From 26be89b3f6f183ef5da089bbf88b7eccbfc0c7f1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 21 Sep 2022 13:43:30 +0200
Subject: [PATCH] Bignum core: random: prepare to break out the core function

Shuffle things around a bit inside mbedtls_mpi_random() in preparation for
breaking out mbedtls_mpi_core_random().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/bignum.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/library/bignum.c b/library/bignum.c
index 98d2442bbe..82e47b7d8c 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1966,17 +1966,24 @@ int mbedtls_mpi_random( mbedtls_mpi *X,
                         int (*f_rng)(void *, unsigned char *, size_t),
                         void *p_rng )
 {
-    int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-    int count;
-    unsigned ge_lower = 1, lt_upper = 0;
-    size_t n_bits = mbedtls_mpi_bitlen( N );
-    size_t n_bytes = ( n_bits + 7 ) / 8;
-
     if( min < 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
     if( mbedtls_mpi_cmp_int( N, min ) <= 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
+    /* Ensure that target MPI has exactly the same number of limbs
+     * as the upper bound, even if the upper bound has leading zeros.
+     * This is necessary for the mbedtls_mpi_lt_mpi_ct() check. */
+    int ret = mbedtls_mpi_resize_clear( X, N->n );
+    if( ret != 0 )
+        return( ret );
+
+    unsigned ge_lower = 1, lt_upper = 0;
+    size_t n_bits = mbedtls_mpi_bitlen( N );
+    size_t n_bytes = ( n_bits + 7 ) / 8;
+
+    ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+
     /*
      * When min == 0, each try has at worst a probability 1/2 of failing
      * (the msb has a probability 1/2 of being 0, and then the result will
@@ -1994,12 +2001,7 @@ int mbedtls_mpi_random( mbedtls_mpi *X,
      * is small, use a higher repeat count, otherwise the probability of
      * failure is macroscopic.
      */
-    count = ( n_bytes > 4 ? 30 : 250 );
-
-    /* Ensure that target MPI has exactly the same number of limbs
-     * as the upper bound, even if the upper bound has leading zeros.
-     * This is necessary for the mbedtls_mpi_lt_mpi_ct() check. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, N->n ) );
+    int count = ( n_bytes > 4 ? 30 : 250 );
 
     /*
      * Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA)