Check for selftest failure in various places.

[openssl.git] / crypto / ecdsa / ecs_ossl.c

diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index acdeea83d4a789c356547546de2f7b56d1170ac1..8336bceb673b6fcd96552a8fa7ed2a9e2e50d83a 100644 (file)
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -238,6 +238,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
        ECDSA_DATA *ecdsa;
        const BIGNUM *priv_key;
 
+#ifdef OPENSSL_FIPS
+       if(FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+               return NULL;
+               }
+#endif
+
        ecdsa    = ecdsa_check(eckey);
        group    = EC_KEY_get0_group(eckey);
        priv_key = EC_KEY_get0_private_key(eckey);
@@ -373,6 +381,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
        const EC_GROUP *group;
        const EC_POINT *pub_key;
 
+#ifdef OPENSSL_FIPS
+       if(FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+               return -1;
+               }
+#endif
+
        /* check input values */
        if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
            (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)