Comment randombytes_uniform()

2017-07-23 19:44:07 +02:00 · 2017-07-23 19:44:07 +02:00 · d7ecf04d68
commit d7ecf04d68
parent eaab512788
1 changed files with 3 additions and 1 deletions
--- a/src/libsodium/randombytes/randombytes.c
+++ b/src/libsodium/randombytes/randombytes.c
@ -136,10 +136,12 @@ randombytes_uniform(const uint32_t upper_bound)
    if (upper_bound < 2) {
        return 0;
    }
-    min = (1U + ~upper_bound) % upper_bound;
+    min = (1U + ~upper_bound) % upper_bound; /* = 2**32 mod upper_bound */
    do {
        r = randombytes_random();
    } while (r < min);
+    /* r is now clamped to a set whose size mod upper_bound == 0
+     * the worst case (2**31+1) requires ~ 2 attempts */

    return r % upper_bound;
 }