Add crypto_rand_int_range() and use it

Incidently, this fixes a bug where the maximum value was never used when only using crypto_rand_int(). For instance this example below in rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS. int intro_point_lifetime_seconds = INTRO_POINT_LIFETIME_MIN_SECONDS + crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS - INTRO_POINT_LIFETIME_MIN_SECONDS); Signed-off-by: David Goulet <dgoulet@ev0ke.net>
author: David Goulet <dgoulet@ev0ke.net> 2015-04-21 10:17:12 -0400
committer: David Goulet <dgoulet@ev0ke.net> 2015-04-21 11:06:12 -0400
commit: 3f413184728c1d7b441b8e54585c43220665218c (patch)
tree: 4098cf1f1c596e98a3be1a5c78f3d07aa3d353e8 /src/common/tortls.c
parent: 6f6881c4324f35d44b997591939de7e847cca7a3 (diff)
download: tor-3f413184728c1d7b441b8e54585c43220665218c.tar.gz
tor-3f413184728c1d7b441b8e54585c43220665218c.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 32106eb2df..7809c1adaa 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -659,7 +659,8 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
    * than having it start right now. Don't choose quite uniformly, since
    * then we might pick a time where we're about to expire. Lastly, be
    * sure to start on a day boundary. */
-  start_time = time(NULL) - crypto_rand_int(cert_lifetime) + 2*24*3600;
+  time_t now = time(NULL);
+  start_time = crypto_rand_int_range(now - cert_lifetime, now) + 2*24*3600;
   start_time -= start_time % (24*3600);
 
   tor_assert(rsa);
author	David Goulet <dgoulet@ev0ke.net>	2015-04-21 10:17:12 -0400
committer	David Goulet <dgoulet@ev0ke.net>	2015-04-21 11:06:12 -0400
commit	3f413184728c1d7b441b8e54585c43220665218c (patch)
tree	4098cf1f1c596e98a3be1a5c78f3d07aa3d353e8 /src/common/tortls.c
parent	6f6881c4324f35d44b997591939de7e847cca7a3 (diff)
download	tor-3f413184728c1d7b441b8e54585c43220665218c.tar.gz tor-3f413184728c1d7b441b8e54585c43220665218c.zip