Move digestsign.c into the module.

For now, it contains a call to set the service indicator so it should
live in the module. In term it would be nice to move it back out and
have the service indicator set in RSA and ECDSA functions themselves
once the ECDSA functions can take an indicator of the hash function
used.

Change-Id: I2a3c262f66b1881a96ae3e49784a0dc9fc8c4589
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52705
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>

crypto/CMakeLists.txt

@@ -288,7 +288,6 @@ add_library(
   err/err.c
   err_data.c
   engine/engine.c
-  evp/digestsign.c
   evp/evp.c
   evp/evp_asn1.c
   evp/evp_ctx.c

crypto/fipsmodule/bcm.c

@@ -64,6 +64,7 @@
 #include "dh/dh.c"
 #include "digest/digest.c"
 #include "digest/digests.c"
+#include "digestsign/digestsign.c"
 #include "ecdh/ecdh.c"
 #include "ecdsa/ecdsa.c"
 #include "ec/ec.c"

crypto/fipsmodule/digestsign/digestsign.c

@@ -57,11 +57,9 @@
 
 #include <openssl/err.h>
 
-#include "internal.h"
+#include "../../evp/internal.h"
-#include "../fipsmodule/digest/internal.h"
+#include "../digest/internal.h"
-#include "../fipsmodule/service_indicator/internal.h"
+#include "../service_indicator/internal.h"
-
-// TODO(agl): this will have to be moved into the FIPS module.
 
 
 enum evp_sign_verify_t {
@@ -69,9 +67,9 @@ enum evp_sign_verify_t {
   evp_verify,
 };
 
-static const struct evp_md_pctx_ops md_pctx_ops = {
+DEFINE_LOCAL_DATA(struct evp_md_pctx_ops, md_pctx_ops) {
-  EVP_PKEY_CTX_free,
+  out->free = EVP_PKEY_CTX_free;
-  EVP_PKEY_CTX_dup,
+  out->dup = EVP_PKEY_CTX_dup;
 };
 
 static int uses_prehash(EVP_MD_CTX *ctx, enum evp_sign_verify_t op) {
@@ -88,7 +86,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
   if (ctx->pctx == NULL) {
     return 0;
   }
-  ctx->pctx_ops = &md_pctx_ops;
+  ctx->pctx_ops = md_pctx_ops();
 
   if (op == evp_verify) {
     if (!EVP_PKEY_verify_init(ctx->pctx)) {