Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
entries appear at the end; by convention "engine" is last. This
ensures that at run-time, the flag will never be recognized/allowed.
The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
disable it; leave the "case OPT_xxx:" and "break" statements outside
the ifdef/ifndef. See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
for example.
Reviewed-by: Matt Caswell <matt@openssl.org>
diff --git a/apps/cms.c b/apps/cms.c
index 7ccca5b..e40686b 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -208,6 +208,8 @@
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+ OPT_V_OPTIONS,
# ifndef OPENSSL_NO_AES
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
@@ -219,9 +221,7 @@
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- OPT_V_OPTIONS,
- {NULL},
+ {NULL}
};
int cms_main(int argc, char **argv)
@@ -588,11 +588,11 @@
goto end;
vpmtouched++;
break;
-# ifndef OPENSSL_NO_DES
case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
- break;
# endif
+ break;
# ifndef OPENSSL_NO_AES
case OPT_AES128_WRAP:
wrap_cipher = EVP_aes_128_wrap();
@@ -603,6 +603,11 @@
case OPT_AES256_WRAP:
wrap_cipher = EVP_aes_256_wrap();
break;
+# else
+ case OPT_AES128_WRAP:
+ case OPT_AES192_WRAP:
+ case OPT_AES256_WRAP:
+ break;
# endif
}
}
