svn rev #22919: branches/enc-perf/src/ include/ lib/crypto/krb/ lib/crypto/krb/dk/

Ken Raeburn raeburn at MIT.EDU
Mon Oct 19 08:03:35 EDT 2009

On Oct 18, 2009, at 19:23, Greg Hudson wrote:
> I hadn't envisioned keys being sharable between threads, any more than
> contexts are.  I can make that clearer in the comments.

Contexts and auth contexts wouldn't be shared, but code using lower- 
level calls might conceivably share keys -- e.g., decrypt incoming  
messages in one thread, encrypt outgoing messages in another.  Since  
the key data is essentially read-only in those calls in existing  
releases, it would work fine.  I don't recall if we ever specified  
whether key data was shareable across threads, but I think I would've  
probably said it was.

(I also ran across some email in the archives of this very list from  
someone wanting to do crypto work in multiple threads.  Since that  
involved GSSAPI, there are other issues like sequence numbers that  
make it problematic, but still, the desire is there, and if it were  
the krb5 crypto API in use, it probably would've worked.)


More information about the krbdev mailing list