diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e0563b5dca13e..6cd10f26f10d4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1360,6 +1360,7 @@ struct ssl_st { unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char client_early_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ diff --git a/ssl/ssl_quic.c b/ssl/ssl_quic.c index 0fa6c32820c39..4e94bda6bd316 100644 --- a/ssl/ssl_quic.c +++ b/ssl/ssl_quic.c @@ -207,7 +207,7 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) /* secrets from the POV of the client */ switch (level) { case ssl_encryption_early_data: - c2s_secret = ssl->early_secret; + c2s_secret = ssl->client_early_traffic_secret; break; case ssl_encryption_handshake: c2s_secret = ssl->client_hand_traffic_secret; diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index cb4ab89b25d52..cc062c6e2adbc 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -744,6 +744,8 @@ int tls13_change_cipher_state(SSL *s, int which) memcpy(s->client_hand_traffic_secret, secret, hashlen); else if (label == server_handshake_traffic) memcpy(s->server_hand_traffic_secret, secret, hashlen); + else if (label == client_early_traffic) + memcpy(s->client_early_traffic_secret, secret, hashlen); #endif if (!ssl_log_secret(s, log_label, secret, hashlen)) {