mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
cc45a884bd
openssl/crypto
History
Matt Caswell 0c56a64829 Use the libctx and propq from the X509_STORE_CTX 
Now that X509_STORE_CTX contain a libctx we should use it in a couple of
places where we cache the X509v3 extensions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
2020-04-09 00:00:20 +01:00
..
aes aes-s390x.pl: fix stg offset caused by typo in perlasm 2020-03-05 17:19:33 +01:00
aria
asn1 Integer overflow in ASN1_STRING_set. 2020-04-08 09:20:23 +10:00
async Use swapcontext for Intel CET 2020-02-07 23:25:37 +00:00
bf Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
bio Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
bn [BN] harden BN_copy() against leaks from memory accesses 2020-02-18 19:11:10 +02:00
buffer
camellia Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
cast Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
chacha Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
cmac Deprecate the low level CMAC functions 2020-01-29 19:49:22 +10:00
cmp Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() 2020-04-07 12:14:16 +02:00
cms Implementation of Russian GOST CMS 2020-03-03 16:34:40 +03:00
comp
conf Add support for passing the libctx to the config loader 2020-03-20 20:25:39 +10:00
crmf Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
ct Deprecate the low level SHA functions. 2020-01-19 10:14:39 +10:00
des Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
dh Param build: make structures opaque. 2020-03-28 12:27:22 +10:00
dsa PROV: Add DERlib support for DSA 2020-04-07 11:16:56 +02:00
dso
ec [crypto/ec] blind coordinates in ec_wNAF_mul for robustness 2020-04-07 14:17:58 +02:00
engine Deprecate the low level SHA functions. 2020-01-19 10:14:39 +10:00
err Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() 2020-04-07 12:14:16 +02:00
ess Fix error handling in x509v3_cache_extensions and related functions 2020-03-21 18:46:36 +01:00
evp EVP & TLS: Add necessary EC_KEY data extraction functions, and use them 2020-04-08 15:30:25 +02:00
ffc EVP: Implement support for key downgrading in backends 2020-03-25 17:01:32 +01:00
hmac Deprecate the low level HMAC functions 2020-01-29 19:49:23 +10:00
http HTTP client: make server/proxy and port params more consistent; minor other improvements 2020-04-02 18:31:06 +02:00
idea Deprecate the low level IDEA functions. 2020-01-19 10:38:49 +10:00
kdf
lhash
md2 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
md4 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
md5 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
mdc2 Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'} 2020-02-07 14:54:36 +01:00
modes Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
objects Add support for DH 'modp' group parameters (RFC 3526) 2020-01-31 08:18:46 +10:00
ocsp Add OCSP_RESPID_set_by_key_ex() and OCSP_RESPID_match_ex() 2020-03-27 11:20:39 +00:00
pem Deprecate the low level DSA functions. 2020-02-12 08:52:41 +10:00
perlasm Fix build with clang assembler 2020-03-03 10:51:58 +01:00
pkcs7
pkcs12 Fix error handling in x509v3_cache_extensions and related functions 2020-03-21 18:46:36 +01:00
poly1305 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
property Introduce the provider property 2020-02-21 20:17:02 +00:00
rand AES CTR-DRGB: do not leak timing information 2020-04-08 10:56:59 +10:00
rc2 Deprecate the low level RC2 functions 2020-01-16 07:07:27 +10:00
rc4 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
rc5 Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
ripemd Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
rsa PROV: Add DERlib support for RSA 2020-04-07 11:16:56 +02:00
seed Deprecate the low level SEED functions 2020-01-16 07:06:14 +10:00
serializer If the first serializer we find is the desired one that's ok 2020-03-11 15:07:00 +00:00
sha x86_64: Don't assume 8-byte pointer size 2020-02-18 18:03:16 +01:00
siphash
sm2 SM2: Make the EVP_PKEY_METHOD ctrl_str function listen to distid 2020-03-15 19:42:04 +01:00
sm3
sm4
srp Make SRP library context aware 2020-03-27 11:29:24 +00:00
stack
store Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
ts Fix error handling in x509v3_cache_extensions and related functions 2020-03-21 18:46:36 +01:00
txt_db
ui Constify various mostly X509-related parameter types in crypto/ and apps/ 2020-03-23 08:30:37 +01:00
whrlpool Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
x509 Use the libctx and propq from the X509_STORE_CTX 2020-04-09 00:00:20 +01:00
alphacpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
arm64cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
arm_arch.h
armcap.c
armv4cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
asn1_dsa.c
bsearch.c
build.info PROV: Add the beginning of a DER writing library 2020-04-07 11:16:56 +02:00
c64xpluscpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
context.c Put an error on the stack in the event of a fetch failure 2020-03-27 11:12:27 +00:00
core_algorithm.c
core_fetch.c
core_namemap.c Modify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too 2020-01-17 08:59:41 +01:00
cpt_err.c
cryptlib.c
ctype.c
cversion.c
der_writer.c PROV: Add the beginning of a DER writing library 2020-04-07 11:16:56 +02:00
dllmain.c
ebcdic.c
ex_data.c Remove double fetch of "OSSL_EX_DATA_GLOBAL" for global lock 2020-03-09 10:43:33 +01:00
getenv.c
ia64cpuid.S
info.c Modify the add_seeds_stringlist() macro to fix a preprocessor error 2020-01-07 16:28:37 +01:00
init.c
initthread.c Fix init_thread_stop 2020-01-20 14:41:36 +00:00
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init(). 2020-02-26 15:38:37 +10:00
mem.c Memory allocator code cleanup 2020-02-10 16:49:10 +10:00
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c
o_init.c
o_str.c
o_time.c
packet.c Add "endfirst" writing to WPACKET 2020-04-04 10:35:09 +01:00
param_build_set.c Add EVP_PKEY_gettable_params support for accessing EVP_PKEY key data fields 2020-04-01 15:51:18 +10:00
param_build.c Param builder: Remove the static size limit. 2020-03-28 12:27:22 +10:00
params_from_text.c Params: add argument to the _from_text calls to indicate if the param exists. 2020-02-21 13:04:25 +01:00
params.c params: avoid a core dump with a null pointer and a get string call 2020-04-08 09:14:17 +10:00
pariscid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
ppc_arch.h
ppccap.c
ppccpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
provider_conf.c Add support for passing the libctx to the config loader 2020-03-20 20:25:39 +10:00
provider_core.c Fix off-by-1 bug on provider_activate with custom error strings 2020-03-30 17:06:56 +03:00
provider_local.h
provider_predefined.c
provider.c
README.sparse_array
s390x_arch.h
s390xcap.c
s390xcpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
self_test_core.c Add pairwise consistency self tests to asym keygenerators 2020-03-03 14:02:36 +10:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c Fix misspelling errors and typos reported by codespell 2020-02-06 17:01:00 +01:00
sparse_array.c
threads_none.c
threads_pthread.c
threads_win.c
trace.c
uid.c
vms_rms.h
x86_64cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00
x86cpuid.pl Also check for errors in x86_64-xlate.pl. 2020-02-17 12:17:53 +10:00

README.sparse_array 

The sparse_array.c file contains an implementation of a sparse array that
attempts to be both space and time efficient.

The sparse array is represented using a tree structure.  Each node in the
tree contains a block of pointers to either the user supplied leaf values or
to another node.

There are a number of parameters used to define the block size:

    OPENSSL_SA_BLOCK_BITS   Specifies the number of bits covered by each block
    SA_BLOCK_MAX            Specifies the number of pointers in each block
    SA_BLOCK_MASK           Specifies a bit mask to perform modulo block size
    SA_BLOCK_MAX_LEVELS     Indicates the maximum possible height of the tree

These constants are inter-related:
    SA_BLOCK_MAX        = 2 ^ OPENSSL_SA_BLOCK_BITS
    SA_BLOCK_MASK       = SA_BLOCK_MAX - 1
    SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by
                          OPENSSL_SA_BLOCK_BITS rounded up to the next multiple
                          of OPENSSL_SA_BLOCK_BITS

OPENSSL_SA_BLOCK_BITS can be defined at compile time and this overrides the
built in setting.

As a space and performance optimisation, the height of the tree is usually
less than the maximum possible height.  Only sufficient height is allocated to
accommodate the largest index added to the data structure.

The largest index used to add a value to the array determines the tree height:

        +----------------------+---------------------+
        | Largest Added Index  |   Height of Tree    |
        +----------------------+---------------------+
        | SA_BLOCK_MAX     - 1 |          1          |
        | SA_BLOCK_MAX ^ 2 - 1 |          2          |
        | SA_BLOCK_MAX ^ 3 - 1 |          3          |
        | ...                  |          ...        |
        | size_t max           | SA_BLOCK_MAX_LEVELS |
        +----------------------+---------------------+

The tree height is dynamically increased as needed based on additions.

An empty tree is represented by a NULL root pointer.  Inserting a value at
index 0 results in the allocation of a top level node full of null pointers
except for the single pointer to the user's data (N = SA_BLOCK_MAX for
brevity):

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|nil|...|nil|
        +-+-+---+---+---+---+
          |
          |
          |
          v
        +-+--+
        |User|
        |Data|
        +----+
    Index 0


Inserting at element 2N+1 creates a new root node and pushes down the old root
node.  It then creates a second second level node to hold the pointer to the
user's new data:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|   |nil|...|nil|      |nil|   |nil|...|nil|
        +-+-+---+---+---+---+      +---+-+-+---+---+---+
          |                              |
          |                              |
          |                              |
          v                              v
        +-+--+                         +-+--+
        |User|                         |User|
        |Data|                         |Data|
        +----+                         +----+
    Index 0                       Index 2N+1


The nodes themselves are allocated in a sparse manner.  Only nodes which exist
along a path from the root of the tree to an added leaf will be allocated.
The complexity is hidden and nodes are allocated on an as needed basis.
Because the data is expected to be sparse this doesn't result in a large waste
of space.

Values can be removed from the sparse array by setting their index position to
NULL.  The data structure does not attempt to reclaim nodes or reduce the
height of the tree on removal.  For example, now setting index 0 to NULL would
result in:

        +----+
        |Root|
        |Node|
        +-+--+
          |
          |
          |
          v
        +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|
        |   |nil|   |...|nil|
        +-+-+---+-+-+---+---+
          |       |
          |       +------------------+
          |                          |
          v                          v
        +-+-+---+---+---+---+      +-+-+---+---+---+---+
        | 0 | 1 | 2 |...|N-1|      | 0 | 1 | 2 |...|N-1|
        |nil|nil|nil|...|nil|      |nil|   |nil|...|nil|
        +---+---+---+---+---+      +---+-+-+---+---+---+
                                         |
                                         |
                                         |
                                         v
                                       +-+--+
                                       |User|
                                       |Data|
                                       +----+
                                  Index 2N+1


Accesses to elements in the sparse array take O(log n) time where n is the
largest element.  The base of the logarithm is SA_BLOCK_MAX, so for moderately
small indices (e.g. NIDs), single level (constant time) access is achievable.
Space usage is O(minimum(m, n log(n)) where m is the number of elements in the
array.

Note: sparse arrays only include pointers to types.  Thus, SPARSE_ARRAY_OF(char)
can be used to store a string.