From 485cfd798b386358fb74eedefd9651bb3e3527ba Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 18 Jun 2021 09:28:51 +1000
Subject: [PATCH] SP int negative: check size of a in mp_mod

When using negative numbers, t is allocated to be one digit longer than
a->used. Fail when a->used is SP_DIGIT_MAX.
---
 wolfcrypt/src/sp_int.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index 88dce14fa..1458a106b 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -4722,6 +4722,11 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
     if ((a == NULL) || (m == NULL) || (r == NULL)) {
         err = MP_VAL;
     }
+#ifdef WOLFSSL_SP_INT_NEGATIVE
+    if ((err == MP_OKAY) && (a->used >= SP_INT_DIGITS)) {
+        err = MP_VAL;
+    }
+#endif
 
 #ifndef WOLFSSL_SP_INT_NEGATIVE
     if (err == MP_OKAY) {