From: Norbert Pocs <norbertp@openssl.org>
Date: Mon, 26 May 2025 08:08:06 +0000 (+0200)
Subject: Document EVP_CIPHER failure for missing provider function
X-Git-Tag: openssl-3.5.1~78
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=a4e7eccd12d167390e9634dc57dbafe6ced1a075;p=thirdparty%2Fopenssl.git

Document EVP_CIPHER failure for missing provider function

When writing a new CIPHER implementation the OSSL_FUNC_cipher_get_params
must be present, otherwise the fetch fails. This behaviour is seen in
function evp_cipher_cache_constants@crypto/evp/evp_lib.c.

Resolves: #25801

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27696)

(cherry picked from commit 3423c30db3aa044f46e1f0270e2ecd899415bf5f)
---

diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 93fdcfb1c0f..679c35e0f9b 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -134,8 +134,8 @@ In order to be a consistent set of functions there must at least be a complete
 set of "encrypt" functions, or a complete set of "decrypt" functions, or a
 single "cipher" function. Similarly, there can be a complete set of pipeline
 "encrypt" functions, and/or a complete set of pipeline "decrypt" functions.
-In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
-present.
+In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx
+and OSSL_FUNC_cipher_freectx functions must be present.
 All other functions are optional.
 
 =head2 Context Management Functions