openssl/crypto
Richard Levitte 0d003c52d3 SERIALIZER: New API for serialization of objects through providers
Serialization is needed to be able to take a provider object (such as
the provider side key data) and output it in PEM form, DER form, text
form (for display), and possibly other future forms (XML? JSON? JWK?)

The idea is that a serializer should be able to handle objects it has
intimate knowledge of, as well as object data in OSSL_PARAM form.  The
latter will allow libcrypto to serialize some object with a different
provider than the one holding the data, if exporting of that data is
allowed and there is a serializer that can handle it.

We will provide serializers for the types of objects we know about,
which should be useful together with any other provider that provides
implementations of the same type of object.

Serializers are selected by method name and a couple of additional
properties:

- format        used to tell what format the output should be in.
                Possibilities could include "format=text",
                "format=pem", "format=der", "format=pem-pkcs1"
                (traditional), "format=der-pkcs1" (traditional)
- type          used to tell exactly what type of data should be
                output, for example "type=public" (the public part of
                a key), "type=private" (the private part of a key),
                "type=domainparams" (domain parameters).

This also adds a passphrase callback function type,
OSSL_PASSPHRASE_CALLBACK, which is a bit like OSSL_CALLBACK, but it
takes a few extra arguments to place the result in.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:54:48 +01:00
..
aes Update source files for deprecation at 3.0 2019-11-07 11:37:25 +01:00
aria Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
asn1 Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
async Explicitly test against NULL; do not use !p or similar 2019-10-09 21:32:15 +02:00
bf Fix header file include guard names 2019-09-28 20:26:36 +02:00
bio bss_dgram.c: fix unaligned access 2019-11-10 00:30:13 +01:00
bn s390x assembly pack: fix bn_mul_comba4 2019-11-17 13:52:02 +01:00
buffer Rework how our providers are built 2019-10-10 14:12:15 +02:00
camellia Fix header file include guard names 2019-09-28 20:26:36 +02:00
cast Reorganize local header files 2019-09-28 20:26:35 +02:00
chacha chacha/asm/chacha-armv8.pl: preserve FP registers d8 and d9 correctly 2019-11-28 16:40:43 +01:00
cmac [KDF] Add feedback-mode and CMAC support to KBKDF 2019-10-17 12:45:03 +10:00
cmp chunk 5 of CMP contribution to OpenSSL 2019-10-29 14:17:39 +00:00
cms PEM: constify PEM_write_ routines 2019-11-18 02:34:12 +01:00
comp Reorganize local header files 2019-09-28 20:26:35 +02:00
conf Fix an uninitialised read in conf_def.c 2019-11-14 10:42:45 +00:00
crmf Fix header file include guard names 2019-09-28 20:26:36 +02:00
ct Replace BUF_ string function calls with OPENSSL_ ones 2019-10-17 23:19:59 +02:00
des Rework how our providers are built 2019-10-10 14:12:15 +02:00
dh Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
dsa Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
dso Reorganize local header files 2019-09-28 20:26:35 +02:00
ec ECDSA: don't clear free memory after verify. 2019-11-21 14:28:37 +10:00
engine Engine: Add NULL check. 2019-11-21 14:31:58 +10:00
err SERIALIZER: New API for serialization of objects through providers 2019-11-29 20:54:48 +01:00
ess Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
evp CORE: pass the full algorithm definition to the method constructor 2019-11-29 20:42:12 +01:00
hmac Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
idea Reorganize local header files 2019-09-28 20:26:35 +02:00
kdf Deprecate ERR_load_KDF_strings() 2019-11-12 13:30:35 +01:00
lhash Rework how our providers are built 2019-10-10 14:12:15 +02:00
md2 Following the license change, modify the boilerplates in crypto/mdN/ 2018-12-06 15:04:11 +01:00
md4 md4/md5: macros should not include the line following them 2019-11-01 15:58:00 +01:00
md5 md4/md5: macros should not include the line following them 2019-11-01 15:58:00 +01:00
mdc2 Following the license change, modify the boilerplates in crypto/mdc2/ 2018-12-06 15:04:57 +01:00
modes Fix missing Assembler defines 2019-10-16 16:10:39 +10:00
objects Fix long name of some Microsoft objects 2019-10-03 08:24:38 +10:00
ocsp Explicitly test against NULL; do not use !p or similar 2019-10-09 21:32:15 +02:00
pem PEM: constify PEM_write_ routines 2019-11-18 02:34:12 +01:00
perlasm s390x assembly pack: perlasm module update 2019-11-05 10:05:27 +01:00
pkcs7 Explicitly test against NULL; do not use !p or similar 2019-10-09 21:32:15 +02:00
pkcs12 Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
poly1305 s390x assembly pack: perlasm module update 2019-11-05 10:05:27 +01:00
property SERIALIZER: New API for serialization of objects through providers 2019-11-29 20:54:48 +01:00
rand Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
rc2 Reorganize local header files 2019-09-28 20:26:35 +02:00
rc4 s390x assembly pack: enable clang build 2019-11-03 11:25:31 +01:00
rc5 Reorganize local header files 2019-09-28 20:26:35 +02:00
ripemd Fix missing Assembler defines 2019-10-16 16:10:39 +10:00
rsa Move RSA Asym cipher code to the default provider 2019-11-14 09:29:46 +00:00
seed Fix header file include guard names 2019-09-28 20:26:36 +02:00
serializer SERIALIZER: New API for serialization of objects through providers 2019-11-29 20:54:48 +01:00
sha Fix sha512_block_data_order_avx2 backtrace info 2019-11-20 14:06:23 +01:00
siphash Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
sm2 Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
sm3 Reorganize local header files 2019-09-28 20:26:35 +02:00
sm4 Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
srp Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
stack Rework how our providers are built 2019-10-10 14:12:15 +02:00
store OSSL_STORE: add tracing 2019-11-03 18:38:23 +01:00
ts Fix typo and create compatibility macro 2019-10-16 12:37:20 +02:00
txt_db Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
ui UI_UTIL_wrap_read_pem_callback(): when |cb| is NULL, use PEM_def_callback 2019-11-22 15:19:19 +01:00
whrlpool Fix missing Assembler defines 2019-10-16 16:10:39 +10:00
x509 Check the return from OPENSSL_buf2hexstr() 2019-11-29 14:21:55 +00:00
alphacpuid.pl Unify all assembler file generators 2019-09-16 16:29:57 +02:00
arm64cpuid.pl Unify all assembler file generators 2019-09-16 16:29:57 +02:00
arm_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
armcap.c crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval() 2019-01-16 18:00:48 +01:00
armv4cpuid.pl Unify all assembler file generators 2019-09-16 16:29:57 +02:00
asn1_dsa.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
bsearch.c ossl_bsearch(): New generic internal binary search utility function 2019-05-08 16:17:16 +02:00
build.info SERIALIZER: New API for serialization of objects through providers 2019-11-29 20:54:48 +01:00
c64xpluscpuid.pl Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
context.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
core_algorithm.c Replumbing: make it possible for providers to specify multiple names 2019-10-03 15:47:25 +02:00
core_fetch.c CORE: pass the full algorithm definition to the method constructor 2019-11-29 20:42:12 +01:00
core_namemap.c CORE: ossl_namemap_add_names(): new function to add multiple names 2019-11-29 20:42:12 +01:00
cpt_err.c CORE: ossl_namemap_add_names(): new function to add multiple names 2019-11-29 20:42:12 +01:00
cryptlib.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
ctype.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
cversion.c Cleanup include/openssl/opensslv.h.in 2019-11-08 16:12:57 +01:00
dllmain.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
ebcdic.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
ex_data.c Remove deadlock that was caused by calling pthread_rwlock_wrlock() on same thread twice. This can be reproduce only with musl. 2019-11-24 07:32:22 +10:00
getenv.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
ia64cpuid.S Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
info.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
init.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
initthread.c Thread: Avoid a NULL dereference after failed initialisation. 2019-11-22 15:26:33 +10:00
LPdir_nyi.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_unix.c Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read 2019-11-09 10:49:34 +01:00
LPdir_vms.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_win32.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_win.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_wince.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
mem_clr.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
mem_dbg.c Check the return from OPENSSL_buf2hexstr() 2019-11-29 14:21:55 +00:00
mem_sec.c Use vxRandLib for VxWorks7 2019-05-02 23:32:44 +02:00
mem.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
mips_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
o_dir.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_fips.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_fopen.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_init.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_str.c Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex() 2019-08-12 12:50:41 +02:00
o_time.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
packet.c Give WPACKET the ability to have a NULL buffer underneath it 2019-07-12 06:26:46 +10:00
param_build.c Fix ossl_param_bld_push_{utf8,octet}_string() / param_bld_convert() 2019-08-21 11:18:58 +02:00
params_from_text.c Params from text to allow zero length value fields 2019-09-06 19:27:57 +10:00
params.c Allow strings in params to be of zero length 2019-11-14 09:29:21 +00:00
pariscid.pl Unify all assembler file generators 2019-09-16 16:29:57 +02:00
ppc_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
ppccap.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ppccpuid.pl Unify all assembler file generators 2019-09-16 16:29:57 +02:00
provider_conf.c Load the config file by default 2019-08-01 09:59:20 +01:00
provider_core.c Disable mem leak checking for the self test lock 2019-11-29 16:14:44 +00:00
provider_local.h Replumbing: Add a mechanism to pre-populate the provider store 2019-03-19 14:06:58 +01:00
provider_predefined.c When building of modules is disabled, build the legacy provider into libcrypto 2019-09-26 22:41:47 +02:00
provider.c Rename provider and core get_param_types functions 2019-08-15 11:58:25 +02:00
README.sparse_array Fix Typos 2019-07-02 14:22:29 +02:00
s390x_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
s390xcap.c crypto/s390xcap.c: Add guards around the GETAUXVAL checks 2019-10-21 15:14:09 +02:00
s390xcpuid.pl s390x assembly pack: enable clang build 2019-11-03 11:25:31 +01:00
sparc_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
sparccpuid.S Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
sparcv9cap.c Fix missing bn_mul_mont symbol in solaris fips module 2019-09-20 12:29:53 +10:00
sparse_array.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
threads_none.c drbg: ensure fork-safety without using a pthread_atfork handler 2019-09-11 11:22:18 +02:00
threads_pthread.c drbg: ensure fork-safety without using a pthread_atfork handler 2019-09-11 11:22:18 +02:00
threads_win.c crypto/threads_win.c: fix preprocessor indentation 2019-09-11 11:22:18 +02:00
trace.c OSSL_STORE: add tracing 2019-11-03 18:38:23 +01:00
uid.c Remove NextStep support 2019-07-01 13:32:46 -04:00
vms_rms.h Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
x86_64cpuid.pl Unify all assembler file generators 2019-09-16 16:29:57 +02:00
x86cpuid.pl Unify all assembler file generators 2019-09-16 16:29:57 +02:00

The sparse_array.c file contains an implementation of a sparse array that
attempts to be both space and time efficient.

The sparse array is represented using a tree structure.  Each node in the
tree contains a block of pointers to either the user supplied leaf values or
to another node.

There are a number of parameters used to define the block size:

    OPENSSL_SA_BLOCK_BITS   Specifies the number of bits covered by each block
    SA_BLOCK_MAX            Specifies the number of pointers in each block
    SA_BLOCK_MASK           Specifies a bit mask to perform modulo block size
    SA_BLOCK_MAX_LEVELS     Indicates the maximum possible height of the tree

These constants are inter-related:
    SA_BLOCK_MAX        = 2 ^ OPENSSL_SA_BLOCK_BITS
    SA_BLOCK_MASK       = SA_BLOCK_MAX - 1
    SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by
                          OPENSSL_SA_BLOCK_BITS rounded up to the next multiple
                          of OPENSSL_SA_BLOCK_BITS

OPENSSL_SA_BLOCK_BITS can be defined at compile time and this overrides the
built in setting.

As a space and performance optimisation, the height of the tree is usually
less than the maximum possible height.  Only sufficient height is allocated to
accommodate the largest index added to the data structure.

The largest index used to add a value to the array determines the tree height:

        +----------------------+---------------------+
        | Largest Added Index  |   Height of Tree    |
        +----------------------+---------------------+
        | SA_BLOCK_MAX     - 1 |          1          |
        | SA_BLOCK_MAX ^ 2 - 1 |          2          |
        | SA_BLOCK_MAX ^ 3 - 1 |          3          |
        | ...                  |          ...        |
        | size_t max           | SA_BLOCK_MAX_LEVELS |
        +----------------------+---------------------+

The tree height is dynamically increased as needed based on additions.

An empty tree is represented by a NULL root pointer.  Inserting a value at
index 0 results in the allocation of a top level node full of null pointers
except for the single pointer to the user's data (N = SA_BLOCK_MAX for
brevity):

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|nil|...|nil|
        +-+-+---+---+---+---+
          |
          |
          |
          v
        +-+--+
        |User|
        |Data|
        +----+
    Index 0


Inserting at element 2N+1 creates a new root node and pushes down the old root
node.  It then creates a second second level node to hold the pointer to the
user's new data:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|   |nil|...|nil|      |nil|   |nil|...|nil|
        +-+-+---+---+---+---+      +---+-+-+---+---+---+
          |                              |
          |                              |
          |                              |
          v                              v
        +-+--+                         +-+--+
        |User|                         |User|
        |Data|                         |Data|
        +----+                         +----+
    Index 0                       Index 2N+1


The nodes themselves are allocated in a sparse manner.  Only nodes which exist
along a path from the root of the tree to an added leaf will be allocated.
The complexity is hidden and nodes are allocated on an as needed basis.
Because the data is expected to be sparse this doesn't result in a large waste
of space.

Values can be removed from the sparse array by setting their index position to
NULL.  The data structure does not attempt to reclaim nodes or reduce the
height of the tree on removal.  For example, now setting index 0 to NULL would
result in:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|nil|nil|...|nil|      |nil|   |nil|...|nil|
        +---+---+---+---+---+      +---+-+-+---+---+---+
                                         |
                                         |
                                         |
                                         v
                                       +-+--+
                                       |User|
                                       |Data|
                                       +----+
                                  Index 2N+1


Accesses to elements in the sparse array take O(log n) time where n is the
largest element.  The base of the logarithm is SA_BLOCK_MAX, so for moderately
small indices (e.g. NIDs), single level (constant time) access is achievable.
Space usage is O(minimum(m, n log(n)) where m is the number of elements in the
array.

Note: sparse arrays only include pointers to types.  Thus, SPARSE_ARRAY_OF(char)
can be used to store a string.