From: Pauli Date: Wed, 8 Mar 2017 01:18:55 +0000 (+1000) Subject: Limit the output of the enc -ciphers command X-Git-Tag: OpenSSL_1_1_0f~169 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b97324dbcb12e8b509d513ded9ba3f71c14547d8;p=oweals%2Fopenssl.git Limit the output of the enc -ciphers command to just the ciphers enc can process. This means no AEAD ciphers and no XTS mode. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2876) (cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236) --- diff --git a/apps/enc.c b/apps/enc.c index ec5fc941cf..3b3381fed9 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_) { BIO *bio = bio_; static int n; + const EVP_CIPHER *cipher; if (!islower((unsigned char)*name->name)) return; + /* Filter out ciphers that we cannot use */ + cipher = EVP_get_cipherbyname(name->name); + if (cipher == NULL || + (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + return; + BIO_printf(bio, "-%-25s", name->name); if (++n == 3) { BIO_printf(bio, "\n");