From: Pauli <ppzgs1@gmail.com>
Date: Wed, 19 Feb 2025 23:48:25 +0000 (+1100)
Subject: ml-dsa: avoid pairwise test when doing key generation CAST
X-Git-Tag: openssl-3.5.0-alpha1~129
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50f995ff8c31bcdd2d812df8a842a3d83e089e2c;p=thirdparty%2Fopenssl.git

ml-dsa: avoid pairwise test when doing key generation CAST

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)
---

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
index 2c80d4f2b56..24e8ceb2f5a 100644
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -14,6 +14,7 @@
 #include <openssl/proverr.h>
 #include <openssl/self_test.h>
 #include "crypto/ml_dsa.h"
+#include "internal/fips.h"
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
@@ -59,7 +60,8 @@ static int ml_dsa_pairwise_test(const ML_DSA_KEY *key)
     size_t sig_len = 0;
     int ret = 0;
 
-    if (!ml_dsa_has(key, OSSL_KEYMGMT_SELECT_KEYPAIR))
+    if (!ml_dsa_has(key, OSSL_KEYMGMT_SELECT_KEYPAIR)
+            || ossl_fips_self_testing())
         return 1;
 
     /*