From eb1a76bf2abed565398dc8fd05e644c89a10fb48 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 7 Feb 2018 10:34:46 -0800
Subject: [PATCH] FIPS Revalidation 1. Updated CMAC to allow tag length from 4
 to 16 bytes, inclusive.

---
 wolfcrypt/src/cmac.c     | 10 +++++-----
 wolfssl/wolfcrypt/cmac.h |  3 +++
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index 584a591fa..e6fddd200 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -129,10 +129,10 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
 {
     const byte* subKey;
 
-    if (cmac == NULL || out == NULL)
+    if (cmac == NULL || out == NULL || outSz == NULL)
         return BAD_FUNC_ARG;
 
-    if (outSz != NULL && *outSz < AES_BLOCK_SIZE)
+    if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ)
         return BUFFER_E;
 
     if (cmac->bufferSz == AES_BLOCK_SIZE) {
@@ -151,10 +151,10 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
     }
     xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
     xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
-    wc_AesEncryptDirect(&cmac->aes, out, cmac->buffer);
+    wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
+
+    XMEMCPY(out, cmac->digest, *outSz);
 
-    if (outSz != NULL)
-        *outSz = AES_BLOCK_SIZE;
     ForceZero(cmac, sizeof(Cmac));
 
     return 0;
diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h
index 5b67fc034..ff56052f8 100644
--- a/wolfssl/wolfcrypt/cmac.h
+++ b/wolfssl/wolfcrypt/cmac.h
@@ -56,6 +56,9 @@ typedef enum CmacType {
     WC_CMAC_AES = 1
 } CmacType;
 
+#define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE
+#define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4)
+
 #endif /* HAVE_FIPS */
 
 WOLFSSL_API