Thank you, Brian. This is exactly the answer to my question that I asked Dr. Stephen Henson at second time.
The question was: “...can we use safely only dynamic locks in multi-threaded applications instead of locking_function and threadid_func or no? Or if we want to use dynamic locks we must set callback functions for "static" and dynamic locks both and OpenSSL already choose what callback it want to use in concrete case? How OpenSSL works here?” The answer(from “Network Security with OpenSSL” John Viega, Matt Messier, Pravir Chandra) is: “If you want your applications to continue working with a minimal amount of effort in the future, we recommend that you implement both static and dynamic locks now”. It turns out that OpenSSL choose what callback it want to use in concrete case. But OpenSSL does not currently make use of dynamic locks(with some exceptions), that’s why we can’t use ONLY dynamic locks. So, or ONLY static locks, or both static and dynamic. Thank you very much for your answer, Brian. From: [email protected] Sent: Tuesday, May 15, 2012 5:50 PM To: [email protected] Subject: Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks Good coverage of this topic is in the chapter "4 Support Infrastructure", section "4.1 Multithread Support" http://my.safaribooksonline.com/book/networking/security/059600270x/support-infrastructure/openssl-chp-4-sect-1 from the book Network Security with OpenSSL By: John Viega; Matt Messier; Pravir Chandra Publisher: O'Reilly Media, Inc. Pub. Date: June 17, 2002 Print ISBN-13: 978-0-596-00270-1 The book's sample code contains common.h, common.c, reentrant.h, and reentrant.c which attempts to setup the static and dynamic threading callbacks for WIN32 and POSIX. http://examples.oreilly.com/9780596002701/ Just for completeness, the source reference for the static and dynamic thread primitive callbacks is http://www.openssl.org/docs/crypto/threads.html If you have a Association for Computing Machinery membership, you can access this book with http://acmsel.safaribooksonline.com/book/networking/security/059600270x/support-infrastructure/openssl-chp-4-sect-1 --- Brian Brooks Senior Software Engineer Rockwell Collins Satellite Communications Systems 2205 Northmont Parkway Duluth, GA 30096 [email protected] office: (678) 252-4498 "Vladimir Belov" <[email protected]> Sent by: [email protected] 05/13/2012 02:04 PM Please respond to [email protected] To <[email protected]> cc Subject Re: Multi-threaded applications, locking_function, threadid_func, dynamic locks From: Dr. Stephen Henson Sent: Sunday, May 13, 2012 5:53 PM > Yes because some structures need to be locked internally. An example is > the > error queue. I draw a conclusion: in multi-threaded application using of locking_function and threadid_func is mandatory. Ok. > Currently dynamical locks aren't used for much. The only example I can > immediately think of is the CHIL ENGINE. > At some point dynamic locks might be used more generally. The reason they > could increase performance is that currently locks are global and related > to > structures. I don't understand precisely, Steve. All locking is done by OpenSSL itself, we only set platform-specific callback functions such as locking_function, CRYPTO_set_dynlock_lock_callback. We don't speak about locking programmer's objects but about internal objects of OpenSSL that must be done by OpenSSL itself not by programmer. If you also say that "dynamical locks aren't used for much" I really don't understand can we use safely only dynamic locks in multi-threaded applications instead of locking_function and threadid_func or no? Or if we want to use dynamic locks we must set callback functions for "static" and dynamic locks both and OpenSSL already choose what callback it want to use in concrete case? How OpenSSL works here? > So if you need to perform locking on an X509 structure you lock > *all* X509 structures while this is going on. It would be more efficient > if > only the single affected X509 structure was locked. Yes, it would be more efficient if only the single affected X509 structure was locked, I understood now about performance. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________
