Crypto: Actually use a random nonzero byte in ElGamal,

as our specification says

Crypto: Actually use a random nonzero byte in ElGamal,
1bd5ebd8 · zzz · 534609e8 · 1bd5ebd8
Commit 1bd5ebd8 authored 8 years ago by zzz
--- a/core/java/src/net/i2p/crypto/ElGamalEngine.java
+++ b/core/java/src/net/i2p/crypto/ElGamalEngine.java
@@ -120,8 +120,10 @@ public final class ElGamalEngine {
        long start = _context.clock().now();
        byte d2[] = new byte[1+Hash.HASH_LENGTH+data.length];
-        // FIXME this isn't a random nonzero byte!
+        // random nonzero byte
-        d2[0] = (byte)0xFF;
+        do {
+            _context.random().nextBytes(d2, 0, 1);
+        } while (d2[0] == 0);
        _context.sha().calculateHash(data, 0, data.length, d2, 1);
        System.arraycopy(data, 0, d2, 1+Hash.HASH_LENGTH, data.length);