Re: Does OpenSSL have any plans of supporting SSL_read / SSL_write on the same SSL_S from multiple threads?

[David Schwartz]

On 9/25/2010 9:31 AM, Jayaraghavendran k wrote:


(a) Does OpenSSL plan to support this feature in any of it's future
releases? (Or does any of the releases already support it? I went
through the Change Logs, but couldn't find anything), If no, why not?


I can't answer whether there are any plans, but I doubt it. The reason 
not to is that the library is not the right place to implement that kind 
of logic.



(b) As far as I understand, the main problem with the parallel
SSL_read / SSL_write is renegotiation, i.e. a call to SSL_read can
lead to a send call and vice-versa, so, if I ensure I don't do
renegotiation at all (both sides use my application) then will the
code work fine?


No, it will still break. The SSL connection has one and only one state, 
and you are trying to manipulate it from two places at the same time.



(c) I would also like to know the reason behind such a design
considering the fact that TCP supports parallel send / recv. Is it
enforced by the protocol design or any other design parameters forced
such a design?


This is how every other library works. TCP is an exception.

Take, for example, a typical string library. You can perform 'read' 
operations (those that do not change state) from multiple threads to the 
same string at the same time. But you would never expect the string 
library to support two 'write' operations (those that do change state) 
to be supported to the same string at the same time. If you did, say 
'a+="A";' and 'a+="B";' at the same time in two different threads, you 
wouldn't expect a sensible result.


Another problem is that there's basically no way OpenSSL could provide 
this capability without a service thread. Consider if a blocking 
SSL_read is terminated from another thread that calls a shutdown 
function -- what thread is left to complete the SSL protocol shutdown? 
TCP handles lingering data in the kernel with the kernel's own threads, 
but OpenSSL can't do that. And unless you use a service thread per 
connection in flux, you wind up in the very platform-specific world of 
I/O multiplexing.


All of this can be done, but not sensibly inside OpenSSL.

DS

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Does OpenSSL have any plans of supporting SSL_read / SSL_write on the same SSL_S from multiple threads?

[Jayaraghavendran k]

Hi,

I have an application where I create a TCP connection from the main
thread and then spawn two seperate threads to do recv and send
parallely. But, as I understand currently I just cannot switch to SSL
in the same model. i.e I cannot do SSL_read from one thread and
SSL_write from another thread on the same SSL connection (using the
same SSL_S) without providing some application level mutex.

I have the following questions:

(a) Does OpenSSL plan to support this feature in any of it's future
releases? (Or does any of the releases already support it? I went
through the Change Logs, but couldn't find anything), If no, why not?

(b) As far as I understand, the main problem with the parallel
SSL_read / SSL_write is renegotiation, i.e. a call to SSL_read can
lead to a send call and vice-versa, so, if I ensure I don't do
renegotiation at all (both sides use my application) then will the
code work fine?

(c) I would also like to know the reason behind such a design
considering the fact that TCP supports parallel send / recv. Is it
enforced by the protocol design or any other design parameters forced
such a design?

Expecting a reply!

Thanks in Advance.

Regards,
Jay
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org