commit 4d3e540cc05846eba5dfa6305e742133ea08fe0d
author Adam Langley <alangley@gmail.com> Tue Feb 09 13:30:05 2021 -0800
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Feb 09 22:22:14 2021 +0000
tree 01180223ee415fd2f7de033b006eca9072cc04d2
parent a2278d4d2cabe73f6663e3299ea7808edfa306b9

acvp: fix CMAC verify

This is only used for testing acvptool but, yea, |memcmp| doesn't return
a bool 😳

This wasn't noticed because "ver" mode was missing from the registration
and thus from the test vectors.

Change-Id: I181c9b66aea4032543d39ebcc8728a01e0f34f55
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45464
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2

diff --git a/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2 b/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2
index 35605cd..c97fade 100644
--- a/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2
+++ b/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2
Binary files differ

util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2

diff --git a/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2 b/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2
index 31d86b9..ff34573 100644
--- a/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2
+++ b/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2
Binary files differ

util/fipstools/acvp/modulewrapper/modulewrapper.cc

diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 06eac8b..b354280 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -678,7 +678,7 @@
         "algorithm": "CMAC-AES",
         "revision": "1.0",
         "capabilities": [{
-          "direction": ["gen"],
+          "direction": ["gen", "ver"],
           "msgLen": [{
             "min": 0,
             "max": 65536,
@@ -1482,7 +1482,7 @@
     return false;
   }
 
-  const uint8_t ok = OPENSSL_memcmp(mac, args[2].data(), args[2].size());
+  const uint8_t ok = (OPENSSL_memcmp(mac, args[2].data(), args[2].size()) == 0);
   return WriteReply(STDOUT_FILENO, Span<const uint8_t>(&ok, sizeof(ok)));
 }