Merge pull request #3383 from kaleb-himes/ACVP_TESTING_UPDATE

In ACVP testing NIST needs to see failed decryption output
2020-11-02 10:42:28 -08:00
parent 87abb5257e 8826823724
commit 29c7351fe0
1 changed files with 6 additions and 1 deletions
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@ -7463,7 +7463,12 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
        /* If the authTag check fails, don't keep the decrypted data.
         * Unfortunately, you need the decrypted data to calculate the
         * check value. */
-        XMEMSET(out, 0, inSz);
+        #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) && \
+            defined(ACVP_VECTOR_TESTING)
+            WOLFSSL_MSG("Preserve output for vector responses");
+        #else
+            XMEMSET(out, 0, inSz);
+        #endif
        result = AES_CCM_AUTH_E;
    }