From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 5 Sep 2011 15:32:32 +0000 (+0000)
Subject: Place DRBG in error state if health check fails.
X-Git-Tag: OpenSSL-fips-2_0-rc1~167
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=7634137b8aed68ab776a256a5f16f2deb1537f29;ds=sidebyside

Place DRBG in error state if health check fails.
---

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 3478864eec..f5f365b01e 100644
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -96,6 +96,7 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
 		if (!fips_drbg_kat(&tctx, type, flags | DRBG_FLAG_TEST))
 			{
 			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
+			dctx->status = DRBG_STATUS_ERROR;
 			return 0;
 			}
 		}
@@ -333,6 +334,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
 						dctx->flags | DRBG_FLAG_TEST))
 			{
 			FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
+			dctx->status = DRBG_STATUS_ERROR;
 			return 0;
 			}
 		dctx->health_check_cnt = 0;