From e5e280b175a0c19c8cc2fd9762b5b6e20637a66c Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 30 Nov 2021 10:28:42 +1000
Subject: [PATCH] SP math all: fix exponent bit count

Only when using non-constant time implementation and modulus even.
---
 wolfcrypt/src/sp_int.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index 049759827..fb1dcc8eb 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -9285,7 +9285,7 @@ int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
     }
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     else if (mp_iseven(m)) {
-        err = _sp_exptmod_ex(b, e, e->used, m, r);
+        err = _sp_exptmod_ex(b, e, e->used * SP_WORD_SIZE, m, r);
     }
 #endif
     else {