Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/fips/self_test_kats.c
107416 views
1
/*

2
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
#include <string.h>

11
#include <openssl/evp.h>

12
#include <openssl/kdf.h>

13
#include <openssl/core_names.h>

14
#include <openssl/param_build.h>

15
#include <openssl/rand.h>

16
#include "crypto/ml_dsa.h"

17
#include "crypto/rand.h"

18
#include "internal/cryptlib.h"

19
#include "internal/nelem.h"

20
#include "self_test.h"

21
#include "crypto/ml_kem.h"

22
#include "self_test_data.inc"

23


24
static int set_kat_drbg(OSSL_LIB_CTX *ctx,

25
    const unsigned char *entropy, size_t entropy_len,

26
    const unsigned char *nonce, size_t nonce_len,

27
    const unsigned char *persstr, size_t persstr_len);

28
static int reset_main_drbg(OSSL_LIB_CTX *ctx);

29


30
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,

31
    OSSL_LIB_CTX *libctx)

32
{

33
    int ok = 0;

34
    unsigned char out[EVP_MAX_MD_SIZE];

35
    unsigned int out_len = 0;

36
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();

37
    EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);

38


39
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);

40


41
    if (ctx == NULL

42
        || md == NULL

43
        || !EVP_DigestInit_ex(ctx, md, NULL)

44
        || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)

45
        || !EVP_DigestFinal(ctx, out, &out_len))

46
        goto err;

47


48
    /* Optional corruption */

49
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

50


51
    if (out_len != t->expected_len

52
        || memcmp(out, t->expected, out_len) != 0)

53
        goto err;

54
    ok = 1;

55
err:

56
    EVP_MD_free(md);

57
    EVP_MD_CTX_free(ctx);

58
    OSSL_SELF_TEST_onend(st, ok);

59
    return ok;

60
}

61


62
/*

63
 * Helper function to setup a EVP_CipherInit

64
 * Used to hide the complexity of Authenticated ciphers.

65
 */

66
static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,

67
    const ST_KAT_CIPHER *t, int enc)

68
{

69
    unsigned char *in_tag = NULL;

70
    int pad = 0, tmp;

71


72
    /* Flag required for Key wrapping */

73
    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);

74
    if (t->tag == NULL) {

75
        /* Use a normal cipher init */

76
        return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)

77
            && EVP_CIPHER_CTX_set_padding(ctx, pad);

78
    }

79


80
    /* The authenticated cipher init */

81
    if (!enc)

82
        in_tag = (unsigned char *)t->tag;

83


84
    return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)

85
        && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)

86
        && (in_tag == NULL

87
            || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,

88
                   in_tag)

89
                > 0)

90
        && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)

91
        && EVP_CIPHER_CTX_set_padding(ctx, pad)

92
        && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);

93
}

94


95
/* Test a single KAT for encrypt/decrypt */

96
static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,

97
    OSSL_LIB_CTX *libctx)

98
{

99
    int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0;

100
    EVP_CIPHER_CTX *ctx = NULL;

101
    EVP_CIPHER *cipher = NULL;

102
    unsigned char ct_buf[256] = { 0 };

103
    unsigned char pt_buf[256] = { 0 };

104


105
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);

106


107
    ctx = EVP_CIPHER_CTX_new();

108
    if (ctx == NULL)

109
        goto err;

110
    cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, NULL);

111
    if (cipher == NULL)

112
        goto err;

113


114
    /* Encrypt plain text message */

115
    if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {

116
        if (!cipher_init(ctx, cipher, t, encrypt)

117
            || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,

118
                t->base.pt_len)

119
            || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))

120
            goto err;

121


122
        OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);

123
        ct_len += len;

124
        if (ct_len != (int)t->base.expected_len

125
            || memcmp(t->base.expected, ct_buf, ct_len) != 0)

126
            goto err;

127


128
        if (t->tag != NULL) {

129
            unsigned char tag[16] = { 0 };

130


131
            if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,

132
                    tag)

133
                    <= 0

134
                || memcmp(tag, t->tag, t->tag_len) != 0)

135
                goto err;

136
        }

137
    }

138


139
    /* Decrypt cipher text */

140
    if ((t->mode & CIPHER_MODE_DECRYPT) != 0) {

141
        if (!(cipher_init(ctx, cipher, t, !encrypt)

142
                && EVP_CipherUpdate(ctx, pt_buf, &len,

143
                    t->base.expected, t->base.expected_len)

144
                && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))

145
            goto err;

146
        OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf);

147
        pt_len += len;

148
        if (pt_len != (int)t->base.pt_len

149
            || memcmp(pt_buf, t->base.pt, pt_len) != 0)

150
            goto err;

151
    }

152


153
    ret = 1;

154
err:

155
    EVP_CIPHER_free(cipher);

156
    EVP_CIPHER_CTX_free(ctx);

157
    OSSL_SELF_TEST_onend(st, ret);

158
    return ret;

159
}

160


161
static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,

162
    BN_CTX *ctx)

163
{

164
    int ret = 0;

165
    const ST_KAT_PARAM *p;

166


167
    if (params == NULL)

168
        return 1;

169
    for (p = params; p->data != NULL; ++p) {

170
        switch (p->type) {

171
        case OSSL_PARAM_UNSIGNED_INTEGER: {

172
            BIGNUM *bn = BN_CTX_get(ctx);

173


174
            if (bn == NULL

175
                || (BN_bin2bn(p->data, p->data_len, bn) == NULL)

176
                || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))

177
                goto err;

178
            break;

179
        }

180
        case OSSL_PARAM_UTF8_STRING: {

181
            if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,

182
                    p->data_len))

183
                goto err;

184
            break;

185
        }

186
        case OSSL_PARAM_OCTET_STRING: {

187
            if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,

188
                    p->data_len))

189
                goto err;

190
            break;

191
        }

192
        case OSSL_PARAM_INTEGER: {

193
            if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))

194
                goto err;

195
            break;

196
        }

197
        default:

198
            break;

199
        }

200
    }

201
    ret = 1;

202
err:

203
    return ret;

204
}

205


206
#if defined(__GNUC__) && __GNUC__ >= 4

207
#define SENTINEL __attribute__((sentinel))

208
#endif

209


210
#if !defined(SENTINEL) && defined(__clang_major__) && __clang_major__ > 14

211
#define SENTINEL __attribute__((sentinel))

212
#endif

213


214
#ifndef SENTINEL

215
#define SENTINEL

216
#endif

217


218
static SENTINEL OSSL_PARAM *kat_params_to_ossl_params(OSSL_LIB_CTX *libctx, ...)

219
{

220
    BN_CTX *bnc = NULL;

221
    OSSL_PARAM *params = NULL;

222
    OSSL_PARAM_BLD *bld = NULL;

223
    const ST_KAT_PARAM *pms;

224
    va_list ap;

225


226
    bnc = BN_CTX_new_ex(libctx);

227
    if (bnc == NULL)

228
        goto err;

229
    bld = OSSL_PARAM_BLD_new();

230
    if (bld == NULL)

231
        goto err;

232


233
    va_start(ap, libctx);

234
    while ((pms = va_arg(ap, const ST_KAT_PARAM *)) != NULL)

235
        if (!add_params(bld, pms, bnc)) {

236
            va_end(ap);

237
            goto err;

238
        }

239
    va_end(ap);

240


241
    params = OSSL_PARAM_BLD_to_param(bld);

242


243
err:

244
    OSSL_PARAM_BLD_free(bld);

245
    BN_CTX_free(bnc);

246
    return params;

247
}

248


249
static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,

250
    OSSL_LIB_CTX *libctx)

251
{

252
    int ret = 0;

253
    unsigned char out[128];

254
    EVP_KDF *kdf = NULL;

255
    EVP_KDF_CTX *ctx = NULL;

256
    OSSL_PARAM *params = NULL;

257


258
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);

259


260
    kdf = EVP_KDF_fetch(libctx, t->algorithm, "");

261
    if (kdf == NULL)

262
        goto err;

263


264
    ctx = EVP_KDF_CTX_new(kdf);

265
    if (ctx == NULL)

266
        goto err;

267


268
    params = kat_params_to_ossl_params(libctx, t->params, NULL);

269
    if (params == NULL)

270
        goto err;

271


272
    if (t->expected_len > sizeof(out))

273
        goto err;

274
    if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0)

275
        goto err;

276


277
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

278


279
    if (memcmp(out, t->expected, t->expected_len) != 0)

280
        goto err;

281


282
    ret = 1;

283
err:

284
    EVP_KDF_free(kdf);

285
    EVP_KDF_CTX_free(ctx);

286
    OSSL_PARAM_free(params);

287
    OSSL_SELF_TEST_onend(st, ret);

288
    return ret;

289
}

290


291
static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st,

292
    OSSL_LIB_CTX *libctx)

293
{

294
    int ret = 0;

295
    unsigned char out[256];

296
    EVP_RAND *rand;

297
    EVP_RAND_CTX *test = NULL, *drbg = NULL;

298
    unsigned int strength = 256;

299
    int prediction_resistance = 1; /* Causes a reseed */

300
    OSSL_PARAM drbg_params[3] = {

301
        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END

302
    };

303


304
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);

305


306
    rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);

307
    if (rand == NULL)

308
        goto err;

309


310
    test = EVP_RAND_CTX_new(rand, NULL);

311
    EVP_RAND_free(rand);

312
    if (test == NULL)

313
        goto err;

314


315
    drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,

316
        &strength);

317
    if (!EVP_RAND_CTX_set_params(test, drbg_params))

318
        goto err;

319


320
    rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);

321
    if (rand == NULL)

322
        goto err;

323


324
    drbg = EVP_RAND_CTX_new(rand, test);

325
    EVP_RAND_free(rand);

326
    if (drbg == NULL)

327
        goto err;

328


329
    strength = EVP_RAND_get_strength(drbg);

330


331
    drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,

332
        t->param_value, 0);

333
    /* This is only used by HMAC-DRBG but it is ignored by the others */

334
    drbg_params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);

335
    if (!EVP_RAND_CTX_set_params(drbg, drbg_params))

336
        goto err;

337


338
    drbg_params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

339
        (void *)t->entropyin,

340
        t->entropyinlen);

341
    drbg_params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,

342
        (void *)t->nonce, t->noncelen);

343
    if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params))

344
        goto err;

345
    if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen,

346
            NULL))

347
        goto err;

348


349
    drbg_params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

350
        (void *)t->entropyinpr1,

351
        t->entropyinpr1len);

352
    if (!EVP_RAND_CTX_set_params(test, drbg_params))

353
        goto err;

354


355
    if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,

356
            prediction_resistance,

357
            t->entropyaddin1, t->entropyaddin1len))

358
        goto err;

359


360
    drbg_params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

361
        (void *)t->entropyinpr2,

362
        t->entropyinpr2len);

363
    if (!EVP_RAND_CTX_set_params(test, drbg_params))

364
        goto err;

365


366
    /*

367
     * This calls ossl_prov_drbg_reseed() internally when

368
     * prediction_resistance = 1

369
     */

370
    if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,

371
            prediction_resistance,

372
            t->entropyaddin2, t->entropyaddin2len))

373
        goto err;

374


375
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

376


377
    if (memcmp(out, t->expected, t->expectedlen) != 0)

378
        goto err;

379


380
    if (!EVP_RAND_uninstantiate(drbg))

381
        goto err;

382
    /*

383
     * Check that the DRBG data has been zeroized after

384
     * ossl_prov_drbg_uninstantiate.

385
     */

386
    if (!EVP_RAND_verify_zeroization(drbg))

387
        goto err;

388


389
    ret = 1;

390
err:

391
    EVP_RAND_CTX_free(drbg);

392
    EVP_RAND_CTX_free(test);

393
    OSSL_SELF_TEST_onend(st, ret);

394
    return ret;

395
}

396


397
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)

398
static int self_test_ka(const ST_KAT_KAS *t,

399
    OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

400
{

401
    int ret = 0;

402
    EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;

403
    EVP_PKEY *pkey = NULL, *peerkey = NULL;

404
    OSSL_PARAM *params = NULL;

405
    OSSL_PARAM *params_peer = NULL;

406
    unsigned char secret[256];

407
    size_t secret_len = t->expected_len;

408


409
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);

410


411
    if (secret_len > sizeof(secret))

412
        goto err;

413


414
    params = kat_params_to_ossl_params(libctx, t->key_group,

415
        t->key_host_data, NULL);

416
    params_peer = kat_params_to_ossl_params(libctx, t->key_group,

417
        t->key_peer_data, NULL);

418
    if (params == NULL || params_peer == NULL)

419
        goto err;

420


421
    /* Create a EVP_PKEY_CTX to load the DH keys into */

422
    kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");

423
    if (kactx == NULL)

424
        goto err;

425
    if (EVP_PKEY_fromdata_init(kactx) <= 0

426
        || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)

427
        goto err;

428
    if (EVP_PKEY_fromdata_init(kactx) <= 0

429
        || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)

430
        goto err;

431


432
    /* Create a EVP_PKEY_CTX to perform key derivation */

433
    dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);

434
    if (dctx == NULL)

435
        goto err;

436


437
    if (EVP_PKEY_derive_init(dctx) <= 0

438
        || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0

439
        || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)

440
        goto err;

441


442
    OSSL_SELF_TEST_oncorrupt_byte(st, secret);

443


444
    if (secret_len != t->expected_len

445
        || memcmp(secret, t->expected, t->expected_len) != 0)

446
        goto err;

447
    ret = 1;

448
err:

449
    EVP_PKEY_free(pkey);

450
    EVP_PKEY_free(peerkey);

451
    EVP_PKEY_CTX_free(kactx);

452
    EVP_PKEY_CTX_free(dctx);

453
    OSSL_PARAM_free(params_peer);

454
    OSSL_PARAM_free(params);

455
    OSSL_SELF_TEST_onend(st, ret);

456
    return ret;

457
}

458
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */

459


460
static int digest_signature(const uint8_t *sig, size_t sig_len,

461
    uint8_t *out, size_t *out_len,

462
    OSSL_LIB_CTX *lib_ctx)

463
{

464
    int ret;

465
    unsigned int len = 0;

466
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();

467
    EVP_MD *md = EVP_MD_fetch(lib_ctx, "SHA256", NULL);

468


469
    ret = ctx != NULL

470
        && md != NULL

471
        && EVP_DigestInit_ex(ctx, md, NULL) == 1

472
        && EVP_DigestUpdate(ctx, sig, sig_len) == 1

473
        && EVP_DigestFinal(ctx, out, &len) == 1;

474
    EVP_MD_free(md);

475
    EVP_MD_CTX_free(ctx);

476
    *out_len = len;

477
    return ret;

478
}

479


480
static int self_test_digest_sign(const ST_KAT_SIGN *t,

481
    OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

482
{

483
    int ret = 0;

484
    OSSL_PARAM *paramskey = NULL, *paramsinit = NULL, *paramsverify = NULL;

485
    EVP_SIGNATURE *sigalg = NULL;

486
    EVP_PKEY_CTX *ctx = NULL;

487
    EVP_PKEY_CTX *fromctx = NULL;

488
    EVP_PKEY *pkey = NULL;

489
    unsigned char sig[MAX_ML_DSA_SIG_LEN], *psig = sig;

490
    size_t siglen;

491
    int digested = 0;

492
    const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;

493


494
    if (t->sig_expected_len > sizeof(sig))

495
        goto err;

496


497
    if (t->sig_expected == NULL)

498
        typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;

499


500
    OSSL_SELF_TEST_onbegin(st, typ, t->desc);

501


502
    if (t->entropy != NULL) {

503
        if (!set_kat_drbg(libctx, t->entropy, t->entropy_len,

504
                t->nonce, t->nonce_len, t->persstr, t->persstr_len))

505
            goto err;

506
    }

507


508
    paramskey = kat_params_to_ossl_params(libctx, t->key, NULL);

509
    paramsinit = kat_params_to_ossl_params(libctx, t->init, NULL);

510
    paramsverify = kat_params_to_ossl_params(libctx, t->verify, NULL);

511


512
    fromctx = EVP_PKEY_CTX_new_from_name(libctx, t->keytype, NULL);

513
    if (fromctx == NULL

514
        || paramskey == NULL

515
        || paramsinit == NULL

516
        || paramsverify == NULL)

517
        goto err;

518
    if (EVP_PKEY_fromdata_init(fromctx) <= 0

519
        || EVP_PKEY_fromdata(fromctx, &pkey, EVP_PKEY_KEYPAIR, paramskey) <= 0)

520
        goto err;

521


522
    sigalg = EVP_SIGNATURE_fetch(libctx, t->sigalgorithm, NULL);

523
    if (sigalg == NULL)

524
        goto err;

525
    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);

526
    if (ctx == NULL)

527
        goto err;

528


529
    digested = ((t->mode & SIGNATURE_MODE_DIGESTED) != 0);

530


531
    if ((t->mode & SIGNATURE_MODE_VERIFY_ONLY) != 0) {

532
        siglen = t->sig_expected_len;

533
        memcpy(psig, t->sig_expected, siglen);

534
    } else {

535
        if (digested) {

536
            if (EVP_PKEY_sign_init_ex2(ctx, sigalg, paramsinit) <= 0)

537
                goto err;

538
        } else {

539
            if (EVP_PKEY_sign_message_init(ctx, sigalg, paramsinit) <= 0)

540
                goto err;

541
        }

542
        siglen = sizeof(sig);

543
        if ((t->mode & SIGNATURE_MODE_SIG_DIGESTED) != 0) {

544
            if (EVP_PKEY_sign(ctx, NULL, &siglen, t->msg, t->msg_len) <= 0)

545
                goto err;

546
            if (siglen > sizeof(sig)) {

547
                psig = OPENSSL_malloc(siglen);

548
                if (psig == NULL)

549
                    goto err;

550
            }

551
        }

552
        if (EVP_PKEY_sign(ctx, psig, &siglen, t->msg, t->msg_len) <= 0)

553
            goto err;

554


555
        if (t->sig_expected != NULL) {

556
            if ((t->mode & SIGNATURE_MODE_SIG_DIGESTED) != 0) {

557
                uint8_t digested_sig[EVP_MAX_MD_SIZE];

558
                size_t digested_sig_len = 0;

559


560
                if (!digest_signature(psig, siglen, digested_sig,

561
                        &digested_sig_len, libctx)

562
                    || digested_sig_len != t->sig_expected_len

563
                    || memcmp(digested_sig, t->sig_expected, t->sig_expected_len) != 0)

564
                    goto err;

565
            } else {

566
                if (siglen != t->sig_expected_len

567
                    || memcmp(psig, t->sig_expected, t->sig_expected_len) != 0)

568
                    goto err;

569
            }

570
        }

571
    }

572


573
    if ((t->mode & SIGNATURE_MODE_SIGN_ONLY) == 0) {

574
        if (digested) {

575
            if (EVP_PKEY_verify_init_ex2(ctx, sigalg, paramsverify) <= 0)

576
                goto err;

577
        } else {

578
            if (EVP_PKEY_verify_message_init(ctx, sigalg, paramsverify) <= 0)

579
                goto err;

580
        }

581
        OSSL_SELF_TEST_oncorrupt_byte(st, psig);

582
        if (EVP_PKEY_verify(ctx, psig, siglen, t->msg, t->msg_len) <= 0)

583
            goto err;

584
    }

585
    ret = 1;

586
err:

587
    if (psig != sig)

588
        OPENSSL_free(psig);

589
    EVP_PKEY_free(pkey);

590
    EVP_PKEY_CTX_free(fromctx);

591
    EVP_PKEY_CTX_free(ctx);

592
    EVP_SIGNATURE_free(sigalg);

593
    OSSL_PARAM_free(paramskey);

594
    OSSL_PARAM_free(paramsinit);

595
    OSSL_PARAM_free(paramsverify);

596
    if (t->entropy != NULL) {

597
        if (!reset_main_drbg(libctx))

598
            ret = 0;

599
    }

600
    OSSL_SELF_TEST_onend(st, ret);

601
    return ret;

602
}

603


604
#if !defined(OPENSSL_NO_ML_DSA) || !defined(OPENSSL_NO_SLH_DSA)

605
/*

606
 * Test that a deterministic key generation produces the correct key

607
 */

608
static int self_test_asym_keygen(const ST_KAT_ASYM_KEYGEN *t, OSSL_SELF_TEST *st,

609
    OSSL_LIB_CTX *libctx)

610
{

611
    int ret = 0;

612
    const ST_KAT_PARAM *expected;

613
    OSSL_PARAM *key_params = NULL;

614
    EVP_PKEY_CTX *key_ctx = NULL;

615
    EVP_PKEY *key = NULL;

616
    uint8_t out[MAX_ML_DSA_PRIV_LEN];

617
    size_t out_len = 0;

618


619
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_KEYGEN, t->desc);

620


621
    key_ctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);

622
    if (key_ctx == NULL)

623
        goto err;

624
    if (t->keygen_params != NULL) {

625
        key_params = kat_params_to_ossl_params(libctx, t->keygen_params, NULL);

626
        if (key_params == NULL)

627
            goto err;

628
    }

629
    if (EVP_PKEY_keygen_init(key_ctx) != 1

630
        || EVP_PKEY_CTX_set_params(key_ctx, key_params) != 1

631
        || EVP_PKEY_generate(key_ctx, &key) != 1)

632
        goto err;

633


634
    for (expected = t->expected_params; expected->data != NULL; ++expected) {

635
        if (expected->type != OSSL_PARAM_OCTET_STRING

636
            || !EVP_PKEY_get_octet_string_param(key, expected->name,

637
                out, sizeof(out), &out_len))

638
            goto err;

639
        OSSL_SELF_TEST_oncorrupt_byte(st, out);

640
        /* Check the KAT */

641
        if (out_len != expected->data_len

642
            || memcmp(out, expected->data, expected->data_len) != 0)

643
            goto err;

644
    }

645
    ret = 1;

646
err:

647
    EVP_PKEY_free(key);

648
    EVP_PKEY_CTX_free(key_ctx);

649
    OSSL_PARAM_free(key_params);

650
    OSSL_SELF_TEST_onend(st, ret);

651
    return ret;

652
}

653
#endif /* OPENSSL_NO_ML_DSA */

654


655
#ifndef OPENSSL_NO_ML_KEM

656
/*

657
 * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM

658
 * encapsulation.

659
 */

660
static int self_test_kem_encapsulate(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,

661
    OSSL_LIB_CTX *libctx, EVP_PKEY *pkey)

662
{

663
    int ret = 0;

664
    EVP_PKEY_CTX *ctx;

665
    unsigned char *wrapped = NULL, *secret = NULL;

666
    size_t wrappedlen = t->cipher_text_len, secretlen = t->secret_len;

667
    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };

668


669
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KEM,

670
        OSSL_SELF_TEST_DESC_ENCAP_KEM);

671


672
    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "");

673
    if (ctx == NULL)

674
        goto err;

675


676
    *params = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME,

677
        (unsigned char *)t->entropy,

678
        t->entropy_len);

679
    if (EVP_PKEY_encapsulate_init(ctx, params) <= 0)

680
        goto err;

681


682
    /* Allocate output buffers */

683
    wrapped = OPENSSL_malloc(wrappedlen);

684
    secret = OPENSSL_malloc(secretlen);

685
    if (wrapped == NULL || secret == NULL)

686
        goto err;

687


688
    /* Encapsulate */

689
    if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0)

690
        goto err;

691


692
    /* Compare outputs */

693
    OSSL_SELF_TEST_oncorrupt_byte(st, wrapped);

694
    if (wrappedlen != t->cipher_text_len

695
        || memcmp(wrapped, t->cipher_text, t->cipher_text_len) != 0)

696
        goto err;

697


698
    OSSL_SELF_TEST_oncorrupt_byte(st, secret);

699
    if (secretlen != t->secret_len

700
        || memcmp(secret, t->secret, t->secret_len) != 0)

701
        goto err;

702


703
    ret = 1;

704
err:

705
    OPENSSL_free(wrapped);

706
    OPENSSL_free(secret);

707
    EVP_PKEY_CTX_free(ctx);

708
    OSSL_SELF_TEST_onend(st, ret);

709
    return ret;

710
}

711


712
/*

713
 * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM

714
 * decapsulation both for the rejection path and the normal path.

715
 */

716
static int self_test_kem_decapsulate(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,

717
    OSSL_LIB_CTX *libctx, EVP_PKEY *pkey,

718
    int reject)

719
{

720
    int ret = 0;

721
    EVP_PKEY_CTX *ctx = NULL;

722
    unsigned char *secret = NULL, *alloced = NULL;

723
    const unsigned char *test_secret = t->secret;

724
    const unsigned char *cipher_text = t->cipher_text;

725
    size_t secretlen = t->secret_len;

726


727
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KEM,

728
        reject ? OSSL_SELF_TEST_DESC_DECAP_KEM_FAIL

729
               : OSSL_SELF_TEST_DESC_DECAP_KEM);

730


731
    if (reject) {

732
        cipher_text = alloced = OPENSSL_zalloc(t->cipher_text_len);

733
        if (alloced == NULL)

734
            goto err;

735
        test_secret = t->reject_secret;

736
    }

737


738
    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "");

739
    if (ctx == NULL)

740
        goto err;

741


742
    if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0)

743
        goto err;

744


745
    /* Allocate output buffer */

746
    secret = OPENSSL_malloc(secretlen);

747
    if (secret == NULL)

748
        goto err;

749


750
    /* Decapsulate */

751
    if (EVP_PKEY_decapsulate(ctx, secret, &secretlen,

752
            cipher_text, t->cipher_text_len)

753
        <= 0)

754
        goto err;

755


756
    /* Compare output */

757
    OSSL_SELF_TEST_oncorrupt_byte(st, secret);

758
    if (secretlen != t->secret_len

759
        || memcmp(secret, test_secret, t->secret_len) != 0)

760
        goto err;

761


762
    ret = 1;

763
err:

764
    OPENSSL_free(alloced);

765
    OPENSSL_free(secret);

766
    EVP_PKEY_CTX_free(ctx);

767
    OSSL_SELF_TEST_onend(st, ret);

768
    return ret;

769
}

770


771
/*

772
 * Test encapsulation, decapsulation for KEM.

773
 *

774
 * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for:

775
 * 1   ML-KEM encapsulation

776
 * 2a  ML-KEM decapsulation non-rejection path

777
 * 2b  ML-KEM decapsulation implicit rejection path

778
 * 3   ML-KEM key generation

779
 */

780
static int self_test_kem(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,

781
    OSSL_LIB_CTX *libctx)

782
{

783
    int ret = 0;

784
    EVP_PKEY *pkey = NULL;

785
    EVP_PKEY_CTX *ctx;

786
    OSSL_PARAM *params = NULL;

787


788
    ctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);

789
    if (ctx == NULL)

790
        goto err;

791
    params = kat_params_to_ossl_params(libctx, t->key, NULL);

792
    if (params == NULL)

793
        goto err;

794


795
    if (EVP_PKEY_fromdata_init(ctx) <= 0

796
        || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)

797
        goto err;

798


799
    if (!self_test_kem_encapsulate(t, st, libctx, pkey)

800
        || !self_test_kem_decapsulate(t, st, libctx, pkey, 0)

801
        || !self_test_kem_decapsulate(t, st, libctx, pkey, 1))

802
        goto err;

803


804
    ret = 1;

805
err:

806
    EVP_PKEY_CTX_free(ctx);

807
    EVP_PKEY_free(pkey);

808
    OSSL_PARAM_free(params);

809
    return ret;

810
}

811
#endif

812


813
/*

814
 * Test an encrypt or decrypt KAT..

815
 *

816
 * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt

817
 * and decrypt..

818
 */

819
static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st,

820
    OSSL_LIB_CTX *libctx)

821
{

822
    int ret = 0;

823
    OSSL_PARAM *keyparams = NULL, *initparams = NULL;

824
    OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL;

825
    EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL;

826
    EVP_PKEY *key = NULL;

827
    BN_CTX *bnctx = NULL;

828
    unsigned char out[256];

829
    size_t outlen = sizeof(out);

830


831
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);

832


833
    bnctx = BN_CTX_new_ex(libctx);

834
    if (bnctx == NULL)

835
        goto err;

836


837
    /* Load a public or private key from data */

838
    keybld = OSSL_PARAM_BLD_new();

839
    if (keybld == NULL

840
        || !add_params(keybld, t->key, bnctx))

841
        goto err;

842
    keyparams = OSSL_PARAM_BLD_to_param(keybld);

843
    keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);

844
    if (keyctx == NULL || keyparams == NULL)

845
        goto err;

846
    if (EVP_PKEY_fromdata_init(keyctx) <= 0

847
        || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)

848
        goto err;

849


850
    /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */

851
    encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);

852
    if (encctx == NULL

853
        || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)

854
        || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))

855
        goto err;

856


857
    /* Add any additional parameters such as padding */

858
    if (t->postinit != NULL) {

859
        initbld = OSSL_PARAM_BLD_new();

860
        if (initbld == NULL)

861
            goto err;

862
        if (!add_params(initbld, t->postinit, bnctx))

863
            goto err;

864
        initparams = OSSL_PARAM_BLD_to_param(initbld);

865
        if (initparams == NULL)

866
            goto err;

867
        if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)

868
            goto err;

869
    }

870


871
    if (t->encrypt) {

872
        if (EVP_PKEY_encrypt(encctx, out, &outlen,

873
                t->in, t->in_len)

874
            <= 0)

875
            goto err;

876
    } else {

877
        if (EVP_PKEY_decrypt(encctx, out, &outlen,

878
                t->in, t->in_len)

879
            <= 0)

880
            goto err;

881
    }

882
    /* Check the KAT */

883
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

884
    if (outlen != t->expected_len

885
        || memcmp(out, t->expected, t->expected_len) != 0)

886
        goto err;

887


888
    ret = 1;

889
err:

890
    BN_CTX_free(bnctx);

891
    EVP_PKEY_free(key);

892
    EVP_PKEY_CTX_free(encctx);

893
    EVP_PKEY_CTX_free(keyctx);

894
    OSSL_PARAM_free(keyparams);

895
    OSSL_PARAM_BLD_free(keybld);

896
    OSSL_PARAM_free(initparams);

897
    OSSL_PARAM_BLD_free(initbld);

898
    OSSL_SELF_TEST_onend(st, ret);

899
    return ret;

900
}

901


902
/*

903
 * Test a data driven list of KAT's for digest algorithms.

904
 * All tests are run regardless of if they fail or not.

905
 * Return 0 if any test fails.

906
 */

907
static int self_test_digests(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

908
{

909
    int i, ret = 1;

910


911
    for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {

912
        if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))

913
            ret = 0;

914
    }

915
    return ret;

916
}

917


918
static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

919
{

920
    int i, ret = 1;

921


922
    for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {

923
        if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))

924
            ret = 0;

925
    }

926
    return ret;

927
}

928


929
static int self_test_kems(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

930
{

931
    int ret = 1;

932
#ifndef OPENSSL_NO_ML_KEM

933
    int i;

934


935
    for (i = 0; i < (int)OSSL_NELEM(st_kat_kem_tests); ++i) {

936
        if (!self_test_kem(&st_kat_kem_tests[i], st, libctx))

937
            ret = 0;

938
    }

939
#endif

940
    return ret;

941
}

942


943
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

944
{

945
    int i, ret = 1;

946


947
    for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {

948
        if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))

949
            ret = 0;

950
    }

951
    return ret;

952
}

953


954
static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

955
{

956
    int i, ret = 1;

957


958
    for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {

959
        if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))

960
            ret = 0;

961
    }

962
    return ret;

963
}

964


965
static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

966
{

967
    int i, ret = 1;

968


969
    for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {

970
        if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))

971
            ret = 0;

972
    }

973
    return ret;

974
}

975


976
static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

977
{

978
    int ret = 1;

979
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)

980
    int i;

981


982
    for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {

983
        if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))

984
            ret = 0;

985
    }

986
#endif

987


988
    return ret;

989
}

990


991
static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

992
{

993
    int i, ret = 1;

994


995
    for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {

996
        if (!self_test_digest_sign(&st_kat_sign_tests[i], st, libctx))

997
            ret = 0;

998
    }

999
    return ret;

1000
}

1001


1002
/*

1003
 * Swap the library context DRBG for KAT testing

1004
 *

1005
 * In FIPS 140-3, the asymmetric POST must be a KAT, not a PCT.  For DSA and ECDSA,

1006
 * the sign operation includes the random value 'k'.  For a KAT to work, we

1007
 * have to have control of the DRBG to make sure it is in a "test" state, where

1008
 * its output is truly deterministic.

1009
 *

1010
 */

1011


1012
/*

1013
 * Replacement "random" sources

1014
 * main_rand is used for most tests and it's set to generate mode.

1015
 * kat_rand is used for KATs where specific input is mandated.

1016
 */

1017
static EVP_RAND_CTX *kat_rand = NULL;

1018
static EVP_RAND_CTX *main_rand = NULL;

1019


1020
static int set_kat_drbg(OSSL_LIB_CTX *ctx,

1021
    const unsigned char *entropy, size_t entropy_len,

1022
    const unsigned char *nonce, size_t nonce_len,

1023
    const unsigned char *persstr, size_t persstr_len)

1024
{

1025
    EVP_RAND *rand;

1026
    unsigned int strength = 256;

1027
    EVP_RAND_CTX *parent_rand = NULL;

1028
    OSSL_PARAM drbg_params[3] = {

1029
        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END

1030
    };

1031


1032
    /* If not NULL, we didn't cleanup from last call: BAD */

1033
    if (kat_rand != NULL)

1034
        return 0;

1035


1036
    rand = EVP_RAND_fetch(ctx, "TEST-RAND", NULL);

1037
    if (rand == NULL)

1038
        return 0;

1039


1040
    parent_rand = EVP_RAND_CTX_new(rand, NULL);

1041
    EVP_RAND_free(rand);

1042
    if (parent_rand == NULL)

1043
        goto err;

1044


1045
    drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,

1046
        &strength);

1047
    if (!EVP_RAND_CTX_set_params(parent_rand, drbg_params))

1048
        goto err;

1049


1050
    rand = EVP_RAND_fetch(ctx, "HASH-DRBG", NULL);

1051
    if (rand == NULL)

1052
        goto err;

1053


1054
    kat_rand = EVP_RAND_CTX_new(rand, parent_rand);

1055
    EVP_RAND_free(rand);

1056
    if (kat_rand == NULL)

1057
        goto err;

1058


1059
    drbg_params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0);

1060
    if (!EVP_RAND_CTX_set_params(kat_rand, drbg_params))

1061
        goto err;

1062


1063
    /* Instantiate the RNGs */

1064
    drbg_params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

1065
        (void *)entropy, entropy_len);

1066
    drbg_params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,

1067
        (void *)nonce, nonce_len);

1068
    if (!EVP_RAND_instantiate(parent_rand, strength, 0, NULL, 0, drbg_params))

1069
        goto err;

1070


1071
    EVP_RAND_CTX_free(parent_rand);

1072
    parent_rand = NULL;

1073


1074
    if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, NULL))

1075
        goto err;

1076


1077
    /* When we set the new private generator this one is freed, so upref it */

1078
    if (!EVP_RAND_CTX_up_ref(main_rand))

1079
        goto err;

1080


1081
    /* Update the library context DRBG */

1082
    if (RAND_set0_private(ctx, kat_rand) > 0) {

1083
        /* Keeping a copy to verify zeroization */

1084
        if (EVP_RAND_CTX_up_ref(kat_rand))

1085
            return 1;

1086
        RAND_set0_private(ctx, main_rand);

1087
    }

1088


1089
err:

1090
    EVP_RAND_CTX_free(parent_rand);

1091
    EVP_RAND_CTX_free(kat_rand);

1092
    kat_rand = NULL;

1093
    return 0;

1094
}

1095


1096
static int reset_main_drbg(OSSL_LIB_CTX *ctx)

1097
{

1098
    int ret = 1;

1099


1100
    if (!RAND_set0_private(ctx, main_rand))

1101
        ret = 0;

1102
    if (kat_rand != NULL) {

1103
        if (!EVP_RAND_uninstantiate(kat_rand)

1104
            || !EVP_RAND_verify_zeroization(kat_rand))

1105
            ret = 0;

1106
        EVP_RAND_CTX_free(kat_rand);

1107
        kat_rand = NULL;

1108
    }

1109
    return ret;

1110
}

1111


1112
static int setup_main_random(OSSL_LIB_CTX *libctx)

1113
{

1114
    OSSL_PARAM drbg_params[3] = {

1115
        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END

1116
    };

1117
    unsigned int strength = 256, generate = 1;

1118
    EVP_RAND *rand;

1119


1120
    rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);

1121
    if (rand == NULL)

1122
        return 0;

1123


1124
    main_rand = EVP_RAND_CTX_new(rand, NULL);

1125
    EVP_RAND_free(rand);

1126
    if (main_rand == NULL)

1127
        goto err;

1128


1129
    drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_GENERATE,

1130
        &generate);

1131
    drbg_params[1] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,

1132
        &strength);

1133


1134
    if (!EVP_RAND_instantiate(main_rand, strength, 0, NULL, 0, drbg_params))

1135
        goto err;

1136
    return 1;

1137
err:

1138
    EVP_RAND_CTX_free(main_rand);

1139
    return 0;

1140
}

1141


1142
static int self_test_asym_keygens(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

1143
{

1144
#if !defined(OPENSSL_NO_ML_DSA) || !defined(OPENSSL_NO_SLH_DSA)

1145
    int i, ret = 1;

1146


1147
    for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_keygen_tests); ++i) {

1148
        if (!self_test_asym_keygen(&st_kat_asym_keygen_tests[i], st, libctx))

1149
            ret = 0;

1150
    }

1151
    return ret;

1152
#else

1153
    return 1;

1154
#endif /* OPENSSL_NO_ML_DSA */

1155
}

1156


1157
/*

1158
 * Run the algorithm KAT's.

1159
 * Return 1 is successful, otherwise return 0.

1160
 * This runs all the tests regardless of if any fail.

1161
 */

1162
int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

1163
{

1164
    EVP_RAND_CTX *saved_rand = ossl_rand_get0_private_noncreating(libctx);

1165
    int ret = 1;

1166


1167
    if (saved_rand != NULL && !EVP_RAND_CTX_up_ref(saved_rand))

1168
        return 0;

1169
    if (!setup_main_random(libctx)

1170
        || !RAND_set0_private(libctx, main_rand)) {

1171
        /* Decrement saved_rand reference counter */

1172
        EVP_RAND_CTX_free(saved_rand);

1173
        EVP_RAND_CTX_free(main_rand);

1174
        return 0;

1175
    }

1176


1177
    if (!self_test_digests(st, libctx))

1178
        ret = 0;

1179
    if (!self_test_ciphers(st, libctx))

1180
        ret = 0;

1181
    if (!self_test_signatures(st, libctx))

1182
        ret = 0;

1183
    if (!self_test_kdfs(st, libctx))

1184
        ret = 0;

1185
    if (!self_test_drbgs(st, libctx))

1186
        ret = 0;

1187
    if (!self_test_kas(st, libctx))

1188
        ret = 0;

1189
    if (!self_test_asym_keygens(st, libctx))

1190
        ret = 0;

1191
    if (!self_test_kems(st, libctx))

1192
        ret = 0;

1193
    if (!self_test_asym_ciphers(st, libctx))

1194
        ret = 0;

1195


1196
    RAND_set0_private(libctx, saved_rand);

1197
    return ret;

1198
}

1199


1200