On 28 February 2017 at 10:41, Paul Wouters <[email protected]> wrote: > On Tue, 28 Feb 2017, Andrew Cagney wrote: > >> /* Clean up. */ >> free_any_symkey("sym_key", &sym_key); >> >> so from our POV the key was freed. However NSS has kept a handle on >> that memory and will recycle it repeatedly. > > > Why would this be different between IKEv1 and IKEv2 though? Since the > report says the leak is much worse for IKEv2?
That has me puzzled. For connection negotiation, while the PRF+ calculation would be different the underlying PRF / HASH code is the same (provided the same protocols are negotiated). I've looked at some of the calls and, as best I can tell, the key is released. So, if there is a leak, it has something to do with the key been later recycled (or NSS not wanting to re-use the memory). _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
