github Download
Thread safety

Thread safety #

Some parts of Themis API are thread-safe. Other parts may require external synchronisation to be used safely. Particular cryptographic backends and language wrappers may impose additional safety considerations described below.

Themis objects #

Secure Cell, Secure Message #

Secure Cell and Secure Message objects are generally immutable. You can safely use these objects concurrently from multiple threads.

However, some language wrappers have historical exceptions, see details below.

Secure Comparator, Secure Session #

Secure Comparator and Secure Session objects implement stateful interactive protocols. You need to use application locks to synchronise access to those objecs, if you share them between threads.

However, it is safe to create a handle in one thread then pass it to the other thread, as long as only one thread is using an interactive object.

Shared Secure Session transport objects #

If you use Secure Session in wrap/unwrap mode, you may share the transport callbacks between multiple Secure Session objects and between multiple threads, provided that your callback implementation is correctly synchronised internally.

Secure Sessions in send/receive mode require individual transport objects that must never be shared between multiple Secure Sessions (and by extension, between multiple threads). You cannot use locks here, you need to create separate transport callback instances.

Crypto backends #

OpenSSL #

Modern OpenSSL 1.1.1+ can be safely used in multi-threaded applications, provided that support for the underlying OS threading API is built-in. This is usually the case with distribution-provided packages of OpenSSL.

Older OpenSSL 1.0.2 requires developers to install several callbacks in order to be used safely in multithreaded environment. Refer to OpenSSL documentation on what functions you need to implement and call.

Note: With OpenSSL 1.0.2, you have to install these callbacks, regardless of synchronisation for individual Themis objects and function calls. (Unless your application is single-threaded.)

LibreSSL #

Themis uses LibreSSL in a way that is fully thread-safe.

BoringSSL #

Themis uses BoringSSL in a way that is fully thread-safe.

Language wrappers #

ThemisPP (C++) #

In ThemisPP 0.12 and earlier, Secure Cell and Secure Message objects were not thread-safe, contrary to other language wrappers. You have to use proper synchronisation if you share those objects between threads.

Starting from Themis 0.13.0, Secure Cell and Secure Message objects are thread-safe in ThemisPP as well.