Check for selftest failure in various places.

[openssl.git] / fips / rand / fips_drbg_lib.c

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 32e4b83c5e9f7cdcb83fbc44436b3412dd7e0633..1596977fd54d77b4967a5203d1139dc8d33e808f 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -386,6 +386,12 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
        {
        int r = 0;
 
+       if (FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
+               return 0;
+               }
+
        if (!fips_drbg_check(dctx))
                return 0;