The other leaks turned out to be OpenSSL globals that were not released. Calling CRYPTO_cleanup_all_ex_data() in OpenSSLCryptoProvider::~OpenSSLCryptoProvider() took care of the problem. Some other OpenSSL cleanup functions might be needed under some circumstances, and I don't think there's any harm in calling them:
RAND_cleanup() X509_TRUST_cleanup() ERR_remove_state(0) -----Original Message----- From: Berin Lautenbach [mailto:[EMAIL PROTECTED] Sent: Tue 3/8/2005 5:42 AM To: security-dev@xml.apache.org Subject: Re: XML-Security-C memory leak Jesse Pelton wrote: > OpenSSLCryptoBase64::b642BN() leaks memory in the following line: > > return BN_dup(BN_bin2bn(buf, bufLen, NULL)); > > BN_bin2bn() allocates a BIGNUM, so there's no need to dup it, and doing > so causes the first one to leak. Thanks! Will fix in CVS on the weekend. Cheers, Berin
<<winmail.dat>>
