From: Pauli <ppzgs1@gmail.com>
Date: Fri, 29 Aug 2025 02:43:09 +0000 (+1000)
Subject: ml-kem: convert to transient error state on import failure in FIPS provider
X-Git-Tag: openssl-3.6.0-alpha1~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eaba675c4b300e18aa4a200a75ff9566653afda8;p=thirdparty%2Fopenssl.git

ml-kem: convert to transient error state on import failure in FIPS provider

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28376)
---

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
index 2683bca34e7..8b995015ba9 100644
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
@@ -482,7 +482,7 @@ static int ml_kem_import(void *vkey, int selection, const OSSL_PARAM params[])
     if (res > 0 && include_private
         && !ml_kem_pairwise_test(key, key->prov_flags)) {
 #ifdef FIPS_MODULE
-        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
+        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT);
 #endif
         ossl_ml_kem_key_reset(key);
         res = 0;
@@ -509,7 +509,7 @@ static const OSSL_PARAM *ml_kem_gettable_params(void *provctx)
 }
 
 #ifndef FIPS_MODULE
-void *ml_kem_load(const void *reference, size_t reference_sz)
+static void *ml_kem_load(const void *reference, size_t reference_sz)
 {
     ML_KEM_KEY *key = NULL;
     uint8_t *encoded_dk = NULL;