Document that EVP_get_cipherbyname() does not work for some new algorithm names.

These algorithms were added to providers but have no const EVP_CIPHER*
mapping. Ciphers for SIV and CTS were previously only available via low level
function calls that are deprecated.

Reported by @reaperhulk.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16414)

2 files changed, 12 insertions, 0 deletions

diff --git a/CHANGES.md b/CHANGES.md
index 5b16e34dd5..a24b30e651 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -41,6 +41,13 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *OpenSSL team members and many third party contributors*
 
+ * The EVP_get_cipherbyname() function will return NULL for algorithms such as
+   "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were
+   previously only accessible via low level interfaces. Use EVP_CIPHER_fetch()
+   instead to retrieve these algorithms from a provider.
+
+   *Shane Lontis*
+
  * On build targets where the multilib postfix is set in the build
    configuration the libdir directory was changing based on whether
    the lib directory with the multilib postfix exists on the system
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index cb36629684..62d9047dce 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -447,6 +447,11 @@ EVP_CipherFinal_ex() instead.
 Return an EVP_CIPHER structure when passed a cipher name, a NID or an
 ASN1_OBJECT structure.
 
+EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV",
+"AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only
+accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve
+these algorithms from a provider.
+
 =item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()
 
 Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>