Check for selftest failure in various places.

author: Dr. Stephen Henson <steve@openssl.org> 2011-10-22 17:24:27 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-10-22 17:24:27 +0000
commit: 5fd722600b3c53f31900442b9a0f9d0ce7dfc629 (patch)
tree: 9cb09c51162dc8cf98c21a283a9598ea54d45607 /fips
parent: 5b198d5eea726b68925d5487a9c28b66b6d6a717 (diff)
2 files changed, 10 insertions, 0 deletions
diff --git a/fips/fips.h b/fips/fips.h
index 06809c7dcb..4cadbd26fd 100644
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -349,6 +349,10 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_DSA_BUILTIN_PARAMGEN2			 102
 #define FIPS_F_DSA_DO_SIGN				 103
 #define FIPS_F_DSA_DO_VERIFY				 104
+#define FIPS_F_ECDH_COMPUTE_KEY				 163
+#define FIPS_F_ECDSA_DO_SIGN				 164
+#define FIPS_F_ECDSA_DO_VERIFY				 165
+#define FIPS_F_EC_KEY_GENERATE_KEY			 166
 #define FIPS_F_FIPS_CHECK_DSA				 105
 #define FIPS_F_FIPS_CHECK_DSA_PRNG			 151
 #define FIPS_F_FIPS_CHECK_EC				 106
diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 32e4b83c5e..1596977fd5 100644
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -386,6 +386,12 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
 	{
 	int r = 0;
 
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
+
 	if (!fips_drbg_check(dctx))
 		return 0;
author	Dr. Stephen Henson <steve@openssl.org>	2011-10-22 17:24:27 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-10-22 17:24:27 +0000
commit	5fd722600b3c53f31900442b9a0f9d0ce7dfc629 (patch)
tree	9cb09c51162dc8cf98c21a283a9598ea54d45607 /fips
parent	5b198d5eea726b68925d5487a9c28b66b6d6a717 (diff)