From: Weili Qian <qianweili@huawei.com> Since ECDSA_SIG_free() will free br and bs, If the ECDSA_SIG_set0() is invoked in advance, the double free error occurs in the release process if the subsequent execution fails. Therefore, adjust ECDSA_SIG_set0() to the last call. Signed-off-by: Weili Qian <qianweili@huawei.com> Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com> --- src/uadk_ec.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/src/uadk_ec.c b/src/uadk_ec.c index aaf0127..22695d4 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -432,40 +432,41 @@ static ECDSA_SIG *create_ecdsa_sig(struct wd_ecc_req *req) ECDSA_SIG *sig; int ret; - sig = ECDSA_SIG_new(); - if (!sig) { - fprintf(stderr, "failed to ECDSA_SIG_new\n"); - return NULL; - } - br = BN_new(); bs = BN_new(); if (!br || !bs) { fprintf(stderr, "failed to BN_new r or s\n"); - goto err; - } - - ret = ECDSA_SIG_set0(sig, br, bs); - if (!ret) { - fprintf(stderr, "failed to ECDSA_SIG_set0\n"); - goto err; + goto free_bn; } wd_ecdsa_get_sign_out_params(req->dst, &r, &s); if (!r || !s) { fprintf(stderr, "failed to get r or s\n"); - goto err; + goto free_bn; } if (!BN_bin2bn((void *)r->data, r->dsize, br) || !BN_bin2bn((void *)s->data, s->dsize, bs)) { fprintf(stderr, "failed to BN_bin2bn r or s\n"); - goto err; + goto free_bn; + } + + sig = ECDSA_SIG_new(); + if (!sig) { + fprintf(stderr, "failed to ECDSA_SIG_new\n"); + goto free_bn; + } + + ret = ECDSA_SIG_set0(sig, br, bs); + if (!ret) { + fprintf(stderr, "failed to ECDSA_SIG_set0\n"); + goto free_sig; } return sig; -err: +free_sig: ECDSA_SIG_free(sig); +free_bn: BN_free(br); BN_free(bs); return NULL; -- 2.33.0