commit 009d195a56522868cc7a887783f5db04706fd2ac
author Gilles Peskine <Gilles.Peskine@arm.com> Fri Sep 09 21:00:00 2022 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Nov 02 16:00:01 2022 +0100
tree 029fcc930e5e433edec4a2640bee50d264aa1dcc
parent 5980f2bd36b6e5508550085dd05d59069e4047ab

Move mbedtls_mpi_core_fill_random to the proper .c file

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/bignum_core.c

diff --git a/library/bignum_core.c b/library/bignum_core.c
index b3bb3bc..e405995 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -553,4 +553,33 @@
     }
 }
 
+
+/* Fill X with n_bytes random bytes.
+ * X must already have room for those bytes.
+ * The ordering of the bytes returned from the RNG is suitable for
+ * deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_core_random()).
+ * The size and sign of X are unchanged.
+ * n_bytes must not be 0.
+ */
+int mbedtls_mpi_core_fill_random(
+    mbedtls_mpi_uint *X, size_t X_limbs,
+    size_t n_bytes,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    const size_t limbs = CHARS_TO_LIMBS( n_bytes );
+    const size_t overhead = ( limbs * ciL ) - n_bytes;
+
+    if( X_limbs < limbs )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    memset( X, 0, overhead );
+    memset( (unsigned char *) X + limbs * ciL, 0, ( X_limbs - limbs ) * ciL );
+    MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X + overhead, n_bytes ) );
+    mbedtls_mpi_core_bigendian_to_host( X, limbs );
+
+cleanup:
+    return( ret );
+}
+
 #endif /* MBEDTLS_BIGNUM_C */