From b97324dbcb12e8b509d513ded9ba3f71c14547d8 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Wed, 8 Mar 2017 11:18:55 +1000
Subject: [PATCH] Limit the output of the enc -ciphers command

to just the ciphers enc can
process.  This means no AEAD ciphers and no XTS mode.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
(cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236)
---
 apps/enc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/apps/enc.c b/apps/enc.c
index ec5fc941cf..3b3381fed9 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
 {
     BIO *bio = bio_;
     static int n;
+    const EVP_CIPHER *cipher;
 
     if (!islower((unsigned char)*name->name))
         return;
 
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
     BIO_printf(bio, "-%-25s", name->name);
     if (++n == 3) {
         BIO_printf(bio, "\n");
-- 
2.25.1