slh-dsa: avoid pairwise test when doing key generation CAST

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)

diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
index 27fee6c2b868b97e3ad7a5bb6fbb4424dc019a5f..f4df2e8813cef37a2f1dedbf37473ce54acdddf5 100644 (file)
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -12,6 +12,7 @@
 #include <openssl/param_build.h>
 #include <openssl/self_test.h>
 #include "crypto/slh_dsa.h"
+#include "internal/fips.h"
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
@@ -295,6 +296,10 @@ static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx,
     uint8_t *sig = NULL;
     size_t sig_len;
 
+    /* During self test, it is a waste to do this test */
+    if (ossl_fips_self_testing())
+        return 1;
+
     OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
     st = OSSL_SELF_TEST_new(cb, cb_arg);
     if (st == NULL)