Improve sign/key_tries handling

(Unrelated to restartable work, just noticed while staring at the code.) Checking at the end is inefficient as we might give up when we just generated a valid signature or key.
2025-12-21 21:36:21 +01:00 · 2017-04-21 13:19:43 +02:00 · 2017-04-21 13:19:43 +02:00 · 675439620d
commit 675439620d
parent b90883dc1d
2 changed files with 20 additions and 21 deletions
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@ -252,6 +252,12 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
    sign_tries = 0;
    do
    {
+        if( sign_tries++ > 10 )
+        {
+            ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
+            goto cleanup;
+        }
+
        /*
         * Steps 1-3: generate a suitable ephemeral keypair
         * and set r = xR mod n
@ -259,14 +265,14 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
        key_tries = 0;
        do
        {
-            MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) );
-
            if( key_tries++ > 10 )
            {
                ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                goto cleanup;
            }
+
+            MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) );
        }
        while( mbedtls_mpi_cmp_int( r, 0 ) == 0 );

@ -303,12 +309,6 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, &k, &grp->N ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
-
-        if( sign_tries++ > 10 )
-        {
-            ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-            goto cleanup;
-        }
    }
    while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );