Limit the output of the enc -ciphers command

to just the ciphers enc can process. This means no AEAD ciphers and no XTS mode. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2876) (cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236) (cherry picked from commit b97324dbcb12e8b509d513ded9ba3f71c14547d8)
author: Pauli <paul.dale@oracle.com> 2017-03-08 11:18:55 +1000
committer: Rich Salz <rsalz@openssl.org> 2017-03-08 10:16:44 -0500
commit: 201015ee4f38e5d216a7625282c6b8a395b680b7 (patch)
tree: d18276d915edcb1cd060815ed051f8767164a152 /apps
parent: 178b9be8eccffca66434299bf986494c449b10ee (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/apps/enc.c b/apps/enc.c
index 8c8f1ef0f9..69fb3f957e 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -89,6 +89,13 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
     if (!islower((unsigned char)*name->name))
         return;
 
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
     BIO_printf(bio, "-%-25s", name->name);
     if (++n == 3) {
         BIO_printf(bio, "\n");
author	Pauli <paul.dale@oracle.com>	2017-03-08 11:18:55 +1000
committer	Rich Salz <rsalz@openssl.org>	2017-03-08 10:16:44 -0500
commit	201015ee4f38e5d216a7625282c6b8a395b680b7 (patch)
tree	d18276d915edcb1cd060815ed051f8767164a152 /apps
parent	178b9be8eccffca66434299bf986494c449b10ee (diff)