From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 18 Oct 2009 17:17:42 +0000 (+0000)
Subject: Add reference counts to key identifiers, so that they can have multiple owners
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=913c95f6d800c0b985141cc9d77eb68d360862ac;p=thirdparty%2Fkrb5.git

Add reference counts to key identifiers, so that they can have multiple owners
without having to create multiple underlying PKCS#11 objects (or similar).

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/enc-perf@22918 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 22824c156c..34ce10d921 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -638,6 +638,7 @@ krb5int_locate_server (krb5_context, const krb5_data *realm,
 /* Internal structure of an opaque key identifier */
 struct krb5_key_st {
     krb5_keyblock keyblock;
+    int refcount;
 };
 
 /* new encryption provider api */
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 271386f6a8..b5294a458d 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -715,13 +715,18 @@ krb5_error_code KRB5_CALLCONV
 
 /*
  * krb5_k_* functions use opaque key identifiers and should perform
- * better for repeated operations with the same key usage.
+ * better for repeated operations with the same key usage.  krb5_keys
+ * are immutable once created.
  */
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
 		  krb5_key *out);
 
+/* Since keys are immutable, they can be "copied" by reference count. */
+void KRB5_CALLCONV krb5_k_reference_key(krb5_context context, krb5_key key);
+
+/* Decrement the reference count on a key and free it if it hits zero. */
 void KRB5_CALLCONV krb5_k_free_key(krb5_context context, krb5_key key);
 
 krb5_error_code KRB5_CALLCONV
diff --git a/src/lib/crypto/krb/key.c b/src/lib/crypto/krb/key.c
index 8b842abddc..1fb9bcc837 100644
--- a/src/lib/crypto/krb/key.c
+++ b/src/lib/crypto/krb/key.c
@@ -49,6 +49,7 @@ krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
     if (code)
 	goto cleanup;
 
+    key->refcount = 1;
     *out = key;
     return 0;
 
@@ -57,11 +58,17 @@ cleanup:
     return code;
 }
 
+void KRB5_CALLCONV
+krb5_k_reference_key(krb5_context context, krb5_key key)
+{
+    key->refcount++;
+}
+
 /* Free the memory used by a krb5_key. */
 void KRB5_CALLCONV
 krb5_k_free_key(krb5_context context, krb5_key key)
 {
-    if (key == NULL)
+    if (key == NULL || --key->refcount > 0)
 	return;
     krb5int_c_free_keyblock_contents(context, &key->keyblock);
 }