search for: evp_pkey_ctx_free

...uthors would have an option to let this be automated. The most general feature would a hook for adding custom C functions to the .Call exit, similar to on.exit() in R: xmlNodePtr *node = xmlNewNode(...); Rf_on_exit(xmlFreeNode, node); EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(...); Rf_on_exit(EVP_PKEY_CTX_free, ctx); SEXP out = PROTECT(allocVector(...)); Rf_on_exit(UNPROTECT, 1); I don't know R's internals well enough to estimate if something like this would be possible. I did put together a simple C example of a linked list with object pointers and their corresponding free functions, which...

...ode safely is something like typedef struct { xmlNodePtr *node; EVP_PKEY_CTX *ctx; } my_context_t; // define how to dispose of all things you care about correctly static void context_fin(SEXP what) { my_context_t *c = (my_context_t*) EXTPTR_PTR(what); if (!c) return; if (c->ctx) EVP_PKEY_CTX_free(c->ctx); if (c->node) xmlFreeNode(c->node); } [...] // allocate the context and tell R to manage its protection and finalization // (you could write a macro to make this one-liner) my_context_t* c = (my_context_t*) R_Calloc(1, my_context_t); SEXP res = PROTECT(R_MakeExternalPtr(c, R_N...

OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing a shim for OpenSSL-1.1, the OpenSC code has been converted to the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and macros was written to support older versions of OpenSSL and Libressl. https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h The nice part of this approach is

...leanup(ctx); > ?? > if (ctx->digest && ctx->digest->ctx_size && ctx->md_data > ?? > && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { > ?? > OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); > ?? > } > ?? > EVP_PKEY_CTX_free(ctx->pctx); > #ifndef OPENSSL_NO_ENGINE > ?? > ENGINE_finish(ctx->engine); > #endif > ?? > OPENSSL_cleanse(ctx, sizeof(*ctx)); > > ?? > return 1; > } > ?---->8----- > > > Other functions are getter and setters such as : > > ?----8<----...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...VP_PKEY_CTX_new(pk, NULL); + if (!ctx) { + verbose("%s: openssl context allocation failed", __func__); + ERR_print_errors_fp(stderr); + goto err_free_pkey; + } + + EVP_PKEY_sign_init(ctx); + + siglen=sizeof(result); + ret = EVP_PKEY_sign(ctx, result, &siglen, hash, sizeof(hash)); + EVP_PKEY_CTX_free(ctx); + + if (ret != 1 || siglen == 0) { + verbose("%s: trial signature failed with %d", __func__, ret); + ERR_print_errors_fp(stderr); + ret = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto err_free_pkey; + } + + ret = SSH_ERR_ALLOC_FAIL; + + key = sshkey_new(KEY_UNSPEC); + key->flags |= SS...