Enforce mandatory cipher get_params at dispatch parse

Reject provider ciphers that lack get_params when unpacking the dispatch
table in evp_cipher_from_algorithm(), failing with
EVP_R_INVALID_PROVIDER_FUNCTIONS instead of later with
EVP_R_CACHE_CONSTANTS_FAILED.

Revert the optional-functions sentence in provider-cipher.pod to "All
other functions are optional." so the doc does not imply only
get_params, newctx, and freectx are required; a consistent
encrypt/decrypt set is also required as described in the prior paragraph.

Move test_cipher_no_getparams from evp_skey_test.c to evp_fetch_prov_test.c
and add fake_cipherprov.c to the evp_fetch_prov_test build.

Drop the redundant newctx/freectx/get_params line from the
evp_cipher_from_algorithm() comment.

Fixes #19110

Made-with: Cursor

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Mon Mar 16 11:22:05 2026
(Merged from https://github.com/openssl/openssl/pull/30383)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 0d2c26052ed37ca1c514854e4e7f60c1b01d6354..1be9508ac61fa5f00d30f2ecf651390d25bdc05b 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1478,12 +1478,12 @@ static void *evp_cipher_from_algorithm(const int name_id,
     if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
         || (fnciphcnt == 0 && cipher->ccipher == NULL && fnpipecnt == 0)
         || (fnpipecnt != 0 && (fnpipecnt < 3 || cipher->p_cupdate == NULL || cipher->p_cfinal == NULL))
-        || fnctxcnt != 2) {
+        || fnctxcnt != 2
+        || cipher->get_params == NULL) {
         /*
          * In order to be a consistent set of functions we must have at least
          * a complete set of "encrypt" functions, or a complete set of "decrypt"
-         * functions, or a single "cipher" function. In all cases we need both
-         * the "newctx" and "freectx" functions.
+         * functions, or a single "cipher" function.
          */
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
         goto err;

diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 679c35e0f9ba5dba170492b4dac24fa5839e8e0d..a7dea25fd3afafc855762945f6bae299b6174f92 100644 (file)
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -294,7 +294,7 @@ OSSL_FUNC_cipher_decrypt_skey_init() were introduced in OpenSSL 3.5.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

diff --git a/test/build.info b/test/build.info
index c5a7a565b70465a32f99cea5cc67cf07088d91ed..0c69df85cc5de515162e9efea1d09753c59ba4b0 100644 (file)
--- a/test/build.info
+++ b/test/build.info
@@ -248,7 +248,7 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[evp_libctx_test]=../include ../apps/include
   DEPEND[evp_libctx_test]=../libcrypto.a libtestutil.a
 
-  SOURCE[evp_fetch_prov_test]=evp_fetch_prov_test.c
+  SOURCE[evp_fetch_prov_test]=evp_fetch_prov_test.c fake_cipherprov.c
   INCLUDE[evp_fetch_prov_test]=../include ../apps/include
   DEPEND[evp_fetch_prov_test]=../libcrypto libtestutil.a
 

diff --git a/test/evp_fetch_prov_test.c b/test/evp_fetch_prov_test.c
index 2cde0049e8750b0dcd507a36be610f5a69e302db..bcc7c59eb611bef7cf33ebdd662f4f6765d172f8 100644 (file)
--- a/test/evp_fetch_prov_test.c
+++ b/test/evp_fetch_prov_test.c
@@ -20,6 +20,7 @@
 #include <openssl/provider.h>
 #include "internal/sizes.h"
 #include "testutil.h"
+#include "fake_cipherprov.h"
 
 static char *config_file = NULL;
 static char *alg = "digest";
@@ -340,6 +341,36 @@ static int test_explicit_EVP_CIPHER_fetch_by_name(void)
     return test_explicit_EVP_CIPHER_fetch("AES-128-CBC");
 }
 
+/*
+ * Test that a provider cipher without get_params fails to fetch.
+ */
+static int test_cipher_no_getparams(void)
+{
+    int ret = 0;
+    OSSL_LIB_CTX *ctx = NULL;
+    OSSL_PROVIDER *fake_prov = NULL;
+    EVP_CIPHER *cipher = NULL;
+
+    ctx = OSSL_LIB_CTX_new();
+    if (!TEST_ptr(ctx))
+        return 0;
+
+    if (!TEST_ptr(fake_prov = fake_cipher_start(ctx)))
+        goto end;
+
+    /* Fetch must fail for a cipher that has no get_params */
+    cipher = EVP_CIPHER_fetch(ctx, FAKE_CIPHER_NO_GETPARAMS, FAKE_CIPHER_FETCH_PROPS);
+    if (!TEST_ptr_null(cipher))
+        goto end;
+
+    ret = 1;
+end:
+    EVP_CIPHER_free(cipher);
+    fake_cipher_finish(fake_prov);
+    OSSL_LIB_CTX_free(ctx);
+    return ret;
+}
+
 /*
  * idx 0: Allow names from OBJ_obj2txt()
  * idx 1: Force an OID in text form from OBJ_obj2txt()
@@ -408,6 +439,7 @@ int setup_tests(void)
     } else {
         ADD_TEST(test_implicit_EVP_CIPHER_fetch);
         ADD_TEST(test_explicit_EVP_CIPHER_fetch_by_name);
+        ADD_TEST(test_cipher_no_getparams);
         ADD_ALL_TESTS_NOSUBTEST(test_explicit_EVP_CIPHER_fetch_by_X509_ALGOR, 2);
     }
     return 1;

diff --git a/test/evp_skey_test.c b/test/evp_skey_test.c
index 2e24123a494b8f09e0cd4e80c1c6fd7c4334366a..c98abb8462c4c594dac3cddc014ae2a431f1ceb4 100644 (file)
--- a/test/evp_skey_test.c
+++ b/test/evp_skey_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy

diff --git a/test/fake_cipherprov.c b/test/fake_cipherprov.c
index 2322a1a8122b6848a2e3beb26bb5b24088fa888d..2306f29e4edb87d997c68a087ffa6da4067846df 100644 (file)
--- a/test/fake_cipherprov.c
+++ b/test/fake_cipherprov.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -267,8 +267,18 @@ static const OSSL_DISPATCH ossl_fake_functions[] = {
     OSSL_DISPATCH_END
 };
 
+static const OSSL_DISPATCH ossl_fake_no_getparams_functions[] = {
+    { OSSL_FUNC_CIPHER_NEWCTX,
+        (void (*)(void))fake_newctx },
+    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))fake_freectx },
+    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))fake_cipher },
+    OSSL_DISPATCH_END
+};
+
 static const OSSL_ALGORITHM fake_cipher_algs[] = {
     { "fake_cipher", FAKE_CIPHER_FETCH_PROPS, ossl_fake_functions },
+    { FAKE_CIPHER_NO_GETPARAMS, FAKE_CIPHER_FETCH_PROPS,
+        ossl_fake_no_getparams_functions },
     { NULL, NULL, NULL }
 };
 

diff --git a/test/fake_cipherprov.h b/test/fake_cipherprov.h
index ea7313a740acac11a5897f7d88d61be9cbb6f73f..54ccd6face07b8551aef3de0abdf55008adaff33 100644 (file)
--- a/test/fake_cipherprov.h
+++ b/test/fake_cipherprov.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,4 +16,5 @@ void fake_cipher_finish(OSSL_PROVIDER *p);
 #define FAKE_PROV_NAME "fake-cipher"
 #define FAKE_CIPHER_FETCH_PROPS "provider=fake-cipher"
 
+#define FAKE_CIPHER_NO_GETPARAMS "fake_cipher_no_getparams"
 #define FAKE_CIPHER_PARAM_KEY_NAME "key_name"