How can I tell if a name for a cipher/digest is implemented?

Richard Levitte levitte at openssl.org
Thu Jun 18 09:40:08 UTC 2020


On Thu, 18 Jun 2020 09:39:11 +0200,
Hal Murray wrote:
> I think that checking for NULL from EVP_get_ciphername() works in 1.1.1
> but that changed for 3.0.0
> 
> Is there anything better/cleaner than actually calling EVP_CipherInit() or 
> such?

For 3.0 and on, the better way is to find the cipher with EVP_CIPHER_fetch().
That's essentially the new EVP_get_cipherbyname().

> I'm curious.  What does it mean to have a non-NULL cipher that doesn't work?  

It means that we made a compromise, and do support the use of
functions that return a const EVP_CIPHER, but mainly as a template for
implicit fetching in the likes of EVP_CipherInit.
This is, incidently, what happens if you pass an engine pointer to
EVP_CipherInit_ex() as well, the EVP_CIPHER pointer that you pass to
it is only a template for getting the "real" engine implementation,
and will fail if that engine doesn't implement it.  In other words,
you do have this situation in 1.1.1 as well, just less obviously.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-users mailing list