Files
lbmk/util/nvmutil/lib/num.c
T
Leah Rowe bad5688ae9 util/nvmutil: buffered urandom reads
also generally tidied the code and made
it more robust e.g. retries

Signed-off-by: Leah Rowe <leah@libreboot.org>
2026-03-26 06:59:42 +00:00

188 lines
3.5 KiB
C

/* SPDX-License-Identifier: MIT
* Copyright (c) 2026 Leah Rowe <leah@libreboot.org>
*
* Numerical functions.
*/
#ifdef __OpenBSD__
#include <sys/param.h>
#endif
#include <sys/types.h>
#include <errno.h>
#if !((defined(__OpenBSD__) && (OpenBSD) >= 201) || \
defined(__FreeBSD__) || \
defined(__NetBSD__) || defined(__APPLE__))
#include <fcntl.h> /* if not arc4random: /dev/urandom */
#endif
#include <limits.h>
#include <stddef.h>
#include <string.h>
#include <unistd.h>
#include "../include/common.h"
unsigned short
hextonum(char ch_s)
{
unsigned char ch;
ch = (unsigned char)ch_s;
if ((unsigned int)(ch - '0') <= 9)
return ch - '0';
ch |= 0x20;
if ((unsigned int)(ch - 'a') <= 5)
return ch - 'a' + 10;
if (ch == '?' || ch == 'x')
return (unsigned short)rlong() & 0xf;
return 16; /* invalid character */
}
/* Random numbers
*/
unsigned long
rlong(void)
{
#if (defined(__OpenBSD__) && (OpenBSD) >= 201) || \
defined(__FreeBSD__) || \
defined(__NetBSD__) || defined(__APPLE__)
unsigned long rval;
arc4random_buf(&rval, sizeof(unsigned long));
return rval;
#else
static int fd = -1;
static long nr = -1;
static unsigned long off = 0;
#if defined (BUFSIZ)
static char rbuf[BUFSIZ];
#else
#ifndef PORTABLE
static char rbuf[4096];
#elif ((PORTABLE) > 0)
static char rbuf[256]; /* scarce memory on old systems */
#else
static char rbuf[4096]; /* typical 32-bit BUFSIZ */
#endif
#endif
unsigned long rval;
long new_nr;
/* reading from urandom is inherently
* unreliable on old systems, even if
* newer systems make it more reliable
*
* modern linux/bsd make it safe, but
* we have to assume that someone is
* compiling this on linux from 1999
*
* this logic therefore applies various
* tricks to mitigate possible os bugs
*/
int retries = 0;
int max_retries = 100;
retry_urandom_read:
if (++retries > max_retries)
goto rlong_next;
if (nr < 0 || nr < (long)sizeof(unsigned long)) {
if (fd < 0) {
fd = open("/dev/urandom",
O_RDONLY | O_BINARY | O_NOFOLLOW |
O_CLOEXEC);
#ifdef __OpenBSD__
if (fd < 0) /* old openbsd */
fd = open("/dev/arandom",
O_RDONLY | O_BINARY | O_NOFOLLOW |
O_CLOEXEC);
#endif
#ifdef PORTABLE_RAND_DEV
#if (PORTABLE_RAND_DEV) > 0
/* WARNING:
* /dev/random may block
* forever and does **NOT**
* guarantee better entropy
* on old systems
*
* only use it if needed
*/
if (fd < 0)
fd = open("/dev/random",
O_RDONLY | O_BINARY | O_NOFOLLOW |
O_CLOEXEC);
#endif
#endif
if (fd < 0)
goto retry_urandom_read;
retries = 0;
}
new_nr = rw_file_exact(fd, (unsigned char *)rbuf,
sizeof(rbuf), 0, IO_READ, LOOP_EAGAIN,
LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR);
if (new_nr < 0 || new_nr < (long)sizeof(rbuf))
goto retry_urandom_read;
/* only reset buffer after successful refill */
nr = new_nr;
off = 0;
/* to mitigate file descriptor
* injection, we do not re-use
* the same descriptor each time
*/
(void) close_on_eintr(fd);
fd = -1;
}
fd = -1;
retries = 0;
memcpy(&rval, rbuf + off, sizeof(unsigned long));
nr -= (long)sizeof(unsigned long);
off += sizeof(unsigned long);
return rval;
rlong_next:
fd = -1;
off = 0;
nr = -1;
/* TODO: will re-add timer-based fallback here #if defined(PORTABLE) */
err(EIO, "Can't read from /dev/[ua]random");
return 0;
/* add portable timers here */
#endif
}
void
check_bin(unsigned long a, const char *a_name)
{
if (a > 1)
err(EINVAL, "%s must be 0 or 1, but is %lu",
a_name, (unsigned long)a);
}