Clarify that krb5_keys are logically immutable but may not be shared

between threads due to mutable internal state.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/enc-perf@22929 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index b5294a458d40ebff719998a530fdf338f1b1a3fa..346e04dc11a7d5e330cf06a5ceb509f46436204a 100644 (file)
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -351,7 +351,10 @@ typedef struct _krb5_keyblock {
 
 /*
  * Opaque identifier for a key.  Use with the krb5_k APIs for better
- * performance for repeated operations with the same key usage.
+ * performance for repeated operations with the same key usage.  Key
+ * identifiers must not be used simultaneously within multiple
+ * threads, as they may contain mutable internal state and are not
+ * mutex-protected.
  */
 struct krb5_key_st;
 typedef struct krb5_key_st *krb5_key;
@@ -713,17 +716,11 @@ krb5_error_code KRB5_CALLCONV
     (krb5_context context, krb5_enctype enctype,
                    size_t data_length, unsigned int *size);
 
-/*
- * krb5_k_* functions use opaque key identifiers and should perform
- * better for repeated operations with the same key usage.  krb5_keys
- * are immutable once created.
- */
-
 krb5_error_code KRB5_CALLCONV
 krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
                  krb5_key *out);
 
-/* Since keys are immutable, they can be "copied" by reference count. */
+/* Keys are logically immutable and can be "copied" by reference count. */
 void KRB5_CALLCONV krb5_k_reference_key(krb5_context context, krb5_key key);
 
 /* Decrement the reference count on a key and free it if it hits zero. */