Perform health check on all reseed operations not associated with

[openssl.git] / fips / fipsalgtest.pl

diff --git a/fips/fipsalgtest.pl b/fips/fipsalgtest.pl
index 102cb20776739ed7cc68d238eb7c55ac44a30c64..39ec0016a6ffc7693e7ac934f4894a0c8ffa091c 100644 (file)
--- a/fips/fipsalgtest.pl
+++ b/fips/fipsalgtest.pl
@@ -12,16 +12,16 @@ my @fips_dsa_test_list = (
 
     "DSA",
 
-    [ "PQGGen",  "fips_dssvs pqg", "path:/DSA/.*PQGGen" ],
-    [ "KeyPair", "fips_dssvs keypair", "path:/DSA/.*KeyPair" ],
-    [ "SigGen",  "fips_dssvs siggen", "path:/DSA/.*SigGen" ],
-    [ "SigVer",  "fips_dssvs sigver", "path:/DSA/.*SigVer" ]
+    [ "PQGGen",  "fips_dssvs pqg", "path:[^C]DSA/.*PQGGen" ],
+    [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA/.*KeyPair" ],
+    [ "SigGen",  "fips_dssvs siggen", "path:[^C]DSA/.*SigGen" ],
+    [ "SigVer",  "fips_dssvs sigver", "path:[^C]DSA/.*SigVer" ]
 
 );
 
 my @fips_dsa_pqgver_test_list = (
 
-    [ "PQGVer",  "fips_dssvs pqgver", "path:/DSA/.*PQGVer" ]
+    [ "PQGVer",  "fips_dssvs pqgver", "path:[^C]DSA/.*PQGVer" ]
 
 );
 
@@ -30,11 +30,11 @@ my @fips_dsa2_test_list = (
 
     "DSA2",
 
-    [ "PQGGen",  "fips_dssvs pqg", "path:/DSA2/.*PQGGen" ],
-    [ "KeyPair", "fips_dssvs keypair", "path:/DSA2/.*KeyPair" ],
-    [ "SigGen",  "fips_dssvs siggen", "path:/DSA2/.*SigGen" ],
-    [ "SigVer",  "fips_dssvs sigver", "path:/DSA2/.*SigVer" ],
-    [ "PQGVer",  "fips_dssvs pqgver", "path:/DSA2/.*PQGVer" ]
+    [ "PQGGen",  "fips_dssvs pqg", "path:[^C]DSA2/.*PQGGen" ],
+    [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA2/.*KeyPair" ],
+    [ "SigGen",  "fips_dssvs siggen", "path:[^C]DSA2/.*SigGen" ],
+    [ "SigVer",  "fips_dssvs sigver", "path:[^C]DSA2/.*SigVer" ],
+    [ "PQGVer",  "fips_dssvs pqgver", "path:[^C]DSA2/.*PQGVer" ]
 
 );
 
@@ -434,6 +434,7 @@ my @fips_drbg_test_list = (
     # SP800-90 DRBG tests
     "SP800-90 DRBG",
     [ "CTR_DRBG",   "fips_drbgvs" ],
+    [ "Dual_EC_DRBG",   "fips_drbgvs" ],
     [ "Hash_DRBG",  "fips_drbgvs" ],
     [ "HMAC_DRBG",  "fips_drbgvs" ]
 
@@ -452,7 +453,7 @@ my @fips_ecdh_test_list = (
 
     # ECDH
     "ECDH Ephemeral Primitives Only",
-    [ "KAS_ECC_CDH_PrimitiveTest", "fips_ecdhvs WTF" ],
+    [ "KAS_ECC_CDH_PrimitiveTest", "fips_ecdhvs ecdhgen" ],
 #    [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init",
 #                                                      "fips_ecdhvs ecdhver" ],
 #    [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp",
@@ -1089,6 +1090,7 @@ sub cmp_file {
     my ( $tname, $rsp, $tst ) = @_;
     my ( $rspf,    $tstf );
     my ( $rspline, $tstline );
+    my $monte = 0;
     if ( !open( $rspf, $rsp ) ) {
         print STDERR "ERROR: can't open request file $rsp\n";
         return 0;
@@ -1097,6 +1099,7 @@ sub cmp_file {
         print STDERR "ERROR: can't open output file $tst\n";
         return 0;
     }
+    $monte = 1 if ($rsp =~ /Monte[123]/);
     for ( ; ; ) {
         $rspline = next_line($rspf);
         $tstline = next_line($tstf);
@@ -1104,6 +1107,21 @@ sub cmp_file {
             print STDERR "DEBUG: $tname file comparison OK\n" if $debug;
             return 1;
         }
+       # Workaround for old broken DES3 MCT format which added bogus
+       # extra lines: after [ENCRYPT] or [DECRYPT] skip until first
+       # COUNT line.
+       if ($monte) {
+               if ($rspline =~ /CRYPT/) {
+                       do {
+                               $rspline = next_line($rspf);
+                       } while (defined($rspline) && $rspline !~ /COUNT/);
+               }
+               if ($tstline =~ /CRYPT/) {
+                       do {
+                               $tstline = next_line($tstf);
+                       } while (defined($tstline) && $tstline !~ /COUNT/);
+               }
+       }
         if ( !defined($rspline) ) {
             print STDERR "ERROR: $tname EOF on $rsp\n";
             return 0;