+ {
+ /*
+ * TODO(3.0) Remove this when we have figured out all the details
+ * need to set up encryption right. With legacy keys, a *lot* is
+ * happening in the CMS specific EVP_PKEY_ASN1_METHOD functions,
+ * such as automatically setting a default KDF type, KDF digest,
+ * all that kind of stuff.
+ * With EVP_SIGNATURE, setting a default digest is done by getting
+ * the default MD for the key, and then inject that back into the
+ * signature implementation... we could do something similar with
+ * CMS, possibly using CMS specific OSSL_PARAM keys, just like we
+ * have for certain AlgorithmIdentifier retrievals.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+
+ EVP_PKEY_get0(pkey);
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT,
+ CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ return 0;
+ }
+ }
+