Disable DES3 since we do not currently provide DES3 keywrap.

author: jsing <jsing@openbsd.org> 2019-08-11 14:27:01 +0000
committer: jsing <jsing@openbsd.org> 2019-08-11 14:27:01 +0000
commit: 03df65aba73bbcc8eecfa2068dab810243e4cccc (patch)
tree: d451abaa782d80707df86b3f73da38b16d8bb815 /lib
parent: Remove label that is now unused (due to arc4random_buf() returning void). (diff)
download: wireguard-openbsd-03df65aba73bbcc8eecfa2068dab810243e4cccc.tar.xz
wireguard-openbsd-03df65aba73bbcc8eecfa2068dab810243e4cccc.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/libcrypto/cms/cms_kari.c b/lib/libcrypto/cms/cms_kari.c
index bc234d2e22e..21e3ce82549 100644
--- a/lib/libcrypto/cms/cms_kari.c
+++ b/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_kari.c,v 1.12 2019/08/11 11:07:40 jsing Exp $ */
+/* $OpenBSD: cms_kari.c,v 1.13 2019/08/11 14:27:01 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -411,10 +411,16 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher)
 	 * DES3 wrap otherwise use AES wrap similar to key size.
 	 */
 #ifndef OPENSSL_NO_DES
+#if 0
+	/*
+	 * XXX - we do not currently support DES3 wrap and probably should just
+	 * drop this code.
+	 */
 	if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
 		kekcipher = EVP_des_ede3_wrap();
 	else
 #endif
+#endif
 	if (keylen <= 16)
 		kekcipher = EVP_aes_128_wrap();
 	else if (keylen <= 24)
author	jsing <jsing@openbsd.org>	2019-08-11 14:27:01 +0000
committer	jsing <jsing@openbsd.org>	2019-08-11 14:27:01 +0000
commit	03df65aba73bbcc8eecfa2068dab810243e4cccc (patch)
tree	d451abaa782d80707df86b3f73da38b16d8bb815 /lib
parent	Remove label that is now unused (due to arc4random_buf() returning void). (diff)
download	wireguard-openbsd-03df65aba73bbcc8eecfa2068dab810243e4cccc.tar.xz wireguard-openbsd-03df65aba73bbcc8eecfa2068dab810243e4cccc.zip