Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-68

HMAC signature verification leaks with OpenSSL

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • C++ 1.6.0
    • C++
    • Security Level: Public (Public issues, viewable by everyone)
    • None
    • Operating System: All
      Platform: Other
    • 38604

    Description

      • This holds for XML Security C++ 1.2.1 *
        (I was unable to choose that version in Bugzilla)

      In the file OpenSSLCryptoHashHMAC.cpp the destructor should be changed from
      simply (line 136):

      OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {}

      to

      OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {
      HMAC_CTX_cleanup(&m_hctx);
      }

      Otherwise a leak occurs each time an HMAC signed signature is verified.

      Attachments

        Activity

          People

            Unassigned Unassigned
            steen.kroyer@cryptomathic.com Steen Kroyer
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: