Date: Thu, 25 Jun 2020 23:59:16 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r362636 - head/sys/netipsec Message-ID: <202006252359.05PNxGIR037396@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Thu Jun 25 23:59:16 2020 New Revision: 362636 URL: https://svnweb.freebsd.org/changeset/base/362636 Log: Simplify IPsec transform-specific teardown. - Rename from the teardown callback from 'zeroize' to 'cleanup' since this no longer zeroes keys. - Change the callback return type to void. Nothing checked the return value and it was always zero. - Don't have esp call into ah since it no longer needs to depend on this to clear the auth key. Instead, both are now private and self-contained. Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25443 Modified: head/sys/netipsec/key.c head/sys/netipsec/xform.h head/sys/netipsec/xform_ah.c head/sys/netipsec/xform_esp.c head/sys/netipsec/xform_ipcomp.c head/sys/netipsec/xform_tcp.c Modified: head/sys/netipsec/key.c ============================================================================== --- head/sys/netipsec/key.c Thu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/key.c Thu Jun 25 23:59:16 2020 (r362636) @@ -3059,11 +3059,8 @@ key_cleansav(struct secasvar *sav) } if (sav->flags & SADB_X_EXT_F_CLONED) return; - /* - * Cleanup xform state. - */ if (sav->tdb_xform != NULL) { - sav->tdb_xform->xf_zeroize(sav); + sav->tdb_xform->xf_cleanup(sav); sav->tdb_xform = NULL; } if (sav->key_auth != NULL) { Modified: head/sys/netipsec/xform.h ============================================================================== --- head/sys/netipsec/xform.h Thu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/xform.h Thu Jun 25 23:59:16 2020 (r362636) @@ -89,7 +89,7 @@ struct xformsw { u_short xf_type; /* xform ID */ const char *xf_name; /* human-readable name */ int (*xf_init)(struct secasvar*, struct xformsw*); /* setup */ - int (*xf_zeroize)(struct secasvar*); /* cleanup */ + void (*xf_cleanup)(struct secasvar*); /* cleanup */ int (*xf_input)(struct mbuf*, struct secasvar*, /* input */ int, int); int (*xf_output)(struct mbuf*, /* output */ @@ -112,7 +112,6 @@ struct crypto_session_params; int xform_ah_authsize(const struct auth_hash *); int ah_init0(struct secasvar *, struct xformsw *, struct crypto_session_params *); -extern int ah_zeroize(struct secasvar *sav); extern size_t ah_hdrsiz(struct secasvar *); /* XF_ESP */ Modified: head/sys/netipsec/xform_ah.c ============================================================================== --- head/sys/netipsec/xform_ah.c Thu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/xform_ah.c Thu Jun 25 23:59:16 2020 (r362636) @@ -241,20 +241,13 @@ ah_init(struct secasvar *sav, struct xformsw *xsp) crypto_newsession(&sav->tdb_cryptoid, &csp, V_crypto_support); } -/* - * Paranoia. - * - * NB: public for use by esp_zeroize (XXX). - */ -int -ah_zeroize(struct secasvar *sav) +static void +ah_cleanup(struct secasvar *sav) { crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = NULL; sav->tdb_authalgxform = NULL; - sav->tdb_xform = NULL; - return 0; } /* @@ -1141,7 +1134,7 @@ static struct xformsw ah_xformsw = { .xf_type = XF_AH, .xf_name = "IPsec AH", .xf_init = ah_init, - .xf_zeroize = ah_zeroize, + .xf_cleanup = ah_cleanup, .xf_input = ah_input, .xf_output = ah_output, }; Modified: head/sys/netipsec/xform_esp.c ============================================================================== --- head/sys/netipsec/xform_esp.c Thu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/xform_esp.c Thu Jun 25 23:59:16 2020 (r362636) @@ -237,18 +237,14 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) return error; } -/* - * Paranoia. - */ -static int -esp_zeroize(struct secasvar *sav) +static void +esp_cleanup(struct secasvar *sav) { - /* NB: ah_zeroize free's the crypto session state */ - int error = ah_zeroize(sav); + crypto_freesession(sav->tdb_cryptoid); + sav->tdb_cryptoid = NULL; + sav->tdb_authalgxform = NULL; sav->tdb_encalgxform = NULL; - sav->tdb_xform = NULL; - return error; } /* @@ -964,7 +960,7 @@ static struct xformsw esp_xformsw = { .xf_type = XF_ESP, .xf_name = "IPsec ESP", .xf_init = esp_init, - .xf_zeroize = esp_zeroize, + .xf_cleanup = esp_cleanup, .xf_input = esp_input, .xf_output = esp_output, }; Modified: head/sys/netipsec/xform_ipcomp.c ============================================================================== --- head/sys/netipsec/xform_ipcomp.c Thu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/xform_ipcomp.c Thu Jun 25 23:59:16 2020 (r362636) @@ -179,15 +179,14 @@ ipcomp_init(struct secasvar *sav, struct xformsw *xsp) } /* - * ipcomp_zeroize() used when IPCA is deleted + * ipcomp_cleanup() used when IPCA is deleted */ -static int -ipcomp_zeroize(struct secasvar *sav) +static void +ipcomp_cleanup(struct secasvar *sav) { crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = NULL; - return 0; } /* @@ -739,7 +738,7 @@ static struct xformsw ipcomp_xformsw = { .xf_type = XF_IPCOMP, .xf_name = "IPcomp", .xf_init = ipcomp_init, - .xf_zeroize = ipcomp_zeroize, + .xf_cleanup = ipcomp_cleanup, .xf_input = ipcomp_input, .xf_output = ipcomp_output, }; Modified: head/sys/netipsec/xform_tcp.c ============================================================================== --- head/sys/netipsec/xform_tcp.c Thu Jun 25 23:57:30 2020 (r362635) +++ head/sys/netipsec/xform_tcp.c Thu Jun 25 23:59:16 2020 (r362636) @@ -361,19 +361,16 @@ tcpsignature_init(struct secasvar *sav, struct xformsw /* * Called when the SA is deleted. */ -static int -tcpsignature_zeroize(struct secasvar *sav) +static void +tcpsignature_cleanup(struct secasvar *sav) { - - sav->tdb_xform = NULL; - return (0); } static struct xformsw tcpsignature_xformsw = { .xf_type = XF_TCPSIGNATURE, .xf_name = "TCP-MD5", .xf_init = tcpsignature_init, - .xf_zeroize = tcpsignature_zeroize, + .xf_cleanup = tcpsignature_cleanup, }; static const struct tcpmd5_methods tcpmd5_methods = {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006252359.05PNxGIR037396>