mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
1bd8bc558d
commit
d63a5e5e7d
@ -76,7 +76,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
|
||||
# Minimum warning options... any contributions to OpenSSL should at least get
|
||||
# past these.
|
||||
|
||||
my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED"
|
||||
my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG"
|
||||
. " -pedantic"
|
||||
. " -Wall"
|
||||
. " -Wno-long-long"
|
||||
|
72
apps/apps.c
72
apps/apps.c
@ -1462,9 +1462,6 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
|
||||
#endif
|
||||
}
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
|
||||
#endif
|
||||
out = BIO_new_file(buf[0], "w");
|
||||
if (out == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
@ -1503,17 +1500,10 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
|
||||
}
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
|
||||
#endif
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
|
||||
serialfile, buf[1]);
|
||||
#endif
|
||||
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
|
||||
#ifdef ENOTDIR
|
||||
@ -1525,10 +1515,6 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
|
||||
perror("reason");
|
||||
goto err;
|
||||
}
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
|
||||
buf[0], serialfile);
|
||||
#endif
|
||||
if (rename(buf[0], serialfile) < 0) {
|
||||
BIO_printf(bio_err,
|
||||
"unable to rename %s to %s\n", buf[0], serialfile);
|
||||
@ -1604,10 +1590,6 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
|
||||
if (dbattr_conf) {
|
||||
char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
|
||||
if (p) {
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err,
|
||||
"DEBUG[load_index]: unique_subject = \"%s\"\n", p);
|
||||
#endif
|
||||
retdb->attributes.unique_subject = parse_yesno(p, 1);
|
||||
}
|
||||
}
|
||||
@ -1654,21 +1636,12 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
|
||||
}
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
|
||||
#else
|
||||
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
|
||||
#endif
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
|
||||
#endif
|
||||
out = BIO_new_file(buf[0], "w");
|
||||
if (out == NULL) {
|
||||
@ -1682,9 +1655,6 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
|
||||
goto err;
|
||||
|
||||
out = BIO_new_file(buf[1], "w");
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
|
||||
#endif
|
||||
if (out == NULL) {
|
||||
perror(buf[2]);
|
||||
BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
|
||||
@ -1715,31 +1685,16 @@ int rotate_index(const char *dbfile, const char *new_suffix,
|
||||
}
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
|
||||
#else
|
||||
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
|
||||
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
|
||||
#else
|
||||
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
|
||||
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
|
||||
#endif
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
|
||||
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
|
||||
#endif
|
||||
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
|
||||
#ifdef ENOTDIR
|
||||
@ -1750,18 +1705,12 @@ int rotate_index(const char *dbfile, const char *new_suffix,
|
||||
perror("reason");
|
||||
goto err;
|
||||
}
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
|
||||
#endif
|
||||
if (rename(buf[0], dbfile) < 0) {
|
||||
BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
|
||||
perror("reason");
|
||||
rename(buf[1], dbfile);
|
||||
goto err;
|
||||
}
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
|
||||
#endif
|
||||
if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
|
||||
#ifdef ENOTDIR
|
||||
&& errno != ENOTDIR
|
||||
@ -1773,9 +1722,6 @@ int rotate_index(const char *dbfile, const char *new_suffix,
|
||||
rename(buf[1], dbfile);
|
||||
goto err;
|
||||
}
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
|
||||
#endif
|
||||
if (rename(buf[2], buf[4]) < 0) {
|
||||
BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
|
||||
perror("reason");
|
||||
|
21
apps/x509.c
21
apps/x509.c
@ -89,10 +89,6 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
char *section, ASN1_INTEGER *sno, int reqfile);
|
||||
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
|
||||
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
static int force_version = 2;
|
||||
#endif
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
|
||||
@ -108,7 +104,6 @@ typedef enum OPTION_choice {
|
||||
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
|
||||
OPT_SUBJECT_HASH_OLD,
|
||||
OPT_ISSUER_HASH_OLD,
|
||||
OPT_FORCE_VERSION,
|
||||
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
|
||||
} OPTION_CHOICE;
|
||||
|
||||
@ -189,9 +184,6 @@ OPTIONS x509_options[] = {
|
||||
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
|
||||
"Print old-style (MD5) subject hash value"},
|
||||
#endif
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
{"force_version", OPT_FORCE_VERSION, 'p'},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
#endif
|
||||
@ -288,11 +280,6 @@ int x509_main(int argc, char **argv)
|
||||
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
|
||||
goto opthelp;
|
||||
break;
|
||||
case OPT_FORCE_VERSION:
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
force_version = atoi(opt_arg()) - 1;
|
||||
#endif
|
||||
break;
|
||||
case OPT_DAYS:
|
||||
days = atoi(opt_arg());
|
||||
break;
|
||||
@ -1046,11 +1033,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
|
||||
if (conf) {
|
||||
X509V3_CTX ctx2;
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
X509_set_version(x, force_version);
|
||||
#else
|
||||
X509_set_version(x, 2); /* version 3 certificate */
|
||||
#endif
|
||||
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
|
||||
X509V3_set_nconf(&ctx2, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
|
||||
@ -1123,11 +1106,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
|
||||
}
|
||||
if (conf) {
|
||||
X509V3_CTX ctx;
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
X509_set_version(x, force_version);
|
||||
#else
|
||||
X509_set_version(x, 2); /* version 3 certificate */
|
||||
#endif
|
||||
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
|
||||
X509V3_set_nconf(&ctx, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
|
||||
|
@ -53,14 +53,6 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
|
||||
|
@ -48,23 +48,12 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef CAMELLIA_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/camellia.h>
|
||||
#include "cmll_locl.h"
|
||||
|
||||
void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const CAMELLIA_KEY *key, const int enc)
|
||||
{
|
||||
|
||||
assert(in && out && key);
|
||||
assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
|
||||
|
||||
if (CAMELLIA_ENCRYPT == enc)
|
||||
Camellia_encrypt(in, out, key);
|
||||
else
|
||||
|
@ -224,11 +224,6 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
|
||||
err = deflate(&state->ostream, Z_SYNC_FLUSH);
|
||||
if (err != Z_OK)
|
||||
return -1;
|
||||
# ifdef DEBUG_ZLIB
|
||||
fprintf(stderr, "compress(%4d)->%4d %s\n",
|
||||
ilen, olen - state->ostream.avail_out,
|
||||
(ilen != olen - state->ostream.avail_out) ? "zlib" : "clear");
|
||||
# endif
|
||||
return olen - state->ostream.avail_out;
|
||||
}
|
||||
|
||||
@ -250,11 +245,6 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
|
||||
err = inflate(&state->istream, Z_SYNC_FLUSH);
|
||||
if (err != Z_OK)
|
||||
return -1;
|
||||
# ifdef DEBUG_ZLIB
|
||||
fprintf(stderr, "expand(%4d)->%4d %s\n",
|
||||
ilen, olen - state->istream.avail_out,
|
||||
(ilen != olen - state->istream.avail_out) ? "zlib" : "clear");
|
||||
# endif
|
||||
return olen - state->istream.avail_out;
|
||||
}
|
||||
|
||||
|
@ -57,12 +57,6 @@
|
||||
|
||||
/* Part of the code in here was originally in conf.c, which is now removed */
|
||||
|
||||
#ifndef CONF_DEBUG
|
||||
# undef NDEBUG /* avoid conflicting definitions */
|
||||
# define NDEBUG
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/conf.h>
|
||||
|
@ -54,13 +54,6 @@
|
||||
|
||||
#include "eng_int.h"
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_cipher_engine(), the function
|
||||
* that is used by EVP to hook in cipher code and cache defaults (etc), will
|
||||
* display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_CIPHER_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *cipher_table = NULL;
|
||||
|
||||
void ENGINE_unregister_ciphers(ENGINE *e)
|
||||
|
@ -54,13 +54,6 @@
|
||||
|
||||
#include "eng_int.h"
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_default_DH(), the function that
|
||||
* is used by DH to hook in implementation code and cache defaults (etc),
|
||||
* will display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_DH_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *dh_table = NULL;
|
||||
static const int dummy_nid = 1;
|
||||
|
||||
|
@ -54,13 +54,6 @@
|
||||
|
||||
#include "eng_int.h"
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_digest_engine(), the function
|
||||
* that is used by EVP to hook in digest code and cache defaults (etc), will
|
||||
* display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_DIGEST_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *digest_table = NULL;
|
||||
|
||||
void ENGINE_unregister_digests(ENGINE *e)
|
||||
|
@ -54,13 +54,6 @@
|
||||
|
||||
#include "eng_int.h"
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_default_DSA(), the function that
|
||||
* is used by DSA to hook in implementation code and cache defaults (etc),
|
||||
* will display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_DSA_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *dsa_table = NULL;
|
||||
static const int dummy_nid = 1;
|
||||
|
||||
|
@ -54,13 +54,6 @@
|
||||
|
||||
#include "eng_int.h"
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_default_EC_KEY(), the function that
|
||||
* is used by EC_KEY to hook in implementation code and cache defaults (etc),
|
||||
* will display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_EC_KEY_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *dh_table = NULL;
|
||||
static const int dummy_nid = 1;
|
||||
|
||||
|
@ -55,13 +55,6 @@
|
||||
#include "eng_int.h"
|
||||
#include <openssl/evp.h>
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
|
||||
* that is used by EVP to hook in pkey_meth code and cache defaults (etc),
|
||||
* will display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_PKEY_METH_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *pkey_meth_table = NULL;
|
||||
|
||||
void ENGINE_unregister_pkey_meths(ENGINE *e)
|
||||
|
@ -54,13 +54,6 @@
|
||||
|
||||
#include "eng_int.h"
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_default_RAND(), the function
|
||||
* that is used by RAND to hook in implementation code and cache defaults
|
||||
* (etc), will display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_RAND_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *rand_table = NULL;
|
||||
static const int dummy_nid = 1;
|
||||
|
||||
|
@ -54,13 +54,6 @@
|
||||
|
||||
#include "eng_int.h"
|
||||
|
||||
/*
|
||||
* If this symbol is defined then ENGINE_get_default_RSA(), the function that
|
||||
* is used by RSA to hook in implementation code and cache defaults (etc),
|
||||
* will display brief debugging summaries to stderr with the 'nid'.
|
||||
*/
|
||||
/* #define ENGINE_RSA_DEBUG */
|
||||
|
||||
static ENGINE_TABLE *rsa_table = NULL;
|
||||
static const int dummy_nid = 1;
|
||||
|
||||
|
@ -64,9 +64,9 @@
|
||||
# include "evp_locl.h"
|
||||
|
||||
/* set this to print out info about the keygen algorithm */
|
||||
/* #define DEBUG_PKCS5V2 */
|
||||
/* #define OPENSSL_DEBUG_PKCS5V2 */
|
||||
|
||||
# ifdef DEBUG_PKCS5V2
|
||||
# ifdef OPENSSL_DEBUG_PKCS5V2
|
||||
static void h__dump(const unsigned char *p, int len);
|
||||
# endif
|
||||
|
||||
@ -157,7 +157,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
|
||||
}
|
||||
HMAC_CTX_free(hctx);
|
||||
HMAC_CTX_free(hctx_tpl);
|
||||
# ifdef DEBUG_PKCS5V2
|
||||
# ifdef OPENSSL_DEBUG_PKCS5V2
|
||||
fprintf(stderr, "Password:\n");
|
||||
h__dump(pass, passlen);
|
||||
fprintf(stderr, "Salt:\n");
|
||||
@ -315,7 +315,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
|
||||
return rv;
|
||||
}
|
||||
|
||||
# ifdef DEBUG_PKCS5V2
|
||||
# ifdef OPENSSL_DEBUG_PKCS5V2
|
||||
static void h__dump(const unsigned char *p, int len)
|
||||
{
|
||||
for (; len--; p++)
|
||||
|
@ -290,16 +290,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
|
||||
keylen, key) == 0)
|
||||
goto err;
|
||||
rv = 1;
|
||||
#ifdef SCRYPT_DEBUG
|
||||
fprintf(stderr, "scrypt parameters:\n");
|
||||
fprintf(stderr, "N=%lu, p=%lu, r=%lu\n", N, p, r);
|
||||
fprintf(stderr, "Salt:\n");
|
||||
BIO_dump_fp(stderr, (char *)salt, saltlen);
|
||||
fprintf(stderr, "Password:\n");
|
||||
BIO_dump_fp(stderr, (char *)pass, passlen);
|
||||
fprintf(stderr, "Key:\n");
|
||||
BIO_dump_fp(stderr, (char *)key, keylen);
|
||||
#endif
|
||||
err:
|
||||
OPENSSL_clear_free(B, allocsize);
|
||||
return rv;
|
||||
|
@ -52,13 +52,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
|
||||
# define STRICT_ALIGNMENT 0
|
||||
#endif
|
||||
@ -70,8 +63,6 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t n;
|
||||
const unsigned char *iv = ivec;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
#if !defined(OPENSSL_SMALL_FOOTPRINT)
|
||||
if (STRICT_ALIGNMENT &&
|
||||
((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
|
||||
@ -123,8 +114,6 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char c[16];
|
||||
} tmp;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
#if !defined(OPENSSL_SMALL_FOOTPRINT)
|
||||
if (in != out) {
|
||||
const unsigned char *iv = ivec;
|
||||
|
@ -51,13 +51,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
/*
|
||||
* First you setup M and L parameters and pass the key schedule. This is
|
||||
* called once per session setup...
|
||||
|
@ -52,13 +52,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
/*
|
||||
* The input and output encrypted as though 128bit cfb mode is being used.
|
||||
* The extra state information to record how much of the 128bit block we have
|
||||
@ -72,8 +65,6 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned int n;
|
||||
size_t l = 0;
|
||||
|
||||
assert(in && out && key && ivec && num);
|
||||
|
||||
n = *num;
|
||||
|
||||
if (enc) {
|
||||
@ -228,9 +219,6 @@ void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t n;
|
||||
unsigned char c[1], d[1];
|
||||
|
||||
assert(in && out && key && ivec && num);
|
||||
assert(*num == 0);
|
||||
|
||||
for (n = 0; n < bits; ++n) {
|
||||
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
|
||||
cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
|
||||
@ -246,9 +234,6 @@ void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
|
||||
{
|
||||
size_t n;
|
||||
|
||||
assert(in && out && key && ivec && num);
|
||||
assert(*num == 0);
|
||||
|
||||
for (n = 0; n < length; ++n)
|
||||
cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
|
||||
}
|
||||
|
@ -52,13 +52,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
/*
|
||||
* NOTE: the IV/counter CTR mode is big-endian. The code itself is
|
||||
* endian-neutral.
|
||||
@ -125,9 +118,6 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned int n;
|
||||
size_t l = 0;
|
||||
|
||||
assert(in && out && key && ecount_buf && num);
|
||||
assert(*num < 16);
|
||||
|
||||
n = *num;
|
||||
|
||||
#if !defined(OPENSSL_SMALL_FOOTPRINT)
|
||||
@ -203,9 +193,6 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
|
||||
{
|
||||
unsigned int n, ctr32;
|
||||
|
||||
assert(in && out && key && ecount_buf && num);
|
||||
assert(*num < 16);
|
||||
|
||||
n = *num;
|
||||
|
||||
while (n && len) {
|
||||
|
@ -9,13 +9,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
/*
|
||||
* Trouble with Ciphertext Stealing, CTS, mode is that there is no
|
||||
* common official specification, but couple of cipher/application
|
||||
@ -36,8 +29,6 @@ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
|
||||
{
|
||||
size_t residue, n;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len <= 16)
|
||||
return 0;
|
||||
|
||||
@ -68,8 +59,6 @@ size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
|
||||
{
|
||||
size_t residue, n;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len < 16)
|
||||
return 0;
|
||||
|
||||
@ -103,8 +92,6 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char c[16];
|
||||
} tmp;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len <= 16)
|
||||
return 0;
|
||||
|
||||
@ -141,8 +128,6 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char c[16];
|
||||
} tmp;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len < 16)
|
||||
return 0;
|
||||
|
||||
@ -179,8 +164,6 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
|
||||
unsigned char c[32];
|
||||
} tmp;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len <= 16)
|
||||
return 0;
|
||||
|
||||
@ -224,8 +207,6 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
|
||||
unsigned char c[32];
|
||||
} tmp;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len < 16)
|
||||
return 0;
|
||||
|
||||
@ -272,8 +253,6 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char c[32];
|
||||
} tmp;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len <= 16)
|
||||
return 0;
|
||||
|
||||
@ -314,8 +293,6 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char c[32];
|
||||
} tmp;
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
|
||||
if (len < 16)
|
||||
return 0;
|
||||
|
||||
|
@ -51,13 +51,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
|
||||
/* redefine, because alignment is ensured */
|
||||
# undef GETU32
|
||||
|
@ -52,13 +52,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
/*
|
||||
* The input and output encrypted as though 128bit ofb mode is being used.
|
||||
* The extra state information to record how much of the 128bit block we have
|
||||
@ -71,8 +64,6 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned int n;
|
||||
size_t l = 0;
|
||||
|
||||
assert(in && out && key && ivec && num);
|
||||
|
||||
n = *num;
|
||||
|
||||
#if !defined(OPENSSL_SMALL_FOOTPRINT)
|
||||
|
@ -51,13 +51,6 @@
|
||||
#include "modes_lcl.h"
|
||||
#include <string.h>
|
||||
|
||||
#ifndef MODES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
|
||||
const unsigned char iv[16],
|
||||
const unsigned char *inp, unsigned char *out,
|
||||
|
@ -62,7 +62,7 @@
|
||||
|
||||
/* Define this to dump decrypted output to files called DERnnn */
|
||||
/*
|
||||
* #define DEBUG_DECRYPT
|
||||
* #define OPENSSL_DEBUG_DECRYPT
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -144,7 +144,7 @@ void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
|
||||
return NULL;
|
||||
}
|
||||
p = out;
|
||||
#ifdef DEBUG_DECRYPT
|
||||
#ifdef OPENSSL_DEBUG_DECRYPT
|
||||
{
|
||||
FILE *op;
|
||||
|
||||
|
@ -63,9 +63,9 @@
|
||||
|
||||
/* Uncomment out this line to get debugging info about key generation */
|
||||
/*
|
||||
* #define DEBUG_KEYGEN
|
||||
* #define OPENSSL_DEBUG_KEYGEN
|
||||
*/
|
||||
#ifdef DEBUG_KEYGEN
|
||||
#ifdef OPENSSL_DEBUG_KEYGEN
|
||||
# include <openssl/bio.h>
|
||||
extern BIO *bio_err;
|
||||
void h__dump(unsigned char *p, int len);
|
||||
@ -109,7 +109,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
int ret = 0;
|
||||
BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
|
||||
EVP_MD_CTX *ctx = NULL;
|
||||
#ifdef DEBUG_KEYGEN
|
||||
#ifdef OPENSSL_DEBUG_KEYGEN
|
||||
unsigned char *tmpout = out;
|
||||
int tmpn = n;
|
||||
#endif
|
||||
@ -118,7 +118,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
|
||||
#ifdef DEBUG_KEYGEN
|
||||
#ifdef OPENSSL_DEBUG_KEYGEN
|
||||
fprintf(stderr, "KEYGEN DEBUG\n");
|
||||
fprintf(stderr, "ID %d, ITER %d\n", id, iter);
|
||||
fprintf(stderr, "Password (length %d):\n", passlen);
|
||||
@ -166,7 +166,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
}
|
||||
memcpy(out, Ai, min(n, u));
|
||||
if (u >= n) {
|
||||
#ifdef DEBUG_KEYGEN
|
||||
#ifdef OPENSSL_DEBUG_KEYGEN
|
||||
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
|
||||
h__dump(tmpout, tmpn);
|
||||
#endif
|
||||
@ -221,7 +221,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_KEYGEN
|
||||
#ifdef OPENSSL_DEBUG_KEYGEN
|
||||
void h__dump(unsigned char *p, int len)
|
||||
{
|
||||
for (; len--; p++)
|
||||
|
@ -108,13 +108,6 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef MD_RAND_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
@ -350,9 +343,6 @@ static int rand_add(const void *buf, int num, double add)
|
||||
if (!do_not_lock)
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
|
||||
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
|
||||
assert(md_c[1] == md_count[1]);
|
||||
#endif
|
||||
rv = 1;
|
||||
err:
|
||||
EVP_MD_CTX_free(m);
|
||||
|
@ -235,11 +235,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
|
||||
|
||||
sigtype = OBJ_obj2nid(sig->algor->algorithm);
|
||||
|
||||
#ifdef RSA_DEBUG
|
||||
/* put a backward compatibility flag in EAY */
|
||||
fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
|
||||
OBJ_nid2ln(dtype));
|
||||
#endif
|
||||
if (sigtype != dtype) {
|
||||
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
|
||||
goto err;
|
||||
|
@ -174,13 +174,6 @@ Set by default.
|
||||
enables strict mode protocol handling. Equivalent to setting
|
||||
B<SSL_CERT_FLAG_TLS_STRICT>.
|
||||
|
||||
=item B<-debug_broken_protocol>
|
||||
|
||||
disables various checks and permits several kinds of broken protocol behaviour
|
||||
for testing purposes: it should B<NEVER> be used in anything other than a test
|
||||
environment. Only supported if OpenSSL is configured with
|
||||
B<-DOPENSSL_SSL_DEBUG_BROKEN_PROTOCOL>.
|
||||
|
||||
=back
|
||||
|
||||
=head1 SUPPORTED CONFIGURATION FILE COMMANDS
|
||||
|
@ -394,7 +394,7 @@ int ssl3_get_record(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
goto f_err;
|
||||
}
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
printf("dec %d\n", rr->length);
|
||||
{
|
||||
unsigned int z;
|
||||
@ -973,7 +973,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
|
||||
|
||||
EVP_MD_CTX_free(hmac);
|
||||
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
fprintf(stderr, "seq=");
|
||||
{
|
||||
int z;
|
||||
@ -997,7 +997,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
|
||||
break;
|
||||
}
|
||||
}
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
{
|
||||
unsigned int z;
|
||||
for (z = 0; z < md_size; z++)
|
||||
@ -1267,7 +1267,7 @@ int dtls1_process_record(SSL *s)
|
||||
RECORD_LAYER_reset_packet_length(&s->rlayer);
|
||||
goto err;
|
||||
}
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
printf("dec %d\n", rr->length);
|
||||
{
|
||||
unsigned int z;
|
||||
|
21
ssl/s3_lib.c
21
ssl/s3_lib.c
@ -1627,23 +1627,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
|
||||
},
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
/* Cipher FF */
|
||||
{
|
||||
1,
|
||||
"SCSV",
|
||||
SSL3_CK_SCSV,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0},
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
|
||||
/* Cipher C006 */
|
||||
@ -3743,10 +3726,6 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
|
||||
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
|
||||
c.id = id;
|
||||
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
|
||||
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
|
||||
if (cp == NULL)
|
||||
fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
|
||||
#endif
|
||||
return cp;
|
||||
}
|
||||
|
||||
|
@ -940,10 +940,6 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
|
||||
cp->name, cp->algorithm_mkey, cp->algorithm_auth,
|
||||
cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
|
||||
cp->algo_strength);
|
||||
#endif
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
if (cipher_id && cipher_id != cp->id)
|
||||
continue;
|
||||
#endif
|
||||
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
|
||||
continue;
|
||||
|
@ -588,9 +588,6 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
|
||||
SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
|
||||
SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
|
||||
SSL_CONF_CMD_SWITCH("strict", 0),
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
SSL_CONF_CMD_SWITCH("debug_broken_protocol", 0),
|
||||
#endif
|
||||
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
|
||||
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
|
||||
SSL_CONF_CMD_STRING(Curves, "curves", 0),
|
||||
@ -652,9 +649,6 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
|
||||
/* no_legacy_server_connect */
|
||||
{SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
|
||||
{SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
{SSL_CERT_FLAG_BROKEN_PROTOCOL, SSL_TFLAG_CERT} /* debug_broken_protocol */
|
||||
#endif
|
||||
};
|
||||
|
||||
static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
|
||||
|
@ -2648,15 +2648,6 @@ CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
|
||||
return NULL;
|
||||
ssl_set_masks(s, s->s3->tmp.new_cipher);
|
||||
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
/*
|
||||
* Broken protocol test: return last used certificate: which may mismatch
|
||||
* the one expected.
|
||||
*/
|
||||
if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
|
||||
return c->key;
|
||||
#endif
|
||||
|
||||
i = ssl_get_server_cert_index(s);
|
||||
|
||||
/* This may or may not be an error. */
|
||||
@ -2677,16 +2668,6 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
|
||||
alg_a = cipher->algorithm_auth;
|
||||
c = s->cert;
|
||||
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
/*
|
||||
* Broken protocol test: use last key: which may mismatch the one
|
||||
* expected.
|
||||
*/
|
||||
if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
|
||||
idx = c->key - c->pkeys;
|
||||
else
|
||||
#endif
|
||||
|
||||
if ((alg_a & SSL_aDSS) &&
|
||||
(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
|
||||
idx = SSL_PKEY_DSA_SIGN;
|
||||
|
@ -1593,35 +1593,6 @@ struct tls_sigalgs_st {
|
||||
unsigned char rhash;
|
||||
};
|
||||
|
||||
/*
|
||||
* #define MAC_DEBUG
|
||||
*/
|
||||
|
||||
/*
|
||||
* #define ERR_DEBUG
|
||||
*/
|
||||
/*
|
||||
* #define ABORT_DEBUG
|
||||
*/
|
||||
/*
|
||||
* #define PKT_DEBUG 1
|
||||
*/
|
||||
/*
|
||||
* #define DES_DEBUG
|
||||
*/
|
||||
/*
|
||||
* #define DES_OFB_DEBUG
|
||||
*/
|
||||
/*
|
||||
* #define SSL_DEBUG
|
||||
*/
|
||||
/*
|
||||
* #define RSA_DEBUG
|
||||
*/
|
||||
/*
|
||||
* #define IDEA_DEBUG
|
||||
*/
|
||||
|
||||
# define FP_ICC (int (*)(const void *,const void *))
|
||||
|
||||
/*
|
||||
|
@ -2870,14 +2870,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
|
||||
/* Skip disabled ciphers */
|
||||
if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
|
||||
continue;
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
if (c->id == SSL3_CK_SCSV) {
|
||||
if (!empty_reneg_info_scsv)
|
||||
continue;
|
||||
else
|
||||
empty_reneg_info_scsv = 0;
|
||||
}
|
||||
#endif
|
||||
j = s->method->put_cipher_by_char(c, p);
|
||||
p += j;
|
||||
}
|
||||
@ -2892,10 +2884,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
|
||||
};
|
||||
j = s->method->put_cipher_by_char(&scsv, p);
|
||||
p += j;
|
||||
#ifdef OPENSSL_RI_DEBUG
|
||||
fprintf(stderr,
|
||||
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
|
||||
#endif
|
||||
}
|
||||
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
|
||||
static SSL_CIPHER scsv = {
|
||||
|
@ -3222,9 +3222,6 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
|
||||
goto err;
|
||||
}
|
||||
s->s3->send_connection_binding = 1;
|
||||
#ifdef OPENSSL_RI_DEBUG
|
||||
fprintf(stderr, "SCSV received by server\n");
|
||||
#endif
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -364,7 +364,7 @@ int tls1_change_cipher_state(SSL *s, int which)
|
||||
}
|
||||
EVP_PKEY_free(mac_key);
|
||||
}
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
printf("which = %04X\nmac key=", which);
|
||||
{
|
||||
int z;
|
||||
@ -426,7 +426,7 @@ int tls1_change_cipher_state(SSL *s, int which)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
printf("which = %04X\nkey=", which);
|
||||
{
|
||||
int z;
|
||||
@ -495,7 +495,7 @@ int tls1_setup_key_block(SSL *s)
|
||||
s->s3->tmp.key_block_length = num;
|
||||
s->s3->tmp.key_block = p;
|
||||
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
printf("client random\n");
|
||||
{
|
||||
int z;
|
||||
@ -520,7 +520,7 @@ int tls1_setup_key_block(SSL *s)
|
||||
#endif
|
||||
if (!tls1_generate_key_block(s, p, num))
|
||||
goto err;
|
||||
#ifdef TLS_DEBUG
|
||||
#ifdef SSL_DEBUG
|
||||
printf("\nkey block\n");
|
||||
{
|
||||
int z;
|
||||
|
38
ssl/t1_lib.c
38
ssl/t1_lib.c
@ -788,11 +788,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
|
||||
*/
|
||||
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
|
||||
{
|
||||
# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
/* Allow any curve: not just those peer supports */
|
||||
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
|
||||
return 1;
|
||||
# endif
|
||||
/*
|
||||
* If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other
|
||||
* curves permitted.
|
||||
@ -3451,30 +3446,6 @@ int tls1_process_sigalgs(SSL *s)
|
||||
if (!tls1_set_shared_sigalgs(s))
|
||||
return 0;
|
||||
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
|
||||
/*
|
||||
* Use first set signature preference to force message digest,
|
||||
* ignoring any peer preferences.
|
||||
*/
|
||||
const unsigned char *sigs = NULL;
|
||||
if (s->server)
|
||||
sigs = c->conf_sigalgs;
|
||||
else
|
||||
sigs = c->client_sigalgs;
|
||||
if (sigs) {
|
||||
idx = tls12_get_pkey_idx(sigs[1]);
|
||||
md = tls12_get_hash(sigs[0]);
|
||||
pmd[idx] = md;
|
||||
pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN;
|
||||
if (idx == SSL_PKEY_RSA_SIGN) {
|
||||
pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN;
|
||||
pmd[SSL_PKEY_RSA_ENC] = md;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
for (i = 0, sigptr = c->shared_sigalgs;
|
||||
i < c->shared_sigalgslen; i++, sigptr++) {
|
||||
idx = tls12_get_pkey_idx(sigptr->rsign);
|
||||
@ -3748,15 +3719,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
|
||||
/* If no cert or key, forget it */
|
||||
if (!x || !pk)
|
||||
goto end;
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
/* Allow any certificate to pass test */
|
||||
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
|
||||
rv = CERT_PKEY_STRICT_FLAGS | CERT_PKEY_EXPLICIT_SIGN |
|
||||
CERT_PKEY_VALID | CERT_PKEY_SIGN;
|
||||
*pvalid = rv;
|
||||
return rv;
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
if (!x || !pk)
|
||||
return 0;
|
||||
|
@ -128,10 +128,6 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
|
||||
|
||||
memcpy(p, s->s3->previous_client_finished,
|
||||
s->s3->previous_client_finished_len);
|
||||
#ifdef OPENSSL_RI_DEBUG
|
||||
fprintf(stderr, "%s RI extension sent by client\n",
|
||||
s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
|
||||
#endif
|
||||
}
|
||||
|
||||
*len = s->s3->previous_client_finished_len + 1;
|
||||
@ -171,10 +167,6 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
|
||||
*al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
return 0;
|
||||
}
|
||||
#ifdef OPENSSL_RI_DEBUG
|
||||
fprintf(stderr, "%s RI extension received by server\n",
|
||||
ilen ? "Non-empty" : "Empty");
|
||||
#endif
|
||||
|
||||
s->s3->send_connection_binding = 1;
|
||||
|
||||
@ -204,10 +196,6 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
|
||||
|
||||
memcpy(p, s->s3->previous_server_finished,
|
||||
s->s3->previous_server_finished_len);
|
||||
#ifdef OPENSSL_RI_DEBUG
|
||||
fprintf(stderr, "%s RI extension sent by server\n",
|
||||
s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
|
||||
#endif
|
||||
}
|
||||
|
||||
*len = s->s3->previous_client_finished_len
|
||||
@ -271,10 +259,6 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
|
||||
*al = SSL_AD_ILLEGAL_PARAMETER;
|
||||
return 0;
|
||||
}
|
||||
#ifdef OPENSSL_RI_DEBUG
|
||||
fprintf(stderr, "%s RI extension received by client\n",
|
||||
ilen ? "Non-empty" : "Empty");
|
||||
#endif
|
||||
s->s3->send_connection_binding = 1;
|
||||
|
||||
return 1;
|
||||
|
@ -174,7 +174,6 @@ foreach (@ARGV, split(/ /, $config{options}))
|
||||
$do_ctest=1 if $_ eq "ctest";
|
||||
$do_ctestall=1 if $_ eq "ctestall";
|
||||
$do_checkexist=1 if $_ eq "exist";
|
||||
#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
|
||||
if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
|
||||
my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
|
||||
foreach (keys %disabled_algorithms) {
|
||||
|
Loading…
Reference in New Issue
Block a user