diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index db4510fbe6..97011f892a 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -66,57 +66,6 @@ #include #include "asn1_locl.h" -#if 0 - -int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) -{ -# ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING tmpstr = *(ASN1_STRING *)a; - - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; - - a = (ASN1_GENERALIZEDTIME *)&tmpstr; -# endif - return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, - V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); -} - -ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, - unsigned char **pp, - long length) -{ - ASN1_GENERALIZEDTIME *ret = NULL; - - ret = - (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, - V_ASN1_GENERALIZEDTIME, - V_ASN1_UNIVERSAL); - if (ret == NULL) { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); - return (NULL); - } -# ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -# endif - if (!ASN1_GENERALIZEDTIME_check(ret)) { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); - goto err; - } - - return (ret); - err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_GENERALIZEDTIME_free(ret); - return (NULL); -} - -#endif - int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) { static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 765698f144..1744853653 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -83,18 +83,6 @@ * Three IO functions for sending data to memory, a BIO and and a FILE * pointer. */ -#if 0 /* never used */ -static int send_mem_chars(void *arg, const void *buf, int len) -{ - unsigned char **out = arg; - if (!out) - return 1; - memcpy(*out, buf, len); - *out += len; - return 1; -} -#endif - static int send_bio_chars(void *arg, const void *buf, int len) { if (!arg) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 20e7c6decd..7ff3de37eb 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -71,33 +71,6 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) -#if 0 -int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) -{ -# ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - char tmp[24]; - ASN1_STRING tmpstr; - - if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { - int len; - - tmpstr = *(ASN1_STRING *)a; - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, - (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; - a = (ASN1_GENERALIZEDTIME *)&tmpstr; - } -# endif - if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) - return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, - a->type, V_ASN1_UNIVERSAL)); - ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME); - return -1; -} -#endif - ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) { return ASN1_TIME_adj(s, t, 0, 0); diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index e84e595f7a..9b552849f0 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -62,53 +62,6 @@ #include #include "asn1_locl.h" -#if 0 -int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) -{ -# ifndef CHARSET_EBCDIC - return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, - V_ASN1_UTCTIME, V_ASN1_UNIVERSAL)); -# else - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING x = *(ASN1_STRING *)a; - - len = x.length; - ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); - x.data = tmp; - return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); -# endif -} - -ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, - long length) -{ - ASN1_UTCTIME *ret = NULL; - - ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, - V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); - if (ret == NULL) { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); - return (NULL); - } -# ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -# endif - if (!ASN1_UTCTIME_check(ret)) { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); - goto err; - } - - return (ret); - err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_UTCTIME_free(ret); - return (NULL); -} - -#endif - int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) { static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; @@ -309,43 +262,3 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) return -1; return 0; } - -#if 0 -time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) -{ - struct tm tm; - int offset; - - memset(&tm, '\0', sizeof tm); - -# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') - tm.tm_year = g2(s->data); - if (tm.tm_year < 50) - tm.tm_year += 100; - tm.tm_mon = g2(s->data + 2) - 1; - tm.tm_mday = g2(s->data + 4); - tm.tm_hour = g2(s->data + 6); - tm.tm_min = g2(s->data + 8); - tm.tm_sec = g2(s->data + 10); - if (s->data[12] == 'Z') - offset = 0; - else { - offset = g2(s->data + 13) * 60 + g2(s->data + 15); - if (s->data[12] == '-') - offset = -offset; - } -# undef g2 - - /* - * FIXME: mktime assumes the current timezone - * instead of UTC, and unless we rewrite OpenSSL - * in Lisp we cannot locally change the timezone - * without possibly interfering with other parts - * of the program. timegm, which uses UTC, is - * non-standard. - * Also time_t is inappropriate for general - * UTC times because it may a 32 bit type. - */ - return mktime(&tm) - offset * 60; -} -#endif diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index aaf5d8508f..bf8452689b 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -137,12 +137,6 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, if (inf && !(ret & V_ASN1_CONSTRUCTED)) goto err; -#if 0 - fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", - (int)p, *plength, omax, (int)*pp, (int)(p + *plength), - (int)(omax + *pp)); - -#endif if (*plength > (omax - (p - *pp))) { ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG); /* diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 98cf249f61..58d65ac820 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -123,11 +123,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent; -#if 0 - dump_indent = indent; -#else dump_indent = 6; /* Because we know BIO_dump_indent() */ -#endif p = *pp; tot = p + length; op = p - 1; diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 0bdc2c2230..667db2625a 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -166,14 +166,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, if (!(cflag & X509_FLAG_NO_SIGNAME)) { if (X509_signature_print(bp, ci->signature, NULL) <= 0) goto err; -#if 0 - if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) - goto err; - if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) - goto err; - if (BIO_puts(bp, "\n") <= 0) - goto err; -#endif } if (!(cflag & X509_FLAG_NO_ISSUER)) { diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index d95603027a..94e220be69 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -245,10 +245,6 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, break; case ASN1_ITYPE_CHOICE: -#if 0 - if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) - return 0; -#endif /* CHOICE type, get selector */ i = asn1_get_choice_selector(fld, it); /* This should never happen... */ @@ -376,11 +372,6 @@ static int asn1_print_fsname(BIO *out, int indent, static const char spaces[] = " "; static const int nspaces = sizeof(spaces) - 1; -#if 0 - if (!sname && !fname) - return 1; -#endif - while (indent > nspaces) { if (BIO_write(out, spaces, nspaces) != nspaces) return 0; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index b4886f7f8c..54b7b0785a 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -479,15 +479,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } if (evp_cipher != NULL) { -#if 0 - unsigned char key[EVP_MAX_KEY_LENGTH]; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char *p; - int keylen, ivlen; - int max; - X509_OBJECT ret; -#endif - if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); goto err; @@ -593,22 +584,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) BIO_push(out, etmp); etmp = NULL; } -#if 1 if (PKCS7_is_detached(p7) || (in_bio != NULL)) { bio = in_bio; } else { -# if 0 - bio = BIO_new(BIO_s_mem()); - /* - * We need to set this so that when we have read all the data, the - * encrypt BIO, if present, will read EOF and encode the last few - * bytes - */ - BIO_set_mem_eof_return(bio, 0); - - if (data_body->length > 0) - BIO_write(bio, (char *)data_body->data, data_body->length); -# else if (data_body->length > 0) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { @@ -617,11 +595,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } if (bio == NULL) goto err; -# endif } BIO_push(out, bio); bio = NULL; -#endif if (0) { err: if (ek) { @@ -1017,17 +993,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if ((message_digest->length != (int)md_len) || (memcmp(message_digest->data, md_dat, md_len))) { -#if 0 - { - int ii; - for (ii = 0; ii < message_digest->length; ii++) - printf("%02X", message_digest->data[ii]); - printf(" sent\n"); - for (ii = 0; ii < md_len; ii++) - printf("%02X", md_dat[ii]); - printf(" calc\n"); - } -#endif PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); ret = -1; goto err; diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index dbd4100c8d..e659af824b 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -274,12 +274,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); return 0; } -#if 0 - /* - * NB: this test commented out because some versions of Netscape - * illegally include zero length content when signing data. - */ + /* + * Very old Netscape illegally included empty content with + * a detached signature. To not support that, enable the + * following flag. + */ +#ifdef OPENSSL_DONT_SUPPORT_OLD_NETSCAPE /* Check for data and content: two sets of data */ if (!PKCS7_get_detached(p7) && indata) { PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);