wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove outdated DEBUG flags.

Browse source 
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2016-02-18 11:33:21 -05:00 committed by Rich Salz
parent 1bd8bc558d
commit d63a5e5e7d
42 changed files with 30 additions and 469 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Configure
View file

@ -76,7 +76,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED"
my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG"
. " -pedantic"
. " -Wall"
. " -Wno-long-long"

72
apps/apps.c
View file

@ -1462,9 +1462,6 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
#endif
}
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
ERR_print_errors(bio_err);
@ -1503,17 +1500,10 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
serialfile, buf[1]);
#endif
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
@ -1525,10 +1515,6 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
perror("reason");
goto err;
}
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
buf[0], serialfile);
#endif
if (rename(buf[0], serialfile) < 0) {
BIO_printf(bio_err,
"unable to rename %s to %s\n", buf[0], serialfile);
@ -1604,10 +1590,6 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
if (dbattr_conf) {
char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
if (p) {
#ifdef RL_DEBUG
BIO_printf(bio_err,
"DEBUG[load_index]: unique_subject = \"%s\"\n", p);
#endif
retdb->attributes.unique_subject = parse_yesno(p, 1);
}
}
@ -1654,21 +1636,12 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
#else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
#else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
#else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
@ -1682,9 +1655,6 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err;
out = BIO_new_file(buf[1], "w");
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
#endif
if (out == NULL) {
perror(buf[2]);
BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
@ -1715,31 +1685,16 @@ int rotate_index(const char *dbfile, const char *new_suffix,
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
#else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
#else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
#else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
#else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
#endif
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
@ -1750,18 +1705,12 @@ int rotate_index(const char *dbfile, const char *new_suffix,
perror("reason");
goto err;
}
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
#endif
if (rename(buf[0], dbfile) < 0) {
BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
perror("reason");
rename(buf[1], dbfile);
goto err;
}
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
#endif
if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
#ifdef ENOTDIR
&& errno != ENOTDIR
@ -1773,9 +1722,6 @@ int rotate_index(const char *dbfile, const char *new_suffix,
rename(buf[1], dbfile);
goto err;
}
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
#endif
if (rename(buf[2], buf[4]) < 0) {
BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
perror("reason");

21
apps/x509.c
View file

@ -89,10 +89,6 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
char *section, ASN1_INTEGER *sno, int reqfile);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
static int force_version = 2;
#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
@ -108,7 +104,6 @@ typedef enum OPTION_choice {
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
OPT_FORCE_VERSION,
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
@ -189,9 +184,6 @@ OPTIONS x509_options[] = {
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
{"force_version", OPT_FORCE_VERSION, 'p'},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@ -288,11 +280,6 @@ int x509_main(int argc, char **argv)
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
case OPT_FORCE_VERSION:
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
force_version = atoi(opt_arg()) - 1;
#endif
break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
@ -1046,11 +1033,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if (conf) {
X509V3_CTX ctx2;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
X509_set_version(x, force_version);
#else
X509_set_version(x, 2); /* version 3 certificate */
#endif
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
@ -1123,11 +1106,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
}
if (conf) {
X509V3_CTX ctx;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
X509_set_version(x, force_version);
#else
X509_set_version(x, 2); /* version 3 certificate */
#endif
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))

8
crypto/bn/bn_ctx.c
View file

@ -53,14 +53,6 @@
*
*/
#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"

11
crypto/camellia/cmll_ecb.c
View file

@ -48,23 +48,12 @@
*
*/
#ifndef CAMELLIA_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#include <openssl/camellia.h>
#include "cmll_locl.h"
void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key, const int enc)
{
assert(in && out && key);
assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
if (CAMELLIA_ENCRYPT == enc)
Camellia_encrypt(in, out, key);
else

10
crypto/comp/c_zlib.c
View file

@ -224,11 +224,6 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
err = deflate(&state->ostream, Z_SYNC_FLUSH);
if (err != Z_OK)
return -1;
# ifdef DEBUG_ZLIB
fprintf(stderr, "compress(%4d)->%4d %s\n",
ilen, olen - state->ostream.avail_out,
(ilen != olen - state->ostream.avail_out) ? "zlib" : "clear");
# endif
return olen - state->ostream.avail_out;
}
@ -250,11 +245,6 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
err = inflate(&state->istream, Z_SYNC_FLUSH);
if (err != Z_OK)
return -1;
# ifdef DEBUG_ZLIB
fprintf(stderr, "expand(%4d)->%4d %s\n",
ilen, olen - state->istream.avail_out,
(ilen != olen - state->istream.avail_out) ? "zlib" : "clear");
# endif
return olen - state->istream.avail_out;
}

6
crypto/conf/conf_api.c
View file

@ -57,12 +57,6 @@
/* Part of the code in here was originally in conf.c, which is now removed */
#ifndef CONF_DEBUG
# undef NDEBUG /* avoid conflicting definitions */
# define NDEBUG
#endif
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>

7
crypto/engine/tb_cipher.c
View file

@ -54,13 +54,6 @@
#include "eng_int.h"
/*
* If this symbol is defined then ENGINE_get_cipher_engine(), the function
* that is used by EVP to hook in cipher code and cache defaults (etc), will
* display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_CIPHER_DEBUG */
static ENGINE_TABLE *cipher_table = NULL;
void ENGINE_unregister_ciphers(ENGINE *e)

7
crypto/engine/tb_dh.c
View file

@ -54,13 +54,6 @@
#include "eng_int.h"
/*
* If this symbol is defined then ENGINE_get_default_DH(), the function that
* is used by DH to hook in implementation code and cache defaults (etc),
* will display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_DH_DEBUG */
static ENGINE_TABLE *dh_table = NULL;
static const int dummy_nid = 1;

7
crypto/engine/tb_digest.c
View file

@ -54,13 +54,6 @@
#include "eng_int.h"
/*
* If this symbol is defined then ENGINE_get_digest_engine(), the function
* that is used by EVP to hook in digest code and cache defaults (etc), will
* display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_DIGEST_DEBUG */
static ENGINE_TABLE *digest_table = NULL;
void ENGINE_unregister_digests(ENGINE *e)

7
crypto/engine/tb_dsa.c
View file

@ -54,13 +54,6 @@
#include "eng_int.h"
/*
* If this symbol is defined then ENGINE_get_default_DSA(), the function that
* is used by DSA to hook in implementation code and cache defaults (etc),
* will display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_DSA_DEBUG */
static ENGINE_TABLE *dsa_table = NULL;
static const int dummy_nid = 1;

7
crypto/engine/tb_eckey.c
View file

@ -54,13 +54,6 @@
#include "eng_int.h"
/*
* If this symbol is defined then ENGINE_get_default_EC_KEY(), the function that
* is used by EC_KEY to hook in implementation code and cache defaults (etc),
* will display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_EC_KEY_DEBUG */
static ENGINE_TABLE *dh_table = NULL;
static const int dummy_nid = 1;

7
crypto/engine/tb_pkmeth.c
View file

@ -55,13 +55,6 @@
#include "eng_int.h"
#include <openssl/evp.h>
/*
* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
* that is used by EVP to hook in pkey_meth code and cache defaults (etc),
* will display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_PKEY_METH_DEBUG */
static ENGINE_TABLE *pkey_meth_table = NULL;
void ENGINE_unregister_pkey_meths(ENGINE *e)

7
crypto/engine/tb_rand.c
View file

@ -54,13 +54,6 @@
#include "eng_int.h"
/*
* If this symbol is defined then ENGINE_get_default_RAND(), the function
* that is used by RAND to hook in implementation code and cache defaults
* (etc), will display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_RAND_DEBUG */
static ENGINE_TABLE *rand_table = NULL;
static const int dummy_nid = 1;

7
crypto/engine/tb_rsa.c
View file

@ -54,13 +54,6 @@
#include "eng_int.h"
/*
* If this symbol is defined then ENGINE_get_default_RSA(), the function that
* is used by RSA to hook in implementation code and cache defaults (etc),
* will display brief debugging summaries to stderr with the 'nid'.
*/
/* #define ENGINE_RSA_DEBUG */
static ENGINE_TABLE *rsa_table = NULL;
static const int dummy_nid = 1;

8
crypto/evp/p5_crpt2.c
View file

@ -64,9 +64,9 @@
# include "evp_locl.h"
/* set this to print out info about the keygen algorithm */
/* #define DEBUG_PKCS5V2 */
/* #define OPENSSL_DEBUG_PKCS5V2 */
# ifdef DEBUG_PKCS5V2
# ifdef OPENSSL_DEBUG_PKCS5V2
static void h__dump(const unsigned char *p, int len);
# endif
@ -157,7 +157,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
}
HMAC_CTX_free(hctx);
HMAC_CTX_free(hctx_tpl);
# ifdef DEBUG_PKCS5V2
# ifdef OPENSSL_DEBUG_PKCS5V2
fprintf(stderr, "Password:\n");
h__dump(pass, passlen);
fprintf(stderr, "Salt:\n");
@ -315,7 +315,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
return rv;
}
# ifdef DEBUG_PKCS5V2
# ifdef OPENSSL_DEBUG_PKCS5V2
static void h__dump(const unsigned char *p, int len)
{
for (; len--; p++)

10
crypto/evp/scrypt.c
View file

@ -290,16 +290,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
keylen, key) == 0)
goto err;
rv = 1;
#ifdef SCRYPT_DEBUG
fprintf(stderr, "scrypt parameters:\n");
fprintf(stderr, "N=%lu, p=%lu, r=%lu\n", N, p, r);
fprintf(stderr, "Salt:\n");
BIO_dump_fp(stderr, (char *)salt, saltlen);
fprintf(stderr, "Password:\n");
BIO_dump_fp(stderr, (char *)pass, passlen);
fprintf(stderr, "Key:\n");
BIO_dump_fp(stderr, (char *)key, keylen);
#endif
err:
OPENSSL_clear_free(B, allocsize);
return rv;

11
crypto/modes/cbc128.c
View file

@ -52,13 +52,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
# define STRICT_ALIGNMENT 0
#endif
@ -70,8 +63,6 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
size_t n;
const unsigned char *iv = ivec;
assert(in && out && key && ivec);
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (STRICT_ALIGNMENT &&
((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
@ -123,8 +114,6 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
unsigned char c[16];
} tmp;
assert(in && out && key && ivec);
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (in != out) {
const unsigned char *iv = ivec;

7
crypto/modes/ccm128.c
View file

@ -51,13 +51,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
/*
* First you setup M and L parameters and pass the key schedule. This is
* called once per session setup...

15
crypto/modes/cfb128.c
View file

@ -52,13 +52,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
/*
* The input and output encrypted as though 128bit cfb mode is being used.
* The extra state information to record how much of the 128bit block we have
@ -72,8 +65,6 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
unsigned int n;
size_t l = 0;
assert(in && out && key && ivec && num);
n = *num;
if (enc) {
@ -228,9 +219,6 @@ void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
size_t n;
unsigned char c[1], d[1];
assert(in && out && key && ivec && num);
assert(*num == 0);
for (n = 0; n < bits; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
@ -246,9 +234,6 @@ void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
{
size_t n;
assert(in && out && key && ivec && num);
assert(*num == 0);
for (n = 0; n < length; ++n)
cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
}

13
crypto/modes/ctr128.c
View file

@ -52,13 +52,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
/*
* NOTE: the IV/counter CTR mode is big-endian. The code itself is
* endian-neutral.
@ -125,9 +118,6 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
unsigned int n;
size_t l = 0;
assert(in && out && key && ecount_buf && num);
assert(*num < 16);
n = *num;
#if !defined(OPENSSL_SMALL_FOOTPRINT)
@ -203,9 +193,6 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
{
unsigned int n, ctr32;
assert(in && out && key && ecount_buf && num);
assert(*num < 16);
n = *num;
while (n && len) {

23
crypto/modes/cts128.c
View file

@ -9,13 +9,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
/*
* Trouble with Ciphertext Stealing, CTS, mode is that there is no
* common official specification, but couple of cipher/application
@ -36,8 +29,6 @@ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
{
size_t residue, n;
assert(in && out && key && ivec);
if (len <= 16)
return 0;
@ -68,8 +59,6 @@ size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
{
size_t residue, n;
assert(in && out && key && ivec);
if (len < 16)
return 0;
@ -103,8 +92,6 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
unsigned char c[16];
} tmp;
assert(in && out && key && ivec);
if (len <= 16)
return 0;
@ -141,8 +128,6 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
unsigned char c[16];
} tmp;
assert(in && out && key && ivec);
if (len < 16)
return 0;
@ -179,8 +164,6 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
unsigned char c[32];
} tmp;
assert(in && out && key && ivec);
if (len <= 16)
return 0;
@ -224,8 +207,6 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
unsigned char c[32];
} tmp;
assert(in && out && key && ivec);
if (len < 16)
return 0;
@ -272,8 +253,6 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
unsigned char c[32];
} tmp;
assert(in && out && key && ivec);
if (len <= 16)
return 0;
@ -314,8 +293,6 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
unsigned char c[32];
} tmp;
assert(in && out && key && ivec);
if (len < 16)
return 0;

7
crypto/modes/gcm128.c
View file

@ -51,13 +51,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
/* redefine, because alignment is ensured */
# undef GETU32

9
crypto/modes/ofb128.c
View file

@ -52,13 +52,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
/*
* The input and output encrypted as though 128bit ofb mode is being used.
* The extra state information to record how much of the 128bit block we have
@ -71,8 +64,6 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
unsigned int n;
size_t l = 0;
assert(in && out && key && ivec && num);
n = *num;
#if !defined(OPENSSL_SMALL_FOOTPRINT)

7
crypto/modes/xts128.c
View file

@ -51,13 +51,6 @@
#include "modes_lcl.h"
#include <string.h>
#ifndef MODES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
const unsigned char iv[16],
const unsigned char *inp, unsigned char *out,

4
crypto/pkcs12/p12_decr.c
View file

@ -62,7 +62,7 @@
/* Define this to dump decrypted output to files called DERnnn */
/*
* #define DEBUG_DECRYPT
* #define OPENSSL_DEBUG_DECRYPT
*/
/*
@ -144,7 +144,7 @@ void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
return NULL;
}
p = out;
#ifdef DEBUG_DECRYPT
#ifdef OPENSSL_DEBUG_DECRYPT
{
FILE *op;

12
crypto/pkcs12/p12_key.c
View file

@ -63,9 +63,9 @@
/* Uncomment out this line to get debugging info about key generation */
/*
* #define DEBUG_KEYGEN
* #define OPENSSL_DEBUG_KEYGEN
*/
#ifdef DEBUG_KEYGEN
#ifdef OPENSSL_DEBUG_KEYGEN
# include <openssl/bio.h>
extern BIO *bio_err;
void h__dump(unsigned char *p, int len);
@ -109,7 +109,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int ret = 0;
BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
EVP_MD_CTX *ctx = NULL;
#ifdef DEBUG_KEYGEN
#ifdef OPENSSL_DEBUG_KEYGEN
unsigned char *tmpout = out;
int tmpn = n;
#endif
@ -118,7 +118,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
if (ctx == NULL)
goto err;
#ifdef DEBUG_KEYGEN
#ifdef OPENSSL_DEBUG_KEYGEN
fprintf(stderr, "KEYGEN DEBUG\n");
fprintf(stderr, "ID %d, ITER %d\n", id, iter);
fprintf(stderr, "Password (length %d):\n", passlen);
@ -166,7 +166,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
}
memcpy(out, Ai, min(n, u));
if (u >= n) {
#ifdef DEBUG_KEYGEN
#ifdef OPENSSL_DEBUG_KEYGEN
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
h__dump(tmpout, tmpn);
#endif
@ -221,7 +221,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
return ret;
}
#ifdef DEBUG_KEYGEN
#ifdef OPENSSL_DEBUG_KEYGEN
void h__dump(unsigned char *p, int len)
{
for (; len--; p++)

10
crypto/rand/md_rand.c
View file

@ -108,13 +108,6 @@
*
*/
#ifdef MD_RAND_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#include <stdio.h>
#include <string.h>
@ -350,9 +343,6 @@ static int rand_add(const void *buf, int num, double add)
if (!do_not_lock)
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
assert(md_c[1] == md_count[1]);
#endif
rv = 1;
err:
EVP_MD_CTX_free(m);

5
crypto/rsa/rsa_sign.c
View file

@ -235,11 +235,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
sigtype = OBJ_obj2nid(sig->algor->algorithm);
#ifdef RSA_DEBUG
/* put a backward compatibility flag in EAY */
fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
OBJ_nid2ln(dtype));
#endif
if (sigtype != dtype) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
goto err;

7
doc/ssl/SSL_CONF_cmd.pod
View file

@ -174,13 +174,6 @@ Set by default.
enables strict mode protocol handling. Equivalent to setting
B<SSL_CERT_FLAG_TLS_STRICT>.
=item B<-debug_broken_protocol>
disables various checks and permits several kinds of broken protocol behaviour
for testing purposes: it should B<NEVER> be used in anything other than a test
environment. Only supported if OpenSSL is configured with
B<-DOPENSSL_SSL_DEBUG_BROKEN_PROTOCOL>.
=back
=head1 SUPPORTED CONFIGURATION FILE COMMANDS

8
ssl/record/ssl3_record.c
View file

@ -394,7 +394,7 @@ int ssl3_get_record(SSL *s)
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
goto f_err;
}
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
printf("dec %d\n", rr->length);
{
unsigned int z;
@ -973,7 +973,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
EVP_MD_CTX_free(hmac);
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
fprintf(stderr, "seq=");
{
int z;
@ -997,7 +997,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
break;
}
}
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
{
unsigned int z;
for (z = 0; z < md_size; z++)
@ -1267,7 +1267,7 @@ int dtls1_process_record(SSL *s)
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto err;
}
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
printf("dec %d\n", rr->length);
{
unsigned int z;

21
ssl/s3_lib.c
View file

@ -1627,23 +1627,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
},
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Cipher FF */
{
1,
"SCSV",
SSL3_CK_SCSV,
0,
0,
0,
0,
0,
0,
0,
0,
0},
#endif
#ifndef OPENSSL_NO_EC
/* Cipher C006 */
@ -3743,10 +3726,6 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
if (cp == NULL)
fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
#endif
return cp;
}

4
ssl/ssl_ciph.c
View file

@ -940,10 +940,6 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
cp->name, cp->algorithm_mkey, cp->algorithm_auth,
cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
cp->algo_strength);
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
if (cipher_id && cipher_id != cp->id)
continue;
#endif
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;

6
ssl/ssl_conf.c
View file

@ -588,9 +588,6 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("strict", 0),
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
SSL_CONF_CMD_SWITCH("debug_broken_protocol", 0),
#endif
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
SSL_CONF_CMD_STRING(Curves, "curves", 0),
@ -652,9 +649,6 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
/* no_legacy_server_connect */
{SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
{SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
{SSL_CERT_FLAG_BROKEN_PROTOCOL, SSL_TFLAG_CERT} /* debug_broken_protocol */
#endif
};
static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)

19
ssl/ssl_lib.c
View file

@ -2648,15 +2648,6 @@ CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
return NULL;
ssl_set_masks(s, s->s3->tmp.new_cipher);
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/*
* Broken protocol test: return last used certificate: which may mismatch
* the one expected.
*/
if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
return c->key;
#endif
i = ssl_get_server_cert_index(s);
/* This may or may not be an error. */
@ -2677,16 +2668,6 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
alg_a = cipher->algorithm_auth;
c = s->cert;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/*
* Broken protocol test: use last key: which may mismatch the one
* expected.
*/
if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
idx = c->key - c->pkeys;
else
#endif
if ((alg_a & SSL_aDSS) &&
(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
idx = SSL_PKEY_DSA_SIGN;

29
ssl/ssl_locl.h
View file

@ -1593,35 +1593,6 @@ struct tls_sigalgs_st {
unsigned char rhash;
};
/*
* #define MAC_DEBUG
*/
/*
* #define ERR_DEBUG
*/
/*
* #define ABORT_DEBUG
*/
/*
* #define PKT_DEBUG 1
*/
/*
* #define DES_DEBUG
*/
/*
* #define DES_OFB_DEBUG
*/
/*
* #define SSL_DEBUG
*/
/*
* #define RSA_DEBUG
*/
/*
* #define IDEA_DEBUG
*/
# define FP_ICC (int (*)(const void *,const void *))
/*

12
ssl/statem/statem_clnt.c
View file

@ -2870,14 +2870,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
/* Skip disabled ciphers */
if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
continue;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
if (c->id == SSL3_CK_SCSV) {
if (!empty_reneg_info_scsv)
continue;
else
empty_reneg_info_scsv = 0;
}
#endif
j = s->method->put_cipher_by_char(c, p);
p += j;
}
@ -2892,10 +2884,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
};
j = s->method->put_cipher_by_char(&scsv, p);
p += j;
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr,
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
#endif
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {

3
ssl/statem/statem_srvr.c
View file

@ -3222,9 +3222,6 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
goto err;
}
s->s3->send_connection_binding = 1;
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "SCSV received by server\n");
#endif
continue;
}

8
ssl/t1_enc.c
View file

@ -364,7 +364,7 @@ int tls1_change_cipher_state(SSL *s, int which)
}
EVP_PKEY_free(mac_key);
}
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
printf("which = %04X\nmac key=", which);
{
int z;
@ -426,7 +426,7 @@ int tls1_change_cipher_state(SSL *s, int which)
}
#endif
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
printf("which = %04X\nkey=", which);
{
int z;
@ -495,7 +495,7 @@ int tls1_setup_key_block(SSL *s)
s->s3->tmp.key_block_length = num;
s->s3->tmp.key_block = p;
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
printf("client random\n");
{
int z;
@ -520,7 +520,7 @@ int tls1_setup_key_block(SSL *s)
#endif
if (!tls1_generate_key_block(s, p, num))
goto err;
#ifdef TLS_DEBUG
#ifdef SSL_DEBUG
printf("\nkey block\n");
{
int z;

38
ssl/t1_lib.c
View file

@ -788,11 +788,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
*/
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Allow any curve: not just those peer supports */
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
return 1;
# endif
/*
* If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other
* curves permitted.
@ -3451,30 +3446,6 @@ int tls1_process_sigalgs(SSL *s)
if (!tls1_set_shared_sigalgs(s))
return 0;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
/*
* Use first set signature preference to force message digest,
* ignoring any peer preferences.
*/
const unsigned char *sigs = NULL;
if (s->server)
sigs = c->conf_sigalgs;
else
sigs = c->client_sigalgs;
if (sigs) {
idx = tls12_get_pkey_idx(sigs[1]);
md = tls12_get_hash(sigs[0]);
pmd[idx] = md;
pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN;
if (idx == SSL_PKEY_RSA_SIGN) {
pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN;
pmd[SSL_PKEY_RSA_ENC] = md;
}
}
}
#endif
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++) {
idx = tls12_get_pkey_idx(sigptr->rsign);
@ -3748,15 +3719,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
/* If no cert or key, forget it */
if (!x || !pk)
goto end;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Allow any certificate to pass test */
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
rv = CERT_PKEY_STRICT_FLAGS | CERT_PKEY_EXPLICIT_SIGN |
CERT_PKEY_VALID | CERT_PKEY_SIGN;
*pvalid = rv;
return rv;
}
#endif
} else {
if (!x || !pk)
return 0;

16
ssl/t1_reneg.c
View file

@ -128,10 +128,6 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension sent by client\n",
s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
#endif
}
*len = s->s3->previous_client_finished_len + 1;
@ -171,10 +167,6 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension received by server\n",
ilen ? "Non-empty" : "Empty");
#endif
s->s3->send_connection_binding = 1;
@ -204,10 +196,6 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension sent by server\n",
s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
#endif
}
*len = s->s3->previous_client_finished_len
@ -271,10 +259,6 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension received by client\n",
ilen ? "Non-empty" : "Empty");
#endif
s->s3->send_connection_binding = 1;
return 1;

1
util/mkdef.pl
View file

@ -174,7 +174,6 @@ foreach (@ARGV, split(/ /, $config{options}))
$do_ctest=1 if $_ eq "ctest";
$do_ctestall=1 if $_ eq "ctestall";
$do_checkexist=1 if $_ eq "exist";
#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
foreach (keys %disabled_algorithms) {