From 2eb9e0551825b6af7c319e9df71658c1bf4615ef Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 29 May 2020 11:21:37 +1000
Subject: [PATCH] Fix ecc mulmod to only do one more bit than modulus len

---
 wolfcrypt/src/ecc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 598733980..efbb61322 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2836,11 +2836,13 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
 
    /* setup sliding window */
    mode   = 0;
-   bitcnt = 1;
-   buf    = 0;
    digidx = get_digit_count(modulus) - 1;
    /* The order MAY be 1 bit longer than the modulus. */
-   digidx += (modulus->dp[digidx] >> (DIGIT_BIT-1));
+   digidx += modulus->dp[digidx] >> (DIGIT_BIT-1);
+   bitcnt = (mp_count_bits(modulus) + 1) % DIGIT_BIT;
+   buf    = get_digit(k, digidx) << (DIGIT_BIT - bitcnt);
+   bitcnt = (bitcnt + 1) % DIGIT_BIT;
+   digidx -= bitcnt != 1;
 
    /* perform ops */
    if (err == MP_OKAY) {