Standardize handling of #ifdef'd options.

Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell <[email protected]>
zhangjkjk009 · Jun 2, 2015 · 9c3bcfa · 9c3bcfa
1 parent 366e2a6
commit 9c3bcfa
Show file tree

Hide file tree

Showing 22 changed files with 222 additions and 219 deletions.
diff --git a/apps/ciphers.c b/apps/ciphers.c
@@ -64,12 +64,8 @@
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-#ifndef OPENSSL_NO_SSL_TRACE
     OPT_STDNAME,
-#endif
-#ifndef OPENSSL_NO_SSL3
     OPT_SSL3,
-#endif
     OPT_TLS1,
     OPT_V, OPT_UPPER_V, OPT_S
 } OPTION_CHOICE;
@@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = {
     {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
     {"V", OPT_UPPER_V, '-', "Even more verbose"},
     {"s", OPT_S, '-', "Only supported ciphers"},
+    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
 #ifndef OPENSSL_NO_SSL_TRACE
     {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
 #endif
 #ifndef OPENSSL_NO_SSL3
     {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
 #endif
-    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
     {NULL}
 };
 
@@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv)
         case OPT_S:
             use_supported = 1;
             break;
-#ifndef OPENSSL_NO_SSL_TRACE
         case OPT_STDNAME:
+#ifndef OPENSSL_NO_SSL_TRACE
             stdname = verbose = 1;
-            break;
 #endif
-#ifndef OPENSSL_NO_SSL3
+            break;
         case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
             meth = SSLv3_client_method();
-            break;
 #endif
+            break;
         case OPT_TLS1:
             meth = TLSv1_client_method();
             break;

diff --git a/apps/cms.c b/apps/cms.c
@@ -208,6 +208,8 @@ OPTIONS cms_options[] = {
     {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
     {"receipt_request_from", OPT_RR_FROM, 's'},
     {"receipt_request_to", OPT_RR_TO, 's'},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_V_OPTIONS,
 # ifndef OPENSSL_NO_AES
     {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
     {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
@@ -219,9 +221,7 @@ OPTIONS cms_options[] = {
 # ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
 # endif
-    {"", OPT_CIPHER, '-', "Any supported cipher"},
-    OPT_V_OPTIONS,
-    {NULL},
+    {NULL}
 };
 
 int cms_main(int argc, char **argv)
@@ -588,11 +588,11 @@ int cms_main(int argc, char **argv)
                 goto end;
             vpmtouched++;
             break;
-# ifndef OPENSSL_NO_DES
         case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
             wrap_cipher = EVP_des_ede3_wrap();
-            break;
 # endif
+            break;
 # ifndef OPENSSL_NO_AES
         case OPT_AES128_WRAP:
             wrap_cipher = EVP_aes_128_wrap();
@@ -603,6 +603,11 @@ int cms_main(int argc, char **argv)
         case OPT_AES256_WRAP:
             wrap_cipher = EVP_aes_256_wrap();
             break;
+# else
+        case OPT_AES128_WRAP:
+        case OPT_AES192_WRAP:
+        case OPT_AES256_WRAP:
+            break;
 # endif
         }
     }

diff --git a/apps/crl.c b/apps/crl.c
@@ -95,11 +95,11 @@ OPTIONS crl_options[] = {
     {"verify", OPT_VERIFY, '-'},
     {"text", OPT_TEXT, '-', "Print out a text format version"},
     {"hash", OPT_HASH, '-', "Print hash value"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"", OPT_MD, '-', "Any supported digest"},
 #ifndef OPENSSL_NO_MD5
     {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
 #endif
-    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
-    {"", OPT_MD, '-', "Any supported digest"},
     {NULL}
 };
 
@@ -117,11 +117,11 @@ int crl_main(int argc, char **argv)
     char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
     char *CAfile = NULL, *CApath = NULL, *prog;
     OPTION_CHOICE o;
-    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
-        0, text = 0;
+    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
-    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =
-        0, i, do_ver = 0;
+    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
+    int text = 0, do_ver = 0;
+    int i;
 #ifndef OPENSSL_NO_MD5
     int hash_old = 0;
 #endif
@@ -170,11 +170,11 @@ int crl_main(int argc, char **argv)
             CAfile = opt_arg();
             do_ver = 1;
             break;
-#ifndef OPENSSL_NO_MD5
         case OPT_HASH_OLD:
+#ifndef OPENSSL_NO_MD5
             hash_old = ++num;
-            break;
 #endif
+            break;
         case OPT_VERIFY:
             do_ver = 1;
             break;

diff --git a/apps/dgst.c b/apps/dgst.c
@@ -111,11 +111,11 @@ OPTIONS dgst_options[] = {
     {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
     {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
     {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+    {"", OPT_DIGEST, '-', "Any supported digest"},
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
     {"engine_impl", OPT_ENGINE_IMPL, '-'},
 #endif
-    {"", OPT_DIGEST, '-', "Any supported digest"},
     {NULL}
 };
 

diff --git a/apps/dhparam.c b/apps/dhparam.c
@@ -153,12 +153,12 @@ OPTIONS dhparam_options[] = {
     {"C", OPT_C, '-', "Print C code"},
     {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
     {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
 # ifndef OPENSSL_NO_DSA
     {"dsaparam", OPT_DSAPARAM, '-',
      "Read or generate DSA parameters, convert to DH"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
 # endif
     {NULL}
 };

diff --git a/apps/dsa.c b/apps/dsa.c
@@ -82,14 +82,8 @@ OPTIONS dsa_options[] = {
     {"help", OPT_HELP, '-', "Display this summary"},
     {"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
     {"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
     {"in", OPT_IN, '<', "Input file"},
     {"out", OPT_OUT, '>', "Output file"},
-    {"pvk-strong", OPT_PVK_STRONG, '-'},
-    {"pvk-weak", OPT_PVK_WEAK, '-'},
-    {"pvk-none", OPT_PVK_NONE, '-'},
     {"noout", OPT_NOOUT, '-', "Don't print key out"},
     {"text", OPT_TEXT, '-', "Print the key in text"},
     {"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
@@ -98,6 +92,14 @@ OPTIONS dsa_options[] = {
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
     {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_RC4
+    {"pvk-strong", OPT_PVK_STRONG, '-'},
+    {"pvk-weak", OPT_PVK_WEAK, '-'},
+    {"pvk-none", OPT_PVK_NONE, '-'},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
     {NULL}
 };
 
@@ -118,11 +120,6 @@ int dsa_main(int argc, char **argv)
         switch (o) {
         case OPT_EOF:
         case OPT_ERR:
-#ifdef OPENSSL_NO_RC4
-        case OPT_PVK_STRONG:
-        case OPT_PVK_WEAK:
-        case OPT_PVK_NONE:
-#endif
  opthelp:
             ret = 0;
             BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
@@ -166,6 +163,11 @@ int dsa_main(int argc, char **argv)
         case OPT_PVK_NONE:
             pvk_encr = 0;
             break;
+#else
+        case OPT_PVK_STRONG:
+        case OPT_PVK_WEAK:
+        case OPT_PVK_NONE:
+            break;
 #endif
         case OPT_NOOUT:
             noout = 1;

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
@@ -103,11 +103,11 @@ OPTIONS dsaparam_options[] = {
     {"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
     {"rand", OPT_RAND, 's', "Files to use for random number input"},
     {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
 # ifdef GENCB_TEST
     {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
 # endif
     {NULL}
 };

diff --git a/apps/ec.c b/apps/ec.c
@@ -92,9 +92,6 @@ OPTIONS ec_options[] = {
     {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
     {"out", OPT_OUT, '>', "Output file"},
     {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
     {"noout", OPT_NOOUT, '-', "Don't print key out"},
     {"text", OPT_TEXT, '-', "Print the key"},
     {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
@@ -106,6 +103,9 @@ OPTIONS ec_options[] = {
      "Specifies the way the ec parameters are encoded"},
     {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
     {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
     {NULL}
 };
 

diff --git a/apps/enc.c b/apps/enc.c
@@ -92,9 +92,6 @@ OPTIONS enc_options[] = {
     {"in", OPT_IN, '<', "Input file"},
     {"out", OPT_OUT, '>', "Output file"},
     {"pass", OPT_PASS, 's', "Passphrase source"},
-#ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-#endif
     {"e", OPT_E, '-', "Encrypt"},
     {"d", OPT_D, '-', "Decrypt"},
     {"p", OPT_P, '-', "Print the iv/key"},
@@ -107,9 +104,6 @@ OPTIONS enc_options[] = {
     {"A", OPT_UPPER_A, '-'},
     {"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"},
     {"base64", OPT_A, '-', "Base64 output as a single line"},
-#ifdef ZLIB
-    {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
-#endif
     {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
     {"k", OPT_K, 's', "Passphrase"},
     {"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
@@ -120,6 +114,12 @@ OPTIONS enc_options[] = {
     {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
     {"none", OPT_NONE, '-', "Don't encrypt"},
     {"", OPT_CIPHER, '-', "Any supported cipher"},
+#ifdef ZLIB
+    {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
     {NULL}
 };
 

diff --git a/apps/gendsa.c b/apps/gendsa.c
@@ -84,10 +84,10 @@ OPTIONS gendsa_options[] = {
     {"passout", OPT_PASSOUT, 's'},
     {"rand", OPT_RAND, 's',
      "Load the file(s) into the random number generator"},
+    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
 # ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 # endif
-    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
     {NULL}
 };
 

diff --git a/apps/genpkey.c b/apps/genpkey.c
@@ -89,6 +89,7 @@ OPTIONS genpkey_options[] = {
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
+    /* This is deliberately last. */
     {OPT_HELP_STR, 1, 1,
      "Order of options may be important!  See the documentation.\n"},
     {NULL}

diff --git a/apps/passwd.c b/apps/passwd.c
@@ -101,15 +101,15 @@ OPTIONS passwd_options[] = {
     {"quiet", OPT_QUIET, '-', "No warnings"},
     {"table", OPT_TABLE, '-', "Format output as table"},
     {"reverse", OPT_REVERSE, '-', "Switch table columns"},
+    {"salt", OPT_SALT, 's', "Use provided salt"},
+    {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
 # ifndef NO_MD5CRYPT_1
     {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
     {"1", OPT_1, '-', "MD5-based password algorithm"},
 # endif
 # ifndef OPENSSL_NO_DES
     {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
 # endif
-    {"salt", OPT_SALT, 's', "Use provided salt"},
-    {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
     {NULL}
 };
 

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
@@ -149,10 +149,10 @@ OPTIONS pkcs12_options[] = {
     {"password", OPT_PASSWORD, 's', "Set import/export password source"},
     {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
     {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
 # ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 # endif
-    {"", OPT_CIPHER, '-', "Any supported cipher"},
     {NULL}
 };
 

diff --git a/apps/req.c b/apps/req.c
@@ -176,11 +176,11 @@ OPTIONS req_options[] = {
      "Cert extension section (override value in config file)"},
     {"reqexts", OPT_REQEXTS, 's',
      "Request extension section (override value in config file)"},
+    {"", OPT_MD, '-', "Any supported digest"},
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
     {"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
 #endif
-    {"", OPT_MD, '-', "Any supported digest"},
     {NULL}
 };
 

diff --git a/apps/rsa.c b/apps/rsa.c
@@ -138,14 +138,16 @@ OPTIONS rsa_options[] = {
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
     {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
-    {"pvk-strong", OPT_PVK_STRONG, '-'},
-    {"pvk-weak", OPT_PVK_WEAK, '-'},
-    {"pvk-none", OPT_PVK_NONE, '-'},
     {"noout", OPT_NOOUT, '-', "Don't print key out"},
     {"text", OPT_TEXT, '-', "Print the key in text"},
     {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
     {"check", OPT_CHECK, '-', "Verify key consistency"},
     {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifdef OPENSSL_NO_RC4
+    {"pvk-strong", OPT_PVK_STRONG, '-'},
+    {"pvk-weak", OPT_PVK_WEAK, '-'},
+    {"pvk-none", OPT_PVK_NONE, '-'},
+# endif
 # ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 # endif
@@ -170,11 +172,6 @@ int rsa_main(int argc, char **argv)
         switch (o) {
         case OPT_EOF:
         case OPT_ERR:
-#ifdef OPENSSL_NO_RC4
-        case OPT_PVK_STRONG:
-        case OPT_PVK_WEAK:
-        case OPT_PVK_NONE:
-#endif
  opthelp:
             BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
             goto end;
@@ -227,6 +224,11 @@ int rsa_main(int argc, char **argv)
         case OPT_PVK_NONE:
             pvk_encr = 0;
             break;
+#else
+        case OPT_PVK_STRONG:
+        case OPT_PVK_WEAK:
+        case OPT_PVK_NONE:
+            break;
 #endif
         case OPT_NOOUT:
             noout = 1;