> not knowing what to do other than calling the destructor of > XSECCryptoHash, I then replaced the XSECCryptoHash call with direct > OPENSSL call and the valgrind stopped complaining, here how it look with > openSSL.
You're using a different API so it's not comparable. With the EVP API, is it possible the code's missing a call to EVP_MD_CTX_destroy in the destructor? I see EVP_MD_CTX_cleanup but not destroy. Try adding that to the Hash destructor and rebuild xmlsec, then see what valgrind says. -- Scott
