From d6fb0d87718e21864c87783fd7dac73ea9d60aa3 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Thu, 21 May 2026 02:10:11 +0000
Subject: [PATCH] Check BN_new() and RSA_new() return values in generate_key()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BN_new() can return NULL on memory exhaustion. The subsequent
BN_set_word(e, exponent) would dereference NULL — a segfault instead
of a clean error. Similarly, on OpenSSL 0.9.8–2.x, RSA_new() was
unchecked; failure would pass NULL to RSA_generate_key_ex().

Add CHECK_OPEN_SSL(e) after BN_new(), and an explicit NULL check
with cleanup for RSA_new() in the 0.9.8–2.x code path.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/RSA.xs b/RSA.xs
index 238bebb..ecb3f4b 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -859,6 +859,7 @@ generate_key(proto, bitsSV, exponent = 65537)
     if (exponent < 3 || (exponent % 2) == 0)
         croak("RSA exponent must be odd and >= 3 (got %lu)", exponent);
     e = BN_new();
+    CHECK_OPEN_SSL(e);
     BN_set_word(e, exponent);
 #if OPENSSL_VERSION_NUMBER < 0x00908000L
     rsa = RSA_generate_key(SvIV(bitsSV), exponent, NULL, NULL);
@@ -867,6 +868,11 @@ generate_key(proto, bitsSV, exponent = 65537)
 #endif
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && OPENSSL_VERSION_NUMBER < 0x30000000L
     rsa = RSA_new();
+    if (!rsa)
+    {
+        BN_free(e);
+        croakSsl(__FILE__, __LINE__);
+    }
     if (!RSA_generate_key_ex(rsa, SvIV(bitsSV), e, NULL))
     {
         BN_free(e);