| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
lx means unsigned long, and row is size_t which often
is, but this is not guaranteed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
there is 0x20 of different between a and A
so we can just or 0x20 and compare only lowercase.
we can also cast char (which may me signed on some
systems) to unsigned, and then only check whether
it's lower than 10.
this code results in far less branching (in C),
but a good optimising compiler probably wouldn't
have cared about the old version anyway.
it's just nicer C code.
this also means we no longer need to check for
X, only x.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it has arc4random, so we will use it there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
strnlen isn't available on some older unices.
we already know the string will be null-terminated,
because it comes from argv, so runaway reads are
extremely unlikely (read: impossible).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and 1 does the same thing as mod 2, but it's cleaner.
i also now bitshift 3 times instead of times by 8,
which again is clearer in purpose.
i line breaked after h, to make it clear that all of
the next part is being shifted in
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it isn't defined there
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
sizeof is size_t, so we must act accordingly.
casting it to an int is unacceptable.
this version is also branchless.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this prevents reassignment.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
fall back to urandom.
also add a /dev/random fallback, for older unices.
with the posix compatibility changes, combined with
this change as above, the code should be portable
now. i expect it to compile on *many* unix systems!
pretty much everything from the last 30 years.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we don't need a whole function. i previously did it
for clarity, but simply setting a variable all in
one line is totally fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the input is already size_t, which is unsigned
there's no point in checking for negative
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the purpose of the cast is to check whether a given
integer would underflow under any circumstance.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
size_t is generally the size of the address space, so
this is more reliable for our purposes; we're only
working on small buffers, but even so, it's a good
thing to do.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
directly handle swapping in word and set_word
in my testing, x86_64 and arm64 compilers actually produce
more efficient code this way. i previously only did a big
swap on the whole buffer on big-endian CPUs, and directly
accessed without swaps on little-endian, as an optimisation.
however, the old code is actually slower than what the
compiler produces, with the new code!
portability is retained with big-endian host CPUs and
little-endian host CPUs.
this also avoids the complication of memcpy and is just
generally extremely reliable by comparison.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we currently never read the 0th byte, so if we need
all 12, and we do when every byte is random, we
read again just to get one byte.
not really a bug, but it is a performance penalty,
so let's fix it!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it must be read perfectly, or else
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
mostly style changes
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, stale errno from an earlier syscall might
cause a valid read to still fail.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we want to debug it after the fact; this is now handled,
in the calling functions (unhandled error exceptions).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i don't care. it's only 30 tries.
usleep can fail, setting errno, and it can actually
take longer, depending on the environment. it poisons
errno, and makes debugging harder.
just remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we already exit reliably in that function. the current code
is logically correct, but very weak against future changes.
this extra check is essentially redundant, but prevantative
against future changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
errno shouldn't be set, after reading a file successfully.
if it is, that's a bug. handle it accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's just three words. access them directly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's only needed in one function (tmp variable).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This prevents hogging the CPU in a tight loop,
while waiting for access.
I've also reduced the number of tries to 30, rather
than 200. This is more conservative, while still
being somewhat permissive.
The addition of the usleep delay probably makes
this more reliable than the previous behaviour of
quickly spinning through 200 tries, but without
hogging CPU resources.
I *could* allow this loop to be infinite, but
I regard infinite spin-lock as an error state.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
a non-fatal error could have set errno. when we return
from check_read_or_die(), it should be assumed that
all is well.
i don't think this would mask anything important, but
it may be regarded as a preventative bug fix, since
it most likely only prevents false-positives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
