change default util.randrange to bit-wise

pik · tomato42 · commit 5a5ed01570e7 · 2019-11-30T15:40:26.000+01:00
diff --git a/src/ecdsa/util.py b/src/ecdsa/util.py
@@ -30,43 +30,26 @@ def orderlen(order):
 
 def randrange(order, entropy=None):
     """Return a random integer k such that 1 <= k < order, uniformly
-    distributed across that range. For simplicity, this only behaves well if
-    'order' is fairly close (but below) a power of 256. The try-try-again
-    algorithm we use takes longer and longer time (on average) to complete as
-    'order' falls, rising to a maximum of avg=512 loops for the worst-case
-    (256**k)+1 . All of the standard curves behave well. There is a cutoff at
-    10k loops (which raises RuntimeError) to prevent an infinite loop when
-    something is really broken like the entropy function not working.
+    distributed across that range. Worst case should be a mean of 2 loops at (2**k)+2. 
 
     Note that this function is not declared to be forwards-compatible: we may
     change the behavior in future releases. The entropy= argument (which
     should get a callable that behaves like os.urandom) can be used to
     achieve stability within a given release (for repeatable unit tests), but
     should not be used as a long-term-compatible key generation algorithm.
     """
-    # we could handle arbitrary orders (even 256**k+1) better if we created
-    # candidates bit-wise instead of byte-wise, which would reduce the
-    # worst-case behavior to avg=2 loops, but that would be more complex. The
-    # change would be to round the order up to a power of 256, subtract one
-    # (to get 0xffff..), use that to get a byte-long mask for the top byte,
-    # generate the len-1 entropy bytes, generate one extra byte and mask off
-    # the top bits, then combine it with the rest. Requires jumping back and
-    # forth between strings and integers a lot.
-
+    assert order > 1
     if entropy is None:
         entropy = os.urandom
-    assert order > 1
-    bytes = orderlen(order)
-    dont_try_forever = 10000  # gives about 2**-60 failures for worst case
-    while dont_try_forever > 0:
-        dont_try_forever -= 1
-        candidate = string_to_number(entropy(bytes)) + 1
-        if 1 <= candidate < order:
-            return candidate
-        continue
-    raise RuntimeError("randrange() tried hard but gave up, either something"
-                       " is very wrong or you got realllly unlucky. Order was"
-                       " %x" % order)
+    upper_2 = (order-2).bit_length() or 1
+    upper_256 = int(upper_2/8 + 1); 
+    while True:  #I don't think we need a counter with bit-wise randrange
+        ent_256 = entropy(upper_256) 
+        ent_2=''.join(bin(x)[2:].zfill(8) for x in ent_256)
+        rand_num = int(ent_2[:upper_2], base=2) +1
+        if 0 < rand_num < order: return rand_num
+        else:continue
+
 
 
 class PRNG:
