From 85fce045130123547b991d9a571afc0104406ecc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C5=8Dan?= <koan.bot@atoomic.org>
Date: Wed, 11 Mar 2026 06:43:12 -0600
Subject: [PATCH] fix: remove unnecessary OSSL_LIB_CTX per-call allocation in
 rsa_crypt()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On OpenSSL 3.x, rsa_crypt() created a new OSSL_LIB_CTX on every
encrypt/decrypt call, but only used it for the public key path.
Private key operations already used EVP_PKEY_CTX_new() with the
default (NULL) context.

Replace both paths with a single EVP_PKEY_CTX_new_from_pkey(NULL, ...)
call, eliminating the per-call OSSL_LIB_CTX_new()/free() overhead.
The default library context is appropriate here — no custom providers
or property queries are needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/RSA.xs b/RSA.xs
index a479548..75cad1a 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -336,16 +336,10 @@ SV* rsa_crypt(rsaData* p_rsa, SV* p_from,
     }
 
     EVP_PKEY_CTX *ctx = NULL;
-    OSSL_LIB_CTX *ossllibctx = NULL;
     int error = 0;
     int crypt_pad;
 
-    ossllibctx = OSSL_LIB_CTX_new();
-    if (public) {
-        ctx = EVP_PKEY_CTX_new_from_pkey(ossllibctx, (EVP_PKEY* )p_rsa->rsa, NULL);
-    } else {
-        ctx = EVP_PKEY_CTX_new((EVP_PKEY* )p_rsa->rsa, NULL);
-    }
+    ctx = EVP_PKEY_CTX_new_from_pkey(NULL, (EVP_PKEY* )p_rsa->rsa, NULL);
 
     THROW(ctx);
 
@@ -359,12 +353,10 @@ SV* rsa_crypt(rsaData* p_rsa, SV* p_from,
     THROW(p_crypt(ctx, to, &to_length, from, from_length) == 1);
 
     EVP_PKEY_CTX_free(ctx);
-    OSSL_LIB_CTX_free(ossllibctx);
 
     goto crypt_done;
     err:
         if (ctx) EVP_PKEY_CTX_free(ctx);
-        if (ossllibctx) OSSL_LIB_CTX_free(ossllibctx);
         Safefree(to);
         CHECK_OPEN_SSL(0);
     crypt_done: