[openssl-dev] Improving OpenSSL default RNG
Alessandro Ghedini
alessandro at ghedini.me
Fri Oct 23 17:06:30 UTC 2015
On Fri, Oct 23, 2015 at 02:30:14pm +0000, Salz, Rich wrote:
> I am very interested in cleaning this area up. We still do care about
> Netware, OS/2, and VMS; I don't think we care about pre-XP Windows.
Ok.
> We have broader portability issues than boringSSL does, so my thoughts on
> threading are different: two builds, either "not threaded" or "use native
> system threads" and internally use an API that is a very small thin layer
> per-OS.
Yes, that's what BoringSSL does. They have three implementations: pthread,
windows and none (which is just nops). I don't know what the availability of
pthreads is on the above platforms (NW, OS/2 and VMS), but it should cover
quite a bit of platforms.
Basically they deprecated the current CRYPTO_lock and CRYPTO_THREADID API, and
replaced that with mutex objects (CRYPTO_MUTEX). Additionally, this API
provides thread-local storage support and "once" objects (to execute functions
only once, for example for initialization).
On top of the CRYPTO_MUTEX they added a reference counting API (which can use
C11 atomics instead of mutexes), but this is not used a lot so it can be
ignored for now.
Cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151023/e16de904/attachment.sig>
More information about the openssl-dev
mailing list