diff options
author | Jakub Jelen <jjelen@redhat.com> | 2023-03-01 15:42:29 +0100 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-07 10:40:39 +0900 |
commit | 2ddeec574bc1ae90bb4242c4ce9ad9e7975a27bd (patch) | |
tree | db7932dc0fbbd6805067a40b9133d872c8108cda /cipher/ecc.c | |
parent | 855f8c513d6db58cbc9d45f3e0bb2cee3ab5a189 (diff) | |
download | libgcrypt-2ddeec574bc1ae90bb4242c4ce9ad9e7975a27bd.tar.gz |
ecc: Do not allow skipping tests in FIPS Mode.
* cipher/ecc.c (ecc_generate): Do not allow skipping tests PCT tests
in FIPS mode.
--
The new FIPS specification requires to run the PCT without any
exceptions.
GnuPG-bug-id: 6394
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'cipher/ecc.c')
-rw-r--r-- | cipher/ecc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cipher/ecc.c b/cipher/ecc.c index 1e80200e..797f2368 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -677,7 +677,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) log_debug ("ecgen result using Ed25519+EdDSA\n"); } - if (!(flags & PUBKEY_FLAG_NO_KEYTEST) && fips_mode ()) + if (fips_mode ()) test_keys_fips (*r_skey); leave: |