From fcbd13d843a284b5e1654c3ce0efbf3249f23cd9 Mon Sep 17 00:00:00 2001
From: Nikola Pajkovsky <nikolap@openssl.org>
Date: Fri, 15 Aug 2025 14:02:44 +0200
Subject: [PATCH] dh: add FIPS 140-3 PCT on key generation

According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be
performed.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28280)

(cherry picked from commit b561837ee9bb9393cd3ada325180130fda2613bc)
---
 providers/implementations/keymgmt/dh_kmgmt.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 98a8a45cf15..3c2043eb6ee 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -806,6 +806,15 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
                                      gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2);
         if (DH_generate_key(dh) <= 0)
             goto end;
+#ifdef FIPS_MODULE
+        if (!ossl_fips_self_testing()) {
+            ret = ossl_dh_check_pairwise(dh, 0);
+            if (ret <= 0) {
+                ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
+                goto end;
+            }
+        }
+#endif /* FIPS_MODULE */
     }
     DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
     DH_set_flags(dh, gctx->dh_type);
-- 
2.47.3