From df401f479694d81e107c62ed71e555866b90ce9a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 29 Jun 2014 23:23:54 +0100
Subject: Make CMAC work with EVP_PKEY.

Add patch originally accidentally omitted to allow CMAC to work with
EVP_PKEY APIs.
---
 crypto/evp/m_sigver.c | 45 +++++++++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 14 deletions(-)

(limited to 'crypto/evp')

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 727ee0dfba..7614d36c0f 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -72,17 +72,21 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
 	if (ctx->pctx == NULL)
 		return 0;
 
-	if (type == NULL)
+	if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM))
 		{
-		int def_nid;
-		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
-			type = EVP_get_digestbynid(def_nid);
-		}
 
-	if (type == NULL)
-		{
-		EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
-		return 0;
+		if (type == NULL)
+			{
+			int def_nid;
+			if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+				type = EVP_get_digestbynid(def_nid);
+			}
+
+		if (type == NULL)
+			{
+			EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
+			return 0;
+			}
 		}
 
 	if (ver)
@@ -109,8 +113,8 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
 		}
 	if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
 		return 0;
-	if (pctx)
-		*pctx = ctx->pctx;
+	if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
+		return 1;
 	if (!EVP_DigestInit_ex(ctx, type, e))
 		return 0;
 	return 1;
@@ -131,7 +135,20 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
 int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 	{
 	int sctx, r = 0;
-	if (ctx->pctx->pmeth->signctx)
+	EVP_PKEY_CTX *pctx = ctx->pctx;
+	if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
+		{
+		EVP_PKEY_CTX *dctx;
+		if (!sigret)
+			return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+		dctx = EVP_PKEY_CTX_dup(ctx->pctx);
+		if (!dctx)
+			return 0;
+		r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
+		EVP_PKEY_CTX_free(dctx);
+		return r;
+		}
+	if (pctx->pmeth->signctx)
 		sctx = 1;
 	else
 		sctx = 0;
@@ -158,13 +175,13 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 		{
 		if (sctx)
 			{
-			if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0)
+			if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
 				return 0;
 			}
 		else
 			{
 			int s = EVP_MD_size(ctx->digest);
-			if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0)
+			if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
 				return 0;
 			}
 		}
-- 
cgit v1.2.3