e0ba4dddf6
No code within BoringSSL or Google (grep for EVP_PKEY_CTX_(ctrl|get|set)) is sensitive to the various failure cases. Normalize it all to 0/1 for simplicity. This does carry a slight risk: any new ctrl hooks we import from upstream that, like EVP_PKEY_CTX_get_rsa_oaep_md, return something other than success/failure cannot be called directly via EVP_PKEY_CTX_ctrl. They instead need to internally be routed through a struct like CBS and only called through the wrappers. To that end, unexport EVP_PKEY_CTX_ctrl and require that callers use the wrappers. No code in Google uses it directly and, if need be, switching to the wrapper would be an incredibly upstreamable patch. Change-Id: I3fd4e5a1a0f3d4d1c4122c52d4c74a5105b99cd5 Reviewed-on: https://boringssl-review.googlesource.com/3874 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| openssl | ||