Return error codes for selftest failure instead of hard assertion errors.

2 files changed, 20 insertions, 4 deletions

diff --git a/fips/utl/fips_enc.c b/fips/utl/fips_enc.c
index a25e5a1e5c..55a880d06e 100644
--- a/fips/utl/fips_enc.c
+++ b/fips/utl/fips_enc.c
@@ -256,11 +256,15 @@ int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c)
 int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
 	int ret;
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_CIPHER_CTX_CTRL, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
 	if(!ctx->cipher) {
 		EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
 		return 0;
 	}
-	FIPS_selftest_check();
 
 	if(!ctx->cipher->ctrl) {
 		EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
@@ -327,6 +331,10 @@ int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen)
 int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			const unsigned char *in, unsigned int inl)
 	{
-	FIPS_selftest_check();
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_CIPHER, FIPS_R_SELFTEST_FAILED);
+		return -1;
+		}
 	return ctx->cipher->do_cipher(ctx,out,in,inl);
 	}
diff --git a/fips/utl/fips_md.c b/fips/utl/fips_md.c
index 37149506f3..556267994c 100644
--- a/fips/utl/fips_md.c
+++ b/fips/utl/fips_md.c
@@ -204,7 +204,11 @@ int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type)
 
 int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 	{
-	FIPS_selftest_check();
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DIGESTUPDATE, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
 	return ctx->update(ctx,data,count);
 	}
 
@@ -213,7 +217,11 @@ int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
 	int ret;
 
-	FIPS_selftest_check();
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DIGESTFINAL, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
 
 	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
 	ret=ctx->digest->final(ctx,md);