Displaying 7 results from an estimated 7 matches for "evp_pkey_ctx_free".
2015 Nov 23
4
Custom C finalizers for .Call
...uthors would have an option to let this
be automated.
The most general feature would a hook for adding custom C functions to
the .Call exit, similar to on.exit() in R:
xmlNodePtr *node = xmlNewNode(...);
Rf_on_exit(xmlFreeNode, node);
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(...);
Rf_on_exit(EVP_PKEY_CTX_free, ctx);
SEXP out = PROTECT(allocVector(...));
Rf_on_exit(UNPROTECT, 1);
I don't know R's internals well enough to estimate if something like
this would be possible. I did put together a simple C example of a
linked list with object pointers and their corresponding free
functions, which...
2015 Nov 25
0
Custom C finalizers for .Call
...ode safely is something like
typedef struct {
xmlNodePtr *node;
EVP_PKEY_CTX *ctx;
} my_context_t;
// define how to dispose of all things you care about correctly
static void context_fin(SEXP what) {
my_context_t *c = (my_context_t*) EXTPTR_PTR(what);
if (!c) return;
if (c->ctx) EVP_PKEY_CTX_free(c->ctx);
if (c->node) xmlFreeNode(c->node);
}
[...]
// allocate the context and tell R to manage its protection and finalization
// (you could write a macro to make this one-liner)
my_context_t* c = (my_context_t*) R_Calloc(1, my_context_t);
SEXP res = PROTECT(R_MakeExternalPtr(c, R_N...
2017 Jun 23
5
OpenSSL 1.1 support status : what next?
OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
a shim for OpenSSL-1.1, the OpenSC code has been converted to
the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
macros was written to support older versions of OpenSSL and Libressl.
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h
The nice part of this approach is
2017 Jun 24
2
OpenSSL 1.1 support status : what next?
...leanup(ctx);
> ??
> if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
> ??
> && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
> ??
> OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
> ??
> }
> ??
> EVP_PKEY_CTX_free(ctx->pctx);
> #ifndef OPENSSL_NO_ENGINE
> ??
> ENGINE_finish(ctx->engine);
> #endif
> ??
> OPENSSL_cleanse(ctx, sizeof(*ctx));
>
> ??
> return 1;
> }
> ?---->8-----
>
>
> Other functions are getter and setters such as :
>
> ?----8<----...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...VP_PKEY_CTX_new(pk, NULL);
+ if (!ctx) {
+ verbose("%s: openssl context allocation failed", __func__);
+ ERR_print_errors_fp(stderr);
+ goto err_free_pkey;
+ }
+
+ EVP_PKEY_sign_init(ctx);
+
+ siglen=sizeof(result);
+ ret = EVP_PKEY_sign(ctx, result, &siglen, hash, sizeof(hash));
+ EVP_PKEY_CTX_free(ctx);
+
+ if (ret != 1 || siglen == 0) {
+ verbose("%s: trial signature failed with %d", __func__, ret);
+ ERR_print_errors_fp(stderr);
+ ret = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ goto err_free_pkey;
+ }
+
+ ret = SSH_ERR_ALLOC_FAIL;
+
+ key = sshkey_new(KEY_UNSPEC);
+ key->flags |= SS...