crypto: never return zero in random32_unbiased

This avoids problems when the caller can't deal with a zero
walue, which happens often enough that it's worth nipping the
problem in the bud.
This commit is contained in:
moneromooo-monero 2018-07-24 20:53:09 +01:00
parent 0825e97436
commit 7434df1cc6
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3

View file

@ -116,7 +116,7 @@ namespace crypto {
do
{
generate_random_bytes_thread_safe(32, bytes);
} while (!less32(bytes, limit)); // should be good about 15/16 of the time
} while (!sc_isnonzero(bytes) && !less32(bytes, limit)); // should be good about 15/16 of the time
sc_reduce32(bytes);
}
/* generate a random 32-byte (256-bit) integer and copy it to res */