Commit 9c3bcfa0 authored by Rich Salz's avatar Rich Salz Committed by Rich Salz
Browse files

Standardize handling of #ifdef'd options. 



Here are the "rules" for handling flags that depend on #ifdef:

- Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
  entries appear at the end; by convention "engine" is last.  This
  ensures that at run-time, the flag will never be recognized/allowed.
  The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
  disable it; leave the "case OPT_xxx:" and "break" statements outside
  the ifdef/ifndef.  See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
  OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
  and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
  for example.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 366e2a60

apps/ciphers.c

+5 −9
Original line number Diff line number Diff line
@@ -64,12 +64,8 @@ 


typedef enum OPTION_choice {

    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,

#ifndef OPENSSL_NO_SSL_TRACE

    OPT_STDNAME,

#endif

#ifndef OPENSSL_NO_SSL3

    OPT_SSL3,

#endif

    OPT_TLS1,

    OPT_V, OPT_UPPER_V, OPT_S

} OPTION_CHOICE;
@@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = { 
    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},

    {"V", OPT_UPPER_V, '-', "Even more verbose"},

    {"s", OPT_S, '-', "Only supported ciphers"},

    {"tls1", OPT_TLS1, '-', "TLS1 mode"},

#ifndef OPENSSL_NO_SSL_TRACE

    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},

#endif

#ifndef OPENSSL_NO_SSL3

    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},

#endif

    {"tls1", OPT_TLS1, '-', "TLS1 mode"},

    {NULL}

};
@@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv) 
        case OPT_S:

            use_supported = 1;

            break;

#ifndef OPENSSL_NO_SSL_TRACE

        case OPT_STDNAME:

#ifndef OPENSSL_NO_SSL_TRACE

            stdname = verbose = 1;

            break;

#endif

#ifndef OPENSSL_NO_SSL3

            break;

        case OPT_SSL3:

#ifndef OPENSSL_NO_SSL3

            meth = SSLv3_client_method();

            break;

#endif

            break;

        case OPT_TLS1:

            meth = TLSv1_client_method();

            break;

apps/cms.c

+10 −5
Original line number Diff line number Diff line
@@ -208,6 +208,8 @@ OPTIONS cms_options[] = { 
    {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},

    {"receipt_request_from", OPT_RR_FROM, 's'},

    {"receipt_request_to", OPT_RR_TO, 's'},

    {"", OPT_CIPHER, '-', "Any supported cipher"},

    OPT_V_OPTIONS,

# ifndef OPENSSL_NO_AES

    {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},

    {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
@@ -219,9 +221,7 @@ OPTIONS cms_options[] = { 
# ifndef OPENSSL_NO_ENGINE

    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},

# endif

    {"", OPT_CIPHER, '-', "Any supported cipher"},

    OPT_V_OPTIONS,

    {NULL},

    {NULL}

};



int cms_main(int argc, char **argv)
@@ -588,11 +588,11 @@ int cms_main(int argc, char **argv) 
                goto end;

            vpmtouched++;

            break;

# ifndef OPENSSL_NO_DES

        case OPT_3DES_WRAP:

# ifndef OPENSSL_NO_DES

            wrap_cipher = EVP_des_ede3_wrap();

            break;

# endif

            break;

# ifndef OPENSSL_NO_AES

        case OPT_AES128_WRAP:

            wrap_cipher = EVP_aes_128_wrap();
@@ -603,6 +603,11 @@ int cms_main(int argc, char **argv) 
        case OPT_AES256_WRAP:

            wrap_cipher = EVP_aes_256_wrap();

            break;

# else

        case OPT_AES128_WRAP:

        case OPT_AES192_WRAP:

        case OPT_AES256_WRAP:

            break;

# endif

        }

    }

apps/crl.c

+8 −8
Original line number Diff line number Diff line
@@ -95,11 +95,11 @@ OPTIONS crl_options[] = { 
    {"verify", OPT_VERIFY, '-'},

    {"text", OPT_TEXT, '-', "Print out a text format version"},

    {"hash", OPT_HASH, '-', "Print hash value"},

    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},

    {"", OPT_MD, '-', "Any supported digest"},

#ifndef OPENSSL_NO_MD5

    {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},

#endif

    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},

    {"", OPT_MD, '-', "Any supported digest"},

    {NULL}

};
@@ -117,11 +117,11 @@ int crl_main(int argc, char **argv) 
    char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;

    char *CAfile = NULL, *CApath = NULL, *prog;

    OPTION_CHOICE o;

    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =

        0, text = 0;

    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;

    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;

    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =

        0, i, do_ver = 0;

    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;

    int text = 0, do_ver = 0;

    int i;

#ifndef OPENSSL_NO_MD5

    int hash_old = 0;

#endif
@@ -170,11 +170,11 @@ int crl_main(int argc, char **argv) 
            CAfile = opt_arg();

            do_ver = 1;

            break;

#ifndef OPENSSL_NO_MD5

        case OPT_HASH_OLD:

#ifndef OPENSSL_NO_MD5

            hash_old = ++num;

            break;

#endif

            break;

        case OPT_VERIFY:

            do_ver = 1;

            break;

apps/dgst.c

+1 −1
Original line number Diff line number Diff line
@@ -111,11 +111,11 @@ OPTIONS dgst_options[] = { 
    {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},

    {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},

    {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},

    {"", OPT_DIGEST, '-', "Any supported digest"},

#ifndef OPENSSL_NO_ENGINE

    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},

    {"engine_impl", OPT_ENGINE_IMPL, '-'},

#endif

    {"", OPT_DIGEST, '-', "Any supported digest"},

    {NULL}

};

apps/dhparam.c

+3 −3
Original line number Diff line number Diff line
@@ -153,12 +153,12 @@ OPTIONS dhparam_options[] = { 
    {"C", OPT_C, '-', "Print C code"},

    {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},

    {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},

# ifndef OPENSSL_NO_ENGINE

    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},

# endif

# ifndef OPENSSL_NO_DSA

    {"dsaparam", OPT_DSAPARAM, '-',

     "Read or generate DSA parameters, convert to DH"},

# endif

# ifndef OPENSSL_NO_ENGINE

    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},

# endif

    {NULL}

};