diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c
index 4dac2b510..644277ebe 100644
--- a/components/mbedtls/port/esp_bignum.c
+++ b/components/mbedtls/port/esp_bignum.c
@@ -361,6 +361,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi
     mbedtls_mpi *Rinv;    /* points to _Rinv (if not NULL) othwerwise &RR_new */
     mbedtls_mpi_uint Mprime;
 
+    if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+
+    if (mbedtls_mpi_cmp_int(Y, 0) < 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+
+    if (mbedtls_mpi_cmp_int(Y, 0) == 0) {
+        return mbedtls_mpi_lset(Z, 1);
+    }
+
     if (hw_words * 32 > 4096) {
         return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
     }
@@ -394,13 +406,24 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi
     start_op(RSA_START_MODEXP_REG);
 
     /* X ^ Y may actually be shorter than M, but unlikely when used for crypto */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, m_words) );
+    if ((ret = mbedtls_mpi_grow(Z, m_words)) != 0) {
+        esp_mpi_release_hardware();
+        goto cleanup;
+    }
 
     wait_op_complete(RSA_START_MODEXP_REG);
 
     mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, m_words);
     esp_mpi_release_hardware();
 
+    // Compensate for negative X
+    if (X->s == -1 && (Y->p[0] & 1) != 0) {
+        Z->s = -1;
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z));
+    } else {
+        Z->s = 1;
+    }
+
  cleanup:
     if (_Rinv == NULL) {
         mbedtls_mpi_free(&Rinv_new);