Change self test for AES_CGM to perform both an encrypt and decrypt.

This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and
decrypt. (This makes no logical sense since this is not an inverse cipher).
I have left the AES_ECB decrypt test in (although it may not be needed)
since it is actually testing the inverse cipher case.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15844)

diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index b70d22749cb28486c7c1268c386ca429bf51d520..04aaa454df1f8bc644f5b4fa32c6499a5c09f536 100644 (file)
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -267,7 +267,7 @@ Key generation tests used with the "Pairwise_Consistency_Test" type.
 
 "KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
 
-=item "AES_GCM_Encrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+=item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
 
 =item "AES_ECB_Decrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_ECB>)
 

diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
index cc5278243b0a1596e1f79cd1cc60eb0355e6e71f..b970d1b9497082261ea16de121af0999bce6e5c6 100644 (file)
--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@@ -44,7 +44,7 @@ extern "C" {
 # define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1  "RSA"
 # define OSSL_SELF_TEST_DESC_PCT_ECDSA      "ECDSA"
 # define OSSL_SELF_TEST_DESC_PCT_DSA        "DSA"
-# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM_Encrypt"
+# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM"
 # define OSSL_SELF_TEST_DESC_CIPHER_AES_ECB "AES_ECB_Decrypt"
 # define OSSL_SELF_TEST_DESC_CIPHER_TDES    "TDES"
 # define OSSL_SELF_TEST_DESC_ASYM_RSA_ENC   "RSA_Encrypt"

diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 7b6226574cc4c7410a1fb0dbae7e94230329ea32..8c281444056b9f9307eae895c52ecdf5ad2e6fba 100644 (file)
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -255,7 +255,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
             ITM(aes_256_gcm_pt),
             ITM(aes_256_gcm_ct)
         },
-        CIPHER_MODE_ENCRYPT,
+        CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
         ITM(aes_256_gcm_key),
         ITM(aes_256_gcm_iv),
         ITM(aes_256_gcm_aad),

diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index c243b3b3aff159981a00946be189322c14ed235b..db64362538109f4e30a4a3ca8a6145ef80d5188d 100644 (file)
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -195,7 +195,7 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infi
 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
-            '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM_Encrypt'])),
+            '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])),
    "fipsinstall fails when the AES_GCM result is corrupted");
 
 # corrupt cipher decrypt test