diff options
author | Pauli <paul.dale@oracle.com> | 2017-03-08 11:18:55 +1000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-03-08 10:16:44 -0500 |
commit | 201015ee4f38e5d216a7625282c6b8a395b680b7 (patch) | |
tree | d18276d915edcb1cd060815ed051f8767164a152 /apps/enc.c | |
parent | 178b9be8eccffca66434299bf986494c449b10ee (diff) |
Limit the output of the enc -ciphers command
to just the ciphers enc can
process. This means no AEAD ciphers and no XTS mode.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
(cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236)
(cherry picked from commit b97324dbcb12e8b509d513ded9ba3f71c14547d8)
Diffstat (limited to 'apps/enc.c')
-rw-r--r-- | apps/enc.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/apps/enc.c b/apps/enc.c index 8c8f1ef0f9..69fb3f957e 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -89,6 +89,13 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_) if (!islower((unsigned char)*name->name)) return; + /* Filter out ciphers that we cannot use */ + cipher = EVP_get_cipherbyname(name->name); + if (cipher == NULL || + (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + return; + BIO_printf(bio, "-%-25s", name->name); if (++n == 3) { BIO_printf(bio, "\n"); |