Convert libressl to use the BoringSSL style time conversions

This gets rid of our last uses of timegm and gmtime in the
library and things that ship with it. It includes a bit
of refactoring in ocsp_cl.c to remove some obvious ugly.

ok tb@

Remove beck's ASN.1 time API from public visibility

This API was needed since OpenSSL didn't have one. We now have variants
of OpenSSL's API and will also expose BoringSSL's complementary API. The
users of this API were ported to the OpenSSL variants and some may switch
to BoringSSL's in the future. Part of it is still used internally.

ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls).
This will be fixed in a future bump.

ok jsing

Hide symbols in cast, idea, and ocsp

ok tb@

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Add an essentially empty ocsp_local.h and include it in the files
that will need it in the upcoming bump.

discussed with jsing

Fix a whitespace error that has annoyed me for way too long

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Remove beck's ASN.1 time API from public visibility

This API was needed since OpenSSL didn't have one. We now have variants
of OpenSSL's API and will also expose BoringSSL's complementary API. The
users of this API were ported to the OpenSSL variants and some may switch
to BoringSSL's in the future. Part of it is still used internally.

ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls).
This will be fixed in a future bump.

ok jsing

Hide symbols in cast, idea, and ocsp

ok tb@

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Add an essentially empty ocsp_local.h and include it in the files
that will need it in the upcoming bump.

discussed with jsing

Fix a whitespace error that has annoyed me for way too long

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Hide symbols in cast, idea, and ocsp

ok tb@

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Add an essentially empty ocsp_local.h and include it in the files
that will need it in the upcoming bump.

discussed with jsing

Fix a whitespace error that has annoyed me for way too long

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Add an essentially empty ocsp_local.h and include it in the files
that will need it in the upcoming bump.

discussed with jsing

Fix a whitespace error that has annoyed me for way too long

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Add an essentially empty ocsp_local.h and include it in the files
that will need it in the upcoming bump.

discussed with jsing

Fix a whitespace error that has annoyed me for way too long

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Fix a whitespace error that has annoyed me for way too long

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not. On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).

The caller is thus faced with the choice of leaving either a leak
or a potential double free. Fix this by transferring ownership
only at the end of the function.

Found while reviewing an upcoming diff by beck.

ok jsing

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

spelling; from miod

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Provide OCSP_SINGLERESP_get0_id().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr macros - no change in generated assembly.

make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@

Clean up OCSP_check_validity() a bit more.
- Return on first failure rather than continuing.
- Don't compare times by comparing strings that possibly were not parsable as a time.
ok deraadt@

remove unneeded duplicate call - spotted by jsing@

Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time. Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@

branches: 1.8.2; 1.8.6;
None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

More KNF.

KNF

resolve conflicts, fix local changes

resolve conflicts

branches: 1.1.1;
OpenSSL 0.9.7 stable 2002 05 08 merge