Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
-my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED"
+my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG"
. " -pedantic"
. " -Wall"
. " -Wno-long-long"
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
#endif
}
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
ERR_print_errors(bio_err);
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- serialfile, buf[1]);
#endif
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
perror("reason");
goto err;
}
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[0], serialfile);
-#endif
if (rename(buf[0], serialfile) < 0) {
BIO_printf(bio_err,
"unable to rename %s to %s\n", buf[0], serialfile);
if (dbattr_conf) {
char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
if (p) {
-#ifdef RL_DEBUG
- BIO_printf(bio_err,
- "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-#endif
retdb->attributes.unique_subject = parse_yesno(p, 1);
}
}
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
goto err;
out = BIO_new_file(buf[1], "w");
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
if (out == NULL) {
perror(buf[2]);
BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
-#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
-#else
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
#endif
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
perror("reason");
goto err;
}
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
-#endif
if (rename(buf[0], dbfile) < 0) {
BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
perror("reason");
rename(buf[1], dbfile);
goto err;
}
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
-#endif
if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
#ifdef ENOTDIR
&& errno != ENOTDIR
rename(buf[1], dbfile);
goto err;
}
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
-#endif
if (rename(buf[2], buf[4]) < 0) {
BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
perror("reason");
char *section, ASN1_INTEGER *sno, int reqfile);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-static int force_version = 2;
-#endif
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
- OPT_FORCE_VERSION,
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- {"force_version", OPT_FORCE_VERSION, 'p'},
-#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
- case OPT_FORCE_VERSION:
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- force_version = atoi(opt_arg()) - 1;
-#endif
- break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
if (conf) {
X509V3_CTX ctx2;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- X509_set_version(x, force_version);
-#else
X509_set_version(x, 2); /* version 3 certificate */
-#endif
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
}
if (conf) {
X509V3_CTX ctx;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- X509_set_version(x, force_version);
-#else
X509_set_version(x, 2); /* version 3 certificate */
-#endif
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
*
*/
-#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-
#include "internal/cryptlib.h"
#include "bn_lcl.h"
*
*/
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
#include <openssl/camellia.h>
#include "cmll_locl.h"
void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key, const int enc)
{
-
- assert(in && out && key);
- assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
-
if (CAMELLIA_ENCRYPT == enc)
Camellia_encrypt(in, out, key);
else
err = deflate(&state->ostream, Z_SYNC_FLUSH);
if (err != Z_OK)
return -1;
-# ifdef DEBUG_ZLIB
- fprintf(stderr, "compress(%4d)->%4d %s\n",
- ilen, olen - state->ostream.avail_out,
- (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear");
-# endif
return olen - state->ostream.avail_out;
}
err = inflate(&state->istream, Z_SYNC_FLUSH);
if (err != Z_OK)
return -1;
-# ifdef DEBUG_ZLIB
- fprintf(stderr, "expand(%4d)->%4d %s\n",
- ilen, olen - state->istream.avail_out,
- (ilen != olen - state->istream.avail_out) ? "zlib" : "clear");
-# endif
return olen - state->istream.avail_out;
}
/* Part of the code in here was originally in conf.c, which is now removed */
-#ifndef CONF_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
#include "eng_int.h"
-/*
- * If this symbol is defined then ENGINE_get_cipher_engine(), the function
- * that is used by EVP to hook in cipher code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_CIPHER_DEBUG */
-
static ENGINE_TABLE *cipher_table = NULL;
void ENGINE_unregister_ciphers(ENGINE *e)
#include "eng_int.h"
-/*
- * If this symbol is defined then ENGINE_get_default_DH(), the function that
- * is used by DH to hook in implementation code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_DH_DEBUG */
-
static ENGINE_TABLE *dh_table = NULL;
static const int dummy_nid = 1;
#include "eng_int.h"
-/*
- * If this symbol is defined then ENGINE_get_digest_engine(), the function
- * that is used by EVP to hook in digest code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_DIGEST_DEBUG */
-
static ENGINE_TABLE *digest_table = NULL;
void ENGINE_unregister_digests(ENGINE *e)
#include "eng_int.h"
-/*
- * If this symbol is defined then ENGINE_get_default_DSA(), the function that
- * is used by DSA to hook in implementation code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_DSA_DEBUG */
-
static ENGINE_TABLE *dsa_table = NULL;
static const int dummy_nid = 1;
#include "eng_int.h"
-/*
- * If this symbol is defined then ENGINE_get_default_EC_KEY(), the function that
- * is used by EC_KEY to hook in implementation code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_EC_KEY_DEBUG */
-
static ENGINE_TABLE *dh_table = NULL;
static const int dummy_nid = 1;
#include "eng_int.h"
#include <openssl/evp.h>
-/*
- * If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
- * that is used by EVP to hook in pkey_meth code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_PKEY_METH_DEBUG */
-
static ENGINE_TABLE *pkey_meth_table = NULL;
void ENGINE_unregister_pkey_meths(ENGINE *e)
#include "eng_int.h"
-/*
- * If this symbol is defined then ENGINE_get_default_RAND(), the function
- * that is used by RAND to hook in implementation code and cache defaults
- * (etc), will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_RAND_DEBUG */
-
static ENGINE_TABLE *rand_table = NULL;
static const int dummy_nid = 1;
#include "eng_int.h"
-/*
- * If this symbol is defined then ENGINE_get_default_RSA(), the function that
- * is used by RSA to hook in implementation code and cache defaults (etc),
- * will display brief debugging summaries to stderr with the 'nid'.
- */
-/* #define ENGINE_RSA_DEBUG */
-
static ENGINE_TABLE *rsa_table = NULL;
static const int dummy_nid = 1;
# include "evp_locl.h"
/* set this to print out info about the keygen algorithm */
-/* #define DEBUG_PKCS5V2 */
+/* #define OPENSSL_DEBUG_PKCS5V2 */
-# ifdef DEBUG_PKCS5V2
+# ifdef OPENSSL_DEBUG_PKCS5V2
static void h__dump(const unsigned char *p, int len);
# endif
}
HMAC_CTX_free(hctx);
HMAC_CTX_free(hctx_tpl);
-# ifdef DEBUG_PKCS5V2
+# ifdef OPENSSL_DEBUG_PKCS5V2
fprintf(stderr, "Password:\n");
h__dump(pass, passlen);
fprintf(stderr, "Salt:\n");
return rv;
}
-# ifdef DEBUG_PKCS5V2
+# ifdef OPENSSL_DEBUG_PKCS5V2
static void h__dump(const unsigned char *p, int len)
{
for (; len--; p++)
keylen, key) == 0)
goto err;
rv = 1;
-#ifdef SCRYPT_DEBUG
- fprintf(stderr, "scrypt parameters:\n");
- fprintf(stderr, "N=%lu, p=%lu, r=%lu\n", N, p, r);
- fprintf(stderr, "Salt:\n");
- BIO_dump_fp(stderr, (char *)salt, saltlen);
- fprintf(stderr, "Password:\n");
- BIO_dump_fp(stderr, (char *)pass, passlen);
- fprintf(stderr, "Key:\n");
- BIO_dump_fp(stderr, (char *)key, keylen);
-#endif
err:
OPENSSL_clear_free(B, allocsize);
return rv;
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
# define STRICT_ALIGNMENT 0
#endif
size_t n;
const unsigned char *iv = ivec;
- assert(in && out && key && ivec);
-
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (STRICT_ALIGNMENT &&
((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
unsigned char c[16];
} tmp;
- assert(in && out && key && ivec);
-
#if !defined(OPENSSL_SMALL_FOOTPRINT)
if (in != out) {
const unsigned char *iv = ivec;
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
/*
* First you setup M and L parameters and pass the key schedule. This is
* called once per session setup...
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
/*
* The input and output encrypted as though 128bit cfb mode is being used.
* The extra state information to record how much of the 128bit block we have
unsigned int n;
size_t l = 0;
- assert(in && out && key && ivec && num);
-
n = *num;
if (enc) {
size_t n;
unsigned char c[1], d[1];
- assert(in && out && key && ivec && num);
- assert(*num == 0);
-
for (n = 0; n < bits; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
{
size_t n;
- assert(in && out && key && ivec && num);
- assert(*num == 0);
-
for (n = 0; n < length; ++n)
cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
}
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
/*
* NOTE: the IV/counter CTR mode is big-endian. The code itself is
* endian-neutral.
unsigned int n;
size_t l = 0;
- assert(in && out && key && ecount_buf && num);
- assert(*num < 16);
-
n = *num;
#if !defined(OPENSSL_SMALL_FOOTPRINT)
{
unsigned int n, ctr32;
- assert(in && out && key && ecount_buf && num);
- assert(*num < 16);
-
n = *num;
while (n && len) {
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
/*
* Trouble with Ciphertext Stealing, CTS, mode is that there is no
* common official specification, but couple of cipher/application
{
size_t residue, n;
- assert(in && out && key && ivec);
-
if (len <= 16)
return 0;
{
size_t residue, n;
- assert(in && out && key && ivec);
-
if (len < 16)
return 0;
unsigned char c[16];
} tmp;
- assert(in && out && key && ivec);
-
if (len <= 16)
return 0;
unsigned char c[16];
} tmp;
- assert(in && out && key && ivec);
-
if (len < 16)
return 0;
unsigned char c[32];
} tmp;
- assert(in && out && key && ivec);
-
if (len <= 16)
return 0;
unsigned char c[32];
} tmp;
- assert(in && out && key && ivec);
-
if (len < 16)
return 0;
unsigned char c[32];
} tmp;
- assert(in && out && key && ivec);
-
if (len <= 16)
return 0;
unsigned char c[32];
} tmp;
- assert(in && out && key && ivec);
-
if (len < 16)
return 0;
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
#if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
/* redefine, because alignment is ensured */
# undef GETU32
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
/*
* The input and output encrypted as though 128bit ofb mode is being used.
* The extra state information to record how much of the 128bit block we have
unsigned int n;
size_t l = 0;
- assert(in && out && key && ivec && num);
-
n = *num;
#if !defined(OPENSSL_SMALL_FOOTPRINT)
#include "modes_lcl.h"
#include <string.h>
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
const unsigned char iv[16],
const unsigned char *inp, unsigned char *out,
/* Define this to dump decrypted output to files called DERnnn */
/*
- * #define DEBUG_DECRYPT
+ * #define OPENSSL_DEBUG_DECRYPT
*/
/*
return NULL;
}
p = out;
-#ifdef DEBUG_DECRYPT
+#ifdef OPENSSL_DEBUG_DECRYPT
{
FILE *op;
/* Uncomment out this line to get debugging info about key generation */
/*
- * #define DEBUG_KEYGEN
+ * #define OPENSSL_DEBUG_KEYGEN
*/
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
# include <openssl/bio.h>
extern BIO *bio_err;
void h__dump(unsigned char *p, int len);
int ret = 0;
BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
EVP_MD_CTX *ctx = NULL;
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
unsigned char *tmpout = out;
int tmpn = n;
#endif
if (ctx == NULL)
goto err;
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
fprintf(stderr, "KEYGEN DEBUG\n");
fprintf(stderr, "ID %d, ITER %d\n", id, iter);
fprintf(stderr, "Password (length %d):\n", passlen);
}
memcpy(out, Ai, min(n, u));
if (u >= n) {
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
h__dump(tmpout, tmpn);
#endif
return ret;
}
-#ifdef DEBUG_KEYGEN
+#ifdef OPENSSL_DEBUG_KEYGEN
void h__dump(unsigned char *p, int len)
{
for (; len--; p++)
*
*/
-#ifdef MD_RAND_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
#include <stdio.h>
#include <string.h>
if (!do_not_lock)
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
- assert(md_c[1] == md_count[1]);
-#endif
rv = 1;
err:
EVP_MD_CTX_free(m);
sigtype = OBJ_obj2nid(sig->algor->algorithm);
-#ifdef RSA_DEBUG
- /* put a backward compatibility flag in EAY */
- fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
- OBJ_nid2ln(dtype));
-#endif
if (sigtype != dtype) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
goto err;
enables strict mode protocol handling. Equivalent to setting
B<SSL_CERT_FLAG_TLS_STRICT>.
-=item B<-debug_broken_protocol>
-
-disables various checks and permits several kinds of broken protocol behaviour
-for testing purposes: it should B<NEVER> be used in anything other than a test
-environment. Only supported if OpenSSL is configured with
-B<-DOPENSSL_SSL_DEBUG_BROKEN_PROTOCOL>.
-
=back
=head1 SUPPORTED CONFIGURATION FILE COMMANDS
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
goto f_err;
}
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
printf("dec %d\n", rr->length);
{
unsigned int z;
EVP_MD_CTX_free(hmac);
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
fprintf(stderr, "seq=");
{
int z;
break;
}
}
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
{
unsigned int z;
for (z = 0; z < md_size; z++)
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto err;
}
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
printf("dec %d\n", rr->length);
{
unsigned int z;
},
#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Cipher FF */
- {
- 1,
- "SCSV",
- SSL3_CK_SCSV,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0},
-#endif
-
#ifndef OPENSSL_NO_EC
/* Cipher C006 */
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
- if (cp == NULL)
- fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
return cp;
}
cp->name, cp->algorithm_mkey, cp->algorithm_auth,
cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
cp->algo_strength);
-#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- if (cipher_id && cipher_id != cp->id)
- continue;
#endif
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;
SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("strict", 0),
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- SSL_CONF_CMD_SWITCH("debug_broken_protocol", 0),
-#endif
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
SSL_CONF_CMD_STRING(Curves, "curves", 0),
/* no_legacy_server_connect */
{SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
{SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- {SSL_CERT_FLAG_BROKEN_PROTOCOL, SSL_TFLAG_CERT} /* debug_broken_protocol */
-#endif
};
static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
return NULL;
ssl_set_masks(s, s->s3->tmp.new_cipher);
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /*
- * Broken protocol test: return last used certificate: which may mismatch
- * the one expected.
- */
- if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
- return c->key;
-#endif
-
i = ssl_get_server_cert_index(s);
/* This may or may not be an error. */
alg_a = cipher->algorithm_auth;
c = s->cert;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /*
- * Broken protocol test: use last key: which may mismatch the one
- * expected.
- */
- if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
- idx = c->key - c->pkeys;
- else
-#endif
-
if ((alg_a & SSL_aDSS) &&
(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
idx = SSL_PKEY_DSA_SIGN;
unsigned char rhash;
};
-/*
- * #define MAC_DEBUG
- */
-
-/*
- * #define ERR_DEBUG
- */
-/*
- * #define ABORT_DEBUG
- */
-/*
- * #define PKT_DEBUG 1
- */
-/*
- * #define DES_DEBUG
- */
-/*
- * #define DES_OFB_DEBUG
- */
-/*
- * #define SSL_DEBUG
- */
-/*
- * #define RSA_DEBUG
- */
-/*
- * #define IDEA_DEBUG
- */
-
# define FP_ICC (int (*)(const void *,const void *))
/*
/* Skip disabled ciphers */
if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
continue;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- if (c->id == SSL3_CK_SCSV) {
- if (!empty_reneg_info_scsv)
- continue;
- else
- empty_reneg_info_scsv = 0;
- }
-#endif
j = s->method->put_cipher_by_char(c, p);
p += j;
}
};
j = s->method->put_cipher_by_char(&scsv, p);
p += j;
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr,
- "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
-#endif
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {
goto err;
}
s->s3->send_connection_binding = 1;
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "SCSV received by server\n");
-#endif
continue;
}
}
EVP_PKEY_free(mac_key);
}
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
printf("which = %04X\nmac key=", which);
{
int z;
}
#endif
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
printf("which = %04X\nkey=", which);
{
int z;
s->s3->tmp.key_block_length = num;
s->s3->tmp.key_block = p;
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
printf("client random\n");
{
int z;
#endif
if (!tls1_generate_key_block(s, p, num))
goto err;
-#ifdef TLS_DEBUG
+#ifdef SSL_DEBUG
printf("\nkey block\n");
{
int z;
*/
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
-# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Allow any curve: not just those peer supports */
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
- return 1;
-# endif
/*
* If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other
* curves permitted.
if (!tls1_set_shared_sigalgs(s))
return 0;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
- /*
- * Use first set signature preference to force message digest,
- * ignoring any peer preferences.
- */
- const unsigned char *sigs = NULL;
- if (s->server)
- sigs = c->conf_sigalgs;
- else
- sigs = c->client_sigalgs;
- if (sigs) {
- idx = tls12_get_pkey_idx(sigs[1]);
- md = tls12_get_hash(sigs[0]);
- pmd[idx] = md;
- pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN;
- if (idx == SSL_PKEY_RSA_SIGN) {
- pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN;
- pmd[SSL_PKEY_RSA_ENC] = md;
- }
- }
- }
-#endif
-
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++) {
idx = tls12_get_pkey_idx(sigptr->rsign);
/* If no cert or key, forget it */
if (!x || !pk)
goto end;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Allow any certificate to pass test */
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) {
- rv = CERT_PKEY_STRICT_FLAGS | CERT_PKEY_EXPLICIT_SIGN |
- CERT_PKEY_VALID | CERT_PKEY_SIGN;
- *pvalid = rv;
- return rv;
- }
-#endif
} else {
if (!x || !pk)
return 0;
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension sent by client\n",
- s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
}
*len = s->s3->previous_client_finished_len + 1;
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension received by server\n",
- ilen ? "Non-empty" : "Empty");
-#endif
s->s3->send_connection_binding = 1;
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension sent by server\n",
- s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
}
*len = s->s3->previous_client_finished_len
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension received by client\n",
- ilen ? "Non-empty" : "Empty");
-#endif
s->s3->send_connection_binding = 1;
return 1;
$do_ctest=1 if $_ eq "ctest";
$do_ctestall=1 if $_ eq "ctestall";
$do_checkexist=1 if $_ eq "exist";
- #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
foreach (keys %disabled_algorithms) {
projects / oweals / openssl.git / commitdiff