Reduce header interdependencies, initially in engine.h (the rest of the

changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.

Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.
3a87a9b9 · Geoff Thorpe · ae44fc1e · 3a87a9b9 · 3a87a9b9 · 3a87a9b9
25 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@

 Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]

+  *) Reduced header interdepencies by declaring more opaque objects in
+     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+     give fewer recursive includes, which could break lazy source code - so
+     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+     developers should define this symbol when building and using openssl to
+     ensure they track the recommended behaviour, interfaces, [etc], but
+     backwards-compatible behaviour prevails when this isn't defined.
+     [Geoff Thorpe]
+
  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
     [Steve Henson]


--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -78,9 +78,12 @@
 extern "C" {
 #endif

-typedef struct dh_st DH;
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */

-typedef struct dh_method {
+struct dh_method
+	{
 	const char *name;
 	/* Methods here */
 	int (*generate_key)(DH *dh);
@@ -95,7 +98,7 @@ typedef struct dh_method {
 	char *app_data;
 	/* If this is non-NULL, it will be used to generate parameters */
 	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
-} DH_METHOD;
+	};

 struct dh_st
 	{

--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -87,7 +87,9 @@
 extern "C" {
 #endif

-typedef struct dsa_st DSA;
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */

 typedef struct DSA_SIG_st
 	{
@@ -95,7 +97,8 @@ typedef struct DSA_SIG_st
 	BIGNUM *s;
 	} DSA_SIG;

-typedef struct dsa_method {
+struct dsa_method
+	{
 	const char *name;
 	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
 	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
@@ -119,7 +122,7 @@ typedef struct dsa_method {
 			BN_GENCB *cb);
 	/* If this is non-NULL, it is used to generate DSA keys */
 	int (*dsa_keygen)(DSA *dsa);
-} DSA_METHOD;
+	};

 struct dsa_st
 	{

--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -83,8 +83,11 @@
 extern "C" {
 #endif

-typedef struct ecdh_method 
-{
+/* Already defined in ossl_typ.h */
+/* typedef struct ecdh_method ECDH_METHOD; */
+
+struct ecdh_method 
+	{
 	const char *name;
 	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
 	                   void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen));
@@ -94,7 +97,7 @@ typedef struct ecdh_method
 #endif
 	int flags;
 	char *app_data;
-} ECDH_METHOD;
+	};

 typedef struct ecdh_data_st {
 	/* EC_KEY_METH_DATA part */

--- a/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
@@ -73,14 +73,17 @@
 extern "C" {
 #endif

+/* Already defined in ossl_typ.h */
+/* typedef struct ecdsa_method ECDSA_METHOD; */
+
 typedef struct ECDSA_SIG_st
-{
+	{
 	BIGNUM *r;
 	BIGNUM *s;
-} ECDSA_SIG;
+	} ECDSA_SIG;

-typedef struct ecdsa_method 
-{
+struct ecdsa_method 
+	{
 	const char *name;
 	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 
 			EC_KEY *eckey);
@@ -94,7 +97,7 @@ typedef struct ecdsa_method
 #endif
 	int flags;
 	char *app_data;
-} ECDSA_METHOD;
+	};

 typedef struct ecdsa_data_st {
 	/* EC_KEY_METH_DATA part */

--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -95,6 +95,7 @@ int main(int argc, char * argv[])
 #include <openssl/ecdsa.h>
 #include <openssl/engine.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>

 static const char rnd_seed[] = "string to make the random number generator "
 	"think it has entropy";

--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -69,6 +69,7 @@
 #include <openssl/dso.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
+#include <openssl/rand.h>

 /* This testing gunk is implemented (and explained) lower down. It also assumes
 * the application explicitly calls "ENGINE_load_openssl()" because this is no

--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@@ -52,8 +52,9 @@
 *
 */

+#include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/engine.h>
+#include <openssl/lhash.h>
 #include "eng_int.h"

 /* This is the type of item in the 'implementation' table. Each 'nid' hashes to

--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,7 +70,7 @@
 #error ENGINE is disabled.
 #endif

-#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
@@ -90,8 +90,11 @@
 #include <openssl/rand.h>
 #include <openssl/store.h>
 #include <openssl/ui.h>
-#include <openssl/symhacks.h>
 #include <openssl/err.h>
+#endif
+
+#include <openssl/ossl_typ.h>
+#include <openssl/symhacks.h>

 #ifdef  __cplusplus
 extern "C" {

--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -66,6 +66,7 @@
 #include <stdlib.h>
 #endif

+#include <openssl/ossl_typ.h>
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
@@ -301,8 +302,8 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);

-/* This opaque type encapsulates the low-level error-state functions */
-typedef struct st_ERR_FNS ERR_FNS;
+/* Already defined in ossl_typ.h */
+/* typedef struct st_ERR_FNS ERR_FNS; */
 /* An application can use this function and provide the return value to loaded
 * modules that should use the application's ERR state/functionality */
 const ERR_FNS *ERR_get_implementation(void);

--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -91,6 +91,7 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>


--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif

--- a/crypto/ossl_typ.h
+++ b/crypto/ossl_typ.h
@@ -107,6 +107,20 @@ typedef struct env_md_st EVP_MD;
 typedef struct env_md_ctx_st EVP_MD_CTX;
 typedef struct evp_pkey_st EVP_PKEY;

+typedef struct dh_st DH;
+typedef struct dh_method DH_METHOD;
+
+typedef struct dsa_st DSA;
+typedef struct dsa_method DSA_METHOD;
+
+typedef struct rsa_st RSA;
+typedef struct rsa_meth_st RSA_METHOD;
+
+typedef struct rand_meth_st RAND_METHOD;
+
+typedef struct ecdh_method ECDH_METHOD;
+typedef struct ecdsa_method ECDSA_METHOD;
+
 typedef struct x509_st X509;
 typedef struct X509_algor_st X509_ALGOR;
 typedef struct X509_crl_st X509_CRL;
@@ -117,6 +131,14 @@ typedef struct x509_store_ctx_st X509_STORE_CTX;
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct conf_st CONF;

+typedef struct store_st STORE;
+typedef struct store_method_st STORE_METHOD;
+
+typedef struct ui_st UI;
+typedef struct ui_method_st UI_METHOD;
+
+typedef struct st_ERR_FNS ERR_FNS;
+
 typedef struct engine_st ENGINE;

 typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;

--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -71,7 +71,10 @@
 extern "C" {
 #endif

-typedef struct rand_meth_st
+/* Already defined in ossl_typ.h */
+/* typedef struct rand_meth_st RAND_METHOD; */
+
+struct rand_meth_st
 	{
 	void (*seed)(const void *buf, int num);
 	int (*bytes)(unsigned char *buf, int num);
@@ -79,7 +82,7 @@ typedef struct rand_meth_st
 	void (*add)(const void *buf, int num, double entropy);
 	int (*pseudorand)(unsigned char *buf, int num);
 	int (*status)(void);
-	} RAND_METHOD;
+	};

 #ifdef BN_DEBUG
 extern int rand_predictable;

--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -76,9 +76,11 @@
 extern "C" {
 #endif

-typedef struct rsa_st RSA;
+/* Declared already in ossl_typ.h */
+/* typedef struct rsa_st RSA; */
+/* typedef struct rsa_meth_st RSA_METHOD; */

-typedef struct rsa_meth_st
+struct rsa_meth_st
 	{
 	const char *name;
 	int (*rsa_pub_enc)(int flen,const unsigned char *from,
@@ -119,7 +121,7 @@ typedef struct rsa_meth_st
 * it would be nice to assume there are no such things as "builtin software"
 * implementations. */
 	int (*rsa_keygen)(RSA *rsa, int bits, unsigned long e, BN_GENCB *cb);
-	} RSA_METHOD;
+	};

 struct rsa_st
 	{

--- a/crypto/store/store.h
+++ b/crypto/store/store.h
@@ -59,6 +59,7 @@
 #ifndef HEADER_STORE_H
 #define HEADER_STORE_H

+#include <openssl/ossl_typ.h>
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
@@ -67,15 +68,9 @@
 extern "C" {
 #endif

-/* The STORE type is a per-store context that holds all the necessary data
-   to perform all the supported storage operations. */
-typedef struct store_st STORE;
-
-/* All instances of STORE have a reference to a method structure, which is a
-   ordered vector of functions that implement the lower level things to do.
-   There is an instruction on the implementation further down, in the section
-   for method implementors. */
-typedef struct store_method_st STORE_METHOD;
+/* Already defined in ossl_typ.h */
+/* typedef struct store_st STORE; */
+/* typedef struct store_method_st STORE_METHOD; */


 /* All the following functions return 0, a negative number or NULL on error.

--- a/crypto/ui/ui.h
+++ b/crypto/ui/ui.h
@@ -61,23 +61,15 @@

 #include <openssl/crypto.h>
 #include <openssl/safestack.h>
+#include <openssl/ossl_typ.h>

 #ifdef  __cplusplus
 extern "C" {
 #endif

-/* The UI type is a holder for a specific user interface session.  It can
-   contain an illimited number of informational or error strings as well
-   as things to prompt for, both passwords (noecho mode) and others (echo
-   mode), and verification of the same.  All of these are called strings,
-   and are further described below. */
-typedef struct ui_st UI;
-
-/* All instances of UI have a reference to a method structure, which is a
-   ordered vector of functions that implement the lower level things to do.
-   There is an instruction on the implementation further down, in the section
-   for method implementors. */
-typedef struct ui_method_st UI_METHOD;
+/* Declared already in ossl_typ.h */
+/* typedef struct ui_st UI; */
+/* typedef struct ui_method_st UI_METHOD; */


 /* All the following functions return -1 or NULL on error and in some cases

--- a/engines/e_4758_cca.c
+++ b/engines/e_4758_cca.c
@@ -56,11 +56,11 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/crypto.h>
-/* #include <openssl/pem.h> */
 #include <openssl/dso.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/engine.h>
+#include <openssl/rand.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_4758_CCA

--- a/engines/e_aep.c
+++ b/engines/e_aep.c
-/* crypto/engine/hw_aep.c */
-/*
- */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
@@ -72,6 +69,8 @@ typedef int pid_t;
 #include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/buffer.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_AEP

--- a/engines/e_atalla.c
+++ b/engines/e_atalla.c
@@ -62,6 +62,9 @@
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_ATALLA

--- a/engines/e_cswift.c
+++ b/engines/e_cswift.c
@@ -62,6 +62,10 @@
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_CSWIFT

--- a/engines/e_ncipher.c
+++ b/engines/e_ncipher.c
@@ -64,6 +64,7 @@
 #include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/ui.h>
+#include <openssl/rand.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_NCIPHER

--- a/engines/e_nuron.c
+++ b/engines/e_nuron.c
@@ -62,7 +62,9 @@
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
-
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_NURON

--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -56,6 +56,7 @@
 #include <openssl/pem.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#include <openssl/rand.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_SUREWARE

--- a/engines/e_ubsec.c
+++ b/engines/e_ubsec.c
@@ -64,6 +64,9 @@
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>

 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_UBSEC