Commit 35f91b9e00 for openssl.org
commit 35f91b9e00eac8232639a24f533aeb68b64e3438
Author: Abel Tom <abeltom.kernel@gmail.com>
Date: Wed May 6 05:19:20 2026 +0200
Fixes #30979: Added `BN_CTX_end` before free in sm2_sign and sm2_crypt.
Added `BN_CTX_end` call before `BN_CTX_free` to keep the pattern
consistent with functions like `sm2_sig_verify`, `sm2_sig_gen`,
for instance.
Added missing `BN_CTX_start()` and `BN_CTX_end()` calls in
`ossl_sm2_compute_z_digest`. Fixed formatting.
Fixes: 3d328a445c2a "Add SM2 signature and ECIES schemes"
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Wed May 13 07:24:17 2026
(Merged from https://github.com/openssl/openssl/pull/31069)
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index e7ae6a8bd0..a1cbd88c2d 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -282,6 +282,7 @@ done:
OPENSSL_free(x2y2);
OPENSSL_free(C3);
EVP_MD_CTX_free(hash);
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
EC_POINT_free(kG);
EC_POINT_free(kP);
@@ -422,6 +423,7 @@ done:
OPENSSL_free(x2y2);
OPENSSL_free(computed_C3);
EC_POINT_free(C1);
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
SM2_Ciphertext_free(sm2_ctext);
EVP_MD_CTX_free(hash);
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index 755f7edd20..5e29900968 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -75,6 +75,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
goto done;
}
+ BN_CTX_start(ctx);
p = BN_CTX_get(ctx);
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
@@ -161,6 +162,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
done:
OPENSSL_free(buf);
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
EVP_MD_CTX_free(hash);
return rc;
@@ -342,6 +344,7 @@ done:
BN_free(s);
}
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
EC_POINT_free(kG);
return sig;
@@ -425,8 +428,8 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
ret = 1;
done:
- BN_CTX_end(ctx);
EC_POINT_free(pt);
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}