Note that the byte order in mpi_fill_random_internal() is deliberate

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-11-04 04:32:24 -05:00 · 2021-06-03 11:51:09 +02:00 · 2021-06-03 11:51:09 +02:00 · afb2bd2f22
commit afb2bd2f22
parent 405b091d9e
1 changed files with 2 additions and 0 deletions
--- a/library/bignum.c
+++ b/library/bignum.c
@ -2405,6 +2405,8 @@ cleanup:

 /* Fill X with n_bytes random bytes.
 * X must already have room for those bytes.
+ * The ordering of the bytes returned from the RNG is suitable for
+ * deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_random()).
 * The size and sign of X are unchanged.
 * n_bytes must not be 0.
 */