summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-05-20 16:59:05 +0000
committerjsing <>2014-05-20 16:59:05 +0000
commit0ec843903451a54afa6be0cb924fc7a996079191 (patch)
tree2ef56a158500b0335eca60d2194ea1186d7b6e47 /src
parentc5dc4929a3e8bc91a204eff5b55c10ce54cec591 (diff)
downloadopenbsd-0ec843903451a54afa6be0cb924fc7a996079191.tar.gz
openbsd-0ec843903451a54afa6be0cb924fc7a996079191.tar.bz2
openbsd-0ec843903451a54afa6be0cb924fc7a996079191.zip
KSSL is dead... nuke KSSL_DEBUG from orbit.
ok beck@ miod@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_enc.c31
-rw-r--r--src/lib/libssl/s3_clnt.c7
-rw-r--r--src/lib/libssl/s3_lib.c3
-rw-r--r--src/lib/libssl/src/ssl/d1_enc.c31
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c7
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c3
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c14
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c83
-rw-r--r--src/lib/libssl/ssl_ciph.c14
-rw-r--r--src/lib/libssl/t1_enc.c83
10 files changed, 0 insertions, 276 deletions
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 1967e7a95e..24b34b1e87 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -122,9 +122,6 @@
122#include <openssl/hmac.h> 122#include <openssl/hmac.h>
123#include <openssl/md5.h> 123#include <openssl/md5.h>
124#include <openssl/rand.h> 124#include <openssl/rand.h>
125#ifdef KSSL_DEBUG
126#include <openssl/des.h>
127#endif
128 125
129/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. 126/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
130 * 127 *
@@ -177,9 +174,6 @@ dtls1_enc(SSL *s, int send)
177 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 174 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
178 } 175 }
179 176
180#ifdef KSSL_DEBUG
181 printf("dtls1_enc(%d)\n", send);
182#endif /* KSSL_DEBUG */
183 177
184 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { 178 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
185 memmove(rec->data, rec->input, rec->length); 179 memmove(rec->data, rec->input, rec->length);
@@ -205,23 +199,6 @@ dtls1_enc(SSL *s, int send)
205 rec->length += i; 199 rec->length += i;
206 } 200 }
207 201
208#ifdef KSSL_DEBUG
209 {
210 unsigned long ui;
211 printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
212 ds, rec->data, rec->input, l);
213 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
214 ds->buf_len, ds->cipher->key_len,
215 DES_KEY_SZ, DES_SCHEDULE_SZ,
216 ds->cipher->iv_len);
217 printf("\t\tIV: ");
218 for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
219 printf("\n");
220 printf("\trec->input=");
221 for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
222 printf("\n");
223 }
224#endif /* KSSL_DEBUG */
225 202
226 if (!send) { 203 if (!send) {
227 if (l == 0 || l % bs != 0) 204 if (l == 0 || l % bs != 0)
@@ -230,14 +207,6 @@ dtls1_enc(SSL *s, int send)
230 207
231 EVP_Cipher(ds, rec->data, rec->input, l); 208 EVP_Cipher(ds, rec->data, rec->input, l);
232 209
233#ifdef KSSL_DEBUG
234 {
235 unsigned long i;
236 printf("\trec->data=");
237 for (i = 0; i < l; i++)
238 printf(" %02x", rec->data[i]); printf("\n");
239 }
240#endif /* KSSL_DEBUG */
241 210
242 if ((bs != 1) && !send) 211 if ((bs != 1) && !send)
243 return tls1_cbc_remove_padding(s, rec, bs, mac_size); 212 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 68817cd33a..67e4d069c7 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1159,13 +1159,6 @@ ssl3_get_server_certificate(SSL *s)
1159 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1159 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1160 ? 0 : 1; 1160 ? 0 : 1;
1161 1161
1162#ifdef KSSL_DEBUG
1163 printf("pkey, x = %p, %p\n", pkey, x);
1164 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
1165 printf("cipher, alg, nc = %s, %lx, %lx, %d\n",
1166 s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey,
1167 s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1168#endif /* KSSL_DEBUG */
1169 1162
1170 if (need_cert && ((pkey == NULL) || 1163 if (need_cert && ((pkey == NULL) ||
1171 EVP_PKEY_missing_parameters(pkey))) { 1164 EVP_PKEY_missing_parameters(pkey))) {
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 293866afee..7cdd1e2d89 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -3081,9 +3081,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3081 emask_k = cert->export_mask_k; 3081 emask_k = cert->export_mask_k;
3082 emask_a = cert->export_mask_a; 3082 emask_a = cert->export_mask_a;
3083 3083
3084#ifdef KSSL_DEBUG
3085/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3086#endif /* KSSL_DEBUG */
3087 3084
3088 alg_k = c->algorithm_mkey; 3085 alg_k = c->algorithm_mkey;
3089 alg_a = c->algorithm_auth; 3086 alg_a = c->algorithm_auth;
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c
index 1967e7a95e..24b34b1e87 100644
--- a/src/lib/libssl/src/ssl/d1_enc.c
+++ b/src/lib/libssl/src/ssl/d1_enc.c
@@ -122,9 +122,6 @@
122#include <openssl/hmac.h> 122#include <openssl/hmac.h>
123#include <openssl/md5.h> 123#include <openssl/md5.h>
124#include <openssl/rand.h> 124#include <openssl/rand.h>
125#ifdef KSSL_DEBUG
126#include <openssl/des.h>
127#endif
128 125
129/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. 126/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
130 * 127 *
@@ -177,9 +174,6 @@ dtls1_enc(SSL *s, int send)
177 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 174 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
178 } 175 }
179 176
180#ifdef KSSL_DEBUG
181 printf("dtls1_enc(%d)\n", send);
182#endif /* KSSL_DEBUG */
183 177
184 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { 178 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
185 memmove(rec->data, rec->input, rec->length); 179 memmove(rec->data, rec->input, rec->length);
@@ -205,23 +199,6 @@ dtls1_enc(SSL *s, int send)
205 rec->length += i; 199 rec->length += i;
206 } 200 }
207 201
208#ifdef KSSL_DEBUG
209 {
210 unsigned long ui;
211 printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
212 ds, rec->data, rec->input, l);
213 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
214 ds->buf_len, ds->cipher->key_len,
215 DES_KEY_SZ, DES_SCHEDULE_SZ,
216 ds->cipher->iv_len);
217 printf("\t\tIV: ");
218 for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
219 printf("\n");
220 printf("\trec->input=");
221 for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
222 printf("\n");
223 }
224#endif /* KSSL_DEBUG */
225 202
226 if (!send) { 203 if (!send) {
227 if (l == 0 || l % bs != 0) 204 if (l == 0 || l % bs != 0)
@@ -230,14 +207,6 @@ dtls1_enc(SSL *s, int send)
230 207
231 EVP_Cipher(ds, rec->data, rec->input, l); 208 EVP_Cipher(ds, rec->data, rec->input, l);
232 209
233#ifdef KSSL_DEBUG
234 {
235 unsigned long i;
236 printf("\trec->data=");
237 for (i = 0; i < l; i++)
238 printf(" %02x", rec->data[i]); printf("\n");
239 }
240#endif /* KSSL_DEBUG */
241 210
242 if ((bs != 1) && !send) 211 if ((bs != 1) && !send)
243 return tls1_cbc_remove_padding(s, rec, bs, mac_size); 212 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 68817cd33a..67e4d069c7 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1159,13 +1159,6 @@ ssl3_get_server_certificate(SSL *s)
1159 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1159 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1160 ? 0 : 1; 1160 ? 0 : 1;
1161 1161
1162#ifdef KSSL_DEBUG
1163 printf("pkey, x = %p, %p\n", pkey, x);
1164 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
1165 printf("cipher, alg, nc = %s, %lx, %lx, %d\n",
1166 s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey,
1167 s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1168#endif /* KSSL_DEBUG */
1169 1162
1170 if (need_cert && ((pkey == NULL) || 1163 if (need_cert && ((pkey == NULL) ||
1171 EVP_PKEY_missing_parameters(pkey))) { 1164 EVP_PKEY_missing_parameters(pkey))) {
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 293866afee..7cdd1e2d89 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -3081,9 +3081,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3081 emask_k = cert->export_mask_k; 3081 emask_k = cert->export_mask_k;
3082 emask_a = cert->export_mask_a; 3082 emask_a = cert->export_mask_a;
3083 3083
3084#ifdef KSSL_DEBUG
3085/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3086#endif /* KSSL_DEBUG */
3087 3084
3088 alg_k = c->algorithm_mkey; 3085 alg_k = c->algorithm_mkey;
3089 alg_a = c->algorithm_auth; 3086 alg_a = c->algorithm_auth;
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index a1523524a1..77d8a3c79f 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -792,9 +792,6 @@ CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
792 co_list[co_list_num].prev = NULL; 792 co_list[co_list_num].prev = NULL;
793 co_list[co_list_num].active = 0; 793 co_list[co_list_num].active = 0;
794 co_list_num++; 794 co_list_num++;
795#ifdef KSSL_DEBUG
796 printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth);
797#endif /* KSSL_DEBUG */
798 /* 795 /*
799 if (!sk_push(ca_list,(char *)c)) goto err; 796 if (!sk_push(ca_list,(char *)c)) goto err;
800 */ 797 */
@@ -1321,9 +1318,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1321 * it is used for allocation. 1318 * it is used for allocation.
1322 */ 1319 */
1323 num_of_ciphers = ssl_method->num_ciphers(); 1320 num_of_ciphers = ssl_method->num_ciphers();
1324#ifdef KSSL_DEBUG
1325 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1326#endif /* KSSL_DEBUG */
1327 co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); 1321 co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
1328 if (co_list == NULL) { 1322 if (co_list == NULL) {
1329 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1323 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
@@ -1468,11 +1462,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1468 const char *ver, *exp_str; 1462 const char *ver, *exp_str;
1469 const char *kx, *au, *enc, *mac; 1463 const char *kx, *au, *enc, *mac;
1470 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1464 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1471#ifdef KSSL_DEBUG
1472 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1473#else
1474 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1465 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1475#endif /* KSSL_DEBUG */
1476 1466
1477 alg_mkey = cipher->algorithm_mkey; 1467 alg_mkey = cipher->algorithm_mkey;
1478 alg_auth = cipher->algorithm_auth; 1468 alg_auth = cipher->algorithm_auth;
@@ -1636,11 +1626,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1636 } else if (len < 128) 1626 } else if (len < 128)
1637 return("Buffer too small"); 1627 return("Buffer too small");
1638 1628
1639#ifdef KSSL_DEBUG
1640 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
1641#else
1642 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); 1629 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str);
1643#endif /* KSSL_DEBUG */
1644 if (l >= len || l == -1) 1630 if (l >= len || l == -1)
1645 return("Buffer too small"); 1631 return("Buffer too small");
1646 else 1632 else
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 2480fecd7e..5a95fd2744 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -144,9 +144,6 @@
144#include <openssl/hmac.h> 144#include <openssl/hmac.h>
145#include <openssl/md5.h> 145#include <openssl/md5.h>
146#include <openssl/rand.h> 146#include <openssl/rand.h>
147#ifdef KSSL_DEBUG
148#include <openssl/des.h>
149#endif
150 147
151/* seed1 through seed5 are virtually concatenated */ 148/* seed1 through seed5 are virtually concatenated */
152static int 149static int
@@ -297,17 +294,6 @@ tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
297 NULL, 0, NULL, 0, 294 NULL, 0, NULL, 0,
298 s->session->master_key, s->session->master_key_length, 295 s->session->master_key, s->session->master_key_length,
299 km, tmp, num); 296 km, tmp, num);
300#ifdef KSSL_DEBUG
301 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
302 s->session->master_key_length);
303 {
304 int i;
305 for (i = 0; i < s->session->master_key_length; i++) {
306 printf("%02X", s->session->master_key[i]);
307 }
308 printf("\n");
309 }
310#endif /* KSSL_DEBUG */
311 return ret; 297 return ret;
312} 298}
313 299
@@ -344,22 +330,6 @@ tls1_change_cipher_state(SSL *s, int which)
344 comp = s->s3->tmp.new_compression; 330 comp = s->s3->tmp.new_compression;
345#endif 331#endif
346 332
347#ifdef KSSL_DEBUG
348 printf("tls1_change_cipher_state(which= %d) w/\n", which);
349 printf("\talg= %ld/%ld, comp= %p\n",
350 s->s3->tmp.new_cipher->algorithm_mkey,
351 s->s3->tmp.new_cipher->algorithm_auth,
352 comp);
353 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
354 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
355 c->nid, c->block_size, c->key_len, c->iv_len);
356 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
357 {
358 int i;
359 for (i = 0; i < s->s3->tmp.key_block_length; i++)
360 printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
361 }
362#endif /* KSSL_DEBUG */
363 333
364 if (which & SSL3_CC_READ) { 334 if (which & SSL3_CC_READ) {
365 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 335 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
@@ -519,16 +489,6 @@ tls1_change_cipher_state(SSL *s, int which)
519 } 489 }
520 } 490 }
521 491
522#ifdef KSSL_DEBUG
523 {
524 int i;
525 printf("EVP_CipherInit_ex(dd, c, key=, iv=, which)\n");
526 printf("\tkey= "); for (i = 0; i<c->key_len; i++) printf("%02x", key[i]);
527 printf("\n");
528 printf("\t iv= "); for (i = 0; i<c->iv_len; i++) printf("%02x", iv[i]);
529 printf("\n");
530 }
531#endif /* KSSL_DEBUG */
532 492
533 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { 493 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
534 EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); 494 EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE));
@@ -572,9 +532,6 @@ tls1_setup_key_block(SSL *s)
572 int mac_type = NID_undef, mac_secret_size = 0; 532 int mac_type = NID_undef, mac_secret_size = 0;
573 int ret = 0; 533 int ret = 0;
574 534
575#ifdef KSSL_DEBUG
576 printf ("tls1_setup_key_block()\n");
577#endif /* KSSL_DEBUG */
578 535
579 if (s->s3->tmp.key_block_length != 0) 536 if (s->s3->tmp.key_block_length != 0)
580 return (1); 537 return (1);
@@ -709,9 +666,6 @@ tls1_enc(SSL *s, int send)
709 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 666 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
710 } 667 }
711 668
712#ifdef KSSL_DEBUG
713 printf("tls1_enc(%d)\n", send);
714#endif /* KSSL_DEBUG */
715 669
716 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { 670 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
717 memmove(rec->data, rec->input, rec->length); 671 memmove(rec->data, rec->input, rec->length);
@@ -768,23 +722,6 @@ tls1_enc(SSL *s, int send)
768 rec->length += i; 722 rec->length += i;
769 } 723 }
770 724
771#ifdef KSSL_DEBUG
772 {
773 unsigned long ui;
774 printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
775 ds, rec->data, rec->input, l);
776 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
777 ds->buf_len, ds->cipher->key_len,
778 DES_KEY_SZ, DES_SCHEDULE_SZ,
779 ds->cipher->iv_len);
780 printf("\t\tIV: ");
781 for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
782 printf("\n");
783 printf("\trec->input=");
784 for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
785 printf("\n");
786 }
787#endif /* KSSL_DEBUG */
788 725
789 if (!send) { 726 if (!send) {
790 if (l == 0 || l % bs != 0) 727 if (l == 0 || l % bs != 0)
@@ -801,14 +738,6 @@ tls1_enc(SSL *s, int send)
801 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; 738 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
802 } 739 }
803 740
804#ifdef KSSL_DEBUG
805 {
806 unsigned long i;
807 printf("\trec->data=");
808 for (i = 0; i < l; i++)
809 printf(" %02x", rec->data[i]); printf("\n");
810 }
811#endif /* KSSL_DEBUG */
812 741
813 ret = 1; 742 ret = 1;
814 if (EVP_MD_CTX_md(s->read_hash) != NULL) 743 if (EVP_MD_CTX_md(s->read_hash) != NULL)
@@ -1017,9 +946,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1017 int col = 0, sol = 0; 946 int col = 0, sol = 0;
1018 947
1019 948
1020#ifdef KSSL_DEBUG
1021 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p, len);
1022#endif /* KSSL_DEBUG */
1023 949
1024#ifdef TLSEXT_TYPE_opaque_prf_input 950#ifdef TLSEXT_TYPE_opaque_prf_input
1025 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL && 951 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
@@ -1051,9 +977,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1051 BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE); 977 BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
1052#endif 978#endif
1053 979
1054#ifdef KSSL_DEBUG
1055 printf ("tls1_generate_master_secret() complete\n");
1056#endif /* KSSL_DEBUG */
1057 return (SSL3_MASTER_SECRET_SIZE); 980 return (SSL3_MASTER_SECRET_SIZE);
1058} 981}
1059 982
@@ -1067,9 +990,6 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1067 size_t vallen, currentvalpos; 990 size_t vallen, currentvalpos;
1068 int rv; 991 int rv;
1069 992
1070#ifdef KSSL_DEBUG
1071 printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
1072#endif /* KSSL_DEBUG */
1073 993
1074 buff = malloc(olen); 994 buff = malloc(olen);
1075 if (buff == NULL) 995 if (buff == NULL)
@@ -1129,9 +1049,6 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1129 s->session->master_key, s->session->master_key_length, 1049 s->session->master_key, s->session->master_key_length,
1130 out, buff, olen); 1050 out, buff, olen);
1131 1051
1132#ifdef KSSL_DEBUG
1133 printf ("tls1_export_keying_material() complete\n");
1134#endif /* KSSL_DEBUG */
1135 goto ret; 1052 goto ret;
1136err1: 1053err1:
1137 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); 1054 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index a1523524a1..77d8a3c79f 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -792,9 +792,6 @@ CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
792 co_list[co_list_num].prev = NULL; 792 co_list[co_list_num].prev = NULL;
793 co_list[co_list_num].active = 0; 793 co_list[co_list_num].active = 0;
794 co_list_num++; 794 co_list_num++;
795#ifdef KSSL_DEBUG
796 printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth);
797#endif /* KSSL_DEBUG */
798 /* 795 /*
799 if (!sk_push(ca_list,(char *)c)) goto err; 796 if (!sk_push(ca_list,(char *)c)) goto err;
800 */ 797 */
@@ -1321,9 +1318,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1321 * it is used for allocation. 1318 * it is used for allocation.
1322 */ 1319 */
1323 num_of_ciphers = ssl_method->num_ciphers(); 1320 num_of_ciphers = ssl_method->num_ciphers();
1324#ifdef KSSL_DEBUG
1325 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1326#endif /* KSSL_DEBUG */
1327 co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); 1321 co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
1328 if (co_list == NULL) { 1322 if (co_list == NULL) {
1329 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1323 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
@@ -1468,11 +1462,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1468 const char *ver, *exp_str; 1462 const char *ver, *exp_str;
1469 const char *kx, *au, *enc, *mac; 1463 const char *kx, *au, *enc, *mac;
1470 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1464 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1471#ifdef KSSL_DEBUG
1472 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1473#else
1474 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1465 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1475#endif /* KSSL_DEBUG */
1476 1466
1477 alg_mkey = cipher->algorithm_mkey; 1467 alg_mkey = cipher->algorithm_mkey;
1478 alg_auth = cipher->algorithm_auth; 1468 alg_auth = cipher->algorithm_auth;
@@ -1636,11 +1626,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1636 } else if (len < 128) 1626 } else if (len < 128)
1637 return("Buffer too small"); 1627 return("Buffer too small");
1638 1628
1639#ifdef KSSL_DEBUG
1640 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
1641#else
1642 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); 1629 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str);
1643#endif /* KSSL_DEBUG */
1644 if (l >= len || l == -1) 1630 if (l >= len || l == -1)
1645 return("Buffer too small"); 1631 return("Buffer too small");
1646 else 1632 else
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 2480fecd7e..5a95fd2744 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -144,9 +144,6 @@
144#include <openssl/hmac.h> 144#include <openssl/hmac.h>
145#include <openssl/md5.h> 145#include <openssl/md5.h>
146#include <openssl/rand.h> 146#include <openssl/rand.h>
147#ifdef KSSL_DEBUG
148#include <openssl/des.h>
149#endif
150 147
151/* seed1 through seed5 are virtually concatenated */ 148/* seed1 through seed5 are virtually concatenated */
152static int 149static int
@@ -297,17 +294,6 @@ tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
297 NULL, 0, NULL, 0, 294 NULL, 0, NULL, 0,
298 s->session->master_key, s->session->master_key_length, 295 s->session->master_key, s->session->master_key_length,
299 km, tmp, num); 296 km, tmp, num);
300#ifdef KSSL_DEBUG
301 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
302 s->session->master_key_length);
303 {
304 int i;
305 for (i = 0; i < s->session->master_key_length; i++) {
306 printf("%02X", s->session->master_key[i]);
307 }
308 printf("\n");
309 }
310#endif /* KSSL_DEBUG */
311 return ret; 297 return ret;
312} 298}
313 299
@@ -344,22 +330,6 @@ tls1_change_cipher_state(SSL *s, int which)
344 comp = s->s3->tmp.new_compression; 330 comp = s->s3->tmp.new_compression;
345#endif 331#endif
346 332
347#ifdef KSSL_DEBUG
348 printf("tls1_change_cipher_state(which= %d) w/\n", which);
349 printf("\talg= %ld/%ld, comp= %p\n",
350 s->s3->tmp.new_cipher->algorithm_mkey,
351 s->s3->tmp.new_cipher->algorithm_auth,
352 comp);
353 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
354 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
355 c->nid, c->block_size, c->key_len, c->iv_len);
356 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
357 {
358 int i;
359 for (i = 0; i < s->s3->tmp.key_block_length; i++)
360 printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
361 }
362#endif /* KSSL_DEBUG */
363 333
364 if (which & SSL3_CC_READ) { 334 if (which & SSL3_CC_READ) {
365 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 335 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
@@ -519,16 +489,6 @@ tls1_change_cipher_state(SSL *s, int which)
519 } 489 }
520 } 490 }
521 491
522#ifdef KSSL_DEBUG
523 {
524 int i;
525 printf("EVP_CipherInit_ex(dd, c, key=, iv=, which)\n");
526 printf("\tkey= "); for (i = 0; i<c->key_len; i++) printf("%02x", key[i]);
527 printf("\n");
528 printf("\t iv= "); for (i = 0; i<c->iv_len; i++) printf("%02x", iv[i]);
529 printf("\n");
530 }
531#endif /* KSSL_DEBUG */
532 492
533 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { 493 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
534 EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); 494 EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE));
@@ -572,9 +532,6 @@ tls1_setup_key_block(SSL *s)
572 int mac_type = NID_undef, mac_secret_size = 0; 532 int mac_type = NID_undef, mac_secret_size = 0;
573 int ret = 0; 533 int ret = 0;
574 534
575#ifdef KSSL_DEBUG
576 printf ("tls1_setup_key_block()\n");
577#endif /* KSSL_DEBUG */
578 535
579 if (s->s3->tmp.key_block_length != 0) 536 if (s->s3->tmp.key_block_length != 0)
580 return (1); 537 return (1);
@@ -709,9 +666,6 @@ tls1_enc(SSL *s, int send)
709 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 666 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
710 } 667 }
711 668
712#ifdef KSSL_DEBUG
713 printf("tls1_enc(%d)\n", send);
714#endif /* KSSL_DEBUG */
715 669
716 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { 670 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
717 memmove(rec->data, rec->input, rec->length); 671 memmove(rec->data, rec->input, rec->length);
@@ -768,23 +722,6 @@ tls1_enc(SSL *s, int send)
768 rec->length += i; 722 rec->length += i;
769 } 723 }
770 724
771#ifdef KSSL_DEBUG
772 {
773 unsigned long ui;
774 printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
775 ds, rec->data, rec->input, l);
776 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
777 ds->buf_len, ds->cipher->key_len,
778 DES_KEY_SZ, DES_SCHEDULE_SZ,
779 ds->cipher->iv_len);
780 printf("\t\tIV: ");
781 for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
782 printf("\n");
783 printf("\trec->input=");
784 for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
785 printf("\n");
786 }
787#endif /* KSSL_DEBUG */
788 725
789 if (!send) { 726 if (!send) {
790 if (l == 0 || l % bs != 0) 727 if (l == 0 || l % bs != 0)
@@ -801,14 +738,6 @@ tls1_enc(SSL *s, int send)
801 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; 738 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
802 } 739 }
803 740
804#ifdef KSSL_DEBUG
805 {
806 unsigned long i;
807 printf("\trec->data=");
808 for (i = 0; i < l; i++)
809 printf(" %02x", rec->data[i]); printf("\n");
810 }
811#endif /* KSSL_DEBUG */
812 741
813 ret = 1; 742 ret = 1;
814 if (EVP_MD_CTX_md(s->read_hash) != NULL) 743 if (EVP_MD_CTX_md(s->read_hash) != NULL)
@@ -1017,9 +946,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1017 int col = 0, sol = 0; 946 int col = 0, sol = 0;
1018 947
1019 948
1020#ifdef KSSL_DEBUG
1021 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p, len);
1022#endif /* KSSL_DEBUG */
1023 949
1024#ifdef TLSEXT_TYPE_opaque_prf_input 950#ifdef TLSEXT_TYPE_opaque_prf_input
1025 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL && 951 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
@@ -1051,9 +977,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1051 BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE); 977 BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
1052#endif 978#endif
1053 979
1054#ifdef KSSL_DEBUG
1055 printf ("tls1_generate_master_secret() complete\n");
1056#endif /* KSSL_DEBUG */
1057 return (SSL3_MASTER_SECRET_SIZE); 980 return (SSL3_MASTER_SECRET_SIZE);
1058} 981}
1059 982
@@ -1067,9 +990,6 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1067 size_t vallen, currentvalpos; 990 size_t vallen, currentvalpos;
1068 int rv; 991 int rv;
1069 992
1070#ifdef KSSL_DEBUG
1071 printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
1072#endif /* KSSL_DEBUG */
1073 993
1074 buff = malloc(olen); 994 buff = malloc(olen);
1075 if (buff == NULL) 995 if (buff == NULL)
@@ -1129,9 +1049,6 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1129 s->session->master_key, s->session->master_key_length, 1049 s->session->master_key, s->session->master_key_length,
1130 out, buff, olen); 1050 out, buff, olen);
1131 1051
1132#ifdef KSSL_DEBUG
1133 printf ("tls1_export_keying_material() complete\n");
1134#endif /* KSSL_DEBUG */
1135 goto ret; 1052 goto ret;
1136err1: 1053err1:
1137 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); 1054 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:55:02 +0000