mpi_fill_random_internal: remove spurious grow() call
Since the internal function mpi_fill_random_internal() assumes that X
has the right size, there is no need to call grow().
To further simplify the function, set the sign outside, and zero out
the non-randomized part directly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/bignum.c b/library/bignum.c
index 244725c..d949fd1 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2397,6 +2397,7 @@
/* Fill X with n_bytes random bytes.
* X must already have room for those bytes.
+ * The size and sign of X are unchanged.
* n_bytes must not be 0.
*/
static int mpi_fill_random_internal(
@@ -2409,9 +2410,9 @@
if( X->n < limbs )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
+ memset( X->p, 0, overhead );
+ memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL );
MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) );
mpi_bigendian_to_host( X->p, limbs );
@@ -2443,6 +2444,7 @@
mbedtls_mpi_init( X );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
}
+ X->s = 1;
if( size == 0 )
return( 0 );
@@ -2501,6 +2503,7 @@
mbedtls_mpi_init( X );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, N->n ) );
}
+ X->s = 1;
/*
* Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA)