Clear warnings/errors within KSSL_DEBUG code sections
authorRichard Levitte <levitte@openssl.org>
Tue, 16 Dec 2014 03:13:41 +0000 (04:13 +0100)
committerRichard Levitte <levitte@openssl.org>
Wed, 17 Dec 2014 13:17:54 +0000 (14:17 +0100)
Reviewed-by: Andy Polyakov <appro@openssl.org>
crypto/evp/e_des3.c
ssl/kssl.c
ssl/s3_clnt.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/ssl_ciph.c
ssl/t1_enc.c

index 24e9fec..ad7be6b 100644 (file)
@@ -148,12 +148,11 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 #ifdef KSSL_DEBUG
        {
         int i;
-        char *cp;
-       printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
-       printf("\t iv= ");
+       fprintf(stderr,"des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, ctx->buf_len);
+       fprintf(stderr,"\t iv= ");
         for(i=0;i<8;i++)
-                printf("%02X",ctx->iv[i]);
-       printf("\n");
+                fprintf(stderr,"%02X",ctx->iv[i]);
+       fprintf(stderr,"\n");
        }
 #endif    /* KSSL_DEBUG */
        if (dat->stream.cbc)
@@ -307,11 +306,14 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #ifdef KSSL_DEBUG
        {
         int i;
-        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
-       printf("\tKEY= ");
-        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
-       printf("\t IV= ");
-        for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
+        fprintf(stderr,"des_ede3_init_key(ctx=%p)\n", ctx);
+       fprintf(stderr,"\tKEY= ");
+        for(i=0;i<24;i++) fprintf(stderr,"%02X",key[i]); fprintf(stderr,"\n");
+       if (iv) 
+               {
+               fprintf(stderr,"\t IV= ");
+               for(i=0;i<8;i++) fprintf(stderr,"%02X",iv[i]); fprintf(stderr,"\n");
+               }
        }
 #endif /* KSSL_DEBUG */
 
index fd7c67b..950a0c5 100644 (file)
@@ -954,15 +954,15 @@ print_krb5_data(char *label, krb5_data *kdata)
         {
        int i;
 
-       printf("%s[%d] ", label, kdata->length);
+       fprintf(stderr,"%s[%d] ", label, kdata->length);
        for (i=0; i < (int)kdata->length; i++)
                 {
                if (0 &&  isprint((int) kdata->data[i]))
-                        printf(        "%c ",  kdata->data[i]);
+                        fprintf(stderr,        "%c ",  kdata->data[i]);
                else
-                        printf(        "%02x ", (unsigned char) kdata->data[i]);
+                        fprintf(stderr,        "%02x ", (unsigned char) kdata->data[i]);
                }
-       printf("\n");
+       fprintf(stderr,"\n");
         }
 
 
@@ -973,20 +973,20 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
         {
        if (adata == NULL)
                 {
-               printf("%s, authdata==0\n", label);
+               fprintf(stderr,"%s, authdata==0\n", label);
                return;
                }
-       printf("%s [%p]\n", label, (void *)adata);
+       fprintf(stderr,"%s [%p]\n", label, (void *)adata);
 #if 0
        {
         int    i;
-       printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
+       fprintf(stderr,"%s[at%d:%d] ", label, adata->ad_type, adata->length);
        for (i=0; i < adata->length; i++)
                 {
-                printf((isprint(adata->contents[i]))? "%c ": "%02x",
+                fprintf(stderr,(isprint(adata->contents[i]))? "%c ": "%02x",
                         adata->contents[i]);
                }
-       printf("\n");
+       fprintf(stderr,"\n");
        }
 #endif
        }
@@ -1001,24 +1001,24 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
 
        if (keyblk == NULL)
                 {
-               printf("%s, keyblk==0\n", label);
+               fprintf(stderr,"%s, keyblk==0\n", label);
                return;
                }
 #ifdef KRB5_HEIMDAL
-       printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
+       fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->keytype,
                                           keyblk->keyvalue->length);
        for (i=0; i < (int)keyblk->keyvalue->length; i++)
                 {
-               printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
+               fprintf(stderr,"%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
                }
-       printf("\n");
+       fprintf(stderr,"\n");
 #else
-       printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
+       fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
        for (i=0; i < (int)keyblk->length; i++)
                 {
-               printf("%02x",keyblk->contents[i]);
+               fprintf(stderr,"%02x",keyblk->contents[i]);
                }
-       printf("\n");
+       fprintf(stderr,"\n");
 #endif
         }
 
@@ -1031,17 +1031,17 @@ print_krb5_princ(char *label, krb5_principal_data *princ)
         {
        int i, ui, uj;
 
-       printf("%s principal Realm: ", label);
+       fprintf(stderr,"%s principal Realm: ", label);
        if (princ == NULL)  return;
        for (ui=0; ui < (int)princ->realm.length; ui++)  putchar(princ->realm.data[ui]);
-       printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
+       fprintf(stderr," (nametype %d) has %d strings:\n", princ->type,princ->length);
        for (i=0; i < (int)princ->length; i++)
                 {
-               printf("\t%d [%d]: ", i, princ->data[i].length);
+               fprintf(stderr,"\t%d [%d]: ", i, princ->data[i].length);
                for (uj=0; uj < (int)princ->data[i].length; uj++)  {
                        putchar(princ->data[i].data[uj]);
                        }
-               printf("\n");
+               fprintf(stderr,"\n");
                }
        return;
         }
@@ -1332,7 +1332,7 @@ kssl_sget_tkt(    /* UPDATE */    KSSL_CTX                *kssl_ctx,
                }
 
 #ifdef KSSL_DEBUG
-       printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
+       fprintf(stderr,"in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
 #endif /* KSSL_DEBUG */
 
        if (!krb5context  &&  (krb5rc = krb5_init_context(&krb5context)))
@@ -1481,18 +1481,18 @@ kssl_sget_tkt(  /* UPDATE */    KSSL_CTX                *kssl_ctx,
 #ifdef KSSL_DEBUG
                {
                int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
-               printf("Decrypted ticket fields:\n");
-               printf("\tflags: %X, transit-type: %X",
+               fprintf(stderr,"Decrypted ticket fields:\n");
+               fprintf(stderr,"\tflags: %X, transit-type: %X",
                        krb5ticket->enc_part2->flags,
                        krb5ticket->enc_part2->transited.tr_type);
                print_krb5_data("\ttransit-data: ",
                        &(krb5ticket->enc_part2->transited.tr_contents));
-               printf("\tcaddrs: %p, authdata: %p\n",
+               fprintf(stderr,"\tcaddrs: %p, authdata: %p\n",
                        krb5ticket->enc_part2->caddrs,
                        krb5ticket->enc_part2->authorization_data);
                if (paddr)
                        {
-                       printf("\tcaddrs:\n");
+                       fprintf(stderr,"\tcaddrs:\n");
                        for (i=0; paddr[i] != NULL; i++)
                                {
                                krb5_data d;
@@ -1501,7 +1501,7 @@ kssl_sget_tkt(    /* UPDATE */    KSSL_CTX                *kssl_ctx,
                                print_krb5_data("\t\tIP: ", &d);
                                }
                        }
-               printf("\tstart/auth/end times: %d / %d / %d\n",
+               fprintf(stderr,"\tstart/auth/end times: %d / %d / %d\n",
                        krb5ticket->enc_part2->times.starttime,
                        krb5ticket->enc_part2->times.authtime,
                        krb5ticket->enc_part2->times.endtime);
@@ -1976,7 +1976,7 @@ krb5_error_code  kssl_validate_times(     krb5_timestamp atime,
        if ((now - ttimes->endtime) > skew)  return SSL_R_KRB5_S_TKT_EXPIRED;
 
 #ifdef KSSL_DEBUG
-       printf("kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
+       fprintf(stderr,"kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
                start, atime, now, skew, ttimes->endtime);
 #endif /* KSSL_DEBUG */
 
@@ -2027,10 +2027,10 @@ krb5_error_code  kssl_check_authent(
 #ifdef KSSL_DEBUG
         {
         unsigned int ui;
-       printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
+       fprintf(stderr,"kssl_check_authent: authenticator[%d]:\n",authentp->length);
        p = authentp->data; 
-       for (ui=0; ui < authentp->length; ui++)  printf("%02x ",p[ui]);
-       printf("\n");
+       for (ui=0; ui < authentp->length; ui++)  fprintf(stderr,"%02x ",p[ui]);
+       fprintf(stderr,"\n");
         }
 #endif /* KSSL_DEBUG */
 
@@ -2095,9 +2095,9 @@ krb5_error_code  kssl_check_authent(
 #ifdef KSSL_DEBUG
        {
        int padl;
-       printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
-       for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
-       printf("\n");
+       fprintf(stderr,"kssl_check_authent: decrypted authenticator[%d] =\n", outl);
+       for (padl=0; padl < outl; padl++) fprintf(stderr,"%02x ",unenc_authent[padl]);
+       fprintf(stderr,"\n");
        }
 #endif /* KSSL_DEBUG */
 
@@ -2132,10 +2132,10 @@ krb5_error_code  kssl_check_authent(
                }
 
 #ifdef KSSL_DEBUG
-       printf("kssl_check_authent: returns %d for client time ", *atimep);
+       fprintf(stderr,"kssl_check_authent: returns %d for client time ", *atimep);
        if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
-               printf("%.*s\n", auth->ctime->length, auth->ctime->data);
-       else    printf("NULL\n");
+               fprintf(stderr,"%.*s\n", auth->ctime->length, auth->ctime->data);
+       else    fprintf(stderr,"NULL\n");
 #endif /* KSSL_DEBUG */
 
  err:
index 2b9fdb0..47cb93d 100644 (file)
@@ -1263,9 +1263,9 @@ int ssl3_get_server_certificate(SSL *s)
                    ? 0 : 1;
 
 #ifdef KSSL_DEBUG
-       printf("pkey,x = %p, %p\n", pkey,x);
-       printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
-       printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
+       fprintf(stderr,"pkey,x = %p, %p\n", pkey,x);
+       fprintf(stderr,"ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
+       fprintf(stderr,"cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
                s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
 #endif    /* KSSL_DEBUG */
 
@@ -2537,7 +2537,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        EVP_CIPHER_CTX_init(&ciph_ctx);
 
 #ifdef KSSL_DEBUG
-                       printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+                       fprintf(stderr,"ssl3_send_client_key_exchange(%lx & %lx)\n",
                                alg_k, SSL_kKRB5);
 #endif /* KSSL_DEBUG */
 
@@ -2553,9 +2553,9 @@ int ssl3_send_client_key_exchange(SSL *s)
                            goto err;
 #ifdef KSSL_DEBUG
                        {
-                       printf("kssl_cget_tkt rtn %d\n", krb5rc);
+                       fprintf(stderr,"kssl_cget_tkt rtn %d\n", krb5rc);
                        if (krb5rc && kssl_err.text)
-                         printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+                         fprintf(stderr,"kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
                        }
 #endif /* KSSL_DEBUG */
 
index b0d69ed..82fc5a8 100644 (file)
@@ -4166,7 +4166,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #endif
                        
 #ifdef KSSL_DEBUG
-/*             printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
+/*             fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
 #endif    /* KSSL_DEBUG */
 
                alg_k=c->algorithm_mkey;
index 72ec51a..453d58b 100644 (file)
@@ -2542,10 +2542,10 @@ int ssl3_get_client_key_exchange(SSL *s)
                                        &kssl_err)) != 0)
                        {
 #ifdef KSSL_DEBUG
-                       printf("kssl_sget_tkt rtn %d [%d]\n",
+                       fprintf(stderr,"kssl_sget_tkt rtn %d [%d]\n",
                                krb5rc, kssl_err.reason);
                        if (kssl_err.text)
-                               printf("kssl_err text= %s\n", kssl_err.text);
+                               fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
 #endif /* KSSL_DEBUG */
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                kssl_err.reason);
@@ -2559,10 +2559,10 @@ int ssl3_get_client_key_exchange(SSL *s)
                                        &authtime, &kssl_err)) != 0)
                        {
 #ifdef KSSL_DEBUG
-                       printf("kssl_check_authent rtn %d [%d]\n",
+                       fprintf(stderr,"kssl_check_authent rtn %d [%d]\n",
                                krb5rc, kssl_err.reason);
                        if (kssl_err.text)
-                               printf("kssl_err text= %s\n", kssl_err.text);
+                               fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
 #endif /* KSSL_DEBUG */
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                kssl_err.reason);
index 726ba52..a6182dd 100644 (file)
@@ -837,7 +837,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                        co_list[co_list_num].active = 0;
                        co_list_num++;
 #ifdef KSSL_DEBUG
-                       printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
+                       fprintf(stderr,"\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
 #endif /* KSSL_DEBUG */
                        /*
                        if (!sk_push(ca_list,(char *)c)) goto err;
@@ -1482,7 +1482,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        num_of_ciphers = ssl_method->num_ciphers();
 #ifdef KSSL_DEBUG
-       printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+       fprintf(stderr,"ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
 #endif    /* KSSL_DEBUG */
        co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
        if (co_list == NULL)
index 7974762..5037130 100644 (file)
@@ -302,15 +302,15 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
                 s->session->master_key,s->session->master_key_length,
                 km,tmp,num);
 #ifdef KSSL_DEBUG
-       printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+       fprintf(stderr,"tls1_generate_key_block() ==> %d byte master_key =\n\t",
                 s->session->master_key_length);
        {
         int i;
         for (i=0; i < s->session->master_key_length; i++)
                 {
-                printf("%02X", s->session->master_key[i]);
+                fprintf(stderr,"%02X", s->session->master_key[i]);
                 }
-        printf("\n");  }
+        fprintf(stderr,"\n");  }
 #endif    /* KSSL_DEBUG */
        return ret;
        }
@@ -348,19 +348,19 @@ int tls1_change_cipher_state(SSL *s, int which)
 #endif
 
 #ifdef KSSL_DEBUG
-       printf("tls1_change_cipher_state(which= %d) w/\n", which);
-       printf("\talg= %ld/%ld, comp= %p\n",
+       fprintf(stderr,"tls1_change_cipher_state(which= %d) w/\n", which);
+       fprintf(stderr,"\talg= %ld/%ld, comp= %p\n",
               s->s3->tmp.new_cipher->algorithm_mkey,
               s->s3->tmp.new_cipher->algorithm_auth,
               comp);
-       printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
-       printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+       fprintf(stderr,"\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+       fprintf(stderr,"\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
                 c->nid,c->block_size,c->key_len,c->iv_len);
-       printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+       fprintf(stderr,"\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
        {
         int i;
         for (i=0; i<s->s3->tmp.key_block_length; i++)
-               printf("%02x", s->s3->tmp.key_block[i]);  printf("\n");
+               fprintf(stderr,"%02x", s->s3->tmp.key_block[i]);  fprintf(stderr,"\n");
         }
 #endif /* KSSL_DEBUG */
 
@@ -539,11 +539,11 @@ printf("which = %04X\nmac key=",which);
 #ifdef KSSL_DEBUG
        {
         int i;
-       printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
-       printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
-       printf("\n");
-       printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
-       printf("\n");
+       fprintf(stderr,"EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+       fprintf(stderr,"\tkey= "); for (i=0; i<c->key_len; i++) fprintf(stderr,"%02x", key[i]);
+       fprintf(stderr,"\n");
+       fprintf(stderr,"\t iv= "); for (i=0; i<c->iv_len; i++) fprintf(stderr,"%02x", iv[i]);
+       fprintf(stderr,"\n");
        }
 #endif /* KSSL_DEBUG */
 
@@ -614,7 +614,7 @@ int tls1_setup_key_block(SSL *s)
        int ret=0;
 
 #ifdef KSSL_DEBUG
-       printf ("tls1_setup_key_block()\n");
+       fprintf(stderr,"tls1_setup_key_block()\n");
 #endif /* KSSL_DEBUG */
 
        if (s->s3->tmp.key_block_length != 0)
@@ -763,7 +763,7 @@ int tls1_enc(SSL *s, int send)
                }
 
 #ifdef KSSL_DEBUG
-       printf("tls1_enc(%d)\n", send);
+       fprintf(stderr,"tls1_enc(%d)\n", send);
 #endif    /* KSSL_DEBUG */
 
        if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
@@ -835,18 +835,18 @@ int tls1_enc(SSL *s, int send)
 #ifdef KSSL_DEBUG
                {
                unsigned long ui;
-               printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+               fprintf(stderr,"EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
                        ds,rec->data,rec->input,l);
-               printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+               fprintf(stderr,"\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
                        ds->buf_len, ds->cipher->key_len,
                        DES_KEY_SZ, DES_SCHEDULE_SZ,
                        ds->cipher->iv_len);
-               printf("\t\tIV: ");
-               for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
-               printf("\n");
-               printf("\trec->input=");
-               for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
-               printf("\n");
+               fprintf(stderr,"\t\tIV: ");
+               for (i=0; i<ds->cipher->iv_len; i++) fprintf(stderr,"%02X", ds->iv[i]);
+               fprintf(stderr,"\n");
+               fprintf(stderr,"\trec->input=");
+               for (ui=0; ui<l; ui++) fprintf(stderr," %02x", rec->input[ui]);
+               fprintf(stderr,"\n");
                }
 #endif /* KSSL_DEBUG */
 
@@ -871,9 +871,9 @@ int tls1_enc(SSL *s, int send)
 #ifdef KSSL_DEBUG
                {
                unsigned long i;
-               printf("\trec->data=");
+               fprintf(stderr,"\trec->data=");
                for (i=0; i<l; i++)
-                       printf(" %02x", rec->data[i]);  printf("\n");
+                       fprintf(stderr," %02x", rec->data[i]);  fprintf(stderr,"\n");
                }
 #endif /* KSSL_DEBUG */
 
@@ -1105,7 +1105,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 
 
 #ifdef KSSL_DEBUG
-       printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+       fprintf(stderr,"tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
 #endif /* KSSL_DEBUG */
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
@@ -1158,7 +1158,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 #endif
 
 #ifdef KSSL_DEBUG
-       printf ("tls1_generate_master_secret() complete\n");
+       fprintf(stderr,"tls1_generate_master_secret() complete\n");
 #endif /* KSSL_DEBUG */
        return(SSL3_MASTER_SECRET_SIZE);
        }
@@ -1173,7 +1173,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
        int rv;
 
 #ifdef KSSL_DEBUG
-       printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, context, contextlen);
+       fprintf(stderr,"tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n", s, out, olen, label, llen, context, contextlen);
 #endif /* KSSL_DEBUG */
 
        buff = OPENSSL_malloc(olen);
@@ -1236,7 +1236,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                      out,buff,olen);
 
 #ifdef KSSL_DEBUG
-       printf ("tls1_export_keying_material() complete\n");
+       fprintf(stderr,"tls1_export_keying_material() complete\n");
 #endif /* KSSL_DEBUG */
        goto ret;
 err1: