Deprecate the recursive includes of bn.h from various API headers (asn1.h,

dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.

crypto/asn1/a_enum.c

@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/bn.h>
 
 /* 
  * Code for ENUMERATED type: identical to INTEGER apart from a different tag.

crypto/asn1/a_int.c

@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/bn.h>
 
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}

crypto/asn1/asn1.h

@@ -64,13 +64,15 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 
 #include <openssl/symhacks.h>
 
 #include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
 
 #ifdef OPENSSL_BUILD_SHLIBCRYPTO
 # undef OPENSSL_EXTERN

crypto/asn1/t_spki.c

@@ -62,6 +62,7 @@
 #include <openssl/asn1.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+#include <openssl/bn.h>
 
 /* Print out an SPKI */
 

crypto/asn1/x_bignum.c

@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
+#include <openssl/bn.h>
 
 /* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
  * BIGNUM directly. Currently it ignores the sign which isn't a problem since all

crypto/asn1/x_long.c

@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
+#include <openssl/bn.h>
 
 /* Custom primitive type for long handling. This converts between an ASN1_INTEGER
  * and a long directly.

crypto/dh/dh.h

@@ -68,9 +68,10 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
 	
 #define DH_FLAG_CACHE_MONT_P	0x01
 

crypto/dsa/dsa.h

@@ -74,11 +74,11 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
 
 #ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 # include <openssl/dh.h>
 #endif

crypto/ec/ec.h

@@ -78,9 +78,11 @@
 #error EC is disabled.
 #endif
 
-#include <openssl/bn.h>
 #include <openssl/asn1.h>
 #include <openssl/symhacks.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
 
 #ifdef  __cplusplus
 extern "C" {

crypto/ec/ec_lcl.h

@@ -74,6 +74,7 @@
 
 #include <openssl/obj_mac.h>
 #include <openssl/ec.h>
+#include <openssl/bn.h>
 
 #if defined(__SUNPRO_C)
 # if __SUNPRO_C >= 0x520

crypto/ec/ectest.c

@@ -93,6 +93,7 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur
 #include <openssl/obj_mac.h>
 #include <openssl/objects.h>
 #include <openssl/rand.h>
+#include <openssl/bn.h>
 
 #define ABORT do { \
 	fflush(stdout); \

crypto/ecdh/ecdh.h

@@ -75,9 +75,11 @@
 #error ECDH is disabled.
 #endif
 
-#include <openssl/bn.h>
 #include <openssl/ec.h>
 #include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
 
 #ifdef __cplusplus
 extern "C" {

crypto/ecdh/ech_ossl.c

@@ -77,6 +77,7 @@
 #include <openssl/err.h>
 #include <openssl/sha.h>
 #include <openssl/obj_mac.h>
+#include <openssl/bn.h>
 
 static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, EC_KEY *ecdh,
                             void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen));

crypto/ecdsa/ecdsa.h

@@ -65,9 +65,11 @@
 #error ECDSA is disabled.
 #endif
 
-#include <openssl/bn.h>
 #include <openssl/ec.h>
 #include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
 
 #ifdef __cplusplus
 extern "C" {

crypto/ecdsa/ecs_lib.c

@@ -57,6 +57,7 @@
 #include "ecdsa.h"
 #include <openssl/engine.h>
 #include <openssl/err.h>
+#include <openssl/bn.h>
 
 const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT;
 

crypto/ecdsa/ecs_ossl.c

@@ -59,6 +59,7 @@
 #include "ecdsa.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
+#include <openssl/bn.h>
 
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
 		EC_KEY *eckey);

crypto/evp/evp_pkey.c

@@ -63,6 +63,7 @@
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+#include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_DSA
 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);

crypto/pkcs12/p12_key.c

@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-
+#include <openssl/bn.h>
 
 /* Uncomment out this line to get debugging info about key generation */
 /*#define DEBUG_KEYGEN*/

crypto/rsa/rsa.h

@@ -64,9 +64,11 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
 
 #ifdef OPENSSL_NO_RSA
 #error RSA is disabled.

crypto/rsa/rsa_test.c

@@ -8,6 +8,7 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/bn.h>
 #ifdef OPENSSL_NO_RSA
 int main(int argc, char *argv[])
 {

crypto/x509v3/v3_utl.c

@@ -63,6 +63,7 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include <openssl/bn.h>
 
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char * const *a, const char * const *b);