Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks
Thank you, Brian. This is exactly the answer to my question that I asked Dr. Stephen Henson at second time. The question was: “...can we use safely only dynamic locks in multi-threaded applications instead of locking_function and threadid_func or no? Or if we want to use dynamic locks we must set callback functions for static and dynamic locks both and OpenSSL already choose what callback it want to use in concrete case? How OpenSSL works here?” The answer(from “Network Security with OpenSSL” John Viega, Matt Messier, Pravir Chandra) is: “If you want your applications to continue working with a minimal amount of effort in the future, we recommend that you implement both static and dynamic locks now”. It turns out that OpenSSL choose what callback it want to use in concrete case. But OpenSSL does not currently make use of dynamic locks(with some exceptions), that’s why we can’t use ONLY dynamic locks. So, or ONLY static locks, or both static and dynamic. Thank you very much for your answer, Brian. From: bebro...@rockwellcollins.com Sent: Tuesday, May 15, 2012 5:50 PM To: openssl-users@openssl.org Subject: Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks Good coverage of this topic is in the chapter 4 Support Infrastructure, section 4.1 Multithread Support http://my.safaribooksonline.com/book/networking/security/059600270x/support-infrastructure/openssl-chp-4-sect-1 from the book Network Security with OpenSSL By: John Viega; Matt Messier; Pravir Chandra Publisher: O'Reilly Media, Inc. Pub. Date: June 17, 2002 Print ISBN-13: 978-0-596-00270-1 The book's sample code contains common.h, common.c, reentrant.h, and reentrant.c which attempts to setup the static and dynamic threading callbacks for WIN32 and POSIX. http://examples.oreilly.com/9780596002701/ Just for completeness, the source reference for the static and dynamic thread primitive callbacks is http://www.openssl.org/docs/crypto/threads.html If you have a Association for Computing Machinery membership, you can access this book with http://acmsel.safaribooksonline.com/book/networking/security/059600270x/support-infrastructure/openssl-chp-4-sect-1 --- Brian Brooks Senior Software Engineer Rockwell Collins Satellite Communications Systems 2205 Northmont Parkway Duluth, GA 30096 bebro...@rockwellcollins.com office: (678) 252-4498 Vladimir Belov ml.vladimbe...@gmail.com Sent by: owner-openssl-us...@openssl.org 05/13/2012 02:04 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks From: Dr. Stephen Henson Sent: Sunday, May 13, 2012 5:53 PM Yes because some structures need to be locked internally. An example is the error queue. I draw a conclusion: in multi-threaded application using of locking_function and threadid_func is mandatory. Ok. Currently dynamical locks aren't used for much. The only example I can immediately think of is the CHIL ENGINE. At some point dynamic locks might be used more generally. The reason they could increase performance is that currently locks are global and related to structures. I don't understand precisely, Steve. All locking is done by OpenSSL itself, we only set platform-specific callback functions such as locking_function, CRYPTO_set_dynlock_lock_callback. We don't speak about locking programmer's objects but about internal objects of OpenSSL that must be done by OpenSSL itself not by programmer. If you also say that dynamical locks aren't used for much I really don't understand can we use safely only dynamic locks in multi-threaded applications instead of locking_function and threadid_func or no? Or if we want to use dynamic locks we must set callback functions for static and dynamic locks both and OpenSSL already choose what callback it want to use in concrete case? How OpenSSL works here? So if you need to perform locking on an X509 structure you lock *all* X509 structures while this is going on. It would be more efficient if only the single affected X509 structure was locked. Yes, it would be more efficient if only the single affected X509 structure was locked, I understood now about performance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __
Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks
Good coverage of this topic is in the chapter 4 Support Infrastructure, section 4.1 Multithread Support http://my.safaribooksonline.com/book/networking/security/059600270x/support-infrastructure/openssl-chp-4-sect-1 from the book Network Security with OpenSSL By: John Viega; Matt Messier; Pravir Chandra Publisher: O'Reilly Media, Inc. Pub. Date: June 17, 2002 Print ISBN-13: 978-0-596-00270-1 The book's sample code contains common.h, common.c, reentrant.h, and reentrant.c which attempts to setup the static and dynamic threading callbacks for WIN32 and POSIX. http://examples.oreilly.com/9780596002701/ Just for completeness, the source reference for the static and dynamic thread primitive callbacks is http://www.openssl.org/docs/crypto/threads.html If you have a Association for Computing Machinery membership, you can access this book with http://acmsel.safaribooksonline.com/book/networking/security/059600270x/support-infrastructure/openssl-chp-4-sect-1 --- Brian Brooks Senior Software Engineer Rockwell Collins Satellite Communications Systems 2205 Northmont Parkway Duluth, GA 30096 bebro...@rockwellcollins.com office: (678) 252-4498 Vladimir Belov ml.vladimbe...@gmail.com Sent by: owner-openssl-us...@openssl.org 05/13/2012 02:04 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks From: Dr. Stephen Henson Sent: Sunday, May 13, 2012 5:53 PM Yes because some structures need to be locked internally. An example is the error queue. I draw a conclusion: in multi-threaded application using of locking_function and threadid_func is mandatory. Ok. Currently dynamical locks aren't used for much. The only example I can immediately think of is the CHIL ENGINE. At some point dynamic locks might be used more generally. The reason they could increase performance is that currently locks are global and related to structures. I don't understand precisely, Steve. All locking is done by OpenSSL itself, we only set platform-specific callback functions such as locking_function, CRYPTO_set_dynlock_lock_callback. We don't speak about locking programmer's objects but about internal objects of OpenSSL that must be done by OpenSSL itself not by programmer. If you also say that dynamical locks aren't used for much I really don't understand can we use safely only dynamic locks in multi-threaded applications instead of locking_function and threadid_func or no? Or if we want to use dynamic locks we must set callback functions for static and dynamic locks both and OpenSSL already choose what callback it want to use in concrete case? How OpenSSL works here? So if you need to perform locking on an X509 structure you lock *all* X509 structures while this is going on. It would be more efficient if only the single affected X509 structure was locked. Yes, it would be more efficient if only the single affected X509 structure was locked, I understood now about performance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks
On Sun, May 13, 2012, Vladimir Belov wrote: Hello. 1) If I will use each OpenSSL object only by one thread at the moment, it can be different thread each time but never two or more threads will use one object simultaneously do I need to use locking_function and threadid_func or no? Yes because some structures need to be locked internally. An example is the error queue. 2) Performance of dynamic locks in comparison with static locks. In thread3(3) documentation page there is a phrase: OpenSSL supports dynamic locks, and sometimes, some parts of OpenSSL need it for better performance. I don't understand how dynamic locks can increase performance of the application! If we use static locks with locking_function and threadid_func then all necessary locking objects are created at starting, we get their quantity with CRYPTO_num_locks(), and during working of the application only locking and unlocking occurs. If we will use dynamic locks then OpenSSL will spend additional time for creating dynamic lock and destroying it. Maybe here more pertinent to speak about saving of resources and memory not about performance? And also I don't understand the phrase from threads(3) documentation page: Also, dynamic locks are currently not used INTERNALLY by OpenSSL, but may do so in the future. If they are not used internally how they can guard internal OpenSSL objects in Multi-threaded application? It would be very nice if somebody from the developers team also would answer to the second question and I will be very grateful for the response. For example, Dr Stephen N. Henson. Because it is not a general question but about a one detail. Currently dynamical locks aren't used for much. The only example I can immediately think of is the CHIL ENGINE. At some point dynamic locks might be used more generally. The reason they could increase performance is that currently locks are global and related to structures. So if you need to perform locking on an X509 structure you lock *all* X509 structures while this is going on. It would be more efficient if only the single affected X509 structure was locked. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks
From: Dr. Stephen Henson Sent: Sunday, May 13, 2012 5:53 PM Yes because some structures need to be locked internally. An example is the error queue. I draw a conclusion: in multi-threaded application using of locking_function and threadid_func is mandatory. Ok. Currently dynamical locks aren't used for much. The only example I can immediately think of is the CHIL ENGINE. At some point dynamic locks might be used more generally. The reason they could increase performance is that currently locks are global and related to structures. I don't understand precisely, Steve. All locking is done by OpenSSL itself, we only set platform-specific callback functions such as locking_function, CRYPTO_set_dynlock_lock_callback. We don't speak about locking programmer's objects but about internal objects of OpenSSL that must be done by OpenSSL itself not by programmer. If you also say that dynamical locks aren't used for much I really don't understand can we use safely only dynamic locks in multi-threaded applications instead of locking_function and threadid_func or no? Or if we want to use dynamic locks we must set callback functions for static and dynamic locks both and OpenSSL already choose what callback it want to use in concrete case? How OpenSSL works here? So if you need to perform locking on an X509 structure you lock *all* X509 structures while this is going on. It would be more efficient if only the single affected X509 structure was locked. Yes, it would be more efficient if only the single affected X509 structure was locked, I understood now about performance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
