Change ts to only support one second precision.

RFC 3631 allows for sub second ASN1 GENERALIZED times, if you
choose to support sub second time precison. It does not
indicate that an implementation must support them.

Supporting sub second timestamps is just silly and unrealistic,
so set our maximum to one second of precision. We then simplify
this code by removing some nasty eye-bleed that made artisinally
hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME.

ok tb@, jsing@, with one second precision tested by kn@

Unifdef OPENSSL_NO_ENGINE in libcrypto

This is mechanical apart from a few manual edits to avoid doubled empty
lines.

ok jsing

Set OPENSSL_NO_ENGINE, remove engine code

ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.

ok jsing

Remove TS_VERIFY_CTX_init()

Mark TS_VERIFY_CTX_init() for removal

With opaque TS_VERIFY_CTX the init function dangerous and useless.
It will be dropped.

ok jsing

Make structs in ts.h opaque

ok jsing

Prepare to resurrect TS_RESP_CTX_set_time_cb()

This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.

ok jsing kn

Prepare to provide TS_VERIFY_CTX accessors

The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.

TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.

Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.

A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.

We will be stuck with this nonsense for a long time.

ok jsing kn

Prepare to provide various TS_STATUS_INFO accessors

This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.

ok kn jsing

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Unifdef OPENSSL_NO_ENGINE in libcrypto

This is mechanical apart from a few manual edits to avoid doubled empty
lines.

ok jsing

Set OPENSSL_NO_ENGINE, remove engine code

ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.

ok jsing

Remove TS_VERIFY_CTX_init()

Mark TS_VERIFY_CTX_init() for removal

With opaque TS_VERIFY_CTX the init function dangerous and useless.
It will be dropped.

ok jsing

Make structs in ts.h opaque

ok jsing

Prepare to resurrect TS_RESP_CTX_set_time_cb()

This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.

ok jsing kn

Prepare to provide TS_VERIFY_CTX accessors

The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.

TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.

Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.

A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.

We will be stuck with this nonsense for a long time.

ok jsing kn

Prepare to provide various TS_STATUS_INFO accessors

This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.

ok kn jsing

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Set OPENSSL_NO_ENGINE, remove engine code

ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.

ok jsing

Remove TS_VERIFY_CTX_init()

Mark TS_VERIFY_CTX_init() for removal

With opaque TS_VERIFY_CTX the init function dangerous and useless.
It will be dropped.

ok jsing

Make structs in ts.h opaque

ok jsing

Prepare to resurrect TS_RESP_CTX_set_time_cb()

This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.

ok jsing kn

Prepare to provide TS_VERIFY_CTX accessors

The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.

TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.

Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.

A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.

We will be stuck with this nonsense for a long time.

ok jsing kn

Prepare to provide various TS_STATUS_INFO accessors

This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.

ok kn jsing

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Remove TS_VERIFY_CTX_init()

Mark TS_VERIFY_CTX_init() for removal

With opaque TS_VERIFY_CTX the init function dangerous and useless.
It will be dropped.

ok jsing

Make structs in ts.h opaque

ok jsing

Prepare to resurrect TS_RESP_CTX_set_time_cb()

This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.

ok jsing kn

Prepare to provide TS_VERIFY_CTX accessors

The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.

TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.

Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.

A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.

We will be stuck with this nonsense for a long time.

ok jsing kn

Prepare to provide various TS_STATUS_INFO accessors

This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.

ok kn jsing

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Mark TS_VERIFY_CTX_init() for removal

With opaque TS_VERIFY_CTX the init function dangerous and useless.
It will be dropped.

ok jsing

Make structs in ts.h opaque

ok jsing

Prepare to resurrect TS_RESP_CTX_set_time_cb()

This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.

ok jsing kn

Prepare to provide TS_VERIFY_CTX accessors

The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.

TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.

Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.

A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.

We will be stuck with this nonsense for a long time.

ok jsing kn

Prepare to provide various TS_STATUS_INFO accessors

This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.

ok kn jsing

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Make structs in ts.h opaque

ok jsing

Prepare to resurrect TS_RESP_CTX_set_time_cb()

This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.

ok jsing kn

Prepare to provide TS_VERIFY_CTX accessors

The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.

TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.

Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.

A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.

We will be stuck with this nonsense for a long time.

ok jsing kn

Prepare to provide various TS_STATUS_INFO accessors

This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.

ok kn jsing

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Prepare to resurrect TS_RESP_CTX_set_time_cb()

This was removed shortly after the fork since TS is not 2038-ready
and since there were no consumers of this API. Now there are consumers
and they add it themselves if it's missing from libcrypto. This will no
longer be possible with opaque TS structs, so begrudgingly add it back.

ok jsing kn

Prepare to provide TS_VERIFY_CTX accessors

The setters make no sense since they do not free the old members and
return what was passed in instead of returning the old struct member
so that the caller has a chance of freeing them. This has the side
effect that calling a setter a second time will likely result in a leak.

TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but
the other three setters were missed since discussing the contributor's
CLA was more important. Also missed was that adding frees will result in
double frees: careful consumers like openssl/ruby have workarounds for
the strange existing semantics.

Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the
public API with a typo.

A good illustration of the amount of thought and care that went into
the OpenSSL 1.1 API by both the implementers and the reviewers.
Amazing job overall.

We will be stuck with this nonsense for a long time.

ok jsing kn

Prepare to provide various TS_STATUS_INFO accessors

This adds TS_STATUS_get0_{failure_info,text,status}() as well as
TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1)
when we make the structs in ts.h opaque.

ok kn jsing

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Start making ts opaque

Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.

Include ts_local.h where necessary or where it will be needed soon.

ok jsing

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Fix file names in comments.

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3).
Should have been part of the previous commit. Omission noted by schwarze.

tested in bulk build by sthen
ok jsing

Add const qualifier to the ASN1_OBJ * argument of
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)

tested in a bulk by sthen
ok jsing

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision

Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

Fix a Y2038 problem, by conversion of long to time_t.

The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.

ok miod guenther

Remove WIN32, WIN64 and MINGW32 tentacles.
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.

Loosely based upon a diff from Martijn van Duren on tech@

KNF.

Cope with the removal of openssl/symhacks.h

branches: 1.1.1;
Initial revision