From f1f5ee17b64397eecfde39960ca11e94064297bd Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 26 Jun 2016 13:40:15 +0200 Subject: include/openssl: don't include in public headers. If application uses any of Windows-specific interfaces, make it application developer's respondibility to include . Rationale is that is quite "toxic" and is sensitive to inclusion order (most notably in relation to ). It's only natural to give complete control to the application developer. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- crypto/async/arch/async_null.c | 4 ---- crypto/async/async_locl.h | 4 ++++ crypto/threads_win.c | 4 ++++ doc/crypto/ASYNC_WAIT_CTX_new.pod | 9 +++++++++ doc/crypto/ASYNC_start_job.pod | 12 ++++++++++++ doc/crypto/CRYPTO_THREAD_run_once.pod | 13 +++++++++++++ doc/ssl/SSL_get_all_async_fds.pod | 10 ++++++++++ engines/e_capi.c | 33 ++++++++++++++++----------------- engines/e_dasync.c | 5 ++++- include/openssl/async.h | 6 +++++- include/openssl/crypto.h | 34 +++++++++++++++++++--------------- include/openssl/ossl_typ.h | 3 ++- include/openssl/pkcs7.h | 6 ------ include/openssl/rand.h | 7 ++----- include/openssl/ssl.h | 5 +++++ include/openssl/ts.h | 5 ----- include/openssl/x509.h | 8 +------- include/openssl/x509v3.h | 6 ------ test/asynctest.c | 4 ++++ test/threadstest.c | 4 ++++ util/mkdef.pl | 3 ++- 21 files changed, 116 insertions(+), 69 deletions(-) diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c index a9ae35de45..3eaf170f2e 100644 --- a/crypto/async/arch/async_null.c +++ b/crypto/async/arch/async_null.c @@ -11,9 +11,6 @@ #include "../async_locl.h" #ifdef ASYNC_NULL -# include -# include - int ASYNC_is_capable(void) { return 0; @@ -22,6 +19,5 @@ int ASYNC_is_capable(void) void async_local_cleanup(void) { } - #endif diff --git a/crypto/async/async_locl.h b/crypto/async/async_locl.h index 786cf0099c..f0ac05a3db 100644 --- a/crypto/async/async_locl.h +++ b/crypto/async/async_locl.h @@ -16,6 +16,10 @@ # pragma GCC diagnostic ignored "-Wdeprecated-declarations" #endif +#if defined(_WIN32) +# include +#endif + #include #include diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 545b9beb87..4e0de908ee 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#if defined(_WIN32) +# include +#endif + #include #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) diff --git a/doc/crypto/ASYNC_WAIT_CTX_new.pod b/doc/crypto/ASYNC_WAIT_CTX_new.pod index 364cbb4e30..de1bd5777d 100644 --- a/doc/crypto/ASYNC_WAIT_CTX_new.pod +++ b/doc/crypto/ASYNC_WAIT_CTX_new.pod @@ -112,6 +112,15 @@ ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on success or 0 on error. +=head1 NOTES + +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. + =head1 SEE ALSO L, L diff --git a/doc/crypto/ASYNC_start_job.pod b/doc/crypto/ASYNC_start_job.pod index 20bc1ad2aa..eb12da8cb9 100644 --- a/doc/crypto/ASYNC_start_job.pod +++ b/doc/crypto/ASYNC_start_job.pod @@ -161,10 +161,22 @@ ASYNC_get_wait_ctx() returns a pointer to the ASYNC_WAIT_CTX for the job. ASYNC_is_capable() returns 1 if the current platform is async capable or 0 otherwise. +=head1 NOTES + +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. + =head1 EXAMPLE The following example demonstrates how to use most of the core async APIs: + #ifdef _WIN32 + # include + #endif #include #include #include diff --git a/doc/crypto/CRYPTO_THREAD_run_once.pod b/doc/crypto/CRYPTO_THREAD_run_once.pod index 37671b90eb..7795a04477 100644 --- a/doc/crypto/CRYPTO_THREAD_run_once.pod +++ b/doc/crypto/CRYPTO_THREAD_run_once.pod @@ -79,10 +79,23 @@ CRYPTO_THREAD_lock_frees() returns no value. The other functions return 1 on success or 0 on error. +=head1 NOTES + +On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required. + =head1 EXAMPLE This example safely initializes and uses a lock. + #ifdef _WIN32 + # include + #endif #include static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; diff --git a/doc/ssl/SSL_get_all_async_fds.pod b/doc/ssl/SSL_get_all_async_fds.pod index deb81e1fdf..636f765508 100644 --- a/doc/ssl/SSL_get_all_async_fds.pod +++ b/doc/ssl/SSL_get_all_async_fds.pod @@ -7,6 +7,7 @@ asynchronous operations =head1 SYNOPSIS + #include #include int SSL_waiting_for_async(SSL *s); @@ -53,6 +54,15 @@ for an async operation to complete and 0 otherwise. SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or 0 on error. +=head1 NOTES + +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. + =head1 SEE ALSO L, L diff --git a/engines/e_capi.c b/engines/e_capi.c index 4923eefa55..9e9e4f3246 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -7,13 +7,23 @@ * https://www.openssl.org/source/license.html */ -#include -#include -#include +#ifdef _WIN32 +# ifndef _WIN32_WINNT +# define _WIN32_WINNT 0x0400 +# endif +# include +# include + +# include +# include +# include +# include +# ifndef alloca +# define alloca _alloca +# endif -#include +# include -#ifdef OPENSSL_SYS_WIN32 # ifndef OPENSSL_NO_CAPIENG # include @@ -21,17 +31,6 @@ # include # include -# ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0400 -# endif - -# include -# include -# include -# ifndef alloca -# define alloca _alloca -# endif - /* * This module uses several "new" interfaces, among which is * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is @@ -50,7 +49,7 @@ # define __COMPILE_CAPIENG # endif /* CERT_KEY_PROV_INFO_PROP_ID */ # endif /* OPENSSL_NO_CAPIENG */ -#endif /* OPENSSL_SYS_WIN32 */ +#endif /* _WIN32 */ #ifdef __COMPILE_CAPIENG diff --git a/engines/e_dasync.c b/engines/e_dasync.c index ed3f00adb6..89b12775b1 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#if defined(_WIN32) +# include +#endif + #include #include @@ -28,7 +32,6 @@ #elif defined(_WIN32) # undef ASYNC_WIN # define ASYNC_WIN -# include #endif #define DASYNC_LIB_NAME "DASYNC" diff --git a/include/openssl/async.h b/include/openssl/async.h index 160766af36..ca51bb3412 100644 --- a/include/openssl/async.h +++ b/include/openssl/async.h @@ -13,9 +13,11 @@ # define HEADER_ASYNC_H #if defined(_WIN32) -#include +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ #define OSSL_ASYNC_FD HANDLE #define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif #else #define OSSL_ASYNC_FD int #define OSSL_BAD_ASYNC_FD -1 @@ -37,6 +39,7 @@ typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; int ASYNC_init_thread(size_t max_size, size_t init_size); void ASYNC_cleanup_thread(void); +#ifdef OSSL_ASYNC_FD ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, @@ -52,6 +55,7 @@ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, size_t *numaddfds, OSSL_ASYNC_FD *delfd, size_t *numdelfds); int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif int ASYNC_is_capable(void); diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index acdb48bd61..cbd05a8acc 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -387,33 +387,37 @@ void OPENSSL_thread_stop(void); /* Low-level control of initialization */ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); -#ifndef OPENSSL_NO_STDIO +# ifndef OPENSSL_NO_STDIO int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, const char *config_file); -#endif +# endif void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); -# if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) -typedef unsigned int CRYPTO_ONCE; -typedef unsigned int CRYPTO_THREAD_LOCAL; -typedef unsigned int CRYPTO_THREAD_ID; - -# define CRYPTO_ONCE_STATIC_INIT 0 -# elif defined(OPENSSL_SYS_WINDOWS) -# include +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ typedef DWORD CRYPTO_THREAD_LOCAL; typedef DWORD CRYPTO_THREAD_ID; typedef LONG CRYPTO_ONCE; -# define CRYPTO_ONCE_STATIC_INIT 0 - -# else -# include +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include typedef pthread_once_t CRYPTO_ONCE; typedef pthread_key_t CRYPTO_THREAD_LOCAL; typedef pthread_t CRYPTO_THREAD_ID; -# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 # endif int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index adc50ed284..129a67f057 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -63,10 +63,11 @@ typedef struct ASN1_ITEM_st ASN1_ITEM; typedef struct asn1_pctx_st ASN1_PCTX; typedef struct asn1_sctx_st ASN1_SCTX; -# ifdef OPENSSL_SYS_WIN32 +# ifdef _WIN32 # undef X509_NAME # undef X509_EXTENSIONS # undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO # undef OCSP_REQUEST # undef OCSP_RESPONSE # endif diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index 6148cec993..328a4f66b4 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -21,12 +21,6 @@ extern "C" { #endif -# ifdef OPENSSL_SYS_WIN32 -/* Under Win32 these are defined in wincrypt.h */ -# undef PKCS7_ISSUER_AND_SERIAL -# undef PKCS7_SIGNER_INFO -# endif - /*- Encryption_ID DES-CBC Digest_ID MD5 diff --git a/include/openssl/rand.h b/include/openssl/rand.h index d0f8eabe0a..8dab1a00fb 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -14,10 +14,6 @@ # include # include -# if defined(OPENSSL_SYS_WINDOWS) -# include -# endif - #ifdef __cplusplus extern "C" { #endif @@ -65,7 +61,8 @@ int RAND_egd_bytes(const char *path, int bytes); # endif int RAND_poll(void); -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ DEPRECATEDIN_1_1_0(void RAND_screen(void)) DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) #endif diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d2736e2ceb..2669f73544 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1532,11 +1532,16 @@ __owur char *SSL_get_srp_userinfo(SSL *s); void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows applcation developer has to include windows.h to use these. + */ __owur int SSL_waiting_for_async(SSL *s); __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, OSSL_ASYNC_FD *delfd, size_t *numdelfds); +# endif __owur int SSL_accept(SSL *ssl); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); diff --git a/include/openssl/ts.h b/include/openssl/ts.h index 3fbaf55ae2..3e31b2fd3b 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -27,11 +27,6 @@ extern "C" { # endif -# ifdef WIN32 -/* Under Win32 this is defined in wincrypt.h */ -# undef X509_NAME -# endif - # include # include diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 4b7a1f640a..2f7444dc46 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -17,7 +17,7 @@ # define HEADER_X509_H # include -# include +# include # include # include # include @@ -40,12 +40,6 @@ extern "C" { #endif -# ifdef OPENSSL_SYS_WIN32 -/* Under Win32 these are defined in wincrypt.h */ -# undef X509_NAME -# undef X509_EXTENSIONS -# endif - # define X509_FILETYPE_PEM 1 # define X509_FILETYPE_ASN1 2 # define X509_FILETYPE_DEFAULT 3 diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 7b0403b9dc..14e25d7680 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -18,12 +18,6 @@ extern "C" { #endif -# ifdef OPENSSL_SYS_WIN32 -/* Under Win32 these are defined in wincrypt.h */ -# undef X509_NAME -# undef X509_EXTENSIONS -# endif - /* Forward reference */ struct v3_ext_method; struct v3_ext_ctx; diff --git a/test/asynctest.c b/test/asynctest.c index 6728058c36..026536b065 100644 --- a/test/asynctest.c +++ b/test/asynctest.c @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#ifdef _WIN32 +# include +#endif + #include #include #include diff --git a/test/threadstest.c b/test/threadstest.c index db864b2900..b2e96fa3a1 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#if defined(_WIN32) +# include +#endif + #include #include diff --git a/util/mkdef.pl b/util/mkdef.pl index c2fbfe7062..fa37ccb3e0 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -73,7 +73,7 @@ my $linux=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", - "EXPORT_VAR_AS_FUNCTION", "ZLIB" + "EXPORT_VAR_AS_FUNCTION", "ZLIB", "_WIN32" ); my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", @@ -1121,6 +1121,7 @@ sub is_valid if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; } if ($keyword eq "VMS" && $VMS) { return 1; } if ($keyword eq "WIN32" && $W32) { return 1; } + if ($keyword eq "_WIN32" && $W32) { return 1; } if ($keyword eq "WINNT" && $NT) { return 1; } # Special platforms: # EXPORT_VAR_AS_FUNCTION means that global variables -- cgit v1.2.3