File openssl-1_1-jitterentropy-error-state.patch of Package openssl-1_1.37526

Index: openssl-1.1.1w/crypto/fips/fips_entropy.c
===================================================================
--- openssl-1.1.1w.orig/crypto/fips/fips_entropy.c
+++ openssl-1.1.1w/crypto/fips/fips_entropy.c
@@ -28,10 +28,19 @@ struct rand_data* FIPS_entropy_init(void
         return NULL;
     }
     /* If the initialization is successful, the call returns with 0 */
-    if (jent_entropy_init_ex(1, JENT_FORCE_FIPS) == 0)
+    if (jent_entropy_init_ex(1, JENT_FORCE_FIPS) == 0) {
         /* Allocate entropy collector */
         ec = jent_entropy_collector_alloc(1, JENT_FORCE_FIPS);
+    } else {
+        /* Set the error state if jitter RNG fails initialization */
+        fips_set_selftest_fail();
+    }
+    if (ec == NULL) {
+        /* Set the error state if jitter RNG fails initialization */
+        fips_set_selftest_fail();
+    }
     CRYPTO_THREAD_unlock(jent_lock);
+
     return ec;
 }
 
@@ -51,6 +60,17 @@ void FIPS_entropy_cleanup(void)
     jent_lock = NULL;
 }
 
+/*
+ * The following error codes can be returned by jent_read_entropy_safe():
+ *   -1  entropy_collector is NULL
+ *   -2  RCT failed
+ *   -3  APT failed
+ *   -4  The timer cannot be initialized
+ *   -5  LAG failure
+ *   -6  RCT permanent failure
+ *   -7  APT permanent failure
+ *   -8  LAG permanent failure
+ */
 ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen)
 {
     ssize_t ent_bytes = -1;
@@ -68,7 +88,14 @@ ssize_t FIPS_jitter_entropy(unsigned cha
         && stop == 0) {
         /* Get entropy */
         ent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen);
+        if (ent_bytes < 0) {
+            /* Set the error state if jitter RNG fails entropy gathering
+             * because the health tests failed.
+             */
+            fips_set_selftest_fail();
+        }
         CRYPTO_THREAD_unlock(jent_lock);
     }
+
     return ent_bytes;
 }