int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
const EVP_CIPHER *cipher, ENGINE *impl)
{
static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
#ifdef OPENSSL_FIPS
if (FIPS_mode())
{
/* If we have an ENGINE need to allow non FIPS */
if ((impl || ctx->cctx.engine)
&& !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
{
EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
return 0;
}
/* Other algorithm blocking will be done in FIPS_cmac_init,
* via FIPS_cipherinit().
*/
if (!impl && !ctx->cctx.engine)
return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
}
#endif
/* All zeros means restart */
if (!key && !cipher && !impl && keylen == 0)
{
/* Not initialised */
if (ctx->nlast_block == -1)
return 0;
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
return 1;
}
/* Initialiase context */
if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
return 0;
/* Non-NULL key means initialisation complete */
if (key)
{
int bl;
if (!EVP_CIPHER_CTX_cipher(&ctx->cctx))
return 0;
if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
return 0;
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
return 0;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
return 0;
make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k2, ctx->k1, bl);
OPENSSL_cleanse(ctx->tbl, bl);
/* Reset context again ready for first data block */
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
/* Zero tbl so resume works */
memset(ctx->tbl, 0, bl);
ctx->nlast_block = 0;
}
return 1;
}
int
CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
const EVP_CIPHER *cipher, ENGINE *impl)
{
static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
/* All zeros means restart */
if (!key && !cipher && !impl && keylen == 0) {
/* Not initialised */
if (ctx->nlast_block == -1)
return 0;
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx));
ctx->nlast_block = 0;
return 1;
}
/* Initialiase context */
if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
return 0;
/* Non-NULL key means initialisation complete */
if (key) {
int bl;
if (!EVP_CIPHER_CTX_cipher(&ctx->cctx))
return 0;
if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
return 0;
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
return 0;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
return 0;
make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k2, ctx->k1, bl);
OPENSSL_cleanse(ctx->tbl, bl);
/* Reset context again ready for first data block */
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
/* Zero tbl so resume works */
memset(ctx->tbl, 0, bl);
ctx->nlast_block = 0;
}
return 1;
}
