Fix mbedtls_mpi_random when N has leading zeros

mbedtls_mpi_random() uses mbedtls_mpi_cmp_mpi_ct(), which requires its two arguments to have the same storage size. This was not the case when the upper bound passed to mbedtls_mpi_random() had leading zero limbs. Fix this by forcing the result MPI to the desired size. Since this is not what mbedtls_mpi_fill_random() does, don't call it from mbedtls_mpi_random(), but instead call a new auxiliary function. Add tests to cover this and other conditions with varying sizes for the two arguments. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-30 22:43:08 +03:00 · 2021-04-01 15:57:18 +02:00
parent be4b5dd8c1
commit 8f45470515
3 changed files with 88 additions and 8 deletions
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@ -1537,6 +1537,29 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE */
+void mpi_random_grown( int min, data_t *bound_bytes, int nlimbs )
+{
+    mbedtls_mpi upper_bound;
+    mbedtls_mpi result;
+
+    mbedtls_mpi_init( &upper_bound );
+    mbedtls_mpi_init( &result );
+
+    TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) );
+    TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
+                                            bound_bytes->x, bound_bytes->len ) );
+    TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
+                                       mbedtls_test_rnd_std_rand, NULL ) );
+    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
+    TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
+
+exit:
+    mbedtls_mpi_free( &upper_bound );
+    mbedtls_mpi_free( &result );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret )
 {