Commit 8655a91c79 for openssl.org

commit 8655a91c79b0f3e4543e89c2f42eafcefa0a5cc4
Author: Neil Horman <nhorman@openssl.org>
Date:   Tue Jan 6 12:08:40 2026 -0500

    fetch macctx while fetching digest when creating HMAC-DRBG

    Somewhere in our conversion from .c files to .inc files for our rand
    providers, we created code in drbg_hmac_set_ctx_params_locked to fetch
    our digest and hmac when creating the rand instance.  However, the
    function drbg_fetch_algs_from_prov only fetched our digest for this rand
    type, not the hmac, and returned 1 while doing so, indicating success.
    This is problematic because it means that we never wind up fetching an
    HMAC for this rand type.  As a result we never compute the strength of
    the DRBG and so any attempt to seed it fails.

    Ensure that, if we load a digest for this DRBG, we also fetch an HMAC,
    and fail if we can't do so, so the HMAC-DRBG is useful.

    Fixes openssl/private#853

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/29560)

diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
index ec2a6317b1..3dfc3140f7 100644
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
@@ -436,6 +436,9 @@ static int drbg_fetch_algs_from_prov(const struct drbg_set_ctx_params_st *p,
         } else {
             goto done;
         }
+        if (!ossl_prov_macctx_load(macctx, NULL, NULL, p->digest,
+                p->propq, "HMAC", NULL, NULL, libctx))
+            goto done;
     }

     ret = 1;