From d923468e4757118147d1af37d67934de9b27ab5e Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Fri, 29 Aug 2025 12:42:17 +1000
Subject: [PATCH] dh: convert to transient error state on import failure in
 FIPS provider

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28376)

(cherry picked from commit c2ebeeeff67948cd4f44fc5e4a777cf9ea293f17)
---
 providers/implementations/keymgmt/dh_kmgmt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 3c2043eb6ee..66cbd817b48 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -218,7 +218,7 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
         if (ok > 0 && !ossl_fips_self_testing()) {
             ok = ossl_dh_check_pairwise(dh, 1);
             if (ok <= 0)
-                ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
+                ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT);
         }
 #endif  /* FIPS_MODULE */
     }
-- 
2.47.3