Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much of

this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
author: jsing <> 2014-05-25 16:23:10 +0000
committer: jsing <> 2014-05-25 16:23:10 +0000
commit: 20aefbf0b86724bbf87cb9ceb36defa64e4691ab (patch)
tree: 3f1db49f0679d8ac712ededb86f1b538423eea91 /src
parent: 23deca1ca2f60559c720fd71c5ac72fb2c862771 (diff)
download: openbsd-20aefbf0b86724bbf87cb9ceb36defa64e4691ab.tar.gz
openbsd-20aefbf0b86724bbf87cb9ceb36defa64e4691ab.tar.bz2
openbsd-20aefbf0b86724bbf87cb9ceb36defa64e4691ab.zip
18 files changed, 0 insertions, 296 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index a9ccc6d349..0273db236c 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -427,11 +427,6 @@ dtls1_process_record(SSL *s)
                goto err;
        }
-#ifdef TLS_DEBUG
-        printf("dec %d\n", rr->length);
-        { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
-        printf("\n");
-#endif
        /* r->length is now the compressed data plus mac */
        if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 16d5dacfc4..863a05adb3 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1638,10 +1638,6 @@ ssl3_get_key_exchange(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-#ifdef SSL_DEBUG
-                        fprintf(stderr, "USING TLSv1.2 HASH %s\n",
-                            EVP_MD_name(md));
-#endif
                        p += 2;
                        n -= 2;
                } else
@@ -2674,10 +2670,6 @@ ssl3_send_client_verify(SSL *s)
                                goto err;
                        }
                        p += 2;
-#ifdef SSL_DEBUG
-                        fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
-                        EVP_MD_name(md));
-#endif
                        if (!EVP_SignInit_ex(&mctx, md, NULL) ||
                            !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
                            !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1a0bb5195d..8b67e7c36a 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -3048,20 +3048,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
        sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
 #endif
-#ifdef CIPHER_DEBUG
-        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
-            (void *)srvr);
-        for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
-                c = sk_SSL_CIPHER_value(srvr, i);
-                printf("%p:%s\n",(void *)c, c->name);
-        }
-        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
-            (void *)clnt);
-        for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
-                c = sk_SSL_CIPHER_value(clnt, i);
-                printf("%p:%s\n",(void *)c, c->name);
-        }
-#endif
        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
                prio = srvr;
@@ -3097,18 +3083,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                if (SSL_C_IS_EXPORT(c)) {
                        ok = (alg_k & emask_k) && (alg_a & emask_a);
-#ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
-                            ok, alg_k, alg_a, emask_k, emask_a, (void *)c,
-                            c->name);
-#endif
                } else {
                        ok = (alg_k & mask_k) && (alg_a & mask_a);
-#ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
-                            ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
-                            c->name);
-#endif
                }
 #ifndef OPENSSL_NO_TLSEXT
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index a5ed3c07cc..da6c860cfc 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -396,11 +396,6 @@ again:
                goto f_err;
        }
-#ifdef TLS_DEBUG
-        printf("dec %d\n", rr->length);
-        { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
-        printf("\n");
-#endif
        /* r->length is now the compressed data plus mac */
        if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 6f788cd080..521f6a21e8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1088,15 +1088,8 @@ ssl3_get_client_hello(SSL *s)
                j = 0;
                id = s->session->cipher->id;
-#ifdef CIPHER_DEBUG
-                printf("client sent %d ciphers\n", sk_num(ciphers));
-#endif
                for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
                        c = sk_SSL_CIPHER_value(ciphers, i);
-#ifdef CIPHER_DEBUG
-                        printf("client [%2d of %2d]:%s\n",
-                        i, sk_num(ciphers), SSL_CIPHER_get_name(c));
-#endif
                        if (c->id == id) {
                                j = 1;
                                break;
@@ -1890,10 +1883,6 @@ ssl3_send_server_key_exchange(SSL *s)
                                        }
                                        p += 2;
                                }
-#ifdef SSL_DEBUG
-                                fprintf(stderr, "Using hash %s\n",
-                                    EVP_MD_name(md));
-#endif
                                EVP_SignInit_ex(&md_ctx, md, NULL);
                                EVP_SignUpdate(&md_ctx,
                                    &(s->s3->client_random[0]),
@@ -2662,10 +2651,6 @@ ssl3_get_cert_verify(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-#ifdef SSL_DEBUG
-                        fprintf(stderr, "USING TLSv1.2 HASH %s\n",
-                            EVP_MD_name(md));
-#endif
                        p += 2;
                        n -= 2;
                }
@@ -2696,10 +2681,6 @@ ssl3_get_cert_verify(SSL *s)
                        al = SSL_AD_INTERNAL_ERROR;
                        goto f_err;
                }
-#ifdef SSL_DEBUG
-                fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
-                    EVP_MD_name(md));
-#endif
                if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
                    !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index a9ccc6d349..0273db236c 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -427,11 +427,6 @@ dtls1_process_record(SSL *s)
                goto err;
        }
-#ifdef TLS_DEBUG
-        printf("dec %d\n", rr->length);
-        { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
-        printf("\n");
-#endif
        /* r->length is now the compressed data plus mac */
        if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 16d5dacfc4..863a05adb3 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1638,10 +1638,6 @@ ssl3_get_key_exchange(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-#ifdef SSL_DEBUG
-                        fprintf(stderr, "USING TLSv1.2 HASH %s\n",
-                            EVP_MD_name(md));
-#endif
                        p += 2;
                        n -= 2;
                } else
@@ -2674,10 +2670,6 @@ ssl3_send_client_verify(SSL *s)
                                goto err;
                        }
                        p += 2;
-#ifdef SSL_DEBUG
-                        fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
-                        EVP_MD_name(md));
-#endif
                        if (!EVP_SignInit_ex(&mctx, md, NULL) ||
                            !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
                            !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 1a0bb5195d..8b67e7c36a 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -3048,20 +3048,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
        sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
 #endif
-#ifdef CIPHER_DEBUG
-        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
-            (void *)srvr);
-        for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
-                c = sk_SSL_CIPHER_value(srvr, i);
-                printf("%p:%s\n",(void *)c, c->name);
-        }
-        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
-            (void *)clnt);
-        for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
-                c = sk_SSL_CIPHER_value(clnt, i);
-                printf("%p:%s\n",(void *)c, c->name);
-        }
-#endif
        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
                prio = srvr;
@@ -3097,18 +3083,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                if (SSL_C_IS_EXPORT(c)) {
                        ok = (alg_k & emask_k) && (alg_a & emask_a);
-#ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
-                            ok, alg_k, alg_a, emask_k, emask_a, (void *)c,
-                            c->name);
-#endif
                } else {
                        ok = (alg_k & mask_k) && (alg_a & mask_a);
-#ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
-                            ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
-                            c->name);
-#endif
                }
 #ifndef OPENSSL_NO_TLSEXT
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index a5ed3c07cc..da6c860cfc 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -396,11 +396,6 @@ again:
                goto f_err;
        }
-#ifdef TLS_DEBUG
-        printf("dec %d\n", rr->length);
-        { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
-        printf("\n");
-#endif
        /* r->length is now the compressed data plus mac */
        if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 6f788cd080..521f6a21e8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1088,15 +1088,8 @@ ssl3_get_client_hello(SSL *s)
                j = 0;
                id = s->session->cipher->id;
-#ifdef CIPHER_DEBUG
-                printf("client sent %d ciphers\n", sk_num(ciphers));
-#endif
                for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
                        c = sk_SSL_CIPHER_value(ciphers, i);
-#ifdef CIPHER_DEBUG
-                        printf("client [%2d of %2d]:%s\n",
-                        i, sk_num(ciphers), SSL_CIPHER_get_name(c));
-#endif
                        if (c->id == id) {
                                j = 1;
                                break;
@@ -1890,10 +1883,6 @@ ssl3_send_server_key_exchange(SSL *s)
                                        }
                                        p += 2;
                                }
-#ifdef SSL_DEBUG
-                                fprintf(stderr, "Using hash %s\n",
-                                    EVP_MD_name(md));
-#endif
                                EVP_SignInit_ex(&md_ctx, md, NULL);
                                EVP_SignUpdate(&md_ctx,
                                    &(s->s3->client_random[0]),
@@ -2662,10 +2651,6 @@ ssl3_get_cert_verify(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-#ifdef SSL_DEBUG
-                        fprintf(stderr, "USING TLSv1.2 HASH %s\n",
-                            EVP_MD_name(md));
-#endif
                        p += 2;
                        n -= 2;
                }
@@ -2696,10 +2681,6 @@ ssl3_get_cert_verify(SSL *s)
                        al = SSL_AD_INTERNAL_ERROR;
                        goto f_err;
                }
-#ifdef SSL_DEBUG
-                fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
-                    EVP_MD_name(md));
-#endif
                if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
                    !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 22ed70b30b..6b650ccea3 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -906,10 +906,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
        const SSL_CIPHER *cp;
        int reverse = 0;
-#ifdef CIPHER_DEBUG
-        printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
-        rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
-#endif
        if (rule == CIPHER_DEL)
                reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
@@ -942,9 +938,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
                        if (strength_bits != cp->strength_bits)
                                continue;
                } else {
-#ifdef CIPHER_DEBUG
-                        printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
-#endif
                        if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                                continue;
@@ -962,9 +955,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
                                continue;
                }
-#ifdef CIPHER_DEBUG
-                printf("Action = %d\n", rule);
-#endif
                /* add the cipher if it has not been added yet. */
                if (rule == CIPHER_ADD) {
@@ -1439,9 +1429,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        for (curr = head; curr != NULL; curr = curr->next) {
                if (curr->active) {
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
-                        printf("<%s>\n", curr->cipher->name);
-#endif
                }
        }
        free(co_list);  /* Not needed any longer */
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 694bc900a0..deef714be1 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1442,9 +1442,6 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
                j = put_cb ? put_cb(&scsv, p) :
                    ssl_put_cipher_by_char(s, &scsv, p);
                p += j;
-#ifdef OPENSSL_RI_DEBUG
-                fprintf(stderr, "SCSV sent by client\n");
-#endif
        }
        return (p - q);
@@ -1490,9 +1487,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                        }
                        s->s3->send_connection_binding = 1;
                        p += n;
-#ifdef OPENSSL_RI_DEBUG
-                        fprintf(stderr, "SCSV received by server\n");
-#endif
                        continue;
                }
@@ -2066,12 +2060,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
-#ifdef CIPHER_DEBUG
-        printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d "
-            "rs=%d ds=%d dhr=%d dhd=%d\n",
-            rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
-            rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
-#endif
        cpk = &(c->pkeys[SSL_PKEY_GOST01]);
        if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 5f17a4a94a..a9be8bdb4c 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -458,10 +458,6 @@ tls1_change_cipher_state(SSL *s, int which)
                EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
                EVP_PKEY_free(mac_key);
        }
-#ifdef TLS_DEBUG
-        printf("which = %04X\nmac key=", which);
-        { int z; for (z = 0; z<i; z++) printf("%02X%c", ms[z],((z+1)%16)?' ':'\n'); }
-#endif
        if (is_export) {
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
@@ -501,13 +497,6 @@ tls1_change_cipher_state(SSL *s, int which)
                EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
                    *mac_secret_size, mac_secret);
-#ifdef TLS_DEBUG
-        printf("which = %04X\nkey=", which);
-        { int z; for (z = 0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c", key[z],((z+1)%16)?' ':'\n'); }
-        printf("\niv=");
-        { int z; for (z = 0; z<k; z++) printf("%02X%c", iv[z],((z+1)%16)?' ':'\n'); }
-        printf("\n");
-#endif
        OPENSSL_cleanse(tmp1, sizeof(tmp1));
        OPENSSL_cleanse(tmp2, sizeof(tmp2));
@@ -570,20 +559,8 @@ tls1_setup_key_block(SSL *s)
                goto err;
        }
-#ifdef TLS_DEBUG
-        printf("client random\n");
-        { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-        printf("server random\n");
-        { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-        printf("pre-master\n");
-        { int z; for (z = 0; z<s->session->master_key_length; z++) printf("%02X%c", s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
        if (!tls1_generate_key_block(s, p1, p2, num))
                goto err;
-#ifdef TLS_DEBUG
-        printf("\nkey block\n");
-        { int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); }
-#endif
        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
            s->method->version <= TLS1_VERSION) {
@@ -919,16 +896,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
        if (!stream_mac)
                EVP_MD_CTX_cleanup(&hmac);
-#ifdef TLS_DEBUG
-        printf("sec=");
-        {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", mac_sec[z]); printf("\n"); }
-        printf("seq=");
-        {int z; for (z = 0; z<8; z++) printf("%02X ", seq[z]); printf("\n"); }
-        printf("buf=");
-        {int z; for (z = 0; z<5; z++) printf("%02X ", buf[z]); printf("\n"); }
-        printf("rec=");
-        {unsigned int z; for (z = 0; z<rec->length; z++) printf("%02X ", buf[z]); printf("\n"); }
-#endif
        if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {
                for (i = 7; i >= 0; i--) {
@@ -938,9 +905,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
                }
        }
-#ifdef TLS_DEBUG
-        {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", md[z]); printf("\n"); }
-#endif
        return (md_size);
 }
@@ -973,16 +937,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
            so, sol,
            p, len,
            s->session->master_key, buff, sizeof buff);
-#ifdef SSL_DEBUG
-        fprintf(stderr, "Premaster Secret:\n");
-        BIO_dump_fp(stderr, (char *)p, len);
-        fprintf(stderr, "Client Random:\n");
-        BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
-        fprintf(stderr, "Server Random:\n");
-        BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
-        fprintf(stderr, "Master Secret:\n");
-        BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
-#endif
        return (SSL3_MASTER_SECRET_SIZE);
 }
diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c
index e08e7fedc6..5f96e1fa7e 100644
--- a/src/lib/libssl/src/ssl/t1_reneg.c
+++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -131,10 +131,6 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
                memcpy(p, s->s3->previous_client_finished,
                    s->s3->previous_client_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-                fprintf(stderr, "%s RI extension sent by client\n",
-                    s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
        }
        *len = s->s3->previous_client_finished_len + 1;
@@ -184,10 +180,6 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-#ifdef OPENSSL_RI_DEBUG
-        fprintf(stderr, "%s RI extension received by server\n",
-            ilen ? "Non-empty" : "Empty");
-#endif
        s->s3->send_connection_binding = 1;
@@ -219,10 +211,6 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
                memcpy(p, s->s3->previous_server_finished,
                    s->s3->previous_server_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-                fprintf(stderr, "%s RI extension sent by server\n",
-                    s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
        }
        *len = s->s3->previous_client_finished_len +
@@ -288,10 +276,6 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-#ifdef OPENSSL_RI_DEBUG
-        fprintf(stderr, "%s RI extension received by client\n",
-            ilen ? "Non-empty" : "Empty");
-#endif
        s->s3->send_connection_binding = 1;
        return 1;
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 22ed70b30b..6b650ccea3 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -906,10 +906,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
        const SSL_CIPHER *cp;
        int reverse = 0;
-#ifdef CIPHER_DEBUG
-        printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
-        rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
-#endif
        if (rule == CIPHER_DEL)
                reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
@@ -942,9 +938,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
                        if (strength_bits != cp->strength_bits)
                                continue;
                } else {
-#ifdef CIPHER_DEBUG
-                        printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
-#endif
                        if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                                continue;
@@ -962,9 +955,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
                                continue;
                }
-#ifdef CIPHER_DEBUG
-                printf("Action = %d\n", rule);
-#endif
                /* add the cipher if it has not been added yet. */
                if (rule == CIPHER_ADD) {
@@ -1439,9 +1429,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        for (curr = head; curr != NULL; curr = curr->next) {
                if (curr->active) {
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
-                        printf("<%s>\n", curr->cipher->name);
-#endif
                }
        }
        free(co_list);  /* Not needed any longer */
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 694bc900a0..deef714be1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1442,9 +1442,6 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
                j = put_cb ? put_cb(&scsv, p) :
                    ssl_put_cipher_by_char(s, &scsv, p);
                p += j;
-#ifdef OPENSSL_RI_DEBUG
-                fprintf(stderr, "SCSV sent by client\n");
-#endif
        }
        return (p - q);
@@ -1490,9 +1487,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                        }
                        s->s3->send_connection_binding = 1;
                        p += n;
-#ifdef OPENSSL_RI_DEBUG
-                        fprintf(stderr, "SCSV received by server\n");
-#endif
                        continue;
                }
@@ -2066,12 +2060,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
-#ifdef CIPHER_DEBUG
-        printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d "
-            "rs=%d ds=%d dhr=%d dhd=%d\n",
-            rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
-            rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
-#endif
        cpk = &(c->pkeys[SSL_PKEY_GOST01]);
        if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 5f17a4a94a..a9be8bdb4c 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -458,10 +458,6 @@ tls1_change_cipher_state(SSL *s, int which)
                EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
                EVP_PKEY_free(mac_key);
        }
-#ifdef TLS_DEBUG
-        printf("which = %04X\nmac key=", which);
-        { int z; for (z = 0; z<i; z++) printf("%02X%c", ms[z],((z+1)%16)?' ':'\n'); }
-#endif
        if (is_export) {
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
@@ -501,13 +497,6 @@ tls1_change_cipher_state(SSL *s, int which)
                EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
                    *mac_secret_size, mac_secret);
-#ifdef TLS_DEBUG
-        printf("which = %04X\nkey=", which);
-        { int z; for (z = 0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c", key[z],((z+1)%16)?' ':'\n'); }
-        printf("\niv=");
-        { int z; for (z = 0; z<k; z++) printf("%02X%c", iv[z],((z+1)%16)?' ':'\n'); }
-        printf("\n");
-#endif
        OPENSSL_cleanse(tmp1, sizeof(tmp1));
        OPENSSL_cleanse(tmp2, sizeof(tmp2));
@@ -570,20 +559,8 @@ tls1_setup_key_block(SSL *s)
                goto err;
        }
-#ifdef TLS_DEBUG
-        printf("client random\n");
-        { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-        printf("server random\n");
-        { int z; for (z = 0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c", s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-        printf("pre-master\n");
-        { int z; for (z = 0; z<s->session->master_key_length; z++) printf("%02X%c", s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
        if (!tls1_generate_key_block(s, p1, p2, num))
                goto err;
-#ifdef TLS_DEBUG
-        printf("\nkey block\n");
-        { int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); }
-#endif
        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
            s->method->version <= TLS1_VERSION) {
@@ -919,16 +896,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
        if (!stream_mac)
                EVP_MD_CTX_cleanup(&hmac);
-#ifdef TLS_DEBUG
-        printf("sec=");
-        {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", mac_sec[z]); printf("\n"); }
-        printf("seq=");
-        {int z; for (z = 0; z<8; z++) printf("%02X ", seq[z]); printf("\n"); }
-        printf("buf=");
-        {int z; for (z = 0; z<5; z++) printf("%02X ", buf[z]); printf("\n"); }
-        printf("rec=");
-        {unsigned int z; for (z = 0; z<rec->length; z++) printf("%02X ", buf[z]); printf("\n"); }
-#endif
        if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {
                for (i = 7; i >= 0; i--) {
@@ -938,9 +905,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
                }
        }
-#ifdef TLS_DEBUG
-        {unsigned int z; for (z = 0; z<md_size; z++) printf("%02X ", md[z]); printf("\n"); }
-#endif
        return (md_size);
 }
@@ -973,16 +937,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
            so, sol,
            p, len,
            s->session->master_key, buff, sizeof buff);
-#ifdef SSL_DEBUG
-        fprintf(stderr, "Premaster Secret:\n");
-        BIO_dump_fp(stderr, (char *)p, len);
-        fprintf(stderr, "Client Random:\n");
-        BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
-        fprintf(stderr, "Server Random:\n");
-        BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
-        fprintf(stderr, "Master Secret:\n");
-        BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
-#endif
        return (SSL3_MASTER_SECRET_SIZE);
 }
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index e08e7fedc6..5f96e1fa7e 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -131,10 +131,6 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
                memcpy(p, s->s3->previous_client_finished,
                    s->s3->previous_client_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-                fprintf(stderr, "%s RI extension sent by client\n",
-                    s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
        }
        *len = s->s3->previous_client_finished_len + 1;
@@ -184,10 +180,6 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-#ifdef OPENSSL_RI_DEBUG
-        fprintf(stderr, "%s RI extension received by server\n",
-            ilen ? "Non-empty" : "Empty");
-#endif
        s->s3->send_connection_binding = 1;
@@ -219,10 +211,6 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
                memcpy(p, s->s3->previous_server_finished,
                    s->s3->previous_server_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-                fprintf(stderr, "%s RI extension sent by server\n",
-                    s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
        }
        *len = s->s3->previous_client_finished_len +
@@ -288,10 +276,6 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-#ifdef OPENSSL_RI_DEBUG
-        fprintf(stderr, "%s RI extension received by client\n",
-            ilen ? "Non-empty" : "Empty");
-#endif
        s->s3->send_connection_binding = 1;
        return 1;
author	jsing <>	2014-05-25 16:23:10 +0000
committer	jsing <>	2014-05-25 16:23:10 +0000
commit	20aefbf0b86724bbf87cb9ceb36defa64e4691ab (patch)
tree	3f1db49f0679d8ac712ededb86f1b538423eea91 /src
parent	23deca1ca2f60559c720fd71c5ac72fb2c862771 (diff)
download	openbsd-20aefbf0b86724bbf87cb9ceb36defa64e4691ab.tar.gz openbsd-20aefbf0b86724bbf87cb9ceb36defa64e4691ab.tar.bz2 openbsd-20aefbf0b86724bbf87cb9ceb36defa64e4691ab.zip