From 73ef78a611eb40a0a74c60aa9fe9850ae69d08b6 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Thu, 15 Aug 2019 12:37:03 -0400 Subject: [PATCH 05/43] QUIC: Use proper secrets for handshake --- ssl/ssl_local.h | 2 ++ ssl/ssl_quic.c | 4 ++-- ssl/tls13_enc.c | 6 ++++++ 3 files changed, 10 insertions(+), 2 deletions(-) --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1490,6 +1490,8 @@ struct ssl_st { unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ --- a/ssl/ssl_quic.c +++ b/ssl/ssl_quic.c @@ -194,8 +194,8 @@ int quic_set_encryption_secrets(SSL *ssl s2c_secret = ssl->early_secret; break; case ssl_encryption_handshake: - c2s_secret = ssl->client_finished_secret; - s2c_secret = ssl->server_finished_secret; + c2s_secret = ssl->client_hand_traffic_secret; + s2c_secret = ssl->server_hand_traffic_secret; break; case ssl_encryption_application: c2s_secret = ssl->client_app_traffic_secret; --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -723,6 +723,12 @@ int tls13_change_cipher_state(SSL *s, in } } else if (label == client_application_traffic) memcpy(s->client_app_traffic_secret, secret, hashlen); +#ifndef OPENSSL_NO_QUIC + else if (label == client_handshake_traffic) + memcpy(s->client_hand_traffic_secret, secret, hashlen); + else if (label == server_handshake_traffic) + memcpy(s->server_hand_traffic_secret, secret, hashlen); +#endif if (!ssl_log_secret(s, log_label, secret, hashlen)) { /* SSLfatal() already called */