Disable DES3 since we do not currently provide DES3 keywrap.

author: jsing <> 2019-08-11 14:27:01 +0000
committer: jsing <> 2019-08-11 14:27:01 +0000
commit: d56b735f343f8fee02106002ed86d743f970425c (patch)
tree: b74ef2b8a769054cd8e71f7ce6e9e02d140d7639
parent: 44c4c19d37de905fca6ed2bcce92dc0d8b19ea22 (diff)
download: openbsd-d56b735f343f8fee02106002ed86d743f970425c.tar.gz
openbsd-d56b735f343f8fee02106002ed86d743f970425c.tar.bz2
openbsd-d56b735f343f8fee02106002ed86d743f970425c.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
index bc234d2e22..21e3ce8254 100644
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_kari.c,v 1.12 2019/08/11 11:07:40 jsing Exp $ */
+/* $OpenBSD: cms_kari.c,v 1.13 2019/08/11 14:27:01 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -411,10 +411,16 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher)
         * DES3 wrap otherwise use AES wrap similar to key size.
         */
 #ifndef OPENSSL_NO_DES
+#if 0
+        /*
+         * XXX - we do not currently support DES3 wrap and probably should just
+         * drop this code.
+         */
        if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
                kekcipher = EVP_des_ede3_wrap();
        else
 #endif
+#endif
        if (keylen <= 16)
                kekcipher = EVP_aes_128_wrap();
        else if (keylen <= 24)
author	jsing <>	2019-08-11 14:27:01 +0000
committer	jsing <>	2019-08-11 14:27:01 +0000
commit	d56b735f343f8fee02106002ed86d743f970425c (patch)
tree	b74ef2b8a769054cd8e71f7ce6e9e02d140d7639
parent	44c4c19d37de905fca6ed2bcce92dc0d8b19ea22 (diff)
download	openbsd-d56b735f343f8fee02106002ed86d743f970425c.tar.gz openbsd-d56b735f343f8fee02106002ed86d743f970425c.tar.bz2 openbsd-d56b735f343f8fee02106002ed86d743f970425c.zip