From d47810ceb60fff51d495a3764d6f1257c417de66 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Thu, 21 May 2026 02:16:04 +0000
Subject: [PATCH] Fix three compiler warnings in RSA.xs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. extractBioString(): replace THROW+error with direct if+goto.
   The error variable was set by THROW but never read — the err
   handler unconditionally croaks via CHECK_OPEN_SSL(0).

2. rsa_crypt(): move the to_length<0 check into the pre-3.x #else
   block where to_length is int. On 3.x, to_length is size_t
   (unsigned), making the comparison always false (dead code) and
   triggering -Wtype-limits.

3. verify(): fix signed/unsigned comparison between EVP_PKEY_get_size()
   (int) and sig_length (STRLEN/size_t). Add explicit negative check
   before casting to STRLEN for the comparison.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/RSA.xs b/RSA.xs
index 238bebb..6cf557a 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -367,12 +367,11 @@ SV* extractBioString(BIO* p_stringBio)
     SV* sv;
     char* datap;
     long datasize;
-    int error = 0;
 
-    THROW(BIO_flush(p_stringBio) == 1);
+    if (BIO_flush(p_stringBio) != 1) goto err;
 
     datasize = BIO_get_mem_data(p_stringBio, &datap);
-    THROW(datasize > 0);
+    if (datasize <= 0) goto err;
 
     sv = newSVpv(datap, datasize);
 
@@ -526,12 +525,12 @@ SV* rsa_crypt(rsaData* p_rsa, SV* p_from,
     CHECK_NEW(to, size, UNSIGNED_CHAR);
     to_length = p_crypt(
        from_length, from, (unsigned char*) to, p_rsa->rsa, p_rsa->padding);
-#endif
     if (to_length < 0)
     {
         Safefree(to);
         CHECK_OPEN_SSL(0);
     }
+#endif
     sv = newSVpv((char* ) to, to_length);
     Safefree(to);
     return sv;
@@ -1505,9 +1504,12 @@ PPCODE:
     STRLEN sig_length;
 
     sig = (unsigned char*) SvPV(sig_SV, sig_length);
-    if (EVP_PKEY_get_size(p_rsa->rsa) < sig_length)
     {
-        croak("Signature longer than key");
+        int key_size = EVP_PKEY_get_size(p_rsa->rsa);
+        if (key_size < 0 || (STRLEN)key_size < sig_length)
+        {
+            croak("Signature longer than key");
+        }
     }
 
     unsigned char digest_buf[EVP_MAX_MD_SIZE];