In message <20021211162914.GA1042@debbie> on Wed, 11 Dec 2002 11:29:14 -0500, Geoff
Thorpe <[EMAIL PROTECTED]> said:
geoff> Just catching up on all this, but something seems a bit strange to me
geoff> about the fundamental reliance on OpenSSL-sponsored dynamic locks. The
geoff> point is this: ENGINE is a bridge between OpenSSL and an external
geoff> module's native, proprietary, separated drivers and libs. If the chil
geoff> engine is going to require locking assurances for its internal
geoff> operation, and can't function without (eg. in the instance that OpenSSL
geoff> doesn't provide dynamic locks), then why aren't they implemented in the
geoff> nCipher/chil shared-library? Eg. file semaphores, pthread mutexes, or
geoff> anything else you can lay your hands on when you build your library for
geoff> a given target platform. As it is, I think nCipher has more ability to
geoff> tweak this support on a per-platform basis than OpenSSL does - as you
geoff> are targetting a variety of other highly platform-dependant features
geoff> already (eg. you have to communicate with the kernel drivers!). A mutex
geoff> is a mutex, whether it's "supplied" by the application or implemented in
geoff> the bowels of your hardware support. I think the pragmatic approach is
geoff> to implement your own - and it's more likely to lead you to better
geoff> locking and scheduling mechanisms in the rest of your hardware
geoff> libs/drivers anyway if you have full control over the implementation
geoff> details.
The CHIL interface was once meant as some kind of general purpose
library to access certain functions in a cipher box or smart card.
For that reason, it asks for mutex callbacks exactly like OpenSSL
does (and probably for the same reasons).
Or we could apply what you just said to OpenSSL and ask why OpenSSL
can't provide built-in threading support so the application authors
don't have to deal with it. Are you willing to do that work? I'm not
sure I am.
That said, I did believe that libhwcrhk would provide builtin
threading support on at least some systems, but I may recall
incorrectly.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
