From 790e8325d3ed1759c85f765aa5f905903d7ea79c Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Wed, 1 Apr 2026 06:33:54 +0000
Subject: [PATCH] release: bump version to 0.38 and update Changes

Summarize all changes since 0.37 in the Changes file, organized by
category (security, bug fixes, features, tests). Version bump in RSA.pm.

The key user-facing change is re-enabling PKCS#1 v1.5 for signatures,
which fixes #61 and #146 (Let's Encrypt ACME clients).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 Changes | 35 +++++++++++++++++++++++++++++++++++
 RSA.pm  |  2 +-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/Changes b/Changes
index 73b3acb..8b5f9d8 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,40 @@
 Revision history for Perl extension Crypt::OpenSSL::RSA.
 
+0.38 (unreleased)
+     Security:
+     - Re-enable PKCS#1 v1.5 padding for sign()/verify() operations.
+       The Marvin attack (CVE-2024-2467) only affects decryption, not
+       signatures.  PKCS#1 v1.5 signatures (RSASSA-PKCS1-v1.5) are
+       required by JWT RS256, ACME (RFC 8555), SAML, and other protocols.
+       Encryption with PKCS#1 v1.5 remains disabled. (Fixes #61, #146)
+
+     Bug fixes:
+     - Fix multiple resource leaks in _new_key_from_parameters() on
+       OpenSSL 3.x (EVP_PKEY_CTX, OSSL_PARAM_BLD, BIGNUM parameters)
+     - Fix double-free of BIGNUMs in _new_key_from_parameters() error paths
+     - Fix resource leaks in rsa_crypt(), sign(), verify(), generate_key(),
+       and get_public_key_string() error paths on OpenSSL 3.x
+     - Fix sign() buffer leak on pre-3.x when RSA_sign() fails
+     - Fix check PEM write return values in key export functions
+     - Fix check_key() return value normalization (-1/-2 treated as false)
+     - Fix use BN_clear_free() for private key BIGNUMs in _get_key_parameters()
+     - Fix croakSsl() crash when OpenSSL error queue is empty
+     - Fix thread-unsafe static buffer in get_message_digest()
+     - Fix use canonical two-pass buffer allocation in rsa_crypt() on 3.x
+     - Fix drain full OpenSSL error queue in croakSsl() for accurate errors
+     - Fix PSS auto-promote: check actual padding sent to EVP, not stored mode
+     - Migrate deprecated SHA* one-shot functions to EVP_Q_digest on 3.x
+
+     Features:
+     - Add use_sslv23_padding() Perl stub on OpenSSL 3.x (clear croak message)
+     - Add get_public_key_pkcs1_string() alias for API naming symmetry
+     - Add optional check=>1 parameter to new_key_from_parameters()
+     - Add valgrind CI job for memory leak detection
+
+     Tests:
+     - Extensive new test coverage for error paths, edge cases, key lifecycle,
+       private_encrypt/public_decrypt, PSS auto-promote cross-verification
+
 0.37 Oct 29 2025
      - Fix libressl bitwise logic error in RSA.xs
 
diff --git a/RSA.pm b/RSA.pm
index 0c2f580..2dd2dd2 100644
--- a/RSA.pm
+++ b/RSA.pm
@@ -5,7 +5,7 @@ use warnings;
 
 use Carp;    # Removing carp will break the XS code.
 
-our $VERSION = '0.37';
+our $VERSION = '0.38';
 
 use XSLoader;
 XSLoader::load 'Crypt::OpenSSL::RSA', $VERSION;