Subject: RE : libssh2 in a multi threaded application

RE : libssh2 in a multi threaded application

From: Jean-Louis CHARTON <Jean-Louis.CHARTON_at_oikialog.com>
Date: Tue, 31 Mar 2009 16:44:53 +0200

Hi Daniel,

For OpenSSL part, maybe the _init() function should only load the necessary ciphers and not all as it is done currently; except of course if all ciphers are actually required by libssh2.

I.e; do:

EVP_add_cipher(cipher1);
EVP_add_cipher(cipher2);
...
EVP_add_cipher(cipherN);

Instead of

OpenSSL_add_all_ciphers();

Also, the _init() function should call RAND_seed() if necessary ...

And in the _cleanup() function, add a call to EVP_cleanup()

For the crypto callbacks, maybe the _init() function could have one boolean parameter so that the caller can specified whether or not the application is multi threaded. I.e.:

Libssh2_init(int mt_support_required)
{
   add_required_ciphers();
   rand_the_seed();

   if (mt_support_required) {
      setup_crypto_locks();
   }
}

And there should have several implementations of setup_crypto_locks() for the several thread packages available out there (pthread, GNU Pth, solaris native thread, ...). This probably also means a new option in configure to specified for which thread package support libssh2 should be built (for example --with-mt-thread-pkg=xxx).

Or maybe a better solution would be to let the caller specified himself the crypto_lock() function to be used by libssh2_init. I.e.:

typedef int (*LIBSSH2_CRYTO_CALLBACK_SETUP_FUNC)(void*);

libssh2_init(LIBSSH2_CRYTO_CALLBACK_SETUP_FUNC crypto_cb_setup,
             void* crypto_cb_setup_data)
{
   add_required_ciphers();
   rand_the_seed();

   if (crypto_cb_setup != NULL) {
      cryto_cb_setup(crypto_cb_setup_data);
   }
}

JL

-----Message d'origine-----
De : Daniel Stenberg [mailto:daniel_at_haxx.se]
Envoyé : mardi 31 mars 2009 13:21
À : libssh2 development
Objet : Re: libssh2 in a multi threaded application

On Sun, 29 Mar 2009, Daniel Stenberg wrote:

> Yes, I'm quite sure we need something like that for the OpenSSL/gcrypt inits
> to remain safe.
>
> libssh2_init() and libssh2_cleanup() perhaps.

I'm thinking this is a fine addition for 1.2.

Does anyone have any particular opinion on how they should work? I mean is
there for example occasions when they shouldn't init the underlying crypto
lib?

I would also like us to produce a more general docs for libssh2 on how it acts
and what to think about when used with threads. Like right now applications
MUST also set the crypto lib's mutex callbacks. We could consider detecting a
threads library and setting these callbacks as part of the init/cleanup
mentioned above...

-- 
  / daniel.haxx.se
------------------------------------------------------------------------------
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
------------------------------------------------------------------------------
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2009-03-31