From e5cadaf8db8cd0b43edaeaf7223aeffb4450a9ab Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 1 Apr 2011 17:49:45 +0000
Subject: Only zeroise sensitive parts of DRBG context, so the type and flags
 are undisturbed.

Allow setting of "rand" callbacks for DRBG.
---
 fips/rand/fips_drbg_selftest.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'fips/rand/fips_drbg_selftest.c')

diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c
index c46fe58521..d1f9dd118b 100644
--- a/fips/rand/fips_drbg_selftest.c
+++ b/fips/rand/fips_drbg_selftest.c
@@ -954,11 +954,11 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		}
 
 	FIPS_drbg_uninstantiate(dctx);
-	p = (unsigned char *)dctx;
+	p = (unsigned char *)&dctx->d;
 	/* Standard says we have to check uninstantiate really zeroes
 	 * the data...
 	 */
-	for (i = 0; i < sizeof(DRBG_CTX); i++)
+	for (i = 0; i < sizeof(dctx->d); i++)
 		{
 		if (*p != 0)
 			{
@@ -980,7 +980,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 	return 0;
 
 	}
-		
+
 
 int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
 	{
-- 
cgit v1.2.3