On 1 March 2017 at 20:29, Paul Wouters <[email protected]> wrote: > On Wed, 1 Mar 2017, Andrew Cagney wrote: > >> I hacked up some awk to count symkey new/frees in pluto's log (I'll >> push it and some logging tweaks to make it work tomorrow). >> >> It looks like we're leaking 'skeyseed' from calc_skeyseed_v2(). The >> code carefully saves it in 'struct pcr_skeycalc_v2_r.skeyseed' but >> nothing seems to read it :-( > > > Hmm that might be a pre-NSS thing? I guess we store a pointer to the > real skeyseed inside NSS in st->st_skeyseed_nss and use that whenever we > need more keying material for this SA ? Or do we initialize the PRF with > skeyseed and then just call the PRF/PRFPLUS and thus never need to > skeyseed ever again?
Yea, could be pre-NSS, I didn't do any archaeology; and yea, re-using SKEYSEED (actually skeyid) is an IKEv1 thing. For IKEv2, SKEYSEED is just an intermediate variable. I deleted the field and things still seem to work ... _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
