Limit the output of the enc -ciphers command

to just the ciphers enc can process. This means no AEAD ciphers and no XTS mode. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2876) (cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236)
author: Pauli <paul.dale@oracle.com> 2017-03-08 11:18:55 +1000
committer: Rich Salz <rsalz@openssl.org> 2017-03-08 10:12:52 -0500
commit: b97324dbcb12e8b509d513ded9ba3f71c14547d8 (patch)
tree: 0d85ab1e3952c6a90bafb4716faf32ceef710dc7
parent: a556145a2c973303fd70315d9b77f126f43638f0 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/apps/enc.c b/apps/enc.c
index ec5fc941cf..3b3381fed9 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
 {
     BIO *bio = bio_;
     static int n;
+    const EVP_CIPHER *cipher;
 
     if (!islower((unsigned char)*name->name))
         return;
 
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
     BIO_printf(bio, "-%-25s", name->name);
     if (++n == 3) {
         BIO_printf(bio, "\n");
author	Pauli <paul.dale@oracle.com>	2017-03-08 11:18:55 +1000
committer	Rich Salz <rsalz@openssl.org>	2017-03-08 10:12:52 -0500
commit	b97324dbcb12e8b509d513ded9ba3f71c14547d8 (patch)
tree	0d85ab1e3952c6a90bafb4716faf32ceef710dc7
parent	a556145a2c973303fd70315d9b77f126f43638f0 (diff)