Commit b97324db authored by Pauli's avatar Pauli Committed by Rich Salz
Browse files

Limit the output of the enc -ciphers command 



to just the ciphers enc can
process.  This means no AEAD ciphers and no XTS mode.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
(cherry picked from commit 777f1708)
parent a556145a

apps/enc.c

+8 −0
Original line number Diff line number Diff line
@@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_) 
{

    BIO *bio = bio_;

    static int n;

    const EVP_CIPHER *cipher;



    if (!islower((unsigned char)*name->name))

        return;



    /* Filter out ciphers that we cannot use */

    cipher = EVP_get_cipherbyname(name->name);

    if (cipher == NULL ||

            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||

            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)

        return;



    BIO_printf(bio, "-%-25s", name->name);

    if (++n == 3) {

        BIO_printf(bio, "\n");