Page MenuHomeFreeBSD
Files F160491588

D25442.diff
No OneTemporary
Actions

D25442.diff
View Options

Index: head/sys/netipsec/key.c
===================================================================
--- head/sys/netipsec/key.c
+++ head/sys/netipsec/key.c
@@ -3060,27 +3060,19 @@
if (sav->flags & SADB_X_EXT_F_CLONED)
return;
/*
- * Cleanup xform state. Note that zeroize'ing causes the
- * keys to be cleared; otherwise we must do it ourself.
+ * Cleanup xform state.
*/
if (sav->tdb_xform != NULL) {
sav->tdb_xform->xf_zeroize(sav);
sav->tdb_xform = NULL;
- } else {
- if (sav->key_auth != NULL)
- bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
- if (sav->key_enc != NULL)
- bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
}
if (sav->key_auth != NULL) {
- if (sav->key_auth->key_data != NULL)
- free(sav->key_auth->key_data, M_IPSEC_MISC);
+ zfree(sav->key_auth->key_data, M_IPSEC_MISC);
free(sav->key_auth, M_IPSEC_MISC);
sav->key_auth = NULL;
}
if (sav->key_enc != NULL) {
- if (sav->key_enc->key_data != NULL)
- free(sav->key_enc->key_data, M_IPSEC_MISC);
+ zfree(sav->key_enc->key_data, M_IPSEC_MISC);
free(sav->key_enc, M_IPSEC_MISC);
sav->key_enc = NULL;
}
Index: head/sys/netipsec/xform_ah.c
===================================================================
--- head/sys/netipsec/xform_ah.c
+++ head/sys/netipsec/xform_ah.c
@@ -250,9 +250,6 @@
ah_zeroize(struct secasvar *sav)
{
- if (sav->key_auth)
- bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
-
crypto_freesession(sav->tdb_cryptoid);
sav->tdb_cryptoid = NULL;
sav->tdb_authalgxform = NULL;
Index: head/sys/netipsec/xform_esp.c
===================================================================
--- head/sys/netipsec/xform_esp.c
+++ head/sys/netipsec/xform_esp.c
@@ -243,11 +243,9 @@
static int
esp_zeroize(struct secasvar *sav)
{
- /* NB: ah_zerorize free's the crypto session state */
+ /* NB: ah_zeroize free's the crypto session state */
int error = ah_zeroize(sav);
- if (sav->key_enc)
- bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
sav->tdb_encalgxform = NULL;
sav->tdb_xform = NULL;
return error;
Index: head/sys/netipsec/xform_tcp.c
===================================================================
--- head/sys/netipsec/xform_tcp.c
+++ head/sys/netipsec/xform_tcp.c
@@ -365,8 +365,6 @@
tcpsignature_zeroize(struct secasvar *sav)
{
- if (sav->key_auth != NULL)
- bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
sav->tdb_xform = NULL;
return (0);
}

File Metadata

Mime Type
text/plain
Expires
Fri, Jun 26, 1:55 AM (21 h, 46 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34336153
Default Alt Text
D25442.diff (2 KB)

Event Timeline