1 files changed, 2 insertions, 9 deletions

diff --git a/crypto/drbg.c b/crypto/drbg.c
index d748a1d0ca24..96138396ce01 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -223,15 +223,6 @@ static inline unsigned short drbg_sec_strength(drbg_flag_t flags)
  * function. Thus, the function implicitly knows the size of the
  * buffer.
  *
- * The FIPS test can be called in an endless loop until it returns
- * true. Although the code looks like a potential for a deadlock, it
- * is not the case, because returning a false cannot mathematically
- * occur (except once when a reseed took place and the updated state
- * would is now set up such that the generation of new value returns
- * an identical one -- this is most unlikely and would happen only once).
- * Thus, if this function repeatedly returns false and thus would cause
- * a deadlock, the integrity of the entire kernel is lost.
- *
  * @drbg DRBG handle
  * @buf output buffer of random data to be checked
  *
@@ -258,6 +249,8 @@ static bool drbg_fips_continuous_test(struct drbg_state *drbg,
                 return false;
         }
         ret = memcmp(drbg->prev, buf, drbg_blocklen(drbg));
+        if (!ret)
+                panic("DRBG continuous self test failed\n");
         memcpy(drbg->prev, buf, drbg_blocklen(drbg));
         /* the test shall pass when the two compared values are not equal */
         return ret != 0;