Hi Thor, I'm slowly coming back through a few tonnes of spooled email that has been accumulating for months (including everything openssl-related). That's just some context. I may have missed prior discussion about all sorts of things related to ENGINE and async requirements, if so my apologies.
FWIW, this is not really the right way of implementing async support in openssl. "Completion" events are not always going to be related to file descriptors in any clear way, and besides which the SSL/TLS stack in openssl is not really one where you'd want to try and implement "resume" semantics. Ie. the "call the exact same thing again" approach sounds like the SSL/TLS objects get left in a "limbo" state after an asynchronous operation has started - I think I understand why you've done things this way (given a specific problem, you've probably come up with the easiest and most obvious specific solution that didn't involve the need for a nervous breakdown nor a bump in international coffee shipments...) FWIW, I've done something similar in the past with openssl for a custom job, and I neither could nor would have committed that code (or anything like it) into the public repository. BTW, this issue is not really related to "ENGINE" at all. That's just a bundling of RSA/DH/[...] vtable objects with some indexing and ref-counting. The ability for a modexp operation to go asynchronous would have little to do with whether it had been installed (and reference-counted) by an ENGINE. That's by the by, but just so we don't get confused - I really don't see this as an ENGINE issue so much as a call-stack issue, and in that regard, it has a lot more to do with the SSL/TLS implementation than anything else. I already have some ideas about this but will need to think some more and try to formulate something concrete. For one thing, the approach taken needs to be as portable as the rest of the openssl code base and needs to not be a "singularly weird" quirk in the SSL/TLS API. But if you have some code already that can serve as a point of discussion, please post a diff (or URL). I'll try to do the same as soon as practicable. Cheers, Geoff On Mon, 2008-02-18 at 09:09 -0500, Thor Lancelot Simon wrote: > I have a set of local modifications to a proprietary SSL library which > has an openssl-compatible API. They significantly increase performance > for applications using non-blocking I/O by allowing the SSL I/O operations > (SSL_read(), SSL_write(), etc.) to return a CRYPTO_PENDING error code if > the hardware device actually performing the crypto is not yet ready. [snip] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
