I'm talking about this specific function:
void random32_unbiased(unsigned char *bytes)
{
// l = 2^252 + 27742317777372353535851937790883648493.
// l fits 15 times in 32 bytes (iow, 15 l is the highest multiple of l that fits in 32 bytes)
static const unsigned char limit[32] = { 0xe3, 0x6a, 0x67, 0x72, 0x8b, 0xce, 0x13, 0x29, 0x8f, 0x30, 0x82, 0x8c, 0x0b, 0xa4, 0x10, 0x39, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0 };
while(1)
{
generate_random_bytes_thread_safe(32, bytes);
if (!less32(bytes, limit))
continue;
sc_reduce32(bytes);
if (sc_isnonzero(bytes))
break;
}
}
As you can see, the comment states that the limit should be:
l = 2^252 + 27742317777372353535851937790883648493
If we perform that simple addition, we'd end with the number:
l = 7237005577332262213973186563042994240857116359379907606001950938285454250989
However, when I convert the limit specified in the cpp codebase to decimal value:
static const unsigned char limit[32] = { 0xe3, 0x6a, 0x67, 0x72, 0x8b, 0xce, 0x13, 0x29, 0x8f, 0x30, 0x82, 0x8c, 0x0b, 0xa4, 0x10, 0x39, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0 };
I end with a totally different integer of 256 bits, that in decimal would be:
limit = 102863016385298801202249955531570426590943090958063650200743214154731025858800
Why is there an inconsistency between the limit in the comments and the actual code?
