Add FIPS Self test for AES_ECB decrypt

Fixes #14807

Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).

Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14825)

1 files changed, 3 insertions, 1 deletions

diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index ad7c4a6244..fbb2443f3c 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -267,7 +267,9 @@ Key generation tests used with the "Pairwise_Consistency_Test" type.
 
 "KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
 
-=item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+=item "AES_GCM_Encrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
+
+=item "AES_ECB_Decrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_ECB>)
 
 =item "TDES" (B<OSSL_SELF_TEST_DESC_CIPHER_TDES>)