From 3b1978e4860770089b6244c549059c43bd9cc4da Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Mon, 21 Jun 2021 14:01:36 +1000
Subject: [PATCH] Change self test for AES_CGM to perform both an encrypt and
 decrypt.

This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and
decrypt. (This makes no logical sense since this is not an inverse cipher).
I have left the AES_ECB decrypt test in (although it may not be needed)
since it is actually testing the inverse cipher case.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15844)
---
 doc/man7/OSSL_PROVIDER-FIPS.pod    | 2 +-
 include/openssl/self_test.h        | 2 +-
 providers/fips/self_test_data.inc  | 2 +-
 test/recipes/03-test_fipsinstall.t | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index b70d22749c..04aaa454df 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -267,7 +267,7 @@ Key generation tests used with the "Pairwise_Consistency_Test" type.
 
 "KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
 
-=item "AES_GCM_Encrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+=item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
 
 =item "AES_ECB_Decrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_ECB>)
 
diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
index cc5278243b..b970d1b949 100644
--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@@ -44,7 +44,7 @@ extern "C" {
 # define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1  "RSA"
 # define OSSL_SELF_TEST_DESC_PCT_ECDSA      "ECDSA"
 # define OSSL_SELF_TEST_DESC_PCT_DSA        "DSA"
-# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM_Encrypt"
+# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM"
 # define OSSL_SELF_TEST_DESC_CIPHER_AES_ECB "AES_ECB_Decrypt"
 # define OSSL_SELF_TEST_DESC_CIPHER_TDES    "TDES"
 # define OSSL_SELF_TEST_DESC_ASYM_RSA_ENC   "RSA_Encrypt"
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 7b6226574c..8c28144405 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -255,7 +255,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
             ITM(aes_256_gcm_pt),
             ITM(aes_256_gcm_ct)
         },
-        CIPHER_MODE_ENCRYPT,
+        CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
         ITM(aes_256_gcm_key),
         ITM(aes_256_gcm_iv),
         ITM(aes_256_gcm_aad),
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index c243b3b3af..db64362538 100644
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -195,7 +195,7 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infi
 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
-            '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM_Encrypt'])),
+            '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])),
    "fipsinstall fails when the AES_GCM result is corrupted");
 
 # corrupt cipher decrypt test
-- 
2.34.1