On Wed, 1 Mar 2017, Andrew Cagney wrote:
I hacked up some awk to count symkey new/frees in pluto's log (I'll
push it and some logging tweaks to make it work tomorrow).
It looks like we're leaking 'skeyseed' from calc_skeyseed_v2(). The
code carefully saves it in 'struct pcr_skeycalc_v2_r.skeyseed' but
nothing seems to read it :-(
Hmm that might be a pre-NSS thing? I guess we store a pointer to the
real skeyseed inside NSS in st->st_skeyseed_nss and use that whenever we
need more keying material for this SA ? Or do we initialize the PRF with
skeyseed and then just call the PRF/PRFPLUS and thus never need to
skeyseed ever again?
Paul
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
