From 3fb8f6dc97c93b333bbe61d3b6bba54654157645 Mon Sep 17 00:00:00 2001
From: Sam Roberts <vieuxtech@gmail.com>
Date: Thu, 4 Apr 2019 15:07:51 -0700
Subject: [PATCH] crypto: fix rsa key gen with non-default exponent

EVP_PKEY_CTX_set_rsa_keygen_pubexp() accepts ownership of the exponent
on success, so do not free it.

Fixes: https://github.com/nodejs/node/issues/27087
---
 src/node_crypto.cc                  | 2 ++
 test/parallel/test-crypto-keygen.js | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 1bdc099b345fb7..44af02f72bba23 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -6068,8 +6068,10 @@ class RSAKeyPairGenerationConfig : public KeyPairGenerationConfig {
       BignumPointer bn(BN_new());
       CHECK_NOT_NULL(bn.get());
       CHECK(BN_set_word(bn.get(), exponent_));
+      // EVP_CTX acceps ownership of bn on success.
       if (EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx.get(), bn.get()) <= 0)
         return false;
+      bn.release();
     }
 
     return true;
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
index 66840dd43de494..a021109b7f4da6 100644
--- a/test/parallel/test-crypto-keygen.js
+++ b/test/parallel/test-crypto-keygen.js
@@ -73,7 +73,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
   // To make the test faster, we will only test sync key generation once and
   // with a relatively small key.
   const ret = generateKeyPairSync('rsa', {
-    publicExponent: 0x10001,
+    publicExponent: 3,
     modulusLength: 512,
     publicKeyEncoding: {
       type: 'pkcs1',
@@ -146,7 +146,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
 
   // Now do the same with an encrypted private key.
   generateKeyPair('rsa', {
-    publicExponent: 0x10001,
+    publicExponent: 0x1001,
     modulusLength: 512,
     publicKeyEncoding,
     privateKeyEncoding: {