xref: /freebsd/crypto/openssl/providers/fips/self_test_kats.c (revision 9f23cbd6cae82fd77edfad7173432fa8dccd0a95)
1 /*
2  * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <string.h>
11 #include <openssl/evp.h>
12 #include <openssl/kdf.h>
13 #include <openssl/core_names.h>
14 #include <openssl/param_build.h>
15 #include "internal/cryptlib.h"
16 #include "internal/nelem.h"
17 #include "self_test.h"
18 #include "self_test_data.inc"
19 
20 static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
21                             OSSL_LIB_CTX *libctx)
22 {
23     int ok = 0;
24     unsigned char out[EVP_MAX_MD_SIZE];
25     unsigned int out_len = 0;
26     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
27     EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
28 
29     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
30 
31     if (ctx == NULL
32             || md == NULL
33             || !EVP_DigestInit_ex(ctx, md, NULL)
34             || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
35             || !EVP_DigestFinal(ctx, out, &out_len))
36         goto err;
37 
38     /* Optional corruption */
39     OSSL_SELF_TEST_oncorrupt_byte(st, out);
40 
41     if (out_len != t->expected_len
42             || memcmp(out, t->expected, out_len) != 0)
43         goto err;
44     ok = 1;
45 err:
46     EVP_MD_free(md);
47     EVP_MD_CTX_free(ctx);
48     OSSL_SELF_TEST_onend(st, ok);
49     return ok;
50 }
51 
52 /*
53  * Helper function to setup a EVP_CipherInit
54  * Used to hide the complexity of Authenticated ciphers.
55  */
56 static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
57                        const ST_KAT_CIPHER *t, int enc)
58 {
59     unsigned char *in_tag = NULL;
60     int pad = 0, tmp;
61 
62     /* Flag required for Key wrapping */
63     EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
64     if (t->tag == NULL) {
65         /* Use a normal cipher init */
66         return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
67                && EVP_CIPHER_CTX_set_padding(ctx, pad);
68     }
69 
70     /* The authenticated cipher init */
71     if (!enc)
72         in_tag = (unsigned char *)t->tag;
73 
74     return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
75            && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)
76            && (in_tag == NULL
77                || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
78                                       in_tag) > 0)
79            && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
80            && EVP_CIPHER_CTX_set_padding(ctx, pad)
81            && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
82 }
83 
84 /* Test a single KAT for encrypt/decrypt */
85 static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
86                             OSSL_LIB_CTX *libctx)
87 {
88     int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0;
89     EVP_CIPHER_CTX *ctx = NULL;
90     EVP_CIPHER *cipher = NULL;
91     unsigned char ct_buf[256] = { 0 };
92     unsigned char pt_buf[256] = { 0 };
93 
94     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
95 
96     ctx = EVP_CIPHER_CTX_new();
97     if (ctx == NULL)
98         goto err;
99     cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, NULL);
100     if (cipher == NULL)
101         goto err;
102 
103     /* Encrypt plain text message */
104     if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {
105         if (!cipher_init(ctx, cipher, t, encrypt)
106                 || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,
107                                      t->base.pt_len)
108                 || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
109             goto err;
110 
111         OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);
112         ct_len += len;
113         if (ct_len != (int)t->base.expected_len
114             || memcmp(t->base.expected, ct_buf, ct_len) != 0)
115             goto err;
116 
117         if (t->tag != NULL) {
118             unsigned char tag[16] = { 0 };
119 
120             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,
121                                      tag) <= 0
122                 || memcmp(tag, t->tag, t->tag_len) != 0)
123                 goto err;
124         }
125     }
126 
127     /* Decrypt cipher text */
128     if ((t->mode & CIPHER_MODE_DECRYPT) != 0) {
129         if (!(cipher_init(ctx, cipher, t, !encrypt)
130               && EVP_CipherUpdate(ctx, pt_buf, &len,
131                                   t->base.expected, t->base.expected_len)
132               && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
133             goto err;
134         OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf);
135         pt_len += len;
136         if (pt_len != (int)t->base.pt_len
137                 || memcmp(pt_buf, t->base.pt, pt_len) != 0)
138             goto err;
139     }
140 
141     ret = 1;
142 err:
143     EVP_CIPHER_free(cipher);
144     EVP_CIPHER_CTX_free(ctx);
145     OSSL_SELF_TEST_onend(st, ret);
146     return ret;
147 }
148 
149 static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
150                       BN_CTX *ctx)
151 {
152     int ret = 0;
153     const ST_KAT_PARAM *p;
154 
155     if (params == NULL)
156         return 1;
157     for (p = params; p->data != NULL; ++p)
158     {
159         switch (p->type) {
160         case OSSL_PARAM_UNSIGNED_INTEGER: {
161             BIGNUM *bn = BN_CTX_get(ctx);
162 
163             if (bn == NULL
164                 || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
165                 || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
166                 goto err;
167             break;
168         }
169         case OSSL_PARAM_UTF8_STRING: {
170             if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
171                                                  p->data_len))
172                 goto err;
173             break;
174         }
175         case OSSL_PARAM_OCTET_STRING: {
176             if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
177                                                   p->data_len))
178                 goto err;
179             break;
180         }
181         case OSSL_PARAM_INTEGER: {
182             if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))
183                 goto err;
184             break;
185         }
186         default:
187             break;
188         }
189     }
190     ret = 1;
191 err:
192     return ret;
193 }
194 
195 static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
196                          OSSL_LIB_CTX *libctx)
197 {
198     int ret = 0;
199     unsigned char out[128];
200     EVP_KDF *kdf = NULL;
201     EVP_KDF_CTX *ctx = NULL;
202     BN_CTX *bnctx = NULL;
203     OSSL_PARAM *params  = NULL;
204     OSSL_PARAM_BLD *bld = NULL;
205 
206     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
207 
208     bld = OSSL_PARAM_BLD_new();
209     if (bld == NULL)
210         goto err;
211 
212     kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
213     if (kdf == NULL)
214         goto err;
215 
216     ctx = EVP_KDF_CTX_new(kdf);
217     if (ctx == NULL)
218         goto err;
219 
220     bnctx = BN_CTX_new_ex(libctx);
221     if (bnctx == NULL)
222         goto err;
223     if (!add_params(bld, t->params, bnctx))
224         goto err;
225     params = OSSL_PARAM_BLD_to_param(bld);
226     if (params == NULL)
227         goto err;
228 
229     if (t->expected_len > sizeof(out))
230         goto err;
231     if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0)
232         goto err;
233 
234     OSSL_SELF_TEST_oncorrupt_byte(st, out);
235 
236     if (memcmp(out, t->expected,  t->expected_len) != 0)
237         goto err;
238 
239     ret = 1;
240 err:
241     EVP_KDF_free(kdf);
242     EVP_KDF_CTX_free(ctx);
243     BN_CTX_free(bnctx);
244     OSSL_PARAM_free(params);
245     OSSL_PARAM_BLD_free(bld);
246     OSSL_SELF_TEST_onend(st, ret);
247     return ret;
248 }
249 
250 static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st,
251                           OSSL_LIB_CTX *libctx)
252 {
253     int ret = 0;
254     unsigned char out[256];
255     EVP_RAND *rand;
256     EVP_RAND_CTX *test = NULL, *drbg = NULL;
257     unsigned int strength = 256;
258     int prediction_resistance = 1; /* Causes a reseed */
259     OSSL_PARAM drbg_params[3] = {
260         OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
261     };
262 
263     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);
264 
265     rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);
266     if (rand == NULL)
267         goto err;
268 
269     test = EVP_RAND_CTX_new(rand, NULL);
270     EVP_RAND_free(rand);
271     if (test == NULL)
272         goto err;
273 
274     drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
275                                                &strength);
276     if (!EVP_RAND_CTX_set_params(test, drbg_params))
277         goto err;
278 
279     rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);
280     if (rand == NULL)
281         goto err;
282 
283     drbg = EVP_RAND_CTX_new(rand, test);
284     EVP_RAND_free(rand);
285     if (drbg == NULL)
286         goto err;
287 
288     strength = EVP_RAND_get_strength(drbg);
289 
290     drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,
291                                                       t->param_value, 0);
292     /* This is only used by HMAC-DRBG but it is ignored by the others */
293     drbg_params[1] =
294         OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
295     if (!EVP_RAND_CTX_set_params(drbg, drbg_params))
296         goto err;
297 
298     drbg_params[0] =
299         OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
300                                           (void *)t->entropyin,
301                                           t->entropyinlen);
302     drbg_params[1] =
303         OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
304                                           (void *)t->nonce, t->noncelen);
305     if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params))
306         goto err;
307     if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen,
308                               NULL))
309         goto err;
310 
311     drbg_params[0] =
312         OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
313                                           (void *)t->entropyinpr1,
314                                           t->entropyinpr1len);
315     if (!EVP_RAND_CTX_set_params(test, drbg_params))
316         goto err;
317 
318     if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
319                            prediction_resistance,
320                            t->entropyaddin1, t->entropyaddin1len))
321         goto err;
322 
323     drbg_params[0] =
324         OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
325                                          (void *)t->entropyinpr2,
326                                          t->entropyinpr2len);
327     if (!EVP_RAND_CTX_set_params(test, drbg_params))
328         goto err;
329 
330     /*
331      * This calls ossl_prov_drbg_reseed() internally when
332      * prediction_resistance = 1
333      */
334     if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
335                            prediction_resistance,
336                            t->entropyaddin2, t->entropyaddin2len))
337         goto err;
338 
339     OSSL_SELF_TEST_oncorrupt_byte(st, out);
340 
341     if (memcmp(out, t->expected, t->expectedlen) != 0)
342         goto err;
343 
344     if (!EVP_RAND_uninstantiate(drbg))
345         goto err;
346     /*
347      * Check that the DRBG data has been zeroized after
348      * ossl_prov_drbg_uninstantiate.
349      */
350     if (!EVP_RAND_verify_zeroization(drbg))
351         goto err;
352 
353     ret = 1;
354 err:
355     EVP_RAND_CTX_free(drbg);
356     EVP_RAND_CTX_free(test);
357     OSSL_SELF_TEST_onend(st, ret);
358     return ret;
359 }
360 
361 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
362 static int self_test_ka(const ST_KAT_KAS *t,
363                         OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
364 {
365     int ret = 0;
366     EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
367     EVP_PKEY *pkey = NULL, *peerkey = NULL;
368     OSSL_PARAM *params = NULL;
369     OSSL_PARAM *params_peer = NULL;
370     unsigned char secret[256];
371     size_t secret_len = sizeof(secret);
372     OSSL_PARAM_BLD *bld = NULL;
373     BN_CTX *bnctx = NULL;
374 
375     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
376 
377     bnctx = BN_CTX_new_ex(libctx);
378     if (bnctx == NULL)
379         goto err;
380 
381     bld = OSSL_PARAM_BLD_new();
382     if (bld == NULL)
383         goto err;
384 
385     if (!add_params(bld, t->key_group, bnctx)
386         || !add_params(bld, t->key_host_data, bnctx))
387         goto err;
388     params = OSSL_PARAM_BLD_to_param(bld);
389 
390     if (!add_params(bld, t->key_group, bnctx)
391         || !add_params(bld, t->key_peer_data, bnctx))
392         goto err;
393 
394     params_peer = OSSL_PARAM_BLD_to_param(bld);
395     if (params == NULL || params_peer == NULL)
396         goto err;
397 
398     /* Create a EVP_PKEY_CTX to load the DH keys into */
399     kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
400     if (kactx == NULL)
401         goto err;
402     if (EVP_PKEY_fromdata_init(kactx) <= 0
403         || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
404         goto err;
405     if (EVP_PKEY_fromdata_init(kactx) <= 0
406         || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)
407         goto err;
408 
409     /* Create a EVP_PKEY_CTX to perform key derivation */
410     dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
411     if (dctx == NULL)
412         goto err;
413 
414     if (EVP_PKEY_derive_init(dctx) <= 0
415         || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
416         || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
417         goto err;
418 
419     OSSL_SELF_TEST_oncorrupt_byte(st, secret);
420 
421     if (secret_len != t->expected_len
422         || memcmp(secret, t->expected, t->expected_len) != 0)
423         goto err;
424     ret = 1;
425 err:
426     BN_CTX_free(bnctx);
427     EVP_PKEY_free(pkey);
428     EVP_PKEY_free(peerkey);
429     EVP_PKEY_CTX_free(kactx);
430     EVP_PKEY_CTX_free(dctx);
431     OSSL_PARAM_free(params_peer);
432     OSSL_PARAM_free(params);
433     OSSL_PARAM_BLD_free(bld);
434     OSSL_SELF_TEST_onend(st, ret);
435     return ret;
436 }
437 #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
438 
439 static int self_test_sign(const ST_KAT_SIGN *t,
440                          OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
441 {
442     int ret = 0;
443     OSSL_PARAM *params = NULL, *params_sig = NULL;
444     OSSL_PARAM_BLD *bld = NULL;
445     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
446     EVP_PKEY *pkey = NULL;
447     unsigned char sig[256];
448     BN_CTX *bnctx = NULL;
449     size_t siglen = sizeof(sig);
450     static const unsigned char dgst[] = {
451         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
452         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
453         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
454     };
455     const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;
456 
457     if (t->sig_expected == NULL)
458         typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;
459 
460     OSSL_SELF_TEST_onbegin(st, typ, t->desc);
461 
462     bnctx = BN_CTX_new_ex(libctx);
463     if (bnctx == NULL)
464         goto err;
465 
466     bld = OSSL_PARAM_BLD_new();
467     if (bld == NULL)
468         goto err;
469 
470     if (!add_params(bld, t->key, bnctx))
471         goto err;
472     params = OSSL_PARAM_BLD_to_param(bld);
473 
474     /* Create a EVP_PKEY_CTX to load the DSA key into */
475     kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
476     if (kctx == NULL || params == NULL)
477         goto err;
478     if (EVP_PKEY_fromdata_init(kctx) <= 0
479         || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
480         goto err;
481 
482     /* Create a EVP_PKEY_CTX to use for the signing operation */
483     sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
484     if (sctx == NULL
485         || EVP_PKEY_sign_init(sctx) <= 0)
486         goto err;
487 
488     /* set signature parameters */
489     if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
490                                          t->mdalgorithm,
491                                          strlen(t->mdalgorithm) + 1))
492         goto err;
493     params_sig = OSSL_PARAM_BLD_to_param(bld);
494     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
495         goto err;
496 
497     if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
498         || EVP_PKEY_verify_init(sctx) <= 0
499         || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
500         goto err;
501 
502     /*
503      * Used by RSA, for other key types where the signature changes, we
504      * can only use the verify.
505      */
506     if (t->sig_expected != NULL
507         && (siglen != t->sig_expected_len
508             || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
509         goto err;
510 
511     OSSL_SELF_TEST_oncorrupt_byte(st, sig);
512     if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
513         goto err;
514     ret = 1;
515 err:
516     BN_CTX_free(bnctx);
517     EVP_PKEY_free(pkey);
518     EVP_PKEY_CTX_free(kctx);
519     EVP_PKEY_CTX_free(sctx);
520     OSSL_PARAM_free(params);
521     OSSL_PARAM_free(params_sig);
522     OSSL_PARAM_BLD_free(bld);
523     OSSL_SELF_TEST_onend(st, ret);
524     return ret;
525 }
526 
527 /*
528  * Test an encrypt or decrypt KAT..
529  *
530  * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt
531  * and decrypt..
532  */
533 static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st,
534                                  OSSL_LIB_CTX *libctx)
535 {
536     int ret = 0;
537     OSSL_PARAM *keyparams = NULL, *initparams = NULL;
538     OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL;
539     EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL;
540     EVP_PKEY *key = NULL;
541     BN_CTX *bnctx = NULL;
542     unsigned char out[256];
543     size_t outlen = sizeof(out);
544 
545     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);
546 
547     bnctx = BN_CTX_new_ex(libctx);
548     if (bnctx == NULL)
549         goto err;
550 
551     /* Load a public or private key from data */
552     keybld = OSSL_PARAM_BLD_new();
553     if (keybld == NULL
554         || !add_params(keybld, t->key, bnctx))
555         goto err;
556     keyparams = OSSL_PARAM_BLD_to_param(keybld);
557     keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);
558     if (keyctx == NULL || keyparams == NULL)
559         goto err;
560     if (EVP_PKEY_fromdata_init(keyctx) <= 0
561         || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)
562         goto err;
563 
564     /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */
565     encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
566     if (encctx == NULL
567         || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)
568         || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))
569         goto err;
570 
571     /* Add any additional parameters such as padding */
572     if (t->postinit != NULL) {
573         initbld = OSSL_PARAM_BLD_new();
574         if (initbld == NULL)
575             goto err;
576         if (!add_params(initbld, t->postinit, bnctx))
577             goto err;
578         initparams = OSSL_PARAM_BLD_to_param(initbld);
579         if (initparams == NULL)
580             goto err;
581         if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)
582             goto err;
583     }
584 
585     if (t->encrypt) {
586         if (EVP_PKEY_encrypt(encctx, out, &outlen,
587                              t->in, t->in_len) <= 0)
588             goto err;
589     } else {
590         if (EVP_PKEY_decrypt(encctx, out, &outlen,
591                              t->in, t->in_len) <= 0)
592             goto err;
593     }
594     /* Check the KAT */
595     OSSL_SELF_TEST_oncorrupt_byte(st, out);
596     if (outlen != t->expected_len
597         || memcmp(out, t->expected, t->expected_len) != 0)
598         goto err;
599 
600     ret = 1;
601 err:
602     BN_CTX_free(bnctx);
603     EVP_PKEY_free(key);
604     EVP_PKEY_CTX_free(encctx);
605     EVP_PKEY_CTX_free(keyctx);
606     OSSL_PARAM_free(keyparams);
607     OSSL_PARAM_BLD_free(keybld);
608     OSSL_PARAM_free(initparams);
609     OSSL_PARAM_BLD_free(initbld);
610     OSSL_SELF_TEST_onend(st, ret);
611     return ret;
612 }
613 
614 /*
615  * Test a data driven list of KAT's for digest algorithms.
616  * All tests are run regardless of if they fail or not.
617  * Return 0 if any test fails.
618  */
619 static int self_test_digests(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
620 {
621     int i, ret = 1;
622 
623     for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
624         if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))
625             ret = 0;
626     }
627     return ret;
628 }
629 
630 static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
631 {
632     int i, ret = 1;
633 
634     for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
635         if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))
636             ret = 0;
637     }
638     return ret;
639 }
640 
641 static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
642 {
643     int i, ret = 1;
644 
645     for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
646         if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
647             ret = 0;
648     }
649     return ret;
650 }
651 
652 static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
653 {
654     int i, ret = 1;
655 
656     for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
657         if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))
658             ret = 0;
659     }
660     return ret;
661 }
662 
663 static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
664 {
665     int i, ret = 1;
666 
667     for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {
668         if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))
669             ret = 0;
670     }
671     return ret;
672 }
673 
674 static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
675 {
676     int ret = 1;
677 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
678     int i;
679 
680     for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
681         if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
682             ret = 0;
683     }
684 #endif
685 
686     return ret;
687 }
688 
689 static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
690 {
691     int i, ret = 1;
692 
693     for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
694         if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
695             ret = 0;
696     }
697     return ret;
698 }
699 
700 /*
701  * Run the algorithm KAT's.
702  * Return 1 is successful, otherwise return 0.
703  * This runs all the tests regardless of if any fail.
704  */
705 int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
706 {
707     int ret = 1;
708 
709     if (!self_test_digests(st, libctx))
710         ret = 0;
711     if (!self_test_ciphers(st, libctx))
712         ret = 0;
713     if (!self_test_signatures(st, libctx))
714         ret = 0;
715     if (!self_test_kdfs(st, libctx))
716         ret = 0;
717     if (!self_test_drbgs(st, libctx))
718         ret = 0;
719     if (!self_test_kas(st, libctx))
720         ret = 0;
721     if (!self_test_asym_ciphers(st, libctx))
722         ret = 0;
723 
724     return ret;
725 }
726