Add more commentary about recursive Provider intialisation in the FIPS module

In addition this commit ensures that the "provctx" value is defaulted to the current
library context when we are recurively initialising the FIPS provider when already inside
the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

1 files changed, 8 insertions, 1 deletions

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 801a9fd..7842f90 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -178,7 +178,14 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
 
 /*
  * The internal init function used when the FIPS module uses EVP to call
- * another algorithm also in the FIPS module.
+ * another algorithm also in the FIPS module. This is a recursive call that has
+ * been made from within the FIPS module itself. Normally we are responsible for
+ * providing our own provctx value, but in this recursive case it has been
+ * pre-populated for us with the same library context that was used in the EVP
+ * call that initiated this recursive call - so we don't need to do anything
+ * further with that parameter. This only works because we *know* in the core
+ * code that the FIPS module uses a library context for its provctx. This is
+ * not generally true for all providers.
  */
 OSSL_provider_init_fn fips_intern_provider_init;
 int fips_intern_provider_init(const OSSL_PROVIDER *provider,