On Mon, Nov 23, 2015 at 11:56:54PM +0000, Viktor Dukhovni wrote: > > It may be a good idea to rethink locking completely. > > There is some glimmer of hope in that as various libcrypto structures > become opaque, the locking moves from application code into the > library. For example, we now have (yet to be documented): > > X509_up_ref()
Ideally there would be very little locking in OpenSSL, and instead the app would be responsible for most locking (if needed). But that will be a lengthy transition, no? Maybe we'll need functions by which to indicate that the app will be doing locking for specific objects. Still, functions like RAND_bytes() that have no context object will need locking, so new functions will be needed that take contexts so as to minimize locking. > Doing this requires a global review of the API, and filling in > missing functions and documentation. :-( Yes. Nico -- _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev