nettle: enable deterministic ECDSA/DSA during FIPS selftests

author Daiki Ueno <dueno@redhat.com>

Mon, 5 Aug 2019 13:21:55 +0000 (15:21 +0200)

committer Daiki Ueno <dueno@redhat.com>

Thu, 8 Aug 2019 11:14:56 +0000 (13:14 +0200)
author Daiki Ueno <dueno@redhat.com>
Mon, 5 Aug 2019 13:21:55 +0000 (15:21 +0200)
committer Daiki Ueno <dueno@redhat.com>
Thu, 8 Aug 2019 11:14:56 +0000 (13:14 +0200)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c

index ebd6481cf7057165085b15790976748a9968370d..1f8e7f931fba392590e59465efe55b535c403e15 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -820,7 +820,8 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
                         }
  
                         mpz_init(k);
-                       if (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE) {
+                       if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
+                           (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
                                 ret = _gnutls_ecdsa_compute_k(k,
                                                               curve_id,
                                                               pk_params->params[ECC_K],
@@ -888,7 +889,8 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
                         }
  
                         mpz_init(k);
-                       if (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE) {
+                       if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
+                           (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
                                 ret = _gnutls_dsa_compute_k(k,
                                                             pub.q,
                                                             TOMPZ(priv),
author	Daiki Ueno <dueno@redhat.com>
	Mon, 5 Aug 2019 13:21:55 +0000 (15:21 +0200)
committer	Daiki Ueno <dueno@redhat.com>
	Thu, 8 Aug 2019 11:14:56 +0000 (13:14 +0200)