[openssl-dev] Adding async support
Dmitry Belyavsky
beldmit at gmail.com
Thu Oct 8 11:18:21 UTC 2015
Dear Matt,
On Thu, Oct 8, 2015 at 1:56 PM, Matt Caswell <matt at openssl.org> wrote:
>
> > The engine needs to have a way of offloading the work to "something
> > else" so that it can come back and pick up the results later.
> Typically
> > for an engine this would mean some external hardware, but as I
> suggested
> > above it could be done using threads.
> >
> > From an engine perspective the work would be:
> > - Receive a request to do some crypto work in the normal way via the
> > engine API.
> > - Offload the work to "something else"
> >
> >
> > So what is a mechanism of such an offload? Can I, for example, get the
> > (global) ASYNC_pool and add a job (function/pointer to context) to it?
>
> The offload mechanism is entirely engine specific. We do not know how
> any specific engine works or how to interface to the hardware. An engine
> will be called in exactly the same way as now. The job of the engine
> will be to take the parameters passed to it and initiate the work in the
> engine hardware.
>
> So in pseudo code it might look something like this:
>
> static int myengine_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx,
> unsigned char *out, const unsigned char *in, size_t inl)
> {
> int jobid;
>
> jobid = offload_cipher_to_hardware(ctx, out, in , inl);
>
> /*
> * jobid holds a reference in the engine back to the work we just
> * started
> */
>
> while(work_not_finished_yet(jobid)) {
> /* Return control back to the calling application */
> ASYNC_pause_job();
> }
>
> return get_results_from_hardware(jobid);
> }
>
> You will note that ASYNC_pause_job() does *not* do a "return" to return
> control back to the user application...but calling ASYNC_pause_job()
> will cause SSL_read (or whatever) to return with SSL_ERROR_WANT_ASYNC
> nonetheless. The async job has its own private stack to enable this.
> Recalling SSL_read from the user application will appear to the engine
> like the function call ASYNC_pause_job() has returned.
>
>
> > How will the SSL struct obtain a job id from the engine implementing,
> > for example, "long" RSA_METHOD?
>
> It does not need to. The SSL object has a reference to the ASYNC_JOB.
> The engine can manage its own job ids - see the pseudo code above.
>
I see. So am I correct supposing that pseudo code for
offload_cipher_to_hardware looks like this:
static int async_wrapper(void * args)
{
...
}
static ASYNC_JOB *offload (void *args)
{
ASYNC_JOB *pjob = NULL;
int funcret;
size_t size = 0;
int ret = ASYNC_start_job(&pjob, &funcret, async_wrapper, args,
*args, size);
if (ret != ASYNC_PAUSE) return NULL;
return pjob;
}
?
Thank you!
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151008/672ae983/attachment-0001.html>
More information about the openssl-dev
mailing list