EVP: Don't call digest_custom() quite so early

A huge problem with calling digest_custom() already in the
initialization of DigestSign, DigestVerify etc, is that it force all
callers to know that certain controls must be performed before Init
and the rest after.  This has lead to quite interesting hacks in our
own openssl app, where the SM2 ID had to get special treatment instead
of just being another sign option or verification option among others.

This change moves the call of digest_custom() to the Update and Final
functions, to be done exactly once, subject to a flag that's set in
the Init function.  Seeing to the process of data, through these
operations, this makes no difference at all.  Seeing to making it
possible to perform all controls after the Init call, this makes a
huge difference.

Fixes #11293

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11302)

1 files changed, 2 insertions, 0 deletions

diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 744731aefe..c9d3075b82 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -74,6 +74,8 @@ struct evp_pkey_ctx_st {
     EVP_PKEY *peerkey;
     /* Algorithm specific data */
     void *data;
+    /* Indicator if digest_custom needs to be called */
+    unsigned int flag_call_digest_custom:1;
 } /* EVP_PKEY_CTX */ ;
 
 #define EVP_PKEY_FLAG_DYNAMIC   1