Cache sha512 hash and parsed not_before and not_after with X509 cert.

Replace sha1 hash use with sha512 for certificate comparisons internal to the library. use the cached sha512 for the validator's verification cache. Reduces our recomputation of hashes, and heavy use of time1 time conversion functions noticed bu claudio@ in rpki client. ok jsing@ tb@
author: beck <> 2021-11-04 23:52:34 +0000
committer: beck <> 2021-11-04 23:52:34 +0000
commit: 244374d8dda906a87c40f39a8ed949cf07a1c8f3 (patch)
tree: 3ca9bd91a3930e5f3e28873aa362dffdb8cf6227 /src/lib/libcrypto/x509/x509_cmp.c
parent: b866948734d2d995d78efdc04fb93574782722fa (diff)
download: openbsd-244374d8dda906a87c40f39a8ed949cf07a1c8f3.tar.gz
openbsd-244374d8dda906a87c40f39a8ed949cf07a1c8f3.tar.bz2
openbsd-244374d8dda906a87c40f39a8ed949cf07a1c8f3.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 134a082730..bc944b71d7 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cmp.c,v 1.36 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: x509_cmp.c,v 1.37 2021/11/04 23:52:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -215,7 +215,7 @@ X509_cmp(const X509 *a, const X509 *b)
        X509_check_purpose((X509 *)a, -1, 0);
        X509_check_purpose((X509 *)b, -1, 0);
-        return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+        return memcmp(a->hash, b->hash, X509_CERT_HASH_LEN);
 }
 #endif
author	beck <>	2021-11-04 23:52:34 +0000
committer	beck <>	2021-11-04 23:52:34 +0000
commit	244374d8dda906a87c40f39a8ed949cf07a1c8f3 (patch)
tree	3ca9bd91a3930e5f3e28873aa362dffdb8cf6227 /src/lib/libcrypto/x509/x509_cmp.c
parent	b866948734d2d995d78efdc04fb93574782722fa (diff)
download	openbsd-244374d8dda906a87c40f39a8ed949cf07a1c8f3.tar.gz openbsd-244374d8dda906a87c40f39a8ed949cf07a1c8f3.tar.bz2 openbsd-244374d8dda906a87c40f39a8ed949cf07a1c8f3.zip

diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 134a082730..bc944b71d7 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_cmp.c,v 1.36 2021/11/01 20:53:08 tb Exp $ */	1	/* $OpenBSD: x509_cmp.c,v 1.37 2021/11/04 23:52:34 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -215,7 +215,7 @@ X509_cmp(const X509 a, const X509 b)
215	X509_check_purpose((X509 *)a, -1, 0);	215	X509_check_purpose((X509 *)a, -1, 0);
216	X509_check_purpose((X509 *)b, -1, 0);	216	X509_check_purpose((X509 *)b, -1, 0);
217		217
218	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);	218	return memcmp(a->hash, b->hash, X509_CERT_HASH_LEN);
219	}	219	}
220	#endif	220	#endif
221		221