From b03fee6ae4b578f1f49c91b9afb37faae91d7167 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Thu, 15 Aug 2019 12:37:03 -0400 Subject: [PATCH] Use proper secrets for handshake --- ssl/ssl_locl.h | 2 ++ ssl/ssl_quic.c | 4 ++-- ssl/tls13_enc.c | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 11eb4e38cab73..fb42c32affd17 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1357,6 +1357,8 @@ struct ssl_st { unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ diff --git a/ssl/ssl_quic.c b/ssl/ssl_quic.c index 1dd29394a486b..c59f6c6f9478e 100644 --- a/ssl/ssl_quic.c +++ b/ssl/ssl_quic.c @@ -194,8 +194,8 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) s2c_secret = ssl->early_secret; break; case ssl_encryption_handshake: - c2s_secret = ssl->client_finished_secret; - s2c_secret = ssl->server_finished_secret; + c2s_secret = ssl->client_hand_traffic_secret; + s2c_secret = ssl->server_hand_traffic_secret; break; case ssl_encryption_application: c2s_secret = ssl->client_app_traffic_secret; diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 41a14f489f4bd..6b50bc9a52167 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -739,6 +739,10 @@ int tls13_change_cipher_state(SSL *s, int which) } } else if (label == client_application_traffic) memcpy(s->client_app_traffic_secret, secret, hashlen); + else if (label == client_handshake_traffic) + memcpy(s->client_hand_traffic_secret, secret, hashlen); + else if (label == server_handshake_traffic) + memcpy(s->server_hand_traffic_secret, secret, hashlen); if (!ssl_log_secret(s, log_label, secret, hashlen)) { /* SSLfatal() already called */