From 74fac927b0b7d89aa6cdb88b12669e1cd8f4e841 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 22 Apr 2011 11:12:56 +0000
Subject: Return errors instead of aborting when selftest fails.

---
 crypto/dh/dh_key.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'crypto/dh')

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 50e8011c83..6c0c745c8d 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -301,7 +301,11 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 static int dh_init(DH *dh)
 	{
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
+		return 0;
+		}
 #endif
 	dh->flags |= DH_FLAG_CACHE_MONT_P;
 	return(1);
-- 
cgit v1.2.3