Merge 95f66e6d3b into b8c46cba5f

crypto/cmp/cmp_asn.c

@@ -14,10 +14,6 @@
 #include "cmp_local.h"
 #include "internal/crmf.h"
 
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/cmp.h>
-#include <openssl/crmf.h>
-
 /* ASN.1 declarations from RFC4210 */
 ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
     /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */

crypto/cmp/cmp_client.c

@@ -10,15 +10,6 @@
  */
 
 #include "cmp_local.h"
-#include "internal/cryptlib.h"
-
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/bio.h>
-#include <openssl/cmp.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509v3.h>
-#include <openssl/cmp_util.h>
 
 #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \
                         || (t) == OSSL_CMP_PKIBODY_KUP)

crypto/cmp/cmp_ctx.c

@@ -9,16 +9,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/trace.h>
-#include <openssl/bio.h>
-#include <openssl/ocsp.h> /* for OCSP_REVOKED_STATUS_* */
-
 #include "cmp_local.h"
-
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/cmp.h>
-#include <openssl/crmf.h>
-#include <openssl/err.h>
+#include <openssl/ocsp.h> /* for OCSP_REVOKED_STATUS_* */
 
 #define DEFINE_OSSL_CMP_CTX_get0(FIELD, TYPE) \
     DEFINE_OSSL_CMP_CTX_get0_NAME(FIELD, FIELD, TYPE)

crypto/cmp/cmp_hdr.c

@@ -12,13 +12,7 @@
 /* CMP functions for PKIHeader handling */
 
 #include "cmp_local.h"
-
-#include <openssl/rand.h>
-
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/asn1t.h>
-#include <openssl/cmp.h>
-#include <openssl/err.h>
+#include <openssl/rand.h> /* for AND_bytes_ex() */
 
 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
 {

crypto/cmp/cmp_http.c

@@ -9,23 +9,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <string.h>
-#include <stdio.h>
-
-#include <openssl/asn1t.h>
-#include <openssl/http.h>
-
-#include <openssl/cmp.h>
 #include "cmp_local.h"
 
-/* explicit #includes not strictly needed since implied by the above: */
-#include <ctype.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <openssl/bio.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
 static int keep_alive(int keep_alive, int body_type, BIO **bios)
 {
     if (keep_alive != 0 && bios == NULL

crypto/cmp/cmp_local.h

@@ -12,18 +12,9 @@
 #ifndef OSSL_CRYPTO_CMP_LOCAL_H
 # define OSSL_CRYPTO_CMP_LOCAL_H
 
-# include "internal/cryptlib.h"
-
 # include <openssl/cmp.h>
-# include <openssl/err.h>
-
-/* explicit #includes not strictly needed since implied by the above: */
-# include <openssl/crmf.h>
-# include <openssl/types.h>
-# include <openssl/safestack.h>
-# include <openssl/x509.h>
-# include <openssl/x509v3.h>
 # include "crypto/x509.h"
+# include "internal/cryptlib.h"
 
 # define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL)
 

crypto/cmp/cmp_msg.c

@@ -13,15 +13,7 @@
 
 #include "cmp_local.h"
 
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/asn1t.h>
-#include <openssl/cmp.h>
-#include <openssl/crmf.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/bio.h>
-#include <internal/cms.h>
+#include <internal/cms.h> /* for ossl_cms_sign_encrypt() */
 
 OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq)
 {

crypto/cmp/cmp_protect.c

@@ -10,14 +10,7 @@
  */
 
 #include "cmp_local.h"
-#include "crypto/asn1.h"
-
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/asn1t.h>
-#include <openssl/cmp.h>
-#include <openssl/crmf.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
+#include "crypto/asn1.h" /* for ossl_X509_ALGOR_from_nid() */
 
 /*
  * This function is also used by the internal verify_PBMAC() in cmp_vfy.c.

crypto/cmp/cmp_server.c

@@ -11,14 +11,8 @@
 
 /* general CMP server functions */
 
-#include <openssl/asn1t.h>
-
 #include "cmp_local.h"
 
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/cmp.h>
-#include <openssl/err.h>
-
 /* the context for the generic CMP server */
 struct ossl_cmp_srv_ctx_st {
     OSSL_CMP_CTX *ctx; /* CMP client context reused for transactionID etc. */

crypto/cmp/cmp_status.c

@@ -11,21 +11,8 @@
 
 /* CMP functions for PKIStatusInfo handling and PKIMessage decomposition */
 
-#include <string.h>
-
 #include "cmp_local.h"
 
-/* explicit #includes not strictly needed since implied by the above: */
-#include <time.h>
-#include <openssl/cmp.h>
-#include <openssl/crmf.h>
-#include <openssl/err.h> /* needed in case config no-deprecated */
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/asn1err.h> /* for ASN1_R_TOO_SMALL and ASN1_R_TOO_LARGE */
-
 /* CMP functions related to PKIStatus */
 
 int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)

crypto/cmp/cmp_vfy.c

@@ -12,14 +12,6 @@
 /* CMP functions for PKIMessage checking */
 
 #include "cmp_local.h"
-#include <openssl/cmp_util.h>
-
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/asn1t.h>
-#include <openssl/cmp.h>
-#include <openssl/crmf.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
 
 /* Verify a message protected by signature according to RFC section 5.1.3.3 */
 static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,

crypto/crmf/crmf_asn.c

@@ -12,12 +12,8 @@
  */
 
 #include <openssl/asn1t.h>
-
 #include "crmf_local.h"
 
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/crmf.h>
-
 ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = {
     ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, version, ASN1_INTEGER),
     ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, privateKeyAlgorithm, X509_ALGOR),

crypto/crmf/crmf_lib.c

@@ -26,19 +26,11 @@
  * cases increases its link count) in the parent and so both should be freed up.
  */
 
-#include <openssl/asn1t.h>
-
 #include "crmf_local.h"
+#include <openssl/asn1t.h>
 #include "internal/constant_time.h"
-#include "internal/sizes.h"
-#include "crypto/evp.h"
-#include "crypto/x509.h"
-
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/crmf.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/cms.h>
+#include "internal/sizes.h" /* for OSSL_MAX_NAME_SIZE */
+#include "crypto/x509.h" /* for ossl_x509_check_private_key() */
 
 /*-
  * atyp = Attribute Type

crypto/crmf/crmf_local.h

@@ -14,16 +14,7 @@
 #ifndef OSSL_CRYPTO_CRMF_LOCAL_H
 # define OSSL_CRYPTO_CRMF_LOCAL_H
 
-# include <openssl/crmf.h>
-# include <openssl/cms.h> /* for CMS_EnvelopedData and CMS_SignedData */
-# include <openssl/err.h>
-# include "internal/crmf.h" /* for ossl_crmf_attributetypeandvalue_st */
-
-/* explicit #includes not strictly needed since implied by the above: */
-# include <openssl/types.h>
-# include <openssl/safestack.h>
-# include <openssl/x509.h>
-# include <openssl/x509v3.h>
+# include "internal/crmf.h"
 
 /*-
  * EncryptedValue ::= SEQUENCE {

crypto/crmf/crmf_pbm.c

@@ -11,22 +11,10 @@
  * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
  */
 
-#include <string.h>
-
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-
-/* explicit #includes not strictly needed since implied by the above: */
-#include <openssl/asn1t.h>
-#include <openssl/crmf.h>
-#include <openssl/err.h>
-#include <openssl/params.h>
-#include <openssl/core_names.h>
-
-#include "internal/sizes.h"
-
 #include "crmf_local.h"
+#include <openssl/rand.h> /* for RAND_bytes_ex() */
+#include "internal/sizes.h" /* for OSSL_MAX_NAME_SIZE */
+#include <openssl/err.h>
 
 /*-
  * creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4)