On 17 March 2017 at 08:52, Erik Andersson <[email protected]> wrote: > > PK11SymKey *result = PK11_DeriveWithFlags(base_key, derive, ¶m, > target, operation, > key_size, flags); > The returned result isn't free'd
This might be ok; but first two things that complicate PK11SymKey and nss: - they are reference counted - they are never released, instead NSS will recycle the object (anyone know a way to get NSS to garbage collect?) Here, the "result" ends up in st->st_shared_nss and I'm fairly sure that is eventually returned to NSS. However, NSS's private heap might be fragmenting. The script testing/utils/count-nss-keys.awk, if run over a pluto.log file, will try to track PK11SymKey references and report things never released. (I've a hacked version that also tracks other pointers like event objects (we don't cleanly release them during shutdown)). Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
