util/nvmutil: fix entropy issue

the time difference used here could go negative, which would overflow in the xor op on mix, leading to a biased entropy pool. we want to ensure that they numbers do not overflow, because here they are cast to unsigned which would then produce very large numbers. Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-13 14:10:10 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-26 06:59:41 +0000
commit: 0c9bcaaba830375fb4e5cafabbf2719d348e1c4f (patch)
tree: d68419b8f28a764b277e1917dd3ee8ce5c857604 /util
parent: 475c50932ed95cc062c8e2664e20e18bbad93dff (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 10c5a6ab..1095a02a 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -1172,6 +1172,7 @@ entropy_jitter(void)
 {
 	struct timeval a, b;
 	unsigned long mix = 0;
+	long mix_diff;
 	int i;
 
 	for (i = 0; i < 8; i++) {
@@ -1179,7 +1180,15 @@ entropy_jitter(void)
 		getpid();
 		gettimeofday(&b, NULL);
 
-		mix ^= (unsigned long)(b.tv_usec - a.tv_usec);
+		/*
+		 * prevent negative numbers to prevent overflow,
+		 * which would bias rand to large numbers
+		 */
+		mix_diff = (long)(b.tv_usec - a.tv_usec);
+		if (mix_diff < 0)
+			mix_diff = -mix_diff;
+
+		mix ^= (unsigned long)(mix_diff);
 		mix ^= (unsigned long)&mix;
 	}
author	Leah Rowe <leah@libreboot.org>	2026-03-13 14:10:10 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-26 06:59:41 +0000
commit	0c9bcaaba830375fb4e5cafabbf2719d348e1c4f (patch)
tree	d68419b8f28a764b277e1917dd3ee8ce5c857604 /util
parent	475c50932ed95cc062c8e2664e20e18bbad93dff (diff)