From 5fd722600b3c53f31900442b9a0f9d0ce7dfc629 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 22 Oct 2011 17:24:27 +0000
Subject: Check for selftest failure in various places.

---
 crypto/ecdh/ech_ossl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'crypto/ecdh')

diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index f93dfcb4f7..94a8f4b696 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -119,6 +119,14 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
 	size_t buflen, len;
 	unsigned char *buf=NULL;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_ECDH_COMPUTE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
+		return -1;
+		}
+#endif
+
 	if (outlen > INT_MAX)
 		{
 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
-- 
cgit v1.2.3