views:

180

answers:

1

Is openssl's BF_cfb64_encrypt() thread safe?

A sample code to use it to encrypt / decrypt a blob of data would be much appreciated.

+1  A: 

According to the FAQ, the OpenSSL routines are thread safe. I looked at the source of that function, and it does indeed appear to be thread safe. Of course, that assumes you are not passing the same input/output buffers to the function on different threads.

For an example of a call to it, you should be able to look in the OpenSSL source. There is a file named bftest.c located in openssl/crypto/bf/ that has test calls to the function.

Edit After thinking about this a bit more, it is probably still wise to use the CRYPTO_set_locking_callback functionality for multi-threaded locking. The Blowfish algorithm asked about in the original question does not currently (in the version of OpenSSL I am using) use those locks, but that does not guarantee it will not in the future for some reason. Plus it saves future pain if you end up using functionality (such as RAND_bytes) that does need those locks.

Mark Wilkins
Thanks MarkI was confused by the URL http://www.openssl.org/docs/crypto/threads.htmlAny idea what it is talking about.Also I was curios to know what is EVP?
CodeMedic
If your code is using multiple threads with shared resources, then OpenSSL will use the callback defined by CRYPTO_set_locking_callback to acquire/release locks. It is very simple to use (an example is in the file crypto/threads/mttest.c. Basically it allows you to specify a callback function that calls the platform-appropriate locking function (e.g., WaitForSingleObject in win32). However, I do not believe that BF_cfb64_encrypt needs that function. I looked at the code and see no calls for locks. On the other hand, it would probably be good since future versions may acquire locks.
Mark Wilkins
I am not (yet) familiar with the EVP library. It is a high level interface that apparently provides a layer of abstraction over the lower level functions. If you use the higher level functions, I think your application will be more immune to changes in the underlying functionality.
Mark Wilkins