Disallow ciphers with EVP_CIPH_FLAG_CUSTOM_CIPHER in CMAC
These are usually AEAD ciphers, for which CMAC makes little sense (if you
need a MAC and all you have is an AEAD, you don't need CMAC, you can just
use a zero length cipher text). Also, since the CMAC implementation only
allows 64 and 128 bit block sizes, the AEADs would error out later anyway.
The only family of ciphers this effectively excludes is AES key wrap, for
which CMAC makes little sense.
One notable side effect of doing this is that the EVP_Cipher() return
value checks in the CMAC code magically become correct. EVP. What's not to
love about it.
ok jsing
projects / openbsd / commit