Use proper secrets for handshake

tmshort · tmshort · commit b03fee6ae4b5 · 2019-08-30T09:11:06.000-04:00
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
@@ -1357,6 +1357,8 @@ struct ssl_st {
     unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
     unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
     unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE];
     unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
     unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
     EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
diff --git a/ssl/ssl_quic.c b/ssl/ssl_quic.c
@@ -194,8 +194,8 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level)
         s2c_secret = ssl->early_secret;
         break;
     case ssl_encryption_handshake:
-        c2s_secret = ssl->client_finished_secret;
-        s2c_secret = ssl->server_finished_secret;
+        c2s_secret = ssl->client_hand_traffic_secret;
+        s2c_secret = ssl->server_hand_traffic_secret;
         break;
     case ssl_encryption_application:
         c2s_secret = ssl->client_app_traffic_secret;
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
@@ -739,6 +739,10 @@ int tls13_change_cipher_state(SSL *s, int which)
         }
     } else if (label == client_application_traffic)
         memcpy(s->client_app_traffic_secret, secret, hashlen);
+    else if (label == client_handshake_traffic)
+        memcpy(s->client_hand_traffic_secret, secret, hashlen);
+    else if (label == server_handshake_traffic)
+        memcpy(s->server_hand_traffic_secret, secret, hashlen);
 
     if (!ssl_log_secret(s, log_label, secret, hashlen)) {
         /* SSLfatal() already called */
