[tor-bugs] #23061 [Core Tor/Tor]: crypto_rand_double() should produce all possible outputs on platforms with 32-bit int

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 2 22:40:55 UTC 2017 

#23061: crypto_rand_double() should produce all possible outputs on platforms with
32-bit int
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.2.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.2.14-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay, security-low, privcount,  |  Actual Points:  0.5
  031-backport, 030-backport, 029-backport, 028  |
  -backport-maybe, 027-backport-maybe, 026       |
  -backport-maybe                                |
Parent ID:                                       |         Points:  0.1
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorQ
-------------------------------------------------+-------------------------

Comment (by catalyst):

 In ba199f789922484b8a2b2efd909ad3dab124dd62, why define
 `EXPECTED_RAND_MANTISSA_BITS` as a hardcoded number instead of using
 `DBL_MANT_DIG`?  (assuming you've already tested for `FLT_RADIX==2`)

 Not directly related to any of the changes, but `crypto_rand_double()`
 could use a comment clarifying its contract.  That would also help us make
 clear what we're trying to achieve.  Are the double values assumed to be
 uniformly distributed in the range 0.0 <= d < 1.0?  How much entropy is it
 supposed to have?  Is it supposed to produce all representable double
 values? (assuming only the values that are more frequent than `2**-b`
 where `b` is the claimed entropy; for IEC 60559 doubles, this means we can
 ignore subnormals unless we're using more than a thousand bits of entropy)

 Regarding the `ldexp()` approach, we could save operations by doing them
 in 32-bit chunks (because I think we can assume at least 32 bits of
 mantissa for a double).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23061#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list