Remove CMAC_resume()

While it is a neat design detail of CMAC that you can resume it after
having finalized it, nothing uses this functionality and it adds some
gross things such as retaining intermediate secrets in the CMAC ctx.
Once this is gone, we can simplify the CMAC code a bit.

ok jsing

6 files changed, 5 insertions, 46 deletions

diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 5099a6f1f8..910a761787 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -478,7 +478,6 @@ CMAC_CTX_new
 CMAC_Final
 CMAC_Init
 CMAC_Update
-CMAC_resume
 CMS_ContentInfo_free
 CMS_ContentInfo_it
 CMS_ContentInfo_new
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index aff315a305..3b6be84b85 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -2433,7 +2433,6 @@ _libre_CMAC_CTX_copy
 _libre_CMAC_Init
 _libre_CMAC_Update
 _libre_CMAC_Final
-_libre_CMAC_resume
 _libre_d2i_DSAparams_bio
 _libre_i2d_DSAparams_bio
 _libre_d2i_DSAparams_fp
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c
index 81d6ffc9b5..7ad3434836 100644
--- a/src/lib/libcrypto/cmac/cmac.c
+++ b/src/lib/libcrypto/cmac/cmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.c,v 1.22 2024/01/30 17:43:39 tb Exp $ */
+/* $OpenBSD: cmac.c,v 1.23 2024/03/02 09:30:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -323,18 +323,3 @@ CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
         return 1;
 }
 LCRYPTO_ALIAS(CMAC_Final);
-
-int
-CMAC_resume(CMAC_CTX *ctx)
-{
-        if (ctx->nlast_block == -1)
-                return 0;
-        /* The buffer "tbl" containes the last fully encrypted block
-         * which is the last IV (or all zeroes if no last encrypted block).
-         * The last block has not been modified since CMAC_final().
-         * So reinitialising using the last decrypted block will allow
-         * CMAC to continue after calling CMAC_Final().
-         */
-        return EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, ctx->tbl);
-}
-LCRYPTO_ALIAS(CMAC_resume);
diff --git a/src/lib/libcrypto/cmac/cmac.h b/src/lib/libcrypto/cmac/cmac.h
index cb6d64b02f..f77dae12b3 100644
--- a/src/lib/libcrypto/cmac/cmac.h
+++ b/src/lib/libcrypto/cmac/cmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.h,v 1.3 2014/06/21 13:42:14 jsing Exp $ */
+/* $OpenBSD: cmac.h,v 1.4 2024/03/02 09:30:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -74,7 +74,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
     const EVP_CIPHER *cipher, ENGINE *impl);
 int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
-int CMAC_resume(CMAC_CTX *ctx);
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/hidden/openssl/cmac.h b/src/lib/libcrypto/hidden/openssl/cmac.h
index cefdb4f6e5..1e802aa887 100644
--- a/src/lib/libcrypto/hidden/openssl/cmac.h
+++ b/src/lib/libcrypto/hidden/openssl/cmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.h,v 1.1 2023/07/08 14:27:14 beck Exp $ */
+/* $OpenBSD: cmac.h,v 1.2 2024/03/02 09:30:21 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -33,6 +33,5 @@ LCRYPTO_USED(CMAC_CTX_copy);
 LCRYPTO_USED(CMAC_Init);
 LCRYPTO_USED(CMAC_Update);
 LCRYPTO_USED(CMAC_Final);
-LCRYPTO_USED(CMAC_resume);
 
 #endif /* _LIBCRYPTO_CMAC_H */
diff --git a/src/lib/libcrypto/man/CMAC_Init.3 b/src/lib/libcrypto/man/CMAC_Init.3
index 81cb8b8f0b..f4143cf451 100644
--- a/src/lib/libcrypto/man/CMAC_Init.3
+++ b/src/lib/libcrypto/man/CMAC_Init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMAC_Init.3,v 1.5 2023/12/25 15:52:18 schwarze Exp $
+.\" $OpenBSD: CMAC_Init.3,v 1.6 2024/03/02 09:30:21 tb Exp $
 .\"
 .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 25 2023 $
+.Dd $Mdocdate: March 2 2024 $
 .Dt CMAC_INIT 3
 .Os
 .Sh NAME
@@ -22,7 +22,6 @@
 .Nm CMAC_Init ,
 .Nm CMAC_Update ,
 .Nm CMAC_Final ,
-.Nm CMAC_resume ,
 .Nm CMAC_CTX_copy ,
 .Nm CMAC_CTX_get0_cipher_ctx ,
 .Nm CMAC_CTX_cleanup ,
@@ -52,13 +51,6 @@
 .Fa "unsigned char *out_mac"
 .Fa "size_t *out_len"
 .Fc
-.Ft int
-.Fn CMAC_resume "CMAC_CTX *ctx"
-.Ft int
-.Fo CMAC_CTX_copy
-.Fa "CMAC_CTX *out_ctx"
-.Fa "CMAC_CTX *in_ctx"
-.Fc
 .Ft EVP_CIPHER_CTX *
 .Fn CMAC_CTX_get0_cipher_ctx "CMAC_CTX *ctx"
 .Ft void
@@ -183,19 +175,6 @@ resulting message authentication code to
 .Fa out_mac .
 The caller is responsible for providing a buffer of sufficient size.
 .Pp
-Calling
-.Fn CMAC_resume
-after
-.Fn CMAC_Final
-allows the user to subsequently append additional data with
-.Fn CMAC_Update .
-Otherwise, unless
-.Fn CMAC_Init
-is called to start from scratch,
-.Fn CMAC_Update
-can no longer be used after
-.Fn CMAC_Final .
-.Pp
 .Fn CMAC_CTX_copy
 performs a deep copy of the already initialized
 .Fa in_ctx
@@ -235,7 +214,6 @@ It succeeds unless memory is exhausted.
 .Fn CMAC_Init ,
 .Fn CMAC_Update ,
 .Fn CMAC_Final ,
-.Fn CMAC_resume ,
 and
 .Fn CMAC_CTX_copy
 return 1 on success or 0 on failure.