include/openssl: don't include <windows.h> in public headers.

If application uses any of Windows-specific interfaces, make it
application developer's respondibility to include <windows.h>.
Rationale is that <windows.h> is quite "toxic" and is sensitive
to inclusion order (most notably in relation to <winsock2.h>).
It's only natural to give complete control to the application developer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

9 files changed, 34 insertions, 46 deletions

diff --git a/include/openssl/async.h b/include/openssl/async.h
index 160766af36..ca51bb3412 100644
--- a/include/openssl/async.h
+++ b/include/openssl/async.h
@@ -13,9 +13,11 @@
 # define HEADER_ASYNC_H
 
 #if defined(_WIN32)
-#include <windows.h>
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> to use this */
 #define OSSL_ASYNC_FD       HANDLE
 #define OSSL_BAD_ASYNC_FD   INVALID_HANDLE_VALUE
+# endif
 #else
 #define OSSL_ASYNC_FD       int
 #define OSSL_BAD_ASYNC_FD   -1
@@ -37,6 +39,7 @@ typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
 int ASYNC_init_thread(size_t max_size, size_t init_size);
 void ASYNC_cleanup_thread(void);
 
+#ifdef OSSL_ASYNC_FD
 ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
 void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
 int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
@@ -52,6 +55,7 @@ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
                                    size_t *numaddfds, OSSL_ASYNC_FD *delfd,
                                    size_t *numdelfds);
 int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+#endif
 
 int ASYNC_is_capable(void);
 
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index acdb48bd61..cbd05a8acc 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -387,33 +387,37 @@ void OPENSSL_thread_stop(void);
 
 /* Low-level control of initialization */
 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
-#ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
                                     const char *config_file);
-#endif
+# endif
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
 
-# if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-typedef unsigned int CRYPTO_ONCE;
-typedef unsigned int CRYPTO_THREAD_LOCAL;
-typedef unsigned int CRYPTO_THREAD_ID;
-
-#  define CRYPTO_ONCE_STATIC_INIT 0
-# elif defined(OPENSSL_SYS_WINDOWS)
-#  include <windows.h>
+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+#  if defined(_WIN32)
+#   if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> in order to use this */
 typedef DWORD CRYPTO_THREAD_LOCAL;
 typedef DWORD CRYPTO_THREAD_ID;
 
 typedef LONG CRYPTO_ONCE;
-#  define CRYPTO_ONCE_STATIC_INIT 0
-
-# else
-#  include <pthread.h>
+#    define CRYPTO_ONCE_STATIC_INIT 0
+#   endif
+#  else
+#   include <pthread.h>
 typedef pthread_once_t CRYPTO_ONCE;
 typedef pthread_key_t CRYPTO_THREAD_LOCAL;
 typedef pthread_t CRYPTO_THREAD_ID;
 
-#  define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#   define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#  endif
+# endif
+
+# if !defined(CRYPTO_ONCE_STATIC_INIT)
+typedef unsigned int CRYPTO_ONCE;
+typedef unsigned int CRYPTO_THREAD_LOCAL;
+typedef unsigned int CRYPTO_THREAD_ID;
+#  define CRYPTO_ONCE_STATIC_INIT 0
 # endif
 
 int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index adc50ed284..129a67f057 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -63,10 +63,11 @@ typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
 typedef struct asn1_sctx_st ASN1_SCTX;
 
-# ifdef OPENSSL_SYS_WIN32
+# ifdef _WIN32
 #  undef X509_NAME
 #  undef X509_EXTENSIONS
 #  undef PKCS7_ISSUER_AND_SERIAL
+#  undef PKCS7_SIGNER_INFO
 #  undef OCSP_REQUEST
 #  undef OCSP_RESPONSE
 # endif
diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h
index 6148cec993..328a4f66b4 100644
--- a/include/openssl/pkcs7.h
+++ b/include/openssl/pkcs7.h
@@ -21,12 +21,6 @@
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef PKCS7_ISSUER_AND_SERIAL
-#  undef PKCS7_SIGNER_INFO
-# endif
-
 /*-
 Encryption_ID           DES-CBC
 Digest_ID               MD5
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index d0f8eabe0a..8dab1a00fb 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -14,10 +14,6 @@
 # include <openssl/ossl_typ.h>
 # include <openssl/e_os2.h>
 
-# if defined(OPENSSL_SYS_WINDOWS)
-#  include <windows.h>
-# endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -65,7 +61,8 @@ int RAND_egd_bytes(const char *path, int bytes);
 # endif
 int RAND_poll(void);
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
+/* application has to include <windows.h> in order to use these */
 DEPRECATEDIN_1_1_0(void RAND_screen(void))
 DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
 #endif
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d2736e2ceb..2669f73544 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1532,11 +1532,16 @@ __owur char *SSL_get_srp_userinfo(SSL *s);
 
 void SSL_certs_clear(SSL *s);
 void SSL_free(SSL *ssl);
+# ifdef OSSL_ASYNC_FD
+/*
+ * Windows applcation developer has to include windows.h to use these.
+ */
 __owur int SSL_waiting_for_async(SSL *s);
 __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
 __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
                                      size_t *numaddfds, OSSL_ASYNC_FD *delfd,
                                      size_t *numdelfds);
+# endif
 __owur int SSL_accept(SSL *ssl);
 __owur int SSL_connect(SSL *ssl);
 __owur int SSL_read(SSL *ssl, void *buf, int num);
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
index 3fbaf55ae2..3e31b2fd3b 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -27,11 +27,6 @@
 extern "C" {
 # endif
 
-# ifdef WIN32
-/* Under Win32 this is defined in wincrypt.h */
-#  undef X509_NAME
-# endif
-
 # include <openssl/x509.h>
 # include <openssl/x509v3.h>
 
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 4b7a1f640a..2f7444dc46 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -17,7 +17,7 @@
 # define HEADER_X509_H
 
 # include <openssl/e_os2.h>
-# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
 # include <openssl/symhacks.h>
 # include <openssl/buffer.h>
 # include <openssl/evp.h>
@@ -40,12 +40,6 @@
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_EXTENSIONS
-# endif
-
 # define X509_FILETYPE_PEM       1
 # define X509_FILETYPE_ASN1      2
 # define X509_FILETYPE_DEFAULT   3
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 7b0403b9dc..14e25d7680 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -18,12 +18,6 @@
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_EXTENSIONS
-# endif
-
 /* Forward reference */
 struct v3_ext_method;
 struct v3_ext_ctx;