Change self test for AES_CGM to perform both an encrypt and decrypt.

This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and decrypt. (This makes no logical sense since this is not an inverse cipher). I have left the AES_ECB decrypt test in (although it may not be needed) since it is actually testing the inverse cipher case. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15844)
2 years ago · 3b1978e486
parent 4aaed2a5fb
commit 3b1978e486
4 changed files with 4 additions and 4 deletions
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@ -267,7 +267,7 @@ Key generation tests used with the "Pairwise_Consistency_Test" type.

 "KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.

-=item "AES_GCM_Encrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+=item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)

 =item "AES_ECB_Decrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_ECB>)

--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@ -44,7 +44,7 @@ extern "C" {
 # define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1  "RSA"
 # define OSSL_SELF_TEST_DESC_PCT_ECDSA      "ECDSA"
 # define OSSL_SELF_TEST_DESC_PCT_DSA        "DSA"
-# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM_Encrypt"
+# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM"
 # define OSSL_SELF_TEST_DESC_CIPHER_AES_ECB "AES_ECB_Decrypt"
 # define OSSL_SELF_TEST_DESC_CIPHER_TDES    "TDES"
 # define OSSL_SELF_TEST_DESC_ASYM_RSA_ENC   "RSA_Encrypt"
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@ -255,7 +255,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
            ITM(aes_256_gcm_pt),
            ITM(aes_256_gcm_ct)
        },
-        CIPHER_MODE_ENCRYPT,
+        CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
        ITM(aes_256_gcm_key),
        ITM(aes_256_gcm_iv),
        ITM(aes_256_gcm_aad),
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@ -195,7 +195,7 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infi
 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
            '-provider_name', 'fips', '-mac_name', 'HMAC',
            '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
-            '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM_Encrypt'])),
+            '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])),
   "fipsinstall fails when the AES_GCM result is corrupted");

 # corrupt cipher decrypt test