From fc305304023660fdc72da818686410f6d3f3fc89 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 26 Jun 2011 12:29:26 +0000
Subject: [PATCH] Fix CPRNG test for Hash DRBG.

---
 fips/rand/fips_drbg_hash.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/fips/rand/fips_drbg_hash.c b/fips/rand/fips_drbg_hash.c
index 544cda1fff..2fdf0e8f38 100644
--- a/fips/rand/fips_drbg_hash.c
+++ b/fips/rand/fips_drbg_hash.c
@@ -199,9 +199,8 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
 			{
 			FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
 			dctx->lb_valid = 1;
-			continue;
 			}
-		if (outlen < dctx->blocklength)
+		else if (outlen < dctx->blocklength)
 			{
 			FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
 			if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
@@ -209,13 +208,16 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
 			memcpy(out, hctx->vtmp, outlen);
 			return 1;
 			}
-		FIPS_digestfinal(&hctx->mctx, out, NULL);
-		if (!fips_drbg_cprng_test(dctx, out))
-			return 0;
-		outlen -= dctx->blocklength;
-		if (outlen == 0)
-			return 1;
-		out += dctx->blocklength;
+		else
+			{
+			FIPS_digestfinal(&hctx->mctx, out, NULL);
+			if (!fips_drbg_cprng_test(dctx, out))
+				return 0;
+			outlen -= dctx->blocklength;
+			if (outlen == 0)
+				return 1;
+			out += dctx->blocklength;
+			}
 		ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
 		}
 	}
-- 
2.25.1