From: Pauli <ppzgs1@gmail.com>
Date: Mon, 10 Feb 2025 22:32:28 +0000 (+1100)
Subject: fips: omit PCT on key import
X-Git-Tag: openssl-3.5.0-alpha1~202
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b7679b16d970f99e76b631b62f51bdeffb14627;p=thirdparty%2Fopenssl.git

fips: omit PCT on key import

Our lab thinks the IG 10.3.A additional comment 1 is a mistake and that
a PCT on import is not required.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26785)
---

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
index f1f10d86871..fc1000c3e1a 100644
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -242,7 +242,6 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[]
 {
     ML_DSA_KEY *key = keydata;
     int include_priv;
-    int res;
 
     if (!ossl_prov_is_running() || key == NULL)
         return 0;
@@ -251,17 +250,7 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[]
         return 0;
 
     include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
-    res = ml_dsa_key_fromdata(key, params, include_priv);
-#ifdef FIPS_MODULE
-    if (res > 0) {
-        res = ml_dsa_pairwise_test(key);
-        if (res <= 0) {
-            ossl_ml_dsa_key_reset(key);
-            ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
-        }
-    }
-#endif
-    return res;
+    return ml_dsa_key_fromdata(key, params, include_priv);
 }
 
 #define ML_DSA_IMEXPORTABLE_PARAMETERS \