* This holds for XML Security C++ 1.2.1 * (I was unable to choose that version in Bugzilla) --- In the file OpenSSLCryptoHashHMAC.cpp the destructor should be changed from simply (line 136): OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {} to OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() { HMAC_CTX_cleanup(&m_hctx); } Otherwise a leak occurs each time an HMAC signed signature is verified.
This (and a number of other similar lines) have been fixed in the HMAC code. Thanks!