From d7c10ca7c36ff5446bee4a623bcb1020e19482b8 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 1 Aug 2016 08:27:08 -0700
Subject: [PATCH] Removing OpenSSL dependency for plugins.

Compiling a plugin required having access to OpenSSL headers because
they were pulled in by Bro headers that the plugin had to include.
Removinng then OpenSSL dependency from those Bro headers.

I'm also reverting a4e5591e. This is a different fix for the same
problem, and reverting that commit gives us a test case. :-)
---
 src/ChunkedIO.cc                              |  2 ++
 src/ChunkedIO.h                               |  8 +++++---
 src/File.cc                                   |  4 ++++
 src/File.h                                    | 10 +++++-----
 src/file_analysis/analyzer/x509/X509.cc       |  1 +
 src/file_analysis/analyzer/x509/functions.bif |  2 ++
 src/main.cc                                   |  3 ++-
 7 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc
index 0c402dc2af..d2cdbc6425 100644
--- a/src/ChunkedIO.cc
+++ b/src/ChunkedIO.cc
@@ -5,7 +5,9 @@
 #include <sys/time.h>
 #include <netinet/in.h>
 #include <assert.h>
+
 #include <openssl/ssl.h>
+#include <openssl/err.h>
 
 #include <algorithm>
 
diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h
index 238bea5044..de3e143b66 100644
--- a/src/ChunkedIO.h
+++ b/src/ChunkedIO.h
@@ -14,9 +14,6 @@
 # include <krb5.h>
 #endif
 
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
 class CompressedChunkedIO;
 
 // #define DEBUG_COMMUNICATION 10
@@ -244,6 +241,11 @@ private:
 	bro::Flare read_flare;
 };
 
+// From OpenSSL. We forward-declare these here to avoid introducing a
+// dependency on OpenSSL headers just for this header file.
+typedef struct ssl_ctx_st SSL_CTX;
+typedef struct ssl_st SSL;
+
 // Chunked I/O using an SSL connection.
 class ChunkedIOSSL : public ChunkedIO {
 public:
diff --git a/src/File.cc b/src/File.cc
index 16d4259fe5..7c4a21d5e8 100644
--- a/src/File.cc
+++ b/src/File.cc
@@ -18,6 +18,10 @@
 #include <errno.h>
 #include <unistd.h>
 
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
 #include <algorithm>
 
 #include "File.h"
diff --git a/src/File.h b/src/File.h
index f3fdf2f271..6410a67624 100644
--- a/src/File.h
+++ b/src/File.h
@@ -11,11 +11,11 @@
 # ifdef NEED_KRB5_H
 #  include <krb5.h>
 # endif // NEED_KRB5_H
-extern "C" {
-# include "openssl/evp.h"
-# include "openssl/pem.h"
-# include "openssl/err.h"
-}
+
+// From OpenSSL. We forward-declare these here to avoid introducing a
+// dependency on OpenSSL headers just for this header file.
+typedef struct evp_pkey_st EVP_PKEY;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
 
 class BroType;
 class RotateTimer;
diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc
index ebf7b1d04f..da3c6635a8 100644
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@@ -14,6 +14,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/asn1.h>
 #include <openssl/opensslconf.h>
+#include <openssl/err.h>
 
 using namespace file_analysis;
 
diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index 216f4c69cc..c977c746d4 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -6,6 +6,8 @@
 #include <openssl/asn1.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/ocsp.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
 
 // This is the indexed map of X509 certificate stores.
 static map<Val*, X509_STORE*> x509_stores;
diff --git a/src/main.cc b/src/main.cc
index fd462f4996..c2052a03b3 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -18,7 +18,8 @@ extern "C" {
 }
 #endif
 
-#include <openssl/md5.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 extern "C" void OPENSSL_add_all_algorithms_conf(void);