err if buf NULL, len -1
also getrandom may return fewer bytes, so
loop that too.
why can't linux be like bsd? bsd is:
arc4random_buf(buf, len);
no checks needed. it never errs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
openbsd 2.1 has arc4random, which we detect here.
arandom was apparently added much later, so this
is dead code. remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we still fall back to the old /dev/urandom read
on older linux, via runtime detection (ENOSYS).
getrandom is better, because it guarantees entropy
via blocking, and works even when /dev/urandom
is unavailable.
it has the same practical benefit as arc4random,
which i use on bsd. linux can have arc4random,
but not every linux libc has it, so it's better
to use getrandom on linux.
older linux will fall back to /dev/urandom
Signed-off-by: Leah Rowe <leah@libreboot.org>
more random characters
i added support for higher than the standard 6
characters so i can go nuts
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Signed-off-by: Leah Rowe <leah@libreboot.org>
200 retries, not 100.
and open with O_NOFOLLOW and O_CLOEXEC
check X on mkstemp
support more than 6 X in mkstemp
make PATH_LEN 4096
1024 is a bit low
make default mkstemp length 4096
Signed-off-by: Leah Rowe <leah@libreboot.org>
i had this idea in my head of later porting this
to k&r c for fun. but screw it.
compiling on everything since 1989 is enough
Signed-off-by: Leah Rowe <leah@libreboot.org>
handle init in xstatus()
it's now a singleton design
also tidied up some other code
also removed todo.c. bloat.
will do all those anyway.
too much change. i just kept
touching the code until it
looked good
Signed-off-by: Leah Rowe <leah@libreboot.org>
question mark respects environmental variables
but isn't portable
you can just pass as argument on the command line
question mark is more useful for build systems,
but i'm not really bothered. the old way works.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make a singleton function instead
now there are technically no global variables,
so i can more easily start splitting this up
into multiple linked programs
Signed-off-by: Leah Rowe <leah@libreboot.org>
must be world writeable and not have sticky bits
a bit theoretical, but we're also reading TMPDIR,
which could be anything
due to how this is called, it defaults back to /tmp
if null is returned, so itt's safe
Signed-off-by: Leah Rowe <leah@libreboot.org>
set it really high though, so it's still
basically reliably
an EINTR/EAGAIN storm could cause problems
in prw()
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, a stale descriptor could be manipulated
easily by an attacker over time
very theoretical to be honest
Signed-off-by: Leah Rowe <leah@libreboot.org>
the actual cat function just writes to stdout
we need only check that the input is null, which
i've now done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
where feasible, don't assign them at declaration
this is especially important for the next change
i'm working on
Signed-off-by: Leah Rowe <leah@libreboot.org>
call it sooner. set new_state afterward.
i had to uncouple nv from some functions
for this, and i also added some extra
checks especially at exit, about whether
to touch nv (whether it is initialised)
Signed-off-by: Leah Rowe <leah@libreboot.org>
