Update fipssyms.h to keep all symbols in FIPS,fips namespace.

[openssl.git] / fips / rand / fips_drbg_ctr.c

diff --git a/fips/rand/fips_drbg_ctr.c b/fips/rand/fips_drbg_ctr.c
index 7e6d497ad1f9c94abd7c196a5a0783844900048a..4045e2d627f2966f5c4cd8bbba37657f1ec94735 100644 (file)
--- a/fips/rand/fips_drbg_ctr.c
+++ b/fips/rand/fips_drbg_ctr.c
@@ -330,14 +330,24 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
        for (;;)
                {
                inc_128(cctx);
+               if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+                       {
+                       AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
+                       dctx->lb_valid = 1;
+                       continue;
+                       }
                if (outlen < 16)
                        {
                        /* Use K as temp space as it will be updated */
                        AES_encrypt(cctx->V, cctx->K, &cctx->ks);
+                       if (!fips_drbg_cprng_test(dctx, cctx->K))
+                               return 0;
                        memcpy(out, cctx->K, outlen);
                        break;
                        }
                AES_encrypt(cctx->V, out, &cctx->ks);
+               if (!fips_drbg_cprng_test(dctx, out))
+                       return 0;
                out += 16;
                outlen -= 16;
                if (outlen == 0)
@@ -404,9 +414,9 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
                AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
 
                dctx->min_entropy = cctx->keylen;
-               dctx->max_entropy = DRBG_MAX_ENTROPY;
+               dctx->max_entropy = DRBG_MAX_LENGTH;
                dctx->min_nonce = dctx->min_entropy / 2;
-               dctx->max_nonce = DRBG_MAX_NONCE;
+               dctx->max_nonce = DRBG_MAX_LENGTH;
                dctx->max_pers = DRBG_MAX_LENGTH;
                dctx->max_adin = DRBG_MAX_LENGTH;
                }