Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/fips/self_test_kats.c
48262 views
1
/*

2
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
#include <string.h>

11
#include <openssl/evp.h>

12
#include <openssl/kdf.h>

13
#include <openssl/core_names.h>

14
#include <openssl/param_build.h>

15
#include <openssl/rand.h>

16
#include "crypto/ml_dsa.h"

17
#include "crypto/rand.h"

18
#include "internal/cryptlib.h"

19
#include "internal/nelem.h"

20
#include "self_test.h"

21
#include "crypto/ml_kem.h"

22
#include "self_test_data.inc"

23


24
static int set_kat_drbg(OSSL_LIB_CTX *ctx,

25
                        const unsigned char *entropy, size_t entropy_len,

26
                        const unsigned char *nonce, size_t nonce_len,

27
                        const unsigned char *persstr, size_t persstr_len);

28
static int reset_main_drbg(OSSL_LIB_CTX *ctx);

29


30
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,

31
                            OSSL_LIB_CTX *libctx)

32
{

33
    int ok = 0;

34
    unsigned char out[EVP_MAX_MD_SIZE];

35
    unsigned int out_len = 0;

36
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();

37
    EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);

38


39
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);

40


41
    if (ctx == NULL

42
            || md == NULL

43
            || !EVP_DigestInit_ex(ctx, md, NULL)

44
            || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)

45
            || !EVP_DigestFinal(ctx, out, &out_len))

46
        goto err;

47


48
    /* Optional corruption */

49
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

50


51
    if (out_len != t->expected_len

52
            || memcmp(out, t->expected, out_len) != 0)

53
        goto err;

54
    ok = 1;

55
err:

56
    EVP_MD_free(md);

57
    EVP_MD_CTX_free(ctx);

58
    OSSL_SELF_TEST_onend(st, ok);

59
    return ok;

60
}

61


62
/*

63
 * Helper function to setup a EVP_CipherInit

64
 * Used to hide the complexity of Authenticated ciphers.

65
 */

66
static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,

67
                       const ST_KAT_CIPHER *t, int enc)

68
{

69
    unsigned char *in_tag = NULL;

70
    int pad = 0, tmp;

71


72
    /* Flag required for Key wrapping */

73
    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);

74
    if (t->tag == NULL) {

75
        /* Use a normal cipher init */

76
        return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)

77
               && EVP_CIPHER_CTX_set_padding(ctx, pad);

78
    }

79


80
    /* The authenticated cipher init */

81
    if (!enc)

82
        in_tag = (unsigned char *)t->tag;

83


84
    return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)

85
           && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)

86
           && (in_tag == NULL

87
               || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,

88
                                      in_tag) > 0)

89
           && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)

90
           && EVP_CIPHER_CTX_set_padding(ctx, pad)

91
           && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);

92
}

93


94
/* Test a single KAT for encrypt/decrypt */

95
static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,

96
                            OSSL_LIB_CTX *libctx)

97
{

98
    int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0;

99
    EVP_CIPHER_CTX *ctx = NULL;

100
    EVP_CIPHER *cipher = NULL;

101
    unsigned char ct_buf[256] = { 0 };

102
    unsigned char pt_buf[256] = { 0 };

103


104
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);

105


106
    ctx = EVP_CIPHER_CTX_new();

107
    if (ctx == NULL)

108
        goto err;

109
    cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, NULL);

110
    if (cipher == NULL)

111
        goto err;

112


113
    /* Encrypt plain text message */

114
    if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {

115
        if (!cipher_init(ctx, cipher, t, encrypt)

116
                || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,

117
                                     t->base.pt_len)

118
                || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))

119
            goto err;

120


121
        OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);

122
        ct_len += len;

123
        if (ct_len != (int)t->base.expected_len

124
            || memcmp(t->base.expected, ct_buf, ct_len) != 0)

125
            goto err;

126


127
        if (t->tag != NULL) {

128
            unsigned char tag[16] = { 0 };

129


130
            if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,

131
                                     tag) <= 0

132
                || memcmp(tag, t->tag, t->tag_len) != 0)

133
                goto err;

134
        }

135
    }

136


137
    /* Decrypt cipher text */

138
    if ((t->mode & CIPHER_MODE_DECRYPT) != 0) {

139
        if (!(cipher_init(ctx, cipher, t, !encrypt)

140
              && EVP_CipherUpdate(ctx, pt_buf, &len,

141
                                  t->base.expected, t->base.expected_len)

142
              && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))

143
            goto err;

144
        OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf);

145
        pt_len += len;

146
        if (pt_len != (int)t->base.pt_len

147
                || memcmp(pt_buf, t->base.pt, pt_len) != 0)

148
            goto err;

149
    }

150


151
    ret = 1;

152
err:

153
    EVP_CIPHER_free(cipher);

154
    EVP_CIPHER_CTX_free(ctx);

155
    OSSL_SELF_TEST_onend(st, ret);

156
    return ret;

157
}

158


159
static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,

160
                      BN_CTX *ctx)

161
{

162
    int ret = 0;

163
    const ST_KAT_PARAM *p;

164


165
    if (params == NULL)

166
        return 1;

167
    for (p = params; p->data != NULL; ++p) {

168
        switch (p->type) {

169
        case OSSL_PARAM_UNSIGNED_INTEGER: {

170
            BIGNUM *bn = BN_CTX_get(ctx);

171


172
            if (bn == NULL

173
                || (BN_bin2bn(p->data, p->data_len, bn) == NULL)

174
                || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))

175
                goto err;

176
            break;

177
        }

178
        case OSSL_PARAM_UTF8_STRING: {

179
            if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,

180
                                                 p->data_len))

181
                goto err;

182
            break;

183
        }

184
        case OSSL_PARAM_OCTET_STRING: {

185
            if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,

186
                                                  p->data_len))

187
                goto err;

188
            break;

189
        }

190
        case OSSL_PARAM_INTEGER: {

191
            if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))

192
                goto err;

193
            break;

194
        }

195
        default:

196
            break;

197
        }

198
    }

199
    ret = 1;

200
err:

201
    return ret;

202
}

203


204
#if defined(__GNUC__) && __GNUC__ >= 4

205
# define SENTINEL __attribute__((sentinel))

206
#endif

207


208
#if !defined(SENTINEL) && defined(__clang_major__) && __clang_major__ > 14

209
# define SENTINEL __attribute__((sentinel))

210
#endif

211


212
#ifndef SENTINEL

213
# define SENTINEL

214
#endif

215


216
static SENTINEL OSSL_PARAM *kat_params_to_ossl_params(OSSL_LIB_CTX *libctx, ...)

217
{

218
    BN_CTX *bnc = NULL;

219
    OSSL_PARAM *params = NULL;

220
    OSSL_PARAM_BLD *bld = NULL;

221
    const ST_KAT_PARAM *pms;

222
    va_list ap;

223


224
    bnc = BN_CTX_new_ex(libctx);

225
    if (bnc == NULL)

226
        goto err;

227
    bld = OSSL_PARAM_BLD_new();

228
    if (bld == NULL)

229
        goto err;

230


231
    va_start(ap, libctx);

232
    while ((pms = va_arg(ap, const ST_KAT_PARAM *)) != NULL)

233
        if (!add_params(bld, pms, bnc)) {

234
            va_end(ap);

235
            goto err;

236
        }

237
    va_end(ap);

238


239
    params = OSSL_PARAM_BLD_to_param(bld);

240


241
 err:

242
    OSSL_PARAM_BLD_free(bld);

243
    BN_CTX_free(bnc);

244
    return params;

245
}

246


247
static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,

248
                         OSSL_LIB_CTX *libctx)

249
{

250
    int ret = 0;

251
    unsigned char out[128];

252
    EVP_KDF *kdf = NULL;

253
    EVP_KDF_CTX *ctx = NULL;

254
    OSSL_PARAM *params = NULL;

255


256
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);

257


258
    kdf = EVP_KDF_fetch(libctx, t->algorithm, "");

259
    if (kdf == NULL)

260
        goto err;

261


262
    ctx = EVP_KDF_CTX_new(kdf);

263
    if (ctx == NULL)

264
        goto err;

265


266
    params = kat_params_to_ossl_params(libctx, t->params, NULL);

267
    if (params == NULL)

268
        goto err;

269


270
    if (t->expected_len > sizeof(out))

271
        goto err;

272
    if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0)

273
        goto err;

274


275
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

276


277
    if (memcmp(out, t->expected,  t->expected_len) != 0)

278
        goto err;

279


280
    ret = 1;

281
err:

282
    EVP_KDF_free(kdf);

283
    EVP_KDF_CTX_free(ctx);

284
    OSSL_PARAM_free(params);

285
    OSSL_SELF_TEST_onend(st, ret);

286
    return ret;

287
}

288


289
static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st,

290
                          OSSL_LIB_CTX *libctx)

291
{

292
    int ret = 0;

293
    unsigned char out[256];

294
    EVP_RAND *rand;

295
    EVP_RAND_CTX *test = NULL, *drbg = NULL;

296
    unsigned int strength = 256;

297
    int prediction_resistance = 1; /* Causes a reseed */

298
    OSSL_PARAM drbg_params[3] = {

299
        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END

300
    };

301


302
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);

303


304
    rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);

305
    if (rand == NULL)

306
        goto err;

307


308
    test = EVP_RAND_CTX_new(rand, NULL);

309
    EVP_RAND_free(rand);

310
    if (test == NULL)

311
        goto err;

312


313
    drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,

314
                                               &strength);

315
    if (!EVP_RAND_CTX_set_params(test, drbg_params))

316
        goto err;

317


318
    rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);

319
    if (rand == NULL)

320
        goto err;

321


322
    drbg = EVP_RAND_CTX_new(rand, test);

323
    EVP_RAND_free(rand);

324
    if (drbg == NULL)

325
        goto err;

326


327
    strength = EVP_RAND_get_strength(drbg);

328


329
    drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,

330
                                                      t->param_value, 0);

331
    /* This is only used by HMAC-DRBG but it is ignored by the others */

332
    drbg_params[1] =

333
        OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);

334
    if (!EVP_RAND_CTX_set_params(drbg, drbg_params))

335
        goto err;

336


337
    drbg_params[0] =

338
        OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

339
                                          (void *)t->entropyin,

340
                                          t->entropyinlen);

341
    drbg_params[1] =

342
        OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,

343
                                          (void *)t->nonce, t->noncelen);

344
    if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params))

345
        goto err;

346
    if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen,

347
                              NULL))

348
        goto err;

349


350
    drbg_params[0] =

351
        OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

352
                                          (void *)t->entropyinpr1,

353
                                          t->entropyinpr1len);

354
    if (!EVP_RAND_CTX_set_params(test, drbg_params))

355
        goto err;

356


357
    if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,

358
                           prediction_resistance,

359
                           t->entropyaddin1, t->entropyaddin1len))

360
        goto err;

361


362
    drbg_params[0] =

363
        OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

364
                                         (void *)t->entropyinpr2,

365
                                         t->entropyinpr2len);

366
    if (!EVP_RAND_CTX_set_params(test, drbg_params))

367
        goto err;

368


369
    /*

370
     * This calls ossl_prov_drbg_reseed() internally when

371
     * prediction_resistance = 1

372
     */

373
    if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,

374
                           prediction_resistance,

375
                           t->entropyaddin2, t->entropyaddin2len))

376
        goto err;

377


378
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

379


380
    if (memcmp(out, t->expected, t->expectedlen) != 0)

381
        goto err;

382


383
    if (!EVP_RAND_uninstantiate(drbg))

384
        goto err;

385
    /*

386
     * Check that the DRBG data has been zeroized after

387
     * ossl_prov_drbg_uninstantiate.

388
     */

389
    if (!EVP_RAND_verify_zeroization(drbg))

390
        goto err;

391


392
    ret = 1;

393
err:

394
    EVP_RAND_CTX_free(drbg);

395
    EVP_RAND_CTX_free(test);

396
    OSSL_SELF_TEST_onend(st, ret);

397
    return ret;

398
}

399


400
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)

401
static int self_test_ka(const ST_KAT_KAS *t,

402
                        OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

403
{

404
    int ret = 0;

405
    EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;

406
    EVP_PKEY *pkey = NULL, *peerkey = NULL;

407
    OSSL_PARAM *params = NULL;

408
    OSSL_PARAM *params_peer = NULL;

409
    unsigned char secret[256];

410
    size_t secret_len = t->expected_len;

411


412
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);

413


414
    if (secret_len > sizeof(secret))

415
        goto err;

416


417
    params = kat_params_to_ossl_params(libctx, t->key_group,

418
                                       t->key_host_data, NULL);

419
    params_peer = kat_params_to_ossl_params(libctx, t->key_group,

420
                                            t->key_peer_data, NULL);

421
    if (params == NULL || params_peer == NULL)

422
        goto err;

423


424
    /* Create a EVP_PKEY_CTX to load the DH keys into */

425
    kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");

426
    if (kactx == NULL)

427
        goto err;

428
    if (EVP_PKEY_fromdata_init(kactx) <= 0

429
        || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)

430
        goto err;

431
    if (EVP_PKEY_fromdata_init(kactx) <= 0

432
        || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)

433
        goto err;

434


435
    /* Create a EVP_PKEY_CTX to perform key derivation */

436
    dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);

437
    if (dctx == NULL)

438
        goto err;

439


440
    if (EVP_PKEY_derive_init(dctx) <= 0

441
        || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0

442
        || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)

443
        goto err;

444


445
    OSSL_SELF_TEST_oncorrupt_byte(st, secret);

446


447
    if (secret_len != t->expected_len

448
        || memcmp(secret, t->expected, t->expected_len) != 0)

449
        goto err;

450
    ret = 1;

451
err:

452
    EVP_PKEY_free(pkey);

453
    EVP_PKEY_free(peerkey);

454
    EVP_PKEY_CTX_free(kactx);

455
    EVP_PKEY_CTX_free(dctx);

456
    OSSL_PARAM_free(params_peer);

457
    OSSL_PARAM_free(params);

458
    OSSL_SELF_TEST_onend(st, ret);

459
    return ret;

460
}

461
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */

462


463
static int digest_signature(const uint8_t *sig, size_t sig_len,

464
                            uint8_t *out, size_t *out_len,

465
                            OSSL_LIB_CTX *lib_ctx)

466
{

467
    int ret;

468
    unsigned int len = 0;

469
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();

470
    EVP_MD *md = EVP_MD_fetch(lib_ctx, "SHA256", NULL);

471


472
    ret = ctx != NULL

473
        && md != NULL

474
        && EVP_DigestInit_ex(ctx, md, NULL) == 1

475
        && EVP_DigestUpdate(ctx, sig, sig_len) == 1

476
        && EVP_DigestFinal(ctx, out, &len) == 1;

477
    EVP_MD_free(md);

478
    EVP_MD_CTX_free(ctx);

479
    *out_len = len;

480
    return ret;

481
}

482


483
static int self_test_digest_sign(const ST_KAT_SIGN *t,

484
                                 OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

485
{

486
    int ret = 0;

487
    OSSL_PARAM *paramskey = NULL, *paramsinit = NULL, *paramsverify = NULL;

488
    EVP_SIGNATURE *sigalg = NULL;

489
    EVP_PKEY_CTX *ctx = NULL;

490
    EVP_PKEY_CTX *fromctx = NULL;

491
    EVP_PKEY *pkey = NULL;

492
    unsigned char sig[MAX_ML_DSA_SIG_LEN], *psig = sig;

493
    size_t siglen;

494
    int digested = 0;

495
    const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;

496


497
    if (t->sig_expected_len > sizeof(sig))

498
        goto err;

499


500
    if (t->sig_expected == NULL)

501
        typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;

502


503
    OSSL_SELF_TEST_onbegin(st, typ, t->desc);

504


505
    if (t->entropy != NULL) {

506
        if (!set_kat_drbg(libctx, t->entropy, t->entropy_len,

507
                          t->nonce, t->nonce_len, t->persstr, t->persstr_len))

508
            goto err;

509
    }

510


511
    paramskey = kat_params_to_ossl_params(libctx, t->key, NULL);

512
    paramsinit = kat_params_to_ossl_params(libctx, t->init, NULL);

513
    paramsverify = kat_params_to_ossl_params(libctx, t->verify, NULL);

514


515
    fromctx = EVP_PKEY_CTX_new_from_name(libctx, t->keytype, NULL);

516
    if (fromctx == NULL

517
            || paramskey == NULL

518
            || paramsinit == NULL

519
            || paramsverify == NULL)

520
        goto err;

521
    if (EVP_PKEY_fromdata_init(fromctx) <= 0

522
            || EVP_PKEY_fromdata(fromctx, &pkey, EVP_PKEY_KEYPAIR, paramskey) <= 0)

523
        goto err;

524


525
    sigalg = EVP_SIGNATURE_fetch(libctx, t->sigalgorithm, NULL);

526
    if (sigalg == NULL)

527
        goto err;

528
    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);

529
    if (ctx == NULL)

530
        goto err;

531


532
    digested = ((t->mode & SIGNATURE_MODE_DIGESTED) != 0);

533


534
    if ((t->mode & SIGNATURE_MODE_VERIFY_ONLY) != 0) {

535
        siglen = t->sig_expected_len;

536
        memcpy(psig, t->sig_expected, siglen);

537
    } else {

538
        if (digested) {

539
            if (EVP_PKEY_sign_init_ex2(ctx, sigalg, paramsinit) <= 0)

540
                goto err;

541
        } else {

542
            if (EVP_PKEY_sign_message_init(ctx, sigalg, paramsinit) <= 0)

543
                goto err;

544
        }

545
        siglen = sizeof(sig);

546
        if ((t->mode & SIGNATURE_MODE_SIG_DIGESTED) != 0) {

547
            if (EVP_PKEY_sign(ctx, NULL, &siglen, t->msg, t->msg_len) <= 0)

548
                goto err;

549
            if (siglen > sizeof(sig)) {

550
                psig = OPENSSL_malloc(siglen);

551
                if (psig == NULL)

552
                    goto err;

553
            }

554
        }

555
        if (EVP_PKEY_sign(ctx, psig, &siglen, t->msg, t->msg_len) <= 0)

556
            goto err;

557


558
        if (t->sig_expected != NULL) {

559
            if ((t->mode & SIGNATURE_MODE_SIG_DIGESTED) != 0) {

560
                uint8_t digested_sig[EVP_MAX_MD_SIZE];

561
                size_t digested_sig_len = 0;

562


563
                if (!digest_signature(psig, siglen, digested_sig,

564
                                      &digested_sig_len, libctx)

565
                        || digested_sig_len != t->sig_expected_len

566
                        || memcmp(digested_sig, t->sig_expected, t->sig_expected_len) != 0)

567
                    goto err;

568
            } else {

569
                if (siglen != t->sig_expected_len

570
                        || memcmp(psig, t->sig_expected, t->sig_expected_len) != 0)

571
                    goto err;

572
            }

573
        }

574
    }

575


576
    if ((t->mode & SIGNATURE_MODE_SIGN_ONLY) == 0) {

577
        if (digested) {

578
            if (EVP_PKEY_verify_init_ex2(ctx, sigalg, paramsverify) <= 0)

579
                goto err;

580
        } else {

581
            if (EVP_PKEY_verify_message_init(ctx, sigalg, paramsverify) <= 0)

582
                goto err;

583
        }

584
        OSSL_SELF_TEST_oncorrupt_byte(st, psig);

585
        if (EVP_PKEY_verify(ctx, psig, siglen, t->msg, t->msg_len) <= 0)

586
            goto err;

587
    }

588
    ret = 1;

589
err:

590
    if (psig != sig)

591
        OPENSSL_free(psig);

592
    EVP_PKEY_free(pkey);

593
    EVP_PKEY_CTX_free(fromctx);

594
    EVP_PKEY_CTX_free(ctx);

595
    EVP_SIGNATURE_free(sigalg);

596
    OSSL_PARAM_free(paramskey);

597
    OSSL_PARAM_free(paramsinit);

598
    OSSL_PARAM_free(paramsverify);

599
    if (t->entropy != NULL) {

600
        if (!reset_main_drbg(libctx))

601
            ret = 0;

602
    }

603
    OSSL_SELF_TEST_onend(st, ret);

604
    return ret;

605
}

606


607
#if !defined(OPENSSL_NO_ML_DSA) || !defined(OPENSSL_NO_SLH_DSA)

608
/*

609
 * Test that a deterministic key generation produces the correct key

610
 */

611
static int self_test_asym_keygen(const ST_KAT_ASYM_KEYGEN *t, OSSL_SELF_TEST *st,

612
                                 OSSL_LIB_CTX *libctx)

613
{

614
    int ret = 0;

615
    const ST_KAT_PARAM *expected;

616
    OSSL_PARAM *key_params = NULL;

617
    EVP_PKEY_CTX *key_ctx = NULL;

618
    EVP_PKEY *key = NULL;

619
    uint8_t out[MAX_ML_DSA_PRIV_LEN];

620
    size_t out_len = 0;

621


622
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_KEYGEN, t->desc);

623


624
    key_ctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);

625
    if (key_ctx == NULL)

626
        goto err;

627
    if (t->keygen_params != NULL) {

628
        key_params = kat_params_to_ossl_params(libctx, t->keygen_params, NULL);

629
        if (key_params == NULL)

630
            goto err;

631
    }

632
    if (EVP_PKEY_keygen_init(key_ctx) != 1

633
            || EVP_PKEY_CTX_set_params(key_ctx, key_params) != 1

634
            || EVP_PKEY_generate(key_ctx, &key) != 1)

635
        goto err;

636


637
    for (expected = t->expected_params; expected->data != NULL; ++expected) {

638
        if (expected->type != OSSL_PARAM_OCTET_STRING

639
                || !EVP_PKEY_get_octet_string_param(key, expected->name,

640
                                                    out, sizeof(out), &out_len))

641
            goto err;

642
        OSSL_SELF_TEST_oncorrupt_byte(st, out);

643
        /* Check the KAT */

644
        if (out_len != expected->data_len

645
                || memcmp(out, expected->data, expected->data_len) != 0)

646
            goto err;

647
    }

648
    ret = 1;

649
err:

650
    EVP_PKEY_free(key);

651
    EVP_PKEY_CTX_free(key_ctx);

652
    OSSL_PARAM_free(key_params);

653
    OSSL_SELF_TEST_onend(st, ret);

654
    return ret;

655
}

656
#endif /* OPENSSL_NO_ML_DSA */

657


658
#ifndef OPENSSL_NO_ML_KEM

659
/*

660
 * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM

661
 * encapsulation.

662
 */

663
static int self_test_kem_encapsulate(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,

664
                                     OSSL_LIB_CTX *libctx, EVP_PKEY *pkey)

665
{

666
    int ret = 0;

667
    EVP_PKEY_CTX *ctx;

668
    unsigned char *wrapped = NULL, *secret = NULL;

669
    size_t wrappedlen = t->cipher_text_len, secretlen = t->secret_len;

670
    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };

671


672
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KEM,

673
                           OSSL_SELF_TEST_DESC_ENCAP_KEM);

674


675
    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "");

676
    if (ctx == NULL)

677
        goto err;

678


679
    *params = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME,

680
                                                (unsigned char *)t->entropy,

681
                                                t->entropy_len);

682
    if (EVP_PKEY_encapsulate_init(ctx, params) <= 0)

683
        goto err;

684


685
    /* Allocate output buffers */

686
    wrapped = OPENSSL_malloc(wrappedlen);

687
    secret = OPENSSL_malloc(secretlen);

688
    if (wrapped == NULL || secret == NULL)

689
        goto err;

690


691
    /* Encapsulate */

692
    if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0)

693
        goto err;

694


695
    /* Compare outputs */

696
    OSSL_SELF_TEST_oncorrupt_byte(st, wrapped);

697
    if (wrappedlen != t->cipher_text_len

698
            || memcmp(wrapped, t->cipher_text, t->cipher_text_len) != 0)

699
        goto err;

700


701
    OSSL_SELF_TEST_oncorrupt_byte(st, secret);

702
    if (secretlen != t->secret_len

703
            || memcmp(secret, t->secret, t->secret_len) != 0)

704
        goto err;

705


706
    ret = 1;

707
 err:

708
    OPENSSL_free(wrapped);

709
    OPENSSL_free(secret);

710
    EVP_PKEY_CTX_free(ctx);

711
    OSSL_SELF_TEST_onend(st, ret);

712
    return ret;

713
}

714


715
/*

716
 * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM

717
 * decapsulation both for the rejection path and the normal path.

718
 */

719
static int self_test_kem_decapsulate(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,

720
                                     OSSL_LIB_CTX *libctx, EVP_PKEY *pkey,

721
                                     int reject)

722
{

723
    int ret = 0;

724
    EVP_PKEY_CTX *ctx = NULL;

725
    unsigned char *secret = NULL, *alloced = NULL;

726
    const unsigned char *test_secret = t->secret;

727
    const unsigned char *cipher_text = t->cipher_text;

728
    size_t secretlen = t->secret_len;

729


730
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KEM,

731
                           reject ? OSSL_SELF_TEST_DESC_DECAP_KEM_FAIL

732
                                  : OSSL_SELF_TEST_DESC_DECAP_KEM);

733


734
    if (reject) {

735
        cipher_text = alloced = OPENSSL_zalloc(t->cipher_text_len);

736
        if (alloced == NULL)

737
            goto err;

738
        test_secret = t->reject_secret;

739
    }

740


741
    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "");

742
    if (ctx == NULL)

743
        goto err;

744


745
    if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0)

746
        goto err;

747


748
    /* Allocate output buffer */

749
    secret = OPENSSL_malloc(secretlen);

750
    if (secret == NULL)

751
        goto err;

752


753
    /* Decapsulate */

754
    if (EVP_PKEY_decapsulate(ctx, secret, &secretlen,

755
                             cipher_text, t->cipher_text_len) <= 0)

756
        goto err;

757


758
    /* Compare output */

759
    OSSL_SELF_TEST_oncorrupt_byte(st, secret);

760
    if (secretlen != t->secret_len

761
            || memcmp(secret, test_secret, t->secret_len) != 0)

762
        goto err;

763


764
    ret = 1;

765
 err:

766
    OPENSSL_free(alloced);

767
    OPENSSL_free(secret);

768
    EVP_PKEY_CTX_free(ctx);

769
    OSSL_SELF_TEST_onend(st, ret);

770
    return ret;

771
}

772


773
/*

774
 * Test encapsulation, decapsulation for KEM.

775
 *

776
 * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for:

777
 * 1   ML-KEM encapsulation

778
 * 2a  ML-KEM decapsulation non-rejection path

779
 * 2b  ML-KEM decapsulation implicit rejection path

780
 * 3   ML-KEM key generation

781
 */

782
static int self_test_kem(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,

783
                         OSSL_LIB_CTX *libctx)

784
{

785
    int ret = 0;

786
    EVP_PKEY *pkey = NULL;

787
    EVP_PKEY_CTX *ctx;

788
    OSSL_PARAM *params = NULL;

789


790
    ctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);

791
    if (ctx == NULL)

792
        goto err;

793
    params = kat_params_to_ossl_params(libctx, t->key, NULL);

794
    if (params == NULL)

795
        goto err;

796


797
    if (EVP_PKEY_fromdata_init(ctx) <= 0

798
            || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)

799
        goto err;

800


801
    if (!self_test_kem_encapsulate(t, st, libctx, pkey)

802
            || !self_test_kem_decapsulate(t, st, libctx, pkey, 0)

803
            || !self_test_kem_decapsulate(t, st, libctx, pkey, 1))

804
        goto err;

805


806
    ret = 1;

807
err:

808
    EVP_PKEY_CTX_free(ctx);

809
    EVP_PKEY_free(pkey);

810
    OSSL_PARAM_free(params);

811
    return ret;

812
}

813
#endif

814


815
/*

816
 * Test an encrypt or decrypt KAT..

817
 *

818
 * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt

819
 * and decrypt..

820
 */

821
static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st,

822
                                 OSSL_LIB_CTX *libctx)

823
{

824
    int ret = 0;

825
    OSSL_PARAM *keyparams = NULL, *initparams = NULL;

826
    OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL;

827
    EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL;

828
    EVP_PKEY *key = NULL;

829
    BN_CTX *bnctx = NULL;

830
    unsigned char out[256];

831
    size_t outlen = sizeof(out);

832


833
    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);

834


835
    bnctx = BN_CTX_new_ex(libctx);

836
    if (bnctx == NULL)

837
        goto err;

838


839
    /* Load a public or private key from data */

840
    keybld = OSSL_PARAM_BLD_new();

841
    if (keybld == NULL

842
        || !add_params(keybld, t->key, bnctx))

843
        goto err;

844
    keyparams = OSSL_PARAM_BLD_to_param(keybld);

845
    keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);

846
    if (keyctx == NULL || keyparams == NULL)

847
        goto err;

848
    if (EVP_PKEY_fromdata_init(keyctx) <= 0

849
        || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)

850
        goto err;

851


852
    /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */

853
    encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);

854
    if (encctx == NULL

855
        || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)

856
        || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))

857
        goto err;

858


859
    /* Add any additional parameters such as padding */

860
    if (t->postinit != NULL) {

861
        initbld = OSSL_PARAM_BLD_new();

862
        if (initbld == NULL)

863
            goto err;

864
        if (!add_params(initbld, t->postinit, bnctx))

865
            goto err;

866
        initparams = OSSL_PARAM_BLD_to_param(initbld);

867
        if (initparams == NULL)

868
            goto err;

869
        if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)

870
            goto err;

871
    }

872


873
    if (t->encrypt) {

874
        if (EVP_PKEY_encrypt(encctx, out, &outlen,

875
                             t->in, t->in_len) <= 0)

876
            goto err;

877
    } else {

878
        if (EVP_PKEY_decrypt(encctx, out, &outlen,

879
                             t->in, t->in_len) <= 0)

880
            goto err;

881
    }

882
    /* Check the KAT */

883
    OSSL_SELF_TEST_oncorrupt_byte(st, out);

884
    if (outlen != t->expected_len

885
        || memcmp(out, t->expected, t->expected_len) != 0)

886
        goto err;

887


888
    ret = 1;

889
err:

890
    BN_CTX_free(bnctx);

891
    EVP_PKEY_free(key);

892
    EVP_PKEY_CTX_free(encctx);

893
    EVP_PKEY_CTX_free(keyctx);

894
    OSSL_PARAM_free(keyparams);

895
    OSSL_PARAM_BLD_free(keybld);

896
    OSSL_PARAM_free(initparams);

897
    OSSL_PARAM_BLD_free(initbld);

898
    OSSL_SELF_TEST_onend(st, ret);

899
    return ret;

900
}

901


902
/*

903
 * Test a data driven list of KAT's for digest algorithms.

904
 * All tests are run regardless of if they fail or not.

905
 * Return 0 if any test fails.

906
 */

907
static int self_test_digests(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

908
{

909
    int i, ret = 1;

910


911
    for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {

912
        if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))

913
            ret = 0;

914
    }

915
    return ret;

916
}

917


918
static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

919
{

920
    int i, ret = 1;

921


922
    for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {

923
        if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))

924
            ret = 0;

925
    }

926
    return ret;

927
}

928


929
static int self_test_kems(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

930
{

931
    int ret = 1;

932
#ifndef OPENSSL_NO_ML_KEM

933
    int i;

934


935
    for (i = 0; i < (int)OSSL_NELEM(st_kat_kem_tests); ++i) {

936
        if (!self_test_kem(&st_kat_kem_tests[i], st, libctx))

937
            ret = 0;

938
    }

939
#endif

940
    return ret;

941
}

942


943
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

944
{

945
    int i, ret = 1;

946


947
    for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {

948
        if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))

949
            ret = 0;

950
    }

951
    return ret;

952
}

953


954
static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

955
{

956
    int i, ret = 1;

957


958
    for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {

959
        if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))

960
            ret = 0;

961
    }

962
    return ret;

963
}

964


965
static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

966
{

967
    int i, ret = 1;

968


969
    for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {

970
        if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))

971
            ret = 0;

972
    }

973
    return ret;

974
}

975


976
static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

977
{

978
    int ret = 1;

979
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)

980
    int i;

981


982
    for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {

983
        if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))

984
            ret = 0;

985
    }

986
#endif

987


988
    return ret;

989
}

990


991
static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

992
{

993
    int i, ret = 1;

994


995
    for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {

996
        if (!self_test_digest_sign(&st_kat_sign_tests[i], st, libctx))

997
            ret = 0;

998
    }

999
    return ret;

1000
}

1001


1002
/*

1003
 * Swap the library context DRBG for KAT testing

1004
 *

1005
 * In FIPS 140-3, the asymmetric POST must be a KAT, not a PCT.  For DSA and ECDSA,

1006
 * the sign operation includes the random value 'k'.  For a KAT to work, we

1007
 * have to have control of the DRBG to make sure it is in a "test" state, where

1008
 * its output is truly deterministic.

1009
 *

1010
 */

1011


1012
/*

1013
 * Replacement "random" sources

1014
 * main_rand is used for most tests and it's set to generate mode.

1015
 * kat_rand is used for KATs where specific input is mandated.

1016
 */

1017
static EVP_RAND_CTX *kat_rand = NULL;

1018
static EVP_RAND_CTX *main_rand = NULL;

1019


1020
static int set_kat_drbg(OSSL_LIB_CTX *ctx,

1021
                        const unsigned char *entropy, size_t entropy_len,

1022
                        const unsigned char *nonce, size_t nonce_len,

1023
                        const unsigned char *persstr, size_t persstr_len) {

1024
    EVP_RAND *rand;

1025
    unsigned int strength = 256;

1026
    EVP_RAND_CTX *parent_rand = NULL;

1027
    OSSL_PARAM drbg_params[3] = {

1028
        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END

1029
    };

1030


1031
    /* If not NULL, we didn't cleanup from last call: BAD */

1032
    if (kat_rand != NULL)

1033
        return 0;

1034


1035
    rand = EVP_RAND_fetch(ctx, "TEST-RAND", NULL);

1036
    if (rand == NULL)

1037
        return 0;

1038


1039
    parent_rand = EVP_RAND_CTX_new(rand, NULL);

1040
    EVP_RAND_free(rand);

1041
    if (parent_rand == NULL)

1042
        goto err;

1043


1044
    drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,

1045
                                               &strength);

1046
    if (!EVP_RAND_CTX_set_params(parent_rand, drbg_params))

1047
        goto err;

1048


1049
    rand = EVP_RAND_fetch(ctx, "HASH-DRBG", NULL);

1050
    if (rand == NULL)

1051
        goto err;

1052


1053
    kat_rand = EVP_RAND_CTX_new(rand, parent_rand);

1054
    EVP_RAND_free(rand);

1055
    if (kat_rand == NULL)

1056
        goto err;

1057


1058
    drbg_params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0);

1059
    if (!EVP_RAND_CTX_set_params(kat_rand, drbg_params))

1060
        goto err;

1061


1062
    /* Instantiate the RNGs */

1063
    drbg_params[0] =

1064
        OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,

1065
                                          (void *)entropy, entropy_len);

1066
    drbg_params[1] =

1067
        OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,

1068
                                          (void *)nonce, nonce_len);

1069
    if (!EVP_RAND_instantiate(parent_rand, strength, 0, NULL, 0, drbg_params))

1070
        goto err;

1071


1072
    EVP_RAND_CTX_free(parent_rand);

1073
    parent_rand = NULL;

1074


1075
    if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, NULL))

1076
        goto err;

1077


1078
    /* When we set the new private generator this one is freed, so upref it */

1079
    if (!EVP_RAND_CTX_up_ref(main_rand))

1080
        goto err;

1081


1082
    /* Update the library context DRBG */

1083
    if (RAND_set0_private(ctx, kat_rand) > 0) {

1084
        /* Keeping a copy to verify zeroization */

1085
        if (EVP_RAND_CTX_up_ref(kat_rand))

1086
            return 1;

1087
        RAND_set0_private(ctx, main_rand);

1088
    }

1089


1090
 err:

1091
    EVP_RAND_CTX_free(parent_rand);

1092
    EVP_RAND_CTX_free(kat_rand);

1093
    kat_rand = NULL;

1094
    return 0;

1095
}

1096


1097
static int reset_main_drbg(OSSL_LIB_CTX *ctx) {

1098
    int ret = 1;

1099


1100
    if (!RAND_set0_private(ctx, main_rand))

1101
        ret = 0;

1102
    if (kat_rand != NULL) {

1103
        if (!EVP_RAND_uninstantiate(kat_rand)

1104
                || !EVP_RAND_verify_zeroization(kat_rand))

1105
            ret = 0;

1106
        EVP_RAND_CTX_free(kat_rand);

1107
        kat_rand = NULL;

1108
    }

1109
    return ret;

1110
}

1111


1112
static int setup_main_random(OSSL_LIB_CTX *libctx)

1113
{

1114
    OSSL_PARAM drbg_params[3] = {

1115
        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END

1116
    };

1117
    unsigned int strength = 256, generate = 1;

1118
    EVP_RAND *rand;

1119


1120
    rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);

1121
    if (rand == NULL)

1122
        return 0;

1123


1124
    main_rand = EVP_RAND_CTX_new(rand, NULL);

1125
    EVP_RAND_free(rand);

1126
    if (main_rand == NULL)

1127
        goto err;

1128


1129
    drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_GENERATE,

1130
                                               &generate);

1131
    drbg_params[1] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,

1132
                                               &strength);

1133


1134
    if (!EVP_RAND_instantiate(main_rand, strength, 0, NULL, 0, drbg_params))

1135
        goto err;

1136
    return 1;

1137
 err:

1138
    EVP_RAND_CTX_free(main_rand);

1139
    return 0;

1140
}

1141


1142
static int self_test_asym_keygens(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

1143
{

1144
#if !defined(OPENSSL_NO_ML_DSA) || !defined(OPENSSL_NO_SLH_DSA)

1145
    int i, ret = 1;

1146


1147
    for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_keygen_tests); ++i) {

1148
        if (!self_test_asym_keygen(&st_kat_asym_keygen_tests[i], st, libctx))

1149
            ret = 0;

1150
    }

1151
    return ret;

1152
#else

1153
    return 1;

1154
#endif /* OPENSSL_NO_ML_DSA */

1155
}

1156


1157
/*

1158
 * Run the algorithm KAT's.

1159
 * Return 1 is successful, otherwise return 0.

1160
 * This runs all the tests regardless of if any fail.

1161
 */

1162
int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)

1163
{

1164
    EVP_RAND_CTX *saved_rand = ossl_rand_get0_private_noncreating(libctx);

1165
    int ret = 1;

1166


1167
    if (saved_rand != NULL && !EVP_RAND_CTX_up_ref(saved_rand))

1168
        return 0;

1169
    if (!setup_main_random(libctx)

1170
            || !RAND_set0_private(libctx, main_rand)) {

1171
        /* Decrement saved_rand reference counter */

1172
        EVP_RAND_CTX_free(saved_rand);

1173
        EVP_RAND_CTX_free(main_rand);

1174
        return 0;

1175
    }

1176


1177
    if (!self_test_digests(st, libctx))

1178
        ret = 0;

1179
    if (!self_test_ciphers(st, libctx))

1180
        ret = 0;

1181
    if (!self_test_signatures(st, libctx))

1182
        ret = 0;

1183
    if (!self_test_kdfs(st, libctx))

1184
        ret = 0;

1185
    if (!self_test_drbgs(st, libctx))

1186
        ret = 0;

1187
    if (!self_test_kas(st, libctx))

1188
        ret = 0;

1189
    if (!self_test_asym_keygens(st, libctx))

1190
        ret = 0;

1191
    if (!self_test_kems(st, libctx))

1192
        ret = 0;

1193
    if (!self_test_asym_ciphers(st, libctx))

1194
        ret = 0;

1195


1196
    RAND_set0_private(libctx, saved_rand);

1197
    return ret;

1198
}

1199


1200


1201