From: Pauli <ppzgs1@gmail.com>
Date: Wed, 19 Feb 2025 23:48:55 +0000 (+1100)
Subject: slh-dsa: avoid pairwise test when doing key generation CAST
X-Git-Tag: openssl-3.5.0-alpha1~127
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca26db30a0bebbf491f5c976949c0645ceedabf4;p=thirdparty%2Fopenssl.git

slh-dsa: avoid pairwise test when doing key generation CAST

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)
---

diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
index 27fee6c2b86..f4df2e8813c 100644
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -12,6 +12,7 @@
 #include <openssl/param_build.h>
 #include <openssl/self_test.h>
 #include "crypto/slh_dsa.h"
+#include "internal/fips.h"
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
@@ -295,6 +296,10 @@ static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx,
     uint8_t *sig = NULL;
     size_t sig_len;
 
+    /* During self test, it is a waste to do this test */
+    if (ossl_fips_self_testing())
+        return 1;
+
     OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
     st = OSSL_SELF_TEST_new(cb, cb_arg);
     if (st == NULL)