Return error codes for selftest failure instead of hard assertion errors.

author: Dr. Stephen Henson <steve@openssl.org> 2011-05-06 17:38:39 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-06 17:38:39 +0000
commit: ad4784953d6d79484204a8bb8243be73a6e9aa98 (patch)
tree: 1e58ec0ced9a3013f2ab517a667d5e5fb581d309 /fips/rsa
parent: 6b7be581e52761b2a0dc5dcf35214ff813b9f9f0 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/fips/rsa/fips_rsa_sign.c b/fips/rsa/fips_rsa_sign.c
index 46d0d4061a..c68c00787d 100644
--- a/fips/rsa/fips_rsa_sign.c
+++ b/fips/rsa/fips_rsa_sign.c
@@ -219,7 +219,11 @@ int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
 	/* Largest DigestInfo: 19 (max encoding) + max MD */
 	unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
 
-	FIPS_selftest_check();
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_RSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
 
 	md_type = M_EVP_MD_type(mhash);
 
@@ -322,14 +326,18 @@ int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
 	int md_type;
 	int rsa_dec_pad_mode;
 
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_RSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
+
 	if (siglen != (unsigned int)RSA_size(rsa))
 		{
 		RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_WRONG_SIGNATURE_LENGTH);
 		return(0);
 		}
 
-	FIPS_selftest_check();
-
 	md_type = M_EVP_MD_type(mhash);
 
 	s= OPENSSL_malloc((unsigned int)siglen);
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-06 17:38:39 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-06 17:38:39 +0000
commit	ad4784953d6d79484204a8bb8243be73a6e9aa98 (patch)
tree	1e58ec0ced9a3013f2ab517a667d5e5fb581d309 /fips/rsa
parent	6b7be581e52761b2a0dc5dcf35214ff813b9f9f0 (diff)