diff --git a/inc/bearssl_ssl.h b/inc/bearssl_ssl.h
index 5036555..5b63fff 100644
--- a/inc/bearssl_ssl.h
+++ b/inc/bearssl_ssl.h
@@ -583,6 +583,7 @@ typedef struct {
 	} bc;
 	br_ghash gh;
 	unsigned char iv[4];
+	unsigned char key[32];
 	unsigned char h[16];
 #endif
 } br_sslrec_gcm_context;
@@ -787,6 +788,7 @@ typedef struct {
 		br_aes_gen_ctrcbc_keys aes;
 	} bc;
 	unsigned char iv[4];
+	unsigned char key[16];
 	size_t tag_len;
 #endif
 } br_sslrec_ccm_context;
diff --git a/src/ssl/ssl_rec_ccm.c b/src/ssl/ssl_rec_ccm.c
index a38e0b2..3fab804 100644
--- a/src/ssl/ssl_rec_ccm.c
+++ b/src/ssl/ssl_rec_ccm.c
@@ -38,6 +38,7 @@ gen_ccm_init(br_sslrec_ccm_context *cc,
 	cc->seq = 0;
 	bc_impl->init(&cc->bc.vtable, key, key_len);
 	memcpy(cc->iv, iv, sizeof cc->iv);
+	memcpy(cc->key, key, key_len);
 	cc->tag_len = tag_len;
 }
 
diff --git a/src/ssl/ssl_rec_gcm.c b/src/ssl/ssl_rec_gcm.c
index 25e54c0..0404e0e 100644
--- a/src/ssl/ssl_rec_gcm.c
+++ b/src/ssl/ssl_rec_gcm.c
@@ -42,6 +42,7 @@ gen_gcm_init(br_sslrec_gcm_context *cc,
 	bc_impl->init(&cc->bc.vtable, key, key_len);
 	cc->gh = gh_impl;
 	memcpy(cc->iv, iv, sizeof cc->iv);
+	memcpy(cc->key, key, key_len);
 	memset(cc->h, 0, sizeof cc->h);
 	memset(tmp, 0, sizeof tmp);
 	bc_impl->run(&cc->bc.vtable, tmp, 0, cc->h, sizeof cc->h);