1 files changed, 23 insertions, 5 deletions

diff --git a/ssl/ssl_rsa_legacy.c b/ssl/ssl_rsa_legacy.c
index 49cd7a3bbaa5..ce03fcd9907e 100644
--- a/ssl/ssl_rsa_legacy.c
+++ b/ssl/ssl_rsa_legacy.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -28,7 +28,11 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
         return 0;
     }
 
-    RSA_up_ref(rsa);
+    if (!RSA_up_ref(rsa)) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
     if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
         RSA_free(rsa);
         EVP_PKEY_free(pkey);
@@ -43,9 +47,14 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
 {
     int j, ret = 0;
-    BIO *in;
+    BIO *in = NULL;
     RSA *rsa = NULL;
 
+    if (file == NULL) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
+        goto end;
+    }
+
     in = BIO_new(BIO_s_file());
     if (in == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
@@ -110,7 +119,11 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
         return 0;
     }
 
-    RSA_up_ref(rsa);
+    if (!RSA_up_ref(rsa)) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
     if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
         RSA_free(rsa);
         EVP_PKEY_free(pkey);
@@ -125,9 +138,14 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 {
     int j, ret = 0;
-    BIO *in;
+    BIO *in = NULL;
     RSA *rsa = NULL;
 
+    if (file == NULL) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
+        goto end;
+    }
+
     in = BIO_new(BIO_s_file());
     if (in == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);