Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17168)
* When we're dealing with a provider, there's no need to duplicate
* pubexp, as it gets copied when transforming to an OSSL_PARAM anyway.
*/
- if (evp_pkey_ctx_is_legacy(ctx))
+ if (evp_pkey_ctx_is_legacy(ctx)) {
pubexp = BN_dup(pubexp);
+ if (pubexp == NULL)
+ return 0;
+ }
ret = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp);
if (evp_pkey_ctx_is_legacy(ctx) && ret <= 0)