Diffusion FreeBSD src repository 04421fda140b

krb5: Fix handling of transient crypto request failures
04421fda140b
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

krb5: Fix handling of transient crypto request failures

Instead of using CRYPTO_F_DONE to decide whether a request has completed, use a custom protocol of setting crp_opaque = NULL in the callback and checking that instead. CRYPTO_F_DONE is set independent of whether an error occurred, but for transient errors signaled by EAGAIN, we want to simply retry the request.
Clear CRYPTO_F_DONE before retrying the request.
Panic if the request truly failed, as we currently have no way to pass hard errors back up.

Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50238

Details

Provenance

Authored on May 9 2025, 12:16 AM

Reviewer

Differential Revision

D50238: krb5: Fix handling of transient crypto request failures

Parents

rG33759fc7e823: rtld: remove stray tabs

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rG04421fda140b: krb5: Fix handling of transient crypto request failures (authored by markj).May 9 2025, 12:29 AM

markj added an edge: D50238: krb5: Fix handling of transient crypto request failures.May 9 2025, 12:34 AM

markj mentioned this in rGcdf6e2d9feec: krb5: Fix handling of transient crypto request failures.Jun 1 2025, 7:54 PM

Changes (1)

Path

Size

sys/

kgssapi/

krb5/

rG04421fda140b

sys/kgssapi/krb5/kcrypto_aes.c

Loading...