svn rev #22918: branches/enc-perf/src/ include/ include/krb5/ lib/crypto/krb/

Sun Oct 18 13:17:42 EDT 2009

http://src.mit.edu/fisheye/changelog/krb5/?cs=22918
Commit By: ghudson
Log Message:
Add reference counts to key identifiers, so that they can have multiple owners
without having to create multiple underlying PKCS#11 objects (or similar).



Changed Files:
U   branches/enc-perf/src/include/k5-int.h
U   branches/enc-perf/src/include/krb5/krb5.hin
U   branches/enc-perf/src/lib/crypto/krb/key.c
Modified: branches/enc-perf/src/include/k5-int.h
===================================================================

--- branches/enc-perf/src/include/k5-int.h	2009-10-18 13:44:28 UTC (rev 22917)
+++ branches/enc-perf/src/include/k5-int.h	2009-10-18 17:17:42 UTC (rev 22918)
@@ -638,6 +638,7 @@
 /* Internal structure of an opaque key identifier */
 struct krb5_key_st {
     krb5_keyblock keyblock;
+    int refcount;
 };
 
 /* new encryption provider api */

Modified: branches/enc-perf/src/include/krb5/krb5.hin
===================================================================
--- branches/enc-perf/src/include/krb5/krb5.hin	2009-10-18 13:44:28 UTC (rev 22917)
+++ branches/enc-perf/src/include/krb5/krb5.hin	2009-10-18 17:17:42 UTC (rev 22918)
@@ -715,13 +715,18 @@
 
 /*
  * krb5_k_* functions use opaque key identifiers and should perform
- * better for repeated operations with the same key usage.
+ * better for repeated operations with the same key usage.  krb5_keys
+ * are immutable once created.
  */
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
 		  krb5_key *out);
 
+/* Since keys are immutable, they can be "copied" by reference count. */
+void KRB5_CALLCONV krb5_k_reference_key(krb5_context context, krb5_key key);
+
+/* Decrement the reference count on a key and free it if it hits zero. */
 void KRB5_CALLCONV krb5_k_free_key(krb5_context context, krb5_key key);
 
 krb5_error_code KRB5_CALLCONV

Modified: branches/enc-perf/src/lib/crypto/krb/key.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/key.c	2009-10-18 13:44:28 UTC (rev 22917)
+++ branches/enc-perf/src/lib/crypto/krb/key.c	2009-10-18 17:17:42 UTC (rev 22918)
@@ -49,6 +49,7 @@
     if (code)
 	goto cleanup;
 
+    key->refcount = 1;
     *out = key;
     return 0;
 
@@ -57,11 +58,17 @@
     return code;
 }
 
+void KRB5_CALLCONV
+krb5_k_reference_key(krb5_context context, krb5_key key)
+{
+    key->refcount++;
+}
+
 /* Free the memory used by a krb5_key. */
 void KRB5_CALLCONV
 krb5_k_free_key(krb5_context context, krb5_key key)
 {
-    if (key == NULL)
+    if (key == NULL || --key->refcount > 0)
 	return;
     krb5int_c_free_keyblock_contents(context, &key->keyblock);
 }


