FIPS Revalidation

1. Updated CMAC to allow tag length from 4 to 16 bytes, inclusive.

wolfcrypt/src/cmac.c

@@ -129,10 +129,10 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
 {
     const byte* subKey;
 
-    if (cmac == NULL || out == NULL)
+    if (cmac == NULL || out == NULL || outSz == NULL)
         return BAD_FUNC_ARG;
 
-    if (outSz != NULL && *outSz < AES_BLOCK_SIZE)
+    if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ)
         return BUFFER_E;
 
     if (cmac->bufferSz == AES_BLOCK_SIZE) {
@@ -151,10 +151,10 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
     }
     xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
     xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
-    wc_AesEncryptDirect(&cmac->aes, out, cmac->buffer);
+    wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
+
+    XMEMCPY(out, cmac->digest, *outSz);
 
-    if (outSz != NULL)
-        *outSz = AES_BLOCK_SIZE;
     ForceZero(cmac, sizeof(Cmac));
 
     return 0;

wolfssl/wolfcrypt/cmac.h

@@ -56,6 +56,9 @@ typedef enum CmacType {
     WC_CMAC_AES = 1
 } CmacType;
 
+#define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE
+#define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4)
+
 #endif /* HAVE_FIPS */
 
 WOLFSSL_API