From 55c46040f6e7b1f0b9bd63f5dbc832a6c96a3451 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 24 Mar 2021 12:34:40 +0100
Subject: [PATCH] mbedtls_ecp_gen_privkey_mx: rename n_bits to high_bit

For Montgomery keys, n_bits is actually the position of the highest
bit and not the number of bits, which would be 1 more (fence vs
posts). Rename the variable accordingly to lessen the confusion.

No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ecp.c          | 16 ++++++++--------
 library/ecp_invasive.h |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/library/ecp.c b/library/ecp.c
index 506f0cbaf..584e0242c 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -3059,32 +3059,32 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
 MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_gen_privkey_mx( size_t n_bits,
+int mbedtls_ecp_gen_privkey_mx( size_t high_bit,
                                 mbedtls_mpi *d,
                                 int (*f_rng)(void *, unsigned char *, size_t),
                                 void *p_rng )
 {
     int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     size_t b;
-    size_t n_bytes = ( n_bits + 7 ) / 8;
+    size_t n_bytes = ( high_bit + 7 ) / 8;
 
     /* [Curve25519] page 5 */
     do {
         MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_bytes, f_rng, p_rng ) );
     } while( mbedtls_mpi_bitlen( d ) == 0);
 
-    /* Make sure the most significant bit is n_bits */
-    b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
-    if( b > n_bits )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - n_bits ) );
+    /* Make sure the most significant bit is high_bit */
+    b = mbedtls_mpi_bitlen( d ) - 1; /* position of the highest bit in d */
+    if( b > high_bit )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - high_bit ) );
     else
-        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, n_bits, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) );
 
     /* Make sure the last two bits are unset for Curve448, three bits for
        Curve25519 */
     MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
-    if( n_bits == 254 )
+    if( high_bit == 254 )
     {
         MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
     }
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 2895b19e1..eeb430511 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -57,7 +57,7 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
  * \note            - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
  *                  - [RFC7748] https://tools.ietf.org/html/rfc7748
  *
- * \p n_bits        The position of the high-order bit of the key to generate.
+ * \p high_bit      The position of the high-order bit of the key to generate.
  *                  This is the bit-size of the key minus 1:
  *                  254 for Curve25519 or 447 for Curve448.
  * \param d         The randomly generated key. This is a number of size