From eca1b865a6d2a0edbc9eda679f70b4192557f51f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 19 Nov 2024 11:09:58 +0100 Subject: [PATCH] sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start() In case of memory allocation failure this could happen. Reviewed-by: Neil Horman Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/25994) (cherry picked from commit 93bfe97c5be0ca575411b39c9dec1103caa82f51) --- crypto/sm2/sm2_sign.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 9ddf889edee..a542fc2ceb1 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -338,12 +338,10 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); ctx = BN_CTX_new_ex(libctx); - pt = EC_POINT_new(group); - if (ctx == NULL || pt == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); + if (ctx == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); goto done; } - BN_CTX_start(ctx); t = BN_CTX_get(ctx); x1 = BN_CTX_get(ctx); @@ -352,6 +350,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, goto done; } + pt = EC_POINT_new(group); + if (pt == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); + goto done; + } + /* * B1: verify whether r' in [1,n-1], verification failed if not * B2: verify whether s' in [1,n-1], verification failed if not -- 2.47.2