Skip to content
This repository was archived by the owner on Mar 7, 2026. It is now read-only.

Commit 95c2721

Browse files
NovaDev404NovaDev404
authored
Fix
1 parent bfcca8a commit 95c2721

2 files changed

Lines changed: 39 additions & 31 deletions

File tree

Sources/prostore/install/GenerateCert.swift

Lines changed: 33 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -116,37 +116,40 @@ public final class GenerateCert {
116116
return url
117117
}
118118

119-
private static func generateRSAKey(bits: Int32) throws -> OpaquePointer? {
120-
guard let rsa = RSA_new() else { throw CertGenError.keyGenerationFailed("RSA_new failed") }
121-
guard let bn = BN_new() else { RSA_free(rsa); throw CertGenError.keyGenerationFailed("BN_new failed") }
122-
123-
defer { BN_free(bn) }
124-
125-
if BN_set_word(bn, UInt(65537)) != 1 {
126-
RSA_free(rsa)
127-
throw CertGenError.keyGenerationFailed("BN_set_word failed")
128-
}
129-
130-
if RSA_generate_key_ex(rsa, bits, bn, nil) != 1 {
131-
RSA_free(rsa)
132-
throw CertGenError.keyGenerationFailed("RSA_generate_key_ex failed")
133-
}
134-
135-
guard let pkey = EVP_PKEY_new() else {
136-
RSA_free(rsa)
137-
throw CertGenError.keyGenerationFailed("EVP_PKEY_new failed")
138-
}
139-
140-
// Use EVP_PKEY_assign_RSA for OpenSSL 1.x compatibility
141-
// For OpenSSL 3.x, this should still work with the right headers
142-
if EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa) != 1 {
143-
EVP_PKEY_free(pkey)
144-
RSA_free(rsa)
145-
throw CertGenError.keyGenerationFailed("EVP_PKEY_assign failed")
146-
}
147-
148-
return pkey
119+
private static func generateRSAKey(bits: Int32) throws -> OpaquePointer? {
120+
guard let rsa = RSA_new() else {
121+
throw CertGenError.keyGenerationFailed("RSA_new failed")
122+
}
123+
defer { RSA_free(rsa) } // Automatically free RSA on any early exit
124+
125+
guard let bn = BN_new() else {
126+
throw CertGenError.keyGenerationFailed("BN_new failed")
127+
}
128+
defer { BN_free(bn) }
129+
130+
if BN_set_word(bn, 65537) != 1 {
131+
throw CertGenError.keyGenerationFailed("BN_set_word failed")
149132
}
133+
134+
if RSA_generate_key_ex(rsa, bits, bn, nil) != 1 {
135+
throw CertGenError.keyGenerationFailed("RSA_generate_key_ex failed")
136+
}
137+
138+
guard let pkey = EVP_PKEY_new() else {
139+
throw CertGenError.keyGenerationFailed("EVP_PKEY_new failed")
140+
}
141+
142+
// ✅ FIX: Correct pointer conversion for OpenSSL API
143+
if EVP_PKEY_assign(pkey, EVP_PKEY_RSA, UnsafeMutableRawPointer(rsa)) != 1 {
144+
EVP_PKEY_free(pkey)
145+
throw CertGenError.keyGenerationFailed("EVP_PKEY_assign failed")
146+
}
147+
148+
// ✅ IMPORTANT: Prevent RSA from being freed by the defer block,
149+
// as EVP_PKEY_assign now takes ownership.
150+
_ = Unmanaged.passRetained(rsa) // Transfer ownership
151+
return pkey
152+
}
150153

151154
private static func createSelfSignedCertificate(pkey: OpaquePointer?,
152155
commonName: String,

project.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ packages:
1313
ZIPFoundation:
1414
url: https://github.com/weichsel/ZIPFoundation.git
1515
branch: main
16+
OpenSSL:
17+
url: https://github.com/krzyzanowskim/OpenSSL.git
18+
from: "3.3.3001"
1619

1720
targets:
1821
prostore:
@@ -47,4 +50,6 @@ targets:
4750
- package: Zsign-Package
4851
product: ZsignSwift
4952
- package: ZIPFoundation
50-
product: ZIPFoundation
53+
product: ZIPFoundation
54+
- package: OpenSSL
55+
product: OpenSSL

0 commit comments

Comments
 (0)