Dead code cleanup: crypto/*.c, x509v3, demos

Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

crypto/o_init.c

@@ -77,7 +77,4 @@ void OPENSSL_init(void)
     FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
     RAND_init_fips();
 #endif
-#if 0
-    fprintf(stderr, "Called OPENSSL_init\n");
-#endif
 }

crypto/sparcv9cap.c

@@ -109,128 +109,6 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
         return 0;
 }
 
-#if 0 && defined(__sun) && defined(__SVR4)
-/*
- * This code path is disabled, because of incompatibility of libdevinfo.so.1
- * and libmalloc.so.1 (see below for details)
- */
-# include <malloc.h>
-# include <dlfcn.h>
-# include <libdevinfo.h>
-# include <sys/systeminfo.h>
-
-typedef di_node_t(*di_init_t) (const char *, uint_t);
-typedef void (*di_fini_t) (di_node_t);
-typedef char *(*di_node_name_t) (di_node_t);
-typedef int (*di_walk_node_t) (di_node_t, uint_t, di_node_name_t,
-                               int (*)(di_node_t, di_node_name_t));
-
-# define DLLINK(h,name) (name=(name##_t)dlsym((h),#name))
-
-static int walk_nodename(di_node_t node, di_node_name_t di_node_name)
-{
-    char *name = (*di_node_name) (node);
-
-    /* This is expected to catch all UltraSPARC flavors prior T1 */
-    if (!strcmp(name, "SUNW,UltraSPARC") ||
-        /* covers II,III,IV */
-        !strncmp(name, "SUNW,UltraSPARC-I", 17)) {
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
-
-        /* %tick is privileged only on UltraSPARC-I/II, but not IIe */
-        if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0')
-            OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
-        return DI_WALK_TERMINATE;
-    }
-    /* This is expected to catch remaining UltraSPARCs, such as T1 */
-    else if (!strncmp(name, "SUNW,UltraSPARC", 15)) {
-        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
-        return DI_WALK_TERMINATE;
-    }
-
-    return DI_WALK_CONTINUE;
-}
-
-void OPENSSL_cpuid_setup(void)
-{
-    void *h;
-    char *e, si[256];
-    static int trigger = 0;
-
-    if (trigger)
-        return;
-    trigger = 1;
-
-    if ((e = getenv("OPENSSL_sparcv9cap"))) {
-        OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
-        return;
-    }
-
-    if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) {
-        if (strcmp(si, "sun4v"))
-            /* FPU is preferred for all CPUs, but US-T1/2 */
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
-    }
-
-    if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) {
-        if (strstr(si, "+vis"))
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
-        if (strstr(si, "+vis2")) {
-            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-            OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-            return;
-        }
-    }
-# ifdef M_KEEP
-    /*
-     * Solaris libdevinfo.so.1 is effectively incomatible with
-     * libmalloc.so.1. Specifically, if application is linked with
-     * -lmalloc, it crashes upon startup with SIGSEGV in
-     * free(3LIBMALLOC) called by di_fini. Prior call to
-     * mallopt(M_KEEP,0) somehow helps... But not always...
-     */
-    if ((h = dlopen(NULL, RTLD_LAZY))) {
-        union {
-            void *p;
-            int (*f) (int, int);
-        } sym;
-        if ((sym.p = dlsym(h, "mallopt")))
-            (*sym.f) (M_KEEP, 0);
-        dlclose(h);
-    }
-# endif
-    if ((h = dlopen("libdevinfo.so.1", RTLD_LAZY)))
-        do {
-            di_init_t di_init;
-            di_fini_t di_fini;
-            di_walk_node_t di_walk_node;
-            di_node_name_t di_node_name;
-            di_node_t root_node;
-
-            if (!DLLINK(h, di_init))
-                break;
-            if (!DLLINK(h, di_fini))
-                break;
-            if (!DLLINK(h, di_walk_node))
-                break;
-            if (!DLLINK(h, di_node_name))
-                break;
-
-            if ((root_node = (*di_init) ("/", DINFOSUBTREE)) != DI_NODE_NIL) {
-                (*di_walk_node) (root_node, DI_WALK_SIBFIRST,
-                                 di_node_name, walk_nodename);
-                (*di_fini) (root_node);
-            }
-        } while (0);
-
-    if (h)
-        dlclose(h);
-}
-
-#else
-
 static sigjmp_buf common_jmp;
 static void common_handler(int sig)
 {
@@ -307,13 +185,6 @@ void OPENSSL_cpuid_setup(void)
         _sparcv9_vis3_probe();
         OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
     }
-# if 0                          /* was planned at some point but never
-                                 * implemented in hardware */
-    if (sigsetjmp(common_jmp, 1) == 0) {
-        (void)_sparcv9_random();
-        OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
-    }
-# endif
 
     /*
      * In wait for better solution _sparcv9_rdcfr is masked by
@@ -342,5 +213,3 @@ void OPENSSL_cpuid_setup(void)
     }
 # endif
 }
-
-#endif

crypto/x509v3/pcy_lib.c

@@ -140,15 +140,6 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
     return node->data->valid_policy;
 }
 
-#if 0
-int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
-{
-    if (node_critical(node))
-        return 1;
-    return 0;
-}
-#endif
-
 STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
                                                            X509_POLICY_NODE
                                                            *node)

crypto/x509v3/pcy_tree.c

@@ -156,14 +156,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
     int explicit_policy;
     int any_skip;
     int map_skip;
+
     *ptree = NULL;
     n = sk_X509_num(certs);
 
-#if 0
-    /* Disable policy mapping for now... */
-    flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
-
     if (flags & X509_V_FLAG_EXPLICIT_POLICY)
         explicit_policy = 0;
     else
@@ -340,19 +336,6 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
 
     for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
         data = sk_X509_POLICY_DATA_value(cache->data, i);
-        /*
-         * If a node is mapped any it doesn't have a corresponding
-         * CertificatePolicies entry. However such an identical node would
-         * be created if anyPolicy matching is enabled because there would be
-         * no match with the parent valid_policy_set. So we create link
-         * because then it will have the mapping flags right and we can prune
-         * it later.
-         */
-#if 0
-        if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
-            && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
-            continue;
-#endif
         /* Look for matching nodes in previous level */
         if (!tree_link_matching_nodes(curr, data))
             return 0;
@@ -432,9 +415,6 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
                          X509_POLICY_TREE *tree)
 {
     int i;
-    /*
-     * X509_POLICY_DATA *data;
-     */
     X509_POLICY_NODE *node;
     X509_POLICY_LEVEL *last = curr - 1;
 
@@ -443,35 +423,6 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
 
         if (!tree_link_unmatched(curr, cache, node, tree))
             return 0;
-
-#if 0
-
-        /*
-         * Skip any node with any children: we only want unmathced nodes.
-         * Note: need something better for policy mapping because each node
-         * may have multiple children
-         */
-        if (node->nchild)
-            continue;
-
-        /*
-         * Create a new node with qualifiers from anyPolicy and id from
-         * unmatched node.
-         */
-        data = policy_data_new(NULL, node->data->valid_policy,
-                               node_critical(node));
-
-        if (data == NULL)
-            return 0;
-        /* Curr may not have anyPolicy */
-        data->qualifier_set = cache->anyPolicy->qualifier_set;
-        data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-        if (!level_add_node(curr, data, node, tree)) {
-            policy_data_free(data);
-            return 0;
-        }
-#endif
-
     }
     /* Finally add link to anyPolicy */
     if (last->anyPolicy) {

crypto/x509v3/v3_utl.c

@@ -307,9 +307,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
                 *p = 0;
                 ntmp = strip_spaces(q);
                 q = p + 1;
-#if 0
-                printf("%s\n", ntmp);
-#endif
                 if (!ntmp) {
                     X509V3err(X509V3_F_X509V3_PARSE_LIST,
                               X509V3_R_INVALID_NULL_NAME);
@@ -324,9 +321,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
                 state = HDR_NAME;
                 *p = 0;
                 vtmp = strip_spaces(q);
-#if 0
-                printf("%s\n", ntmp);
-#endif
                 if (!vtmp) {
                     X509V3err(X509V3_F_X509V3_PARSE_LIST,
                               X509V3_R_INVALID_NULL_VALUE);
@@ -342,9 +336,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
 
     if (state == HDR_VALUE) {
         vtmp = strip_spaces(q);
-#if 0
-        printf("%s=%s\n", ntmp, vtmp);
-#endif
         if (!vtmp) {
             X509V3err(X509V3_F_X509V3_PARSE_LIST,
                       X509V3_R_INVALID_NULL_VALUE);
@@ -353,9 +344,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
         X509V3_add_value(ntmp, vtmp, &values);
     } else {
         ntmp = strip_spaces(q);
-#if 0
-        printf("%s\n", ntmp);
-#endif
         if (!ntmp) {
             X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
             goto err;

demos/bio/server-arg.c

@@ -72,7 +72,7 @@ int main(int argc, char *argv[])
         ERR_print_errors_fp(stderr);
         goto err;
     }
-#if 0
+#ifdef ITERATE_CERTS
     /*
      * Demo of how to iterate over all certificates in an SSL_CTX structure.
      */

demos/engines/rsaref/rsaref.c

@@ -36,9 +36,6 @@ static const char *engine_rsaref_name = "RSAref engine support";
 static int rsaref_destroy(ENGINE *e);
 static int rsaref_init(ENGINE *e);
 static int rsaref_finish(ENGINE *e);
-#if 0
-static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
-#endif
 
 /*****************************************************************************
  * Engine commands

demos/engines/zencod/hw_zencod.c

@@ -82,7 +82,7 @@
 
 #  define ZEN_LIBRARY     "zenbridge"
 
-#  if 0
+#  ifdef ZENCOD_TRACING
 #   define PERROR(s)     perror(s)
 #   define CHEESE()      fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
 #  else

demos/evp/aesgcm.c

@@ -85,13 +85,6 @@ void aes_gcm_decrypt(void)
     EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
     /* Specify key and IV */
     EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
-#if 0
-    /*
-     * Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
-     * required the tag before any AAD or ciphertext
-     */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
-#endif
     /* Zero or more calls to specify any AAD */
     EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
     /* Decrypt plaintext */
@@ -99,10 +92,7 @@ void aes_gcm_decrypt(void)
     /* Output decrypted block */
     printf("Plaintext:\n");
     BIO_dump_fp(stdout, outbuf, outlen);
-    /*
-     * Set expected tag value. Works in OpenSSL 1.0.1d and later
-     * In versions prior to OpenSSL 1.1.0 you should use EVP_CTRL_GCM_SET_TAG
-     */
+    /* Set expected tag value. */
     EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
     /* Finalise: note get no output for GCM */
     rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);

demos/selfsign.c

@@ -136,7 +136,7 @@ int days;
     X509_add_ext(x, ex, -1);
     X509_EXTENSION_free(ex);
 
-#if 0
+#ifdef ADD_CA_CONSTRAINT
     /* might want something like this too.... */
     ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
                              "critical,CA:TRUE");
@@ -145,7 +145,7 @@ int days;
     X509_EXTENSION_free(ex);
 #endif
 
-#ifdef CUSTOM_EXT
+#ifdef ADD_A_CUSTOM_EXTENSION
     /* Maybe even add our own extension based on existing */
     {
         int nid;