summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-05-25 16:23:10 +0000
committerjsing <>2014-05-25 16:23:10 +0000
commit7e606502e450b079dd66ce328c60e5b1d2d8fdb4 (patch)
tree3f1db49f0679d8ac712ededb86f1b538423eea91
parente9672afd83cfd9fe3abfe4dc2335113b2b6f3d24 (diff)
downloadopenbsd-7e606502e450b079dd66ce328c60e5b1d2d8fdb4.tar.gz
openbsd-7e606502e450b079dd66ce328c60e5b1d2d8fdb4.tar.bz2
openbsd-7e606502e450b079dd66ce328c60e5b1d2d8fdb4.zip
Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much of
this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
Diffstat
-rw-r--r--src/lib/libssl/d1_pkt.c5
-rw-r--r--src/lib/libssl/s3_clnt.c8
-rw-r--r--src/lib/libssl/s3_lib.c24
-rw-r--r--src/lib/libssl/s3_pkt.c5
-rw-r--r--src/lib/libssl/s3_srvr.c19
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c5
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c8
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c24
-rw-r--r--src/lib/libssl/src/ssl/s3_pkt.c5
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c19
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c13
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c12
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c46
-rw-r--r--src/lib/libssl/src/ssl/t1_reneg.c16
-rw-r--r--src/lib/libssl/ssl_ciph.c13
-rw-r--r--src/lib/libssl/ssl_lib.c12
-rw-r--r--src/lib/libssl/t1_enc.c46
-rw-r--r--src/lib/libssl/t1_reneg.c16
18 files changed, 0 insertions, 296 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index a9ccc6d349..0273db236c 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -427,11 +427,6 @@ dtls1_process_record(SSL *s)
427 goto err; 427 goto err;
428 } 428 }
429 429
430#ifdef TLS_DEBUG
431 printf("dec %d\n", rr->length);
432 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
433 printf("\n");
434#endif
435 430
436 /* r->length is now the compressed data plus mac */ 431 /* r->length is now the compressed data plus mac */
437 if ((sess != NULL) && (s->enc_read_ctx != NULL) && 432 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 16d5dacfc4..863a05adb3 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1638,10 +1638,6 @@ ssl3_get_key_exchange(SSL *s)
1638 al = SSL_AD_DECODE_ERROR; 1638 al = SSL_AD_DECODE_ERROR;
1639 goto f_err; 1639 goto f_err;
1640 } 1640 }
1641#ifdef SSL_DEBUG
1642 fprintf(stderr, "USING TLSv1.2 HASH %s\n",
1643 EVP_MD_name(md));
1644#endif
1645 p += 2; 1641 p += 2;
1646 n -= 2; 1642 n -= 2;
1647 } else 1643 } else
@@ -2674,10 +2670,6 @@ ssl3_send_client_verify(SSL *s)
2674 goto err; 2670 goto err;
2675 } 2671 }
2676 p += 2; 2672 p += 2;
2677#ifdef SSL_DEBUG
2678 fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
2679 EVP_MD_name(md));
2680#endif
2681 if (!EVP_SignInit_ex(&mctx, md, NULL) || 2673 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2682 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2674 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2683 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2675 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1a0bb5195d..8b67e7c36a 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -3048,20 +3048,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3048 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 3048 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3049#endif 3049#endif
3050 3050
3051#ifdef CIPHER_DEBUG
3052 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3053 (void *)srvr);
3054 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3055 c = sk_SSL_CIPHER_value(srvr, i);
3056 printf("%p:%s\n",(void *)c, c->name);
3057 }
3058 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3059 (void *)clnt);
3060 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3061 c = sk_SSL_CIPHER_value(clnt, i);
3062 printf("%p:%s\n",(void *)c, c->name);
3063 }
3064#endif
3065 3051
3066 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 3052 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3067 prio = srvr; 3053 prio = srvr;
@@ -3097,18 +3083,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3097 3083
3098 if (SSL_C_IS_EXPORT(c)) { 3084 if (SSL_C_IS_EXPORT(c)) {
3099 ok = (alg_k & emask_k) && (alg_a & emask_a); 3085 ok = (alg_k & emask_k) && (alg_a & emask_a);
3100#ifdef CIPHER_DEBUG
3101 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
3102 ok, alg_k, alg_a, emask_k, emask_a, (void *)c,
3103 c->name);
3104#endif
3105 } else { 3086 } else {
3106 ok = (alg_k & mask_k) && (alg_a & mask_a); 3087 ok = (alg_k & mask_k) && (alg_a & mask_a);
3107#ifdef CIPHER_DEBUG
3108 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
3109 ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
3110 c->name);
3111#endif
3112 } 3088 }
3113 3089
3114#ifndef OPENSSL_NO_TLSEXT 3090#ifndef OPENSSL_NO_TLSEXT
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index a5ed3c07cc..da6c860cfc 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -396,11 +396,6 @@ again:
396 goto f_err; 396 goto f_err;
397 } 397 }
398 398
399#ifdef TLS_DEBUG
400 printf("dec %d\n", rr->length);
401 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
402 printf("\n");
403#endif
404 399
405 /* r->length is now the compressed data plus mac */ 400 /* r->length is now the compressed data plus mac */
406 if ((sess != NULL) && (s->enc_read_ctx != NULL) && 401 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 6f788cd080..521f6a21e8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1088,15 +1088,8 @@ ssl3_get_client_hello(SSL *s)
1088 j = 0; 1088 j = 0;
1089 id = s->session->cipher->id; 1089 id = s->session->cipher->id;
1090 1090
1091#ifdef CIPHER_DEBUG
1092 printf("client sent %d ciphers\n", sk_num(ciphers));
1093#endif
1094 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 1091 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1095 c = sk_SSL_CIPHER_value(ciphers, i); 1092 c = sk_SSL_CIPHER_value(ciphers, i);
1096#ifdef CIPHER_DEBUG
1097 printf("client [%2d of %2d]:%s\n",
1098 i, sk_num(ciphers), SSL_CIPHER_get_name(c));
1099#endif
1100 if (c->id == id) { 1093 if (c->id == id) {
1101 j = 1; 1094 j = 1;
1102 break; 1095 break;
@@ -1890,10 +1883,6 @@ ssl3_send_server_key_exchange(SSL *s)
1890 } 1883 }
1891 p += 2; 1884 p += 2;
1892 } 1885 }
1893#ifdef SSL_DEBUG
1894 fprintf(stderr, "Using hash %s\n",
1895 EVP_MD_name(md));
1896#endif
1897 EVP_SignInit_ex(&md_ctx, md, NULL); 1886 EVP_SignInit_ex(&md_ctx, md, NULL);
1898 EVP_SignUpdate(&md_ctx, 1887 EVP_SignUpdate(&md_ctx,
1899 &(s->s3->client_random[0]), 1888 &(s->s3->client_random[0]),
@@ -2662,10 +2651,6 @@ ssl3_get_cert_verify(SSL *s)
2662 al = SSL_AD_DECODE_ERROR; 2651 al = SSL_AD_DECODE_ERROR;
2663 goto f_err; 2652 goto f_err;
2664 } 2653 }
2665#ifdef SSL_DEBUG
2666 fprintf(stderr, "USING TLSv1.2 HASH %s\n",
2667 EVP_MD_name(md));
2668#endif
2669 p += 2; 2654 p += 2;
2670 n -= 2; 2655 n -= 2;
2671 } 2656 }
@@ -2696,10 +2681,6 @@ ssl3_get_cert_verify(SSL *s)
2696 al = SSL_AD_INTERNAL_ERROR; 2681 al = SSL_AD_INTERNAL_ERROR;
2697 goto f_err; 2682 goto f_err;
2698 } 2683 }
2699#ifdef SSL_DEBUG
2700 fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
2701 EVP_MD_name(md));
2702#endif
2703 if (!EVP_VerifyInit_ex(&mctx, md, NULL) || 2684 if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
2704 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { 2685 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
2705 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2686 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index a9ccc6d349..0273db236c 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -427,11 +427,6 @@ dtls1_process_record(SSL *s)
427 goto err; 427 goto err;
428 } 428 }
429 429
430#ifdef TLS_DEBUG
431 printf("dec %d\n", rr->length);
432 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
433 printf("\n");
434#endif
435 430
436 /* r->length is now the compressed data plus mac */ 431 /* r->length is now the compressed data plus mac */
437 if ((sess != NULL) && (s->enc_read_ctx != NULL) && 432 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 16d5dacfc4..863a05adb3 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1638,10 +1638,6 @@ ssl3_get_key_exchange(SSL *s)
1638 al = SSL_AD_DECODE_ERROR; 1638 al = SSL_AD_DECODE_ERROR;
1639 goto f_err; 1639 goto f_err;
1640 } 1640 }
1641#ifdef SSL_DEBUG
1642 fprintf(stderr, "USING TLSv1.2 HASH %s\n",
1643 EVP_MD_name(md));
1644#endif
1645 p += 2; 1641 p += 2;
1646 n -= 2; 1642 n -= 2;
1647 } else 1643 } else
@@ -2674,10 +2670,6 @@ ssl3_send_client_verify(SSL *s)
2674 goto err; 2670 goto err;
2675 } 2671 }
2676 p += 2; 2672 p += 2;
2677#ifdef SSL_DEBUG
2678 fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
2679 EVP_MD_name(md));
2680#endif
2681 if (!EVP_SignInit_ex(&mctx, md, NULL) || 2673 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2682 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2674 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2683 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2675 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 1a0bb5195d..8b67e7c36a 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -3048,20 +3048,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3048 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 3048 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3049#endif 3049#endif
3050 3050
3051#ifdef CIPHER_DEBUG
3052 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3053 (void *)srvr);
3054 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3055 c = sk_SSL_CIPHER_value(srvr, i);
3056 printf("%p:%s\n",(void *)c, c->name);
3057 }
3058 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3059 (void *)clnt);
3060 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3061 c = sk_SSL_CIPHER_value(clnt, i);
3062 printf("%p:%s\n",(void *)c, c->name);
3063 }
3064#endif
3065 3051
3066 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 3052 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3067 prio = srvr; 3053 prio = srvr;
@@ -3097,18 +3083,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3097 3083
3098 if (SSL_C_IS_EXPORT(c)) { 3084 if (SSL_C_IS_EXPORT(c)) {
3099 ok = (alg_k & emask_k) && (alg_a & emask_a); 3085 ok = (alg_k & emask_k) && (alg_a & emask_a);
3100#ifdef CIPHER_DEBUG
3101 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
3102 ok, alg_k, alg_a, emask_k, emask_a, (void *)c,
3103 c->name);
3104#endif
3105 } else { 3086 } else {
3106 ok = (alg_k & mask_k) && (alg_a & mask_a); 3087 ok = (alg_k & mask_k) && (alg_a & mask_a);
3107#ifdef CIPHER_DEBUG
3108 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
3109 ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
3110 c->name);
3111#endif
3112 } 3088 }
3113 3089
3114#ifndef OPENSSL_NO_TLSEXT 3090#ifndef OPENSSL_NO_TLSEXT
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index a5ed3c07cc..da6c860cfc 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -396,11 +396,6 @@ again:
396 goto f_err; 396 goto f_err;
397 } 397 }
398 398
399#ifdef TLS_DEBUG
400 printf("dec %d\n", rr->length);
401 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
402 printf("\n");
403#endif
404 399
405 /* r->length is now the compressed data plus mac */ 400 /* r->length is now the compressed data plus mac */
406 if ((sess != NULL) && (s->enc_read_ctx != NULL) && 401 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 6f788cd080..521f6a21e8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1088,15 +1088,8 @@ ssl3_get_client_hello(SSL *s)
1088 j = 0; 1088 j = 0;
1089 id = s->session->cipher->id; 1089 id = s->session->cipher->id;
1090 1090
1091#ifdef CIPHER_DEBUG
1092 printf("client sent %d ciphers\n", sk_num(ciphers));
1093#endif
1094 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 1091 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1095 c = sk_SSL_CIPHER_value(ciphers, i); 1092 c = sk_SSL_CIPHER_value(ciphers, i);
1096#ifdef CIPHER_DEBUG
1097 printf("client [%2d of %2d]:%s\n",
1098 i, sk_num(ciphers), SSL_CIPHER_get_name(c));
1099#endif
1100 if (c->id == id) { 1093 if (c->id == id) {
1101 j = 1; 1094 j = 1;
1102 break; 1095 break;
@@ -1890,10 +1883,6 @@ ssl3_send_server_key_exchange(SSL *s)
1890 } 1883 }
1891 p += 2; 1884 p += 2;
1892 } 1885 }
1893#ifdef SSL_DEBUG
1894 fprintf(stderr, "Using hash %s\n",
1895 EVP_MD_name(md));
1896#endif
1897 EVP_SignInit_ex(&md_ctx, md, NULL); 1886 EVP_SignInit_ex(&md_ctx, md, NULL);
1898 EVP_SignUpdate(&md_ctx, 1887 EVP_SignUpdate(&md_ctx,
1899 &(s->s3->client_random[0]), 1888 &(s->s3->client_random[0]),
@@ -2662,10 +2651,6 @@ ssl3_get_cert_verify(SSL *s)
2662 al = SSL_AD_DECODE_ERROR; 2651 al = SSL_AD_DECODE_ERROR;
2663 goto f_err; 2652 goto f_err;
2664 } 2653 }
2665#ifdef SSL_DEBUG
2666 fprintf(stderr, "USING TLSv1.2 HASH %s\n",
2667 EVP_MD_name(md));
2668#endif
2669 p += 2; 2654 p += 2;
2670 n -= 2; 2655 n -= 2;
2671 } 2656 }
@@ -2696,10 +2681,6 @@ ssl3_get_cert_verify(SSL *s)
2696 al = SSL_AD_INTERNAL_ERROR; 2681 al = SSL_AD_INTERNAL_ERROR;
2697 goto f_err; 2682 goto f_err;
2698 } 2683 }
2699#ifdef SSL_DEBUG
2700 fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
2701 EVP_MD_name(md));
2702#endif
2703 if (!EVP_VerifyInit_ex(&mctx, md, NULL) || 2684 if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
2704 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { 2685 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
2705 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2686 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 22ed70b30b..6b650ccea3 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -906,10 +906,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
906 const SSL_CIPHER *cp; 906 const SSL_CIPHER *cp;
907 int reverse = 0; 907 int reverse = 0;
908 908
909#ifdef CIPHER_DEBUG
910 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
911 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
912#endif
913 909
914 if (rule == CIPHER_DEL) 910 if (rule == CIPHER_DEL)
915 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ 911 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
@@ -942,9 +938,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
942 if (strength_bits != cp->strength_bits) 938 if (strength_bits != cp->strength_bits)
943 continue; 939 continue;
944 } else { 940 } else {
945#ifdef CIPHER_DEBUG
946 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
947#endif
948 941
949 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) 942 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
950 continue; 943 continue;
@@ -962,9 +955,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
962 continue; 955 continue;
963 } 956 }
964 957
965#ifdef CIPHER_DEBUG
966 printf("Action = %d\n", rule);
967#endif
968 958
969 /* add the cipher if it has not been added yet. */ 959 /* add the cipher if it has not been added yet. */
970 if (rule == CIPHER_ADD) { 960 if (rule == CIPHER_ADD) {
@@ -1439,9 +1429,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1439 for (curr = head; curr != NULL; curr = curr->next) { 1429 for (curr = head; curr != NULL; curr = curr->next) {
1440 if (curr->active) { 1430 if (curr->active) {
1441 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1431 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1442#ifdef CIPHER_DEBUG
1443 printf("<%s>\n", curr->cipher->name);
1444#endif
1445 } 1432 }
1446 } 1433 }
1447 free(co_list); /* Not needed any longer */ 1434 free(co_list); /* Not needed any longer */
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 694bc900a0..deef714be1 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1442,9 +1442,6 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1442 j = put_cb ? put_cb(&scsv, p) : 1442 j = put_cb ? put_cb(&scsv, p) :
1443 ssl_put_cipher_by_char(s, &scsv, p); 1443 ssl_put_cipher_by_char(s, &scsv, p);
1444 p += j; 1444 p += j;
1445#ifdef OPENSSL_RI_DEBUG
1446 fprintf(stderr, "SCSV sent by client\n");
1447#endif
1448 } 1445 }
1449 1446
1450 return (p - q); 1447 return (p - q);
@@ -1490,9 +1487,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1490 } 1487 }
1491 s->s3->send_connection_binding = 1; 1488 s->s3->send_connection_binding = 1;
1492 p += n; 1489 p += n;
1493#ifdef OPENSSL_RI_DEBUG
1494 fprintf(stderr, "SCSV received by server\n");
1495#endif
1496 continue; 1490 continue;
1497 } 1491 }
1498 1492
@@ -2066,12 +2060,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2066 2060
2067 2061
2068 2062
2069#ifdef CIPHER_DEBUG
2070 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d "
2071 "rs=%d ds=%d dhr=%d dhd=%d\n",
2072 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
2073 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
2074#endif
2075 2063
2076 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2064 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2077 if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 2065 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 5f17a4a94a..a9be8bdb4c 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -458,10 +458,6 @@ tls1_change_cipher_state(SSL *s, int which)
458 EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); 458 EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
459 EVP_PKEY_free(mac_key); 459 EVP_PKEY_free(mac_key);
460 } 460 }
461#ifdef TLS_DEBUG
462 printf("which = %04X\nmac key=", which);
463 { int z; for (z = 0; z<i; z++) printf("%02X%c", ms[z],((z+1)%16)?' ':'\n'); }
464#endif
465 if (is_export) { 461 if (is_export) {
466 /* In here I set both the read and write key/iv to the 462 /* In here I set both the read and write key/iv to the
467 * same value since only the correct one will be used :-). 463 * same value since only the correct one will be used :-).
@@ -501,13 +497,6 @@ tls1_change_cipher_state(SSL *s, int which)
501 EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, 497 EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
502 *mac_secret_size, mac_secret); 498 *mac_secret_size, mac_secret);
503 499
504#ifdef TLS_DEBUG
505 printf("which = %04X\nkey=", which);
506 { int z; for (z = 0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c", key[z],((z+1)%16)?' ':'\n'); }
507 printf("\niv=");
508 { int z; for (z = 0; z<k; z++) printf("%02X%c", iv[z],((z+1)%16)?' ':'\n'); }
509 printf("\n");
510#endif
511 500
512 OPENSSL_cleanse(tmp1, sizeof(tmp1)); 501 OPENSSL_cleanse(tmp1, sizeof(tmp1));
513 OPENSSL_cleanse(tmp2, sizeof(tmp2)); 502 OPENSSL_cleanse(tmp2, sizeof(tmp2));
@@ -570,20 +559,8 @@ tls1_setup_key_block(SSL *s)
570 goto err; 559 goto err;
571 } 560 }
572 561
573#ifdef TLS_DEBUG
574 printf("client random\n");
575 { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
576 printf("server random\n");
577 { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
578 printf("pre-master\n");
579 { int z; for (z = 0; z<s->session->master_key_length; z++) printf("%02X%c", s->session->master_key[z],((z+1)%16)?' ':'\n'); }
580#endif
581 if (!tls1_generate_key_block(s, p1, p2, num)) 562 if (!tls1_generate_key_block(s, p1, p2, num))
582 goto err; 563 goto err;
583#ifdef TLS_DEBUG
584 printf("\nkey block\n");
585 { int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); }
586#endif
587 564
588 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && 565 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
589 s->method->version <= TLS1_VERSION) { 566 s->method->version <= TLS1_VERSION) {
@@ -919,16 +896,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
919 896
920 if (!stream_mac) 897 if (!stream_mac)
921 EVP_MD_CTX_cleanup(&hmac); 898 EVP_MD_CTX_cleanup(&hmac);
922#ifdef TLS_DEBUG
923 printf("sec=");
924 {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", mac_sec[z]); printf("\n"); }
925 printf("seq=");
926 {int z; for (z = 0; z<8; z++) printf("%02X ", seq[z]); printf("\n"); }
927 printf("buf=");
928 {int z; for (z = 0; z<5; z++) printf("%02X ", buf[z]); printf("\n"); }
929 printf("rec=");
930 {unsigned int z; for (z = 0; z<rec->length; z++) printf("%02X ", buf[z]); printf("\n"); }
931#endif
932 899
933 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) { 900 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {
934 for (i = 7; i >= 0; i--) { 901 for (i = 7; i >= 0; i--) {
@@ -938,9 +905,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
938 } 905 }
939 } 906 }
940 907
941#ifdef TLS_DEBUG
942 {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", md[z]); printf("\n"); }
943#endif
944 return (md_size); 908 return (md_size);
945} 909}
946 910
@@ -973,16 +937,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
973 so, sol, 937 so, sol,
974 p, len, 938 p, len,
975 s->session->master_key, buff, sizeof buff); 939 s->session->master_key, buff, sizeof buff);
976#ifdef SSL_DEBUG
977 fprintf(stderr, "Premaster Secret:\n");
978 BIO_dump_fp(stderr, (char *)p, len);
979 fprintf(stderr, "Client Random:\n");
980 BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
981 fprintf(stderr, "Server Random:\n");
982 BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
983 fprintf(stderr, "Master Secret:\n");
984 BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
985#endif
986 940
987 return (SSL3_MASTER_SECRET_SIZE); 941 return (SSL3_MASTER_SECRET_SIZE);
988} 942}
diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c
index e08e7fedc6..5f96e1fa7e 100644
--- a/src/lib/libssl/src/ssl/t1_reneg.c
+++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -131,10 +131,6 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
131 memcpy(p, s->s3->previous_client_finished, 131 memcpy(p, s->s3->previous_client_finished,
132 s->s3->previous_client_finished_len); 132 s->s3->previous_client_finished_len);
133 133
134#ifdef OPENSSL_RI_DEBUG
135 fprintf(stderr, "%s RI extension sent by client\n",
136 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
137#endif
138 } 134 }
139 135
140 *len = s->s3->previous_client_finished_len + 1; 136 *len = s->s3->previous_client_finished_len + 1;
@@ -184,10 +180,6 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
184 return 0; 180 return 0;
185 } 181 }
186 182
187#ifdef OPENSSL_RI_DEBUG
188 fprintf(stderr, "%s RI extension received by server\n",
189 ilen ? "Non-empty" : "Empty");
190#endif
191 183
192 s->s3->send_connection_binding = 1; 184 s->s3->send_connection_binding = 1;
193 185
@@ -219,10 +211,6 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
219 memcpy(p, s->s3->previous_server_finished, 211 memcpy(p, s->s3->previous_server_finished,
220 s->s3->previous_server_finished_len); 212 s->s3->previous_server_finished_len);
221 213
222#ifdef OPENSSL_RI_DEBUG
223 fprintf(stderr, "%s RI extension sent by server\n",
224 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
225#endif
226 } 214 }
227 215
228 *len = s->s3->previous_client_finished_len + 216 *len = s->s3->previous_client_finished_len +
@@ -288,10 +276,6 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
288 return 0; 276 return 0;
289 } 277 }
290 278
291#ifdef OPENSSL_RI_DEBUG
292 fprintf(stderr, "%s RI extension received by client\n",
293 ilen ? "Non-empty" : "Empty");
294#endif
295 s->s3->send_connection_binding = 1; 279 s->s3->send_connection_binding = 1;
296 280
297 return 1; 281 return 1;
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 22ed70b30b..6b650ccea3 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -906,10 +906,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
906 const SSL_CIPHER *cp; 906 const SSL_CIPHER *cp;
907 int reverse = 0; 907 int reverse = 0;
908 908
909#ifdef CIPHER_DEBUG
910 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
911 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
912#endif
913 909
914 if (rule == CIPHER_DEL) 910 if (rule == CIPHER_DEL)
915 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ 911 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
@@ -942,9 +938,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
942 if (strength_bits != cp->strength_bits) 938 if (strength_bits != cp->strength_bits)
943 continue; 939 continue;
944 } else { 940 } else {
945#ifdef CIPHER_DEBUG
946 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
947#endif
948 941
949 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) 942 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
950 continue; 943 continue;
@@ -962,9 +955,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
962 continue; 955 continue;
963 } 956 }
964 957
965#ifdef CIPHER_DEBUG
966 printf("Action = %d\n", rule);
967#endif
968 958
969 /* add the cipher if it has not been added yet. */ 959 /* add the cipher if it has not been added yet. */
970 if (rule == CIPHER_ADD) { 960 if (rule == CIPHER_ADD) {
@@ -1439,9 +1429,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1439 for (curr = head; curr != NULL; curr = curr->next) { 1429 for (curr = head; curr != NULL; curr = curr->next) {
1440 if (curr->active) { 1430 if (curr->active) {
1441 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1431 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1442#ifdef CIPHER_DEBUG
1443 printf("<%s>\n", curr->cipher->name);
1444#endif
1445 } 1432 }
1446 } 1433 }
1447 free(co_list); /* Not needed any longer */ 1434 free(co_list); /* Not needed any longer */
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 694bc900a0..deef714be1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1442,9 +1442,6 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1442 j = put_cb ? put_cb(&scsv, p) : 1442 j = put_cb ? put_cb(&scsv, p) :
1443 ssl_put_cipher_by_char(s, &scsv, p); 1443 ssl_put_cipher_by_char(s, &scsv, p);
1444 p += j; 1444 p += j;
1445#ifdef OPENSSL_RI_DEBUG
1446 fprintf(stderr, "SCSV sent by client\n");
1447#endif
1448 } 1445 }
1449 1446
1450 return (p - q); 1447 return (p - q);
@@ -1490,9 +1487,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1490 } 1487 }
1491 s->s3->send_connection_binding = 1; 1488 s->s3->send_connection_binding = 1;
1492 p += n; 1489 p += n;
1493#ifdef OPENSSL_RI_DEBUG
1494 fprintf(stderr, "SCSV received by server\n");
1495#endif
1496 continue; 1490 continue;
1497 } 1491 }
1498 1492
@@ -2066,12 +2060,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2066 2060
2067 2061
2068 2062
2069#ifdef CIPHER_DEBUG
2070 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d "
2071 "rs=%d ds=%d dhr=%d dhd=%d\n",
2072 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
2073 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
2074#endif
2075 2063
2076 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2064 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2077 if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 2065 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 5f17a4a94a..a9be8bdb4c 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -458,10 +458,6 @@ tls1_change_cipher_state(SSL *s, int which)
458 EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); 458 EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
459 EVP_PKEY_free(mac_key); 459 EVP_PKEY_free(mac_key);
460 } 460 }
461#ifdef TLS_DEBUG
462 printf("which = %04X\nmac key=", which);
463 { int z; for (z = 0; z<i; z++) printf("%02X%c", ms[z],((z+1)%16)?' ':'\n'); }
464#endif
465 if (is_export) { 461 if (is_export) {
466 /* In here I set both the read and write key/iv to the 462 /* In here I set both the read and write key/iv to the
467 * same value since only the correct one will be used :-). 463 * same value since only the correct one will be used :-).
@@ -501,13 +497,6 @@ tls1_change_cipher_state(SSL *s, int which)
501 EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, 497 EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
502 *mac_secret_size, mac_secret); 498 *mac_secret_size, mac_secret);
503 499
504#ifdef TLS_DEBUG
505 printf("which = %04X\nkey=", which);
506 { int z; for (z = 0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c", key[z],((z+1)%16)?' ':'\n'); }
507 printf("\niv=");
508 { int z; for (z = 0; z<k; z++) printf("%02X%c", iv[z],((z+1)%16)?' ':'\n'); }
509 printf("\n");
510#endif
511 500
512 OPENSSL_cleanse(tmp1, sizeof(tmp1)); 501 OPENSSL_cleanse(tmp1, sizeof(tmp1));
513 OPENSSL_cleanse(tmp2, sizeof(tmp2)); 502 OPENSSL_cleanse(tmp2, sizeof(tmp2));
@@ -570,20 +559,8 @@ tls1_setup_key_block(SSL *s)
570 goto err; 559 goto err;
571 } 560 }
572 561
573#ifdef TLS_DEBUG
574 printf("client random\n");
575 { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
576 printf("server random\n");
577 { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
578 printf("pre-master\n");
579 { int z; for (z = 0; z<s->session->master_key_length; z++) printf("%02X%c", s->session->master_key[z],((z+1)%16)?' ':'\n'); }
580#endif
581 if (!tls1_generate_key_block(s, p1, p2, num)) 562 if (!tls1_generate_key_block(s, p1, p2, num))
582 goto err; 563 goto err;
583#ifdef TLS_DEBUG
584 printf("\nkey block\n");
585 { int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); }
586#endif
587 564
588 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && 565 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
589 s->method->version <= TLS1_VERSION) { 566 s->method->version <= TLS1_VERSION) {
@@ -919,16 +896,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
919 896
920 if (!stream_mac) 897 if (!stream_mac)
921 EVP_MD_CTX_cleanup(&hmac); 898 EVP_MD_CTX_cleanup(&hmac);
922#ifdef TLS_DEBUG
923 printf("sec=");
924 {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", mac_sec[z]); printf("\n"); }
925 printf("seq=");
926 {int z; for (z = 0; z<8; z++) printf("%02X ", seq[z]); printf("\n"); }
927 printf("buf=");
928 {int z; for (z = 0; z<5; z++) printf("%02X ", buf[z]); printf("\n"); }
929 printf("rec=");
930 {unsigned int z; for (z = 0; z<rec->length; z++) printf("%02X ", buf[z]); printf("\n"); }
931#endif
932 899
933 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) { 900 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {
934 for (i = 7; i >= 0; i--) { 901 for (i = 7; i >= 0; i--) {
@@ -938,9 +905,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
938 } 905 }
939 } 906 }
940 907
941#ifdef TLS_DEBUG
942 {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", md[z]); printf("\n"); }
943#endif
944 return (md_size); 908 return (md_size);
945} 909}
946 910
@@ -973,16 +937,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
973 so, sol, 937 so, sol,
974 p, len, 938 p, len,
975 s->session->master_key, buff, sizeof buff); 939 s->session->master_key, buff, sizeof buff);
976#ifdef SSL_DEBUG
977 fprintf(stderr, "Premaster Secret:\n");
978 BIO_dump_fp(stderr, (char *)p, len);
979 fprintf(stderr, "Client Random:\n");
980 BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
981 fprintf(stderr, "Server Random:\n");
982 BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
983 fprintf(stderr, "Master Secret:\n");
984 BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
985#endif
986 940
987 return (SSL3_MASTER_SECRET_SIZE); 941 return (SSL3_MASTER_SECRET_SIZE);
988} 942}
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index e08e7fedc6..5f96e1fa7e 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -131,10 +131,6 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
131 memcpy(p, s->s3->previous_client_finished, 131 memcpy(p, s->s3->previous_client_finished,
132 s->s3->previous_client_finished_len); 132 s->s3->previous_client_finished_len);
133 133
134#ifdef OPENSSL_RI_DEBUG
135 fprintf(stderr, "%s RI extension sent by client\n",
136 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
137#endif
138 } 134 }
139 135
140 *len = s->s3->previous_client_finished_len + 1; 136 *len = s->s3->previous_client_finished_len + 1;
@@ -184,10 +180,6 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
184 return 0; 180 return 0;
185 } 181 }
186 182
187#ifdef OPENSSL_RI_DEBUG
188 fprintf(stderr, "%s RI extension received by server\n",
189 ilen ? "Non-empty" : "Empty");
190#endif
191 183
192 s->s3->send_connection_binding = 1; 184 s->s3->send_connection_binding = 1;
193 185
@@ -219,10 +211,6 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
219 memcpy(p, s->s3->previous_server_finished, 211 memcpy(p, s->s3->previous_server_finished,
220 s->s3->previous_server_finished_len); 212 s->s3->previous_server_finished_len);
221 213
222#ifdef OPENSSL_RI_DEBUG
223 fprintf(stderr, "%s RI extension sent by server\n",
224 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
225#endif
226 } 214 }
227 215
228 *len = s->s3->previous_client_finished_len + 216 *len = s->s3->previous_client_finished_len +
@@ -288,10 +276,6 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
288 return 0; 276 return 0;
289 } 277 }
290 278
291#ifdef OPENSSL_RI_DEBUG
292 fprintf(stderr, "%s RI extension received by client\n",
293 ilen ? "Non-empty" : "Empty");
294#endif
295 s->s3->send_connection_binding = 1; 279 s->s3->send_connection_binding = 1;
296 280
297 return 1; 281 return 1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 23:11:13 +0000