limbs: Create an Iterator-based interface for big endian limbs.

We should probably, eventually, remove the old/current
`parse_big_endian_and_pad_consttime` in favor of using this new interface
in conjunction with upcoming interfaces.

Author: briansmith

src/limb.rs

@@ -29,6 +29,7 @@ use core::{iter, num::NonZeroUsize};
 
 #[cfg(feature = "alloc")]
 use core::num::Wrapping;
+use core::ops::RangeInclusive;
 
 // XXX: Not correct for x32 ABIs.
 pub type Limb = bb::Word;
@@ -167,26 +168,30 @@ pub fn parse_big_endian_and_pad_consttime(
     input: untrusted::Input,
     result: &mut [Limb],
 ) -> Result<(), LenMismatchError> {
-    if input.is_empty() {
-        return Err(LenMismatchError::new(input.len()));
-    }
-    let input_limbs = input.as_slice_less_safe().rchunks(LIMB_BYTES).map(|chunk| {
-        let mut padded = [0; LIMB_BYTES];
-        sliceutil::overwrite_at_start(&mut padded[(LIMB_BYTES - chunk.len())..], chunk);
-        Limb::from_be_bytes(padded)
-    });
-    if input_limbs.len() > result.len() {
-        return Err(LenMismatchError::new(input.len()));
-    }
-
+    let input_limbs = limbs_from_big_endian(input, 1..=result.len())?;
     result
         .iter_mut()
         .zip(input_limbs.chain(iter::repeat(0)))
         .for_each(|(r, i)| *r = i);
-
     Ok(())
 }
 
+fn limbs_from_big_endian<'a>(
+    input: untrusted::Input<'a>,
+    len_bounds: RangeInclusive<usize>,
+) -> Result<impl ExactSizeIterator<Item = Limb> + 'a, LenMismatchError> {
+    let r = input.as_slice_less_safe().rchunks(LIMB_BYTES).map(|chunk| {
+        let mut padded = [0; LIMB_BYTES];
+        sliceutil::overwrite_at_start(&mut padded[(LIMB_BYTES - chunk.len())..], chunk);
+        Limb::from_be_bytes(padded)
+    });
+    let len = r.len();
+    if !len_bounds.contains(&len) {
+        return Err(LenMismatchError::new(len));
+    }
+    Ok(r)
+}
+
 pub fn big_endian_from_limbs(limbs: &[Limb], out: &mut [u8]) {
     let be_bytes = unstripped_be_bytes(limbs);
     assert_eq!(out.len(), be_bytes.len());