From: Neil Horman Date: Tue, 6 Jan 2026 17:08:40 +0000 (-0500) Subject: fetch macctx while fetching digest when creating HMAC-DRBG X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8655a91c79b0f3e4543e89c2f42eafcefa0a5cc4;p=thirdparty%2Fopenssl.git fetch macctx while fetching digest when creating HMAC-DRBG Somewhere in our conversion from .c files to .inc files for our rand providers, we created code in drbg_hmac_set_ctx_params_locked to fetch our digest and hmac when creating the rand instance. However, the function drbg_fetch_algs_from_prov only fetched our digest for this rand type, not the hmac, and returned 1 while doing so, indicating success. This is problematic because it means that we never wind up fetching an HMAC for this rand type. As a result we never compute the strength of the DRBG and so any attempt to seed it fails. Ensure that, if we load a digest for this DRBG, we also fetch an HMAC, and fail if we can't do so, so the HMAC-DRBG is useful. Fixes openssl/private#853 Reviewed-by: Eugene Syromiatnikov Reviewed-by: Paul Dale Reviewed-by: Nikola Pajkovsky (Merged from https://github.com/openssl/openssl/pull/29560) --- diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c index ec2a6317b12..3dfc3140f71 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c @@ -436,6 +436,9 @@ static int drbg_fetch_algs_from_prov(const struct drbg_set_ctx_params_st *p, } else { goto done; } + if (!ossl_prov_macctx_load(macctx, NULL, NULL, p->digest, + p->propq, "HMAC", NULL, NULL, libctx)) + goto done; } ret = 1;