From 49350b22bebe0f0ec4d6279f268b19b612abba68 Mon Sep 17 00:00:00 2001
From: Adam Langley <alangley@gmail.com>
Date: Mon, 23 May 2022 15:09:50 -0700
Subject: [PATCH] Move digestsign.c into the module.

For now, it contains a call to set the service indicator so it should
live in the module. In term it would be nice to move it back out and
have the service indicator set in RSA and ECDSA functions themselves
once the ECDSA functions can take an indicator of the hash function
used.

Change-Id: I2a3c262f66b1881a96ae3e49784a0dc9fc8c4589
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52705
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
---
 crypto/CMakeLists.txt                            |  1 -
 crypto/fipsmodule/bcm.c                          |  1 +
 .../{evp => fipsmodule/digestsign}/digestsign.c  | 16 +++++++---------
 3 files changed, 8 insertions(+), 10 deletions(-)
 rename crypto/{evp => fipsmodule/digestsign}/digestsign.c (96%)

diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 99cb4b55c..cf7199cb8 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -288,7 +288,6 @@ add_library(
   err/err.c
   err_data.c
   engine/engine.c
-  evp/digestsign.c
   evp/evp.c
   evp/evp_asn1.c
   evp/evp_ctx.c
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index cc80b51b6..17921347e 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -64,6 +64,7 @@
 #include "dh/dh.c"
 #include "digest/digest.c"
 #include "digest/digests.c"
+#include "digestsign/digestsign.c"
 #include "ecdh/ecdh.c"
 #include "ecdsa/ecdsa.c"
 #include "ec/ec.c"
diff --git a/crypto/evp/digestsign.c b/crypto/fipsmodule/digestsign/digestsign.c
similarity index 96%
rename from crypto/evp/digestsign.c
rename to crypto/fipsmodule/digestsign/digestsign.c
index ec9322bd0..ec3744c94 100644
--- a/crypto/evp/digestsign.c
+++ b/crypto/fipsmodule/digestsign/digestsign.c
@@ -57,11 +57,9 @@
 
 #include <openssl/err.h>
 
-#include "internal.h"
-#include "../fipsmodule/digest/internal.h"
-#include "../fipsmodule/service_indicator/internal.h"
-
-// TODO(agl): this will have to be moved into the FIPS module.
+#include "../../evp/internal.h"
+#include "../digest/internal.h"
+#include "../service_indicator/internal.h"
 
 
 enum evp_sign_verify_t {
@@ -69,9 +67,9 @@ enum evp_sign_verify_t {
   evp_verify,
 };
 
-static const struct evp_md_pctx_ops md_pctx_ops = {
-  EVP_PKEY_CTX_free,
-  EVP_PKEY_CTX_dup,
+DEFINE_LOCAL_DATA(struct evp_md_pctx_ops, md_pctx_ops) {
+  out->free = EVP_PKEY_CTX_free;
+  out->dup = EVP_PKEY_CTX_dup;
 };
 
 static int uses_prehash(EVP_MD_CTX *ctx, enum evp_sign_verify_t op) {
@@ -88,7 +86,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
   if (ctx->pctx == NULL) {
     return 0;
   }
-  ctx->pctx_ops = &md_pctx_ops;
+  ctx->pctx_ops = md_pctx_ops();
 
   if (op == evp_verify) {
     if (!EVP_PKEY_verify_init(ctx->pctx)) {