nettle: run pairwise consistency test only in FIPS mode

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index b317b790d7c97e8c7cc70be3133dc870b5cb4fa3..2f8145478908fe4ac4c0d7368c131ef4c1ed7dc4 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -3613,10 +3613,12 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
        params->algo = algo;
 
 #ifdef ENABLE_FIPS140
-       ret = pct_test(algo, params);
-       if (ret < 0) {
-               gnutls_assert();
-               goto cleanup;
+       if (_gnutls_fips_mode_enabled()) {
+               ret = pct_test(algo, params);
+               if (ret < 0) {
+                       gnutls_assert();
+                       goto cleanup;
+               }
        }
 #endif