From b786eaf1b16fb0bce96e7f0816385b5e932eb7c3 Mon Sep 17 00:00:00 2001
From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Tue, 19 May 2026 15:00:23 +0200
Subject: [PATCH] BUG/MINOR: jws: Add missing return value check
 (EVP_PKEY_get_bn_param)

Two calls of 'EVP_PKEY_get_bn_param' did not have their return value
checked.

This patch can be backported up to 3.2.
---
 src/jws.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/jws.c b/src/jws.c
index ae94fc3ca..769a74b1e 100644
--- a/src/jws.c
+++ b/src/jws.c
@@ -59,8 +59,10 @@ static size_t EVP_PKEY_EC_to_pub_jwk(EVP_PKEY *pkey, char *dst, size_t dsize)
 	size_t curvelen;
 	int nid;
 
-	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x);
-	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y);
+	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x) == 0)
+		goto out;
+	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y) == 0)
+		goto out;
 
 	if (EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, curve, sizeof(curve), &curvelen) == 0)
 		goto out;