Cache CRLs in issuer cache

The issuer cache holds a pair of SHA-512 of parent and child cert plus
the result of the signature verification. Since CRLs also have a cached
hash of their DER, we can easily add them to the same cache. This way we
also avoid the cost of repeated signature verification for CRLs.

For ordinary workloads the cache is larger than necessary and it won't
currently take up more space than ~8M anyway, so the cost of doing this
is negligible.

For applications like rpki-client where the same (CA, CRL) pair is used
to verify multiple EE certs, the gain is significant. In fact, the current
worst case is a single pair being used for > 50k EE certs, responsible for
about 20-25% of the total runtime of an ordinary rpki-client run if a
hw-accelerated version of SHA-2 is available and even more if it isn't.
In both cases the cost of processing of this pair is reduced by more than
an order of magnitude.

The implementation is a translation of x509_verify_parent_signature() to
the case of CRLs and is entirely trivial thanks to the cache's design.

Found while investigating a performance bottleneck found by job

tested by job
ok beck

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 235f488fc7..f25e2b3f15 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.72 2025/02/08 01:04:56 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.73 2025/02/08 10:12:00 tb Exp $ */
 /*
  * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
  *
@@ -531,6 +531,7 @@ x509_verify_potential_parent(struct x509_verify_ctx *ctx, X509 *parent,
         return X509_check_issued(parent, child) == X509_V_OK;
 }
 
+/* Matches x509_crl_verify_parent_signature() */
 static int
 x509_verify_parent_signature(X509 *parent, X509 *child, int *error)
 {