Hi all A number of people have expressed interest in the async work that I have been doing in collaboration with Intel. This has now progressed to the point where it is going through team review. I thought some of you might like to get early sight of this so I have pushed it to my personal github repo (see the "main-async" branch):
https://github.com/mattcaswell/openssl Obviously there may be some tweaks that occur during the review process but hopefully it is stable enough to give you an idea of how it will work. I have also opened a github pull request so you can post comments on the code there if you wish: https://github.com/openssl/openssl/pull/433 The idea is that async aware application code will be able to use OpenSSL to initiate crypto operations asynchronously. In order to work this will require the presence of an async capable engine. For example you could imagine an engine that could initiate work on some external hardware and enable application code to come back at some later time for the results. This has been implemented through the concept of an ASYNC_JOB. At the libcrypto level an application developer would write a function that they wish to execute asynchronously which might call a number of different crypto operations. They can then initiate that job using a new API call "ASYNC_start_job()". The function will then execute until the engine (or indeed anything - it doesn't have to be in an engine; it could be user code) calls "ASYNC_pause_job()". At this point control returns back to the application code. The job can be resumed later through a second call to "ASYNC_start_job()" - it will pick up where it left off. The main restriction here is that this must be done from the same thread as the original ASYNC_start_job() call. A flagging mechanism has been implemented to enable application code to know whether the async job is "ready" to be resumed. libssl has been made async aware through the introduction of a new mode "SSL_MODE_ASYNC". The mode is set using a call to one of the existing functions SSL_CTX_set_mode() or SSL_set_mode(). Having set that mode calls to functions such as SSL_read/SSL_write etc, may now start returning an SSL_ERROR_WANT_ASYNC response (if an async capable engine is present). To resume you simply recall SSL_read/SSL_write in the same way as you would if you got an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. Similarly to above you must do this from the same thread as the original call. In order to enable people to test this out I have provided a "Dummy Async" engine (dasync). This can't really do async work, but it pretends it can :-). For certain crypto operations (currently only SHA1 and RSA) it will call ASYNC_pause_job() at various points. Once you resume the job it will just continue synchronously. I have also added async support to s_server and s_client through the new "-async" flag. The will set the SSL_MODE_ASYNC mode. In order to have an effect you will obviously also need an async engine (such as dasync) loaded through the "-engine" flag. Note that dasync will only be loaded dynamically and thus OpenSSL must be built "shared" for this to work. Documentation including some example code is available on all of this here: https://github.com/mattcaswell/openssl/blob/main-async/doc/crypto/ASYNC_start_job.pod https://github.com/mattcaswell/openssl/blob/main-async/doc/ssl/SSL_get_error.pod https://github.com/mattcaswell/openssl/blob/main-async/doc/ssl/SSL_get_async_wait_fd.pod https://github.com/mattcaswell/openssl/blob/main-async/doc/ssl/SSL_CTX_set_mode.pod I'd be interested to hear your thoughts. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev