From b1f34d40155c3c4e8f21869f5c3b4779ab946a43 Mon Sep 17 00:00:00 2001
From: "Ryan X. Charles" <ryan@bitpay.com>
Date: Thu, 1 May 2014 10:09:33 -0400
Subject: [PATCH] iterate array correctly so that random number is actually
 used in signing

---
 lib/browser/Key.js        |  2 +-
 test/test.Key.js          | 15 +++++++++++++++
 test/test.SecureRandom.js |  9 +++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/lib/browser/Key.js b/lib/browser/Key.js
index 212a52d2e..d4eb452cf 100644
--- a/lib/browser/Key.js
+++ b/lib/browser/Key.js
@@ -99,7 +99,7 @@ Key.prototype.signSync = function(hash) {
   rng.nextBytes = function(array) {
     var buf = SecureRandom.getRandomBuffer(array.length);
     var a = bufferToArray(SecureRandom.getRandomBuffer(array.length));
-    for (var i in array) {
+    for (var i in a) {
       array[i] = a[i];
     }
   };
diff --git a/test/test.Key.js b/test/test.Key.js
index 2bd397c92..87fce8fe3 100644
--- a/test/test.Key.js
+++ b/test/test.Key.js
@@ -130,4 +130,19 @@ describe('Key', function() {
     ret.should.equal(false);
   });
 
+  describe('signSync', function() {
+    it('should sign 10 times and have a different signature each time', function() {
+      var key = new Key();
+      key.private = coinUtil.sha256('my fake private key');
+      key.regenerateSync();
+      var data = coinUtil.sha256('the data i am signing');
+      var sigs = [];
+      for (var i = 0; i < 10; i++)
+        sigs[i] = key.signSync(data);
+      for (var i = 0; i < 10; i++)
+        for (var j = i + 1; j < 10; j++)
+          sigs[i].toString('hex').should.not.equal(sigs[j].toString('hex'));
+    });
+  });
+
 });
diff --git a/test/test.SecureRandom.js b/test/test.SecureRandom.js
index ab8207b99..a2ebd9976 100644
--- a/test/test.SecureRandom.js
+++ b/test/test.SecureRandom.js
@@ -22,6 +22,15 @@ describe('SecureRandom', function() {
       bytes1.toString('hex').should.not.equal(bytes2.toString('hex'));
     });
 
+    it('should generate 1000 8 byte buffers in a row that are not equal', function() {
+      var bufs = [];
+      for (var i = 0; i < 100; i++)
+        bufs[i] = SecureRandom.getRandomBuffer(8);
+      for (var i = 0; i < 100; i++)
+        for (var j = i + 1; j < 100; j++)
+          bufs[i].toString('hex').should.not.equal(bufs[j].toString('hex'));
+    });
+
   });
 
   describe('getPseudoRandomBuffer', function() {