I think i have finally tracked down the remaining major memory leak in
the WinCAPICryptoKeyRSA module. WinCAPICryptoKeyDSA looks like it will
also exhibit this behaviour as the HCRYPTHASH is not destoyed also.
The HCRYPTHASH created by CryptCreateHash() is never released by
DestroyHash(). The simple solution
is to call ....
// Now validate
fResult = CryptVerifySignature(h, rawSigFinal, rawSigLen, m_key,
NULL, 0);
if(h)
CryptDestroyHash(h);
after CryptVerifySignature() but the code path may never reach this. I
dont know if XSEC already has a generic automatic resource/handle
wrapper, but this may be the best way to go in this circumstance.
bool WinCAPICryptoKeyRSA::verifySHA1PKCS1Base64Signature(const unsigned
char * hashBuf,
unsigned int hashLen,
const
char * base64Signature,
..
..
/*** Memory / resource leak here (h) is never freed by
CtyptDestroyHash() ***/
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
fResult = CryptCreateHash(m_p,
CALG_SHA1,
0,
0,
&h);
..
..
}
