[openssl-dev] Adding async support
Dmitry Belyavsky
beldmit at gmail.com
Thu Oct 8 19:11:29 UTC 2015
Dear Matt,
On Thu, Oct 8, 2015 at 10:06 PM, Matt Caswell <matt at openssl.org> wrote:
>
>
> On 08/10/15 18:56, Dmitry Belyavsky wrote:
>
> > The second problem is entirely engine dependant. It will be a
> different
> > solution for different hardware. These patches do not provide a
> solution
> > to that problem.
> >
> >
> > So I do not understand what you mean by "offload" :-(
> >
> > I understand that it's an engine-dependent, but I can't imagine a
> > corresponding pseudo code.
>
> Ok. So this is the pseudo code I posted before for how an engine might
> be implemented:
>
> static int myengine_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx,
> unsigned char *out, const unsigned char *in, size_t inl)
> {
> int jobid;
>
> jobid = offload_cipher_to_hardware(ctx, out, in , inl);
>
> /*
> * jobid holds a reference in the engine back to the work we just
> * started
> */
>
> while(work_not_finished_yet(jobid)) {
> /* Return control back to the calling application */
> ASYNC_pause_job();
> }
>
> return get_results_from_hardware(jobid);
> }
>
>
> So lets imagine an engine that works via threads and how those pseudo
> code function call might be implemented. It could be something like this:
>
> void initialise_engine(void)
> {
> start_thread(worker_main);
> }
>
> static int nextjobid = 0;
>
> struct work_st {
> int jobid;
> EVP_CIPHER_CTX *ctx;
> unsigned char *out;
> unsigned char *in;
> size_t inl;
> int ret;
> }
>
> int worker_main(void)
> {
> struct work_st *work;
>
> while(true) {
> work = get_work_off_in_queue();
> /* This is a long running operation */
> work->ret = do_aes128_cbc_cipher(work->ctx, work->out, work->in,
> work->inl);
> put_work_in_finished_set(work);
> }
> }
>
> int offload_cipher_to_hardware(EVP_CIPHER_CTX *ctx, unsigned char *out,
> unsigned char *in, size_t inl) {
> struct work_st *work;
>
> work = malloc(sizeof *work);
> work->ctx = ctx;
> work->out = out;
> work->in = in;
> work->inl = inl;
> work->jobid = nextjobid++;
>
> add_work_to_in_queue(work);
>
> return work->jobid;
> }
>
> int work_not_finished_yet(int jobid)
> {
> return !is_work_in_finished_set(jobid);
> }
>
> int get_results_from_hardware(int jobid)
> {
> struct work_st *work;
>
> work = get_work_out_of_finished_set(jobid);
>
> return work->ret;
> }
>
> In a hardware based engine everything in "worker_main" would be
> implemented in the hardware. So the hardware gets on with the long
> running crypto operation, whilst in the software control has returned
> back to the application.
>
> Does that make more sense?
>
Thank you! I finally got it.
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151008/1981bf00/attachment.html>
More information about the openssl-dev
mailing list