From 21c39782a2ede9a7be3b3b458895fe68785a14a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C5=8Dan?= <koan.bot@atoomic.org>
Date: Tue, 10 Feb 2026 20:50:46 -0700
Subject: [PATCH] fix: POD documentation errors and BIGNUM memory leak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Fix self-referencing typo in new_public_key docs:
  "use_pkcs1_pss_padding (or use_pkcs1_pss_padding)" → single reference
  with proper C<> POD formatting
- Fix "Version 0.38" reference (unreleased) → "On OpenSSL 3.x"
  to accurately describe when automatic padding selection applies
- Fix is_private docs: "false if it is private only" → "public only"
- Fix BIGNUM memory leak in generate_key on OpenSSL 3.x:
  `e = NULL; BN_free(e)` was a no-op, leaking the BIGNUM allocated
  by BN_new(). The set1 semantics of EVP_PKEY_CTX_set1_rsa_keygen_pubexp
  copy the value, so the caller must still free the original.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.pm | 9 ++++-----
 RSA.xs | 1 -
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/RSA.pm b/RSA.pm
index 42a296e..420e36a 100644
--- a/RSA.pm
+++ b/RSA.pm
@@ -114,9 +114,8 @@ C<-----BEGIN...-----> and C<-----END...-----> lines.
 The padding is set to PKCS1_OAEP, but can be changed with the
 C<use_xxx_padding> methods.
 
-Note, PKCS1_OAEP can only be used for encryption.  You must specifically
-call use_pkcs1_pss_padding (or use_pkcs1_pss_padding) prior to signing
-operations.
+Note, PKCS1_OAEP can only be used for encryption.  You must call
+C<use_pkcs1_pss_padding> prior to signing operations.
 
 =item new_private_key
 
@@ -252,7 +251,7 @@ While B<use_no_padding> can be used for encryption or signature operations
 B<use_pkcs1_pss_padding> is used for signature operations and
 B<use_pkcs1_oaep_padding> is used for encryption operations.
 
-Version 0.38 sets the appropriate padding for each operation unless
+On OpenSSL 3.x, the appropriate padding is set for each operation unless
 B<use_no_padding> is called before either operation.
 
 B<Note:> while C<pkcs1-pss> is the effective replacement for <pkcs1> your
@@ -374,7 +373,7 @@ C<Crypt::OpenSSL::Bignum> module must be installed for this to work.
 
 =item is_private
 
-Return true if this is a private key, and false if it is private only.
+Return true if this is a private key, and false if it is public only.
 
 =back
 
diff --git a/RSA.xs b/RSA.xs
index 6ff3a0d..31e499d 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -528,7 +528,6 @@ generate_key(proto, bitsSV, exponent = 65537)
     CHECK_OPEN_SSL(EVP_PKEY_generate(ctx, &rsa) == 1);
     CHECK_OPEN_SSL(rsa != NULL);
 
-    e = NULL;
     BN_free(e);
     EVP_PKEY_CTX_free(ctx);
 #endif