ec/ec_mult.c: get BN_CTX_start,end sequence right.

Triggered by Coverity analysis.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 7d859d1c8868b81c5d810021af0b40f355af4e1f)

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6549)

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index cac9591fac92c712634631ae7b60d660d6e78e65..52d88880b38ee24f0ad4e25a157f24d243c8ad9b 100644 (file)
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -144,7 +144,9 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
     int ret = 0;
 
     if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
-        goto err;
+        return 0;
+
+    BN_CTX_start(ctx);
 
     order_bits = BN_num_bits(group->order);
 
@@ -162,7 +164,6 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
 
     EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME);
 
-    BN_CTX_start(ctx);
     lambda = BN_CTX_get(ctx);
     k = BN_CTX_get(ctx);
     if (k == NULL)