From 50f995ff8c31bcdd2d812df8a842a3d83e089e2c Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 20 Feb 2025 10:48:25 +1100
Subject: [PATCH] ml-dsa: avoid pairwise test when doing key generation CAST

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)
---
 providers/implementations/keymgmt/ml_dsa_kmgmt.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
index 2c80d4f2b56..24e8ceb2f5a 100644
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -14,6 +14,7 @@
 #include <openssl/proverr.h>
 #include <openssl/self_test.h>
 #include "crypto/ml_dsa.h"
+#include "internal/fips.h"
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
@@ -59,7 +60,8 @@ static int ml_dsa_pairwise_test(const ML_DSA_KEY *key)
     size_t sig_len = 0;
     int ret = 0;
 
-    if (!ml_dsa_has(key, OSSL_KEYMGMT_SELECT_KEYPAIR))
+    if (!ml_dsa_has(key, OSSL_KEYMGMT_SELECT_KEYPAIR)
+            || ossl_fips_self_testing())
         return 1;
 
     /*
-- 
2.47.2