FIPS: abort on rsa_keygen_pairwise_test failure
Merge Request Required Information
Summary of Changes
ISO 19790 AS10.09 says the module shall not perform any cryptographic operations or output data in an error state, but OpenSSL does not have checks for the module state in EVP_DigestUpdate() and EVP_EncryptUpdate().
Upstream and their certification lab says these checks aren't needed, our lab disagrees. We asked for clarification from CMVP. While we are waiting for that, add a change that will allow us to submit. We will drop this patch one we found a solution together with upstream.
See #22506 for the discussion upstream.
Approved Development Ticket
RHEL-17104