add sha256 encryption.  also incorporate a p9p fix to avoid
a potentially invalid (according to the standard) pointer comparison.

Reference: /n/sources/patch/maybe/x509-sha256
Date: Sun Mar 16 17:25:20 CET 2014
Signed-off-by: quanstro@quanstro.net

--- /sys/src/libsec/port/x509.c	Sun Mar 16 17:24:23 2014
+++ /sys/src/libsec/port/x509.c	Sun Mar 16 17:24:19 2014
@@ -1582,6 +1582,8 @@
 	ALG_md5WithRSAEncryption,
 	ALG_sha1WithRSAEncryption,
 	ALG_sha1WithRSAEncryptionOiw,
+	ALG_sha256WithRSAEncryption,
+	ALG_shaWithRSASignatureOiw,
 	ALG_md5,
 	NUMALGS
 };
@@ -1595,6 +1597,7 @@
 static Ints7 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
 static Ints7 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
 static Ints7 oid_sha1WithRSAEncryptionOiw ={6, 1, 3, 14, 3, 2, 29 };
+static Ints7 oid_sha256WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 11 };
 static Ints7 oid_md5 ={6, 1, 2, 840, 113549, 2, 5, 0 };
 static Ints *alg_oid_tab[NUMALGS+1] = {
 	(Ints*)&oid_rsaEncryption,
@@ -1603,10 +1606,11 @@
 	(Ints*)&oid_md5WithRSAEncryption,
 	(Ints*)&oid_sha1WithRSAEncryption,
 	(Ints*)&oid_sha1WithRSAEncryptionOiw,
+	(Ints*)&oid_sha256WithRSAEncryption,
 	(Ints*)&oid_md5,
 	nil
 };
-static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, sha1, md5, nil };
+static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, sha1, sha2_256, md5, nil };
 
 static void
 freecert(CertX509* c)
@@ -2095,8 +2099,7 @@
 	if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
 	   tag.class != Universal || tag.num != SEQUENCE ||
 	   length_decode(&p, pend, &length) != ASN_OK ||
-	   p+length > pend ||
-	   p+length < p)
+	   length > pend - p)
 		return;
 	info = p;
 	if(ber_decode(&p, pend, &elem) != ASN_OK)