From: Abel Tom <abeltom.kernel@gmail.com>
Date: Wed, 6 May 2026 03:19:20 +0000 (+0200)
Subject: Fixes #30979: Added `BN_CTX_end` before free in sm2_sign and sm2_crypt.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35f91b9e00eac8232639a24f533aeb68b64e3438;p=thirdparty%2Fopenssl.git

Fixes #30979: Added `BN_CTX_end` before free in sm2_sign and sm2_crypt.

Added `BN_CTX_end` call before `BN_CTX_free` to keep the pattern
consistent with functions like `sm2_sig_verify`, `sm2_sig_gen`,
for instance.

Added missing `BN_CTX_start()` and `BN_CTX_end()` calls in
`ossl_sm2_compute_z_digest`. Fixed formatting.

Fixes: 3d328a445c2a "Add SM2 signature and ECIES schemes"

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Wed May 13 07:24:17 2026
(Merged from https://github.com/openssl/openssl/pull/31069)
---

diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index e7ae6a8bd0b..a1cbd88c2df 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -282,6 +282,7 @@ done:
     OPENSSL_free(x2y2);
     OPENSSL_free(C3);
     EVP_MD_CTX_free(hash);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     EC_POINT_free(kG);
     EC_POINT_free(kP);
@@ -422,6 +423,7 @@ done:
     OPENSSL_free(x2y2);
     OPENSSL_free(computed_C3);
     EC_POINT_free(C1);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     SM2_Ciphertext_free(sm2_ctext);
     EVP_MD_CTX_free(hash);
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index 755f7edd204..5e29900968a 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -75,6 +75,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
         goto done;
     }
 
+    BN_CTX_start(ctx);
     p = BN_CTX_get(ctx);
     a = BN_CTX_get(ctx);
     b = BN_CTX_get(ctx);
@@ -161,6 +162,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
 
 done:
     OPENSSL_free(buf);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     EVP_MD_CTX_free(hash);
     return rc;
@@ -342,6 +344,7 @@ done:
         BN_free(s);
     }
 
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     EC_POINT_free(kG);
     return sig;
@@ -425,8 +428,8 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
         ret = 1;
 
 done:
-    BN_CTX_end(ctx);
     EC_POINT_free(pt);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     return ret;
 }