1 files changed, 30 insertions, 2 deletions
diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c
index 5a07113f7c..6be0a30dec 100644
--- a/src/usr.bin/openssl/enc.c
+++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: enc.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -304,6 +304,22 @@ static const struct option enc_options[] = {
 };
 static void
+skip_aead_and_xts(const OBJ_NAME *name, void *arg)
+{
+        const EVP_CIPHER *cipher;
+        if ((cipher = EVP_get_cipherbyname(name->name)) == NULL)
+                return;
+        if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
+                return;
+        if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+                return;
+        show_cipher(name, arg);
+}
+static void
 enc_usage(void)
 {
        int n = 0;
@@ -318,7 +334,7 @@ enc_usage(void)
        fprintf(stderr, "\n");
        fprintf(stderr, "Valid ciphername values:\n\n");
-        OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_cipher, &n);
+        OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, skip_aead_and_xts, &n);
        fprintf(stderr, "\n");
 }
@@ -412,6 +428,18 @@ enc_main(int argc, char **argv)
                enc_config.keystr = buf;
        }
+        if (enc_config.cipher != NULL &&
+            (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
+                BIO_printf(bio_err, "enc does not support AEAD ciphers\n");
+                goto end;
+        }
+        if (enc_config.cipher != NULL &&
+            EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) {
+                BIO_printf(bio_err, "enc does not support XTS mode\n");
+                goto end;
+        }
        if (enc_config.md != NULL &&
            (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) {
                BIO_printf(bio_err,

diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c index 5a07113f7c..6be0a30dec 100644 --- a/src/usr.bin/openssl/enc.c +++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: enc.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */	1	/* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -304,6 +304,22 @@ static const struct option enc_options[] = {
304	};	304	};
305		305
306	static void	306	static void
		307	skip_aead_and_xts(const OBJ_NAME name, void arg)
		308	{
		309	const EVP_CIPHER *cipher;
		310
		311	if ((cipher = EVP_get_cipherbyname(name->name)) == NULL)
		312	return;
		313
		314	if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
		315	return;
		316	if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
		317	return;
		318
		319	show_cipher(name, arg);
		320	}
		321
		322	static void
307	enc_usage(void)	323	enc_usage(void)
308	{	324	{
309	int n = 0;	325	int n = 0;
@@ -318,7 +334,7 @@ enc_usage(void)
318	fprintf(stderr, "\n");	334	fprintf(stderr, "\n");
319		335
320	fprintf(stderr, "Valid ciphername values:\n\n");	336	fprintf(stderr, "Valid ciphername values:\n\n");
321	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_cipher, &n);	337	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, skip_aead_and_xts, &n);
322	fprintf(stderr, "\n");	338	fprintf(stderr, "\n");
323	}	339	}
324		340
@@ -412,6 +428,18 @@ enc_main(int argc, char **argv)
412	enc_config.keystr = buf;	428	enc_config.keystr = buf;
413	}	429	}
414		430
		431	if (enc_config.cipher != NULL &&
		432	(EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
		433	BIO_printf(bio_err, "enc does not support AEAD ciphers\n");
		434	goto end;
		435	}
		436
		437	if (enc_config.cipher != NULL &&
		438	EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) {
		439	BIO_printf(bio_err, "enc does not support XTS mode\n");
		440	goto end;
		441	}
		442
415	if (enc_config.md != NULL &&	443	if (enc_config.md != NULL &&
416	(dgst = EVP_get_digestbyname(enc_config.md)) == NULL) {	444	(dgst = EVP_get_digestbyname(enc_config.md)) == NULL) {
417	BIO_printf(bio_err,	445	BIO_printf(bio_err,