[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
       via  777f1708a88f85569304caeca197c96ef912b236 (commit)
      from  6aad9393680ccde591905c8d71da92a241756394 (commit)


- Log -----------------------------------------------------------------
commit 777f1708a88f85569304caeca197c96ef912b236
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Mar 8 11:18:55 2017 +1000

    Limit the output of the enc -ciphers command to just the ciphers enc can
    process.  This means no AEAD ciphers and no XTS mode.
    
    Update the test script that uses this output to test cipher suites to not
    filter out the now missing cipher modes.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2876)

-----------------------------------------------------------------------

Summary of changes:
 apps/enc.c                      | 8 ++++++++
 test/recipes/20-test_enc_more.t | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/apps/enc.c b/apps/enc.c
index 94c8255..1b4ec0b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
 {
     BIO *bio = bio_;
     static int n;
+    const EVP_CIPHER *cipher;
 
     if (!islower((unsigned char)*name->name))
         return;
 
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
     BIO_printf(bio, "-%-25s", name->name);
     if (++n == 3) {
         BIO_printf(bio, "\n");
diff --git a/test/recipes/20-test_enc_more.t b/test/recipes/20-test_enc_more.t
index 2ea6897..1419ddb 100644
--- a/test/recipes/20-test_enc_more.t
+++ b/test/recipes/20-test_enc_more.t
@@ -29,7 +29,7 @@ my $fail = "";
 my $cmd = "openssl";
 
 my @ciphers =
-    grep(! /wrap|hmac|poly|ocb|xts|^$|^[^-]|(?i)[cg]cm/,
+    grep(! /wrap|^$|^[^-]/,
          (map { split /\s+/ }
               run(app([$cmd, "enc", "-ciphers"]), capture => 1)));