Add FIPS Self test for AES_ECB decrypt

Fixes #14807 Compliance with IG 9.4 requires that an inverse cipher function be tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse function during decryption mode). Added a mode to the cipher test so that the AES_GCM only does an encrypt and AES_ECB only does a decrypt. TDES still does both. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14825)
author: Shane Lontis <shane.lontis@oracle.com> 2021-04-12 10:38:16 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-04-13 13:06:37 +1000
commit: 3fed27181a9b5e26216b3cad679b0f601c90ac2a (patch)
tree: 1cc60dadeae990c97162117d857442f2332d971a /doc/man7
parent: 28fd8953059fe7d9acd57ef6620457cb41a80509 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index ad7c4a6244..fbb2443f3c 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -267,7 +267,9 @@ Key generation tests used with the "Pairwise_Consistency_Test" type.
 
 "KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
 
-=item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+=item "AES_GCM_Encrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+
+=item "AES_ECB_Decrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_ECB>)
 
 =item "TDES" (B<OSSL_SELF_TEST_DESC_CIPHER_TDES>)
author	Shane Lontis <shane.lontis@oracle.com>	2021-04-12 10:38:16 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-04-13 13:06:37 +1000
commit	3fed27181a9b5e26216b3cad679b0f601c90ac2a (patch)
tree	1cc60dadeae990c97162117d857442f2332d971a /doc/man7
parent	28fd8953059fe7d9acd57ef6620457cb41a80509 (diff)