- if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
- goto err2;
- }
- }
- /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
- if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
- && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
- (int)*mac_secret_size, mac_secret)) {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
- goto err2;
- }
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (s->msg_callback) {
- int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
- if (*mac_secret_size)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
- mac_secret, *mac_secret_size,
- s, s->msg_callback_arg);
- if (c->key_len)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
- key, c->key_len, s, s->msg_callback_arg);
- if (k) {
- if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
- wh |= TLS1_RT_CRYPTO_FIXED_IV;
- else
- wh |= TLS1_RT_CRYPTO_IV;
- s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg);
- }
- }
-#endif
+ if (s->ext.use_etm)
+ s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+ else
+ s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+
+ if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+
+ if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE;