[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Fri Jul 8 09:48:28 UTC 2016


The branch master has been updated
       via  f1f5ee17b64397eecfde39960ca11e94064297bd (commit)
      from  ab6a591caa561017f881ed36028177f9582a74c6 (commit)


- Log -----------------------------------------------------------------
commit f1f5ee17b64397eecfde39960ca11e94064297bd
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Jun 26 13:40:15 2016 +0200

    include/openssl: don't include <windows.h> in public headers.
    
    If application uses any of Windows-specific interfaces, make it
    application developer's respondibility to include <windows.h>.
    Rationale is that <windows.h> is quite "toxic" and is sensitive
    to inclusion order (most notably in relation to <winsock2.h>).
    It's only natural to give complete control to the application developer.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/async/arch/async_null.c        |  4 ----
 crypto/async/async_locl.h             |  4 ++++
 crypto/threads_win.c                  |  4 ++++
 doc/crypto/ASYNC_WAIT_CTX_new.pod     |  9 +++++++++
 doc/crypto/ASYNC_start_job.pod        | 12 ++++++++++++
 doc/crypto/CRYPTO_THREAD_run_once.pod | 13 +++++++++++++
 doc/ssl/SSL_get_all_async_fds.pod     | 10 ++++++++++
 engines/e_capi.c                      | 33 ++++++++++++++++-----------------
 engines/e_dasync.c                    |  5 ++++-
 include/openssl/async.h               |  6 +++++-
 include/openssl/crypto.h              | 34 +++++++++++++++++++---------------
 include/openssl/ossl_typ.h            |  3 ++-
 include/openssl/pkcs7.h               |  6 ------
 include/openssl/rand.h                |  7 ++-----
 include/openssl/ssl.h                 |  5 +++++
 include/openssl/ts.h                  |  5 -----
 include/openssl/x509.h                |  8 +-------
 include/openssl/x509v3.h              |  6 ------
 test/asynctest.c                      |  4 ++++
 test/threadstest.c                    |  4 ++++
 util/mkdef.pl                         |  3 ++-
 21 files changed, 116 insertions(+), 69 deletions(-)

diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c
index a9ae35d..3eaf170 100644
--- a/crypto/async/arch/async_null.c
+++ b/crypto/async/arch/async_null.c
@@ -11,9 +11,6 @@
 #include "../async_locl.h"
 
 #ifdef ASYNC_NULL
-# include <openssl/ct.h>
-# include <openssl/x509v3.h>
-
 int ASYNC_is_capable(void)
 {
     return 0;
@@ -22,6 +19,5 @@ int ASYNC_is_capable(void)
 void async_local_cleanup(void)
 {
 }
-
 #endif
 
diff --git a/crypto/async/async_locl.h b/crypto/async/async_locl.h
index 786cf00..f0ac05a 100644
--- a/crypto/async/async_locl.h
+++ b/crypto/async/async_locl.h
@@ -16,6 +16,10 @@
 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 #endif
 
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
 #include <internal/async.h>
 #include <openssl/crypto.h>
 
diff --git a/crypto/threads_win.c b/crypto/threads_win.c
index 545b9be..4e0de90 100644
--- a/crypto/threads_win.c
+++ b/crypto/threads_win.c
@@ -7,6 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
 #include <openssl/crypto.h>
 
 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS)
diff --git a/doc/crypto/ASYNC_WAIT_CTX_new.pod b/doc/crypto/ASYNC_WAIT_CTX_new.pod
index 364cbb4..de1bd57 100644
--- a/doc/crypto/ASYNC_WAIT_CTX_new.pod
+++ b/doc/crypto/ASYNC_WAIT_CTX_new.pod
@@ -112,6 +112,15 @@ ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
 ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on
 success or 0 on error.
 
+=head1 NOTES
+
+On Windows platforms the openssl/async.h header is dependent on some
+of the types customarily made available by including windows.h. The
+application developer is likely to require control over when the latter
+is included, commonly as one of the first included headers. Therefore
+it is defined as an application developer's responsibility to include
+windows.h prior to async.h.
+
 =head1 SEE ALSO
 
 L<crypto(3)>, L<ASYNC_start_job(3)>
diff --git a/doc/crypto/ASYNC_start_job.pod b/doc/crypto/ASYNC_start_job.pod
index 20bc1ad..eb12da8 100644
--- a/doc/crypto/ASYNC_start_job.pod
+++ b/doc/crypto/ASYNC_start_job.pod
@@ -161,10 +161,22 @@ ASYNC_get_wait_ctx() returns a pointer to the ASYNC_WAIT_CTX for the job.
 ASYNC_is_capable() returns 1 if the current platform is async capable or 0
 otherwise.
 
+=head1 NOTES
+
+On Windows platforms the openssl/async.h header is dependent on some
+of the types customarily made available by including windows.h. The
+application developer is likely to require control over when the latter
+is included, commonly as one of the first included headers. Therefore
+it is defined as an application developer's responsibility to include
+windows.h prior to async.h.
+
 =head1 EXAMPLE
 
 The following example demonstrates how to use most of the core async APIs:
 
+ #ifdef _WIN32
+ # include <windows.h>
+ #endif
  #include <stdio.h>
  #include <unistd.h>
  #include <openssl/async.h>
diff --git a/doc/crypto/CRYPTO_THREAD_run_once.pod b/doc/crypto/CRYPTO_THREAD_run_once.pod
index 37671b9..7795a04 100644
--- a/doc/crypto/CRYPTO_THREAD_run_once.pod
+++ b/doc/crypto/CRYPTO_THREAD_run_once.pod
@@ -79,10 +79,23 @@ CRYPTO_THREAD_lock_frees() returns no value.
 
 The other functions return 1 on success or 0 on error.
 
+=head1 NOTES
+
+On Windows platforms the CRYPTO_THREAD_* types and functions in the
+openssl/crypto.h header are dependent on some of the types customarily
+made available by including windows.h. The application developer is
+likely to require control over when the latter is included, commonly as
+one of the first included headers. Therefore it is defined as an
+application developer's responsibility to include windows.h prior to
+crypto.h where use of CRYPTO_THREAD_* types and functions is required.
+
 =head1 EXAMPLE
 
 This example safely initializes and uses a lock.
 
+  #ifdef _WIN32
+  # include <windows.h>
+  #endif
   #include <openssl/crypto.h>
 
   static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
diff --git a/doc/ssl/SSL_get_all_async_fds.pod b/doc/ssl/SSL_get_all_async_fds.pod
index deb81e1..636f765 100644
--- a/doc/ssl/SSL_get_all_async_fds.pod
+++ b/doc/ssl/SSL_get_all_async_fds.pod
@@ -7,6 +7,7 @@ asynchronous operations
 
 =head1 SYNOPSIS
 
+ #include <openssl/async.h>
  #include <openssl/ssl.h>
 
  int SSL_waiting_for_async(SSL *s);
@@ -53,6 +54,15 @@ for an async operation to complete and 0 otherwise.
 SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or
 0 on error.
 
+=head1 NOTES
+
+On Windows platforms the openssl/async.h header is dependent on some
+of the types customarily made available by including windows.h. The
+application developer is likely to require control over when the latter
+is included, commonly as one of the first included headers. Therefore
+it is defined as an application developer's responsibility to include
+windows.h prior to async.h.
+
 =head1 SEE ALSO
 
 L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 4923eef..9e9e4f3 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -7,13 +7,23 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
+#ifdef _WIN32
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0400
+# endif
+# include <windows.h>
+# include <wincrypt.h>
+
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
 
-#include <openssl/crypto.h>
+# include <openssl/crypto.h>
 
-#ifdef OPENSSL_SYS_WIN32
 # ifndef OPENSSL_NO_CAPIENG
 
 #  include <openssl/buffer.h>
@@ -21,17 +31,6 @@
 #  include <openssl/rsa.h>
 #  include <openssl/dsa.h>
 
-#  ifndef _WIN32_WINNT
-#   define _WIN32_WINNT 0x0400
-#  endif
-
-#  include <windows.h>
-#  include <wincrypt.h>
-#  include <malloc.h>
-#  ifndef alloca
-#   define alloca _alloca
-#  endif
-
 /*
  * This module uses several "new" interfaces, among which is
  * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
@@ -50,7 +49,7 @@
 #   define __COMPILE_CAPIENG
 #  endif                        /* CERT_KEY_PROV_INFO_PROP_ID */
 # endif                         /* OPENSSL_NO_CAPIENG */
-#endif                          /* OPENSSL_SYS_WIN32 */
+#endif                          /* _WIN32 */
 
 #ifdef __COMPILE_CAPIENG
 
diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index ed3f00a..89b1277 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -7,6 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
 #include <stdio.h>
 #include <string.h>
 
@@ -28,7 +32,6 @@
 #elif defined(_WIN32)
 # undef ASYNC_WIN
 # define ASYNC_WIN
-# include <windows.h>
 #endif
 
 #define DASYNC_LIB_NAME "DASYNC"
diff --git a/include/openssl/async.h b/include/openssl/async.h
index 160766a..ca51bb3 100644
--- a/include/openssl/async.h
+++ b/include/openssl/async.h
@@ -13,9 +13,11 @@
 # define HEADER_ASYNC_H
 
 #if defined(_WIN32)
-#include <windows.h>
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> to use this */
 #define OSSL_ASYNC_FD       HANDLE
 #define OSSL_BAD_ASYNC_FD   INVALID_HANDLE_VALUE
+# endif
 #else
 #define OSSL_ASYNC_FD       int
 #define OSSL_BAD_ASYNC_FD   -1
@@ -37,6 +39,7 @@ typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
 int ASYNC_init_thread(size_t max_size, size_t init_size);
 void ASYNC_cleanup_thread(void);
 
+#ifdef OSSL_ASYNC_FD
 ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
 void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
 int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
@@ -52,6 +55,7 @@ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
                                    size_t *numaddfds, OSSL_ASYNC_FD *delfd,
                                    size_t *numdelfds);
 int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+#endif
 
 int ASYNC_is_capable(void);
 
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index acdb48b..cbd05a8 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -387,33 +387,37 @@ void OPENSSL_thread_stop(void);
 
 /* Low-level control of initialization */
 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
-#ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
                                     const char *config_file);
-#endif
+# endif
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
 
-# if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-typedef unsigned int CRYPTO_ONCE;
-typedef unsigned int CRYPTO_THREAD_LOCAL;
-typedef unsigned int CRYPTO_THREAD_ID;
-
-#  define CRYPTO_ONCE_STATIC_INIT 0
-# elif defined(OPENSSL_SYS_WINDOWS)
-#  include <windows.h>
+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+#  if defined(_WIN32)
+#   if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> in order to use this */
 typedef DWORD CRYPTO_THREAD_LOCAL;
 typedef DWORD CRYPTO_THREAD_ID;
 
 typedef LONG CRYPTO_ONCE;
-#  define CRYPTO_ONCE_STATIC_INIT 0
-
-# else
-#  include <pthread.h>
+#    define CRYPTO_ONCE_STATIC_INIT 0
+#   endif
+#  else
+#   include <pthread.h>
 typedef pthread_once_t CRYPTO_ONCE;
 typedef pthread_key_t CRYPTO_THREAD_LOCAL;
 typedef pthread_t CRYPTO_THREAD_ID;
 
-#  define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#   define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#  endif
+# endif
+
+# if !defined(CRYPTO_ONCE_STATIC_INIT)
+typedef unsigned int CRYPTO_ONCE;
+typedef unsigned int CRYPTO_THREAD_LOCAL;
+typedef unsigned int CRYPTO_THREAD_ID;
+#  define CRYPTO_ONCE_STATIC_INIT 0
 # endif
 
 int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index adc50ed..129a67f 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -63,10 +63,11 @@ typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
 typedef struct asn1_sctx_st ASN1_SCTX;
 
-# ifdef OPENSSL_SYS_WIN32
+# ifdef _WIN32
 #  undef X509_NAME
 #  undef X509_EXTENSIONS
 #  undef PKCS7_ISSUER_AND_SERIAL
+#  undef PKCS7_SIGNER_INFO
 #  undef OCSP_REQUEST
 #  undef OCSP_RESPONSE
 # endif
diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h
index 6148cec..328a4f6 100644
--- a/include/openssl/pkcs7.h
+++ b/include/openssl/pkcs7.h
@@ -21,12 +21,6 @@
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef PKCS7_ISSUER_AND_SERIAL
-#  undef PKCS7_SIGNER_INFO
-# endif
-
 /*-
 Encryption_ID           DES-CBC
 Digest_ID               MD5
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index d0f8eab..8dab1a0 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -14,10 +14,6 @@
 # include <openssl/ossl_typ.h>
 # include <openssl/e_os2.h>
 
-# if defined(OPENSSL_SYS_WINDOWS)
-#  include <windows.h>
-# endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -65,7 +61,8 @@ int RAND_egd_bytes(const char *path, int bytes);
 # endif
 int RAND_poll(void);
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
+/* application has to include <windows.h> in order to use these */
 DEPRECATEDIN_1_1_0(void RAND_screen(void))
 DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
 #endif
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d2736e2..2669f73 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1532,11 +1532,16 @@ __owur char *SSL_get_srp_userinfo(SSL *s);
 
 void SSL_certs_clear(SSL *s);
 void SSL_free(SSL *ssl);
+# ifdef OSSL_ASYNC_FD
+/*
+ * Windows applcation developer has to include windows.h to use these.
+ */
 __owur int SSL_waiting_for_async(SSL *s);
 __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
 __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
                                      size_t *numaddfds, OSSL_ASYNC_FD *delfd,
                                      size_t *numdelfds);
+# endif
 __owur int SSL_accept(SSL *ssl);
 __owur int SSL_connect(SSL *ssl);
 __owur int SSL_read(SSL *ssl, void *buf, int num);
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
index 3fbaf55..3e31b2f 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -27,11 +27,6 @@
 extern "C" {
 # endif
 
-# ifdef WIN32
-/* Under Win32 this is defined in wincrypt.h */
-#  undef X509_NAME
-# endif
-
 # include <openssl/x509.h>
 # include <openssl/x509v3.h>
 
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 4b7a1f6..2f7444d 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -17,7 +17,7 @@
 # define HEADER_X509_H
 
 # include <openssl/e_os2.h>
-# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
 # include <openssl/symhacks.h>
 # include <openssl/buffer.h>
 # include <openssl/evp.h>
@@ -40,12 +40,6 @@
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_EXTENSIONS
-# endif
-
 # define X509_FILETYPE_PEM       1
 # define X509_FILETYPE_ASN1      2
 # define X509_FILETYPE_DEFAULT   3
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 7b0403b..14e25d7 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -18,12 +18,6 @@
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_EXTENSIONS
-# endif
-
 /* Forward reference */
 struct v3_ext_method;
 struct v3_ext_ctx;
diff --git a/test/asynctest.c b/test/asynctest.c
index 6728058..026536b 100644
--- a/test/asynctest.c
+++ b/test/asynctest.c
@@ -7,6 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+#ifdef _WIN32
+# include <windows.h>
+#endif
+
 #include <stdio.h>
 #include <string.h>
 #include <openssl/async.h>
diff --git a/test/threadstest.c b/test/threadstest.c
index db864b2..b2e96fa 100644
--- a/test/threadstest.c
+++ b/test/threadstest.c
@@ -7,6 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
 #include <stdio.h>
 
 #include <openssl/crypto.h>
diff --git a/util/mkdef.pl b/util/mkdef.pl
index c2fbfe7..fa37ccb 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -73,7 +73,7 @@ my $linux=0;
 my $safe_stack_def = 0;
 
 my @known_platforms = ( "__FreeBSD__", "PERL5",
-			"EXPORT_VAR_AS_FUNCTION", "ZLIB"
+			"EXPORT_VAR_AS_FUNCTION", "ZLIB", "_WIN32"
 			);
 my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
@@ -1121,6 +1121,7 @@ sub is_valid
 			if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
 			if ($keyword eq "VMS" && $VMS) { return 1; }
 			if ($keyword eq "WIN32" && $W32) { return 1; }
+			if ($keyword eq "_WIN32" && $W32) { return 1; }
 			if ($keyword eq "WINNT" && $NT) { return 1; }
 			# Special platforms:
 			# EXPORT_VAR_AS_FUNCTION means that global variables


More information about the openssl-commits mailing list