From d39d389c6eac266d8e14550db1b908944d956986 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 13 Sep 2021 21:24:03 -0500
Subject: [PATCH] aes.c: in CheckAesGcmIvSize(), don't disallow
 GCM_NONCE_MIN_SZ for FIPS 140-3, i.e. always allow it.

---
 wolfcrypt/src/aes.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 74b3dca84..173523d2c 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -9458,14 +9458,9 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
 #ifndef WC_NO_RNG
 
 static WC_INLINE int CheckAesGcmIvSize(int ivSz) {
-#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 4)
-    return (ivSz == GCM_NONCE_MID_SZ ||
-            ivSz == GCM_NONCE_MAX_SZ);
-#else
     return (ivSz == GCM_NONCE_MIN_SZ ||
             ivSz == GCM_NONCE_MID_SZ ||
             ivSz == GCM_NONCE_MAX_SZ);
-#endif
 }