From 127fcabb21d6f81664eb9c7f351032f018e52e19 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 12 Apr 2022 22:18:36 +0100
Subject: [PATCH] Fail gracefully upon unexpectedly large input to p25519
 reduction

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ecp_curves.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 571b0fe57..5788b0dba 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -5225,6 +5225,8 @@ static int ecp_mod_p255( mbedtls_mpi *N )
     const size_t NT_n = N->n - P255_WIDTH;
     if( N->n <= P255_WIDTH )
         return( 0 );
+    if( NT_n > P255_WIDTH )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
     /* Split N as N + 2^256 M */
     memset( Mp,   0,    sizeof( Mp ) );