Adapt some 'openssl' commands for SM2 changes.

There's no longer any need to make an EVP_PKEY type change for SM2
keys, so we trim away that code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)

1 files changed, 30 insertions, 83 deletions

diff --git a/apps/req.c b/apps/req.c
index 87994ceb7c..7140705f09 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1674,41 +1674,16 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
     return 1;
 }
 
-#ifndef OPENSSL_NO_SM2
-static int ec_pkey_is_sm2(EVP_PKEY *pkey)
-{
-    EC_KEY *eckey = NULL;
-    const EC_GROUP *group = NULL;
-
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2)
-        return 1;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_EC
-            && (eckey = EVP_PKEY_get0_EC_KEY(pkey)) != NULL
-            && (group = EC_KEY_get0_group(eckey)) != NULL
-            && EC_GROUP_get_curve_name(group) == NID_sm2)
-        return 1;
-    return 0;
-}
-#endif
-
 static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
                         const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
 {
     EVP_PKEY_CTX *pkctx = NULL;
-#ifndef OPENSSL_NO_SM2
     EVP_PKEY_CTX *pctx = NULL;
-#endif
     int i, def_nid, ret = 0;
 
     if (ctx == NULL)
         goto err;
-#ifndef OPENSSL_NO_SM2
-    if (ec_pkey_is_sm2(pkey)) {
-        /* initialize some SM2-specific code */
-        if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) {
-            BIO_printf(bio_err, "Internal error.\n");
-            goto err;
-        }
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
         pctx = EVP_PKEY_CTX_new(pkey, NULL);
         if (pctx == NULL) {
             BIO_printf(bio_err, "memory allocation failure.\n");
@@ -1725,7 +1700,6 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
         }
         EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
     }
-#endif
     /*
      * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory
      * for this algorithm.
@@ -1748,90 +1722,63 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
 
     ret = 1;
  err:
-#ifndef OPENSSL_NO_SM2
     if (!ret)
         EVP_PKEY_CTX_free(pctx);
-#endif
     return ret;
 }
 
+static void do_sign_cleanup(EVP_MD_CTX *ctx, EVP_PKEY *pkey)
+{
+    /*
+     * With SM2, do_sign_init() attached an EVP_PKEY_CTX to the EVP_MD_CTX,
+     * and we have to free it explicitly.
+     */
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
+        EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx);
+
+        EVP_MD_CTX_set_pkey_ctx(ctx, NULL);
+        EVP_PKEY_CTX_free(pctx);
+    }
+}
+
 int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
                  STACK_OF(OPENSSL_STRING) *sigopts)
 {
-    int rv;
+    int rv = 0;
     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
-#ifndef OPENSSL_NO_SM2
-    EVP_PKEY_CTX *pctx = NULL;
-#endif
 
-    rv = do_sign_init(mctx, pkey, md, sigopts);
-    if (rv > 0) {
-        rv = X509_sign_ctx(x, mctx);
-#ifndef OPENSSL_NO_SM2
-        /*
-         * only in SM2 case we need to free the pctx explicitly
-         * if do_sign_init() fails, pctx is already freed in it
-         */
-        if (ec_pkey_is_sm2(pkey)) {
-            pctx = EVP_MD_CTX_pkey_ctx(mctx);
-            EVP_PKEY_CTX_free(pctx);
-        }
-#endif
+    if (do_sign_init(mctx, pkey, md, sigopts) > 0) {
+        rv = (X509_sign_ctx(x, mctx) > 0);
+        do_sign_cleanup(mctx, pkey);
     }
     EVP_MD_CTX_free(mctx);
-    return rv > 0 ? 1 : 0;
+    return rv;
 }
 
 int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
                      STACK_OF(OPENSSL_STRING) *sigopts)
 {
-    int rv;
+    int rv = 0;
     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
-#ifndef OPENSSL_NO_SM2
-    EVP_PKEY_CTX *pctx = NULL;
-#endif
 
-    rv = do_sign_init(mctx, pkey, md, sigopts);
-    if (rv > 0) {
-        rv = X509_REQ_sign_ctx(x, mctx);
-#ifndef OPENSSL_NO_SM2
-        /*
-         * only in SM2 case we need to free the pctx explicitly
-         * if do_sign_init() fails, pctx is already freed in it
-         */
-        if (ec_pkey_is_sm2(pkey)) {
-            pctx = EVP_MD_CTX_pkey_ctx(mctx);
-            EVP_PKEY_CTX_free(pctx);
-        }
-#endif
+    if (do_sign_init(mctx, pkey, md, sigopts) > 0) {
+        rv = (X509_REQ_sign_ctx(x, mctx) > 0);
+        do_sign_cleanup(mctx, pkey);
     }
     EVP_MD_CTX_free(mctx);
-    return rv > 0 ? 1 : 0;
+    return rv;
 }
 
 int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
                      STACK_OF(OPENSSL_STRING) *sigopts)
 {
-    int rv;
+    int rv = 0;
     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
-#ifndef OPENSSL_NO_SM2
-    EVP_PKEY_CTX *pctx = NULL;
-#endif
 
-    rv = do_sign_init(mctx, pkey, md, sigopts);
-    if (rv > 0) {
-        rv = X509_CRL_sign_ctx(x, mctx);
-#ifndef OPENSSL_NO_SM2
-        /*
-         * only in SM2 case we need to free the pctx explicitly
-         * if do_sign_init() fails, no need to double free pctx
-         */
-        if (ec_pkey_is_sm2(pkey)) {
-            pctx = EVP_MD_CTX_pkey_ctx(mctx);
-            EVP_PKEY_CTX_free(pctx);
-        }
-#endif
+    if (do_sign_init(mctx, pkey, md, sigopts) > 0) {
+        rv = (X509_CRL_sign_ctx(x, mctx) > 0);
+        do_sign_cleanup(mctx, pkey);
     }
     EVP_MD_CTX_free(mctx);
-    return rv > 0 ? 1 : 0;
+    return rv;
 }