From c15a68eb1a8944470d03b7805f3de8bd77516f7c Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Sun, 22 Mar 2026 07:46:11 +0000
Subject: [PATCH] fix: use BN_clear_free() for private key BIGNUMs in
 _get_key_parameters()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On OpenSSL 3.x, EVP_PKEY_get_bn_param() allocates new BIGNUMs.
After cor_bn2sv() duplicates them, the originals containing private
key material (d, p, q, dmp1, dmq1, iqmp) were freed with BN_free()
which does not wipe the memory. Use BN_clear_free() to securely
zero sensitive data before freeing, consistent with _is_private()
and _new_key_from_parameters().

Public components (n, e) remain with BN_free() — no sensitive data.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/RSA.xs b/RSA.xs
index ed71755..4add0b3 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -881,12 +881,12 @@ PPCODE:
        them via BN_dup(), so we must free the originals here. */
     BN_free(n);
     BN_free(e);
-    BN_free(d);
-    BN_free(p);
-    BN_free(q);
-    BN_free(dmp1);
-    BN_free(dmq1);
-    BN_free(iqmp);
+    BN_clear_free(d);
+    BN_clear_free(p);
+    BN_clear_free(q);
+    BN_clear_free(dmp1);
+    BN_clear_free(dmq1);
+    BN_clear_free(iqmp);
 #endif
 }