Cache sha512 hash and parsed not_before and not_after with X509 cert.

Replace sha1 hash use with sha512 for certificate comparisons internal to the library. use the cached sha512 for the validator's verification cache. Reduces our recomputation of hashes, and heavy use of time1 time conversion functions noticed bu claudio@ in rpki client. ok jsing@ tb@
author: beck <> 2021-11-04 23:52:34 +0000
committer: beck <> 2021-11-04 23:52:34 +0000
commit: 87decea9a33c04cfad36679efd6678bbc21363cd (patch)
tree: 3ca9bd91a3930e5f3e28873aa362dffdb8cf6227 /src/lib/libcrypto/x509/x509_verify.h
parent: 427635c8217e5b9c6e458a39dac977cc6818582f (diff)
download: openbsd-87decea9a33c04cfad36679efd6678bbc21363cd.tar.gz
openbsd-87decea9a33c04cfad36679efd6678bbc21363cd.tar.bz2
openbsd-87decea9a33c04cfad36679efd6678bbc21363cd.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.h b/src/lib/libcrypto/x509/x509_verify.h
index a097404f2e..d8d2cb0b5f 100644
--- a/src/lib/libcrypto/x509/x509_verify.h
+++ b/src/lib/libcrypto/x509/x509_verify.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.h,v 1.1 2020/09/13 15:06:17 beck Exp $ */
+/* $OpenBSD: x509_verify.h,v 1.2 2021/11/04 23:52:34 beck Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -19,6 +19,7 @@
 #ifdef LIBRESSL_INTERNAL
 struct x509_verify_ctx;
+struct x509_verify_cert_info;
 typedef struct x509_verify_ctx X509_VERIFY_CTX;
 X509_VERIFY_CTX *x509_verify_ctx_new(STACK_OF(X509) *roots);
author	beck <>	2021-11-04 23:52:34 +0000
committer	beck <>	2021-11-04 23:52:34 +0000
commit	87decea9a33c04cfad36679efd6678bbc21363cd (patch)
tree	3ca9bd91a3930e5f3e28873aa362dffdb8cf6227 /src/lib/libcrypto/x509/x509_verify.h
parent	427635c8217e5b9c6e458a39dac977cc6818582f (diff)
download	openbsd-87decea9a33c04cfad36679efd6678bbc21363cd.tar.gz openbsd-87decea9a33c04cfad36679efd6678bbc21363cd.tar.bz2 openbsd-87decea9a33c04cfad36679efd6678bbc21363cd.zip