D25443.id73675.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D25443.id73675.diff
View Options

	Index: head/sys/netipsec/key.c
	===================================================================
	--- head/sys/netipsec/key.c
	+++ head/sys/netipsec/key.c
	@@ -3059,11 +3059,8 @@
	}
	if (sav->flags & SADB_X_EXT_F_CLONED)
	return;
	- /*
	- * Cleanup xform state.
	- */
	if (sav->tdb_xform != NULL) {
	- sav->tdb_xform->xf_zeroize(sav);
	+ sav->tdb_xform->xf_cleanup(sav);
	sav->tdb_xform = NULL;
	}
	if (sav->key_auth != NULL) {
	Index: head/sys/netipsec/xform.h
	===================================================================
	--- head/sys/netipsec/xform.h
	+++ head/sys/netipsec/xform.h
	@@ -89,7 +89,7 @@
	u_short xf_type; /* xform ID */
	const char xf_name; / human-readable name */
	int (xf_init)(struct secasvar, struct xformsw); / setup */
	- int (xf_zeroize)(struct secasvar); /* cleanup */
	+ void (xf_cleanup)(struct secasvar); /* cleanup */
	int (xf_input)(struct mbuf, struct secasvar, / input */
	int, int);
	int (xf_output)(struct mbuf, /* output */
	@@ -112,7 +112,6 @@
	int xform_ah_authsize(const struct auth_hash *);
	int ah_init0(struct secasvar , struct xformsw ,
	struct crypto_session_params *);
	-extern int ah_zeroize(struct secasvar *sav);
	extern size_t ah_hdrsiz(struct secasvar *);

	/* XF_ESP */
	Index: head/sys/netipsec/xform_ah.c
	===================================================================
	--- head/sys/netipsec/xform_ah.c
	+++ head/sys/netipsec/xform_ah.c
	@@ -241,20 +241,13 @@
	crypto_newsession(&sav->tdb_cryptoid, &csp, V_crypto_support);
	}

	-/*
	- * Paranoia.
	- *
	- * NB: public for use by esp_zeroize (XXX).
	- */
	-int
	-ah_zeroize(struct secasvar *sav)
	+static void
	+ah_cleanup(struct secasvar *sav)
	{

	crypto_freesession(sav->tdb_cryptoid);
	sav->tdb_cryptoid = NULL;
	sav->tdb_authalgxform = NULL;
	- sav->tdb_xform = NULL;
	- return 0;
	}

	/*
	@@ -1141,7 +1134,7 @@
	.xf_type = XF_AH,
	.xf_name = "IPsec AH",
	.xf_init = ah_init,
	- .xf_zeroize = ah_zeroize,
	+ .xf_cleanup = ah_cleanup,
	.xf_input = ah_input,
	.xf_output = ah_output,
	};
	Index: head/sys/netipsec/xform_esp.c
	===================================================================
	--- head/sys/netipsec/xform_esp.c
	+++ head/sys/netipsec/xform_esp.c
	@@ -237,18 +237,14 @@
	return error;
	}

	-/*
	- * Paranoia.
	- */
	-static int
	-esp_zeroize(struct secasvar *sav)
	+static void
	+esp_cleanup(struct secasvar *sav)
	{
	- /* NB: ah_zeroize free's the crypto session state */
	- int error = ah_zeroize(sav);

	+ crypto_freesession(sav->tdb_cryptoid);
	+ sav->tdb_cryptoid = NULL;
	+ sav->tdb_authalgxform = NULL;
	sav->tdb_encalgxform = NULL;
	- sav->tdb_xform = NULL;
	- return error;
	}

	/*
	@@ -964,7 +960,7 @@
	.xf_type = XF_ESP,
	.xf_name = "IPsec ESP",
	.xf_init = esp_init,
	- .xf_zeroize = esp_zeroize,
	+ .xf_cleanup = esp_cleanup,
	.xf_input = esp_input,
	.xf_output = esp_output,
	};
	Index: head/sys/netipsec/xform_ipcomp.c
	===================================================================
	--- head/sys/netipsec/xform_ipcomp.c
	+++ head/sys/netipsec/xform_ipcomp.c
	@@ -179,15 +179,14 @@
	}

	/*
	- * ipcomp_zeroize() used when IPCA is deleted
	+ * ipcomp_cleanup() used when IPCA is deleted
	*/
	-static int
	-ipcomp_zeroize(struct secasvar *sav)
	+static void
	+ipcomp_cleanup(struct secasvar *sav)
	{

	crypto_freesession(sav->tdb_cryptoid);
	sav->tdb_cryptoid = NULL;
	- return 0;
	}

	/*
	@@ -739,7 +738,7 @@
	.xf_type = XF_IPCOMP,
	.xf_name = "IPcomp",
	.xf_init = ipcomp_init,
	- .xf_zeroize = ipcomp_zeroize,
	+ .xf_cleanup = ipcomp_cleanup,
	.xf_input = ipcomp_input,
	.xf_output = ipcomp_output,
	};
	Index: head/sys/netipsec/xform_tcp.c
	===================================================================
	--- head/sys/netipsec/xform_tcp.c
	+++ head/sys/netipsec/xform_tcp.c
	@@ -361,19 +361,16 @@
	/*
	* Called when the SA is deleted.
	*/
	-static int
	-tcpsignature_zeroize(struct secasvar *sav)
	+static void
	+tcpsignature_cleanup(struct secasvar *sav)
	{
	-
	- sav->tdb_xform = NULL;
	- return (0);
	}

	static struct xformsw tcpsignature_xformsw = {
	.xf_type = XF_TCPSIGNATURE,
	.xf_name = "TCP-MD5",
	.xf_init = tcpsignature_init,
	- .xf_zeroize = tcpsignature_zeroize,
	+ .xf_cleanup = tcpsignature_cleanup,
	};

	static const struct tcpmd5_methods tcpmd5_methods = {

File Metadata

Mime Type: text/plain
Expires: Mon, Nov 10, 1:05 PM (12 m, 51 s)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 25108354
Default Alt Text: D25443.id73675.diff (4 KB)

D25443.id73675.diffNo OneTemporaryActions

D25443.id73675.diffView Options

File Metadata

Event Timeline

D25443.id73675.diff
No OneTemporary
Actions

D25443.id73675.diff
View Options