Index: sys/netipsec/ipsec.c =================================================================== --- sys/netipsec/ipsec.c +++ sys/netipsec/ipsec.c @@ -1351,8 +1351,8 @@ * XXXAE: check this more carefully. */ KEYDBG(IPSEC_STAMP, - printf("%s: SA(%p) moves cryptoid %jd -> %jd\n", - __func__, sav, (uintmax_t)(*old), (uintmax_t)(*new))); + printf("%s: SA(%p) moves cryptoid %p -> %p\n", + __func__, sav, *old, *new)); KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); SECASVAR_LOCK(sav); if (sav->tdb_cryptoid != *old) { Index: sys/netipsec/xform_ah.c =================================================================== --- sys/netipsec/xform_ah.c +++ sys/netipsec/xform_ah.c @@ -245,16 +245,15 @@ int ah_zeroize(struct secasvar *sav) { - int err; if (sav->key_auth) bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); - err = crypto_freesession(sav->tdb_cryptoid); - sav->tdb_cryptoid = 0; + crypto_freesession(sav->tdb_cryptoid); + sav->tdb_cryptoid = NULL; sav->tdb_authalgxform = NULL; sav->tdb_xform = NULL; - return err; + return 0; } /* @@ -669,7 +668,7 @@ crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; crp->crp_buf = (caddr_t) m; crp->crp_callback = ah_input_cb; - crp->crp_sid = cryptoid; + crp->crp_session = cryptoid; crp->crp_opaque = (caddr_t) xd; /* These are passed as-is to the callback. */ @@ -720,9 +719,9 @@ if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); } @@ -1052,7 +1051,7 @@ crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; crp->crp_buf = (caddr_t) m; crp->crp_callback = ah_output_cb; - crp->crp_sid = cryptoid; + crp->crp_session = cryptoid; crp->crp_opaque = (caddr_t) xd; /* These are passed as-is to the callback. */ @@ -1101,9 +1100,9 @@ if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); } Index: sys/netipsec/xform_esp.c =================================================================== --- sys/netipsec/xform_esp.c +++ sys/netipsec/xform_esp.c @@ -389,7 +389,7 @@ crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; crp->crp_buf = (caddr_t) m; crp->crp_callback = esp_input_cb; - crp->crp_sid = cryptoid; + crp->crp_session = cryptoid; crp->crp_opaque = (caddr_t) xd; /* These are passed as-is to the callback */ @@ -468,9 +468,9 @@ if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); } @@ -853,7 +853,7 @@ crp->crp_buf = (caddr_t) m; crp->crp_callback = esp_output_cb; crp->crp_opaque = (caddr_t) xd; - crp->crp_sid = cryptoid; + crp->crp_session = cryptoid; if (esph) { /* Authentication descriptor. */ @@ -900,9 +900,9 @@ if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); } Index: sys/netipsec/xform_ipcomp.c =================================================================== --- sys/netipsec/xform_ipcomp.c +++ sys/netipsec/xform_ipcomp.c @@ -178,11 +178,10 @@ static int ipcomp_zeroize(struct secasvar *sav) { - int err; - err = crypto_freesession(sav->tdb_cryptoid); - sav->tdb_cryptoid = 0; - return err; + crypto_freesession(sav->tdb_cryptoid); + sav->tdb_cryptoid = NULL; + return 0; } /* @@ -258,7 +257,7 @@ xd->vnet = curvnet; SECASVAR_LOCK(sav); - crp->crp_sid = xd->cryptoid = sav->tdb_cryptoid; + crp->crp_session = xd->cryptoid = sav->tdb_cryptoid; SECASVAR_UNLOCK(sav); return crypto_dispatch(crp); @@ -301,9 +300,9 @@ if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); } @@ -508,7 +507,7 @@ crp->crp_opaque = (caddr_t) xd; SECASVAR_LOCK(sav); - crp->crp_sid = xd->cryptoid = sav->tdb_cryptoid; + crp->crp_session = xd->cryptoid = sav->tdb_cryptoid; SECASVAR_UNLOCK(sav); return crypto_dispatch(crp); @@ -549,9 +548,9 @@ if (crp->crp_etype) { if (crp->crp_etype == EAGAIN) { /* Reset the session ID */ - if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) + if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0) crypto_freesession(cryptoid); - xd->cryptoid = crp->crp_sid; + xd->cryptoid = crp->crp_session; CURVNET_RESTORE(); return (crypto_dispatch(crp)); }