Place DRBG in error state if health check fails.

author Dr. Stephen Henson <steve@openssl.org>

Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)
diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c

index 3478864eec8e794bf05becfb75be7bb815ca7fcf..f5f365b01e327ace8d5feb311399f49a1109dcf7 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -96,6 +96,7 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
                 if (!fips_drbg_kat(&tctx, type, flags | DRBG_FLAG_TEST))
                         {
                         FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
+                       dctx->status = DRBG_STATUS_ERROR;
                         return 0;
                         }
                 }
@@ -333,6 +334,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
                                                 dctx->flags | DRBG_FLAG_TEST))
                         {
                         FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
+                       dctx->status = DRBG_STATUS_ERROR;
                         return 0;
                         }
                 dctx->health_check_cnt = 0;
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)