The branch master has been updated via 3641f04fb06e9679a67da113bab65e5f1bb5e9ba (commit) via 8cbfc4f67b4e97d423ab4784dbbb54d454c6342a (commit) via 3ffd23e9529d725903bc97fd45489a77b831876f (commit) via 816f72d08834ee35ba2615f624b4a29f2717d1c7 (commit) via ae6b68b761b9c5f30897747487ea943ccfab53ba (commit) from 680827a15f12c3b37a6335fcb992555cf300730e (commit)
- Log ----------------------------------------------------------------- commit 3641f04fb06e9679a67da113bab65e5f1bb5e9ba Author: Tomas Mraz <to...@openssl.org> Date: Fri Nov 5 14:14:45 2021 +0100 doc: Document outcome of multiple digestsign/digestverify calls Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964) commit 8cbfc4f67b4e97d423ab4784dbbb54d454c6342a Author: Tomas Mraz <to...@openssl.org> Date: Fri Nov 5 14:04:25 2021 +0100 evp_extra_test: Add SIPHASH MAC digestsign test with reinitialization Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964) commit 3ffd23e9529d725903bc97fd45489a77b831876f Author: Tomas Mraz <to...@openssl.org> Date: Thu Nov 4 15:38:51 2021 +0100 providers: Allow possible reinitialization in all signature algorithms Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964) commit 816f72d08834ee35ba2615f624b4a29f2717d1c7 Author: Tomas Mraz <to...@openssl.org> Date: Thu Nov 4 15:35:40 2021 +0100 test: Add testing of reinitialization via EVP_DigestSignInit() Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964) commit ae6b68b761b9c5f30897747487ea943ccfab53ba Author: Tomas Mraz <to...@openssl.org> Date: Thu Nov 4 11:06:26 2021 +0100 do_sigver_init: Allow reinitialization of an existing operation. Fixes #16936 Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964) ----------------------------------------------------------------------- Summary of changes: crypto/evp/m_sigver.c | 38 ++++++++--- doc/man3/EVP_DigestSignInit.pod | 7 ++- doc/man3/EVP_DigestVerifyInit.pod | 9 +-- providers/implementations/signature/dsa_sig.c | 40 +++++++----- providers/implementations/signature/ecdsa_sig.c | 36 +++++++---- providers/implementations/signature/eddsa_sig.c | 9 +++ .../implementations/signature/mac_legacy_sig.c | 18 ++++-- providers/implementations/signature/rsa_sig.c | 31 +++++---- providers/implementations/signature/sm2_sig.c | 33 +++++++--- test/evp_extra_test.c | 73 +++++++++++++++++++++- 10 files changed, 223 insertions(+), 71 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 80570973dd..9188edbc21 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -49,7 +49,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *supported_sig = NULL; char locmdname[80] = ""; /* 80 chars should be enough */ void *provkey = NULL; - int ret, iter; + int ret, iter, reinit = 1; if (ctx->algctx != NULL) { if (!ossl_assert(ctx->digest != NULL)) { @@ -62,6 +62,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } if (ctx->pctx == NULL) { + reinit = 0; if (e == NULL) ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); else @@ -71,22 +72,37 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return 0; locpctx = ctx->pctx; - evp_pkey_ctx_free_old_ops(locpctx); - - if (props == NULL) - props = locpctx->propquery; - ERR_set_mark(); if (evp_pkey_ctx_is_legacy(locpctx)) goto legacy; + /* do not reinitialize if pkey is set or operation is different */ + if (reinit + && (pkey != NULL + || locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX + : EVP_PKEY_OP_SIGNCTX) + || (signature = locpctx->op.sig.signature) == NULL + || locpctx->op.sig.algctx == NULL)) + reinit = 0; + + if (props == NULL) + props = locpctx->propquery; + if (locpctx->pkey == NULL) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); goto err; } + if (!reinit) { + evp_pkey_ctx_free_old_ops(locpctx); + } else { + if (mdname == NULL && type == NULL) + mdname = canon_mdname(EVP_MD_get0_name(ctx->reqdigest)); + goto reinitialize; + } + /* * Try to derive the supported signature from |locpctx->keymgmt|. */ @@ -183,9 +199,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, /* No more legacy from here down to legacy: */ - if (pctx != NULL) - *pctx = locpctx; - locpctx->op.sig.signature = signature; locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX : EVP_PKEY_OP_SIGNCTX; @@ -195,12 +208,17 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } + + reinitialize: + if (pctx != NULL) + *pctx = locpctx; + if (type != NULL) { ctx->reqdigest = type; if (mdname == NULL) mdname = canon_mdname(EVP_MD_get0_name(type)); } else { - if (mdname == NULL) { + if (mdname == NULL && !reinit) { if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey, locmdname, sizeof(locmdname)) > 0) { diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index c8385949fb..228e9d1c5f 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -167,9 +167,10 @@ The call to EVP_DigestSignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data. -Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak -will occur. +EVP_DigestSignInit() and EVP_DigestSignInit_ex() functions can be called +multiple times on a context and the parameters set by previous calls should be +preserved if the I<pkey> parameter is NULL. The call then just resets the state +of the I<ctx>. The use of EVP_PKEY_get_size() with these functions is discouraged because some signature operations may have a signature length which depends on the diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 9a02f12e37..398146b5b8 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -57,7 +57,7 @@ EVP_MD_CTX is freed). If the EVP_PKEY_CTX to be used is created by EVP_DigestVerifyInit_ex then it will use the B<OSSL_LIB_CTX> specified in I<libctx> and the property query string specified in I<props>. -No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_ex() if the +No B<EVP_PKEY_CTX> will be created by EVP_DigestVerifyInit_ex() if the passed B<ctx> has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>. See also L<SM2(7)>. @@ -156,9 +156,10 @@ The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. -Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak -will occur. +EVP_DigestVerifyInit() and EVP_DigestVerifyInit_ex() functions can be called +multiple times on a context and the parameters set by previous calls should be +preserved if the I<pkey> parameter is NULL. The call then just resets the state +of the I<ctx>. =head1 SEE ALSO diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c index 2acab0b481..28fd7c498e 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -189,22 +189,31 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa, PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; if (!ossl_prov_is_running() - || pdsactx == NULL - || vdsa == NULL - || !DSA_up_ref(vdsa)) + || pdsactx == NULL) return 0; - DSA_free(pdsactx->dsa); - pdsactx->dsa = vdsa; + + if (vdsa == NULL && pdsactx->dsa == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + + if (vdsa != NULL) { + if (!ossl_dsa_check_key(pdsactx->libctx, vdsa, + operation == EVP_PKEY_OP_SIGN)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + if (!DSA_up_ref(vdsa)) + return 0; + DSA_free(pdsactx->dsa); + pdsactx->dsa = vdsa; + } + pdsactx->operation = operation; if (!dsa_set_ctx_params(pdsactx, params)) return 0; - if (!ossl_dsa_check_key(pdsactx->libctx, vdsa, - operation == EVP_PKEY_OP_SIGN)) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } return 1; } @@ -278,9 +287,12 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, return 0; pdsactx->flag_allow_md = 0; - pdsactx->mdctx = EVP_MD_CTX_new(); - if (pdsactx->mdctx == NULL) - goto error; + + if (pdsactx->mdctx == NULL) { + pdsactx->mdctx = EVP_MD_CTX_new(); + if (pdsactx->mdctx == NULL) + goto error; + } if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params)) goto error; @@ -289,9 +301,7 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, error: EVP_MD_CTX_free(pdsactx->mdctx); - EVP_MD_free(pdsactx->md); pdsactx->mdctx = NULL; - pdsactx->md = NULL; return 0; } diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index 64be0657c3..865d49d100 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -131,16 +131,29 @@ static int ecdsa_signverify_init(void *vctx, void *ec, PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; if (!ossl_prov_is_running() - || ctx == NULL - || ec == NULL - || !EC_KEY_up_ref(ec)) + || ctx == NULL) return 0; - EC_KEY_free(ctx->ec); - ctx->ec = ec; + + if (ec == NULL && ctx->ec == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + + if (ec != NULL) { + if (!ossl_ec_check_key(ctx->libctx, ec, operation == EVP_PKEY_OP_SIGN)) + return 0; + if (!EC_KEY_up_ref(ec)) + return 0; + EC_KEY_free(ctx->ec); + ctx->ec = ec; + } + ctx->operation = operation; + if (!ecdsa_set_ctx_params(ctx, params)) return 0; - return ossl_ec_check_key(ctx->libctx, ec, operation == EVP_PKEY_OP_SIGN); + + return 1; } static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[]) @@ -279,18 +292,19 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, return 0; ctx->flag_allow_md = 0; - ctx->mdctx = EVP_MD_CTX_new(); - if (ctx->mdctx == NULL) - goto error; + + if (ctx->mdctx == NULL) { + ctx->mdctx = EVP_MD_CTX_new(); + if (ctx->mdctx == NULL) + goto error; + } if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) goto error; return 1; error: EVP_MD_CTX_free(ctx->mdctx); - EVP_MD_free(ctx->md); ctx->mdctx = NULL; - ctx->md = NULL; return 0; } diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c index 148c143cc0..eb1a769128 100644 --- a/providers/implementations/signature/eddsa_sig.c +++ b/providers/implementations/signature/eddsa_sig.c @@ -100,6 +100,14 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, return 0; } + if (edkey == NULL) { + if (peddsactx->key != NULL) + /* there is nothing to do on reinit */ + return 1; + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (!ossl_ecx_key_up_ref(edkey)) { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return 0; @@ -124,6 +132,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, default: /* Should never happen */ ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + ossl_ecx_key_free(edkey); return 0; } if (ret && WPACKET_finish(&pkt)) { diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c index 06f79505ff..6be605c8c6 100644 --- a/providers/implementations/signature/mac_legacy_sig.c +++ b/providers/implementations/signature/mac_legacy_sig.c @@ -16,6 +16,7 @@ #include <openssl/core_names.h> #include <openssl/params.h> #include <openssl/err.h> +#include <openssl/proverr.h> #ifndef FIPS_MODULE # include <openssl/engine.h> #endif @@ -101,13 +102,20 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey, const char *ciphername = NULL, *engine = NULL; if (!ossl_prov_is_running() - || pmacctx == NULL - || vkey == NULL - || !ossl_mac_key_up_ref(vkey)) + || pmacctx == NULL) return 0; - ossl_mac_key_free(pmacctx->key); - pmacctx->key = vkey; + if (pmacctx->key == NULL && vkey == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + + if (vkey != NULL) { + if (!ossl_mac_key_up_ref(vkey)) + return 0; + ossl_mac_key_free(pmacctx->key); + pmacctx->key = vkey; + } if (pmacctx->key->cipher.cipher != NULL) ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index 2ebf17a609..f2d5d36928 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -386,19 +386,24 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - if (!ossl_prov_is_running()) + if (!ossl_prov_is_running() || prsactx == NULL) return 0; - if (prsactx == NULL || vrsa == NULL) + if (vrsa == NULL && prsactx->rsa == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); return 0; + } - if (!ossl_rsa_check_key(prsactx->libctx, vrsa, operation)) - return 0; + if (vrsa != NULL) { + if (!ossl_rsa_check_key(prsactx->libctx, vrsa, operation)) + return 0; + + if (!RSA_up_ref(vrsa)) + return 0; + RSA_free(prsactx->rsa); + prsactx->rsa = vrsa; + } - if (!RSA_up_ref(vrsa)) - return 0; - RSA_free(prsactx->rsa); - prsactx->rsa = vrsa; prsactx->operation = operation; if (!rsa_set_ctx_params(prsactx, params)) @@ -842,6 +847,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, if (!rsa_signverify_init(vprsactx, vrsa, params, operation)) return 0; + if (mdname != NULL /* was rsa_setup_md already called in rsa_signverify_init()? */ && (mdname[0] == '\0' || strcasecmp(prsactx->mdname, mdname) != 0) @@ -849,10 +855,11 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, return 0; prsactx->flag_allow_md = 0; - prsactx->mdctx = EVP_MD_CTX_new(); + if (prsactx->mdctx == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - goto error; + prsactx->mdctx = EVP_MD_CTX_new(); + if (prsactx->mdctx == NULL) + goto error; } if (!EVP_DigestInit_ex2(prsactx->mdctx, prsactx->md, params)) @@ -862,9 +869,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, error: EVP_MD_CTX_free(prsactx->mdctx); - EVP_MD_free(prsactx->md); prsactx->mdctx = NULL; - prsactx->md = NULL; return 0; } diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c index 10a9496904..3c700ac887 100644 --- a/providers/implementations/signature/sm2_sig.c +++ b/providers/implementations/signature/sm2_sig.c @@ -27,6 +27,7 @@ #include "internal/cryptlib.h" #include "internal/sm3.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/ec.h" #include "crypto/sm2.h" @@ -97,6 +98,9 @@ static int sm2sig_set_mdname(PROV_SM2_CTX *psm2ctx, const char *mdname) if (psm2ctx->md == NULL) return 0; + if (mdname == NULL) + return 1; + if (strlen(mdname) >= sizeof(psm2ctx->mdname) || !EVP_MD_is_a(psm2ctx->md, mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "digest=%s", @@ -131,10 +135,22 @@ static int sm2sig_signature_init(void *vpsm2ctx, void *ec, { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; - if (psm2ctx == NULL || ec == NULL || !EC_KEY_up_ref(ec)) + if (!ossl_prov_is_running() + || psm2ctx == NULL) + return 0; + + if (ec == NULL && psm2ctx->ec == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); return 0; - EC_KEY_free(psm2ctx->ec); - psm2ctx->ec = ec; + } + + if (ec != NULL) { + if (!EC_KEY_up_ref(ec)) + return 0; + EC_KEY_free(psm2ctx->ec); + psm2ctx->ec = ec; + } + return sm2sig_set_ctx_params(psm2ctx, params); } @@ -197,10 +213,11 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, || !sm2sig_set_mdname(ctx, mdname)) return ret; - EVP_MD_CTX_free(ctx->mdctx); - ctx->mdctx = EVP_MD_CTX_new(); - if (ctx->mdctx == NULL) - goto error; + if (ctx->mdctx == NULL) { + ctx->mdctx = EVP_MD_CTX_new(); + if (ctx->mdctx == NULL) + goto error; + } md_nid = EVP_MD_get_type(ctx->md); @@ -228,8 +245,6 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, ret = 1; error: - if (!ret) - free_md(ctx); return ret; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index df97f448ab..8ac8a4299d 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1143,6 +1143,7 @@ err: * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) + * Test 15-29: Same as above with reinitialization */ static int test_EVP_DigestSignInit(int tst) { @@ -1156,10 +1157,16 @@ static int test_EVP_DigestSignInit(int tst) size_t written; const EVP_MD *md; EVP_MD *mdexp = NULL; + int reinit = 0; if (nullprov != NULL) return TEST_skip("Test does not support a non-default library context"); + if (tst >= 15) { + reinit = 1; + tst -= 15; + } + if (tst >= 6 && tst <= 8) { membio = BIO_new(BIO_s_mem()); mdbio = BIO_new(BIO_f_md()); @@ -1198,6 +1205,9 @@ static int test_EVP_DigestSignInit(int tst) if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) goto out; + if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) + goto out; + if (tst >= 6 && tst <= 8) { if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) goto out; @@ -1316,6 +1326,13 @@ static int test_EVP_DigestVerifyInit(void) || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature)))) goto out; + + /* test with reinitialization */ + if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) + || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, + sizeof(kSignature)))) + goto out; ret = 1; out: @@ -1324,6 +1341,57 @@ static int test_EVP_DigestVerifyInit(void) return ret; } +#ifndef OPENSSL_NO_SIPHASH +/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ +static int test_siphash_digestsign(void) +{ + unsigned char key[16]; + unsigned char buf[8], digest[8]; + unsigned char expected[8] = { + 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 + }; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *mdctx = NULL; + EVP_PKEY_CTX *ctx = NULL; + int ret = 0; + size_t len = 8; + + if (nullprov != NULL) + return TEST_skip("Test does not support a non-default library context"); + + memset(buf, 0, 8); + memset(key, 1, 16); + if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, + key, 16))) + goto out; + + if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) + goto out; + + if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) + goto out; + if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, + EVP_PKEY_CTRL_SET_DIGEST_SIZE, + 8, NULL), 1)) + goto out; + /* reinitialize */ + if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) + goto out; + if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) + goto out; + if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) + goto out; + if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) + goto out; + + ret = 1; + out: + EVP_PKEY_free(pkey); + EVP_MD_CTX_free(mdctx); + return ret; +} +#endif + /* * Test corner cases of EVP_DigestInit/Update/Final API call behavior. */ @@ -4175,8 +4243,11 @@ int setup_tests(void) } ADD_TEST(test_EVP_set_default_properties); - ADD_ALL_TESTS(test_EVP_DigestSignInit, 15); + ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); ADD_TEST(test_EVP_DigestVerifyInit); +#ifndef OPENSSL_NO_SIPHASH + ADD_TEST(test_siphash_digestsign); +#endif ADD_TEST(test_EVP_Digest); ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); ADD_ALL_TESTS(test_EVP_Enveloped, 2);