From fc69f32cd6852e60627969138be80cc665a573dd Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 12 Mar 2020 14:46:30 +0000
Subject: Use EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex in libssl

We need to make sure we use the correct libctx for all operations in
libssl.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11401)
---
 ssl/t1_enc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'ssl/t1_enc.c')

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 1a0d5eba87..c50905589b 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -326,7 +326,9 @@ int tls1_change_cipher_state(SSL *s, int which)
         mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
                                                (int)*mac_secret_size);
         if (mac_key == NULL
-            || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+            || EVP_DigestSignInit_ex(mac_ctx, NULL,
+                                     EVP_MD_name(m), s->ctx->propq,
+                                     mac_key, s->ctx->libctx) <= 0) {
             EVP_PKEY_free(mac_key);
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
                      ERR_R_INTERNAL_ERROR);
-- 
cgit v1.2.3