Fix accessing garbage on error path.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Reported-by: Anthony Romano <anthony.romano@coreos.com>

polarssl/library/bignum.c

@@ -1632,7 +1632,6 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
      * Init temps and window size
      */
     mpi_montg_init( &mm, N );
-    MPI_CHK( mpi_grow( X, N->n ) );
 
     /*
      * If 1st call, pre-compute R^2 mod N
@@ -1658,6 +1657,8 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
         memset (d, 0, N->n * ciL); /* Set lower half of D zero. */
     }
 
+    MPI_CHK( mpi_grow( X, N->n ) );
+
     /*
      * W[1] = A * R^2 * R^-1 mod N = A * R mod N
      */