tls12_populate_transform using PSA_ALG_AEAD_WITH_SHORTENED_TAG()
  instead of calling mbedtls_ssl_cipher_to_psa()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
 library/ssl_tls.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 42a80dbd351..5d677a819f6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7492,12 +7492,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
 
     if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
     {
-        transform->taglen =
-            ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+        transform->taglen = 16;
+        if ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG )
+        {
+            transform->taglen = 8;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher, transform->taglen,
-                                   &alg, &key_type, &key_bits );
+            alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 8 );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
+        }
     }
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
     else