Examining performance bottlenecks on a busy server, we discovered that connections are being forced to serialize due to calls to DH_generate_key. I looked through the source, and if I understand it correctly, the code locks a common DH mutex when it uses Montgomery Multiplication, and due to the way it sets a flag, it always does.
But I have not yet found any reason why this requires critical section protection. I do not see any global variables that are being manipulated by the call, nor any resource contention. Is it possible that the mutex lock is a holdover from earlier code? Could this locking behavior be removed? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
