From 7634137b8aed68ab776a256a5f16f2deb1537f29 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 5 Sep 2011 15:32:32 +0000
Subject: [PATCH] Place DRBG in error state if health check fails.

---
 fips/rand/fips_drbg_lib.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 3478864eec..f5f365b01e 100644
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -96,6 +96,7 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
 		if (!fips_drbg_kat(&tctx, type, flags | DRBG_FLAG_TEST))
 			{
 			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
+			dctx->status = DRBG_STATUS_ERROR;
 			return 0;
 			}
 		}
@@ -333,6 +334,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
 						dctx->flags | DRBG_FLAG_TEST))
 			{
 			FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
+			dctx->status = DRBG_STATUS_ERROR;
 			return 0;
 			}
 		dctx->health_check_cnt = 0;
-- 
GitLab