Make crypto_pseudo_rand* never fail.

svn:r797

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 8da2916dcb91e0b6ad986c2b164183a8361d428d..afec91d22d940ee5ae70e7a1fbc38b7aed3a4ff0 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -999,10 +999,23 @@ int crypto_rand(unsigned int n, unsigned char *to)
   return (RAND_bytes(to, n) != 1);
 }
 
-int crypto_pseudo_rand(unsigned int n, unsigned char *to)
+void crypto_pseudo_rand(unsigned int n, unsigned char *to)
 {
   assert(to);
-  return (RAND_pseudo_bytes(to, n) == -1);
+  if (RAND_pseudo_bytes(to, n) == -1) {
+    log_fn(LOG_ERR, "RAND_pseudo_bytes failed unexpectedly.");
+    exit(1);
+  }
+}
+
+int crypto_pseudo_rand_int(int max) {
+  unsigned int val;
+  crypto_pseudo_rand(sizeof(val), (unsigned char*) &val);
+  /* Bug: Low values are _slightly_ favored over high values because
+   * ((unsigned)-1)%max != max-1 .  This shouldn't matter if max is
+   * significantly smaller than ((unsigned)-1).
+   **/
+  return val % max;
 }
 
 /* errors */

diff --git a/src/common/crypto.h b/src/common/crypto.h
index 31e995d3bd4d63b6b5b42b3c01536f805eff3743..ab5422d8cdf9e817d57520d1bd92ed68c84673fd 100644 (file)
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -100,9 +100,8 @@ int crypto_SHA_digest(unsigned char *m, int len, unsigned char *digest);
 /* random numbers */
 int crypto_seed_rng();
 int crypto_rand(unsigned int n, unsigned char *to);
-int crypto_pseudo_rand(unsigned int n, unsigned char *to);
-
-#define CRYPTO_PSEUDO_RAND_INT(v) crypto_pseudo_rand(sizeof(v),(char*)&(v))
+void crypto_pseudo_rand(unsigned int n, unsigned char *to);
+int crypto_pseudo_rand_int(int max);
 
 /* errors */
 char *crypto_perror();

diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 4f468b2487c56a3b43f1334f84282f7fee56789d..2bfe76ffa36d40c76d9d9ac2f9b58f10610f84a8 100644 (file)
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -608,11 +608,8 @@ static int connection_ap_handshake_send_begin(connection_t *ap_conn, circuit_t *
   assert(ap_conn->socks_request);
   assert(ap_conn->socks_request->addr);
 
-  if(crypto_pseudo_rand(STREAM_ID_SIZE, ap_conn->stream_id) < 0) {
-    /* XXX can we just make this call abort if it fails? then this func could be a void. */
-    /* FIXME check for collisions */
-    return -1;
-  }
+  crypto_pseudo_rand(STREAM_ID_SIZE, ap_conn->stream_id);
+  /* FIXME check for collisions */
 
   memcpy(payload, ap_conn->stream_id, STREAM_ID_SIZE);
   payload_len = STREAM_ID_SIZE + 1 +

diff --git a/src/or/onion.c b/src/or/onion.c
index 25e419096116188bbd4985e7524c966d8251c84d..be11d2d339997c7858497493807f70177d009052 100644 (file)
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -160,17 +160,13 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
 /* uses a weighted coin with weight cw to choose a route length */
 static int chooselen(double cw) {
   int len = 2;
-  uint8_t coin;
   
   if ((cw < 0) || (cw >= 1)) /* invalid parameter */
     return -1;
   
   while(1)
   {
-    if (CRYPTO_PSEUDO_RAND_INT(coin))
-      return -1;
-    
-    if (coin > cw*255) /* don't extend */
+    if (crypto_pseudo_rand_int(255) > cw*255) /* don't extend */
       break;
     else
       len++;
@@ -279,10 +275,7 @@ int onion_extend_cpath(crypt_path_t **head_ptr, int path_len, routerinfo_t **rou
   log_fn(LOG_DEBUG, "Path is %d long; we want %d", cur_len, path_len);
 
  again:
-  if (CRYPTO_PSEUDO_RAND_INT(choice)) {
-    return -1;
-  }
-  choice %= rarray_len;
+  choice = crypto_pseudo_rand_int(rarray_len);
   log_fn(LOG_DEBUG,"Contemplating router %s for hop %d",
          rarray[choice]->nickname, cur_len);
   for (i = 0, cpath = *head_ptr; i < cur_len; ++i, cpath=cpath->next) {