From 1bd5ebd8eca787612e314714124c7e4e80c4b3e4 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Fri, 21 Oct 2016 17:19:44 +0000
Subject: [PATCH] Crypto: Actually use a random nonzero byte in ElGamal, as our
 specification says

---
 core/java/src/net/i2p/crypto/ElGamalEngine.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/core/java/src/net/i2p/crypto/ElGamalEngine.java b/core/java/src/net/i2p/crypto/ElGamalEngine.java
index 42c659d1cd..5480cc635c 100644
--- a/core/java/src/net/i2p/crypto/ElGamalEngine.java
+++ b/core/java/src/net/i2p/crypto/ElGamalEngine.java
@@ -120,8 +120,10 @@ public final class ElGamalEngine {
         long start = _context.clock().now();
 
         byte d2[] = new byte[1+Hash.HASH_LENGTH+data.length];
-        // FIXME this isn't a random nonzero byte!
-        d2[0] = (byte)0xFF;
+        // random nonzero byte
+        do {
+            _context.random().nextBytes(d2, 0, 1);
+        } while (d2[0] == 0);
         _context.sha().calculateHash(data, 0, data.length, d2, 1);
         System.arraycopy(data, 0, d2, 1+Hash.HASH_LENGTH, data.length);
         
-- 
GitLab