check the return value of BN_dup() in rsa_lib.c:1248

Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17168)
author: x2018 <xkernel.wang@foxmail.com> 2021-11-30 20:33:32 +0800
committer: Tomas Mraz <tomas@openssl.org> 2021-12-02 09:51:16 +0100
commit: 9d1a27051dcd4e7a621df54a073587c6c4486476 (patch)
tree: 104d4096b9708c3dc0d7ad856d63797cd22c23ac /crypto/rsa
parent: 07ba69483a7d8005a53284cbde55b9dac8c5c554 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 6433282597..a8a6d6c758 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -1244,8 +1244,11 @@ int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
      * When we're dealing with a provider, there's no need to duplicate
      * pubexp, as it gets copied when transforming to an OSSL_PARAM anyway.
      */
-    if (evp_pkey_ctx_is_legacy(ctx))
+    if (evp_pkey_ctx_is_legacy(ctx)) {
         pubexp = BN_dup(pubexp);
+        if (pubexp == NULL)
+            return 0;
+    }
     ret = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,
                             EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp);
     if (evp_pkey_ctx_is_legacy(ctx) && ret <= 0)
author	x2018 <xkernel.wang@foxmail.com>	2021-11-30 20:33:32 +0800
committer	Tomas Mraz <tomas@openssl.org>	2021-12-02 09:51:16 +0100
commit	9d1a27051dcd4e7a621df54a073587c6c4486476 (patch)
tree	104d4096b9708c3dc0d7ad856d63797cd22c23ac /crypto/rsa
parent	07ba69483a7d8005a53284cbde55b9dac8c5c554 (diff)