Page MenuHomeFreeBSD
Differential D50238

krb5: Fix handling of transient crypto request failures
ClosedPublic
Actions

Authored by markj on May 7 2025, 12:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jul 2, 4:41 AM
Unknown Object (File)
Wed, Jun 25, 9:11 PM
Unknown Object (File)
Tue, Jun 24, 2:15 AM
Unknown Object (File)
Sun, Jun 22, 7:33 AM
Unknown Object (File)
Tue, Jun 17, 10:04 AM
Unknown Object (File)
Mon, Jun 16, 9:45 PM
Unknown Object (File)
Mon, Jun 16, 9:26 PM
Unknown Object (File)
Mon, Jun 16, 9:01 PM
View All 23 Files
Subscribers
imp

Details

Reviewers
jhb
Commits
rGcdf6e2d9feec: krb5: Fix handling of transient crypto request failures
rG04421fda140b: krb5: Fix handling of transient crypto request failures
Summary
  • Instead of using CRYPTO_F_DONE to decide whether a request has completed, use a custom protocol of setting crp_opaque = NULL in the callback and checking that instead. CRYPTO_F_DONE is set independent of whether an error occurred, but for transient errors signaled by EAGAIN, we want to simply retry the request.
  • Clear CRYPTO_F_DONE before retrying the request.
  • Panic if the request truly failed, as we currently have no way to pass hard errors back up.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kgssapi/
krb5/
30 lines

Diff 155165

View Options

sys/kgssapi/krb5/kcrypto_aes.c

Loading...