Given OpenSSL's eternal type confusion, this check is meant to trap callers that get an error return (typically -1) from some API returning signed values and pass that on to PACKET_buf_init as a size_t. For example, ssl3_get_message returns a long to signal buffer length, and that makes me nervous.
Except, yeah, it relies on undefined behaviour. OTOH as you note we do have a test for this and we've not seen it fail on any compiler. I agree the check is pointless if your sizes are correctly represented as size_t throughout, but perhaps marginally useful for OpenSSL in its current state. I don't feel too strongly about keeping or removing it - what do others think? _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev