Dan Kegel wrote:
>
> Dr S N Henson wrote:
> > > The revised OpenSSL ASN1 code will eventually have support for I/O based
> > > operations in addition to the current memory based operations which need
> > > to have the entire structure in memory (tricky if its a 1Gb structure on
> > > tape).
> > >
> > > Doing blocking I/O is fairly straight forward.
> > >
> > > Handling non blocking I/O is quite a bit harder because the ASN1 decoder
> > > or encoder must be able to save its internal state and restart where it
> > > left off.
> > >
> > > So the question: how many people would want non blocking I/O support? If
> > > no one or hardly anyone wants or needs it then there isn't a lot of
> > > point. However if there's considerably demand it would be worth looking
> > > into.
> >
> > My comments refer to ASN1 I/O only. OpenSSL doesn't currently have I/O
> > based ASN1 code at all and I'm seeing if people have a specific need to
> > non blocking ASN1 I/O or if the simpler blocking I/O will suffice.
>
> Can you give us an example of how ASN1 I/O would be used?
> I'm having trouble imagining, since I'm from a land very far from ASN1.
>
Its main use would be with huge PKCS#7 structures. If you don't want or
need them then most things will be unchanged: most of it will still use
memory base I/O because its quicker.
> In particular, from what I know so far, the app is unable to have one
> thread execute the 'cheap' parts of OpenSSL, and another execute
> the expensive crypto parts, partly because OpenSSL uses BIOs internally.
> This gets to be a bit of a problem when you're pushing the limits, trying to
> handle thousands of sessions with a handful of threads.
>
I'd say that has very little to do with BIOs and more to do with the
fact that the public key API has no concept of "non blocking operations"
and this has filtered down to the SSL API.
It may be possible to actually do what you want through some of the SSL
state callbacks but I haven't looked at that in much detail. Something
like tracking the states and then moving the execution to another thread
when the state involve expensive crypto operations then shifting it back
when they have finished.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
