summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/netipsec/ipsec.c2
-rw-r--r--sys/netipsec/key.c15
2 files changed, 15 insertions, 2 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 1eb0f6a..bbbe0ce 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -1922,6 +1922,8 @@ xform_init(struct secasvar *sav, int xftype)
{
struct xformsw *xsp;
+ if (sav->tdb_xform != NULL) /* previously initialized */
+ return 0;
for (xsp = xforms; xsp; xsp = xsp->xf_next)
if (xsp->xf_type == xftype)
return (*xsp->xf_init)(sav, xsp);
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index de0362e..9e6e09b 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -2751,13 +2751,24 @@ key_delsav(sav)
if (__LIST_CHAINED(sav))
LIST_REMOVE(sav, chain);
+ /*
+ * Cleanup xform state. Note that zeroize'ing causes the
+ * keys to be cleared; otherwise we must do it ourself.
+ */
+ if (sav->tdb_xform != NULL) {
+ sav->tdb_xform->xf_zeroize(sav);
+ sav->tdb_xform = NULL;
+ } else {
+ if (sav->key_auth != NULL)
+ bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
+ if (sav->key_enc != NULL)
+ bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
+ }
if (sav->key_auth != NULL) {
- bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
KFREE(sav->key_auth);
sav->key_auth = NULL;
}
if (sav->key_enc != NULL) {
- bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
KFREE(sav->key_enc);
sav->key_enc = NULL;
}
OpenPOWER on IntegriCloud