From 6454993e2e3c00ff2e23029e8a9357c3805382a9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 11 Apr 2022 07:35:58 +0100
Subject: [PATCH] Safeguard against calling p255 reduction with single-width
 MPI

(In this case, there's nothing to do anyway since we only do a
quasi-reduction to N+1 limbs)

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ecp_curves.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 6bc859139..5f541ad13 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -5223,7 +5223,7 @@ static int ecp_mod_p255( mbedtls_mpi *N )
     /* Helper references for top part of N */
     mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;
     unsigned const NT_n = N->n - P255_WIDTH;
-    if( NT_n > P255_WIDTH )
+    if( NT_n == 0 || NT_n > P255_WIDTH )
         return( 0 );
 
     /* Split N as N + 2^256 M */