openssl/crypto
Richard Levitte c1d56231ef Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it
If ossl_method_store_add() gets called with a method that already exists
(i.e. the store has one with matching provider, nid and properties), that
method should not be stored.  We do this check inside ossl_method_store_add()
because it has all the locking required to do so safely.

Fixes #9561

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9650)
2019-08-22 01:50:30 +02:00
..
aes Fix Typos 2019-07-02 14:22:29 +02:00
aria Remove tab characters from C source files. 2019-07-16 20:24:10 +10:00
asn1 Add missing EBCDIC strings 2019-08-14 10:41:41 +01:00
async Regenerate mkerr files 2019-07-16 05:26:28 +02:00
bf Move bf_asm_src file information to build.info files 2019-06-17 16:08:52 +02:00
bio BIO_lookup_ex: Do not retry on EAI_MEMORY 2019-08-13 11:40:55 +02:00
blake2 Move BLAKE2 MACs to the providers 2019-08-15 22:12:25 +02:00
bn Merge probable_prime_dh_safe with bn_probable_prime_dh 2019-08-09 11:41:08 +02:00
buffer Make the EC code available from inside the FIPS provider 2019-08-06 11:19:07 +01:00
camellia Move cmll_asm_src file information to build.info files 2019-06-17 16:08:53 +02:00
cast Move cast_asm_src file information to build.info files 2019-06-17 16:08:52 +02:00
chacha Move chacha_asm_src file information to build.info files 2019-06-17 16:08:53 +02:00
cmac Move CMAC to providers 2019-08-15 22:12:25 +02:00
cmp Regenerate mkerr files 2019-07-16 05:26:28 +02:00
cms CAdES : lowercase name for now internal methods. 2019-07-31 19:14:12 +10:00
comp Regenerate mkerr files 2019-07-16 05:26:28 +02:00
conf Replace FUNCerr with ERR_raise_data 2019-08-02 11:41:54 +02:00
crmf Adapt diverse code to provider based MACs. 2019-08-15 22:12:25 +02:00
ct Regenerate mkerr files 2019-07-16 05:26:28 +02:00
des Remove DES_check_key global 2019-07-01 19:42:12 -04:00
dh Enforce a minimum DH modulus size of 512 bits 2019-07-24 14:44:08 +02:00
dsa make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA 2019-07-31 16:56:22 +03:00
dso Cygwin: enable the use of Dl_info and dladdr() 2019-07-21 11:06:22 +02:00
ec Fix 9bf682f which broke nistp224_method 2019-08-16 12:58:14 +02:00
engine crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally 2019-08-15 11:22:34 +02:00
err Add aes_ccm to provider 2019-08-20 08:54:41 +10:00
ess Regenerate mkerr files 2019-07-16 05:26:28 +02:00
evp Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it 2019-08-22 01:50:30 +02:00
hmac Move HMAC to providers 2019-08-15 22:12:25 +02:00
idea
include/internal prevent endless recursion when trace API is used within OPENSSL_init_crypto() 2019-08-20 11:16:41 +08:00
kdf Use macros internally for algorithm names 2019-08-19 08:10:16 +02:00
lhash Fix Typos 2019-07-02 14:22:29 +02:00
md2
md4
md5 Move md5_asm_src file information to build.info files 2019-06-17 16:08:52 +02:00
mdc2
modes Add aes_ccm to provider 2019-08-20 08:54:41 +10:00
objects Load the config file by default 2019-08-01 09:59:20 +01:00
ocsp Regenerate mkerr files 2019-07-16 05:26:28 +02:00
pem Regenerate mkerr files 2019-07-16 05:26:28 +02:00
perlasm s390x assembly pack: update perlasm module 2019-04-25 23:07:36 +02:00
pkcs7 Regenerate mkerr files 2019-07-16 05:26:28 +02:00
pkcs12 Regenerate mkerr files 2019-07-16 05:26:28 +02:00
poly1305 Move Poly1305 to providers 2019-08-15 22:12:25 +02:00
property Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it 2019-08-22 01:50:30 +02:00
rand Start up DEVRANDOM entropy improvement for older Linux devices. 2019-08-20 16:10:49 +10:00
rc2
rc4 Move rc4_asm_src file information to build.info files 2019-06-17 16:08:52 +02:00
rc5 Change RC5_32_set_key to return an int type 2019-07-01 10:18:37 +01:00
ripemd Move rmd160_asm_src file information to build.info files 2019-06-17 16:08:52 +02:00
rsa Ensure RSA PSS correctly returns the right default digest 2019-08-09 13:19:16 +01:00
seed
sha Directly return from final sha3/keccak_final if no bytes are requested 2019-08-18 21:06:03 +02:00
siphash Move SipHash to providers 2019-08-15 22:12:25 +02:00
sm2 Regenerate mkerr files 2019-07-16 05:26:28 +02:00
sm3 Move digests to providers 2019-06-04 12:09:50 +10:00
sm4
srp
stack Make core code available within the FIPS module 2019-05-23 11:02:04 +01:00
store Replace FUNCerr with ERR_raise_data 2019-08-02 11:41:54 +02:00
ts Regenerate mkerr files 2019-07-16 05:26:28 +02:00
txt_db
ui Remove tab characters from C source files. 2019-07-16 20:24:10 +10:00
whrlpool Fix warning C4164 in MSVC. 2019-07-31 17:25:33 +01:00
x509 Fix error handling in X509_chain_up_ref 2019-08-17 16:49:46 +02:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c
armv4cpuid.pl
asn1_dsa.c remove end of line whitespace 2019-07-12 06:27:19 +10:00
bsearch.c ossl_bsearch(): New generic internal binary search utility function 2019-05-08 16:17:16 +02:00
build.info Move KMAC to providers 2019-08-15 22:12:25 +02:00
c64xpluscpuid.pl
context.c Tell the FIPS provider about thread stop events 2019-06-17 16:19:44 +01:00
core_algorithm.c Add internal function ossl_algorithm_do_all() 2019-07-23 06:34:09 +02:00
core_fetch.c Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it 2019-08-22 01:50:30 +02:00
core_namemap.c OSSL_NAMEMAP: make names case insensitive 2019-06-24 10:58:13 +02:00
cpt_err.c Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex() 2019-08-12 12:50:41 +02:00
cryptlib.c Remove tab characters from C source files. 2019-07-16 20:24:10 +10:00
ctype.c Add missing EBCDIC strings 2019-08-14 10:41:41 +01:00
cversion.c Add the possibility to display and use MODULESDIR 2019-04-23 15:50:35 +02:00
dllmain.c
ebcdic.c
ex_data.c Access data after obtaining the lock not before. 2019-08-12 21:37:55 +10:00
getenv.c
ia64cpuid.S
info.c Add a way for the application to get OpenSSL configuration data 2019-04-23 15:51:39 +02:00
init.c prevent endless recursion when trace API is used within OPENSSL_init_crypto() 2019-08-20 11:16:41 +08:00
initthread.c Fix init_get_thread_local() 2019-07-18 06:20:55 +02:00
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_dbg.c Fix deprecation inconsisteny w.r.t. CRYPTO_mem_debug_{push,pop}() 2019-08-04 13:15:30 +02:00
mem_sec.c Use vxRandLib for VxWorks7 2019-05-02 23:32:44 +02:00
mem.c Create a FIPS provider and put SHA256 in it 2019-04-04 23:09:47 +01:00
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c
o_init.c
o_str.c Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex() 2019-08-12 12:50:41 +02:00
o_time.c
packet.c Give WPACKET the ability to have a NULL buffer underneath it 2019-07-12 06:26:46 +10:00
param_build.c Fix ossl_param_bld_push_{utf8,octet}_string() / param_bld_convert() 2019-08-21 11:18:58 +02:00
params_from_text.c OSSL_PARAM_construct_from_text(): handle non-hex octet string input 2019-08-15 22:12:25 +02:00
params.c Fix windows compile errors in params.c 2019-08-12 14:07:41 +10:00
pariscid.pl
ppc_arch.h
ppccap.c Make the EC code available from inside the FIPS provider 2019-08-06 11:19:07 +01:00
ppccpuid.pl
provider_conf.c Load the config file by default 2019-08-01 09:59:20 +01:00
provider_core.c Add fips provider code for handling self test data 2019-08-19 09:18:33 +10:00
provider_local.h
provider_predefined.c Make core code available within the FIPS module 2019-05-23 11:02:04 +01:00
provider.c Rename provider and core get_param_types functions 2019-08-15 11:58:25 +02:00
README.sparse_array Fix Typos 2019-07-02 14:22:29 +02:00
s390x_arch.h Remove tab characters from C source files. 2019-07-16 20:24:10 +10:00
s390xcap.c s390x assembly pack: use getauxval to detect hw capabilities 2019-07-26 22:31:48 +02:00
s390xcpuid.pl s390xcpuid.pl: fix comment 2019-08-15 16:27:38 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c Ensure we get all the right defines for AES assembler in FIPS module 2019-06-03 12:56:53 +01:00
sparse_array.c Fix Typos 2019-07-02 14:22:29 +02:00
threads_none.c
threads_pthread.c use native atomic increment function on Solaris 2019-08-09 13:16:41 +01:00
threads_win.c
trace.c prevent endless recursion when trace API is used within OPENSSL_init_crypto() 2019-08-20 11:16:41 +08:00
uid.c Remove NextStep support 2019-07-01 13:32:46 -04:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl

The sparse_array.c file contains an implementation of a sparse array that
attempts to be both space and time efficient.

The sparse array is represented using a tree structure.  Each node in the
tree contains a block of pointers to either the user supplied leaf values or
to another node.

There are a number of parameters used to define the block size:

    OPENSSL_SA_BLOCK_BITS   Specifies the number of bits covered by each block
    SA_BLOCK_MAX            Specifies the number of pointers in each block
    SA_BLOCK_MASK           Specifies a bit mask to perform modulo block size
    SA_BLOCK_MAX_LEVELS     Indicates the maximum possible height of the tree

These constants are inter-related:
    SA_BLOCK_MAX        = 2 ^ OPENSSL_SA_BLOCK_BITS
    SA_BLOCK_MASK       = SA_BLOCK_MAX - 1
    SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by
                          OPENSSL_SA_BLOCK_BITS rounded up to the next multiple
                          of OPENSSL_SA_BLOCK_BITS

OPENSSL_SA_BLOCK_BITS can be defined at compile time and this overrides the
built in setting.

As a space and performance optimisation, the height of the tree is usually
less than the maximum possible height.  Only sufficient height is allocated to
accommodate the largest index added to the data structure.

The largest index used to add a value to the array determines the tree height:

        +----------------------+---------------------+
        | Largest Added Index  |   Height of Tree    |
        +----------------------+---------------------+
        | SA_BLOCK_MAX     - 1 |          1          |
        | SA_BLOCK_MAX ^ 2 - 1 |          2          |
        | SA_BLOCK_MAX ^ 3 - 1 |          3          |
        | ...                  |          ...        |
        | size_t max           | SA_BLOCK_MAX_LEVELS |
        +----------------------+---------------------+

The tree height is dynamically increased as needed based on additions.

An empty tree is represented by a NULL root pointer.  Inserting a value at
index 0 results in the allocation of a top level node full of null pointers
except for the single pointer to the user's data (N = SA_BLOCK_MAX for
brevity):

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|nil|...|nil|
        +-+-+---+---+---+---+
          |
          |
          |
          v
        +-+--+
        |User|
        |Data|
        +----+
    Index 0


Inserting at element 2N+1 creates a new root node and pushes down the old root
node.  It then creates a second second level node to hold the pointer to the
user's new data:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|   |nil|...|nil|      |nil|   |nil|...|nil|
        +-+-+---+---+---+---+      +---+-+-+---+---+---+
          |                              |
          |                              |
          |                              |
          v                              v
        +-+--+                         +-+--+
        |User|                         |User|
        |Data|                         |Data|
        +----+                         +----+
    Index 0                       Index 2N+1


The nodes themselves are allocated in a sparse manner.  Only nodes which exist
along a path from the root of the tree to an added leaf will be allocated.
The complexity is hidden and nodes are allocated on an as needed basis.
Because the data is expected to be sparse this doesn't result in a large waste
of space.

Values can be removed from the sparse array by setting their index position to
NULL.  The data structure does not attempt to reclaim nodes or reduce the
height of the tree on removal.  For example, now setting index 0 to NULL would
result in:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|nil|nil|...|nil|      |nil|   |nil|...|nil|
        +---+---+---+---+---+      +---+-+-+---+---+---+
                                         |
                                         |
                                         |
                                         v
                                       +-+--+
                                       |User|
                                       |Data|
                                       +----+
                                  Index 2N+1


Accesses to elements in the sparse array take O(log n) time where n is the
largest element.  The base of the logarithm is SA_BLOCK_MAX, so for moderately
small indices (e.g. NIDs), single level (constant time) access is achievable.
Space usage is O(minimum(m, n log(n)) where m is the number of elements in the
array.

Note: sparse arrays only include pointers to types.  Thus, SPARSE_ARRAY_OF(char)
can be used to store a string.