From a2b51ca6acae9e1c819e0d2e4aa1584b675c4cb7 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 11:51:05 +1000
Subject: [PATCH 1/6] Free 'rsa' if 'e' is NULL in opensslrsa_verify2

---
 lib/dns/opensslrsa_link.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 4d8c29ea89..3c72441727 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -202,6 +202,7 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
 	}
 	RSA_get0_key(rsa, NULL, &e, NULL);
 	if (e == NULL) {
+		RSA_free(rsa);
 		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 	}
 	bits = BN_num_bits(e);

From 5603cd69d170f49916bec3ca78ab3e4830170950 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 11:52:55 +1000
Subject: [PATCH 2/6] Check that 'e' and 'n' are non-NULL in opensslrsa_todns

---
 lib/dns/opensslrsa_link.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 3c72441727..64287854cc 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -591,10 +591,10 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
 #else
 	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e);
 	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n);
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
 	if (e == NULL || n == NULL) {
 		DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	}
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
 
 	mod_bytes = BN_num_bytes(n);
 	e_bytes = BN_num_bytes(e);

From db70c302138f02b6e1fca6e89cf2da35b2ca0ae4 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 11:57:17 +1000
Subject: [PATCH 3/6] Check that 'e' and 'n' are allocated in
 opensslrsa_fromdns

---
 lib/dns/opensslrsa_link.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 64287854cc..ce40ab1c31 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -692,6 +692,9 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
 	e = BN_bin2bn(r.base, e_bytes, NULL);
 	isc_region_consume(&r, e_bytes);
 	n = BN_bin2bn(r.base, r.length, NULL);
+	if (e == NULL || n == NULL) {
+		DST_RET(ISC_R_NOMEMORY);
+	}
 
 	key->key_size = BN_num_bits(n);
 

From 483c5a19781b0930c6e72bb2b498130c3f83d13f Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 12:05:33 +1000
Subject: [PATCH 4/6] Free 'n' on error path in rsa_check

---
 lib/dns/opensslrsa_link.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index ce40ab1c31..2895ce28ce 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -999,6 +999,9 @@ rsa_check(RSA *rsa, RSA *pub) {
 		}
 		if (e1 != NULL) {
 			if (BN_cmp(e1, e2) != 0) {
+				if (n != NULL) {
+					BN_free(n);
+				}
 				return (DST_R_INVALIDPRIVATEKEY);
 			}
 		} else {

From a47235f4f5af0286aadd43eeccf946a8f35a5dc8 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 12:06:44 +1000
Subject: [PATCH 5/6] Check BN_dup results in rsa_check

---
 lib/dns/opensslrsa_link.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 2895ce28ce..bc89ca9a08 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -996,6 +996,9 @@ rsa_check(RSA *rsa, RSA *pub) {
 			}
 		} else {
 			n = BN_dup(n2);
+			if (n == NULL) {
+				return (ISC_R_NOMEMORY);
+			}
 		}
 		if (e1 != NULL) {
 			if (BN_cmp(e1, e2) != 0) {
@@ -1006,6 +1009,12 @@ rsa_check(RSA *rsa, RSA *pub) {
 			}
 		} else {
 			e = BN_dup(e2);
+			if (e == NULL) {
+				if (n != NULL) {
+					BN_free(n);
+				}
+				return (ISC_R_NOMEMORY);
+			}
 		}
 		if (RSA_set0_key(rsa, n, e, NULL) == 0) {
 			if (n != NULL) {

From 1e3680193aa63d855591bc8b67f5b43e3128680b Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 12:12:30 +1000
Subject: [PATCH 6/6] Add CHANGES note for [GL #3551]

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 10bf4b476f..9bf6f54a32 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5988.	[bug]		Some out of memory conditions in opensslrsa_link.c
+			could lead to memory leaks. [GL #3551]
+
 5987.	[func]		Provide custom isc_mem based allocators for libuv,
 			OpenSSL and libxml2 libraries that support replacing
 			the internal allocators. [GL #3559]