From 4e5d2aaa41d7e298f93641bad5296a6b4ec2cad4 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Thu, 23 Mar 2017 14:26:43 +0100
Subject: [PATCH] Guard last few debugging printfs in libssl

Fixes #2542

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3018)
---
 ssl/d1_both.c | 6 ++++++
 ssl/s3_srvr.c | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 232a6d4bf4..e6bc761e8b 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1075,7 +1075,9 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 int dtls1_read_failed(SSL *s, int code)
 {
     if (code > 0) {
+#ifdef TLS_DEBUG
         fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+#endif
         return 1;
     }
 
@@ -1147,7 +1149,9 @@ int dtls1_retransmit_buffered_messages(SSL *s)
                                      (frag->msg_header.seq,
                                       frag->msg_header.is_ccs), 0,
                                      &found) <= 0 && found) {
+#ifdef TLS_DEBUG
             fprintf(stderr, "dtls1_retransmit_message() failed\n");
+#endif
             return -1;
         }
     }
@@ -1247,7 +1251,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
     item = pqueue_find(s->d1->sent_messages, seq64be);
     if (item == NULL) {
+#ifdef TLS_DEBUG
         fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
+#endif
         *found = 0;
         return 0;
     }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 773358e4ce..ba17f1b562 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3164,7 +3164,9 @@ int ssl3_get_cert_verify(SSL *s)
             goto f_err;
         }
         if (i != 64) {
+#ifdef SSL_DEBUG
             fprintf(stderr, "GOST signature length is %d", i);
+#endif
         }
         for (idx = 0; idx < 64; idx++) {
             signature[63 - idx] = p[idx];
-- 
2.25.1