On Mon, Mar 04, 2013, Leon Brits wrote: > Hi List, > > In the FIPS security policy it states that OpenSSL supports the following > modes for AES: "128/ 192/256 ECB, CBC, OFB, CFB 1, CFB 8, CFB 128, CTR, XTS; > CCM; GCM; CMAC generate and verify" (page 12). > > My library is required to support of these modes in FIPS and non-FIPS mode. > Most of them are now working in "non-FIPS"-mode except for CCM and CMAC. > EVP_get_cipherbynid() complains that it cannot find NID_aes_128_ccm and the > compiler complains that it cannot find the NID defines for the CMAC mode. > Are these modes available in non-FIPS mode using OpenSSL 1.0.1? >
CMAC needs a separate API because it doesn't behave like a normal cipher. Check out the CMAC_* functions. They behave in a very similar way to the HMAC_* functions except they take a cipher instead of a digest algorithm. The CCM modes haven't been added to the algorithm table yet. You can add them manually using EVP_add_cipher(EVP_aes_128_ccm()) etc. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
