mirror of
https://codeberg.org/libreboot/lbmk.git
synced 2026-07-11 05:52:36 +02:00
bad5688ae9
also generally tidied the code and made it more robust e.g. retries Signed-off-by: Leah Rowe <leah@libreboot.org>
188 lines
3.5 KiB
C
188 lines
3.5 KiB
C
/* SPDX-License-Identifier: MIT
|
|
* Copyright (c) 2026 Leah Rowe <leah@libreboot.org>
|
|
*
|
|
* Numerical functions.
|
|
*/
|
|
|
|
#ifdef __OpenBSD__
|
|
#include <sys/param.h>
|
|
#endif
|
|
#include <sys/types.h>
|
|
|
|
#include <errno.h>
|
|
#if !((defined(__OpenBSD__) && (OpenBSD) >= 201) || \
|
|
defined(__FreeBSD__) || \
|
|
defined(__NetBSD__) || defined(__APPLE__))
|
|
#include <fcntl.h> /* if not arc4random: /dev/urandom */
|
|
#endif
|
|
#include <limits.h>
|
|
#include <stddef.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include "../include/common.h"
|
|
|
|
unsigned short
|
|
hextonum(char ch_s)
|
|
{
|
|
unsigned char ch;
|
|
|
|
ch = (unsigned char)ch_s;
|
|
|
|
if ((unsigned int)(ch - '0') <= 9)
|
|
return ch - '0';
|
|
|
|
ch |= 0x20;
|
|
|
|
if ((unsigned int)(ch - 'a') <= 5)
|
|
return ch - 'a' + 10;
|
|
|
|
if (ch == '?' || ch == 'x')
|
|
return (unsigned short)rlong() & 0xf;
|
|
|
|
return 16; /* invalid character */
|
|
}
|
|
|
|
/* Random numbers
|
|
*/
|
|
|
|
unsigned long
|
|
rlong(void)
|
|
{
|
|
#if (defined(__OpenBSD__) && (OpenBSD) >= 201) || \
|
|
defined(__FreeBSD__) || \
|
|
defined(__NetBSD__) || defined(__APPLE__)
|
|
|
|
unsigned long rval;
|
|
arc4random_buf(&rval, sizeof(unsigned long));
|
|
|
|
return rval;
|
|
#else
|
|
static int fd = -1;
|
|
static long nr = -1;
|
|
static unsigned long off = 0;
|
|
#if defined (BUFSIZ)
|
|
static char rbuf[BUFSIZ];
|
|
#else
|
|
#ifndef PORTABLE
|
|
static char rbuf[4096];
|
|
#elif ((PORTABLE) > 0)
|
|
static char rbuf[256]; /* scarce memory on old systems */
|
|
#else
|
|
static char rbuf[4096]; /* typical 32-bit BUFSIZ */
|
|
#endif
|
|
#endif
|
|
unsigned long rval;
|
|
long new_nr;
|
|
|
|
/* reading from urandom is inherently
|
|
* unreliable on old systems, even if
|
|
* newer systems make it more reliable
|
|
*
|
|
* modern linux/bsd make it safe, but
|
|
* we have to assume that someone is
|
|
* compiling this on linux from 1999
|
|
*
|
|
* this logic therefore applies various
|
|
* tricks to mitigate possible os bugs
|
|
*/
|
|
|
|
int retries = 0;
|
|
int max_retries = 100;
|
|
|
|
retry_urandom_read:
|
|
|
|
if (++retries > max_retries)
|
|
goto rlong_next;
|
|
|
|
if (nr < 0 || nr < (long)sizeof(unsigned long)) {
|
|
|
|
if (fd < 0) {
|
|
|
|
fd = open("/dev/urandom",
|
|
O_RDONLY | O_BINARY | O_NOFOLLOW |
|
|
O_CLOEXEC);
|
|
|
|
#ifdef __OpenBSD__
|
|
if (fd < 0) /* old openbsd */
|
|
fd = open("/dev/arandom",
|
|
O_RDONLY | O_BINARY | O_NOFOLLOW |
|
|
O_CLOEXEC);
|
|
#endif
|
|
|
|
#ifdef PORTABLE_RAND_DEV
|
|
#if (PORTABLE_RAND_DEV) > 0
|
|
/* WARNING:
|
|
* /dev/random may block
|
|
* forever and does **NOT**
|
|
* guarantee better entropy
|
|
* on old systems
|
|
*
|
|
* only use it if needed
|
|
*/
|
|
|
|
if (fd < 0)
|
|
fd = open("/dev/random",
|
|
O_RDONLY | O_BINARY | O_NOFOLLOW |
|
|
O_CLOEXEC);
|
|
#endif
|
|
#endif
|
|
|
|
if (fd < 0)
|
|
goto retry_urandom_read;
|
|
|
|
retries = 0;
|
|
}
|
|
|
|
new_nr = rw_file_exact(fd, (unsigned char *)rbuf,
|
|
sizeof(rbuf), 0, IO_READ, LOOP_EAGAIN,
|
|
LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR);
|
|
|
|
if (new_nr < 0 || new_nr < (long)sizeof(rbuf))
|
|
goto retry_urandom_read;
|
|
|
|
/* only reset buffer after successful refill */
|
|
nr = new_nr;
|
|
off = 0;
|
|
|
|
/* to mitigate file descriptor
|
|
* injection, we do not re-use
|
|
* the same descriptor each time
|
|
*/
|
|
(void) close_on_eintr(fd);
|
|
fd = -1;
|
|
}
|
|
|
|
fd = -1;
|
|
retries = 0;
|
|
|
|
memcpy(&rval, rbuf + off, sizeof(unsigned long));
|
|
|
|
nr -= (long)sizeof(unsigned long);
|
|
off += sizeof(unsigned long);
|
|
|
|
return rval;
|
|
|
|
rlong_next:
|
|
|
|
fd = -1;
|
|
off = 0;
|
|
nr = -1;
|
|
|
|
/* TODO: will re-add timer-based fallback here #if defined(PORTABLE) */
|
|
|
|
err(EIO, "Can't read from /dev/[ua]random");
|
|
return 0;
|
|
|
|
/* add portable timers here */
|
|
#endif
|
|
}
|
|
|
|
void
|
|
check_bin(unsigned long a, const char *a_name)
|
|
{
|
|
if (a > 1)
|
|
err(EINVAL, "%s must be 0 or 1, but is %lu",
|
|
a_name, (unsigned long)a);
|
|
}
|