util/nvmutil: re-enable urandom reads

i had to loosen the pledges for the new i/o
framework, which needs more permissions

as a result, i can now open urandom in
this function statically, rather than
in nvmutil's control logic

and because of that, it's less buggy now

arc4random is disabled on linux by default,
because it's not universally available
on all libc, and only since about 2022
in some glibc versions

better for portability to let linux users
justt use urandom

the new logic is different. now it falls
back to rand per-byte, but in practise
it almost never will.

Signed-off-by: Leah Rowe <leah@libreboot.org>

1 files changed, 38 insertions, 0 deletions

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 4eb013be..af6c8e19 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -381,6 +381,7 @@ static ushort hextonum(char ch_s);
 static ushort rhex(void);
 #if !defined(HAVE_ARC4RANDOM_BUF) || \
     (HAVE_ARC4RANDOM_BUF) < 1
+static ushort read_urandom(void);
 static ulong entropy_jitter(void);
 #endif
 static void write_mac_part(size_t partnum);
@@ -1370,6 +1371,11 @@ rhex(void)
 	struct timeval tv;
 	ulong mix;
 	static ulong counter = 0;
+	ushort r;
+
+	r = read_urandom();
+	if (r < 16)
+		return r;
 
 	gettimeofday(&tv, NULL);
 
@@ -1391,6 +1397,38 @@ rhex(void)
 	return (ushort)(mix & 0xf);
 }
 
+static ushort
+read_urandom(void)
+{
+	static int fd = -1;
+	static ssize_t n = -1;
+
+	static u8 r[12];
+
+	if (fd < 0) {
+
+		fd = open("/dev/urandom", O_RDONLY);
+
+		if (fd < 0)
+			return 16;
+	}
+
+	if (n < 0) {
+
+		n = rw_file_exact(fd, r, 12, 0, IO_READ,
+		    LOOP_EAGAIN, LOOP_EINTR, 2, OFF_ERR);
+
+		if (n == 0)
+			n = -1;
+		if (n < 0)
+			return 16;
+
+		--n;
+	}
+
+	return r[n--] & 0xf;
+}
+
 static ulong
 entropy_jitter(void)
 {