=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/enc.c,v retrieving revision 1.25 retrieving revision 1.26 diff -c -r1.25 -r1.26 *** src/usr.bin/openssl/enc.c 2022/11/11 17:07:39 1.25 --- src/usr.bin/openssl/enc.c 2023/03/04 21:58:54 1.26 *************** *** 1,4 **** ! /* $OpenBSD: enc.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 304,309 **** --- 304,325 ---- }; static void + skip_aead_and_xts(const OBJ_NAME *name, void *arg) + { + const EVP_CIPHER *cipher; + + if ((cipher = EVP_get_cipherbyname(name->name)) == NULL) + return; + + if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) + return; + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + return; + + show_cipher(name, arg); + } + + static void enc_usage(void) { int n = 0; *************** *** 318,324 **** fprintf(stderr, "\n"); fprintf(stderr, "Valid ciphername values:\n\n"); ! OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_cipher, &n); fprintf(stderr, "\n"); } --- 334,340 ---- fprintf(stderr, "\n"); fprintf(stderr, "Valid ciphername values:\n\n"); ! OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, skip_aead_and_xts, &n); fprintf(stderr, "\n"); } *************** *** 410,415 **** --- 426,443 ---- goto end; } enc_config.keystr = buf; + } + + if (enc_config.cipher != NULL && + (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { + BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); + goto end; + } + + if (enc_config.cipher != NULL && + EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { + BIO_printf(bio_err, "enc does not support XTS mode\n"); + goto end; } if (enc_config.md != NULL &&