fetch macctx while fetching digest when creating HMAC-DRBG

Somewhere in our conversion from .c files to .inc files for our rand providers, we created code in drbg_hmac_set_ctx_params_locked to fetch our digest and hmac when creating the rand instance. However, the function drbg_fetch_algs_from_prov only fetched our digest for this rand type, not the hmac, and returned 1 while doing so, indicating success. This is problematic because it means that we never wind up fetching an HMAC for this rand type. As a result we never compute the strength of the DRBG and so any attempt to seed it fails. Ensure that, if we load a digest for this DRBG, we also fetch an HMAC, and fail if we can't do so, so the HMAC-DRBG is useful. Fixes openssl/private#853 Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/29569)
2026-01-18 17:11:31 +01:00 · 2026-01-06 12:08:40 -05:00
parent abc41145ee
commit c483837cf9
1 changed files with 4 additions and 0 deletions
--- a/providers/implementations/rands/drbg_hmac.c.in
+++ b/providers/implementations/rands/drbg_hmac.c.in
@@ -524,6 +524,10 @@ static int drbg_hmac_set_ctx_params_locked(PROV_DRBG *ctx, const struct drbg_set
        (void)ERR_clear_last_mark();
        if (prov_md)
            ossl_prov_digest_set_md(&hmac->digest, prov_md);
+        if (!ossl_prov_macctx_load(&hmac->ctx, p->mac, NULL, p->digest,
+                p->propq, p->engine,
+                NULL, NULL, NULL, libctx))
+            return 0;
    }

    md = ossl_prov_digest_md(&hmac->digest);