openbsd/src/lib/libcrypto/x509/x509_cmp.c, branch libressl-v3.6.3

openbsd/src/lib/libcrypto/x509/x509_cmp.c, branch libressl-v3.6.3 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.6.3 2022-02-24T22:05:07+00:00 Get rid of SHA1 for comparing CRL's - use SHA512 just like we do for certs. 2022-02-24T22:05:07+00:00 beck 2022-02-24T22:05:07+00:00 urn:sha1:e29735531148d227a52ccd6fa19e0b2cdf8b7b83 ok tb@ Include evp_locl.h where it will be needed once most structs from 2021-12-12T21:30:14+00:00 tb 2021-12-12T21:30:14+00:00 urn:sha1:b632ec4f99386efc52214c580c9f233748302224 evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi Cache sha512 hash and parsed not_before and not_after with X509 cert. 2021-11-04T23:52:34+00:00 beck 2021-11-04T23:52:34+00:00 urn:sha1:87decea9a33c04cfad36679efd6678bbc21363cd Replace sha1 hash use with sha512 for certificate comparisons internal to the library. use the cached sha512 for the validator's verification cache. Reduces our recomputation of hashes, and heavy use of time1 time conversion functions noticed bu claudio@ in rpki client. ok jsing@ tb@ Move the now internal X.509-related structs into x509_lcl.h. 2021-11-01T20:53:08+00:00 tb 2021-11-01T20:53:08+00:00 urn:sha1:f478d62658b61e2242dbf3575bf454f8c0f432b1 Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the 2019-03-13T20:34:00+00:00 tb 2019-03-13T20:34:00+00:00 urn:sha1:5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0 mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing Provide X509_get0_serialNumber() 2018-08-24T19:59:32+00:00 tb 2018-08-24T19:59:32+00:00 urn:sha1:b2896b6759d33e259f8f56f743ec2d54f5002a50 tested in a bulk by sthen ok jsing Add const to both arguments of X509_check_private_key(3). 2018-05-18T19:24:08+00:00 tb 2018-05-18T19:24:08+00:00 urn:sha1:d7f54f2d9055851c59540a96dcf1a673fba160fc tested in a bulk build by sthen input & ok jsing Add const qualifier to the argument of X509_get_issuer_name(3) and 2018-05-13T10:36:35+00:00 tb 2018-05-13T10:36:35+00:00 urn:sha1:198462ba6ab3bc7513683c3a33b9d87b71378fa5 X509_get_subject_name(3). tested in a bulk build by sthen ok jsing (as part of a larger diff) Convert a handful of X509_*() functions to take const as in OpenSSL. 2018-05-01T19:01:28+00:00 tb 2018-05-01T19:01:28+00:00 urn:sha1:7c375c1a832336c8d9c706ebe1c9cd62252a1d88 tested in a bulk by sthen ok jsing Fix X509_get0_pubkey() - X509_get_pubkey() is a misnamed "get1" function, 2018-03-17T14:57:23+00:00 jsing 2018-03-17T14:57:23+00:00 urn:sha1:1febbbd02eb347551b033ef4c0195ac23c846521 so call X509_PUBKEY_get0() instead. Spotted by schwarze@ while documenting.