Before initalising a live DRBG (i.e. not in test mode) run a complete health

author Dr. Stephen Henson <steve@openssl.org>

Sat, 9 Apr 2011 17:27:07 +0000 (17:27 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sat, 9 Apr 2011 17:27:07 +0000 (17:27 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sat, 9 Apr 2011 17:27:07 +0000 (17:27 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sat, 9 Apr 2011 17:27:07 +0000 (17:27 +0000)
diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c

index 7a0a1070e2b21dd740125a1e3256a1ee4bed2ff6..92488767ef6b252f6a7f2d88ab8eca59709d030c 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -84,6 +84,18 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
                         FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
                 }
  
+       /* If not in test mode run selftests on DRBG of the same type */
+
+       if (!(dctx->flags & DRBG_FLAG_TEST))
+               {
+               DRBG_CTX tctx;
+               if (!fips_drbg_kat(&tctx, type, flags | DRBG_FLAG_TEST))
+                       {
+                       /*FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);*/
+                       return 0;
+                       }
+               }
+
         return rv;
         }
author	Dr. Stephen Henson <steve@openssl.org>
	Sat, 9 Apr 2011 17:27:07 +0000 (17:27 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sat, 9 Apr 2011 17:27:07 +0000 (17:27 +0000)