root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start() 

In case of memory allocation failure this
could happen.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25994)
This commit is contained in:
Tomas Mraz 2024-11-19 11:09:58 +01:00
parent 0c64b1ca03
commit 93bfe97c5b
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/sm2/sm2_sign.c
View File

@ -338,12 +338,10 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
ctx = BN_CTX_new_ex(libctx);
pt = EC_POINT_new(group);
if (ctx == NULL || pt == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB);
if (ctx == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB);
goto done;
}
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
x1 = BN_CTX_get(ctx);
@ -352,6 +350,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
goto done;
}
pt = EC_POINT_new(group);
if (pt == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB);
goto done;
}
/*
* B1: verify whether r' in [1,n-1], verification failed if not
* B2: verify whether s' in [1,n-1], verification failed if not