From 2b7679b16d970f99e76b631b62f51bdeffb14627 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Tue, 11 Feb 2025 09:32:28 +1100
Subject: [PATCH] fips: omit PCT on key import

Our lab thinks the IG 10.3.A additional comment 1 is a mistake and that
a PCT on import is not required.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26785)
---
 providers/implementations/keymgmt/ml_dsa_kmgmt.c | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
index f1f10d86871..fc1000c3e1a 100644
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -242,7 +242,6 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[]
 {
     ML_DSA_KEY *key = keydata;
     int include_priv;
-    int res;
 
     if (!ossl_prov_is_running() || key == NULL)
         return 0;
@@ -251,17 +250,7 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[]
         return 0;
 
     include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
-    res = ml_dsa_key_fromdata(key, params, include_priv);
-#ifdef FIPS_MODULE
-    if (res > 0) {
-        res = ml_dsa_pairwise_test(key);
-        if (res <= 0) {
-            ossl_ml_dsa_key_reset(key);
-            ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
-        }
-    }
-#endif
-    return res;
+    return ml_dsa_key_fromdata(key, params, include_priv);
 }
 
 #define ML_DSA_IMEXPORTABLE_PARAMETERS \
-- 
2.47.2