Page MenuHome GnuPG

FIPS requires running PCT tests unconditionally
Closed, ResolvedPublic


The ECC key generator support the no-keytest, but this is no longer allowed by the FIPS. From ISO 19790:

  • PCT shall be executed for every generated key pair.

This means in case of FIPS we need to either ignore this flag in the ECC code or forbid use of this flag altogether.

I tend to the first option, skipping the check directly in the ECC code:

From c7bc82f56d6ebd27111ac0607f4369e2875d7553 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <>
Date: Wed, 1 Mar 2023 15:42:29 +0100
Subject: [PATCH] ecc: Do not allow skipping tests in FIPS Mode

The new FIPS specification requires to run the PCT without any

* cipher/ecc.c (ecc_generate): Do not allow skipping tests PCT tests in
  FIPS mode.

Signed-off-by: Jakub Jelen <>
 cipher/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cipher/ecc.c b/cipher/ecc.c
index 1e80200e..797f2368 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -677,7 +677,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         log_debug ("ecgen result  using Ed25519+EdDSA\n");
-  if (!(flags & PUBKEY_FLAG_NO_KEYTEST) && fips_mode ())
+  if (fips_mode ())
     test_keys_fips (*r_skey);


master, 1.10.x

Event Timeline

werner triaged this task as Normal priority.Mar 2 2023, 11:46 AM
werner added a subscriber: werner.


We discussed this further with the lab and there are more problematic flags that we need to "cut" and we can not do that always in the code as for example the RFC6979 (deterministic ECDSA signatures) are not allowed in the current version of the FIPS documents, but it is used in the selftests (which is weirdly enough allowed) so we just need to mark it unapproved. Lets discuss this further tomorrow.

gniibe added a subscriber: gniibe.

Applied to both (of 1.10 and master).

gniibe changed the task status from Open to Testing.Mar 8 2023, 1:47 AM
gniibe moved this task from Next to Ready for release on the FIPS board.