From 035213cd2d476bcf954efca56a04fe1e6ab46f85 Mon Sep 17 00:00:00 2001
From: AntonMoryakov <ant.v.moryakov@gmail.com>
Date: Mon, 2 Jun 2025 13:14:28 +0300
Subject: [PATCH] sm2: sm2_sign.c: check EC_KEY_get0_private_key() for NULL in
 sm2_sig_gen()

Static analysis revealed that sm2_sig_gen() dereferences the return value
of EC_KEY_get0_private_key() without checking for NULL. This could lead to
a crash if the private key is unset.

This patch adds a NULL check and raises ERR_R_PASSED_NULL_PARAMETER if the
key is missing.

Issue found by static analyzer:
> Return value of EC_KEY_get0_private_key() is dereferenced without checking for NULL (11/12 checked)

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27741)

Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 crypto/sm2/sm2_sign.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index 09e542990b..e297353abb 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -210,6 +210,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
     BIGNUM *tmp = NULL;
     OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
 
+    if (dA == NULL) {
+        ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY);
+        goto done;
+    }
     kG = EC_POINT_new(group);
     ctx = BN_CTX_new_ex(libctx);
     if (kG == NULL || ctx == NULL) {
-- 
Gitee