[openssl.org #3295] UNKWN can be returned for SSL_state_string when in some SSL23 states
SSL_state_string contains the code: #if !defined(OPENSSL_NO_SSL2) !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ case SSL23_ST_CW_CLNT_HELLO_A: str=23WCHA; break; case SSL23_ST_CW_CLNT_HELLO_B: str=23WCHB; break; case SSL23_ST_CR_SRVR_HELLO_A: str=23RSHA; break; case SSL23_ST_CR_SRVR_HELLO_B: str=23RSHA; break; /* server */ case SSL23_ST_SR_CLNT_HELLO_A: str=23RCHA; break; case SSL23_ST_SR_CLNT_HELLO_B: str=23RCHB; break; #endif ... default:str=UNKWN ; break; However, openssl can enter at least some of the above states even when OPENSSL_NO_SSL2 is defined. For example, in s23_clnt.c: IMPLEMENT_ssl23_meth_func(SSLv23_client_method, ssl_undefined_function, ssl23_connect, ssl23_get_client_method) SSLv23_client_method is a public API which can certainly be called when OPENSSL_NO_SSL2 is not defined; in this case it's just expected to not actually use SSLv2. So if the user calls this, ssl23_connect will be called to handle connections. And ssl23_connect contains lines to set the state: s-state=SSL23_ST_CW_CLNT_HELLO_A; s-state=SSL23_ST_CR_SRVR_HELLO_A; s-state=SSL23_ST_CW_CLNT_HELLO_B; None of these state transitions are guarded by OPENSSL_NO_SSL2 defines. So, if OPENSSL_NO_SSL2 is defined, openssl CAN enter the 3 states above, but if SSL_state_string is called while in these states, UNKNWN is returned, because the code that handles these 3 states is only defined when OPENSSL_NO_SSL2 is not defined. I don't know if there are similar problems for any other states. It looks like SSL_state_string_long has the same problem. It looks ilk SSL_state_string_long __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3296] make report
Hi, i am trying to build openssl-1.0.1f in my fedora 20 64 bit laptop. But i am getting the following errors. Please help me to fix it. thanks [root@nazatul openssl-1.0.1f]# make install making all in crypto... make[1]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto' making all in crypto/objects... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/objects' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/objects' making all in crypto/md4... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/md4' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/md4' making all in crypto/md5... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/md5' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/md5' making all in crypto/sha... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/sha' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/sha' making all in crypto/mdc2... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/mdc2' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/mdc2' making all in crypto/hmac... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/hmac' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/hmac' making all in crypto/ripemd... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/ripemd' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/ripemd' making all in crypto/whrlpool... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/whrlpool' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/whrlpool' making all in crypto/des... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/des' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/des' making all in crypto/aes... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/aes' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/aes' making all in crypto/rc2... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/rc2' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/rc2' making all in crypto/rc4... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/rc4' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/rc4' making all in crypto/idea... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/idea' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/idea' making all in crypto/bf... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/bf' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/bf' making all in crypto/cast... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/cast' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/cast' making all in crypto/camellia... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/camellia' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/camellia' making all in crypto/seed... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/seed' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/seed' making all in crypto/modes... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/modes' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/modes' making all in crypto/bn... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/bn' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/bn' making all in crypto/ec... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/ec' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/ec' making all in crypto/rsa... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/rsa' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/rsa' making all in crypto/dsa... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/dsa' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/nsultan/openssl-1.0.1f/crypto/dsa' making all in crypto/ecdsa... make[2]: Entering directory `/home/nsultan/openssl-1.0.1f/crypto/ecdsa' make[2]: Nothing to be
OpenSSL version 1.0.1g released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.0.1g released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1g of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1g is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1g.tar.gz Size: 4509047 MD5 checksum: de62b43dfcd858e66a74bee1c834e959 SHA1 checksum: b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c The checksums were calculated using the following commands: openssl md5 openssl-1.0.1g.tar.gz openssl sha1 openssl-1.0.1g.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJTQtiiAAoJENNXdQf6QOniC/EQALRkau9Gx+qzyp1nx1FDTJI1 ox93n7SKC3QIjX4veVuFjpaPymNQXVRM8IbgET5tE4GPT5w+PrscpyGSJJr8yvWN TKy48JSKl13GVMODnEC6nEffsS/sci5o2PHXhDYa7aC+xRF6UUSMa8tqXnhGJP7e uv7a1tYjtgE8Ix9tdoK32UkPOM0Z1qr11lPFDdG0GrIs+mbjPirdKSgvQm22w4IU jyn5AmmReA6ZnIpffOHGQY5OgpGTg4yg+aaFKenisOfIL80raNZlVuWrzDkTUS9k +gikqtBRg1pFMd1UGpl0S7sIXZNm01yv4K4aO3a9aykXqPQLOc8WmvfDgf99+8HR zUrowh7Xf1CvHsgIs4s0XaggZdXhkXpMpSWdWpVh7ZVm/TPInoPWwyj8Zp/TL8XF N/GrNHRLuWvSgCuyA7qhkee33FmtCblnYTHSLyGQrVpfq/cVEzvpznsZnObjFG+/ 4Gss0qUVQZ0LJUUKZHx5cGvHliXYEeZQaBz/VLJ7J8fvy6Fsp0vKFjbrobG6srB6 pa6NYQKjHhobx+eEW380j3r60iBiz1GjdMSOdLvnSOA9dOcWmXFxl5GLcASnM+F0 kGtZBjLXsaImnp749V50sme+bNgQ/ErUvikTLXefk0rtUnfjCmJec44Kn5Gh7J1k iI/CjhJrI2B83C48m2kE =lxo1 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g released
OpenSSL open...@openssl.org wrote: | OpenSSL version 1.0.1g released | === Forgot to git(1) tag OpenSSL_1_0_1g? --steffen __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g released
On Mon, Apr 07, 2014, Steffen Nurpmeso wrote: OpenSSL open...@openssl.org wrote: | OpenSSL version 1.0.1g released | === Forgot to git(1) tag OpenSSL_1_0_1g? Didn't get round to pushing the tag. Should be fixed now. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [07 Apr 2014] TLS heartbeat read overrun (CVE-2014-0160) == A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley a...@chromium.org and Bodo Moeller bmoel...@acm.org for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJTQt1bAAoJENNXdQf6QOniGhkP/AjjZgV+g7ZyxnxdnvA2+sdV sxNso208Cod8DKnDONtXHuPTkTFfyHl72FM1ea99woe3X6JWj3PyiZGvSfeo4Jj/ QiDJvvcHc5Xq00gAr6MIarhMJbRtYkM+Th6PPXyqODYcb/pDoqy5VWo/R9QkZTPn zaiXPyapJB/qSYo4UqXWerT9YTLdYmiro//kQN0U/SedF/fNz4CEBcMyz6z7YJAC LFoE6Vf54PAkNvxjcX9ugIKluBMk5YONRG8PB0X/UDwf9Kj4L6OTT51x1yeFw3Sg GzTqvKD+2JWzFDCcfJULRCSCEwHhKbjR7n3sI1RPaaEWp5E63+9HSMRYjVOFIwt/ OTrMPbW1BEiX0A7NB7HSrrvddnYd3sz8A44v00oesr+XaW5nyu79IndQwLhPkKYF Dkb67quw/tfV6Y1r4sETqSd2FrM7MpFzltywMKzVKWNpMSwOAWSBGUl7VH0m84Ty zAufUSEnYIA3dMC2DnHie+ot4WnjJlTErBmfUb/QNbNYDt0vjhS60oydP1NJ8AlG aoUK7mslOlVCauAIeGNbi4PzJ+LvWYmyFFGT+M1/UOBZFFvG7jsReBjTIu9dg3Za S7NE7CeMvRRpOEm1+T9L8a26/c6C9dwF7JPQvMpTR3BeT2jjkYe8rdTCkT91g1sd J37YgDNuefzrsA+B5/o7 =szjb -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL version 1.0.1g v. VMS
OpenSSL version 1.0.1g released A relatively recent change to the VMS builders causes trouble for folks who lack the latest compiler. Using HP C V7.3-009 on OpenVMS Alpha V8.3 or HP C V7.3-019 on OpenVMS IA64 V8.3-1H1, for example: [...] s2_meth.c %CC-W-UNKMSGID, Unknown message id or group MAYLOSEDATA3 is ignored. %LIBRAR-W-COMCOD, compilation warnings in module S2_METH file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ALPHA.OBJ.SSL]s2_meth.OBJ;1 [...] %LINK-W-WRNERS, compilation warnings in module S2_METH file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ALPHA.EXE.SSL]SSL_LIBSSL32.OLB;1 [...] I see about 48 of the %CC-W-UNKMSGID, 47 of the %LIBRAR-W-COMCOD, and 157 of the %LINK-W-WRNERS. This is annoying. I propose a change to suppress MAYLOSEDATA3 warnings only if the compiler recognizes it: --- ssl/ssl-lib.com_orig2014-03-17 11:14:20 -0500 +++ ssl/ssl-lib.com 2014-04-07 15:18:26 -0500 @@ -857,7 +857,7 @@ $ IF F$TYPE(USER_CCDEFS) .NES. THEN CCDEFS = CCDEFS + , + USER_CCDEFS $ CCEXTRAFLAGS = $ IF F$TYPE(USER_CCFLAGS) .NES. THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = MAYLOSEDATA3 !!! LONGLONGTYPE,LONGLONGSUFX,FOUNDCR +$ CCDISABLEWARNINGS = !!! MAYLOSEDATA3 !!! LONGLONGTYPE,LONGLONGSUFX,FOUNDCR $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + , + USER_CCDISABLEWARNINGS $! @@ -1022,6 +1022,16 @@ $! $ IF COMPILER .EQS. DECC $ THEN +$!Not all compiler versions support MAYLOSEDATA3. +$ OPT_TEST = MAYLOSEDATA3 +$ 'CC' /NOCROSS_REFERENCE /NOLIST /NOOBJECT - + /WARNINGS = DISABLE = ('OPT_TEST', EMPTYFILE) NL: +$ IF ($SEVERITY) +$ THEN +$ IF CCDISABLEWARNINGS .NES. THEN - + CCDISABLEWARNINGS = CCDISABLEWARNINGS+ , +$ CCDISABLEWARNINGS = CCDISABLEWARNINGS+ OPT_TEST +$ ENDIF $ IF CCDISABLEWARNINGS .EQS. $ THEN $ CC4DISABLEWARNINGS = DOLLARID I don't have one, so I haven't actually tested this change using a compiler which accepts MAYLOSEDATA3, but it looks plausible (to me). 1.0.2-beta1 seems to need the same treatment in crypto/crypto-lib.com, as well. Steven M. Schweda sms@antinode-info 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g v. VMS
On Mon, Apr 07, 2014, Steven M. Schweda wrote: OpenSSL version 1.0.1g released A relatively recent change to the VMS builders causes trouble for folks who lack the latest compiler. Using HP C V7.3-009 on OpenVMS Alpha V8.3 or HP C V7.3-019 on OpenVMS IA64 V8.3-1H1, for example: [...] s2_meth.c %CC-W-UNKMSGID, Unknown message id or group MAYLOSEDATA3 is ignored. %LIBRAR-W-COMCOD, compilation warnings in module S2_METH file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ALPHA.OBJ.SSL]s2_meth.OBJ;1 [...] %LINK-W-WRNERS, compilation warnings in module S2_METH file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ALPHA.EXE.SSL]SSL_LIBSSL32.OLB;1 [...] I see about 48 of the %CC-W-UNKMSGID, 47 of the %LIBRAR-W-COMCOD, and 157 of the %LINK-W-WRNERS. This is annoying. I propose a change to suppress MAYLOSEDATA3 warnings only if the compiler recognizes it: Patch applied. Let me know of any problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g v. VMS
From: Dr. Stephen Henson st...@openssl.org Patch applied. Let me know of any problems. Thanks. Sadly, I forgot one refinement, which would keep the warning from the test out of the log. If I could talk you into smoothing over that blunder, then I'd be able to rest easy (for a while). --- ssl/ssl-lib.com;-1 2014-04-07 15:18:26 -0500 +++ ssl/ssl-lib.com 2014-04-07 18:26:49 -0500 @@ -1024,6 +1024,8 @@ $ THEN $!Not all compiler versions support MAYLOSEDATA3. $ OPT_TEST = MAYLOSEDATA3 +$ DEFINE /USER_MODE SYS$ERROR NL: +$ DEFINE /USER_MODE SYS$OUTPUT NL: $ 'CC' /NOCROSS_REFERENCE /NOLIST /NOOBJECT - /WARNINGS = DISABLE = ('OPT_TEST', EMPTYFILE) NL: $ IF ($SEVERITY) Sorry about the extra bother. For the record (no action required (or even requested)), the only remaining compiler warnings were: if (timeleft.tv_sec 0) ^ %CC-I-QUESTCOMPARE, In this statement, the unsigned expression timeleft.tv_sec is being compared with a relational operator to a constant whose value is not greater than zero. This might not be what you intended. at line number 310 in file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.crypto.bio]bss_dgram.c;1 Around here, time_t tends to be unsigned. if (*outlen = 0) ^ %CC-I-QUESTCOMPARE, In this statement, the unsigned expression *outlen is being compared with a relational operator to a constant whose value is not greater than zero. This might not be what you intended. at line number 180 in file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.engines.ccgost]gost94_keyx.c;1 Around here, size_t tends to be unsigned. if (size = 0 || ((len = data[0])) != (size -1)) ^ %CC-I-QUESTCOMPARE, In this statement, the unsigned expression size is being compared with a relational operator to a constant whose value is not greater than zero. This might not be what you intended. at line number 1128 in file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ssl]t1_lib.c;1 Here, size seems to be declared as unsigned: unsigned short size; making the 0 part of that test pointless everywhere. These are all Informational (-I-) complaints, so they cause less trouble than a real warning (-W-). Steven M. Schweda sms@antinode-info 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL version 1.0.1g v. VMS
Right approach Steven. Mea culpa :( I am terribly sorry proposing ignorance of MAYLOSEDATA3 while not testing on older compilers. Thank you. Regards, Z -Original Message- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Steven M. Schweda Sent: den 8 april 2014 05:12 To: openssl-dev@openssl.org Subject: Re: OpenSSL version 1.0.1g v. VMS From: Dr. Stephen Henson st...@openssl.org Patch applied. Let me know of any problems. Thanks. Sadly, I forgot one refinement, which would keep the warning from the test out of the log. If I could talk you into smoothing over that blunder, then I'd be able to rest easy (for a while). --- ssl/ssl-lib.com;-1 2014-04-07 15:18:26 -0500 +++ ssl/ssl-lib.com 2014-04-07 18:26:49 -0500 @@ -1024,6 +1024,8 @@ $ THEN $!Not all compiler versions support MAYLOSEDATA3. $ OPT_TEST = MAYLOSEDATA3 +$ DEFINE /USER_MODE SYS$ERROR NL: +$ DEFINE /USER_MODE SYS$OUTPUT NL: $ 'CC' /NOCROSS_REFERENCE /NOLIST /NOOBJECT - /WARNINGS = DISABLE = ('OPT_TEST', EMPTYFILE) NL: $ IF ($SEVERITY) Sorry about the extra bother. For the record (no action required (or even requested)), the only remaining compiler warnings were: if (timeleft.tv_sec 0) ^ %CC-I-QUESTCOMPARE, In this statement, the unsigned expression timeleft.tv_sec is being compared with a relational operator to a constant whose value is not greater than zero. This might not be what you intended. at line number 310 in file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.crypto.bio]bss_dgram.c;1 Around here, time_t tends to be unsigned. if (*outlen = 0) ^ %CC-I-QUESTCOMPARE, In this statement, the unsigned expression *outlen is being compared with a relational operator to a constant whose value is not greater than zero. This might not be what you intended. at line number 180 in file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.engines.ccgost]gost94_keyx .c;1 Around here, size_t tends to be unsigned. if (size = 0 || ((len = data[0])) != (size -1)) ^ %CC-I-QUESTCOMPARE, In this statement, the unsigned expression size is being compared with a relational operator to a constant whose value is not greater than zero. This might not be what you intended. at line number 1128 in file ALP$DKC100:[UTILITY.SOURCE.OPENSSL.openssl-1_0_1g.ssl]t1_lib.c;1 Here, size seems to be declared as unsigned: unsigned short size; making the 0 part of that test pointless everywhere. These are all Informational (-I-) complaints, so they cause less trouble than a real warning (-W-). Steven M. Schweda sms@antinode-info 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org