Commit 777f1708 authored by Pauli's avatar Pauli Committed by Rich Salz
Browse files

Limit the output of the enc -ciphers command to just the ciphers enc can 


process.  This means no AEAD ciphers and no XTS mode.

Update the test script that uses this output to test cipher suites to not
filter out the now missing cipher modes.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
parent 6aad9393

apps/enc.c

+8 −0
Original line number Diff line number Diff line
@@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_) 
{

    BIO *bio = bio_;

    static int n;

    const EVP_CIPHER *cipher;



    if (!islower((unsigned char)*name->name))

        return;



    /* Filter out ciphers that we cannot use */

    cipher = EVP_get_cipherbyname(name->name);

    if (cipher == NULL ||

            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||

            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)

        return;



    BIO_printf(bio, "-%-25s", name->name);

    if (++n == 3) {

        BIO_printf(bio, "\n");

test/recipes/20-test_enc_more.t

+1 −1
Original line number Diff line number Diff line
@@ -29,7 +29,7 @@ my $fail = ""; 
my $cmd = "openssl";



my @ciphers =

    grep(! /wrap|hmac|poly|ocb|xts|^$|^[^-]|(?i)[cg]cm/,

    grep(! /wrap|^$|^[^-]/,

         (map { split /\s+/ }

              run(app([$cmd, "enc", "-ciphers"]), capture => 1)));