Remove redundant definitions. Give error code if DRBG sefltest fails.

3 files changed, 3 insertions, 6 deletions

diff --git a/fips/fips.h b/fips/fips.h
index 110ee3c5b4..2c71041a70 100644
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -203,6 +203,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_DRBG_INSTANTIATE			 133
 #define FIPS_F_FIPS_DRBG_NEW				 134
 #define FIPS_F_FIPS_DRBG_RESEED				 135
+#define FIPS_F_FIPS_DRBG_SINGLE_KAT			 140
 #define FIPS_F_FIPS_DSA_CHECK				 107
 #define FIPS_F_FIPS_MODE_SET				 108
 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 109
diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c
index a3732c1a4a..c46fe58521 100644
--- a/fips/rand/fips_drbg_selftest.c
+++ b/fips/rand/fips_drbg_selftest.c
@@ -797,6 +797,8 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 	rv = 1;
 
 	err:
+	if (rv == 0)
+		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
 	FIPS_drbg_uninstantiate(dctx);
 	
 	return rv;
diff --git a/fips/rand/fips_rand_lcl.h b/fips/rand/fips_rand_lcl.h
index b3962260ed..a946ac1ed8 100644
--- a/fips/rand/fips_rand_lcl.h
+++ b/fips/rand/fips_rand_lcl.h
@@ -97,10 +97,6 @@ struct drbg_ctr_ctx_st
 /* fatal error condition */
 #define DRBG_STATUS_ERROR		3
 
-/* Maximum values for temp entropy and nonce */
-#define DRBG_MAX_ENTROPY		1024
-#define DRBG_MAX_NONCE			1024
-
 /* A default maximum length: larger than any reasonable value used in pratice */
 
 #define DRBG_MAX_LENGTH			0x7ffffff0
@@ -159,8 +155,6 @@ struct drbg_ctx_st
 	/* Indicates we have finished with entropy buffer */
 	void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
 
-	unsigned char nonce[DRBG_MAX_NONCE];
-
 	/* nonce gathering function */
 	size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
 				int entropy, size_t min_len, size_t max_len);