GOST MAC algorithms don't support EVP_PKEY_new_raw_private_key()

We should use the old EVP_PKEY_new_mac_key() instead. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5808)
2018-03-30 14:33:55 +01:00 · 2018-03-30 14:33:55 +01:00 · 7b4d3ffaf6
commit 7b4d3ffaf6
parent 83cf3423f0
1 changed files with 1 additions and 1 deletions
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@ -257,7 +257,7 @@ int tls1_change_cipher_state(SSL *s, int which)

    if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
        /* TODO(size_t): Convert this function */
-        mac_key = EVP_PKEY_new_raw_private_key(mac_type, NULL, mac_secret,
+        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
                                               (int)*mac_secret_size);
        if (mac_key == NULL
            || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {