libreboot-utils: add dragonflybsd to arc4random

it supports arc4random since forever

Signed-off-by: Leah Rowe <leah@libreboot.org>

util/libreboot-utils/include/common.h

@@ -384,7 +384,7 @@ int dcat(const char *s, size_t n,
  */
 
 unsigned short hextonum(char ch_s);
-void rset(void *buf, size_t n);
+size_t rlong(void);
 
 /* Helper functions for command: dump
  */

util/libreboot-utils/lib/mkhtemp.c

@@ -634,8 +634,15 @@ mkhtemp(int *fd,
 		    st_dir_initial, fname_copy,
 		    p, xc, fd, st, type);
 
-		if (r == 0)
+		if (r == 0) {
+			if (retries >= MKHTEMP_SPIN_THRESHOLD) {
+				/* usleep can return EINTR */
+				close_errno = errno;
+				usleep((useconds_t)rlong() & 0x3FF);
+				errno = close_errno;
+			}
 			continue;
+		}
 		if (r < 0)
 			goto err;
 
@@ -879,32 +886,37 @@ err:
 int
 mkhtemp_fill_random(char *p, size_t xc)
 {
-	static const char ch[] =
+	static char ch[] =
 	    "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 
-	unsigned char scratch[64];
+	size_t chx = 0;
+	size_t r;
 
-	size_t off = 0;
-	size_t i;
-
-	/* clamp rand to prevent modulo bias */
-	size_t limit = 256 - (256 % (sizeof(ch) - 1));
+	/* clamp rand to prevent modulo bias
+	 */
+	size_t limit = ((size_t)-1) - (((size_t)-1) % (sizeof(ch) - 1));
+	int saved_errno = errno;
 
 	if (if_err(p == NULL, EFAULT))
 		return -1;
 
-retry_rand:
-	rset(scratch, sizeof(scratch));
+	for (chx = 0; chx < xc; chx++) {
 
-	for (i = 0; i < sizeof(scratch) && off < xc; i++) {
-		if (scratch[i] < limit)
-			p[off++] = ch[scratch[i] % (sizeof(ch) - 1)];
+retry_rand:
+		/* on bsd: uses arc4random
+		   on linux: uses getrandom
+		   *never returns error*
+		 */
+		r = rlong(); /* always returns successful */
+		if (r >= limit)
+			goto retry_rand;
+
+		p[chx] = ch[r % (sizeof(ch) - 1)];
 	}
 
-	if (off < xc)
-		goto retry_rand;
-
+	errno = saved_errno;
 	return 0;
+
 }
 
 /* WARNING: **ONCE** per file.

util/libreboot-utils/lib/num.c

@@ -84,7 +84,7 @@ hextonum(char ch_s)
 
 	if (ch == '?' || ch == 'x') {
 
-		rset(&rval, sizeof(rval));
+		rval = rlong();
 		if (errno > 0)
 			goto err_hextonum;
 

util/libreboot-utils/lib/rand.c

@@ -12,80 +12,103 @@
 #endif
 #include <sys/types.h>
 
-#ifndef USE_URANDOM
-#define USE_URANDOM 0
-#endif
-
 #include <errno.h>
-#if defined(USE_URANDOM) && \
-    ((USE_URANDOM) > 0)
+#if !((defined(__OpenBSD__) && (OpenBSD) >= 201) || \
+    defined(__FreeBSD__) || \
+    defined(__NetBSD__) || defined(__APPLE__))
 #include <fcntl.h> /* if not arc4random: /dev/urandom */
 #endif
-
-#include <fcntl.h>
 #include <limits.h>
 #include <stddef.h>
 #include <string.h>
 #include <unistd.h>
 #include <stdlib.h>
-#include <string.h>
 
 #include "../include/common.h"
 
-void
-rset(void *buf, size_t n)
+/* Random numbers
+ */
+
+/* when calling this: save errno
+ * first, then set errno to zero.
+ * on error, this function will
+ * set errno and possibly return
+ *
+ * rlong also preserves errno
+ * and leaves it unchanged on
+ * success, so if you do it
+ * right, you can detect error.
+ * this is because it uses
+ * /dev/urandom which can err.
+ * ditto getrandom (EINTR),
+ * theoretically.
+ */
+
+/* for the linux version: we use only the
+ * syscall, because we cannot trust /dev/urandom
+ * to be as robust, and some libc implementations
+ * may default to /dev/urandom under fault conditions.
+ *
+ * for general high reliability, we must abort on
+ * failure. in practise, it will likely never fail.
+ * the arc4random call on bsd never returns error.
+ */
+
+size_t
+rlong(void)
 {
+	size_t rval;
 	int saved_errno = errno;
+	errno = 0;
 
 #if (defined(__OpenBSD__) || defined(__FreeBSD__) || \
     defined(__NetBSD__) || defined(__APPLE__) || \
-    defined(__DragonFly__)) && !(defined(USE_URANDOM) && \
-    ((USE_URANDOM) > 0))
+    defined(__DragonFly__))
 
-	arc4random_buf(buf, n);
+	arc4random_buf(&rval, sizeof(size_t));
 	goto out;
-#else
-	size_t off = 0;
-	ssize_t rc = 0;
 
-#if defined(USE_URANDOM) && \
-    ((USE_URANDOM) > 0)
-	int fd = -1;
-
-	if ((fd = open("/dev/urandom", O_RDONLY)) < 0)
-		goto err;
-retry_rand:
-	if ((rc = read(fd, buf + off, n - off)) < 0) {
 #elif defined(__linux__)
+
+	size_t off = 0;
+	size_t len = sizeof(rval);
+	ssize_t rc;
+
 retry_rand:
-	if ((rc = (ssize_t)syscall(SYS_getrandom,
-	    buf + off, n - off, 0)) < 0) {
-#else
-#error Unsupported operating system (possibly unsecure randomisation)
-#endif
-		if (errno == EINTR ||
-		    errno == EAGAIN)
+	rc = (ssize_t)syscall(SYS_getrandom,
+	    (char *)&rval + off, len - off, 0);
+
+	if (rc < 0) {
+		if (errno == EINTR || errno == EAGAIN) {
+			usleep(100);
 			goto retry_rand;
+		}
 
 		goto err; /* possibly unsupported by kernel */
 	}
 
-	if ((off += (size_t)rc) < n)
+	if ((off += (size_t)rc) < len)
 		goto retry_rand;
 
-#if defined(USE_URANDOM) && \
-    ((USE_URANDOM) > 0)
-	close_no_err(&fd);
-#endif
-
 	goto out;
 err:
+	/*
+	 * getrandom can return with error, butt arc4random
+	 * doesn't. generally, getrandom will be reliably,
+	 * but we of course have to maintain parity with
+	 * BSD. So a rand failure is to be interpreted as
+	 * a major systems failure, and we act accordingly.
+	 */
 	err_no_cleanup(1, ECANCELED,
 	    "Randomisation failure, possibly unsupported in your kernel.");
 	exit(EXIT_FAILURE);
+
+#else
+#error Unsupported operating system (possibly unsecure randomisation)
 #endif
 
 out:
 	errno = saved_errno;
+	return rval;
 }
 #endif

util/libreboot-utils/nvmutil.c

@@ -44,14 +44,8 @@ main(int argc, char *argv[])
 #if (OpenBSD) >= 604
 	if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1)
 		err_no_cleanup(0, errno, "pledge plus unveil, main");
-#if defined(USE_URANDOM) && \
-    ((USE_URANDOM) > 0)
 	if (unveil("/dev/null", "r") == -1)
 		err_no_cleanup(0, errno, "unveil r: /dev/null");
-#else
-	if (unveil("/dev/urandom", "r") == -1)
-		err_no_cleanup(0, errno, "unveil r: /dev/urandom");
-#endif
 #elif (OpenBSD) >= 509
 	if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
 		err_no_cleanup(0, errno, "pledge, main");