[openssl] master update

tomas at openssl.org tomas at openssl.org
Tue Aug 31 10:18:29 UTC 2021


The branch master has been updated
       via  69222552252c86e7d68dcc24b2ce1aa0793ab3aa (commit)
      from  028593f546f66d50d399a4f9286364d97c68da78 (commit)


- Log -----------------------------------------------------------------
commit 69222552252c86e7d68dcc24b2ce1aa0793ab3aa
Author: slontis <shane.lontis at oracle.com>
Date:   Wed Aug 25 11:50:20 2021 +1000

    Document that EVP_get_cipherbyname() does not work for some new algorithm names.
    
    These algorithms were added to providers but have no const EVP_CIPHER*
    mapping. Ciphers for SIV and CTS were previously only available via low level
    function calls that are deprecated.
    
    Reported by @reaperhulk.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16414)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                   | 7 +++++++
 doc/man3/EVP_EncryptInit.pod | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 5b16e34dd5..a24b30e651 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -41,6 +41,13 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *OpenSSL team members and many third party contributors*
 
+ * The EVP_get_cipherbyname() function will return NULL for algorithms such as
+   "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were
+   previously only accessible via low level interfaces. Use EVP_CIPHER_fetch()
+   instead to retrieve these algorithms from a provider.
+
+   *Shane Lontis*
+
  * On build targets where the multilib postfix is set in the build
    configuration the libdir directory was changing based on whether
    the lib directory with the multilib postfix exists on the system
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index cb36629684..62d9047dce 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -447,6 +447,11 @@ EVP_CipherFinal_ex() instead.
 Return an EVP_CIPHER structure when passed a cipher name, a NID or an
 ASN1_OBJECT structure.
 
+EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV",
+"AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only
+accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve
+these algorithms from a provider.
+
 =item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()
 
 Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>


More information about the openssl-commits mailing list