- tested with IPsec tunnels over IPv4 (AES-CBC + SHA1 and AES-GCM) and IPv6 (AES-GCM) and using setkey -F to clear state after
Details
Details
- Reviewers
delphij cem - Commits
- rS362632: Use zfree() to explicitly zero IPsec keys.
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
I think setting tdb_xform to NULL is no longer needed (as they are about to be done by the caller anyway).
sys/netipsec/xform_ah.c | ||
---|---|---|
256 ↗ | (On Diff #73614) | Looks like this is redundant too? (Already done by caller, key_cleansav). |
sys/netipsec/xform_esp.c | ||
250 ↗ | (On Diff #73614) | Looks like this is redundant too? (Already done by caller, key_cleansav). |
sys/netipsec/xform_tcp.c | ||
368 ↗ | (On Diff #73614) | Looks like this is redundant too? (Already done by caller, key_cleansav). |
Comment Actions
Yes, I removed those in the followup change. Here I was trying to just focus on the key zeroing via zfree separate from the other change.