From: Norbert Pocs <norbertp@openssl.org>
Date: Mon, 26 May 2025 08:08:06 +0000 (+0200)
Subject: Document EVP_CIPHER failure for missing provider function
X-Git-Tag: openssl-3.4.2~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ff81f95b86bf276868427ff97f592b31b75f02c;p=thirdparty%2Fopenssl.git

Document EVP_CIPHER failure for missing provider function

When writing a new CIPHER implementation the OSSL_FUNC_cipher_get_params
must be present, otherwise the fetch fails. This behaviour is seen in
function evp_cipher_cache_constants@crypto/evp/evp_lib.c.

Resolves: #25801

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27696)

(cherry picked from commit 3423c30db3aa044f46e1f0270e2ecd899415bf5f)
---

diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index eaad3cf2ff0..b4540b1b197 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -103,8 +103,8 @@ A cipher algorithm implementation may not implement all of these functions.
 In order to be a consistent set of functions there must at least be a complete
 set of "encrypt" functions, or a complete set of "decrypt" functions, or a
 single "cipher" function.
-In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
-present.
+In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx
+and OSSL_FUNC_cipher_freectx functions must be present.
 All other functions are optional.
 
 =head2 Context Management Functions