From ec9697999e29e13a17e976e29d5a938ba482ff06 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Mon, 2 Jan 2023 08:51:13 -0500
Subject: [PATCH] Use minimum size for NONCE

---
 wolfcrypt/src/evp.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 536599ecb..93badf420 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -9122,7 +9122,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
             }
-            return CCM_NONCE_MAX_SZ;
+            return CCM_NONCE_MIN_SZ;
 #endif
 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
 #ifdef WOLFSSL_AES_COUNTER
@@ -9239,15 +9239,15 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
 #ifdef HAVE_AESCCM
     #ifdef WOLFSSL_AES_128
     if (XSTRCMP(name, EVP_AES_128_CCM) == 0)
-        return CCM_NONCE_MAX_SZ;
+        return CCM_NONCE_MIN_SZ;
     #endif
     #ifdef WOLFSSL_AES_192
     if (XSTRCMP(name, EVP_AES_192_CCM) == 0)
-        return CCM_NONCE_MAX_SZ;
+        return CCM_NONCE_MIN_SZ;
     #endif
     #ifdef WOLFSSL_AES_256
     if (XSTRCMP(name, EVP_AES_256_CCM) == 0)
-        return CCM_NONCE_MAX_SZ;
+        return CCM_NONCE_MIN_SZ;
     #endif
 #endif /* HAVE_AESCCM */
 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */