Is changing the value of any following item in this enumeration really safe and compatible?

I'm guessing the value of this is defined by the algorithm.  Is there a reference or something, or a better name, or is this a name that would be well known to anyone familiar with AES-CMAC?

Presumably this is somethingy ou should resolve before you want to integrate

Again, something to resolve before you want to integrate

Is it really safe to not use the provided copy_block and such here?  I feel like I must be missing something (but it's probably that I'm not familiar with the design of the framework).

Same comment regarding copy_block.
It looks like you're perhaps just making these functions not copy at all, in which case why take the parameters?

Comment doesn't really make it clear how this differs from cbc_remainder_len

Overall design question:  Why is CMAC a special case of CBC, instead of a special case of CCM (where you don't encrypt and just take the residue)?

A comment here with this new line would be nice, and is this inserted mid-enum because of PKCS#11?

COMMENT!

Generally looks pretty good, but I've not verified against PKCS#11 nor have I gone through the algorithm with a super-fine toothed comb.
As you're modifying existing CBC modes, I think its really very important to have a complete test suite here, that provides known answer tests and covers the various edge cases.  I think you need to supply that for both the new CMAC mode plus the other AES modes that you've affected.

What is this constant?

I don't like the CMAC being incorporated with CBC, to be honest.  This is highly security sensitive code, and I think copy-paste-modify may actually be superior in this cae than inline modification, even though a lot of code is shared.

Just make a choice.

Prefer _NOTE() in the function body to ARGSUSED wild card.  (As in _NOTE(ARGUNUSED(what)).

I think without the trailing slash is better.

Perhaps this bit can be moved into the two cases above, with a fallthrough?