fetch macctx while fetching digest when creating HMAC-DRBG

Somewhere in our conversion from .c files to .inc files for our rand
providers, we created code in drbg_hmac_set_ctx_params_locked to fetch
our digest and hmac when creating the rand instance.  However, the
function drbg_fetch_algs_from_prov only fetched our digest for this rand
type, not the hmac, and returned 1 while doing so, indicating success.
This is problematic because it means that we never wind up fetching an
HMAC for this rand type.  As a result we never compute the strength of
the DRBG and so any attempt to seed it fails.

Ensure that, if we load a digest for this DRBG, we also fetch an HMAC,
and fail if we can't do so, so the HMAC-DRBG is useful.

Fixes openssl/private#853

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29560)

diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
index ec2a6317b12894746dc89a47033758850fe88113..3dfc3140f7163c0541bd077ad1f7a389e6432b92 100644 (file)
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
@@ -436,6 +436,9 @@ static int drbg_fetch_algs_from_prov(const struct drbg_set_ctx_params_st *p,
         } else {
             goto done;
         }
+        if (!ossl_prov_macctx_load(macctx, NULL, NULL, p->digest,
+                p->propq, "HMAC", NULL, NULL, libctx))
+            goto done;
     }
 
     ret = 1;