6 files changed, 5 insertions, 46 deletions

diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 5099a6f1f8..910a761787 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -478,7 +478,6 @@ CMAC_CTX_new
 CMAC_Final
 CMAC_Init
 CMAC_Update
-CMAC_resume
 CMS_ContentInfo_free
 CMS_ContentInfo_it
 CMS_ContentInfo_new
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index aff315a305..3b6be84b85 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -2433,7 +2433,6 @@ _libre_CMAC_CTX_copy
 _libre_CMAC_Init
 _libre_CMAC_Update
 _libre_CMAC_Final
-_libre_CMAC_resume
 _libre_d2i_DSAparams_bio
 _libre_i2d_DSAparams_bio
 _libre_d2i_DSAparams_fp
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c
index 81d6ffc9b5..7ad3434836 100644
--- a/src/lib/libcrypto/cmac/cmac.c
+++ b/src/lib/libcrypto/cmac/cmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.c,v 1.22 2024/01/30 17:43:39 tb Exp $ */
+/* $OpenBSD: cmac.c,v 1.23 2024/03/02 09:30:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -323,18 +323,3 @@ CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
         return 1;
 }
 LCRYPTO_ALIAS(CMAC_Final);
-
-int
-CMAC_resume(CMAC_CTX *ctx)
-{
-        if (ctx->nlast_block == -1)
-                return 0;
-        /* The buffer "tbl" containes the last fully encrypted block
-         * which is the last IV (or all zeroes if no last encrypted block).
-         * The last block has not been modified since CMAC_final().
-         * So reinitialising using the last decrypted block will allow
-         * CMAC to continue after calling CMAC_Final().
-         */
-        return EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, ctx->tbl);
-}
-LCRYPTO_ALIAS(CMAC_resume);
diff --git a/src/lib/libcrypto/cmac/cmac.h b/src/lib/libcrypto/cmac/cmac.h
index cb6d64b02f..f77dae12b3 100644
--- a/src/lib/libcrypto/cmac/cmac.h
+++ b/src/lib/libcrypto/cmac/cmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.h,v 1.3 2014/06/21 13:42:14 jsing Exp $ */
+/* $OpenBSD: cmac.h,v 1.4 2024/03/02 09:30:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -74,7 +74,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
     const EVP_CIPHER *cipher, ENGINE *impl);
 int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
-int CMAC_resume(CMAC_CTX *ctx);
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/hidden/openssl/cmac.h b/src/lib/libcrypto/hidden/openssl/cmac.h
index cefdb4f6e5..1e802aa887 100644
--- a/src/lib/libcrypto/hidden/openssl/cmac.h
+++ b/src/lib/libcrypto/hidden/openssl/cmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.h,v 1.1 2023/07/08 14:27:14 beck Exp $ */
+/* $OpenBSD: cmac.h,v 1.2 2024/03/02 09:30:21 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -33,6 +33,5 @@ LCRYPTO_USED(CMAC_CTX_copy);
 LCRYPTO_USED(CMAC_Init);
 LCRYPTO_USED(CMAC_Update);
 LCRYPTO_USED(CMAC_Final);
-LCRYPTO_USED(CMAC_resume);
 
 #endif /* _LIBCRYPTO_CMAC_H */
diff --git a/src/lib/libcrypto/man/CMAC_Init.3 b/src/lib/libcrypto/man/CMAC_Init.3
index 81cb8b8f0b..f4143cf451 100644
--- a/src/lib/libcrypto/man/CMAC_Init.3
+++ b/src/lib/libcrypto/man/CMAC_Init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMAC_Init.3,v 1.5 2023/12/25 15:52:18 schwarze Exp $
+.\" $OpenBSD: CMAC_Init.3,v 1.6 2024/03/02 09:30:21 tb Exp $
 .\"
 .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 25 2023 $
+.Dd $Mdocdate: March 2 2024 $
 .Dt CMAC_INIT 3
 .Os
 .Sh NAME
@@ -22,7 +22,6 @@
 .Nm CMAC_Init ,
 .Nm CMAC_Update ,
 .Nm CMAC_Final ,
-.Nm CMAC_resume ,
 .Nm CMAC_CTX_copy ,
 .Nm CMAC_CTX_get0_cipher_ctx ,
 .Nm CMAC_CTX_cleanup ,
@@ -52,13 +51,6 @@
 .Fa "unsigned char *out_mac"
 .Fa "size_t *out_len"
 .Fc
-.Ft int
-.Fn CMAC_resume "CMAC_CTX *ctx"
-.Ft int
-.Fo CMAC_CTX_copy
-.Fa "CMAC_CTX *out_ctx"
-.Fa "CMAC_CTX *in_ctx"
-.Fc
 .Ft EVP_CIPHER_CTX *
 .Fn CMAC_CTX_get0_cipher_ctx "CMAC_CTX *ctx"
 .Ft void
@@ -183,19 +175,6 @@ resulting message authentication code to
 .Fa out_mac .
 The caller is responsible for providing a buffer of sufficient size.
 .Pp
-Calling
-.Fn CMAC_resume
-after
-.Fn CMAC_Final
-allows the user to subsequently append additional data with
-.Fn CMAC_Update .
-Otherwise, unless
-.Fn CMAC_Init
-is called to start from scratch,
-.Fn CMAC_Update
-can no longer be used after
-.Fn CMAC_Final .
-.Pp
 .Fn CMAC_CTX_copy
 performs a deep copy of the already initialized
 .Fa in_ctx
@@ -235,7 +214,6 @@ It succeeds unless memory is exhausted.
 .Fn CMAC_Init ,
 .Fn CMAC_Update ,
 .Fn CMAC_Final ,
-.Fn CMAC_resume ,
 and
 .Fn CMAC_CTX_copy
 return 1 on success or 0 on failure.