From: Pauli <pauli@openssl.org>
Date: Wed, 14 Apr 2021 02:26:41 +0000 (+1000)
Subject: changes: note that some ctrl calls have a different error return.
X-Git-Tag: openssl-3.0.0-alpha15~93
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9c1b19eb6f51fd6785cc61418e10070af83df1d2;p=thirdparty%2Fopenssl.git

changes: note that some ctrl calls have a different error return.

Providers do not distinguish between invalid and other errors via the return
code.

Fixes #14442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14864)
---

diff --git a/CHANGES.md b/CHANGES.md
index a2a281637f7..76ba709c0e9 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -29,6 +29,12 @@ OpenSSL 3.0
 
    *Boris Pismenny, John Baldwin and Andrew Gallatin*
 
+ * The error return values from some control calls (ctrl) have changed.
+   One significant change is that controls which used to return -2 for
+   invalid inputs, now return -1 indicating a generic error condition instead.
+
+   *Paul Dale*
+
  * A public key check is now performed during EVP_PKEY_derive_set_peer().
    Previously DH was internally doing this during EVP_PKEY_derive().
    To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0). This