From df3c11ad8245544d345653d8e7a5f6f0e409787b Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Fri, 30 Dec 2022 16:02:30 -0500 Subject: [PATCH] Don't define a new default NONCE size, instead use existing MAX --- wolfcrypt/src/evp.c | 8 ++++---- wolfssl/wolfcrypt/aes.h | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c59f0fa2e..536599ecb 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -9122,7 +9122,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) if (ctx->ivSz != 0) { return ctx->ivSz; } - return CCM_NONCE_MID_SZ; + return CCM_NONCE_MAX_SZ; #endif #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER @@ -9239,15 +9239,15 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) #ifdef HAVE_AESCCM #ifdef WOLFSSL_AES_128 if (XSTRCMP(name, EVP_AES_128_CCM) == 0) - return CCM_NONCE_MID_SZ; + return CCM_NONCE_MAX_SZ; #endif #ifdef WOLFSSL_AES_192 if (XSTRCMP(name, EVP_AES_192_CCM) == 0) - return CCM_NONCE_MID_SZ; + return CCM_NONCE_MAX_SZ; #endif #ifdef WOLFSSL_AES_256 if (XSTRCMP(name, EVP_AES_256_CCM) == 0) - return CCM_NONCE_MID_SZ; + return CCM_NONCE_MAX_SZ; #endif #endif /* HAVE_AESCCM */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 342345711..f2f83ec81 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -163,7 +163,6 @@ enum { GCM_NONCE_MID_SZ = 12, /* The default nonce size for AES-GCM. */ GCM_NONCE_MIN_SZ = 8, /* wolfCrypt's minimum nonce size allowed. */ CCM_NONCE_MIN_SZ = 7, - CCM_NONCE_MID_SZ = 12, /* The default nonce size for AES-CCM. TODO: Check this*/ CCM_NONCE_MAX_SZ = 13, CTR_SZ = 4, AES_IV_FIXED_SZ = 4,