From 6f92495acd179d025b8f561a930cab91a2c821b7 Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 25 Mar 2025 11:54:34 +0000 Subject: Fix RETURN VALUES for EVP_CIPHER_CTX_ctrl(3) The current documentation was clearly incorrect since a return of -1 from the methods is explicitly intercepted and translated to 0. schwarze and I both audited the tree and concluded that only 0 and 1 is possible. OpenSSL 3 broke this API contract and now has explicit return -1 in the convoluted 200-line maze this simple function has become with recent provider improvements. So add a small sentence hinting at that. Nobody will be surprised to read that with OpenSSL's characteristic penchant for needless inconsistency the return value checks in their tree are all over the place and sometimes incorrect. ok schwarze (with two tweaks) --- src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'src/lib/libcrypto/man') diff --git a/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 index a75b722cd4..d7ab36e711 100644 --- a/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.3 2024/12/08 17:41:23 schwarze Exp $ +.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.4 2025/03/25 11:54:34 tb Exp $ .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" .\" This file is a derived work. @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 8 2024 $ +.Dd $Mdocdate: March 25 2025 $ .Dt EVP_CIPHER_CTX_CTRL 3 .Os .Sh NAME @@ -198,13 +198,8 @@ IV length for the context as returned by .Fn EVP_CIPHER_CTX_iv_length . .Sh RETURN VALUES .Fn EVP_CIPHER_CTX_ctrl -usually returns 1 for success, 0 for failure, or \-1 if the -.Fa type -is not supported by the -.Fa ctx , -but there may be exceptions for some -.Fa type -arguments. +returns 1 for success or 0 for failure. +Some implementations may return negative values for some errors. .Pp .Fn EVP_CIPHER_CTX_set_padding always returns 1. -- cgit v1.2.3-55-g6feb