clarify comment

[openssl.git] / fips / rand / fips_drbg_lib.c

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 114f78e6ab33abf6f9abdda3f869f87e7e95b1bf..015b95a972682a8ce3c393b7b9fa79e3350db301 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -115,8 +115,14 @@ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
                FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
                return NULL;
                }
+
        if (type == 0)
+               {
+               memset(dctx, 0, sizeof(DRBG_CTX));
+               dctx->type = 0;
+               dctx->status = DRBG_STATUS_UNINITIALISED;
                return dctx;
+               }
 
        if (FIPS_drbg_init(dctx, type, flags) <= 0)
                {
@@ -347,7 +353,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
        }
 
 int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-                       int strength, int prediction_resistance,
+                       int prediction_resistance,
                        const unsigned char *adin, size_t adinlen)
        {
        int r = 0;
@@ -371,9 +377,9 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
                return 0;
                }
 
-       if (strength > dctx->strength)
+       if (adinlen > dctx->max_adin)
                {
-               r = FIPS_R_INSUFFICIENT_SECURITY_STRENGTH;
+               r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
                goto end;
                }