From cc39f9250957dfe6e9f1b62a4eca1863e8451483 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Mon, 7 May 2018 10:27:45 +0200
Subject: [PATCH] ec/ec_mult.c: get BN_CTX_start,end sequence right.

Triggered by Coverity analysis.

Reviewed-by: Rich Salz <rsalz@openssl.org>

(cherry picked from commit 7d859d1c8868b81c5d810021af0b40f355af4e1f)

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6549)
---
 crypto/ec/ec_mult.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index cac9591fac..52d88880b3 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -144,7 +144,9 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
     int ret = 0;
 
     if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
-        goto err;
+        return 0;
+
+    BN_CTX_start(ctx);
 
     order_bits = BN_num_bits(group->order);
 
@@ -162,7 +164,6 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
 
     EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME);
 
-    BN_CTX_start(ctx);
     lambda = BN_CTX_get(ctx);
     k = BN_CTX_get(ctx);
     if (k == NULL)
-- 
2.25.1