p-steuer
commented
4 years ago We can keep that in mind. However, with the engine only being relevant for the use of clear key adapter functionality and engines to be replaced by providers with the next openssl release anyway, i would not spent too much time here.
ibmca_aes_gcm is expected to return 0 on failure and 1 on success (like most openssl functions). However, in case the length check fails -1 was returned, indicating success.