From 4f2a4150be0c8e6960a04485371cf49d9294f31d Mon Sep 17 00:00:00 2001
From: Andrew Hopkins <andhop@amazon.com>
Date: Wed, 19 Feb 2025 18:45:11 -0800
Subject: [PATCH] Finish testing callback

---
 crypto/fips_callback_test.cc              | 102 +++++++++++++---------
 crypto/fipsmodule/bcm.c                   |   6 +-
 crypto/fipsmodule/self_check/self_check.c |   4 +-
 tests/ci/run_fips_callback_tests.sh       |  17 ++--
 tests/ci/run_fips_tests.sh                |  32 ++++---
 5 files changed, 89 insertions(+), 72 deletions(-)

diff --git a/crypto/fips_callback_test.cc b/crypto/fips_callback_test.cc
index eaaf35586f..a671e83bc8 100644
--- a/crypto/fips_callback_test.cc
+++ b/crypto/fips_callback_test.cc
@@ -23,6 +23,11 @@ void AWS_LC_fips_failure_callback(const char* message) {
   SCOPED_TRACE(callback_call_count);
   SCOPED_TRACE(message);
   const std::map<std::string, std::vector<std::string>> kat_failure_messages = {
+    {"RSA_PWCT", {"RSA keygen checks failed"}},
+    {"ECDSA_PWCT", {"EC keygen checks failed"}},
+    {"EDDSA_PWCT", {"Ed25519 keygen PCT failed"}},
+    {"MLKEM_PWCT", {"ML-KEM keygen PCT failed", "ML-KEM self tests failed", "ML-KEM keygen PCT failed"}},
+    {"MLDSA_PWCT", {"ML-DSA keygen PCT failed", "ML-DSA self tests failed", "ML-DSA keygen PCT failed"}},
     {"HMAC-SHA-256", {"HMAC-SHA-256 KAT failed.\nExpected:   365f5bd5f5ebfdc76e53a5736d732013aad3bc864bb884941646889c48eea90e\nCalculated: 853c7403937d8b6239569b184eb7993fc5f751aefcea28f2c863858e2d29c50b\n", "Integrity test failed"}},
     {"AES-CBC-encrypt", {"AES-CBC-encrypt KAT failed.\nExpected:   5646c141f413d6ff6292417a26c686bd305fb657a7d2503ac55e8e9340f210d8\nCalculated: a2be9b9cf41b6e1ddb4d65278d5dd28c02e449fca4bdff92f1a9a9cec178954c\n", "Power on self test failed"}},
     {"AES-CBC-decrypt", {"AES-CBC-decrypt KAT failed.\nExpected:   51a7a01f6b796ccd4803a141dc56a6c216b5d1d3b706b2256fa6d0d20e6f19b5\nCalculated: 85d7b98cd1599f7340ec7a00db67519185d7b98cd1599f7340ec7a00db675191\n", "Power on self test failed"}},
@@ -35,22 +40,20 @@ void AWS_LC_fips_failure_callback(const char* message) {
     {"SHA-512", {"SHA-512 KAT failed.\nExpected:   293c94354e9883e5c278367ae51890bf35410164198d26ebe1f82f048efa8b2bc6b29d5d46765ac8b525a3ea5284476d6df4c971f33d894c3b208c5b75e8f87c\nCalculated: 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27\n", "Power on self test failed"}},
     {"SHA3-256", {"SHA3-256 KAT failed.\nExpected:   b87d9e4722edd3918729ded9a6d03af8256998ee088a1ae662ef4bcaff142a96\nCalculated: 61664696888a110278ff672620c85217e69aa662a83304052f1014d395f545bf\n", "Power on self test failed"}},
     {"TLS-KDF", {"TLS-KDF KAT failed.\nExpected:   e21dd6c268c757032c2cebbbb8a97de9eee6c947830abd11605dd52c47b60588\nCalculated: f6bf8fed0639cca6712ccba58f955c225fcc666ae8f55b968fd022bddd77db63\n", "Power on self test failed"}},
-    {"RSA-sign", {"RSA-sign KAT failed.\nExpected:   b7ee251166d4fd87108f7c859a1d35422b0230aa8a81f750b264c015e6bd5de1038bf4d35b4a8cf17f3fcd1fe090783adeefd269e7e559bac9de537484aa33062947d60f00cae2deab6c869db2c64fb68edebe1c26462fbb05c12b79b0824ec903b31a27d0c8522e220470501dcfd66d7aa088903a496465728851e6db8e8cbe1c50c71ac08b443d8446b0a27b37c803f0012e76c10b7b0a5e62d9934b86afa844203fcae76b8d2756f603c1d55eaa6434a4f6f20b86c1d4a4a96e588c0a09caad4bd66b3bfefefb093c76db332d622844c4d543e4862ea8a026a88ce9407cf8598407bd90e0c7cb768b410fbaedc9bf1477c5db16d1db33bc20d0ec04bff8e3\nCalculated: 24e2b547c5ce89bd2943f6cf0ae6956ac6e639ceea104b5aff8940e89b57c7f5fef175cb6db081898ee6be7e4588fd1a44af573467743617d8c64c9edb9ca1b6925bc0423535d40bd9f60d5978ef1814d9344a5e5eaf5351c1b4d88cf0ec452b7f30ee14f49b61986434249d0e8ae7d0f3d96f3f0c3103cd419966bdde766c8ff0ae674ea6f0d5e2b57dd08f42f0b735c37ec85583e46ac7fa1b9ef530aa4fd34d9122004b069b2dab228f4ee1fc7e722f552994f8922eab4ee5522638a506e2fefd7fe568dc058eb2b59937c8e40b2719a7291e3bb574d5ee1580662657331e0bc4e02371a362172d642ff5b0a641a386be74870dd98833f4c5ba489b6faef8\n", "Power on self test failed"}},
-    {"RSA-verify", {"RSA-verify KAT failed.\n", "Power on self test failed"}},
-    {"ECDSA-sign", {"ECDSA-sign signature failed.\nExpected:   6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c3a82d965b2a72ac5a607bc56ab3722c842d921c04936e9e25fd7b600e7d8dc80\nCalculated: 6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c14672fa0338e4b0376d7255bf240b99a3c40f37dc1747346de9a6aaaedb3175b\n", "ECDSA-sign KAT failed"}},
-    {"ECDSA-verify", {"ECDSA-verify KAT failed.\n", "Power on self test failed"}},
-    {"Z-computation", {"Z-computation failed.\nExpected:   04f1630088c5d5e90552acb6ec6876b8737f0f7234e6bb30322237b62a80e89e6e6f3602e721d231db9463b7d8190ec2c0a72f15491aa27c418faf9c40af2e4a0c\nCalculated: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n", "Power on self test failed"}},
+    {"RSA-sign", {"RSA-sign KAT failed.\nExpected:   b7ee251166d4fd87108f7c859a1d35422b0230aa8a81f750b264c015e6bd5de1038bf4d35b4a8cf17f3fcd1fe090783adeefd269e7e559bac9de537484aa33062947d60f00cae2deab6c869db2c64fb68edebe1c26462fbb05c12b79b0824ec903b31a27d0c8522e220470501dcfd66d7aa088903a496465728851e6db8e8cbe1c50c71ac08b443d8446b0a27b37c803f0012e76c10b7b0a5e62d9934b86afa844203fcae76b8d2756f603c1d55eaa6434a4f6f20b86c1d4a4a96e588c0a09caad4bd66b3bfefefb093c76db332d622844c4d543e4862ea8a026a88ce9407cf8598407bd90e0c7cb768b410fbaedc9bf1477c5db16d1db33bc20d0ec04bff8e3\nCalculated: 24e2b547c5ce89bd2943f6cf0ae6956ac6e639ceea104b5aff8940e89b57c7f5fef175cb6db081898ee6be7e4588fd1a44af573467743617d8c64c9edb9ca1b6925bc0423535d40bd9f60d5978ef1814d9344a5e5eaf5351c1b4d88cf0ec452b7f30ee14f49b61986434249d0e8ae7d0f3d96f3f0c3103cd419966bdde766c8ff0ae674ea6f0d5e2b57dd08f42f0b735c37ec85583e46ac7fa1b9ef530aa4fd34d9122004b069b2dab228f4ee1fc7e722f552994f8922eab4ee5522638a506e2fefd7fe568dc058eb2b59937c8e40b2719a7291e3bb574d5ee1580662657331e0bc4e02371a362172d642ff5b0a641a386be74870dd98833f4c5ba489b6faef8\n", "RSA self tests failed"}},
+    {"RSA-verify", {"RSA-verify KAT failed", "RSA self tests failed"}},
+    {"ECDSA-sign", {"ECDSA-sign signature failed.\nExpected:   6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c3a82d965b2a72ac5a607bc56ab3722c842d921c04936e9e25fd7b600e7d8dc80\nCalculated: 6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c14672fa0338e4b0376d7255bf240b99a3c40f37dc1747346de9a6aaaedb3175b\n", "ECDSA-sign KAT failed", "ECC self tests failed"}},
+    {"ECDSA-verify", {"ECDSA-verify KAT failed", "ECC self tests failed"}},
+    {"Z-computation", {"Z-computation failed.\nExpected:   04f1630088c5d5e90552acb6ec6876b8737f0f7234e6bb30322237b62a80e89e6e6f3602e721d231db9463b7d8190ec2c0a72f15491aa27c418faf9c40af2e4a0c\nCalculated: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n", "ECC self tests failed"}},
     {"FFDH", {"FFDH self tests failed", "Power on self test failed"}},
-    {"RSA_PWCT", {"RSA keygen checks failed", "Power on self test failed"}},
-    {"ECDSA_PWCT", {"EC keygen checks failed", "Power on self test failed"}},
-    {"ED25519-sign", {"ED25519-sign failed.\nExpected:   a881e8d95ddbd5d14760af4ecfce4596f72e04d7eeccb9c6a193e24dd735b13c18a534c7793145469dd16f0c5e0371a3fb85063597c0924597cb427560db2a0b\nCalculated: 8608f1c9cf5070fae1f6833c868886a1e997bd3d02d200c942286d831ed78e16ce580009d05bea51d78dd4f65fb0179373d3449c7088133fd0774854cf03bb00\n", "Power on self test failed"}},
-    {"ED25519-verify", {"ED25519-verify failed.\n", "Power on self test failed"}},
-    {"ED25519ph-sign", {"ED25519ph-sign failed.\nExpected:   0b933d3f5900e3a1e53947ce9732c7014037e9c94b71cd3afb6046aa29fea9bbd81c50541064c659d0075fb38c8b420f8148682dc9f8384355105c3970d20609\nCalculated: 55cf180696924ba9ac1275ea19da4d1584f69250c479145cdbd7068ffbfadf8d5aafb666893b365dcaf66ae20bc9e813df3b3f9d3197ead79d644fc5a17dff0d\n", "Power on self test failed"}},
-    {"ED25519ph-verify", {"ED25519ph-verify failed.\n", "Power on self test failed"}},
-    {"ML-KEM-keyGen-decaps", {"ML-KEM-keyGen-decaps failed.\nExpected:   000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: 88c12ceaa6cb91f589acb86d913c7a60f7cdabe3b7b590091d0084e29a049b436841f2473b03165ae9c6a9826d6c650d04b388eff594505b7e54709530546825a070a625b0e5fa866e6aaf40c2414246240973c7598aae7c363e4303abb7a11131b464a943996de7592ca04922ea8a4d73b443ea048c06acc4e55a8f254bf6d271fd827119ec5b5580498bfcc09eb0266f8c2b45988ae98c1e5402b7003463f20359470159c0509fa971153443ce2580c0b2443f8ac2b0810401e73052d626bf58c674ee48880c408d1f313a94b1667f897628c55a83e28634a20710d25da88b2ac90c0f5d6b0ed6e080fd2c24bb11816b5c607957781db2287966717ffa500a03025839164115ba5ea7b717344588169e8a85a9e83c516cab5ee6e63b7c736ce90628ddeca99a6bc547588681bc2223f39fbc4464b41c63d924afeba1098960bd43c12fd0080f490c8c50f4843222303c6821ad7b663d8844a1368a19549e5cfc83d14a8491205c44f5492bf609b69c526c95aa5e508ecf714b7955b61f6cab340b06200432ce3b1ecd0a075a8332046865959a25698a081df3532691348a2581d606a0e0b2cf2e8b3c9afc594e926eb0d7c702c0c3e5b54ee2c86ca20cc476aaaca3208f32a20190562c27338202071e11665f134273bdaacbc952b994ba9462671226514b446113e7ab7edb9c54c311c4da94104d262a80280e39201e755191763983c439a95aeaafa767c2cb594829e6313e386982d6621acc4bb0991a60790a2b0c5f3139aadd7045f7d849aa209bf60bc15ed82667414b70b71a7e184e164280af00bf95a9ad3de41dcf19623610cfb30687a5a082a2458870eb33d649b3fce3317e0362ee6175fb811c7fe3647ca21020673aedd23bf0470cd8735ce53a78082668e49a5132d1336a084360187fcff9227cdc0d7f205b2af2c88dc6bc9a04b41f429fa9a386f58b8f216cbf6714a619597caa5a9bf668048d7135105a9425cb46fe807a406459b067b716f5a47730974b207826716fe3f747fd74cd8c025720b1003f27b2dea695f221971cd5af81a1a795001f125c285c150ddc9959e9e0220a694556bc0a4b5aade032b2aa877c0da816ef32a84d77bbff4656e680854e6961a417082bd46f5023c47cea09bba2145d415188e13803bb5e7fc19d39819e59ca7fdc38051d969401d4c411dac00a47ab57527daa897a37759351b4b1185b1496d79aa33229bea3c0e8dbcf1d7a64730928775c74c946181bb88e0a38a165ebbdc7860b014c59894c7211bc23d39077e62944d3c48c434b737b1a64b5f9a1646a18a5195a54603ffc280bf5ea1bf3d8cb4112aa82fab89e2633665597bed30de6c8897a9613ea8c11736524a7086266523fbab887465494ebfc96fbe4466775bc0d707e624bb3de700eaac9b37c2bc12b52aa2dfb73b7006bd956c0b9324c47295e4e4c4cc47ba9b5a899694b38a64a29120684bf64c648211b18d017ce34849c4a092b24bcb8960d870422ebd954bc7264ba95a727a31926f31c12381d0d051e1e04190b949322442845f3aa6fb17940442a9c1a183b2397dcc0770cb2b4a07aaf0af52636778ac9949d2db42f3d036bc842b2f3b0b11d278ea025cc16ac8b6986a9b18b3356790dbc821d0ac7b5eae965fcf14b0e202b00ec5d707c45af52be2d9771bcc53b31f2525ab53f95a3b00242c11c494e2554438b0a4f68194019181bbdb194910307bc19afae553dd666564332c078604fbd8bc4fdc92f9201809ab495c1b535530bad2eb35753f91956b58bfbf62d1e33c861f73846334c4a2ac5576984ef1163a50454a3e4ce838898f225868189bdae5a03efd8001d2a9f557cb6cd93a46fbb1379d81645b853cb98b47ba87a66fcbc0ada76506b8dcd659042640ef616820ff20b26433399371dc4c50287349ca2763e3073865c5bc9aaa1437b86b20b25b6f088bd6a4c9483842d7c65257cc42ad7c7b26f58c8ed199b848b8c6f408d487637751888a95a449cab47b7a2ace6a82c7d46910526414ab149b11343b0ea32d969a508a81cf896b081087f4d52a2a9e077878a43e5971d74863a7bf20037b2974703140ea8160a5ba72227c15bec5df171140198896d31732a241f5b938ff233cba2dc82de91c6b493782b6163bc1282df855ee6a6a65975b33cb6a27d258bd317d04cef8eb557ba02d49471923cd60e9917966be90f56d2d53fa3bc2629740abbd16720a9a7069a64de7a26328817d74a7c2f55a2461b074bff8044445e11660b1b6b26df242b8fc02b9e8df538db17a639d7c46132\n", "Power on self test failed"}},
-    {"ML-KEM-keyGen-encaps", {"ML-KEM-keyGen-encaps failed.\nExpected:   0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: a7cc68f8d02110ca5720223b9e2a8987c8a24835a20dabcbefa430e74a85af80b9b74b74574c5e5f585459ca3610940f0b57b33344ceacccc135557b82f4968688a0168c1aa2940e5604482bf8b900a4343096446330cfee10917c0338181b7fe8d30f4816087d6299f225417f533ee40473894847bd45291367be6b1a7dee55bb21d60e3828552f4c8a6f3c54fc74cf67a614eeab002a076851879cef2218fdb3766123c2de32a269b6aa4661b69370314c004446f7258c40b2ea789f40ca023bbb1217c2c44b380c6e3194edd129d039218d9b75194a386d944acce7a9720ab026362004e95bf9229290b53613416082e82ba8a42a5ff14759f57712395706b307f7635ecee42317a48eb3b90683f3ab53d17c50f53c6cfb1c0cf59d6f2a981021428a7ac5edf13b26844d83c31d3608710e623aabb24b6c5b48baebc1b3078972589201b7a30bc09315612b067655bec403a69c89eb137c31157971098cb693ba4ae9ae40a8031cec92580bcc1b5ab3ecd1aa5f79aa2cd69249d138c8965a81c87a07eb59a4612e60658f4df028cef8af1b837e0ab0bfedb726904290d0bc41df6a67f7a4166609952439631960648e229a21f2a4d82abad3ec8135dc9bb43c703d3b33e437c9ef7bca91c3465676740125a15ad1707088b101b4273d3c4bf30181b4b2575de75ccfc13312a2a6bcebc477a9668e751629b569bfa20beca09800992c63f04b6b4a7df977a00131c2f8722e5138775235b517a709852167c1d415fdc7ad32f2aaca437e9cc6b248d9ca7c65b405e68d24e81b8688caa22b3cf5c9b147f0cc27e667a80b83ccbb4f4161a5ffd0194b1b5720e68ea0f59997f26740972d2c8124d7a6ad8327c2075a3f76b968d2aaad19c00697599e0be49fa6d65b4088b0be692dcda028095852a0d7205e4417409c0317780305a878fb582963b6953f6b8f0880b050178301d659be3a4db7e0bf2587129164178f32707d40392d85713dea82913999aa6c35aa94b3547abe40e2b0ba82b5b78319182a5a47d173176ba6fa3a4d70a8130b310743fa8aaae314381c9b7f49991f19a4ff8369638de380b5d828b7b5fcfdd91fe68efe16d4cd9eed66d65c1d2d8caf5af4a692\n", "Power on self test failed"}},
-    {"ML-KEM-encapsulate-ciphertext", {"ML-KEM-encapsulate-ciphertext failed.\nExpected:   000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: 431a4f1b2d2c6c00f1690bbe482541ef3d563774daff83207f96de7e5e4a59d5d936d9443ad422e645793e7a60a9b0a76cd672d20c69b82a5563df52d96f9a6cdfc56fbd4fd8d5a8afeb2a09d92ec854094794b4ed2db381f04c68439608aa9902a4d1689e2eb1e5f07a4a1c709262d7c2ff2f81f6eeaab2a86a41ba210eb1bf8e75febccd1a15b4d7a7b60257c89d00bd81d39fcb8d1ce3278102595dd652f7fb7d5584874f3327b174043b350ebd4d41fe08bd0e854d41cbb027c481da64dc6151b88dececcf022ddac2e22736c147e0773294231c0589967154c526b0b7cdd59568eeff5749a40cb100c60c6480897655d96e9f64d61684c0b3150646732c19409fe565540a31894703cf0179cae85bc8c1a5732649836e48e676405b9591b65ba25f9b489b9e5772aa1ed5a00143cb9f5449fd013457a3c13874cb58c75b52c9b6a9ae495ccb504a89cb5f145695b921632fb85b0316b30d4ad17fef0862d6b1e6ca6a611c8a6a7234b4362c5ca0ad9f7697687798cf624dc9f35fbb376e09953156532a9033709df755b46cc6d83de3a111e19a76b361e0ef14c91db8d91c6c6d9e3e46f42291fd6cbf5cfd122716fb0675698e602ab39ee98e0d8145eebaaa9374f5b3bb0df4d0fd83a40e0d25038c39e9bee01cf79c86f3086158d031d5c5e86bc7e7eb16e622505f2888213884c0b5252289b11fce5bfeebfbef0a32ceaf9c14c6250090028463db6f8d19684f541108fe934d88e7ef5cce9daebb32700b9397691a684298c9bf1b7c22d1bcec3fcacfbb17f2ed2b98b85e6a8fe2482996b5e099e9d0211cb9412614de87dc18d23613ed7f6c29cc37b727116dd901c2817938c29fcd026089336addc09eca90de9a25a6374fee86bcdd06ae3daaf0b1bc5b3b2790d4d9f759bef8ac743612a2bbf6e45de8b22efa61226625d4c39f346b844c5ebec5355866c00b726cc1640cb237c34a20a7c603d251f46e6b3b0fa71b3276835e3e9da5b9485e789614af49f1e9504db2528631fbe1cd7dbee85164e4c099a27a4583e9247d078f8830b46874c1b010bf3cd90eb0774961f239ba\n", "Power on self test failed"}},
-    {"ML-KEM-encapsulate-shared-secret", {"ML-KEM-encapsulate-shared-secret failed.\nExpected:   0000000000000000000000000000000000000000000000000000000000000000\nCalculated: a772df2de250ac7d896bbb820b57f2ae05f9a412ab55baa421d4af6dac62662a\n", "Power on self test failed"}},
+    {"ED25519-sign", {"ED25519-sign failed.\nExpected:   a881e8d95ddbd5d14760af4ecfce4596f72e04d7eeccb9c6a193e24dd735b13c18a534c7793145469dd16f0c5e0371a3fb85063597c0924597cb427560db2a0b\nCalculated: 8608f1c9cf5070fae1f6833c868886a1e997bd3d02d200c942286d831ed78e16ce580009d05bea51d78dd4f65fb0179373d3449c7088133fd0774854cf03bb00\n", "ED25519-sign failed", "EdDSA self tests failed"}},
+    {"ED25519-verify", {"ED25519-verify failed", "EdDSA self tests failed"}},
+    {"ED25519ph-sign", {"ED25519ph-sign failed.\nExpected:   0b933d3f5900e3a1e53947ce9732c7014037e9c94b71cd3afb6046aa29fea9bbd81c50541064c659d0075fb38c8b420f8148682dc9f8384355105c3970d20609\nCalculated: 55cf180696924ba9ac1275ea19da4d1584f69250c479145cdbd7068ffbfadf8d5aafb666893b365dcaf66ae20bc9e813df3b3f9d3197ead79d644fc5a17dff0d\n", "EdDSA-ph self tests failed"}},
+    {"ED25519ph-verify", {"ED25519ph-verify failed", "EdDSA-ph self tests failed"}},
+    {"ML-KEM-keyGen-decaps", {"ML-KEM-keyGen-decaps failed.\nExpected:   000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: 88c12ceaa6cb91f589acb86d913c7a60f7cdabe3b7b590091d0084e29a049b436841f2473b03165ae9c6a9826d6c650d04b388eff594505b7e54709530546825a070a625b0e5fa866e6aaf40c2414246240973c7598aae7c363e4303abb7a11131b464a943996de7592ca04922ea8a4d73b443ea048c06acc4e55a8f254bf6d271fd827119ec5b5580498bfcc09eb0266f8c2b45988ae98c1e5402b7003463f20359470159c0509fa971153443ce2580c0b2443f8ac2b0810401e73052d626bf58c674ee48880c408d1f313a94b1667f897628c55a83e28634a20710d25da88b2ac90c0f5d6b0ed6e080fd2c24bb11816b5c607957781db2287966717ffa500a03025839164115ba5ea7b717344588169e8a85a9e83c516cab5ee6e63b7c736ce90628ddeca99a6bc547588681bc2223f39fbc4464b41c63d924afeba1098960bd43c12fd0080f490c8c50f4843222303c6821ad7b663d8844a1368a19549e5cfc83d14a8491205c44f5492bf609b69c526c95aa5e508ecf714b7955b61f6cab340b06200432ce3b1ecd0a075a8332046865959a25698a081df3532691348a2581d606a0e0b2cf2e8b3c9afc594e926eb0d7c702c0c3e5b54ee2c86ca20cc476aaaca3208f32a20190562c27338202071e11665f134273bdaacbc952b994ba9462671226514b446113e7ab7edb9c54c311c4da94104d262a80280e39201e755191763983c439a95aeaafa767c2cb594829e6313e386982d6621acc4bb0991a60790a2b0c5f3139aadd7045f7d849aa209bf60bc15ed82667414b70b71a7e184e164280af00bf95a9ad3de41dcf19623610cfb30687a5a082a2458870eb33d649b3fce3317e0362ee6175fb811c7fe3647ca21020673aedd23bf0470cd8735ce53a78082668e49a5132d1336a084360187fcff9227cdc0d7f205b2af2c88dc6bc9a04b41f429fa9a386f58b8f216cbf6714a619597caa5a9bf668048d7135105a9425cb46fe807a406459b067b716f5a47730974b207826716fe3f747fd74cd8c025720b1003f27b2dea695f221971cd5af81a1a795001f125c285c150ddc9959e9e0220a694556bc0a4b5aade032b2aa877c0da816ef32a84d77bbff4656e680854e6961a417082bd46f5023c47cea09bba2145d415188e13803bb5e7fc19d39819e59ca7fdc38051d969401d4c411dac00a47ab57527daa897a37759351b4b1185b1496d79aa33229bea3c0e8dbcf1d7a64730928775c74c946181bb88e0a38a165ebbdc7860b014c59894c7211bc23d39077e62944d3c48c434b737b1a64b5f9a1646a18a5195a54603ffc280bf5ea1bf3d8cb4112aa82fab89e2633665597bed30de6c8897a9613ea8c11736524a7086266523fbab887465494ebfc96fbe4466775bc0d707e624bb3de700eaac9b37c2bc12b52aa2dfb73b7006bd956c0b9324c47295e4e4c4cc47ba9b5a899694b38a64a29120684bf64c648211b18d017ce34849c4a092b24bcb8960d870422ebd954bc7264ba95a727a31926f31c12381d0d051e1e04190b949322442845f3aa6fb17940442a9c1a183b2397dcc0770cb2b4a07aaf0af52636778ac9949d2db42f3d036bc842b2f3b0b11d278ea025cc16ac8b6986a9b18b3356790dbc821d0ac7b5eae965fcf14b0e202b00ec5d707c45af52be2d9771bcc53b31f2525ab53f95a3b00242c11c494e2554438b0a4f68194019181bbdb194910307bc19afae553dd666564332c078604fbd8bc4fdc92f9201809ab495c1b535530bad2eb35753f91956b58bfbf62d1e33c861f73846334c4a2ac5576984ef1163a50454a3e4ce838898f225868189bdae5a03efd8001d2a9f557cb6cd93a46fbb1379d81645b853cb98b47ba87a66fcbc0ada76506b8dcd659042640ef616820ff20b26433399371dc4c50287349ca2763e3073865c5bc9aaa1437b86b20b25b6f088bd6a4c9483842d7c65257cc42ad7c7b26f58c8ed199b848b8c6f408d487637751888a95a449cab47b7a2ace6a82c7d46910526414ab149b11343b0ea32d969a508a81cf896b081087f4d52a2a9e077878a43e5971d74863a7bf20037b2974703140ea8160a5ba72227c15bec5df171140198896d31732a241f5b938ff233cba2dc82de91c6b493782b6163bc1282df855ee6a6a65975b33cb6a27d258bd317d04cef8eb557ba02d49471923cd60e9917966be90f56d2d53fa3bc2629740abbd16720a9a7069a64de7a26328817d74a7c2f55a2461b074bff8044445e11660b1b6b26df242b8fc02b9e8df538db17a639d7c46132\n", "ML-KEM self tests failed"}},
+    {"ML-KEM-keyGen-encaps", {"ML-KEM-keyGen-encaps failed.\nExpected:   0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: a7cc68f8d02110ca5720223b9e2a8987c8a24835a20dabcbefa430e74a85af80b9b74b74574c5e5f585459ca3610940f0b57b33344ceacccc135557b82f4968688a0168c1aa2940e5604482bf8b900a4343096446330cfee10917c0338181b7fe8d30f4816087d6299f225417f533ee40473894847bd45291367be6b1a7dee55bb21d60e3828552f4c8a6f3c54fc74cf67a614eeab002a076851879cef2218fdb3766123c2de32a269b6aa4661b69370314c004446f7258c40b2ea789f40ca023bbb1217c2c44b380c6e3194edd129d039218d9b75194a386d944acce7a9720ab026362004e95bf9229290b53613416082e82ba8a42a5ff14759f57712395706b307f7635ecee42317a48eb3b90683f3ab53d17c50f53c6cfb1c0cf59d6f2a981021428a7ac5edf13b26844d83c31d3608710e623aabb24b6c5b48baebc1b3078972589201b7a30bc09315612b067655bec403a69c89eb137c31157971098cb693ba4ae9ae40a8031cec92580bcc1b5ab3ecd1aa5f79aa2cd69249d138c8965a81c87a07eb59a4612e60658f4df028cef8af1b837e0ab0bfedb726904290d0bc41df6a67f7a4166609952439631960648e229a21f2a4d82abad3ec8135dc9bb43c703d3b33e437c9ef7bca91c3465676740125a15ad1707088b101b4273d3c4bf30181b4b2575de75ccfc13312a2a6bcebc477a9668e751629b569bfa20beca09800992c63f04b6b4a7df977a00131c2f8722e5138775235b517a709852167c1d415fdc7ad32f2aaca437e9cc6b248d9ca7c65b405e68d24e81b8688caa22b3cf5c9b147f0cc27e667a80b83ccbb4f4161a5ffd0194b1b5720e68ea0f59997f26740972d2c8124d7a6ad8327c2075a3f76b968d2aaad19c00697599e0be49fa6d65b4088b0be692dcda028095852a0d7205e4417409c0317780305a878fb582963b6953f6b8f0880b050178301d659be3a4db7e0bf2587129164178f32707d40392d85713dea82913999aa6c35aa94b3547abe40e2b0ba82b5b78319182a5a47d173176ba6fa3a4d70a8130b310743fa8aaae314381c9b7f49991f19a4ff8369638de380b5d828b7b5fcfdd91fe68efe16d4cd9eed66d65c1d2d8caf5af4a692\n", "ML-KEM self tests failed"}},
+    {"ML-KEM-encapsulate-ciphertext", {"ML-KEM-encapsulate-ciphertext failed.\nExpected:   000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: 431a4f1b2d2c6c00f1690bbe482541ef3d563774daff83207f96de7e5e4a59d5d936d9443ad422e645793e7a60a9b0a76cd672d20c69b82a5563df52d96f9a6cdfc56fbd4fd8d5a8afeb2a09d92ec854094794b4ed2db381f04c68439608aa9902a4d1689e2eb1e5f07a4a1c709262d7c2ff2f81f6eeaab2a86a41ba210eb1bf8e75febccd1a15b4d7a7b60257c89d00bd81d39fcb8d1ce3278102595dd652f7fb7d5584874f3327b174043b350ebd4d41fe08bd0e854d41cbb027c481da64dc6151b88dececcf022ddac2e22736c147e0773294231c0589967154c526b0b7cdd59568eeff5749a40cb100c60c6480897655d96e9f64d61684c0b3150646732c19409fe565540a31894703cf0179cae85bc8c1a5732649836e48e676405b9591b65ba25f9b489b9e5772aa1ed5a00143cb9f5449fd013457a3c13874cb58c75b52c9b6a9ae495ccb504a89cb5f145695b921632fb85b0316b30d4ad17fef0862d6b1e6ca6a611c8a6a7234b4362c5ca0ad9f7697687798cf624dc9f35fbb376e09953156532a9033709df755b46cc6d83de3a111e19a76b361e0ef14c91db8d91c6c6d9e3e46f42291fd6cbf5cfd122716fb0675698e602ab39ee98e0d8145eebaaa9374f5b3bb0df4d0fd83a40e0d25038c39e9bee01cf79c86f3086158d031d5c5e86bc7e7eb16e622505f2888213884c0b5252289b11fce5bfeebfbef0a32ceaf9c14c6250090028463db6f8d19684f541108fe934d88e7ef5cce9daebb32700b9397691a684298c9bf1b7c22d1bcec3fcacfbb17f2ed2b98b85e6a8fe2482996b5e099e9d0211cb9412614de87dc18d23613ed7f6c29cc37b727116dd901c2817938c29fcd026089336addc09eca90de9a25a6374fee86bcdd06ae3daaf0b1bc5b3b2790d4d9f759bef8ac743612a2bbf6e45de8b22efa61226625d4c39f346b844c5ebec5355866c00b726cc1640cb237c34a20a7c603d251f46e6b3b0fa71b3276835e3e9da5b9485e789614af49f1e9504db2528631fbe1cd7dbee85164e4c099a27a4583e9247d078f8830b46874c1b010bf3cd90eb0774961f239ba\n", "ML-KEM self tests failed"}},
+    {"ML-KEM-encapsulate-shared-secret", {"ML-KEM-encapsulate-shared-secret failed.\nExpected:   0000000000000000000000000000000000000000000000000000000000000000\nCalculated: a772df2de250ac7d896bbb820b57f2ae05f9a412ab55baa421d4af6dac62662a\n", "ML-KEM self tests failed"}},
     {"HKDF-SHA-256", {"HKDF-SHA-256 KAT failed.\nExpected:   3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865\nCalculated: 5f59c2b22f7dc2decd91068cabda75bacf8079c31748f91e4ba67ea26c36ad8e0b8e48c9b630c42bfc3f\n", "Power on self test failed"}},
     {"KBKDF", {"KBKDF-CTR-HMAC-SHA-256 KAT failed.\nExpected:   10621342bfb0fd40046c0e29f2cfdbf0\nCalculated: 606060902f7c6632bcde3a67f5818c48\n", "Power on self test failed"}},
     {"PBKDF2", {"PBKDF2 KAT failed.\nExpected:   13dc8a7c13d372c90382822d2dc492f2ed52467fb7828ea864\nCalculated: e442f1807d5fc9b466badcdfd3806fed7fa50da9a6f5729117\n", "Power on self test failed"}},
@@ -60,10 +63,11 @@ void AWS_LC_fips_failure_callback(const char* message) {
   char* broken_kat = getenv("FIPS_CALLBACK_TEST_EXPECTED_FAILURE");
   SCOPED_TRACE(broken_kat);
   if (broken_kat != nullptr) {
-      auto expected_message = kat_failure_messages.find(broken_kat);
-      if (expected_message != kat_failure_messages.end()) {
-        EXPECT_LT(callback_call_count, (int)expected_message->second.size());
-        EXPECT_STREQ(expected_message->second[callback_call_count].c_str(), message);
+      auto test_config = kat_failure_messages.find(broken_kat);
+      if (test_config != kat_failure_messages.end()) {
+        ASSERT_LT(callback_call_count, (int)test_config->second.size());
+        std::string expected_string = test_config->second[callback_call_count];
+        EXPECT_STREQ(expected_string.c_str(), message);
       } else {
         FAIL() << "Failed to find expected message for FIPS_CALLBACK_TEST_POWER_ON_TEST_FAILURE=" << broken_kat;
       }
@@ -75,10 +79,12 @@ void AWS_LC_fips_failure_callback(const char* message) {
 }
 
   TEST(FIPSCallback, PowerOnSelfTests) {
+  char* broken_kat = getenv("FIPS_CALLBACK_TEST_EXPECTED_FAILURE");
+  SCOPED_TRACE(broken_kat);
+
   // Some KATs are lazy and run on first use
   bssl::UniquePtr<RSA> rsa(RSA_new());
   EXPECT_TRUE(RSA_generate_key_fips(rsa.get(), 2048, nullptr));
-
   bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
   EXPECT_TRUE(EC_KEY_generate_key_fips(key.get()));
 
@@ -103,41 +109,53 @@ void AWS_LC_fips_failure_callback(const char* message) {
   uint8_t signature[ED25519_SIGNATURE_LEN];
   ED25519ph_sign(signature, message, sizeof(message), private_key, context, sizeof(context));
 
-  char* broken_kat = getenv("FIPS_CALLBACK_TEST_POWER_ON_TEST_FAILURE");
   if (broken_kat != nullptr) {
     EXPECT_NE(0, callback_call_count);
   }
 }
 
-TEST(FIPSCallback, RSARuntimeTest) {
-  // At this point the library has loaded, if a self test was broken
-  // the process would have aborted already
-  EXPECT_EQ(1, FIPS_mode());
-  EXPECT_EQ(1, BORINGSSL_self_test());
-
-  char*broken_runtime_test = getenv("BORINGSSL_FIPS_BREAK_TEST");
+TEST(FIPSCallback, PWCT) {
+  char*broken_runtime_test = getenv("FIPS_CALLBACK_TEST_EXPECTED_FAILURE");
   bssl::UniquePtr<RSA> rsa(RSA_new());
+  SCOPED_TRACE(broken_runtime_test);
   if (broken_runtime_test != nullptr && strcmp(broken_runtime_test, "RSA_PWCT" ) == 0) {
     EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 2048, nullptr));
   } else {
     EXPECT_TRUE(RSA_generate_key_fips(rsa.get(), 2048, nullptr));
   }
-}
-
-TEST(FIPSCallback, ECDSARuntimeTest) {
-  // At this point the library has loaded, if a self test was broken
-  // the process would have aborted already
-  EXPECT_EQ(1, FIPS_mode());
-  EXPECT_EQ(1, BORINGSSL_self_test());
 
-  char*broken_runtime_test = getenv("BORINGSSL_FIPS_BREAK_TEST");
-  // This should either pass or abort
   bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-  EXPECT_TRUE(EC_KEY_generate_key_fips(key.get()));
-  if (broken_runtime_test != nullptr && (strcmp(broken_runtime_test, "ECDSA_PWCT" ) == 0 ||
-                                         strcmp(broken_runtime_test, "CRNG" ) == 0)) {
-    FAIL() << "FIPS_CALLBACK_TEST_POWER_ON_TEST_FAILURE=ECDSA_PWCT and should have"
-          " failed the self tests and aborted before here";
+  if (broken_runtime_test != nullptr && strcmp(broken_runtime_test, "ECDSA_PWCT" ) == 0) {
+    EXPECT_FALSE(EC_KEY_generate_key_fips(key.get()));
+  } else {
+    EXPECT_TRUE(EC_KEY_generate_key_fips(key.get()));
+  }
+
+  uint8_t public_key[ED25519_PUBLIC_KEY_LEN];
+  uint8_t private_key[ED25519_PRIVATE_KEY_LEN];
+  ED25519_keypair(public_key, private_key);
+
+  bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_KEM, nullptr));
+  EXPECT_TRUE(ctx);
+  EXPECT_TRUE(EVP_PKEY_CTX_kem_set_params(ctx.get(), NID_MLKEM512));
+  EXPECT_TRUE(EVP_PKEY_keygen_init(ctx.get()));
+  EVP_PKEY *raw = nullptr;
+  if (broken_runtime_test != nullptr && strcmp(broken_runtime_test, "MLKEM_PWCT" ) == 0) {
+    EXPECT_FALSE(EVP_PKEY_keygen(ctx.get(), &raw));
+  } else {
+    EXPECT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw));
+  }
+  OPENSSL_free(raw);
+
+  EVP_PKEY *dsa_raw = NULL;
+  EVP_PKEY_CTX *dsa_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_PQDSA, NULL);
+  ASSERT_TRUE(dsa_ctx);
+  ASSERT_TRUE(EVP_PKEY_CTX_pqdsa_set_params(dsa_ctx, NID_MLDSA44));
+  ASSERT_TRUE(EVP_PKEY_keygen_init(dsa_ctx));
+  if (broken_runtime_test != nullptr && strcmp(broken_runtime_test, "MLDSA_PWCT" ) == 0) {
+    EXPECT_FALSE(EVP_PKEY_keygen(dsa_ctx, &dsa_raw));
+  } else {
+    EXPECT_TRUE(EVP_PKEY_keygen(dsa_ctx, &dsa_raw));
   }
 }
 
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 6ab31ac034..effb672e87 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -267,7 +267,7 @@ static void BORINGSSL_bcm_power_on_self_test(void) __attribute__ ((constructor))
 static void BORINGSSL_bcm_power_on_self_test(void) {
 #if defined(AWSLC_FIPS_FAILURE_CALLBACK)
   if (AWS_LC_fips_failure_callback == NULL) {
-    fprintf(stderr, "AWS_LC_fips_failure_callback callback not defined but AWS-LC built with AWSLC_FIPS_FAILURE_CALLBACK\n");
+    fprintf(stderr, "AWS_LC_fips_failure_callback not defined but AWS-LC built with AWSLC_FIPS_FAILURE_CALLBACK\n");
     fflush(stderr);
     abort();
   }
@@ -404,7 +404,7 @@ int BORINGSSL_integrity_test(void) {
 #if defined(AWSLC_FIPS_FAILURE_CALLBACK)
 void AWS_LC_FIPS_failure(const char* message) {
   if (AWS_LC_fips_failure_callback == NULL) {
-    fprintf(stderr, "AWSLC_FIPS_FAILURE_CALLBACK enabled but AWS_LC_fips_failure_callback is null which is invalid. FIPS failure:\n%s", message);
+    fprintf(stderr, "AWS_LC_fips_failure_callback not defined but AWS-LC built with AWSLC_FIPS_FAILURE_CALLBACK. FIPS failure:\n%s", message);
     fflush(stderr);
     abort();
   } else {
@@ -413,7 +413,7 @@ void AWS_LC_FIPS_failure(const char* message) {
 }
 #else
 void AWS_LC_FIPS_failure(const char* message) {
-  fprintf(stderr, "AWS-LC FIPS failure caused by %s\n", message);
+  fprintf(stderr, "AWS-LC FIPS failure caused by:\n%s\n", message);
   fflush(stderr);
   for (;;) {
     abort();
diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c
index 7f093f5f9e..3d0998c34b 100644
--- a/crypto/fipsmodule/self_check/self_check.c
+++ b/crypto/fipsmodule/self_check/self_check.c
@@ -2277,7 +2277,7 @@ void boringssl_ensure_ffdh_self_test(void) {
 
 static void run_self_test_ml_kem(void) {
   if (!boringssl_self_test_ml_kem()) {
-    AWS_LC_FIPS_failure("RSA self tests failed");
+    AWS_LC_FIPS_failure("ML-KEM self tests failed");
   }
 }
 
@@ -2514,7 +2514,7 @@ static int boringssl_self_test_fast(void) {
   OPENSSL_memset(nonce, 0, sizeof(nonce));
   if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey,
                          sizeof(kAESKey), 0, NULL)) {
-    AWS_LC_FIPS_failure("EVP_AEAD_CTX_init for AES-128-GCM failed.\n");
+    fprintf(stderr, "EVP_AEAD_CTX_init for AES-128-GCM failed.\n");
     goto err;
   }
 
diff --git a/tests/ci/run_fips_callback_tests.sh b/tests/ci/run_fips_callback_tests.sh
index 4a8dc470cd..884e561665 100755
--- a/tests/ci/run_fips_callback_tests.sh
+++ b/tests/ci/run_fips_callback_tests.sh
@@ -1,4 +1,5 @@
-#!/bin/bash -ex
+#!/usr/bin/env bash
+set -ex
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0 OR ISC
 source tests/ci/common_posix_setup.sh
@@ -6,7 +7,7 @@ source tests/ci/common_posix_setup.sh
 original_test="${BUILD_ROOT}/crypto/fips_callback_test"
 broken_test="${BUILD_ROOT}/crypto/fips_callback_test_broken"
 
-# By default, the integrity test should start up.
+# By default the test should pass
 $original_test
 
 # Break the tests
@@ -15,13 +16,13 @@ for kat in $KATS; do
   go run "${SRC_ROOT}/util/fipstools/break-kat.go" "$original_test" "$kat" > "$broken_test"
   chmod +x "$broken_test"
   export FIPS_CALLBACK_TEST_EXPECTED_FAILURE="$kat"
-  # When a callback is defined AWS-LC will not abort and the test should exit succesfully
+  # When a callback is defined AWS-LC will not abort and the test should exit successfully
   $broken_test --gtest_filter=FIPSCallback.PowerOnSelfTests
   unset FIPS_CALLBACK_TEST_EXPECTED_FAILURE
 done
 
-
-export FIPS_CALLBACK_TEST_EXPECTED_FAILURE="RSA_PWCT"
-# Tell bcm which test to break
-export BORINGSSL_FIPS_BREAK_TEST="RSA_PWCT"
-$original_test --gtest_filter=FIPSCallback.RSARuntimeTest
+for TEST in RSA_PWCT ECDSA_PWCT EDDSA_PWCT MLKEM_PWCT MLDSA_PWCT; do
+    export FIPS_CALLBACK_TEST_EXPECTED_FAILURE="${TEST}"
+    export BORINGSSL_FIPS_BREAK_TEST="${TEST}"
+    $original_test --gtest_filter=FIPSCallback.PWCT
+done
diff --git a/tests/ci/run_fips_tests.sh b/tests/ci/run_fips_tests.sh
index a35db885a0..b5517135a0 100755
--- a/tests/ci/run_fips_tests.sh
+++ b/tests/ci/run_fips_tests.sh
@@ -20,31 +20,29 @@ function static_openbsd_supported() {
   return 1
 }
 
-#echo "Testing AWS-LC shared library in FIPS Release mode."
-#fips_build_and_test -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1
-#
-#echo "Testing AWS-LC shared library in FIPS Release mode with FIPS entropy source method CPU Jitter."
-#fips_build_and_test -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 -DENABLE_FIPS_ENTROPY_CPU_JITTER=ON
+echo "Testing AWS-LC shared library in FIPS Release mode."
+fips_build_and_test -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1
+
+echo "Testing AWS-LC shared library in FIPS Release mode with FIPS entropy source method CPU Jitter."
+fips_build_and_test -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 -DENABLE_FIPS_ENTROPY_CPU_JITTER=ON
 
 # Static FIPS build works only on Linux and OpenBSD platforms.
 if static_linux_supported || static_openbsd_supported; then
-#  echo "Testing AWS-LC static library in FIPS Release mode."
-#  fips_build_and_test -DCMAKE_BUILD_TYPE=Release
-#
-#  echo "Testing AWS-LC static breakable release build"
-#  run_build -DFIPS=1 -DCMAKE_C_FLAGS="-DBORINGSSL_FIPS_BREAK_TESTS"
-#  ./util/fipstools/test-break-kat.sh
-#  ./util/fipstools/test-runtime-pwct.sh
-#  export BORINGSSL_FIPS_BREAK_TEST="RSA_PWCT"
-#  ${BUILD_ROOT}/crypto/crypto_test --gtest_filter="RSADeathTest.KeygenFailAndDie"
-#  unset BORINGSSL_FIPS_BREAK_TEST
+  echo "Testing AWS-LC static library in FIPS Release mode."
+  fips_build_and_test -DCMAKE_BUILD_TYPE=Release
+
+  echo "Testing AWS-LC static breakable release build"
+  run_build -DFIPS=1 -DCMAKE_C_FLAGS="-DBORINGSSL_FIPS_BREAK_TESTS"
+  ./util/fipstools/test-break-kat.sh
+  ./util/fipstools/test-runtime-pwct.sh
+  export BORINGSSL_FIPS_BREAK_TEST="RSA_PWCT"
+  ${BUILD_ROOT}/crypto/crypto_test --gtest_filter="RSADeathTest.KeygenFailAndDie"
+  unset BORINGSSL_FIPS_BREAK_TEST
 
   echo "Testing AWS-LC static breakable build with custom callback enabled"
   run_build -DFIPS=1 -DCMAKE_C_FLAGS="-DBORINGSSL_FIPS_BREAK_TESTS -DAWSLC_FIPS_FAILURE_CALLBACK"
   ./tests/ci/run_fips_callback_tests.sh
 
-  exit 1
-
   MODULE_HASH=$(go run util/fipstools/break-hash.go "${BUILD_ROOT}/util/fipstools/test_fips" ./libcrypto.so | \
     egrep "Hash of module was:.* ([a-f0-9]*)")