From 4bcd7b79865abdd7883d3e16a82c0e36d86265d9 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 8 Feb 2018 12:08:35 -0800
Subject: [PATCH] AES-GCM 1. Updated the wolfCrypt GMAC test to leave out the
 test case with the 15-byte tag when building for FIPS. 2. Replace tabs with
 spaces.

---
 wolfcrypt/src/aes.c   | 4 ++--
 wolfcrypt/test/test.c | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 9445173d8..1af96b2db 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -30,7 +30,7 @@
 #if !defined(NO_AES)
 
 #if defined(HAVE_FIPS) && \
-	defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
 
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
@@ -188,7 +188,7 @@
 
     /* AES-CCM */
     #if defined(HAVE_AESCCM) && \
-		defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+        defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
         int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
         {
             return AesCcmSetKey(aes, key, keySz);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index ea32669e3..f8474d795 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -6673,6 +6673,9 @@ int gmac_test(void)
         0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
     };
 
+#if !defined(HAVE_FIPS)
+	/* FIPS builds only allow 16-byte auth tags. */
+	/* This sample uses a 15-byte auth tag. */
     const byte k2[] =
     {
         0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
@@ -6693,6 +6696,7 @@ int gmac_test(void)
         0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
         0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
     };
+#endif /* HAVE_FIPS */
 
     byte tag[16];
 
@@ -6703,11 +6707,13 @@ int gmac_test(void)
     if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
         return -4400;
 
+#if !defined(HAVE_FIPS)
     XMEMSET(tag, 0, sizeof(tag));
     wc_GmacSetKey(&gmac, k2, sizeof(k2));
     wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
     if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
         return -4401;
+#endif /* HAVE_FIPS */
 
     return 0;
 }