From 9982122f3448293e80adf83cb28c7ab66bc04da9 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 28 Aug 2012 12:42:21 -0400 Subject: [PATCH] Use a time-invariant comparison in choose_array_element_by_weight --- src/or/routerlist.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 185abf53bc..7dc430b0f8 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1681,6 +1681,20 @@ scale_array_elements_to_u64(u64_dbl_t *entries, int n_entries, #undef SCALE_TO_U64_MAX } +/** Time-invariant 64-bit greater-than; works on two integers in the range + * (0,INT64_MAX). */ +#if SIZEOF_VOID_P == 8 +#define gt_i64_timei(a,b) ((a) > (b)) +#else +static INLINE int +gt_i64_timei(uint64_t a, uint64_t b) +{ + int64_t diff = (int64_t) (b - a); + int res = diff >> 63; + return res & 1; +} +#endif + /** Pick a random element of n_entries-element array entries, * choosing each element with a probability proportional to its (uint64_t) * value, and return the index of that element. If all elements are 0, choose @@ -1703,16 +1717,18 @@ choose_array_element_by_weight(const u64_dbl_t *entries, int n_entries) if (total == 0) return crypto_rand_int(n_entries); + tor_assert(total < INT64_MAX); + rand_val = crypto_rand_uint64(total); for (i = 0; i < n_entries; ++i) { total_so_far += entries[i].u64; - if (total_so_far > rand_val) { + if (gt_i64_timei(total_so_far, rand_val)) { i_chosen = i; n_chosen++; - /* Set rand_val to UINT_MAX rather than stopping the loop. This way, + /* Set rand_val to INT64_MAX rather than stopping the loop. This way, * the time we spend in the loop does not leak which element we chose. */ - rand_val = UINT64_MAX; + rand_val = INT64_MAX; } } tor_assert(total_so_far == total);