diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index a4cad865c76eb5..c62106381023f6 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -6084,8 +6084,10 @@ class RSAKeyPairGenerationConfig : public KeyPairGenerationConfig {
       BignumPointer bn(BN_new());
       CHECK_NOT_NULL(bn.get());
       CHECK(BN_set_word(bn.get(), exponent_));
+      // EVP_CTX acceps ownership of bn on success.
       if (EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx.get(), bn.get()) <= 0)
         return false;
+      bn.release();
     }
 
     return true;
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
index d327c7a078f298..07a0a18c301196 100644
--- a/test/parallel/test-crypto-keygen.js
+++ b/test/parallel/test-crypto-keygen.js
@@ -87,7 +87,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
   // To make the test faster, we will only test sync key generation once and
   // with a relatively small key.
   const ret = generateKeyPairSync('rsa', {
-    publicExponent: 0x10001,
+    publicExponent: 3,
     modulusLength: 512,
     publicKeyEncoding: {
       type: 'pkcs1',
@@ -160,7 +160,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
 
   // Now do the same with an encrypted private key.
   generateKeyPair('rsa', {
-    publicExponent: 0x10001,
+    publicExponent: 0x1001,
     modulusLength: 512,
     publicKeyEncoding,
     privateKeyEncoding: {