Commit 447997dd refactored the --show-ciphers code, but introduced a bug
in mbedtls builds where non-AEAD/CBC cipher were printed too. Those are
however unsupported (as openvpn will tell you when you try to use them).
This fixes that bug.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1539242400-27614-1-git-send-email-steffan.karger@fox-it.com>
URL: https://sourceforge.net/p/openvpn/mailman/message/36438012/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -170,7 +170,8 @@ show_available_ciphers(void) |
170 | 170 |
while (*ciphers != 0) |
171 | 171 |
{ |
172 | 172 |
const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers); |
173 |
- if (info && cipher_kt_insecure(info)) |
|
173 |
+ if (info && cipher_kt_insecure(info) |
|
174 |
+ && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info))) |
|
174 | 175 |
{ |
175 | 176 |
print_cipher(info); |
176 | 177 |
} |