You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2010/12/07 19:34:17 UTC
[jira] Updated: (SANTUARIO-68) HMAC signature verification leaks
with OpenSSL
[ https://issues.apache.org/jira/browse/SANTUARIO-68?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor updated SANTUARIO-68:
----------------------------------
Fix Version/s: C++ 1.6.0
> HMAC signature verification leaks with OpenSSL
> ----------------------------------------------
>
> Key: SANTUARIO-68
> URL: https://issues.apache.org/jira/browse/SANTUARIO-68
> Project: Santuario
> Issue Type: Bug
> Components: C++
> Environment: Operating System: All
> Platform: Other
> Reporter: Steen Kroyer
> Assignee: XML Security Developers Mailing List
> Fix For: C++ 1.6.0
>
>
> * This holds for XML Security C++ 1.2.1 *
> (I was unable to choose that version in Bugzilla)
> ---
> In the file OpenSSLCryptoHashHMAC.cpp the destructor should be changed from
> simply (line 136):
> OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {}
> to
> OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {
> HMAC_CTX_cleanup(&m_hctx);
> }
> Otherwise a leak occurs each time an HMAC signed signature is verified.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.