Place DRBG in error state if health check fails.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)
fips/rand/fips_drbg_lib.c

index 3478864..f5f365b 100644 (file)
@@ -96,6 +96,7 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
                if (!fips_drbg_kat(&tctx, type, flags | DRBG_FLAG_TEST))
                        {
                        FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
+                       dctx->status = DRBG_STATUS_ERROR;
                        return 0;
                        }
                }
@@ -333,6 +334,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
                                                dctx->flags | DRBG_FLAG_TEST))
                        {
                        FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
+                       dctx->status = DRBG_STATUS_ERROR;
                        return 0;
                        }
                dctx->health_check_cnt = 0;