From 8fc7a6230875bd0d6290df4670680ce687f7daf6 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Tue, 31 Mar 2020 21:19:10 +0300
Subject: [PATCH 74/87] evp: fix sign/verify for EVP_PKEY_CMAC keys

Properly handle EVP_PKEY_FLAG_SIGCTX_CUSTOM flag to support
EVP_PKEY_CMAC keys.

Sponsored by ROSA Linux

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libcrypto/evp/m_sigver.c | 33 ++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
index 9e313c363..fbe107020 100644
--- a/src/lib/libcrypto/evp/m_sigver.c
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -74,15 +74,17 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
 	if (ctx->pctx == NULL)
 		return 0;
 
-	if (type == NULL) {
-		int def_nid;
-		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
-			type = EVP_get_digestbynid(def_nid);
-	}
+	if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
+		if (type == NULL) {
+			int def_nid;
+			if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+				type = EVP_get_digestbynid(def_nid);
+		}
 
-	if (type == NULL) {
-		EVPerror(EVP_R_NO_DEFAULT_DIGEST);
-		return 0;
+		if (type == NULL) {
+			EVPerror(EVP_R_NO_DEFAULT_DIGEST);
+			return 0;
+		}
 	}
 
 	if (ver) {
@@ -103,6 +105,8 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
 	}
 	if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
 		return 0;
+	if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
+		return 1;
 	if (pctx)
 		*pctx = ctx->pctx;
 	if (!EVP_DigestInit_ex(ctx, type, e))
@@ -129,6 +133,19 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 {
 	int sctx, r = 0;
 
+	if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
+		EVP_PKEY_CTX *dctx;
+
+		if (!sigret)
+			return ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
+
+		dctx = EVP_PKEY_CTX_dup(ctx->pctx);
+		if (!dctx)
+			return 0;
+		r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
+		EVP_PKEY_CTX_free(dctx);
+		return r;
+	}
 	if (ctx->pctx->pmeth->signctx)
 		sctx = 1;
 	else
-- 
2.17.1