From 69222552252c86e7d68dcc24b2ce1aa0793ab3aa Mon Sep 17 00:00:00 2001 From: slontis Date: Wed, 25 Aug 2021 11:50:20 +1000 Subject: [PATCH] Document that EVP_get_cipherbyname() does not work for some new algorithm names. These algorithms were added to providers but have no const EVP_CIPHER* mapping. Ciphers for SIV and CTS were previously only available via low level function calls that are deprecated. Reported by @reaperhulk. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16414) --- CHANGES.md | 7 +++++++ doc/man3/EVP_EncryptInit.pod | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 5b16e34dd51..a24b30e6514 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -41,6 +41,13 @@ breaking changes, and mappings for the large list of deprecated functions. *OpenSSL team members and many third party contributors* + * The EVP_get_cipherbyname() function will return NULL for algorithms such as + "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were + previously only accessible via low level interfaces. Use EVP_CIPHER_fetch() + instead to retrieve these algorithms from a provider. + + *Shane Lontis* + * On build targets where the multilib postfix is set in the build configuration the libdir directory was changing based on whether the lib directory with the multilib postfix exists on the system diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index cb366296848..62d9047dce7 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -447,6 +447,11 @@ EVP_CipherFinal_ex() instead. Return an EVP_CIPHER structure when passed a cipher name, a NID or an ASN1_OBJECT structure. +EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV", +"AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only +accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve +these algorithms from a provider. + =item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() Return the NID of a cipher when passed an B or B -- 2.47.3