Limit the output of the enc -ciphers command to just the ciphers enc can

process. This means no AEAD ciphers and no XTS mode. Update the test script that uses this output to test cipher suites to not filter out the now missing cipher modes. Reviewed-by: N Richard Levitte <levitte@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2876)

Limit the output of the enc -ciphers command to just the ciphers enc can
process. This means no AEAD ciphers and no XTS mode. Update the test script that uses this output to test cipher suites to not filter out the now missing cipher modes. Reviewed-by: N Richard Levitte <levitte@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2876)
777f1708 · Pauli · Rich Salz · 6aad9393 · 777f1708 · 777f1708
隐藏空白更改
内联并排

Showing with 9 addition and 1 deletion

apps/enc.c apps/enc.c +8 -0

test/recipes/20-test_enc_more.t test/recipes/20-test_enc_more.t +1 -1

未找到文件。
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -563,10 +563,18 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
 {
    BIO *bio = bio_;
    static int n;
+    const EVP_CIPHER *cipher;

    if (!islower((unsigned char)*name->name))
        return;

+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
    BIO_printf(bio, "-%-25s", name->name);
    if (++n == 3) {
        BIO_printf(bio, "\n");

--- a/test/recipes/20-test_enc_more.t
+++ b/test/recipes/20-test_enc_more.t
@@ -29,7 +29,7 @@ my $fail = "";
 my $cmd = "openssl";

 my @ciphers =
-    grep(! /wrap|hmac|poly|ocb|xts|^$|^[^-]|(?i)[cg]cm/,
+    grep(! /wrap|^$|^[^-]/,
         (map { split /\s+/ }
              run(app([$cmd, "enc", "-ciphers"]), capture => 1)));