[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Jun 22 05:04:50 UTC 2021
The branch master has been updated
via 3b1978e4860770089b6244c549059c43bd9cc4da (commit)
from 4aaed2a5fb06ea327f60eea9f17a8f31a664eb99 (commit)
- Log -----------------------------------------------------------------
commit 3b1978e4860770089b6244c549059c43bd9cc4da
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Mon Jun 21 14:01:36 2021 +1000
Change self test for AES_CGM to perform both an encrypt and decrypt.
This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and
decrypt. (This makes no logical sense since this is not an inverse cipher).
I have left the AES_ECB decrypt test in (although it may not be needed)
since it is actually testing the inverse cipher case.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15844)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/OSSL_PROVIDER-FIPS.pod | 2 +-
include/openssl/self_test.h | 2 +-
providers/fips/self_test_data.inc | 2 +-
test/recipes/03-test_fipsinstall.t | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index b70d22749c..04aaa454df 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -267,7 +267,7 @@ Key generation tests used with the "Pairwise_Consistency_Test" type.
"KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
-=item "AES_GCM_Encrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+=item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
=item "AES_ECB_Decrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_ECB>)
diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
index cc5278243b..b970d1b949 100644
--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@@ -44,7 +44,7 @@ extern "C" {
# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA"
# define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA"
# define OSSL_SELF_TEST_DESC_PCT_DSA "DSA"
-# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM_Encrypt"
+# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM"
# define OSSL_SELF_TEST_DESC_CIPHER_AES_ECB "AES_ECB_Decrypt"
# define OSSL_SELF_TEST_DESC_CIPHER_TDES "TDES"
# define OSSL_SELF_TEST_DESC_ASYM_RSA_ENC "RSA_Encrypt"
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 7b6226574c..8c28144405 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -255,7 +255,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
ITM(aes_256_gcm_pt),
ITM(aes_256_gcm_ct)
},
- CIPHER_MODE_ENCRYPT,
+ CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
ITM(aes_256_gcm_key),
ITM(aes_256_gcm_iv),
ITM(aes_256_gcm_aad),
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index c243b3b3af..db64362538 100644
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -195,7 +195,7 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infi
ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
- '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM_Encrypt'])),
+ '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])),
"fipsinstall fails when the AES_GCM result is corrupted");
# corrupt cipher decrypt test
More information about the openssl-commits
mailing list