crypto: never return zero in random32_unbiased

This avoids problems when the caller can't deal with a zero walue, which happens often enough that it's worth nipping the problem in the bud.
2026-01-03 00:11:19 -08:00 · 2018-07-24 20:53:09 +01:00
parent 0825e97436
commit 7434df1cc6
1 changed files with 1 additions and 1 deletions
--- a/src/crypto/crypto.cpp
+++ b/src/crypto/crypto.cpp
@@ -116,7 +116,7 @@ namespace crypto {
    do
    {
      generate_random_bytes_thread_safe(32, bytes);
-    } while (!less32(bytes, limit)); // should be good about 15/16 of the time
+    } while (!sc_isnonzero(bytes) && !less32(bytes, limit)); // should be good about 15/16 of the time
    sc_reduce32(bytes);
  }
  /* generate a random 32-byte (256-bit) integer and copy it to res */