aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@ev0ke.net>2015-04-21 10:17:12 -0400
committerDavid Goulet <dgoulet@ev0ke.net>2015-04-21 11:06:12 -0400
commit3f413184728c1d7b441b8e54585c43220665218c (patch)
tree4098cf1f1c596e98a3be1a5c78f3d07aa3d353e8 /src/or
parent6f6881c4324f35d44b997591939de7e847cca7a3 (diff)
downloadtor-3f413184728c1d7b441b8e54585c43220665218c.tar.gz
tor-3f413184728c1d7b441b8e54585c43220665218c.zip
Add crypto_rand_int_range() and use it
Incidently, this fixes a bug where the maximum value was never used when only using crypto_rand_int(). For instance this example below in rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS. int intro_point_lifetime_seconds = INTRO_POINT_LIFETIME_MIN_SECONDS + crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS - INTRO_POINT_LIFETIME_MIN_SECONDS); Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Diffstat (limited to 'src/or')
-rw-r--r--src/or/entrynodes.c6
-rw-r--r--src/or/main.c2
-rw-r--r--src/or/rendservice.c10
-rw-r--r--src/or/router.c4
4 files changed, 12 insertions, 10 deletions
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 9663f34002..9f07d5ad69 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -440,7 +440,8 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
* don't all select them on the same day, and b) avoid leaving a
* precise timestamp in the state file about when we first picked
* this guard. For details, see the Jan 2010 or-dev thread. */
- entry->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30);
+ time_t now = time(NULL);
+ entry->chosen_on_date = crypto_rand_int_range(now - 3600*24*30, now);
entry->chosen_by_version = tor_strdup(VERSION);
/* Are we picking this guard because all of our current guards are
@@ -1439,8 +1440,9 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
}
} else {
if (state_version) {
+ time_t now = time(NULL);
+ e->chosen_on_date = crypto_rand_int_range(now - 3600*24*30, now);
e->chosen_by_version = tor_strdup(state_version);
- e->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30);
}
}
if (e->path_bias_disabled && !e->bad_since)
diff --git a/src/or/main.c b/src/or/main.c
index 39c0f5c89e..b9009db151 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1623,7 +1623,7 @@ run_scheduled_events(time_t now)
time_to.check_for_correct_dns < now &&
! router_my_exit_policy_is_reject_star()) {
if (!time_to.check_for_correct_dns) {
- time_to.check_for_correct_dns = now + 60 + crypto_rand_int(120);
+ time_to.check_for_correct_dns = crypto_rand_int_range(now, now + 120) + 60;
} else {
dns_launch_correctness_checks();
time_to.check_for_correct_dns = now + 12*3600 +
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index cf0352cd3e..4b2331ffca 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3133,9 +3133,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro,
/* This intro point has been published, but we haven't picked an
* expiration time for it. Pick one now. */
int intro_point_lifetime_seconds =
- INTRO_POINT_LIFETIME_MIN_SECONDS +
- crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
- INTRO_POINT_LIFETIME_MIN_SECONDS);
+ crypto_rand_int_range(INTRO_POINT_LIFETIME_MIN_SECONDS,
+ INTRO_POINT_LIFETIME_MAX_SECONDS);
/* Start the expiration timer now, rather than when the intro
* point was first published. There shouldn't be much of a time
@@ -3337,9 +3336,8 @@ rend_services_introduce(void)
intro->time_to_expire = -1;
intro->time_expiring = -1;
intro->max_introductions =
- INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS +
- crypto_rand_int(INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS -
- INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS);
+ crypto_rand_int_range(INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS,
+ INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS);
smartlist_add(service->intro_nodes, intro);
log_info(LD_REND, "Picked router %s as an intro point for %s.",
safe_str_client(node_describe(node)),
diff --git a/src/or/router.c b/src/or/router.c
index b8bfd3cf6f..afe533ff9a 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -683,7 +683,9 @@ router_initialize_tls_context(void)
if (!lifetime) { /* we should guess a good ssl cert lifetime */
/* choose between 5 and 365 days, and round to the day */
- lifetime = 5*24*3600 + crypto_rand_int(361*24*3600);
+ unsigned int five_days = 5*24*3600;
+ unsigned int one_year = 365*24*3600;
+ lifetime = crypto_rand_int_range(five_days, one_year);
lifetime -= lifetime % (24*3600);
if (crypto_rand_int(2)) {