[crypto] remove libnss 3des support

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
kronosnet · Apr 11, 2019 · acb5adb · acb5adb
1 parent 4e648f7
commit acb5adb
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 11 deletions.
diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
@@ -64,32 +64,28 @@ enum nsscrypto_crypt_t {
 	CRYPTO_CIPHER_TYPE_NONE = 0,
 	CRYPTO_CIPHER_TYPE_AES256 = 1,
 	CRYPTO_CIPHER_TYPE_AES192 = 2,
-	CRYPTO_CIPHER_TYPE_AES128 = 3,
-	CRYPTO_CIPHER_TYPE_3DES = 4
+	CRYPTO_CIPHER_TYPE_AES128 = 3
 };
 
 CK_MECHANISM_TYPE cipher_to_nss[] = {
 	0,				/* CRYPTO_CIPHER_TYPE_NONE */
 	CKM_AES_CBC_PAD,		/* CRYPTO_CIPHER_TYPE_AES256 */
 	CKM_AES_CBC_PAD,		/* CRYPTO_CIPHER_TYPE_AES192 */
-	CKM_AES_CBC_PAD,		/* CRYPTO_CIPHER_TYPE_AES128 */
-	CKM_DES3_CBC_PAD 		/* CRYPTO_CIPHER_TYPE_3DES */
+	CKM_AES_CBC_PAD			/* CRYPTO_CIPHER_TYPE_AES128 */
 };
 
 size_t nsscipher_key_len[] = {
 	0,				/* CRYPTO_CIPHER_TYPE_NONE */
 	AES_256_KEY_LENGTH,		/* CRYPTO_CIPHER_TYPE_AES256 */
 	AES_192_KEY_LENGTH,		/* CRYPTO_CIPHER_TYPE_AES192 */
-	AES_128_KEY_LENGTH,		/* CRYPTO_CIPHER_TYPE_AES128 */
-	24				/* CRYPTO_CIPHER_TYPE_3DES */
+	AES_128_KEY_LENGTH		/* CRYPTO_CIPHER_TYPE_AES128 */
 };
 
 size_t nsscypher_block_len[] = {
 	0,				/* CRYPTO_CIPHER_TYPE_NONE */
 	AES_BLOCK_SIZE,			/* CRYPTO_CIPHER_TYPE_AES256 */
 	AES_BLOCK_SIZE,			/* CRYPTO_CIPHER_TYPE_AES192 */
-	AES_BLOCK_SIZE,			/* CRYPTO_CIPHER_TYPE_AES128 */
-	0				/* CRYPTO_CIPHER_TYPE_3DES */
+	AES_BLOCK_SIZE			/* CRYPTO_CIPHER_TYPE_AES128 */
 };
 
 /*
@@ -155,8 +151,6 @@ static int nssstring_to_crypto_cipher_type(const char* crypto_cipher_type)
 		return CRYPTO_CIPHER_TYPE_AES192;
 	} else if (strcmp(crypto_cipher_type, "aes128") == 0) {
 		return CRYPTO_CIPHER_TYPE_AES128;
-	} else if (strcmp(crypto_cipher_type, "3des") == 0) {
-		return CRYPTO_CIPHER_TYPE_3DES;
 	}
 	return -1;
 }

diff --git a/libknet/libknet.h b/libknet/libknet.h
@@ -617,7 +617,7 @@ struct knet_handle_crypto_cfg {
  *                         It can be set to "none" to disable
  *                         encryption.
  *                         Currently supported by "nss" model:
- *                         "3des", "aes128", "aes192" and "aes256".
+ *                         "aes128", "aes192" and "aes256".
  *                         "openssl" model supports more modes and it strictly
  *                         depends on the openssl build. See: EVP_get_cipherbyname
  *                         openssl API call for details.