Move to error state if ML-DSA / SLH-DSA PCT fails

As required by FIPS 140-3 AS10.07, if the module fails a self-test, it
shall enter an error state.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27436)

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
index ee5463caec86c5afff32a148bafca2b839f7cc72..5e9023e333938138dd03b9c0bbdb8cc300dac5ff 100644 (file)
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -474,8 +474,10 @@ static void *ml_dsa_gen(void *genctx, int evp_type)
         goto err;
     }
 #ifdef FIPS_MODULE
-    if (!ml_dsa_pairwise_test(key))
+    if (!ml_dsa_pairwise_test(key)) {
+        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
         goto err;
+    }
 #endif
     return key;
  err:

diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
index b67367b449cde292d03c2ac999283b1b84f5346f..1b89b75ef5af50077b991e6451d292e2b523e040 100644 (file)
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -346,8 +346,10 @@ static void *slh_dsa_gen(void *genctx, const char *alg)
                                    gctx->entropy, gctx->entropy_len))
         goto err;
 #ifdef FIPS_MODULE
-    if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx))
+    if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx)) {
+        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
         goto err;
+    }
 #endif /* FIPS_MODULE */
     ossl_slh_dsa_hash_ctx_free(ctx);
     return key;