sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start()

In case of memory allocation failure this could happen.
t8m · Nov 19, 2024 · 58223f3 · 58223f3
1 parent 5c5b8d2
commit 58223f3
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
@@ -338,12 +338,10 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
     OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
 
     ctx = BN_CTX_new_ex(libctx);
-    pt = EC_POINT_new(group);
-    if (ctx == NULL || pt == NULL) {
-        ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB);
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB);
         goto done;
     }
-
     BN_CTX_start(ctx);
     t = BN_CTX_get(ctx);
     x1 = BN_CTX_get(ctx);
@@ -352,6 +350,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
         goto done;
     }
 
+    pt = EC_POINT_new(group);
+    if (pt == NULL) {
+        ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB);
+        goto done;
+    }
+
     /*
      * B1: verify whether r' in [1,n-1], verification failed if not
      * B2: verify whether s' in [1,n-1], verification failed if not