Cache sha512 hash and parsed not_before and not_after with X509 cert.

Replace sha1 hash use with sha512 for certificate comparisons internal
to the library. use the cached sha512 for the validator's verification
cache.

Reduces our recomputation of hashes, and heavy use of time1 time
conversion functions noticed bu claudio@ in rpki client.

ok jsing@ tb@

1 files changed, 9 insertions, 3 deletions

diff --git a/src/lib/libcrypto/x509/x509_lcl.h b/src/lib/libcrypto/x509/x509_lcl.h
index 1b352aee78..804fff48fc 100644
--- a/src/lib/libcrypto/x509/x509_lcl.h
+++ b/src/lib/libcrypto/x509/x509_lcl.h
@@ -61,6 +61,12 @@
 
 __BEGIN_HIDDEN_DECLS
 
+#define TS_HASH_EVP             EVP_sha1()
+#define TS_HASH_LEN             SHA_DIGEST_LENGTH
+
+#define X509_CERT_HASH_EVP      EVP_sha512()
+#define X509_CERT_HASH_LEN      SHA512_DIGEST_LENGTH
+
 struct X509_pubkey_st {
         X509_ALGOR *algor;
         ASN1_BIT_STRING *public_key;
@@ -177,9 +183,9 @@ struct x509_st {
         STACK_OF(IPAddressFamily) *rfc3779_addr;
         struct ASIdentifiers_st *rfc3779_asid;
 #endif
-#ifndef OPENSSL_NO_SHA
-        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
+        unsigned char hash[X509_CERT_HASH_LEN];
+        time_t not_before;
+        time_t not_after;
         X509_CERT_AUX *aux;
 } /* X509 */;