acvp: fix CMAC verify
This is only used for testing acvptool but, yea, |memcmp| doesn't return
a bool 😳
This wasn't noticed because "ver" mode was missing from the registration
and thus from the test vectors.
Change-Id: I181c9b66aea4032543d39ebcc8728a01e0f34f55
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45464
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2 b/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2
index 35605cd..c97fade 100644
--- a/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2
+++ b/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2
Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2 b/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2
index 31d86b9..ff34573 100644
--- a/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2
+++ b/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2
Binary files differ
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 06eac8b..b354280 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -678,7 +678,7 @@
"algorithm": "CMAC-AES",
"revision": "1.0",
"capabilities": [{
- "direction": ["gen"],
+ "direction": ["gen", "ver"],
"msgLen": [{
"min": 0,
"max": 65536,
@@ -1482,7 +1482,7 @@
return false;
}
- const uint8_t ok = OPENSSL_memcmp(mac, args[2].data(), args[2].size());
+ const uint8_t ok = (OPENSSL_memcmp(mac, args[2].data(), args[2].size()) == 0);
return WriteReply(STDOUT_FILENO, Span<const uint8_t>(&ok, sizeof(ok)));
}