Page MenuHomeFreeBSD
Differential D50238

krb5: Fix handling of transient crypto request failures
ClosedPublic
Actions

Authored by markj on May 7 2025, 12:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jul 23, 8:17 AM
Unknown Object (File)
Tue, Jul 22, 6:11 AM
Unknown Object (File)
Jul 2 2025, 4:41 AM
Unknown Object (File)
Jun 25 2025, 9:11 PM
Unknown Object (File)
Jun 24 2025, 2:15 AM
Unknown Object (File)
Jun 22 2025, 7:33 AM
Unknown Object (File)
Jun 17 2025, 10:04 AM
Unknown Object (File)
Jun 16 2025, 9:45 PM
View All 25 Files
Subscribers
imp

Details

Reviewers
jhb
Commits
rGcdf6e2d9feec: krb5: Fix handling of transient crypto request failures
rG04421fda140b: krb5: Fix handling of transient crypto request failures
Summary
  • Instead of using CRYPTO_F_DONE to decide whether a request has completed, use a custom protocol of setting crp_opaque = NULL in the callback and checking that instead. CRYPTO_F_DONE is set independent of whether an error occurred, but for transient errors signaled by EAGAIN, we want to simply retry the request.
  • Clear CRYPTO_F_DONE before retrying the request.
  • Panic if the request truly failed, as we currently have no way to pass hard errors back up.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kgssapi/
krb5/
30 lines

Diff 155165

View Options

sys/kgssapi/krb5/kcrypto_aes.c

Loading...