diff options
| author | tb <> | 2024-03-02 09:30:21 +0000 |
|---|---|---|
| committer | tb <> | 2024-03-02 09:30:21 +0000 |
| commit | 27e901828ab79e35b7a6b736f5050679265ae63d (patch) | |
| tree | 44c6059d07d7614a9e654590b63bf2cbc8e48bd6 /src/lib/libcrypto/cmac | |
| parent | c9bc42b7edc08f714c31d8ec1a974cc5b287ef4c (diff) | |
| download | openbsd-27e901828ab79e35b7a6b736f5050679265ae63d.tar.gz openbsd-27e901828ab79e35b7a6b736f5050679265ae63d.tar.bz2 openbsd-27e901828ab79e35b7a6b736f5050679265ae63d.zip | |
Remove CMAC_resume()
While it is a neat design detail of CMAC that you can resume it after
having finalized it, nothing uses this functionality and it adds some
gross things such as retaining intermediate secrets in the CMAC ctx.
Once this is gone, we can simplify the CMAC code a bit.
ok jsing
Diffstat (limited to 'src/lib/libcrypto/cmac')
| -rw-r--r-- | src/lib/libcrypto/cmac/cmac.c | 17 | ||||
| -rw-r--r-- | src/lib/libcrypto/cmac/cmac.h | 3 |
2 files changed, 2 insertions, 18 deletions
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c index 81d6ffc9b5..7ad3434836 100644 --- a/src/lib/libcrypto/cmac/cmac.c +++ b/src/lib/libcrypto/cmac/cmac.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cmac.c,v 1.22 2024/01/30 17:43:39 tb Exp $ */ | 1 | /* $OpenBSD: cmac.c,v 1.23 2024/03/02 09:30:21 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -323,18 +323,3 @@ CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) | |||
| 323 | return 1; | 323 | return 1; |
| 324 | } | 324 | } |
| 325 | LCRYPTO_ALIAS(CMAC_Final); | 325 | LCRYPTO_ALIAS(CMAC_Final); |
| 326 | |||
| 327 | int | ||
| 328 | CMAC_resume(CMAC_CTX *ctx) | ||
| 329 | { | ||
| 330 | if (ctx->nlast_block == -1) | ||
| 331 | return 0; | ||
| 332 | /* The buffer "tbl" containes the last fully encrypted block | ||
| 333 | * which is the last IV (or all zeroes if no last encrypted block). | ||
| 334 | * The last block has not been modified since CMAC_final(). | ||
| 335 | * So reinitialising using the last decrypted block will allow | ||
| 336 | * CMAC to continue after calling CMAC_Final(). | ||
| 337 | */ | ||
| 338 | return EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, ctx->tbl); | ||
| 339 | } | ||
| 340 | LCRYPTO_ALIAS(CMAC_resume); | ||
diff --git a/src/lib/libcrypto/cmac/cmac.h b/src/lib/libcrypto/cmac/cmac.h index cb6d64b02f..f77dae12b3 100644 --- a/src/lib/libcrypto/cmac/cmac.h +++ b/src/lib/libcrypto/cmac/cmac.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cmac.h,v 1.3 2014/06/21 13:42:14 jsing Exp $ */ | 1 | /* $OpenBSD: cmac.h,v 1.4 2024/03/02 09:30:21 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -74,7 +74,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, | |||
| 74 | const EVP_CIPHER *cipher, ENGINE *impl); | 74 | const EVP_CIPHER *cipher, ENGINE *impl); |
| 75 | int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); | 75 | int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); |
| 76 | int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); | 76 | int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); |
| 77 | int CMAC_resume(CMAC_CTX *ctx); | ||
| 78 | 77 | ||
| 79 | #ifdef __cplusplus | 78 | #ifdef __cplusplus |
| 80 | } | 79 | } |