Hi, > Could it be that Valgrind is detecting that you aren't freeing ciphertext?
the RSA_encrypt wrapper returns the malloc'ed ciphertext on purpose. It may be a not-so-pleasing approach, but the calling function RSA_getEncryptedSymmetricKey generates the base64-encoded char *-presentation of the encrypted value and explicitly frees ciphertext. The base64-encoded version is (again, one layer higher) freed as well. I am sorry I did not make this clear enough in my first mail. Regarding the valgrind excerpt I would assume (being not that familiar with OpenSSL) that some objects OpenSSL allocates internally are somehow lost, namely a BN_MONT_CTX, which I never handle explicitly. Particularly, the location rsa.c:217 points precisely to the RSA_public_encrypt operation, and I am not aware that I potentially have to initialize or clean up something for each encryption. For that, I have an initialization function that reads the globally valid keypair once from the hard disk (as a .pem file). Best regards, Roman
smime.p7s
Description: S/MIME Cryptographic Signature
