[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Wed Mar 8 15:13:16 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via b97324dbcb12e8b509d513ded9ba3f71c14547d8 (commit)
from a556145a2c973303fd70315d9b77f126f43638f0 (commit)
- Log -----------------------------------------------------------------
commit b97324dbcb12e8b509d513ded9ba3f71c14547d8
Author: Pauli <paul.dale at oracle.com>
Date: Wed Mar 8 11:18:55 2017 +1000
Limit the output of the enc -ciphers command
to just the ciphers enc can
process. This means no AEAD ciphers and no XTS mode.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
(cherry picked from commit 777f1708a88f85569304caeca197c96ef912b236)
-----------------------------------------------------------------------
Summary of changes:
apps/enc.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/apps/enc.c b/apps/enc.c
index ec5fc94..3b3381f 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
{
BIO *bio = bio_;
static int n;
+ const EVP_CIPHER *cipher;
if (!islower((unsigned char)*name->name))
return;
+ /* Filter out ciphers that we cannot use */
+ cipher = EVP_get_cipherbyname(name->name);
+ if (cipher == NULL ||
+ (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+ EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+ return;
+
BIO_printf(bio, "-%-25s", name->name);
if (++n == 3) {
BIO_printf(bio, "\n");
More information about the openssl-commits
mailing list