fix defect

sm2/sm2.go

@@ -337,8 +337,7 @@ func Encrypt(random io.Reader, pub *ecdsa.PublicKey, msg []byte, opts *Encrypter
 		//A5, calculate t=KDF(x2||y2, klen)
 		var kdfCount int = 0
 		c2 := kdf.Kdf(sm3.New(), append(toBytes(curve, x2), toBytes(curve, y2)...), msgLen)
-		success := subtle.ConstantTimeAllZero(c2)
+		if subtle.ConstantTimeAllZero(c2) {
-		if !success {
 			kdfCount++
 			if kdfCount > maxRetryLimit {
 				return nil, fmt.Errorf("sm2: A5, failed to calculate valid t, tried %v times", kdfCount)
@@ -399,8 +398,7 @@ func rawDecrypt(priv *PrivateKey, x1, y1 *big.Int, c2, c3 []byte) ([]byte, error
 	x2, y2 := curve.ScalarMult(x1, y1, priv.D.Bytes())
 	msgLen := len(c2)
 	msg := kdf.Kdf(sm3.New(), append(toBytes(curve, x2), toBytes(curve, y2)...), msgLen)
-	success := subtle.ConstantTimeAllZero(c2)
+	if subtle.ConstantTimeAllZero(c2) {
-	if !success {
 		return nil, errors.New("sm2: invalid cipher text")
 	}
 

sm9/sm9.go

@@ -228,8 +228,7 @@ func WrapKey(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte,
 		buffer = append(buffer, uid...)
 
 		key = kdf.Kdf(sm3.New(), buffer, kLen)
-		ok = subtle.ConstantTimeAllZero(key)
+		if !subtle.ConstantTimeAllZero(key) {
-		if ok {
 			break
 		}
 	}
@@ -300,8 +299,7 @@ func UnwrapKey(priv *EncryptPrivateKey, uid []byte, cipher *bn256.G1, kLen int)
 	buffer = append(buffer, uid...)
 
 	key := kdf.Kdf(sm3.New(), buffer, kLen)
-	ok := subtle.ConstantTimeAllZero(key)
+	if subtle.ConstantTimeAllZero(key) {
-	if !ok {
 		return nil, errors.New("sm9: invalid cipher")
 	}
 	return key, nil