Bug 1532312, fix transcript-hash calculation after handshake, r=mt

Summary:
In post-handshake, Handshake Context should be:
```
ClientHello ... client Finished + CertificateRequest
```
while NSS continues feeding any handshake message after handshake.

Reviewers: mt

Reviewed By: mt

Bug #: 1532312

Differential Revision: https://phabricator.services.mozilla.com/D21935

1 files changed, 4 insertions, 2 deletions

diff --git a/lib/ssl/tls13hashstate.c b/lib/ssl/tls13hashstate.c
index cc0ed286b..53d3738f0 100644
--- a/lib/ssl/tls13hashstate.c
+++ b/lib/ssl/tls13hashstate.c
@@ -157,7 +157,8 @@ tls13_RecoverHashState(sslSocket *ss,
     /* Now reinject the message. */
     SSL_ASSERT_HASHES_EMPTY(ss);
     rv = ssl_HashHandshakeMessageInt(ss, ssl_hs_message_hash, 0,
-                                     SSL_READER_CURRENT(&reader), hashLen);
+                                     SSL_READER_CURRENT(&reader), hashLen,
+                                     ssl3_UpdateHandshakeHashes);
     if (rv != SECSuccess) {
         return SECFailure;
     }
@@ -173,7 +174,8 @@ tls13_RecoverHashState(sslSocket *ss,
 
     rv = ssl_HashHandshakeMessageInt(ss, ssl_hs_server_hello, 0,
                                      SSL_BUFFER_BASE(&messageBuf),
-                                     SSL_BUFFER_LEN(&messageBuf));
+                                     SSL_BUFFER_LEN(&messageBuf),
+                                     ssl3_UpdateHandshakeHashes);
     sslBuffer_Clear(&messageBuf);
     if (rv != SECSuccess) {
         return SECFailure;