From ee365a11a4acc667c7a726fbdc3447ba550309b6 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Tue, 10 Oct 2023 14:10:22 +0200
Subject: [PATCH] fips: use openssl lib context in compute_file_hmac

Before calling any openssl EVP function, libica's own openssl lib ctx
must be made the current one. This was missing in compute_file_hmac.

Suggested-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
 src/fips.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/fips.c b/src/fips.c
index f09dc77..3bbc325 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -400,6 +400,8 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
 	void *fdata = NULL;
 	struct stat fdata_stat;
 
+	BEGIN_OPENSSL_LIBCTX(openssl_libctx, rc);
+
 	pkey = get_pkey();
 	if (!pkey)
 		goto end;
@@ -438,6 +440,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
 		EVP_MD_CTX_destroy(mdctx);
 
 	OPENSSL_cleanse(tmp, sizeof(tmp));
+	END_OPENSSL_LIBCTX(rc);
 
 	return rc;
 }