Check for selftest failure in various places.

1 files changed, 16 insertions, 0 deletions

diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index acdeea83d4..8336bceb67 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -238,6 +238,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 	ECDSA_DATA *ecdsa;
 	const BIGNUM *priv_key;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+		return NULL;
+		}
+#endif
+
 	ecdsa    = ecdsa_check(eckey);
 	group    = EC_KEY_get0_group(eckey);
 	priv_key = EC_KEY_get0_private_key(eckey);
@@ -373,6 +381,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
 	const EC_GROUP *group;
 	const EC_POINT *pub_key;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+		return -1;
+		}
+#endif
+
 	/* check input values */
 	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
 	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)