mbedtls-3.0: Fixed ESP32 build issues

- Added MBEDLTS_PRIVATE(...) wherever necessary - For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL - For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this. Currently, corresponding snippet has been commented. - Examples tested: hello-world | https_request | wifi_prov_mgr mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues - Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port - DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument - Added MBEDTLS_PRIVATE(...) wherever required mbedtls-3.0: Fixed ESP32-S2 build issues - Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module mbedtls-3.0: Fixed ESP32-H2 build issues ci: Fixing build stage - Added MBEDTLS_PRIVATE(...) wherever required - Added RNG function parameter - Updated GCM Module changes - Updated Copyright notices - Tests: - build_esp_idf_tests_cmake_esp32 - build_esp_idf_tests_cmake_esp32s2 - build_esp_idf_tests_cmake_esp32c3 - build_esp_idf_tests_cmake_esp32s3 ci: Fixing build stage (mbedtls-related changes) - Added MBEDTLS_PRIVATE(...) wherever required - Updated SHAXXX functions - Updated esp_config according to mbedtls changes - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 ci: Fixing build stage (example-related changes) - Added MBEDTLS_PRIVATE(...) wherever required - Updated SHAXXX functions - Updated esp_config according to mbedtls changes - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 ci: Fixing target_test stage - Updated test SSL version to TLS_v1_2 - Tests: - example_test_protocols 1/2 ci: Fixing build stage - Added checks for MBEDTLS_DHM_C (disabled by default) - Updated esp_cryptoauthlib submodule - Updated factory partition size for legacy BLE provisioning example - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2025-08-31 06:12:42 +00:00 · 2021-08-09 15:28:36 +05:30
parent 45122533e0
commit 3b71bd7326
44 changed files with 635 additions and 517 deletions
--- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c
+++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c
@@ -125,7 +125,7 @@ struct crypto_ec_group *crypto_ec_get_group_byname(const char *name)

 	mbedtls_ecp_group_init( &e->group );

-	if (mbedtls_ecp_group_load(&e->group, curve->grp_id)) {
+	if (mbedtls_ecp_group_load(&e->group, curve->MBEDTLS_PRIVATE(grp_id))) {
 		crypto_ec_deinit(e);
 		e = NULL;
 	}
@@ -157,7 +157,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e,
 	int len = mbedtls_mpi_size(&e->group.P);

 	if (x) {
-		if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->X,
+		if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(X),
 					x, len, len) < 0) {
 			return -1;
 		}
@@ -165,7 +165,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e,
 	}

 	if (y) {
-		if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->Y,
+		if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(Y),
 					y, len, len) < 0) {
 			return -1;
 		}
@@ -180,17 +180,17 @@ int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point
 	int ret = -1;
 	mbedtls_ecp_point *point = (mbedtls_ecp_point *)pt;

-	if (!mbedtls_ecp_is_zero(point)  && (mbedtls_mpi_cmp_int( &point->Z, 1 ) == 0 )) {
+	if (!mbedtls_ecp_is_zero(point)  && (mbedtls_mpi_cmp_int( &point->MBEDTLS_PRIVATE(Z), 1 ) == 0 )) {
 		// Affine coordinates mean that z should be 1,
 		wpa_printf(MSG_ERROR, "Z coordinate is neither 0 or 1");
 		return -1;
 	}

 	if (x) {
-		MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->X));
+		MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(X)));
 	}
 	if (y) {
-		MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->Y));
+		MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(Y)));
 	}
 	return 0;
 cleanup:
@@ -215,9 +215,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e,
 	}
 	mbedtls_ecp_point_init(pt);

-	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len));
-	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y, val + len, len));
-	MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->Z), 1));
+	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(X), val, len));
+	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(Y), val + len, len));
+	MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->MBEDTLS_PRIVATE(Z)), 1));

 	return (struct crypto_ec_point *) pt;

@@ -287,8 +287,8 @@ static int ecp_opp(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbe
 	}

 	/* In-place opposite */
-	if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) {
-		MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y));
+	if (mbedtls_mpi_cmp_int(&R->MBEDTLS_PRIVATE(Y), 0) != 0) {
+		MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->MBEDTLS_PRIVATE(Y), &grp->P, &R->MBEDTLS_PRIVATE(Y)));
 	}

 cleanup:
@@ -309,7 +309,7 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
 	mbedtls_mpi_init(&temp);
 	int ret = 0;

-	y = &((mbedtls_ecp_point *)p)->Y;
+	y = &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y);

 	/* Faster way to find sqrt
 	 * Works only with curves having prime p
@@ -333,8 +333,8 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
 		if (y_bit != mbedtls_mpi_get_bit(y, 0))
 			MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(y, &e->group.P, y));

-		MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->X, (const mbedtls_mpi*) x));
-		MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->Z, 1));
+		MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->MBEDTLS_PRIVATE(X), (const mbedtls_mpi*) x));
+		MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z), 1));
 	} else {
 		ret = 1;
 	}
@@ -418,9 +418,9 @@ int crypto_ec_point_is_on_curve(struct crypto_ec *e,

 	/* Calculate y^2  mod P*/
 	MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&two, 2));
-	MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->Y , &two, &e->group.P, NULL));
+	MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y) , &two, &e->group.P, NULL));

-	y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->X);
+	y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X));

 	if (y_sqr_rhs && (mbedtls_mpi_cmp_mpi(y_sqr_rhs, &y_sqr_lhs) == 0)) {
 		on_curve = 1;
@@ -443,7 +443,7 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
 }
 int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2)
 {
-	if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2) < 0)
+	if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2, NULL, NULL) < 0)
 		return 0;

 	return 1;
@@ -513,8 +513,8 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 	if( ( ret = mbedtls_pk_setup( key,
 					mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 )
 		goto fail;
-	mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point);
-	mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1);
+	mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point);
+	mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);

 	pkey = (struct crypto_key *)key;
 	crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
@@ -540,7 +540,7 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
 {
 	mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;

-	return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->Q;
+	return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(Q);
 }


@@ -568,14 +568,14 @@ struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key)
 {
 	mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;

-	return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->grp);
+	return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(grp));
 }

 struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key)
 {
 	mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;

-	return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->d));
+	return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(d)));
 }

 int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
@@ -624,7 +624,7 @@ struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
 		wpa_printf(MSG_ERROR, "memory allocation failed\n");
 		return NULL;
 	}
-	ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0);
+	ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0, crypto_rng_wrapper, NULL);

 	if (ret < 0) {
 		//crypto_print_error_string(ret);
@@ -744,8 +744,8 @@ int crypto_ecdsa_get_sign(unsigned char *hash,
 	if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0) {
 		goto fail;
 	}
-	ret = mbedtls_ecdsa_sign(&ctx->grp, (mbedtls_mpi *)r, (mbedtls_mpi *)s,
-			&ctx->d, hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL);
+	ret = mbedtls_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), (mbedtls_mpi *)r, (mbedtls_mpi *)s,
+			&ctx->MBEDTLS_PRIVATE(d), hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL);

 fail:
 	mbedtls_ecdsa_free(ctx);
@@ -770,8 +770,8 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
 	if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0)
 		return ret;

-	if((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
-					&ctx->Q, (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
+	if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
+					&ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
 		wpa_printf(MSG_ERROR, "ecdsa verification failed\n");
 		return ret;
 	}
@@ -858,7 +858,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
 	const char *oid;
 	size_t oid_len;

-	if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
+	if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->MBEDTLS_PRIVATE(grp).id, &oid, &oid_len ) ) != 0 )
 		return( ret );

 	MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
@@ -873,7 +873,7 @@ static int pk_write_ec_pubkey_formatted( unsigned char **p, unsigned char *start
 	size_t len = 0;
 	unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];

-	if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
+	if( ( ret = mbedtls_ecp_point_write_binary( &ec->MBEDTLS_PRIVATE(grp), &ec->MBEDTLS_PRIVATE(Q),
 					format,
 					&len, buf, sizeof( buf ) ) ) != 0 )
 	{
--- a/components/wpa_supplicant/src/crypto/crypto_mbedtls.c
+++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls.c
@@ -399,12 +399,12 @@ static int crypto_init_cipher_ctx(mbedtls_cipher_context_t *ctx,
 		return -1;
 	}

-	if (mbedtls_cipher_setkey(ctx, key, cipher_info->key_bitlen,
+	if (mbedtls_cipher_setkey(ctx, key, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
 				 operation) != 0) {
 		wpa_printf(MSG_ERROR, "mbedtls_cipher_setkey returned error");
 		return -1;
 	}
-	if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->iv_size) != 0) {
+	if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->MBEDTLS_PRIVATE(iv_size)) != 0) {
 		wpa_printf(MSG_ERROR, "mbedtls_cipher_set_iv returned error");
 		return -1;
 	}
--- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c
+++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c
@@ -456,7 +456,7 @@ static void tls_set_ciphersuite(const struct tls_connection_params *cfg, tls_con
 	if (tls->ciphersuite[0]) {
 		mbedtls_ssl_conf_ciphersuites(&tls->conf, tls->ciphersuite);
 	} else if (mbedtls_pk_get_bitlen(&tls->clientkey) > 2048 ||
-		(tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->pk) > 2048)) {
+		(tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->MBEDTLS_PRIVATE(pk)) > 2048)) {
 		mbedtls_ssl_conf_ciphersuites(&tls->conf, eap_ciphersuite_preference);
 	}
 }
@@ -610,7 +610,7 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
 {
 	mbedtls_ssl_context *ssl = &conn->tls->ssl;

-	if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+	if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) {
 		return 1;
 	}

@@ -647,11 +647,11 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
 	}

 	/* Multiple reads */
-	while (tls->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
-		if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
+	while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
+		if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
 			/* Read random data before session completes, not present after handshake */
-			if (tls->ssl.handshake) {
-				os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
+			if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
+				os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
 					  TLS_RANDOM_LEN * 2);
 				conn->mac = tls->ssl.handshake->ciphersuite_info->mac;
 			}
@@ -666,6 +666,44 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
 		goto end;
 	}

+
+	/* State machine just started, get client hello */
+	if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_HELLO) {
+		ret = mbedtls_ssl_handshake_step(&tls->ssl);
+	}
+
+	if (ret < 0) {
+		wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
+		goto end;
+	}
+
+	/* Already read sever data till hello done */
+	if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
+		/* Read random data before session completes, not present after handshake */
+		if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
+			os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
+				  TLS_RANDOM_LEN * 2);
+		}
+
+		/* trigger state machine multiple times to reach till finish */
+		while (tls->ssl.MBEDTLS_PRIVATE(state) <= MBEDTLS_SSL_CLIENT_FINISHED) {
+			ret = mbedtls_ssl_handshake_step(&tls->ssl);
+			if (ret < 0) {
+				break;
+			}
+		}
+	}
+
+	/* Trigger state machine till handshake is complete or error occures */
+	if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_FLUSH_BUFFERS) {
+		while (tls->ssl.MBEDTLS_PRIVATE(state) <= MBEDTLS_SSL_HANDSHAKE_OVER) {
+			ret = mbedtls_ssl_handshake_step(&tls->ssl);
+			if (ret < 0) {
+				break;
+			}
+		}
+	}
+
 	if (!conn->tls_io_data.out_data) {
 		wpa_printf(MSG_INFO, "application data is null, adding one byte for ack");
 		u8 *dummy = os_zalloc(1);
@@ -754,8 +792,8 @@ cleanup:

 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
 {
-	if (conn && conn->tls && conn->tls->ssl.handshake) {
-		return conn->tls->ssl.handshake->resume;
+	if (conn && conn->tls && conn->tls->ssl.MBEDTLS_PRIVATE(handshake)) {
+		return conn->tls->ssl.MBEDTLS_PRIVATE(handshake)->resume;
 	}

 	return 0;
@@ -890,13 +928,14 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 	int ret;
 	u8 seed[2 * TLS_RANDOM_LEN];
 	mbedtls_ssl_context *ssl = &conn->tls->ssl;
+	mbedtls_ssl_transform *transform = ssl->MBEDTLS_PRIVATE(transform);

 	if (!ssl || !ssl->transform) {
 		wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__);
 		return -1;
 	}
-	if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
-		wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->state);
+	if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
+		wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state));
 		return -1;
 	}

@@ -908,16 +947,17 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 	}

 	wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
-	wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN);
+	wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN);

-	if (conn->mac == MBEDTLS_MD_SHA384) {
-		ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN,
+
+	if (ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info->MBEDTLS_PRIVATE(mac) == MBEDTLS_MD_SHA384) {
+		ret = tls_prf_sha384(ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN,
 				label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
-	} else if (conn->mac == MBEDTLS_MD_SHA256) {
-		ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN,
+	} else if (ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info->MBEDTLS_PRIVATE(mac) == MBEDTLS_MD_SHA256) {
+		ret = tls_prf_sha256(ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN,
 				label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
 	} else {
-		ret = tls_prf_sha1_md5(ssl->session->master, TLS_MASTER_SECRET_LEN,
+		ret = tls_prf_sha1_md5(ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN,
 				label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
 	}

@@ -970,14 +1010,14 @@ int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
 	mbedtls_ssl_context *ssl = &conn->tls->ssl;

 	os_memset(data, 0, sizeof(*data));
-	if (ssl->state == MBEDTLS_SSL_CLIENT_HELLO) {
+	if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_HELLO) {
 		return -1;
 	}

 	data->client_random = conn->randbytes;
 	data->client_random_len = TLS_RANDOM_LEN;

-	if (ssl->state != MBEDTLS_SSL_SERVER_HELLO) {
+	if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_SERVER_HELLO) {
 		data->server_random = conn->randbytes + TLS_RANDOM_LEN;
 		data->server_random_len = TLS_RANDOM_LEN;
 	}