Use function name FIPS_drbg_health_check() for health check function.

 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]

  *) Use separate DRBG fields for internal and external flags. New function

     FIPS_drbg_test() to perform on demand health checking. Add generation

     tests to fips_test_suite with reduced health check interval to 

     FIPS_drbg_health_check() to perform on demand health checking. Add

     generation tests to fips_test_suite with reduced health check interval to 

     demonstrate periodic health checking. Add "nodh" option to

     fips_test_suite to skip very slow DH test.

     [Steve Henson]

/* fips/rand/fips_drbg_lib.c */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

 * project.

 */

	if (!(dctx->xflags & DRBG_FLAG_TEST))

		{

		DRBG_CTX tctx;

		if (!fips_drbg_kat(&tctx, type, flags | DRBG_FLAG_TEST))

		if (!FIPS_drbg_health_check(dctx))

			{

			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);

			dctx->status = DRBG_STATUS_ERROR;

			return 0;

			}

		}

	 */

	if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))

		{

		if (!FIPS_drbg_test(dctx))

		if (!FIPS_drbg_health_check(dctx))

			{

			r = FIPS_R_SELFTEST_FAILURE;

			goto end;

	dctx->health_check_cnt++;

	if (dctx->health_check_cnt >= dctx->health_check_interval)

		{

		if (!FIPS_drbg_test(dctx))

		if (!FIPS_drbg_health_check(dctx))

			{

			FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);

			dctx->status = DRBG_STATUS_ERROR;

			return 0;

			}

		dctx->health_check_cnt = 0;

		}

	return 1;

	}

	/* Initial test without PR */

	/* Instantiate DRBG with test entropy, nonce and personalisation

	 * string.

	 */

	if (!FIPS_drbg_init(dctx, td->nid, td->flags))

		return 0;

	if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))

		adinlen = td->adinlen / 2;

	else

		adinlen = td->adinlen;

	/* Generate with no PR and verify output matches expected data */

	if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,

				td->adin, adinlen))

		goto err;

		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);

		goto err2;

		}

	/* If abbreviated POST end of test */

	if (quick)

		{

		rv = 1;

		goto err;

		}

	/* Reseed DRBG with test entropy and additional input */

	t.ent = td->entreseed;

	t.entlen = td->entreseedlen;

	if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))

		goto err;

	/* Generate with no PR and verify output matches expected data */

	if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,

				td->adin2, td->adin2len))

		goto err;

	FIPS_drbg_uninstantiate(dctx);

	/* Now test with PR */

	/* Instantiate DRBG with test entropy, nonce and personalisation

	 * string.

	 */

	if (!FIPS_drbg_init(dctx, td->nid, td->flags))

		return 0;

	if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))

	if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))

		goto err;

	/* Now generate with PR: we need to supply entropy as this will

	 * perform a reseed operation. Check output matches expected value.

	 */

	t.ent = td->entpr_pr;

	t.entlen = td->entprlen_pr;

		goto err2;

		}

	/* Now generate again with PR: supply new entropy again.

	 * Check output matches expected value.

	 */

	t.ent = td->entg_pr;

	t.entlen = td->entglen_pr;

		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);

		goto err2;

		}

	/* All OK, test complete */

	rv = 1;

	err:

	return 1;

	}

/* This is the "health check" function required by SP800-90. Induce several

 * failure modes and check an error condition is set.

/* This function performd extensive error checking as required by SP800-90.

 * Induce several failure modes and check an error condition is set.

 * This function along with fips_drbg_single_kat peforms the health checking

 * operation.

 */

static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)

static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)

	{

	unsigned char randout[1024];

	TEST_ENT t;

			{

			if (!fips_drbg_single_kat(dctx, td, 0))

				return 0;

			return fips_drbg_health_check(dctx, td);

			return fips_drbg_error_check(dctx, td);

			}

		}

	return 0;

	}

int FIPS_drbg_test(DRBG_CTX *dctx)

int FIPS_drbg_health_check(DRBG_CTX *dctx)

	{

	int rv;

	DRBG_CTX *tctx = NULL;

		fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);

	else

		fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);

	if (!rv)

		dctx->status = DRBG_STATUS_ERROR;

	else

		dctx->health_check_cnt = 0;

	return rv;

	}

			rv = 0;

			continue;

			}

		if (!fips_drbg_health_check(dctx, td))

		if (!fips_drbg_error_check(dctx, td))

			{

			fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);

			rv = 0;

void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);

void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);

int FIPS_drbg_test(DRBG_CTX *dctx);

int FIPS_drbg_health_check(DRBG_CTX *dctx);

DRBG_CTX *FIPS_get_default_drbg(void);

const RAND_METHOD *FIPS_drbg_method(void);