From 6f0bd6ca1c675503962e4580e54ceecd078a8331 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 11 Aug 2020 11:50:04 +0100
Subject: Ensure libssl creates libctx aware MAC keys

Convert various mac key creation function calls to use the _with_libctx
variants.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
---
 ssl/statem/extensions.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'ssl/statem/extensions.c')

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 1a8e3cf829..c842e20fbf 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1598,8 +1598,10 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
         goto err;
     }
 
-    mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
-                                          hashsize);
+    mackey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
+                                                      s->ctx->propq,
+                                                      finishedkey,
+                                                      hashsize);
     if (mackey == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
                  ERR_R_INTERNAL_ERROR);
-- 
cgit v1.2.3