From ae76d66d535f12cafb33da7f46680f012c1a9196 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 19 Jul 2017 10:48:16 +0900
Subject: [PATCH] Fix accessing garbage on error path.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Reported-by: Anthony Romano <anthony.romano@coreos.com>
---
 ChangeLog                 | 5 +++++
 polarssl/library/bignum.c | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index bd238dd..929455c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-07-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* polarssl/library/bignum.c (mpi_exp_mod): Call mpi_grow for X
+	after the initialization of RR.
+
 2017-07-18  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* src/configure: Bark when not git.
diff --git a/polarssl/library/bignum.c b/polarssl/library/bignum.c
index 92c3167..0f458af 100644
--- a/polarssl/library/bignum.c
+++ b/polarssl/library/bignum.c
@@ -1632,7 +1632,6 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
      * Init temps and window size
      */
     mpi_montg_init( &mm, N );
-    MPI_CHK( mpi_grow( X, N->n ) );
 
     /*
      * If 1st call, pre-compute R^2 mod N
@@ -1658,6 +1657,8 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
         memset (d, 0, N->n * ciL); /* Set lower half of D zero. */
     }
 
+    MPI_CHK( mpi_grow( X, N->n ) );
+
     /*
      * W[1] = A * R^2 * R^-1 mod N = A * R mod N
      */