X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=fips%2Frand%2Ffips_drbg_hash.c;h=8b49f33a63081f0dcc63965dd171451e19e96bc3;hp=b20d0726466af0f405fb89e4668a977882fdc5b0;hb=ded1999702eb684f2057628b261bdd951fa73bc3;hpb=a255e5bc98188f8ca9cc0b6970ff36dbfb80f1fb;ds=sidebyside

diff --git a/fips/rand/fips_drbg_hash.c b/fips/rand/fips_drbg_hash.c
index b20d072646..8b49f33a63 100644
--- a/fips/rand/fips_drbg_hash.c
+++ b/fips/rand/fips_drbg_hash.c
@@ -195,13 +195,23 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
 		{
 		FIPS_digestinit(&hctx->mctx, hctx->md);
 		FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
+		if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+			{
+			FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
+			dctx->lb_valid = 1;
+			continue;
+			}
 		if (outlen < dctx->blocklength)
 			{
 			FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
+			if (!drbg_cprng_test(dctx, hctx->vtmp))
+				return 0;
 			memcpy(out, hctx->vtmp, outlen);
 			return 1;
 			}
 		FIPS_digestfinal(&hctx->mctx, out, NULL);
+		if (!drbg_cprng_test(dctx, out))
+			return 0;
 		outlen -= dctx->blocklength;
 		if (outlen == 0)
 			return 1;