Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add FIPS Self test for AES_ECB decrypt #14825

Closed
wants to merge 2 commits into from
Closed

Add FIPS Self test for AES_ECB decrypt #14825

wants to merge 2 commits into from

Conversation

slontis
Copy link
Member

@slontis slontis commented Apr 12, 2021

Fixes #14807

Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).

Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.

Checklist
  • documentation is added or updated
  • tests are added or updated

@slontis
Add FIPS Self test for AES_ECB decrypt
8826bc1 
Fixes openssl#14807

Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).

Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.
@slontis slontis added branch: master Merge to master branch approval: review pending This pull request needs review by a committer labels Apr 12, 2021
@paulidale paulidale added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Apr 12, 2021
@slontis
Copy link
Member Author

slontis commented Apr 12, 2021

small fixup for compiler warning.

@openssl-machine
Copy link
Collaborator

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

@slontis
Copy link
Member Author

slontis commented Apr 13, 2021

The appveyor issue should be addressed by #14851.

@slontis slontis added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Apr 13, 2021
openssl-machine pushed a commit that referenced this pull request Apr 13, 2021
@slontis
Add FIPS Self test for AES_ECB decrypt
3fed271 
Fixes #14807

Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).

Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #14825)
@slontis
Copy link
Member Author

slontis commented Apr 13, 2021

Thanks for spotting the omission. Merged to master.

@slontis slontis closed this Apr 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulidale paulidale paulidale approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AES KAT for FIPS provider has a gap
3 participants
@slontis @openssl-machine @paulidale