}
if (str == s->method->ssl3_enc->server_finished_label)
- key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- s->server_finished_secret, hashlen);
+ key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+ s->server_finished_secret, hashlen);
else
- key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- s->client_finished_secret, hashlen);
+ key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+ s->client_finished_secret, hashlen);
if (key == NULL
|| ctx == NULL
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
+ s->statem.invalid_enc_write_ctx = 1;
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else {
SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
- EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
}
ciph_ctx = s->enc_write_ctx;
iv = s->write_iv;
goto err;
}
+ s->statem.invalid_enc_write_ctx = 0;
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
insecret = s->client_app_traffic_secret;
if (sending) {
+ s->statem.invalid_enc_write_ctx = 1;
iv = s->write_iv;
ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer);
memcpy(insecret, secret, hashlen);
+ s->statem.invalid_enc_write_ctx = 0;
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));