diff options
| author | luigi1111 <luigi1111w@gmail.com> | 2020-12-07 10:20:19 -0600 |
|---|---|---|
| committer | luigi1111 <luigi1111w@gmail.com> | 2020-12-07 10:20:19 -0600 |
| commit | 43788ffd2a3426cc72d646a7a4119bb1502d6222 (patch) | |
| tree | fb313cfb331bc44582cb5e024141852fe3bea37c /src | |
| parent | Merge pull request #7054 (diff) | |
| parent | crypto: fix non zero scalar being 0 after reducing (diff) | |
| download | monero-43788ffd2a3426cc72d646a7a4119bb1502d6222.tar.xz | |
Merge pull request #7063
7982ef5 crypto: fix non zero scalar being 0 after reducing (moneromooo-monero)
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/crypto.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/crypto/crypto.cpp b/src/crypto/crypto.cpp index 4cfe83d54..0059dd7f5 100644 --- a/src/crypto/crypto.cpp +++ b/src/crypto/crypto.cpp @@ -123,13 +123,17 @@ namespace crypto { void random32_unbiased(unsigned char *bytes) { // l = 2^252 + 27742317777372353535851937790883648493. - // it fits 15 in 32 bytes + // l fits 15 times in 32 bytes (iow, 15 l is the highest multiple of l that fits in 32 bytes) static const unsigned char limit[32] = { 0xe3, 0x6a, 0x67, 0x72, 0x8b, 0xce, 0x13, 0x29, 0x8f, 0x30, 0x82, 0x8c, 0x0b, 0xa4, 0x10, 0x39, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0 }; - do + while(1) { generate_random_bytes_thread_safe(32, bytes); - } while (!sc_isnonzero(bytes) && !less32(bytes, limit)); // should be good about 15/16 of the time - sc_reduce32(bytes); + if (!less32(bytes, limit)) + continue; + sc_reduce32(bytes); + if (sc_isnonzero(bytes)) + break; + } } /* generate a random 32-byte (256-bit) integer and copy it to res */ static inline void random_scalar(ec_scalar &res) { |