diff options
author | Jakub Jelen <jjelen@redhat.com> | 2023-03-01 15:42:29 +0100 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-07 11:29:09 +0900 |
commit | 44a3f26539f7e88a77bbf4fe5d35ddd24f87ffcd (patch) | |
tree | 6a757bb1128a5d03f9bac4ac843c8e7685ed4c3d | |
parent | 1540698389ba2091baab6e020e5ec7b0d0eead59 (diff) | |
download | libgcrypt-44a3f26539f7e88a77bbf4fe5d35ddd24f87ffcd.tar.gz |
ecc: Do not allow skipping tests in FIPS Mode.
* cipher/ecc.c (ecc_generate): Do not allow skipping tests PCT tests
in FIPS mode.
--
Cherry-picked from master commit of:
2ddeec574bc1ae90bb4242c4ce9ad9e7975a27bd
The new FIPS specification requires to run the PCT without any
exceptions.
GnuPG-bug-id: 6394
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | cipher/ecc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cipher/ecc.c b/cipher/ecc.c index 1e80200e..797f2368 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -677,7 +677,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) log_debug ("ecgen result using Ed25519+EdDSA\n"); } - if (!(flags & PUBKEY_FLAG_NO_KEYTEST) && fips_mode ()) + if (fips_mode ()) test_keys_fips (*r_skey); leave: |