diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2020-06-25 23:59:16 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2020-06-25 23:59:16 +0000 |
| commit | dae61c9d09a79fc93c9486c212a586512339e6a0 (patch) | |
| tree | 1545d554f406b443890e7ce49371fdce2655e095 | |
| parent | f82eb2a6f04c2a4193378f932fe8ab9b84fbb67d (diff) | |
Notes
| -rw-r--r-- | sys/netipsec/key.c | 5 | ||||
| -rw-r--r-- | sys/netipsec/xform.h | 3 | ||||
| -rw-r--r-- | sys/netipsec/xform_ah.c | 13 | ||||
| -rw-r--r-- | sys/netipsec/xform_esp.c | 16 | ||||
| -rw-r--r-- | sys/netipsec/xform_ipcomp.c | 9 | ||||
| -rw-r--r-- | sys/netipsec/xform_tcp.c | 9 |
6 files changed, 18 insertions, 37 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 8bdda61f5b36e..0497187db856f 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -3059,11 +3059,8 @@ key_cleansav(struct secasvar *sav) } if (sav->flags & SADB_X_EXT_F_CLONED) return; - /* - * Cleanup xform state. - */ if (sav->tdb_xform != NULL) { - sav->tdb_xform->xf_zeroize(sav); + sav->tdb_xform->xf_cleanup(sav); sav->tdb_xform = NULL; } if (sav->key_auth != NULL) { diff --git a/sys/netipsec/xform.h b/sys/netipsec/xform.h index 85c9b65d16430..ff59971cf1331 100644 --- a/sys/netipsec/xform.h +++ b/sys/netipsec/xform.h @@ -89,7 +89,7 @@ struct xformsw { u_short xf_type; /* xform ID */ const char *xf_name; /* human-readable name */ int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ - int (*xf_zeroize)(struct secasvar*); /* cleanup */ + void (*xf_cleanup)(struct secasvar*); /* cleanup */ int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ int, int); int (*xf_output)(struct mbuf*, /* output */ @@ -112,7 +112,6 @@ struct crypto_session_params; int xform_ah_authsize(const struct auth_hash *); int ah_init0(struct secasvar *, struct xformsw *, struct crypto_session_params *); -extern int ah_zeroize(struct secasvar *sav); extern size_t ah_hdrsiz(struct secasvar *); /* XF_ESP */ diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 8aea3a45dd96b..a707930b046c9 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -241,20 +241,13 @@ ah_init(struct secasvar *sav, struct xformsw *xsp) crypto_newsession(&sav->tdb_cryptoid, &csp, V_crypto_support); } -/* - * Paranoia. - * - * NB: public for use by esp_zeroize (XXX). - */ -int -ah_zeroize(struct secasvar *sav) +static void +ah_cleanup(struct secasvar *sav) { crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = NULL; sav->tdb_authalgxform = NULL; - sav->tdb_xform = NULL; - return 0; } /* @@ -1141,7 +1134,7 @@ static struct xformsw ah_xformsw = { .xf_type = XF_AH, .xf_name = "IPsec AH", .xf_init = ah_init, - .xf_zeroize = ah_zeroize, + .xf_cleanup = ah_cleanup, .xf_input = ah_input, .xf_output = ah_output, }; diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index f4292d62a0a77..803d36da5f828 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -237,18 +237,14 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) return error; } -/* - * Paranoia. - */ -static int -esp_zeroize(struct secasvar *sav) +static void +esp_cleanup(struct secasvar *sav) { - /* NB: ah_zeroize free's the crypto session state */ - int error = ah_zeroize(sav); + crypto_freesession(sav->tdb_cryptoid); + sav->tdb_cryptoid = NULL; + sav->tdb_authalgxform = NULL; sav->tdb_encalgxform = NULL; - sav->tdb_xform = NULL; - return error; } /* @@ -964,7 +960,7 @@ static struct xformsw esp_xformsw = { .xf_type = XF_ESP, .xf_name = "IPsec ESP", .xf_init = esp_init, - .xf_zeroize = esp_zeroize, + .xf_cleanup = esp_cleanup, .xf_input = esp_input, .xf_output = esp_output, }; diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 0949062f4395f..b9dfe0e3532f9 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -179,15 +179,14 @@ ipcomp_init(struct secasvar *sav, struct xformsw *xsp) } /* - * ipcomp_zeroize() used when IPCA is deleted + * ipcomp_cleanup() used when IPCA is deleted */ -static int -ipcomp_zeroize(struct secasvar *sav) +static void +ipcomp_cleanup(struct secasvar *sav) { crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = NULL; - return 0; } /* @@ -739,7 +738,7 @@ static struct xformsw ipcomp_xformsw = { .xf_type = XF_IPCOMP, .xf_name = "IPcomp", .xf_init = ipcomp_init, - .xf_zeroize = ipcomp_zeroize, + .xf_cleanup = ipcomp_cleanup, .xf_input = ipcomp_input, .xf_output = ipcomp_output, }; diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c index 61f9aaee46e2a..54681f7df5d21 100644 --- a/sys/netipsec/xform_tcp.c +++ b/sys/netipsec/xform_tcp.c @@ -361,19 +361,16 @@ tcpsignature_init(struct secasvar *sav, struct xformsw *xsp) /* * Called when the SA is deleted. */ -static int -tcpsignature_zeroize(struct secasvar *sav) +static void +tcpsignature_cleanup(struct secasvar *sav) { - - sav->tdb_xform = NULL; - return (0); } static struct xformsw tcpsignature_xformsw = { .xf_type = XF_TCPSIGNATURE, .xf_name = "TCP-MD5", .xf_init = tcpsignature_init, - .xf_zeroize = tcpsignature_zeroize, + .xf_cleanup = tcpsignature_cleanup, }; static const struct tcpmd5_methods tcpmd5_methods = { |