From 11d2f4df5071380faa3e2397de1365f4fc6ec232 Mon Sep 17 00:00:00 2001
From: Fabien Thomas <fabient@FreeBSD.org>
Date: Thu, 31 Mar 2011 13:14:24 +0000
Subject: [PATCH] Fix two SA refcount: - AH does not release the SA like in
 ESP/IPCOMP when handling EAGAIN - ipsec_process_done incorrectly release the
 SA.

Reviewed by:	vanhu
MFC after:	1 week
---
 sys/netipsec/ipsec_output.c | 1 -
 sys/netipsec/xform_ah.c     | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 0907f457551..7c21d837208 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -247,7 +247,6 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
 	panic("ipsec_process_done");
 bad:
 	m_freem(m);
-	KEY_FREESAV(&sav);
 	return (error);
 }
 
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 5701f90f71d..6a2d3517db9 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -785,6 +785,7 @@ ah_input_cb(struct cryptop *crp)
 			sav->tdb_cryptoid = crp->crp_sid;
 
 		if (crp->crp_etype == EAGAIN) {
+			KEY_FREESAV(&sav);
 			error = crypto_dispatch(crp);
 			return error;
 		}