From 6f711c304848f7656797e66c1fe5b0153d8e3bc0 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Wed, 27 May 2026 22:29:00 +0000
Subject: [PATCH] Use EVP_PKEY_check() for check_key() on OpenSSL 3.x

EVP_PKEY_private_check() only validates CRT parameters and
d*e congruence.  RSA_check_key() (used on pre-3.x) additionally
checks primality of p/q and n==p*q.  OpenSSL's migration guide
explicitly recommends EVP_PKEY_check() as the replacement.

Also clear the error queue after a failed check to prevent stale
errors from corrupting subsequent croakSsl() messages.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs          | 3 ++-
 t/check_param.t | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/RSA.xs b/RSA.xs
index 238bebb..e98fa3f 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -1296,11 +1296,12 @@ check_key(p_rsa)
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_pkey(NULL, p_rsa->rsa, NULL);
     CHECK_OPEN_SSL(pctx);
-    RETVAL = (EVP_PKEY_private_check(pctx) == 1);
+    RETVAL = (EVP_PKEY_check(pctx) == 1);
     EVP_PKEY_CTX_free(pctx);
 #else
     RETVAL = (RSA_check_key(p_rsa->rsa) == 1);
 #endif
+    if (!RETVAL) ERR_clear_error();
   OUTPUT:
     RETVAL
 
diff --git a/t/check_param.t b/t/check_param.t
index d58f8fc..5855505 100644
--- a/t/check_param.t
+++ b/t/check_param.t
@@ -62,7 +62,7 @@ my ( $n, $e, $d, $p, $q ) = $rsa->get_key_parameters();
 }
 
 # 5. check_key() returns exactly 1, not just truthy
-# OpenSSL's RSA_check_key/EVP_PKEY_private_check can return -1 on error,
+# OpenSSL's RSA_check_key/EVP_PKEY_check can return -1 on error,
 # which is truthy in Perl.  The XS code must normalize to 0/1.
 {
     cmp_ok( $rsa->check_key(), '==', 1,