util/nvmutil: fix entropy issue

the time difference used here could go negative, which would overflow in the xor op on mix, leading to a biased entropy pool. we want to ensure that they numbers do not overflow, because here they are cast to unsigned which would then produce very large numbers. Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-13 14:10:10 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-13 14:10:10 +0000
commit: b95aacb8c6766b6382a194d85a8c2c049290ea2a (patch)
tree: 9978a0773ce87d196906fff335e6521e1e0095ea /util/nvmutil
parent: 7d1aeea97f29319241a02737cbe9c9f7915e10b1 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 10c5a6ab..1095a02a 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -1172,6 +1172,7 @@ entropy_jitter(void)
 {
 	struct timeval a, b;
 	unsigned long mix = 0;
+	long mix_diff;
 	int i;
 
 	for (i = 0; i < 8; i++) {
@@ -1179,7 +1180,15 @@ entropy_jitter(void)
 		getpid();
 		gettimeofday(&b, NULL);
 
-		mix ^= (unsigned long)(b.tv_usec - a.tv_usec);
+		/*
+		 * prevent negative numbers to prevent overflow,
+		 * which would bias rand to large numbers
+		 */
+		mix_diff = (long)(b.tv_usec - a.tv_usec);
+		if (mix_diff < 0)
+			mix_diff = -mix_diff;
+
+		mix ^= (unsigned long)(mix_diff);
 		mix ^= (unsigned long)&mix;
 	}
author	Leah Rowe <leah@libreboot.org>	2026-03-13 14:10:10 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-13 14:10:10 +0000
commit	b95aacb8c6766b6382a194d85a8c2c049290ea2a (patch)
tree	9978a0773ce87d196906fff335e6521e1e0095ea /util/nvmutil
parent	7d1aeea97f29319241a02737cbe9c9f7915e10b1 (diff)