| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not int
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it calls word() anyway, but we should still check it here,
since this is quite a critical function.
the other bound checks are done by word(), which this
function uses to add everything up.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make a helper for cmd_setchecksum with size_t arg,
and use it in write_mac_part.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
better reflects intent
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
because we check the part first, so we need to know it's
valid before proceeding.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
now that part numbers are size_t, i don't need them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not int
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
inline check_read_or_die
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
lx means unsigned long, and row is size_t which often
is, but this is not guaranteed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
there is 0x20 of different between a and A
so we can just or 0x20 and compare only lowercase.
we can also cast char (which may me signed on some
systems) to unsigned, and then only check whether
it's lower than 10.
this code results in far less branching (in C),
but a good optimising compiler probably wouldn't
have cared about the old version anyway.
it's just nicer C code.
this also means we no longer need to check for
X, only x.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it has arc4random, so we will use it there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
strnlen isn't available on some older unices.
we already know the string will be null-terminated,
because it comes from argv, so runaway reads are
extremely unlikely (read: impossible).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and 1 does the same thing as mod 2, but it's cleaner.
i also now bitshift 3 times instead of times by 8,
which again is clearer in purpose.
i line breaked after h, to make it clear that all of
the next part is being shifted in
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it isn't defined there
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
sizeof is size_t, so we must act accordingly.
casting it to an int is unacceptable.
this version is also branchless.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this prevents reassignment.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
fall back to urandom.
also add a /dev/random fallback, for older unices.
with the posix compatibility changes, combined with
this change as above, the code should be portable
now. i expect it to compile on *many* unix systems!
pretty much everything from the last 30 years.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we don't need a whole function. i previously did it
for clarity, but simply setting a variable all in
one line is totally fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the input is already size_t, which is unsigned
there's no point in checking for negative
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the purpose of the cast is to check whether a given
integer would underflow under any circumstance.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
size_t is generally the size of the address space, so
this is more reliable for our purposes; we're only
working on small buffers, but even so, it's a good
thing to do.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
directly handle swapping in word and set_word
in my testing, x86_64 and arm64 compilers actually produce
more efficient code this way. i previously only did a big
swap on the whole buffer on big-endian CPUs, and directly
accessed without swaps on little-endian, as an optimisation.
however, the old code is actually slower than what the
compiler produces, with the new code!
portability is retained with big-endian host CPUs and
little-endian host CPUs.
this also avoids the complication of memcpy and is just
generally extremely reliable by comparison.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
