[Swan-dev] Pluto memory consumption

Andrew Cagney andrew.cagney at gmail.com
Tue Feb 28 16:20:39 UTC 2017

On 28 February 2017 at 10:41, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 28 Feb 2017, Andrew Cagney wrote:
>>    /* Clean up.  */
>>    free_any_symkey("sym_key", &sym_key);
>> so from our POV the key was freed.  However NSS has kept a handle on
>> that memory and will recycle it repeatedly.
> Why would this be different between IKEv1 and IKEv2 though? Since the
> report says the leak is much worse for IKEv2?

That has me puzzled.  For connection negotiation, while the PRF+
calculation would be different the underlying PRF / HASH code is the
same (provided the same protocols are negotiated).

I've looked at some of the calls and, as best I can tell, the key is
released.  So, if there is a leak, it has something to do with the key
been later recycled (or NSS not wanting to re-use the memory).

More information about the Swan-dev mailing list