File libgcrypt-FIPS-ECC-disallow-skip-test.patch of Package libgcrypt.28151

Index: libgcrypt-1.9.4/cipher/ecc.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/ecc.c
+++ libgcrypt-1.9.4/cipher/ecc.c
@@ -137,7 +137,8 @@ _gcry_register_pk_ecc_progress (void (*c
  *
  * The @flags bits used by this function are %PUBKEY_FLAG_TRANSIENT to
  * use a faster RNG, and %PUBKEY_FLAG_NO_KEYTEST to skip the assertion
- * that the key works as expected.
+ * that the key works as expected. The %PUBKEY_FLAG_NO_KEYTEST flag
+ * check is ignored in non-FIPS mode to force testing the keys.
  *
  * FIXME: Check whether N is needed.
  */
@@ -251,7 +252,7 @@ nist_generate_key (mpi_ec_t ec, int flag
 
   point_free (&Q);
   /* Now we can test our keys (this should never fail!).  */
-  if ((flags & PUBKEY_FLAG_NO_KEYTEST))
+  if ((flags & PUBKEY_FLAG_NO_KEYTEST) && !fips_mode ())
     ; /* User requested to skip the test.  */
   else if (ec->model == MPI_EC_MONTGOMERY)
     test_ecdh_only_keys (ec, ec->nbits - 63, flags);