From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 26 Jun 2011 12:29:26 +0000 (+0000)
Subject: Fix CPRNG test for Hash DRBG.
X-Git-Tag: OpenSSL-fips-2_0-rc1~290
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=fc305304023660fdc72da818686410f6d3f3fc89;p=oweals%2Fopenssl.git

Fix CPRNG test for Hash DRBG.
---

diff --git a/fips/rand/fips_drbg_hash.c b/fips/rand/fips_drbg_hash.c
index 544cda1fff..2fdf0e8f38 100644
--- a/fips/rand/fips_drbg_hash.c
+++ b/fips/rand/fips_drbg_hash.c
@@ -199,9 +199,8 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
 			{
 			FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
 			dctx->lb_valid = 1;
-			continue;
 			}
-		if (outlen < dctx->blocklength)
+		else if (outlen < dctx->blocklength)
 			{
 			FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
 			if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
@@ -209,13 +208,16 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
 			memcpy(out, hctx->vtmp, outlen);
 			return 1;
 			}
-		FIPS_digestfinal(&hctx->mctx, out, NULL);
-		if (!fips_drbg_cprng_test(dctx, out))
-			return 0;
-		outlen -= dctx->blocklength;
-		if (outlen == 0)
-			return 1;
-		out += dctx->blocklength;
+		else
+			{
+			FIPS_digestfinal(&hctx->mctx, out, NULL);
+			if (!fips_drbg_cprng_test(dctx, out))
+				return 0;
+			outlen -= dctx->blocklength;
+			if (outlen == 0)
+				return 1;
+			out += dctx->blocklength;
+			}
 		ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
 		}
 	}