On Mon, Nov 23, 2015 at 11:56:54PM +0000, Viktor Dukhovni wrote:
> > It may be a good idea to rethink locking completely.
> 
> There is some glimmer of hope in that as various libcrypto structures
> become opaque, the locking moves from application code into the
> library.  For example, we now have (yet to be documented):
> 
>       X509_up_ref()

Ideally there would be very little locking in OpenSSL, and instead the
app would be responsible for most locking (if needed).

But that will be a lengthy transition, no?  Maybe we'll need functions
by which to indicate that the app will be doing locking for specific
objects.  Still, functions like RAND_bytes() that have no context object
will need locking, so new functions will be needed that take contexts so
as to minimize locking.

> Doing this requires a global review of the API, and filling in
> missing functions and documentation. :-(

Yes.

Nico
-- 
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to