mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-05 07:54:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
745fc918e7
openssl/crypto
History
Matt Caswell 745fc918e7 Introduce the provider property 
Replace the properties default, fips and legacy with a single property
called "provider". So, for example, instead of writing "default=yes" to
get algorithms from the default provider you would instead write
"provider=default". We also have a new "fips" property to indicate that
an algorithm is compatible with FIPS mode. This applies to all the
algorithms in the FIPS provider, as well as any non-cryptographic
algorithms (currently only serializers).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11097)
2020-02-21 20:17:02 +00:00
..
aes x86_64: Don't assume 8-byte pointer size 2020-02-18 18:03:16 +01:00
aria Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
asn1 Adapt i2d_PrivateKey for provider only keys 2020-02-14 14:14:16 +01:00
async Use swapcontext for Intel CET 2020-02-07 23:25:37 +00:00
bf Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
bio add BIO_socket_wait(), BIO_wait(), and BIO_connect_retry() improving timeout support 2020-02-10 16:49:01 +01:00
bn [BN] harden BN_copy() against leaks from memory accesses 2020-02-18 19:11:10 +02:00
buffer Rework how our providers are built 2019-10-10 14:12:15 +02:00
camellia Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
cast Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
chacha Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
cmac Deprecate the low level CMAC functions 2020-01-29 19:49:22 +10:00
cmp chunk 7 of CMP contribution to OpenSSL 2020-02-17 07:43:58 +01:00
cms Don't use the low level AES key wrap APIs in CMS 2020-01-06 15:09:57 +00:00
comp Reorganize local header files 2019-09-28 20:26:35 +02:00
conf Make generated copyright year be "now" 2020-01-07 15:53:15 -05:00
crmf fix various formatting nits in CMP contribution chunks 1-6 found by the new util/check-format.pl 2020-02-17 07:43:58 +01:00
ct Deprecate the low level SHA functions. 2020-01-19 10:14:39 +10:00
des Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
dh Deprecate the low level Diffie-Hellman functions. 2020-02-20 19:04:57 +10:00
dsa Add FFC param/key validation 2020-02-16 13:03:46 +10:00
dso Reorganize local header files 2019-09-28 20:26:35 +02:00
ec [EC] harden EC_KEY against leaks from memory accesses 2020-02-18 19:11:10 +02:00
engine Deprecate the low level SHA functions. 2020-01-19 10:14:39 +10:00
err chunk 7 of CMP contribution to OpenSSL 2020-02-17 07:43:58 +01:00
ess Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
evp pmeth_lib: detect unsupported OSSL_PARAM. 2020-02-21 13:04:25 +01:00
ffc ffc: use sizeof(*pointer) instead of sizeof(struct) in memset(3) call. 2020-02-17 19:29:05 +10:00
hmac Deprecate the low level HMAC functions 2020-01-29 19:49:23 +10:00
http fix build for new HTTP client in case OPENSSL_NO_CMP or OPENSSL_NO_OCSP 2020-02-12 12:29:59 +01:00
idea Deprecate the low level IDEA functions. 2020-01-19 10:38:49 +10:00
kdf Deprecate ERR_load_KDF_strings() 2019-11-12 13:30:35 +01:00
lhash Rework how our providers are built 2019-10-10 14:12:15 +02:00
md2 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
md4 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
md5 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
mdc2 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
modes Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
objects Add support for DH 'modp' group parameters (RFC 3526) 2020-01-31 08:18:46 +10:00
ocsp Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c 2020-02-10 16:49:37 +01:00
pem Deprecate the low level DSA functions. 2020-02-12 08:52:41 +10:00
perlasm x86_64: Don't assume 8-byte pointer size 2020-02-18 18:03:16 +01:00
pkcs7 Explicitly test against NULL; do not use !p or similar 2019-10-09 21:32:15 +02:00
pkcs12 Deprecate the low level HMAC functions 2020-01-29 19:49:23 +10:00
poly1305 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
property Introduce the provider property 2020-02-21 20:17:02 +00:00
rand RAND_DRBG: add a callback data for entropy and nonce callbacks 2020-02-07 11:38:02 +01:00
rc2 Deprecate the low level RC2 functions 2020-01-16 07:07:27 +10:00
rc4 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
rc5 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
ripemd Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
rsa Deprecate the low level RSA functions. 2020-02-20 18:58:40 +10:00
seed Deprecate the low level SEED functions 2020-01-16 07:06:14 +10:00
serializer Redesign the KEYMGMT libcrypto <-> provider interface - the basics 2020-02-07 09:37:56 +01:00
sha x86_64: Don't assume 8-byte pointer size 2020-02-18 18:03:16 +01:00
siphash Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
sm2 Remove unused OSSL_PARAM_construct_from_text() function. 2020-02-12 19:45:42 +10:00
sm3 Cleanup legacy digest methods. 2019-12-18 14:46:01 +10:00
sm4 Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
srp Update source files for pre-3.0 deprecation 2019-11-07 11:37:25 +01:00
stack Rework how our providers are built 2019-10-10 14:12:15 +02:00
store OSSL_STORE: add tracing 2019-11-03 18:38:23 +01:00
ts Fix typo and create compatibility macro 2019-10-16 12:37:20 +02:00
txt_db Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
ui UI_UTIL_wrap_read_pem_callback(): when |cb| is NULL, use PEM_def_callback 2019-11-22 15:19:19 +01:00
whrlpool Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
x509 chunk 7 of CMP contribution to OpenSSL 2020-02-17 07:43:58 +01:00
alphacpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
arm64cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
arm_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
armcap.c crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval() 2019-01-16 18:00:48 +01:00
armv4cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
asn1_dsa.c Fix some typos 2019-12-11 19:04:01 +01:00
bsearch.c ossl_bsearch(): New generic internal binary search utility function 2019-05-08 16:17:16 +02:00
build.info Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c 2020-02-10 16:49:37 +01:00
c64xpluscpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
context.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
core_algorithm.c Replumbing: make it possible for providers to specify multiple names 2019-10-03 15:47:25 +02:00
core_fetch.c CORE: pass the full algorithm definition to the method constructor 2019-11-29 20:42:12 +01:00
core_namemap.c Modify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too 2020-01-17 08:59:41 +01:00
cpt_err.c CORE: ossl_namemap_add_names(): new function to add multiple names 2019-11-29 20:42:12 +01:00
cryptlib.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
ctype.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
cversion.c Cleanup include/openssl/opensslv.h.in 2019-11-08 16:12:57 +01:00
dllmain.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
ebcdic.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
ex_data.c Deprecate most of debug-memory 2019-12-14 20:57:35 +01:00
getenv.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
ia64cpuid.S Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
info.c Modify the add_seeds_stringlist() macro to fix a preprocessor error 2020-01-07 16:28:37 +01:00
init.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
initthread.c Fix init_thread_stop 2020-01-20 14:41:36 +00:00
LPdir_nyi.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_unix.c Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read 2019-11-09 10:49:34 +01:00
LPdir_vms.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_win32.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_win.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
LPdir_wince.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
mem_clr.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
mem_sec.c Make secure-memory be a config option 2020-02-14 15:18:27 +01:00
mem.c Memory allocator code cleanup 2020-02-10 16:49:10 +10:00
mips_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
o_dir.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_fips.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_fopen.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_init.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
o_str.c Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex() 2019-08-12 12:50:41 +02:00
o_time.c Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
packet.c Give WPACKET the ability to have a NULL buffer underneath it 2019-07-12 06:26:46 +10:00
param_build.c Remove unused ossl_param_bld_to_param_ex() function. 2020-02-12 19:45:42 +10:00
params_from_text.c Params: add argument to the _from_text calls to indicate if the param exists. 2020-02-21 13:04:25 +01:00
params.c Allow strings in params to be of zero length 2019-11-14 09:29:21 +00:00
pariscid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
ppc_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
ppccap.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ppccpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
provider_conf.c Load the config file by default 2019-08-01 09:59:20 +01:00
provider_core.c PROV: Add support for error queue marks and implement in FIPS module 2020-01-21 14:06:54 +01:00
provider_local.h Replumbing: Add a mechanism to pre-populate the provider store 2019-03-19 14:06:58 +01:00
provider_predefined.c When building of modules is disabled, build the legacy provider into libcrypto 2019-09-26 22:41:47 +02:00
provider.c Rename provider and core get_param_types functions 2019-08-15 11:58:25 +02:00
README.sparse_array Fix Typos 2019-07-02 14:22:29 +02:00
s390x_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
s390xcap.c crypto/s390xcap.c: Add guards around the GETAUXVAL checks 2019-10-21 15:14:09 +02:00
s390xcpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
self_test_core.c Add FIPS Self test kats for digests 2020-01-15 10:48:01 +10:00
sparc_arch.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
sparccpuid.S Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
sparcv9cap.c Fix misspelling errors and typos reported by codespell 2020-02-06 17:01:00 +01:00
sparse_array.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
threads_none.c drbg: ensure fork-safety without using a pthread_atfork handler 2019-09-11 11:22:18 +02:00
threads_pthread.c drbg: ensure fork-safety without using a pthread_atfork handler 2019-09-11 11:22:18 +02:00
threads_win.c crypto/threads_win.c: fix preprocessor indentation 2019-09-11 11:22:18 +02:00
trace.c OSSL_STORE: add tracing 2019-11-03 18:38:23 +01:00
uid.c Remove NextStep support 2019-07-01 13:32:46 -04:00
vms_rms.h Following the license change, modify the boilerplates in crypto/ 2018-12-06 15:32:17 +01:00
x86_64cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
x86cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00

README.sparse_array 

The sparse_array.c file contains an implementation of a sparse array that
attempts to be both space and time efficient.

The sparse array is represented using a tree structure.  Each node in the
tree contains a block of pointers to either the user supplied leaf values or
to another node.

There are a number of parameters used to define the block size:

    OPENSSL_SA_BLOCK_BITS   Specifies the number of bits covered by each block
    SA_BLOCK_MAX            Specifies the number of pointers in each block
    SA_BLOCK_MASK           Specifies a bit mask to perform modulo block size
    SA_BLOCK_MAX_LEVELS     Indicates the maximum possible height of the tree

These constants are inter-related:
    SA_BLOCK_MAX        = 2 ^ OPENSSL_SA_BLOCK_BITS
    SA_BLOCK_MASK       = SA_BLOCK_MAX - 1
    SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by
                          OPENSSL_SA_BLOCK_BITS rounded up to the next multiple
                          of OPENSSL_SA_BLOCK_BITS

OPENSSL_SA_BLOCK_BITS can be defined at compile time and this overrides the
built in setting.

As a space and performance optimisation, the height of the tree is usually
less than the maximum possible height.  Only sufficient height is allocated to
accommodate the largest index added to the data structure.

The largest index used to add a value to the array determines the tree height:

        +----------------------+---------------------+
        | Largest Added Index  |   Height of Tree    |
        +----------------------+---------------------+
        | SA_BLOCK_MAX     - 1 |          1          |
        | SA_BLOCK_MAX ^ 2 - 1 |          2          |
        | SA_BLOCK_MAX ^ 3 - 1 |          3          |
        | ...                  |          ...        |
        | size_t max           | SA_BLOCK_MAX_LEVELS |
        +----------------------+---------------------+

The tree height is dynamically increased as needed based on additions.

An empty tree is represented by a NULL root pointer.  Inserting a value at
index 0 results in the allocation of a top level node full of null pointers
except for the single pointer to the user's data (N = SA_BLOCK_MAX for
brevity):

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|nil|...|nil|
        +-+-+---+---+---+---+
          |
          |
          |
          v
        +-+--+
        |User|
        |Data|
        +----+
    Index 0


Inserting at element 2N+1 creates a new root node and pushes down the old root
node.  It then creates a second second level node to hold the pointer to the
user's new data:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|   |nil|...|nil|      |nil|   |nil|...|nil|
        +-+-+---+---+---+---+      +---+-+-+---+---+---+
          |                              |
          |                              |
          |                              |
          v                              v
        +-+--+                         +-+--+
        |User|                         |User|
        |Data|                         |Data|
        +----+                         +----+
    Index 0                       Index 2N+1


The nodes themselves are allocated in a sparse manner.  Only nodes which exist
along a path from the root of the tree to an added leaf will be allocated.
The complexity is hidden and nodes are allocated on an as needed basis.
Because the data is expected to be sparse this doesn't result in a large waste
of space.

Values can be removed from the sparse array by setting their index position to
NULL.  The data structure does not attempt to reclaim nodes or reduce the
height of the tree on removal.  For example, now setting index 0 to NULL would
result in:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|nil|nil|...|nil|      |nil|   |nil|...|nil|
        +---+---+---+---+---+      +---+-+-+---+---+---+
                                         |
                                         |
                                         |
                                         v
                                       +-+--+
                                       |User|
                                       |Data|
                                       +----+
                                  Index 2N+1


Accesses to elements in the sparse array take O(log n) time where n is the
largest element.  The base of the logarithm is SA_BLOCK_MAX, so for moderately
small indices (e.g. NIDs), single level (constant time) access is achievable.
Space usage is O(minimum(m, n log(n)) where m is the number of elements in the
array.

Note: sparse arrays only include pointers to types.  Thus, SPARSE_ARRAY_OF(char)
can be used to store a string.