Should I stop using locking callbacks in OpenSSL 1.1.0x ?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Should I stop using locking callbacks in OpenSSL 1.1.0x ?

pratyush parimal
Hi all,

I'm trying to migrate some application code from OpenSSL 1.0.1e to 1.1.0g. I keep seeing that the locking and threading callbacks I had used earlier (with CRYPTO_set_locking_callback and CRYPTO_set_id_callback respectively) now show up as "unused" during compilation.

I checked https://www.openssl.org/blog/blog/2017/02/21/threads/ and it seems like OpenSSL is trying to ditch callbacks and use more native facilities. In 1.1.0g's crypto.h, CRYPTO_set_locking_callback is defined as a no-op, with the following comment:

/*
 * The old locking functions have been removed completely without compatibility
 * macros. This is because the old functions either could not properly report
 * errors, or the returned error values were not clearly documented.
 * Replacing the locking functions with with no-ops would cause race condition
 * issues in the affected applications. It is far better for them to fail at
 * compile time.
 * On the other hand, the locking callbacks are no longer used.  Consequently,
 * the callback management functions can be safely replaced with no-op macros.
 */

Does this mean I can safely remove all usages of the above functions from my application code? I'd appreciate if someone could explain the above comment in a little more detail or confirm what I'm saying. Or has anyone else been in the same situation?

Thanks,
Pratyush

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Should I stop using locking callbacks in OpenSSL 1.1.0x ?

OpenSSL - User mailing list

 

  • Does this mean I can safely remove all usages of the above functions from my application code? I'd appreciate if someone could explain the above comment in a little more detail or confirm what I'm saying. Or has anyone else been in the same situation?

 

Yes.  Do not use the locking callbacks.  OpenSSL uses system-native threads and locks now.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Should I stop using locking callbacks in OpenSSL 1.1.0x ?

Charles Mills
 Not to disagree of course,  but you can always put printf's in your callbacks to confirm. 




Charles
Sent from a mobile; please excuse the brevity.

-------- Original message --------
From: "Salz, Rich via openssl-users" <[hidden email]>
Date: 4/13/18 3:22 PM (GMT-05:00)
Subject: Re: [openssl-users] Should I stop using locking callbacks in OpenSSL 1.1.0x ?

 

  • Does this mean I can safely remove all usages of the above functions from my application code? I'd appreciate if someone could explain the above comment in a little more detail or confirm what I'm saying. Or has anyone else been in the same situation?

 

Yes.  Do not use the locking callbacks.  OpenSSL uses system-native threads and locks now.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Should I stop using locking callbacks in OpenSSL 1.1.0x ?

OpenSSL - User mailing list
In reply to this post by OpenSSL - User mailing list

OpenSSL 1.1.0 *does not* go through the locking callbacks.  They will never be called.

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users