From: Pauli <ppzgs1@gmail.com>
Date: Fri, 29 Aug 2025 02:42:46 +0000 (+1000)
Subject: ecx: convert to transient error state on import failure in FIPS provider
X-Git-Tag: openssl-3.6.0-alpha1~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=811f68ffe2cb97ab997c11b0429236135eb437c0;p=thirdparty%2Fopenssl.git

ecx: convert to transient error state on import failure in FIPS provider

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28376)
---

diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c.in b/providers/implementations/keymgmt/ecx_kmgmt.c.in
index b718c6b598a..99ec7499c22 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c.in
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c.in
@@ -234,7 +234,7 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[])
         if (key->haspubkey && key->privkey != NULL) {
             ok = ecd_fips140_pairwise_test(key, key->type, 1);
             if (ok <= 0)
-                ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
+                ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT);
         }
 #endif  /* FIPS_MODULE */
     return ok;