Handle negative inputs to crypto_random_time_range().

(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.

changes/bug16980

@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+
+    - Fix the behavior of crypto_time_t when told to consider times
+      before 1970. (These times were possible when running in a
+      simulated network environment where time()'s output starts at
+      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.

src/common/crypto.c

@@ -2440,7 +2440,8 @@ crypto_rand_uint64_range(uint64_t min, uint64_t max)
 time_t
 crypto_rand_time_range(time_t min, time_t max)
 {
-  return (time_t) crypto_rand_uint64_range(min, max);
+  tor_assert(min < max);
+  return min + (time_t)crypto_rand_uint64(max - min);
 }
 
 /** Return a pseudorandom 64-bit integer, chosen uniformly from the values