svn rev #22919: branches/enc-perf/src/ include/ lib/crypto/krb/ lib/crypto/krb/dk/
Ken Raeburn
raeburn at MIT.EDU
Mon Oct 19 08:03:35 EDT 2009
On Oct 18, 2009, at 19:23, Greg Hudson wrote:
> I hadn't envisioned keys being sharable between threads, any more than
> contexts are. I can make that clearer in the comments.
Contexts and auth contexts wouldn't be shared, but code using lower-
level calls might conceivably share keys -- e.g., decrypt incoming
messages in one thread, encrypt outgoing messages in another. Since
the key data is essentially read-only in those calls in existing
releases, it would work fine. I don't recall if we ever specified
whether key data was shareable across threads, but I think I would've
probably said it was.
(I also ran across some email in the archives of this very list from
someone wanting to do crypto work in multiple threads. Since that
involved GSSAPI, there are other issues like sequence numbers that
make it problematic, but still, the desire is there, and if it were
the krb5 crypto API in use, it probably would've worked.)
Ken
More information about the krbdev
mailing list