From: Pauli <paul.dale@oracle.com>
Date: Wed, 8 Mar 2017 01:18:55 +0000 (+1000)
Subject: Limit the output of the enc -ciphers command
X-Git-Tag: OpenSSL_1_0_2l~62
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=201015ee4f38e5d216a7625282c6b8a395b680b7;p=oweals%2Fopenssl.git

Limit the output of the enc -ciphers command

to just the ciphers enc can
process.  This means no AEAD ciphers and no XTS mode.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
(cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236)

(cherry picked from commit b97324dbcb12e8b509d513ded9ba3f71c14547d8)
---

diff --git a/apps/enc.c b/apps/enc.c
index 8c8f1ef0f9..69fb3f957e 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -89,6 +89,13 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
     if (!islower((unsigned char)*name->name))
         return;
 
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
     BIO_printf(bio, "-%-25s", name->name);
     if (++n == 3) {
         BIO_printf(bio, "\n");
diff --git a/crypto/include/internal/bn_conf.h b/crypto/include/internal/bn_conf.h
new file mode 100644
index 0000000000..34bd8b78b4
--- /dev/null
+++ b/crypto/include/internal/bn_conf.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from crypto/include/internal/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_CONF_H
+# define HEADER_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/crypto/include/internal/dso_conf.h b/crypto/include/internal/dso_conf.h
new file mode 100644
index 0000000000..7a52dd1f1a
--- /dev/null
+++ b/crypto/include/internal/dso_conf.h
@@ -0,0 +1,16 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from crypto/include/internal/dso_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/doc-nits b/doc-nits
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/fuzz/asn1-test b/fuzz/asn1-test
new file mode 100755
index 0000000000..213ae9b595
Binary files /dev/null and b/fuzz/asn1-test differ
diff --git a/fuzz/asn1parse-test b/fuzz/asn1parse-test
new file mode 100755
index 0000000000..8a09d269ab
Binary files /dev/null and b/fuzz/asn1parse-test differ
diff --git a/fuzz/bignum-test b/fuzz/bignum-test
new file mode 100755
index 0000000000..9fdbae989f
Binary files /dev/null and b/fuzz/bignum-test differ
diff --git a/fuzz/bndiv-test b/fuzz/bndiv-test
new file mode 100755
index 0000000000..f3325e6a0b
Binary files /dev/null and b/fuzz/bndiv-test differ
diff --git a/fuzz/client-test b/fuzz/client-test
new file mode 100755
index 0000000000..fed6d935df
Binary files /dev/null and b/fuzz/client-test differ
diff --git a/fuzz/cms-test b/fuzz/cms-test
new file mode 100755
index 0000000000..a21e911d67
Binary files /dev/null and b/fuzz/cms-test differ
diff --git a/fuzz/conf-test b/fuzz/conf-test
new file mode 100755
index 0000000000..99514e2c80
Binary files /dev/null and b/fuzz/conf-test differ
diff --git a/fuzz/crl-test b/fuzz/crl-test
new file mode 100755
index 0000000000..857fc61edc
Binary files /dev/null and b/fuzz/crl-test differ
diff --git a/fuzz/ct-test b/fuzz/ct-test
new file mode 100755
index 0000000000..ee3b2e2ab3
Binary files /dev/null and b/fuzz/ct-test differ
diff --git a/fuzz/server-test b/fuzz/server-test
new file mode 100755
index 0000000000..ee56e438a8
Binary files /dev/null and b/fuzz/server-test differ
diff --git a/fuzz/x509-test b/fuzz/x509-test
new file mode 100755
index 0000000000..e7c90b2d10
Binary files /dev/null and b/fuzz/x509-test differ
diff --git a/test/ssltest_old b/test/ssltest_old
new file mode 100755
index 0000000000..3e3a27d41d
Binary files /dev/null and b/test/ssltest_old differ
diff --git a/test/v3ext b/test/v3ext
new file mode 100755
index 0000000000..09a0c3aa32
Binary files /dev/null and b/test/v3ext differ
diff --git a/test/x509aux b/test/x509aux
new file mode 100755
index 0000000000..35378a8ff9
Binary files /dev/null and b/test/x509aux differ