diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a74e2fa42c..9003af6d74 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -78,7 +78,6 @@ static int evp_md_ctx_reset_ex(EVP_MD_CTX *ctx, int keep_fetched) if (ctx == NULL) return 1; -#ifndef FIPS_MODULE /* * pctx should be freed by the user of EVP_MD_CTX * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set @@ -87,7 +86,6 @@ static int evp_md_ctx_reset_ex(EVP_MD_CTX *ctx, int keep_fetched) EVP_PKEY_CTX_free(ctx->pctx); ctx->pctx = NULL; } -#endif evp_md_ctx_clear_digest(ctx, 0, keep_fetched); if (!keep_fetched) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 3a979f4bd4..90bc1ed264 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -17,12 +17,12 @@ #include "evp_local.h" #ifndef FIPS_MODULE - static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); return 0; } +#endif /* * If we get the "NULL" md then the name comes back as "UNDEF". We want to use @@ -58,8 +58,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, reinit = 0; if (e == NULL) ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); +#ifndef FIPS_MODULE else ctx->pctx = EVP_PKEY_CTX_new(pkey, e); +#endif } if (ctx->pctx == NULL) return 0; @@ -241,6 +243,11 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (ctx->fetched_digest != NULL) { ctx->digest = ctx->reqdigest = ctx->fetched_digest; } else { +#ifdef FIPS_MODULE + (void)ERR_clear_last_mark(); + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; +#else /* legacy engine support : remove the mark when this is deleted */ ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); if (ctx->digest == NULL) { @@ -248,6 +255,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } +#endif } (void)ERR_pop_to_mark(); } @@ -293,6 +301,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, EVP_KEYMGMT_free(tmp_keymgmt); tmp_keymgmt = NULL; +#ifdef FIPS_MODULE + return 0; +#else if (type == NULL && mdname != NULL) type = evp_get_digestbyname_ex(locpctx->libctx, mdname); @@ -355,7 +366,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ctx->pctx->flag_call_digest_custom = 1; ret = 1; - +#endif end: #ifndef FIPS_MODULE if (ret > 0) @@ -375,12 +386,14 @@ int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, params); } +#ifndef FIPS_MODULE int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0, NULL); } +#endif int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, @@ -391,13 +404,14 @@ int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, params); } +#ifndef FIPS_MODULE int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, NULL); } -#endif /* FIPS_MDOE */ +#endif /* FIPS_MODULE */ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) { @@ -423,6 +437,10 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) data, dsize); legacy: +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); + return 0; +#else if (pctx != NULL) { /* do_sigver_init() checked that |digest_custom| is non-NULL */ if (pctx->flag_call_digest_custom @@ -432,6 +450,7 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) } return EVP_DigestUpdate(ctx, data, dsize); +#endif } int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) @@ -458,6 +477,10 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) data, dsize); legacy: +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); + return 0; +#else if (pctx != NULL) { /* do_sigver_init() checked that |digest_custom| is non-NULL */ if (pctx->flag_call_digest_custom @@ -467,6 +490,7 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) } return EVP_DigestUpdate(ctx, data, dsize); +#endif } #ifndef FIPS_MODULE @@ -575,6 +599,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, } return 1; } +#endif int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) @@ -598,6 +623,11 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, sigret == NULL ? 0 : *siglen, tbs, tbslen); } +#ifdef FIPS_MODULE + } + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; +#else } else { /* legacy */ if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestsign != NULL) @@ -607,15 +637,17 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) return 0; return EVP_DigestSignFinal(ctx, sigret, siglen); +#endif } +#ifndef FIPS_MODULE int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) { + int vctx = 0; + unsigned int mdlen = 0; unsigned char md[EVP_MAX_MD_SIZE]; int r = 0; - unsigned int mdlen = 0; - int vctx = 0; EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx; if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { @@ -684,6 +716,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, return r; return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); } +#endif int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) @@ -705,14 +738,18 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, sigret, siglen, tbs, tbslen); } +#ifdef FIPS_MODULE + } + ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); + return 0; +#else } else { /* legacy */ if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL) return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); } - if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) return -1; return EVP_DigestVerifyFinal(ctx, sigret, siglen); +#endif } -#endif /* FIPS_MODULE */ diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index ebdb2a8e76..78b58115bc 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -160,12 +160,8 @@ for signature generation, but may be used for verification for legacy use cases. =item ED25519, see L -This is an unapproved algorithm. - =item ED448, see L -This is an unapproved algorithm. - =item ECDSA, see L =item HMAC, see L @@ -379,6 +375,8 @@ Digest tests used with the "KAT_Digest" type. =item "ECDSA" (B) +=item "EDDSA" (B) + Signature tests used with the "KAT_Signature" type. =item "ECDH" (B) diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index 17822049ac..7a204f5602 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -59,6 +59,7 @@ extern "C" { # define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA" # define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA" # define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_SIGN_EDDSA "EDDSA" # define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" # define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" # define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index f64082e895..7204fa2844 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -597,9 +597,9 @@ static const OSSL_ALGORITHM fips_signature[] = { { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, #ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_ECX - { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, + { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, - { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, # endif { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, #endif @@ -645,9 +645,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { PROV_DESCS_X25519 }, { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions, PROV_DESCS_X448 }, - { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, + { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, PROV_DESCS_ED25519 }, - { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, PROV_DESCS_ED448 }, # endif #endif diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 4abb628c86..79335070d2 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -117,6 +117,8 @@ typedef struct st_kat_sign_st { size_t persstr_len; const unsigned char *sig_expected; /* Set to NULL if this value changes */ size_t sig_expected_len; + int oneshot; + const ST_KAT_PARAM *init; } ST_KAT_SIGN; typedef struct st_kat_asym_cipher_st { @@ -176,7 +178,6 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = }, }; - /*- CIPHER TEST DATA */ /* DES3 test data */ @@ -1506,6 +1507,79 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = { ST_KAT_PARAM_END() }; # endif /* OPENSSL_NO_EC2M */ + +# ifndef OPENSSL_NO_ECX +static const unsigned char ed25519_pub[] = { + 0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3, + 0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58, + 0x08, 0x16, 0xed, 0x13, 0xba, 0x33, 0x03, 0xac, + 0x5d, 0xeb, 0x91, 0x15, 0x48, 0x90, 0x80, 0x25 +}; +static const unsigned char ed25519_priv[] = { + 0xc5, 0xaa, 0x8d, 0xf4, 0x3f, 0x9f, 0x83, 0x7b, + 0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc, 0xb7, 0xb1, + 0x66, 0xd3, 0x85, 0x35, 0x07, 0x6f, 0x09, 0x4b, + 0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7 +}; +static const ST_KAT_PARAM ed25519_key[] = { + ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed25519_pub), + ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed25519_priv), + ST_KAT_PARAM_END() +}; +static const unsigned char ed25519_expected_sig[] = { + 0x1e, 0xf4, 0xc5, 0x61, 0xdc, 0x97, 0x9f, 0xaf, + 0x55, 0x6b, 0x46, 0xa1, 0xae, 0xb0, 0x64, 0x13, + 0x1c, 0x98, 0x09, 0x96, 0x88, 0xe0, 0x9d, 0x0e, + 0x4e, 0x7d, 0xc4, 0xa5, 0xa1, 0x91, 0x09, 0xca, + 0xd9, 0x5b, 0x4f, 0x1c, 0x80, 0x82, 0x9f, 0x65, + 0xc1, 0x41, 0xa4, 0xe8, 0x02, 0x05, 0x0c, 0xa6, + 0x7e, 0xa0, 0xfa, 0x01, 0xee, 0xeb, 0xaa, 0x91, + 0x62, 0xfd, 0x0f, 0x25, 0xa0, 0x2d, 0x37, 0x09 +}; + +static const unsigned char ed448_pub[] = { + 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, + 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, + 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, + 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, + 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, + 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, + 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, + 0x80 +}; +static const unsigned char ed448_priv[] = { + 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, + 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, + 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, + 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, + 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, + 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, + 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, + 0x1b +}; +static const ST_KAT_PARAM ed448_key[] = { + ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed448_pub), + ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed448_priv), + ST_KAT_PARAM_END() +}; +static const unsigned char ed448_expected_sig[] = { + 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, + 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, + 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, + 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, + 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, + 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, + 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, + 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, + 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, + 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, + 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, + 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, + 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, + 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, + 0x3c, 0x00 +}; +# endif /* OPENSSL_NO_ECX */ #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_DSA @@ -1697,6 +1771,26 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { ITM(ecdsa_bin_expected_sig) }, # endif +# ifndef OPENSSL_NO_ECX + { + OSSL_SELF_TEST_DESC_SIGN_EDDSA, + "ED448", + NULL, + ed448_key, + NULL, 0, NULL, 0, NULL, 0, + ITM(ed448_expected_sig), + 1 + }, + { + OSSL_SELF_TEST_DESC_SIGN_EDDSA, + "ED25519", + NULL, + ed25519_key, + NULL, 0, NULL, 0, NULL, 0, + ITM(ed25519_expected_sig), + 1 + }, +# endif /* OPENSSL_NO_ECX */ #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_DSA { diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 9f2e58ff7c..f2e4df086b 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -466,6 +466,10 @@ static int self_test_sign(const ST_KAT_SIGN *t, OSSL_SELF_TEST_onbegin(st, typ, t->desc); + if (!set_kat_drbg(libctx, t->entropy, t->entropy_len, + t->nonce, t->nonce_len, t->persstr, t->persstr_len)) + goto err; + bnctx = BN_CTX_new_ex(libctx); if (bnctx == NULL) goto err; @@ -531,10 +535,95 @@ err: OSSL_PARAM_free(params); OSSL_PARAM_free(params_sig); OSSL_PARAM_BLD_free(bld); + if (!reset_main_drbg(libctx)) + ret = 0; OSSL_SELF_TEST_onend(st, ret); return ret; } +#ifndef OPENSSL_NO_ECX +static int self_test_digest_sign(const ST_KAT_SIGN *t, + OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) +{ + int ret = 0; + OSSL_PARAM *paramskey = NULL, *paramsinit = NULL; + OSSL_PARAM_BLD *bldkey = NULL, *bldinit = NULL; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *fromctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char sig[256]; + BN_CTX *bnctx = NULL; + size_t siglen = sizeof(sig); + static const unsigned char in[] = { + 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, 0x66, + 0x81, 0x1e, 0x29, 0x15 + }; + const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE; + + if (t->sig_expected == NULL) + typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE; + + OSSL_SELF_TEST_onbegin(st, typ, t->desc); + + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; + + bldkey = OSSL_PARAM_BLD_new(); + bldinit = OSSL_PARAM_BLD_new(); + if (bldkey == NULL || bldinit == NULL) + goto err; + + if (!add_params(bldkey, t->key, bnctx)) + goto err; + if (!add_params(bldinit, t->init, bnctx)) + goto err; + paramskey = OSSL_PARAM_BLD_to_param(bldkey); + paramsinit = OSSL_PARAM_BLD_to_param(bldinit); + + fromctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, ""); + if (fromctx == NULL + || paramskey == NULL + || paramsinit == NULL) + goto err; + if (EVP_PKEY_fromdata_init(fromctx) <= 0 + || EVP_PKEY_fromdata(fromctx, &pkey, EVP_PKEY_KEYPAIR, paramskey) <= 0) + goto err; + + mctx = EVP_MD_CTX_new(); + if (mctx == NULL + || EVP_DigestSignInit_ex(mctx, NULL, NULL, libctx, NULL, + pkey, paramsinit) <= 0) + goto err; + + if (EVP_DigestSign(mctx, sig, &siglen, in, sizeof(in)) <= 0) + goto err; + if (t->sig_expected != NULL + && (siglen != t->sig_expected_len + || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0)) + goto err; + + if (EVP_DigestVerifyInit_ex(mctx, NULL, NULL, libctx, NULL, + pkey, paramsinit) <= 0) + goto err; + OSSL_SELF_TEST_oncorrupt_byte(st, sig); + if (EVP_DigestVerify(mctx, sig, siglen, in, sizeof(in)) <= 0) + goto err; + ret = 1; +err: + BN_CTX_free(bnctx); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(fromctx); + EVP_MD_CTX_free(mctx); + OSSL_PARAM_free(paramskey); + OSSL_PARAM_free(paramsinit); + OSSL_PARAM_BLD_free(bldkey); + OSSL_PARAM_BLD_free(bldinit); + OSSL_SELF_TEST_onend(st, ret); + return ret; +} +#endif /* OPENSSL_NO_ECX */ + /* * Test an encrypt or decrypt KAT.. * @@ -704,13 +793,16 @@ static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) for (i = 0; ret && i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { t = st_kat_sign_tests + i; - if (!set_kat_drbg(libctx, t->entropy, t->entropy_len, - t->nonce, t->nonce_len, t->persstr, t->persstr_len)) - return 0; - if (!self_test_sign(t, st, libctx)) - ret = 0; - if (!reset_main_drbg(libctx)) - ret = 0; +#ifndef OPENSSL_NO_ECX + if (t->oneshot) { + if (!self_test_digest_sign(t, st, libctx)) + ret = 0; + } else +#endif + { + if (!self_test_sign(t, st, libctx)) + ret = 0; + } } return ret; }