|
| 1 | +--- |
| 2 | +title: OpenSSL Strategic Architecture |
| 3 | +author: OpenSSL Management Committee (OMC) |
| 4 | +date: January, 2019 |
| 5 | +--- |
| 6 | +## Introduction |
| 7 | + |
| 8 | +This document outlines the OpenSSL strategic architecture. It will take |
| 9 | +multiple releases, starting from 3.0.0, to move the architecture from |
| 10 | +the current "as-is" (1.1.1), to the future "to-be" architecture. |
| 11 | + |
| 12 | +Numerous changes are anticipated in the to-be architecture. A migration |
| 13 | +path for handling the eventual transition will be provided. The OpenSSL |
| 14 | +3.0.0 release will have minimal impact to the vast majority of existing |
| 15 | +applications, almost all well-behaved applications will just need to be |
| 16 | +recompiled. |
| 17 | + |
| 18 | +The current functionality provided by the engine interface will be |
| 19 | +replaced over time via a provider interface. OpenSSL 3.0.0 will continue |
| 20 | +to support engines. The to-be architecture will not be fully realised |
| 21 | +until OpenSSL 4.0.0 at the earliest. |
| 22 | + |
| 23 | +## As-is architecture |
| 24 | + |
| 25 | +Currently, OpenSSL is split into four principal components: |
| 26 | + |
| 27 | +1. libcrypto. This is the core library for providing implementations of |
| 28 | + numerous cryptographic primitives. In addition it provides a set of |
| 29 | + supporting services which are used by libssl and libcrypto, as well |
| 30 | + as implementations of protocols such as CMS and OCSP. |
| 31 | + |
| 32 | +2. Engine. The functionality of libcrypto can be extended through the |
| 33 | + Engine API. |
| 34 | + |
| 35 | + Typically engines are dynamically loadable modules that are registered |
| 36 | + with libcrypto and use the available hooks to provide cryptographic |
| 37 | + algorithm implementations. Usually these are alternative implementations |
| 38 | + of algorithms already provided by libcrypto (e.g. to enable hardware |
| 39 | + acceleration of the algorithm), but they may also include algorithms not |
| 40 | + implemented in default OpenSSL (e.g. the GOST engine implements the GOST |
| 41 | + algorithm family). Some engines are provided as part of the OpenSSL |
| 42 | + distribution, and some are provided by external third parties (again, |
| 43 | + GOST). |
| 44 | + |
| 45 | +3. libssl. This library depends on libcrypto and implements the TLS and |
| 46 | + DTLS protocols. |
| 47 | + |
| 48 | +4. Applications. The applications are a set of command line tools that |
| 49 | + use the underlying libssl and libcrypto components to provide a set |
| 50 | + of cryptographic and other features such as: |
| 51 | + a. Key and parameter generation and inspection |
| 52 | + b. Certificate generation and inspection |
| 53 | + c. SSL/TLS test tools |
| 54 | + d. ASN.1 inspection |
| 55 | + e. Etc |
| 56 | + |
| 57 | +Currently, OpenSSL has the following characteristics: |
| 58 | + |
| 59 | +1. EVP. The EVP (envelope) API level provides the high-level abstract |
| 60 | + interface to cryptographic functionality separate from the concrete |
| 61 | + implementation binding. Direct use of concrete cryptographic |
| 62 | + algorithm implementations via interfaces other than the EVP layer is |
| 63 | + discouraged. The EVP layer also provides composite operations, such |
| 64 | + as signing and verifying. Certain composite operations are also |
| 65 | + provided as an EVP-level operation (such as HMAC-SHA256). EVP also |
| 66 | + allow use of cryptographic algorithms in an algorithm-agnostic |
| 67 | + manner (e.g. EVP\_DigestSign works for both RSA and ECDSA |
| 68 | + algorithms). |
| 69 | + |
| 70 | +2. FIPS140 is not supported. FIPS140 it is only available in |
| 71 | + OpenSSL-1.0.2 which predates the as-is architecture and is not API |
| 72 | + or ABI compatible. |
| 73 | + |
| 74 | +### Conceptual Component View |
| 75 | + |
| 76 | +The existing architecture is a simple 4 level layering with the crypto |
| 77 | +layer at the bottom. The TLS layer depends on the crypto layer, and the |
| 78 | +applications depend on both the TLS and crypto layers. |
| 79 | + |
| 80 | +Note: the existence of a component in the diagram does not indicate that |
| 81 | +the component is a public API or intended for end-user direct access or |
| 82 | +usage. |
| 83 | + |
| 84 | + |
| 85 | + |
| 86 | +### Packaging View |
| 87 | + |
| 88 | +The components described above are packaged into libraries (libcrypto |
| 89 | +and libssl) and associated engine interfaces as well as an "openssl" |
| 90 | +command line executable for running the various applications. This is |
| 91 | +illustrated in the diagram below. |
| 92 | + |
| 93 | + |
| 94 | + |
| 95 | +## To-be Architecture |
| 96 | + |
| 97 | +The to-be architecture has the following features: |
| 98 | + |
| 99 | +- Core Services form the building blocks usable by applications and |
| 100 | + providers. (e.g. BIO, X509, SECMEM, ASN1, etc). |
| 101 | + |
| 102 | +- Providers implement cryptographic algorithms and supporting |
| 103 | + services. A provider has implementations of one or more of the |
| 104 | + following: |
| 105 | + |
| 106 | + - The cryptographic primitives for an algorithm, e.g. how to |
| 107 | + encrypt/decrypt/sign/hash etc. |
| 108 | + - Serialisation for an algorithm, e.g. how to convert a private |
| 109 | + key into a PEM file. Serialisation could be to or from formats |
| 110 | + that are not currently supported. |
| 111 | + - Store loader back ends. OpenSSL currently has a store loader |
| 112 | + that reads keys, parameters and other items from files. |
| 113 | + Providers could have a loader to load from another location |
| 114 | + (e.g. LDAP directory). |
| 115 | + |
| 116 | + A Provider may be entirely self-contained or it may use services that |
| 117 | + are provided by different providers or the Core Services. For example, |
| 118 | + an application may use the cryptographic primitives for an algorithm |
| 119 | + implemented by a hardware accelerated provider, but use the |
| 120 | + serialisation services of a different provider in order to export keys |
| 121 | + into PKCS\#12 format. |
| 122 | + |
| 123 | + A default provider (which contains the core of the current OpenSSL |
| 124 | + cryptographic algorithm implementations) will be "built-in" but other |
| 125 | + providers will be able to be dynamically loadable at runtime. |
| 126 | + |
| 127 | + Legacy provider module(s) will provide cryptographic implementations for |
| 128 | + older algorithms (e.g., DES, MDC2, MD2, Blowfish, CAST). The OMC will |
| 129 | + publish a policy for how and when algorithms are transitioned from the |
| 130 | + default provider to the legacy provider. |
| 131 | + |
| 132 | + A FIPS provider that embodies the OpenSSL FIPS Cryptographic Module will |
| 133 | + be able to be dynamically loaded at runtime. |
| 134 | + |
| 135 | +- The Core enables access to the services offered by providers to |
| 136 | + applications (and other providers). Providers make methods available |
| 137 | + to the Core. The Core is the mechanism via which concrete |
| 138 | + implementations of where things such as algorithms are located. |
| 139 | + |
| 140 | + The Core will implement a property based look-up feature for finding |
| 141 | + algorithms, e.g. it might allow you find an algorithm where "fips=true", |
| 142 | + or "keysize=128, constant\_time=true". The details of this will be |
| 143 | + determined in later design documents. |
| 144 | + |
| 145 | +- Protocol implementations. E.g. TLS, DTLS. |
| 146 | + |
| 147 | +The to-be architecture has the following characteristics: |
| 148 | + |
| 149 | +- The EVP layer becomes a thin wrapper for services implemented in the |
| 150 | + providers. Most calls are passed straight through with little/no |
| 151 | + pre- or post-processing. |
| 152 | + |
| 153 | +- New EVP APIs will be provided to find the implementation of an |
| 154 | + algorithm in the Core to be used for any given EVP call. |
| 155 | + |
| 156 | +- Information will be passed between the core library and the |
| 157 | + providers in an implementation agnostic way. |
| 158 | + |
| 159 | +- Legacy APIs (e.g. low level cryptographic APIs that do not go via |
| 160 | + the EVP layer) will be deprecated. Note that there are legacy APIs |
| 161 | + to non legacy algorithms (e.g. AES is a non-legacy algorithm but |
| 162 | + AES\_encrypt is a legacy API). |
| 163 | + |
| 164 | +- The OpenSSL FIPS Cryptographic Module will be implemented as a |
| 165 | + dynamically loaded provider. It will be self-contained (i.e. can |
| 166 | + only depend on system runtime libraries and services provided by the |
| 167 | + Core). |
| 168 | + |
| 169 | +- Other interfaces may also be transitioned to use the Core over time |
| 170 | + (for example OSSL\_STORE might be considered for this). |
| 171 | + |
| 172 | +- Engine usage will evolve to providers. "*Bye-bye-Engines, |
| 173 | + Hello-Providers".* |
| 174 | + |
| 175 | +### Conceptual Component View |
| 176 | + |
| 177 | +An overview of the conceptual components in the OpenSSL to-be |
| 178 | +architecture is as shown in the (pink nirvana) diagram below. |
| 179 | + |
| 180 | +Note: the existence of a component in the diagram does not indicate that |
| 181 | +the component is a public API or intended for end-user direct access or |
| 182 | +usage. |
| 183 | + |
| 184 | + |
| 185 | + |
| 186 | +The components shown here are as follows: |
| 187 | + |
| 188 | +- Applications: Command line applications, e.g. ca, ciphers, cms, dgst |
| 189 | + etc |
| 190 | + |
| 191 | +- Protocols: Provides capabilities for communicating between endpoints |
| 192 | + according to standard protocols |
| 193 | + |
| 194 | + - TLS Protocols: An implementation of all supported TLS/DTLS |
| 195 | + protocols and supporting infrastructure such as: |
| 196 | + - SSL BIO: A BIO for communication using TLS |
| 197 | + - Statem: The TLS state machine |
| 198 | + - Record: The TLS record layer |
| 199 | + - Other Protocols |
| 200 | + - CMS: An implementation of the Cryptographic Message Syntax |
| 201 | + standard |
| 202 | + - OCSP: An implementation of Online Certificate Status |
| 203 | + Protocol |
| 204 | + - TS: An implementation of the Timestamp Protocol |
| 205 | + - Supporting Services: Components specifically designed to support |
| 206 | + the implementation of protocol code |
| 207 | + - Packet: Internal component for reading protocol messages |
| 208 | + - Wpacket: Internal component for writing protocol messages |
| 209 | + |
| 210 | +- Core: This is a fundamental component that connects requests for a |
| 211 | + service (such as encryption) to a provider of that service. It |
| 212 | + implements the ability for providers to register their services |
| 213 | + along with the properties of those services. It also provides the |
| 214 | + ability to locate a service given a set of properties that the |
| 215 | + service must fulfil. For example, properties of an encryption |
| 216 | + service might include "aead", "aes-gcm", "fips", |
| 217 | + "security-bits=128", etc. |
| 218 | + |
| 219 | +- Default Provider: Implements a set of default services that are |
| 220 | + registered with the Core. |
| 221 | + |
| 222 | + - Supporting Services |
| 223 | + - Low Level Implementations: This is the set of components |
| 224 | + that actually implement the cryptographic primitives. |
| 225 | + |
| 226 | +- FIPS Provider: Implements a set of services that are FIPS validated |
| 227 | + and made available to the Core. This includes the following |
| 228 | + supporting services: |
| 229 | + |
| 230 | + - POST: Power On Self Test |
| 231 | + - KAT: Known Answer Tests |
| 232 | + - Integrity Check |
| 233 | + - Low Level Implementations: This is the set of components that |
| 234 | + actually implement the cryptographic primitives (to meet the |
| 235 | + FIPS-mandated self-contained requirement). |
| 236 | + |
| 237 | +- Legacy Provider: Provides implementations of older algorithms that |
| 238 | + will be exposed via EVP-level APIs. |
| 239 | + |
| 240 | +- Third-Party Provider: Not part of the OpenSSL distribution. Third |
| 241 | + Parties may implement their own providers. |
| 242 | + |
| 243 | +- Common Services: these form the building blocks usable by |
| 244 | + applications and providers. (e.g. BIO, X509, SECMEM, ASN1, etc). |
| 245 | + |
| 246 | +- Legacy APIs. The "low-level" APIs. The "legacy" here refers to the |
| 247 | + API, not the algorithm itself. For example, AES is not a legacy |
| 248 | + algorithm but it has a legacy API (e.g. AES\_encrypt). |
| 249 | + |
| 250 | +### Packaging View |
| 251 | + |
| 252 | +The various components described in the conceptual component view above |
| 253 | +are physically packaged into: |
| 254 | + |
| 255 | +- Executable application(s) for use by users |
| 256 | + |
| 257 | +- Libraries for use by application(s) |
| 258 | + |
| 259 | +- Dynamically loadable module(s) for use by the Core. |
| 260 | + |
| 261 | + |
| 262 | + |
| 263 | +The physical packages shown here are: |
| 264 | + |
| 265 | +- Openssl executable. The command line application. |
| 266 | + |
| 267 | +- Libssl. This contains everything directly related to TLS and DTLS. |
| 268 | + Its contents will be largely the same as libssl in the as-is |
| 269 | + architecture. Note that some supporting services will be moved to |
| 270 | + libcrypto. |
| 271 | + |
| 272 | +- Libcrypto. This library contains the following components: |
| 273 | + |
| 274 | + - Implementations of the core services such as: X509, ASN1, EVP, |
| 275 | + OSSL\_STORE etc |
| 276 | + - The Core |
| 277 | + - Protocols not related to TLS or DTLS |
| 278 | + - Protocol supporting services (e.g. Packet and Wpacket) |
| 279 | + - The default provider containing implementations of all the |
| 280 | + default algorithms |
| 281 | + |
| 282 | +- Libcrypto-legacy. Provides the legacy "low-level" APIs. |
| 283 | + Implementations of the algorithms for these APIS may come from any |
| 284 | + provider. |
| 285 | + |
| 286 | +- FIPS module. This contains the FIPS Provider that implements a set |
| 287 | + of services that are FIPS validated and are registered with the |
| 288 | + Core. |
| 289 | + |
| 290 | +- Legacy module. This contains the legacy provider. |
0 commit comments