openssl/crypto
Matt Caswell d4b2bfbade Make the CT code library context aware
Add the new functions CTLOG_STORE_new_with_libctx(),
CTLOG_new_with_libctx() and CTLOG_new_from_base64_with_libctx() to pass
in the library context/property query string to use a library context
is to be used.

We also add the function CT_POLICY_EVAL_CTX_new_with_libctx() to enable
the creation of a CT_POLICY_EVAL_CTX to be associated with a libctx and
property query string.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11483)
2020-04-09 14:51:48 +01:00
..
aes aes-s390x.pl: fix stg offset caused by typo in perlasm 2020-03-05 17:19:33 +01:00
aria
asn1 Integer overflow in ASN1_STRING_set. 2020-04-08 09:20:23 +10:00
async Use swapcontext for Intel CET 2020-02-07 23:25:37 +00:00
bf Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
bio Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
bn [BN] harden BN_copy() against leaks from memory accesses 2020-02-18 19:11:10 +02:00
buffer
camellia Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
cast Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
chacha Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
cmac Deprecate the low level CMAC functions 2020-01-29 19:49:22 +10:00
cmp Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() 2020-04-07 12:14:16 +02:00
cms Implementation of Russian GOST CMS 2020-03-03 16:34:40 +03:00
comp
conf Add support for passing the libctx to the config loader 2020-03-20 20:25:39 +10:00
crmf Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
ct Make the CT code library context aware 2020-04-09 14:51:48 +01:00
des Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
dh Enable export_to functions to have access to the libctx 2020-04-09 12:24:24 +01:00
dsa Enable export_to functions to have access to the libctx 2020-04-09 12:24:24 +01:00
dso
ec Enable export_to functions to have access to the libctx 2020-04-09 12:24:24 +01:00
engine Deprecate the low level SHA functions. 2020-01-19 10:14:39 +10:00
err Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() 2020-04-07 12:14:16 +02:00
ess Fix error handling in x509v3_cache_extensions and related functions 2020-03-21 18:46:36 +01:00
evp Enable export_to functions to have access to the libctx 2020-04-09 12:24:24 +01:00
ffc EVP: Implement support for key downgrading in backends 2020-03-25 17:01:32 +01:00
hmac Deprecate the low level HMAC functions 2020-01-29 19:49:23 +10:00
http HTTP client: make server/proxy and port params more consistent; minor other improvements 2020-04-02 18:31:06 +02:00
idea Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
kdf Deprecate ERR_load_KDF_strings() 2019-11-12 13:30:35 +01:00
lhash
md2 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
md4 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
md5 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
mdc2 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
modes Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
objects Add support for DH 'modp' group parameters (RFC 3526) 2020-01-31 08:18:46 +10:00
ocsp Add OCSP_RESPID_set_by_key_ex() and OCSP_RESPID_match_ex() 2020-03-27 11:20:39 +00:00
pem Deprecate the low level DSA functions. 2020-02-12 08:52:41 +10:00
perlasm Fix build with clang assembler 2020-03-03 10:51:58 +01:00
pkcs7
pkcs12 Fix error handling in x509v3_cache_extensions and related functions 2020-03-21 18:46:36 +01:00
poly1305 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
property Introduce the provider property 2020-02-21 20:17:02 +00:00
rand AES CTR-DRGB: do not leak timing information 2020-04-08 10:56:59 +10:00
rc2 Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
rc4 Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
rc5 Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
ripemd Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
rsa Enable export_to functions to have access to the libctx 2020-04-09 12:24:24 +01:00
seed Move legacy ciphers into the legacy provider 2020-04-09 12:47:46 +10:00
serializer If the first serializer we find is the desired one that's ok 2020-03-11 15:07:00 +00:00
sha x86_64: Don't assume 8-byte pointer size 2020-02-18 18:03:16 +01:00
siphash
sm2 SM2: Make the EVP_PKEY_METHOD ctrl_str function listen to distid 2020-03-15 19:42:04 +01:00
sm3 Cleanup legacy digest methods. 2019-12-18 14:46:01 +10:00
sm4
srp Make SRP library context aware 2020-03-27 11:29:24 +00:00
stack
store Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
ts Fix error handling in x509v3_cache_extensions and related functions 2020-03-21 18:46:36 +01:00
txt_db
ui Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
whrlpool Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
x509 Use the libctx and propq from the X509_STORE_CTX 2020-04-09 00:00:20 +01:00
alphacpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
arm64cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
arm_arch.h
armcap.c
armv4cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
asn1_dsa.c Fix some typos 2019-12-11 19:04:01 +01:00
bsearch.c
build.info PROV: Add the beginning of a DER writing library 2020-04-07 11:16:56 +02:00
c64xpluscpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
context.c Put an error on the stack in the event of a fetch failure 2020-03-27 11:12:27 +00:00
core_algorithm.c
core_fetch.c CORE: pass the full algorithm definition to the method constructor 2019-11-29 20:42:12 +01:00
core_namemap.c Modify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too 2020-01-17 08:59:41 +01:00
cpt_err.c CORE: ossl_namemap_add_names(): new function to add multiple names 2019-11-29 20:42:12 +01:00
cryptlib.c
ctype.c
cversion.c Cleanup include/openssl/opensslv.h.in 2019-11-08 16:12:57 +01:00
der_writer.c PROV: Add the beginning of a DER writing library 2020-04-07 11:16:56 +02:00
dllmain.c
ebcdic.c
ex_data.c Remove double fetch of "OSSL_EX_DATA_GLOBAL" for global lock 2020-03-09 10:43:33 +01:00
getenv.c
ia64cpuid.S
info.c Modify the add_seeds_stringlist() macro to fix a preprocessor error 2020-01-07 16:28:37 +01:00
init.c
initthread.c Fix init_thread_stop 2020-01-20 14:41:36 +00:00
LPdir_nyi.c
LPdir_unix.c Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read 2019-11-09 10:49:34 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init(). 2020-02-26 15:38:37 +10:00
mem.c Memory allocator code cleanup 2020-02-10 16:49:10 +10:00
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c
o_init.c
o_str.c
o_time.c
packet.c Add "endfirst" writing to WPACKET 2020-04-04 10:35:09 +01:00
param_build_set.c Add EVP_PKEY_gettable_params support for accessing EVP_PKEY key data fields 2020-04-01 15:51:18 +10:00
param_build.c Param builder: Remove the static size limit. 2020-03-28 12:27:22 +10:00
params_from_text.c Params: add argument to the _from_text calls to indicate if the param exists. 2020-02-21 13:04:25 +01:00
params.c params: avoid a core dump with a null pointer and a get string call 2020-04-08 09:14:17 +10:00
pariscid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
ppc_arch.h
ppccap.c
ppccpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
provider_conf.c Add support for passing the libctx to the config loader 2020-03-20 20:25:39 +10:00
provider_core.c Fix off-by-1 bug on provider_activate with custom error strings 2020-03-30 17:06:56 +03:00
provider_local.h
provider_predefined.c Add a null provider which implements no algorithms. 2020-04-09 17:12:35 +10:00
provider.c
README.sparse_array
s390x_arch.h
s390xcap.c
s390xcpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
self_test_core.c Add pairwise consistency self tests to asym keygenerators 2020-03-03 14:02:36 +10:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c Fix misspelling errors and typos reported by codespell 2020-02-06 17:01:00 +01:00
sparse_array.c
threads_none.c
threads_pthread.c
threads_win.c
trace.c OSSL_STORE: add tracing 2019-11-03 18:38:23 +01:00
uid.c
vms_rms.h
x86_64cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
x86cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00

The sparse_array.c file contains an implementation of a sparse array that
attempts to be both space and time efficient.

The sparse array is represented using a tree structure.  Each node in the
tree contains a block of pointers to either the user supplied leaf values or
to another node.

There are a number of parameters used to define the block size:

    OPENSSL_SA_BLOCK_BITS   Specifies the number of bits covered by each block
    SA_BLOCK_MAX            Specifies the number of pointers in each block
    SA_BLOCK_MASK           Specifies a bit mask to perform modulo block size
    SA_BLOCK_MAX_LEVELS     Indicates the maximum possible height of the tree

These constants are inter-related:
    SA_BLOCK_MAX        = 2 ^ OPENSSL_SA_BLOCK_BITS
    SA_BLOCK_MASK       = SA_BLOCK_MAX - 1
    SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by
                          OPENSSL_SA_BLOCK_BITS rounded up to the next multiple
                          of OPENSSL_SA_BLOCK_BITS

OPENSSL_SA_BLOCK_BITS can be defined at compile time and this overrides the
built in setting.

As a space and performance optimisation, the height of the tree is usually
less than the maximum possible height.  Only sufficient height is allocated to
accommodate the largest index added to the data structure.

The largest index used to add a value to the array determines the tree height:

        +----------------------+---------------------+
        | Largest Added Index  |   Height of Tree    |
        +----------------------+---------------------+
        | SA_BLOCK_MAX     - 1 |          1          |
        | SA_BLOCK_MAX ^ 2 - 1 |          2          |
        | SA_BLOCK_MAX ^ 3 - 1 |          3          |
        | ...                  |          ...        |
        | size_t max           | SA_BLOCK_MAX_LEVELS |
        +----------------------+---------------------+

The tree height is dynamically increased as needed based on additions.

An empty tree is represented by a NULL root pointer.  Inserting a value at
index 0 results in the allocation of a top level node full of null pointers
except for the single pointer to the user's data (N = SA_BLOCK_MAX for
brevity):

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|nil|...|nil|
        +-+-+---+---+---+---+
          |
          |
          |
          v
        +-+--+
        |User|
        |Data|
        +----+
    Index 0


Inserting at element 2N+1 creates a new root node and pushes down the old root
node.  It then creates a second second level node to hold the pointer to the
user's new data:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|   |nil|...|nil|      |nil|   |nil|...|nil|
        +-+-+---+---+---+---+      +---+-+-+---+---+---+
          |                              |
          |                              |
          |                              |
          v                              v
        +-+--+                         +-+--+
        |User|                         |User|
        |Data|                         |Data|
        +----+                         +----+
    Index 0                       Index 2N+1


The nodes themselves are allocated in a sparse manner.  Only nodes which exist
along a path from the root of the tree to an added leaf will be allocated.
The complexity is hidden and nodes are allocated on an as needed basis.
Because the data is expected to be sparse this doesn't result in a large waste
of space.

Values can be removed from the sparse array by setting their index position to
NULL.  The data structure does not attempt to reclaim nodes or reduce the
height of the tree on removal.  For example, now setting index 0 to NULL would
result in:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|nil|nil|...|nil|      |nil|   |nil|...|nil|
        +---+---+---+---+---+      +---+-+-+---+---+---+
                                         |
                                         |
                                         |
                                         v
                                       +-+--+
                                       |User|
                                       |Data|
                                       +----+
                                  Index 2N+1


Accesses to elements in the sparse array take O(log n) time where n is the
largest element.  The base of the logarithm is SA_BLOCK_MAX, so for moderately
small indices (e.g. NIDs), single level (constant time) access is achievable.
Space usage is O(minimum(m, n log(n)) where m is the number of elements in the
array.

Note: sparse arrays only include pointers to types.  Thus, SPARSE_ARRAY_OF(char)
can be used to store a string.