root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

ml-kem: convert to transient error state on import failure in FIPS provider 

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28376)
This commit is contained in:
Pauli 2025-08-29 12:43:09 +10:00 committed by Neil Horman
parent 56a791209c
commit eaba675c4b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
providers/implementations/keymgmt/ml_kem_kmgmt.c.in
View File

@ -482,7 +482,7 @@ static int ml_kem_import(void *vkey, int selection, const OSSL_PARAM params[])
if (res > 0 && include_private if (res > 0 && include_private
&& !ml_kem_pairwise_test(key, key->prov_flags)) { && !ml_kem_pairwise_test(key, key->prov_flags)) {
#ifdef FIPS_MODULE #ifdef FIPS_MODULE
ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT);
#endif #endif
ossl_ml_kem_key_reset(key); ossl_ml_kem_key_reset(key);
res = 0; res = 0;
@ -509,7 +509,7 @@ static const OSSL_PARAM *ml_kem_gettable_params(void *provctx)
} }
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
void *ml_kem_load(const void *reference, size_t reference_sz) static void *ml_kem_load(const void *reference, size_t reference_sz)
{ {
ML_KEM_KEY *key = NULL; ML_KEM_KEY *key = NULL;
uint8_t *encoded_dk = NULL; uint8_t *encoded_dk = NULL;