diff options
35 files changed, 88 insertions, 56 deletions
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index a727d5c87b..7bd5c617de 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -15,6 +15,9 @@ #include <openssl/err.h> #include <openssl/core_names.h> +#ifndef FIPS_MODULE +# include <openssl/x509.h> +#endif #include "internal/param_build_set.h" #include "crypto/dh.h" #include "dh_local.h" diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7154f8c2ab..29cda5d7bf 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -15,7 +15,9 @@ #include <stdio.h> #include <openssl/bn.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/obj_mac.h> #include <openssl/core_names.h> #include "internal/cryptlib.h" diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c index e4fa070f23..5e3ff85154 100644 --- a/crypto/dsa/dsa_backend.c +++ b/crypto/dsa/dsa_backend.c @@ -15,6 +15,9 @@ #include <openssl/core_names.h> #include <openssl/err.h> +#ifndef FIPS_MODULE +# include <openssl/x509.h> +#endif #include "crypto/dsa.h" #include "dsa_local.h" diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 5512b99ef1..ccc7016592 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -14,7 +14,9 @@ #include "internal/deprecated.h" #include <openssl/bn.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include "internal/cryptlib.h" #include "internal/refcount.h" #include "crypto/dsa.h" diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index 9b4467f2be..381da71f33 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -17,7 +17,10 @@ #include <openssl/objects.h> #include <openssl/params.h> #include <openssl/err.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +# include <openssl/x509.h> +#endif #include "crypto/bn.h" #include "crypto/ec.h" #include "ec_local.h" diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index ba6b8df514..eb14f4e409 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -19,7 +19,9 @@ #include "ec_local.h" #include "internal/refcount.h" #include <openssl/err.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/self_test.h> #include "prov/providercommon.h" #include "crypto/bn.h" diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 91b7a44082..8c011635cb 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -15,7 +15,9 @@ #include <string.h> #include <openssl/ec.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/err.h> #include "ec_local.h" diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index 14278592cd..a0144d5a86 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -13,6 +13,9 @@ #include <openssl/ec.h> #include <openssl/rand.h> #include <openssl/err.h> +#ifndef FIPS_MODULE +# include <openssl/x509.h> +#endif #include "crypto/ecx.h" #include "ecx_backend.h" diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4a5c926103..1f2910bc69 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -14,7 +14,9 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/ec.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/params.h> #include <openssl/core_names.h> #include "internal/cryptlib.h" diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3a8e2c643e..e0f411aa06 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -16,7 +16,9 @@ #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/rand.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/params.h> #include <openssl/core_names.h> #include "internal/cryptlib.h" diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 0b08c9adfd..f78df52ab1 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -25,11 +25,11 @@ #include <openssl/dh.h> #include <openssl/ec.h> #include "crypto/evp.h" -#include "crypto/asn1.h" #include "internal/provider.h" #include "evp_local.h" #if !defined(FIPS_MODULE) +# include "crypto/asn1.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 7b1a44241e..0db755e06b 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -7,13 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include <openssl/evp.h> - #include <stdio.h> #include <stdlib.h> -#include <openssl/engine.h> #include <openssl/evp.h> -#include <openssl/x509v3.h> #include <openssl/rand.h> #include <openssl/core.h> #include <openssl/core_names.h> @@ -22,7 +18,6 @@ #include "internal/numbers.h" #include "internal/provider.h" #include "internal/core.h" -#include "crypto/asn1.h" #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 5552b26601..8177626ae0 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -11,13 +11,10 @@ #include <stdio.h> #include <stdlib.h> #include "internal/cryptlib.h" -#include <openssl/engine.h> #include <openssl/evp.h> -#include <openssl/x509v3.h> #include <openssl/kdf.h> #include <openssl/core.h> #include <openssl/core_names.h> -#include "crypto/asn1.h" #include "crypto/evp.h" #include "internal/numbers.h" #include "internal/provider.h" diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index f3dd876cfd..32e4fbcbaa 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -11,7 +11,6 @@ #include "internal/cryptlib.h" #include "internal/nelem.h" #include "crypto/evp.h" -#include "crypto/asn1.h" #include "internal/core.h" #include "internal/provider.h" #include "evp_local.h" diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 0da6498030..5c5ed05876 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -11,7 +11,6 @@ #include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/objects.h> -#include <openssl/x509.h> #include "crypto/evp.h" #include "internal/provider.h" #include "internal/numbers.h" /* includes SIZE_MAX */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 07be8884fe..fa3a0258fa 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -22,13 +22,14 @@ #include <openssl/err.h> #include <openssl/objects.h> #include <openssl/evp.h> -#include <openssl/x509.h> #include <openssl/rsa.h> #include <openssl/dsa.h> #include <openssl/dh.h> #include <openssl/ec.h> #include <openssl/cmac.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/params.h> #include <openssl/param_build.h> #include <openssl/encoder.h> @@ -36,14 +37,16 @@ #include "internal/numbers.h" /* includes SIZE_MAX */ #include "internal/ffc.h" -#include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/dh.h" #include "crypto/dsa.h" #include "crypto/ec.h" #include "crypto/ecx.h" #include "crypto/rsa.h" -#include "crypto/x509.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +# include "crypto/x509.h" +#endif #include "internal/provider.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c index 112965e794..2ecf2d0251 100644 --- a/crypto/evp/pmeth_check.c +++ b/crypto/evp/pmeth_check.c @@ -13,7 +13,9 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include "crypto/bn.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 2d96e3c227..af3d990869 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -16,7 +16,9 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include "crypto/bn.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 1256e981eb..c214163588 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -15,15 +15,18 @@ #include <stdio.h> #include <stdlib.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/evp.h> -#include <openssl/x509v3.h> #include <openssl/core_names.h> #include <openssl/dh.h> #include <openssl/rsa.h> #include <openssl/kdf.h> #include "internal/cryptlib.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "crypto/dh.h" #include "crypto/ec.h" diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index e824dcaf3c..85ad54e4cf 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -18,9 +18,12 @@ #include <openssl/params.h> #include <openssl/err.h> #include <openssl/evp.h> +#ifndef FIPS_MODULE +# include <openssl/x509.h> +# include "crypto/asn1.h" +#endif #include "internal/sizes.h" #include "internal/param_build_set.h" -#include "crypto/asn1.h" #include "crypto/rsa.h" #include "rsa_local.h" diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 70eaa59a8b..6433282597 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -15,7 +15,9 @@ #include <openssl/crypto.h> #include <openssl/core_names.h> -#include <openssl/engine.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include <openssl/evp.h> #include <openssl/param_build.h> #include "internal/cryptlib.h" diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 21a2e9d727..c5a664dc0b 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -18,22 +18,22 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/objects.h> -#include <openssl/x509.h> -#include "crypto/x509.h" -#ifndef OPENSSL_NO_MD2 -# include <openssl/md2.h> /* uses MD2_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MD4 -# include <openssl/md4.h> /* uses MD4_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MD5 -# include <openssl/md5.h> /* uses MD5_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MDC2 -# include <openssl/mdc2.h> /* uses MDC2_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_RMD160 -# include <openssl/ripemd.h> /* uses RIPEMD160_DIGEST_LENGTH */ +#ifndef FIPS_MODULE +# ifndef OPENSSL_NO_MD2 +# include <openssl/md2.h> /* uses MD2_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MD4 +# include <openssl/md4.h> /* uses MD4_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MD5 +# include <openssl/md5.h> /* uses MD5_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MDC2 +# include <openssl/mdc2.h> /* uses MDC2_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_RMD160 +# include <openssl/ripemd.h> /* uses RIPEMD160_DIGEST_LENGTH */ +# endif #endif #include <openssl/sha.h> /* uses SHA???_DIGEST_LENGTH */ #include "crypto/rsa.h" diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 8613f9038e..f6be4ae006 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -14,7 +14,6 @@ # include <openssl/core.h> # include <openssl/params.h> # include <openssl/dh.h> -# include <openssl/x509.h> # include "internal/ffc.h" DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index dad056bb28..eedbd8c7d1 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -13,7 +13,6 @@ # include <openssl/core.h> # include <openssl/dsa.h> -# include <openssl/x509.h> # include "internal/ffc.h" #define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */ diff --git a/include/crypto/ec.h b/include/crypto/ec.h index 77972c3650..62163b31ac 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -24,7 +24,6 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc); # ifndef OPENSSL_NO_EC # include <openssl/core.h> # include <openssl/ec.h> -# include <openssl/x509.h> # include "crypto/types.h" /*- diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index 82671a8f4d..48b95fa5ba 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -20,7 +20,6 @@ # include <openssl/core.h> # include <openssl/e_os2.h> # include <openssl/crypto.h> -# include <openssl/x509.h> # include "internal/refcount.h" # include "crypto/types.h" diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index cc67e1f709..100e7ceb05 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -13,7 +13,6 @@ # include <openssl/core.h> # include <openssl/rsa.h> -# include <openssl/x509.h> # include "crypto/types.h" #define RSA_MIN_MODULUS_BITS 512 diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h index 1f6f4687ad..fa73e46506 100644 --- a/providers/common/include/prov/provider_util.h +++ b/providers/common/include/prov/provider_util.h @@ -8,7 +8,7 @@ */ #include <openssl/provider.h> -#include <openssl/engine.h> +#include <openssl/types.h> typedef struct { /* diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 30fe7c6b21..662175c2f3 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -14,6 +14,9 @@ #include <openssl/core_names.h> #include <openssl/err.h> #include <openssl/proverr.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include "prov/provider_util.h" #include "internal/nelem.h" diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index e1e2609dfa..63553996bd 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -18,6 +18,9 @@ #include <openssl/evp.h> #include <openssl/proverr.h> #include <openssl/param_build.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include "internal/param_build_set.h" #include "prov/implementations.h" #include "prov/providercommon.h" diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 2291276035..b44f13b5fa 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -16,7 +16,6 @@ #include <openssl/core_dispatch.h> #include <openssl/core_names.h> #include <openssl/params.h> -#include <openssl/engine.h> #include <openssl/evp.h> #include <openssl/cmac.h> @@ -111,7 +110,7 @@ static int cmac_setkey(struct cmac_data_st *macctx, ossl_prov_cipher_cipher(&macctx->cipher), ossl_prov_cipher_engine(&macctx->cipher)); ossl_prov_cipher_reset(&macctx->cipher); - return rv; + return rv; } static int cmac_init(void *vmacctx, const unsigned char *key, diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index 29fb9f87df..89904fc89d 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -11,7 +11,6 @@ #include <openssl/core_dispatch.h> #include <openssl/core_names.h> #include <openssl/params.h> -#include <openssl/engine.h> #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/proverr.h> diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index 3a0679ce8f..78c4924a38 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -18,7 +18,6 @@ #include <openssl/core_dispatch.h> #include <openssl/core_names.h> #include <openssl/params.h> -#include <openssl/engine.h> #include <openssl/evp.h> #include <openssl/hmac.h> diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c index d9fd105289..06f79505ff 100644 --- a/providers/implementations/signature/mac_legacy_sig.c +++ b/providers/implementations/signature/mac_legacy_sig.c @@ -16,6 +16,9 @@ #include <openssl/core_names.h> #include <openssl/params.h> #include <openssl/err.h> +#ifndef FIPS_MODULE +# include <openssl/engine.h> +#endif #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/macsignature.h" diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index b0e3496ba2..85f296b807 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -27,7 +27,9 @@ #include "internal/cryptlib.h" #include <openssl/evp.h> -#include <openssl/md5.h> +#ifndef FIPS_MODULE +# include <openssl/md5.h> +#endif #include <openssl/sha.h> char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); |