From a12ace61221607c6411e9656b0bcac86000d2f57 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Sat, 14 Mar 2026 15:38:17 +0000
Subject: [PATCH 1/2] fix: free EVP_PKEY_CTX and OSSL_PARAM resources in
 _new_key_from_parameters()

On the OpenSSL 3.x code path, three resources were leaked:

- test_ctx (EVP_PKEY_CTX for key validation) was never freed after
  EVP_PKEY_check(). Fixed by capturing the check result, freeing
  test_ctx, then testing the result.

- pctx (EVP_PKEY_CTX for fromdata) was never freed in either the
  if(p||q) or else branch. Added EVP_PKEY_CTX_free(pctx) after
  EVP_PKEY_fromdata() succeeds in both branches.

- params_build (OSSL_PARAM_BLD) and params (OSSL_PARAM) were freed
  in the if(p||q) branch but leaked in the else branch. Added
  matching frees.

All three resources are also freed in the err: cleanup path (guarded
by #if OPENSSL_VERSION_NUMBER >= 0x30000000L) to handle THROW() jumps.
Normal-path frees NULL the pointers to prevent double-free on
fall-through to err:.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/RSA.xs b/RSA.xs
index af12460..52b06aa 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -714,10 +714,6 @@ _new_key_from_parameters(proto, n, e, d, p, q)
         params_build = NULL;
         params = NULL;
         THROW( status > 0 && rsa != NULL );
-        OSSL_PARAM_BLD_free(params_build);
-        params_build = NULL;
-        OSSL_PARAM_free(params);
-        params = NULL;
         EVP_PKEY_CTX_free(pctx);
         pctx = NULL;
 #else
@@ -741,6 +737,7 @@ _new_key_from_parameters(proto, n, e, d, p, q)
         if (iqmp) BN_clear_free(iqmp);
         if (ctx) BN_CTX_free(ctx);
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+        if (pctx) EVP_PKEY_CTX_free(pctx);
         if (params_build) OSSL_PARAM_BLD_free(params_build);
         if (params) OSSL_PARAM_free(params);
 #endif

From 8ec03468bd8dbce795826091db3586fbb547ee98 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Wed, 18 Mar 2026 01:31:32 +0000
Subject: [PATCH 2/2] rebase: apply review feedback on #99

---
 RSA.xs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/RSA.xs b/RSA.xs
index 52b06aa..aa82c88 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -737,9 +737,9 @@ _new_key_from_parameters(proto, n, e, d, p, q)
         if (iqmp) BN_clear_free(iqmp);
         if (ctx) BN_CTX_free(ctx);
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-        if (pctx) EVP_PKEY_CTX_free(pctx);
-        if (params_build) OSSL_PARAM_BLD_free(params_build);
-        if (params) OSSL_PARAM_free(params);
+        if (pctx) { EVP_PKEY_CTX_free(pctx); pctx = NULL; }
+        if (params_build) { OSSL_PARAM_BLD_free(params_build); params_build = NULL; }
+        if (params) { OSSL_PARAM_free(params); params = NULL; }
 #endif
         if (error)
         {