ml-dsa: avoid pairwise test when doing key generation CAST

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
index 2c80d4f2b5677a1142dce508cb78e3e13d1b1f82..24e8ceb2f5a3a3f99a3e9fb2f62cb2737d1e8689 100644 (file)
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -14,6 +14,7 @@
 #include <openssl/proverr.h>
 #include <openssl/self_test.h>
 #include "crypto/ml_dsa.h"
+#include "internal/fips.h"
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
@@ -59,7 +60,8 @@ static int ml_dsa_pairwise_test(const ML_DSA_KEY *key)
     size_t sig_len = 0;
     int ret = 0;
 
-    if (!ml_dsa_has(key, OSSL_KEYMGMT_SELECT_KEYPAIR))
+    if (!ml_dsa_has(key, OSSL_KEYMGMT_SELECT_KEYPAIR)
+            || ossl_fips_self_testing())
         return 1;
 
     /*