From 640a51684ce5a6cdae5c5f92cd2f932922380c00 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 9 Aug 2012 12:37:40 -0400
Subject: Remove remaining timing-dependency in choosing nodes by bandwidth

The old approach, because of its "tmp >= rand_bw &&
!i_has_been_chosen" check, would run through the second part of the
loop slightly slower than the first part.  Now, we remove
i_has_been_chosen, and instead set rand_bw = UINT64_MAX, so that
every instance of the loop will do exactly the same amount of work
regardless of the initial value of rand_bw.

Fix for bug 6538.
---
 changes/bug6538 | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'changes')

diff --git a/changes/bug6538 b/changes/bug6538
index 1e882eb1c..fc9e583d5 100644
--- a/changes/bug6538
+++ b/changes/bug6538
@@ -2,3 +2,11 @@
     - Switch weighted node selection rule from using a list of doubles
       to using a list of int64_t. This should make the process slightly
       easier to debug and maintain. Needed for fix for bug 6538.
+
+  o Security features:
+    - Switch to a completely time-invariant approach for picking nodes
+      weighted by bandwidth. Our old approach would run through the
+      part of the loop after it had made its choice slightly slower
+      than it ran through the part of the loop before it had made its
+      choice. Fix for bug 6538.
+
-- 
cgit v1.2.3