From 17633caa5521c4074c8ac056b99941259ce52aac Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Thu, 26 Mar 2026 09:32:11 +0000 Subject: libreboot-utils: improved randomness test and the module bias handling is fully correct Signed-off-by: Leah Rowe --- util/libreboot-utils/include/common.h | 3 ++- util/libreboot-utils/lib/rand.c | 47 ++++++++++++++++++++++++++--------- util/libreboot-utils/lottery.c | 17 +++---------- 3 files changed, 41 insertions(+), 26 deletions(-) diff --git a/util/libreboot-utils/include/common.h b/util/libreboot-utils/include/common.h index 0c8fbd3d..71f28fad 100644 --- a/util/libreboot-utils/include/common.h +++ b/util/libreboot-utils/include/common.h @@ -391,7 +391,8 @@ void *rmalloc(size_t *size); /* don't ever use this */ void rset(void *buf, size_t n); void *mkrbuf(size_t n); char *mkrstr(size_t n); -int win_lottery(char **buf); +int win_lottery(void); +size_t rsize(void); /* Helper functions for command: dump */ diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c index 63cb3fcd..7748ae80 100644 --- a/util/libreboot-utils/lib/rand.c +++ b/util/libreboot-utils/lib/rand.c @@ -79,42 +79,65 @@ #endif int -win_lottery(char **buf) /* are u lucky? */ +win_lottery(void) /* are u lucky? */ { - size_t size = 0; - int rval; + size_t size = rsize(); + size_t size2 = rsize(); + int rval = 0; - char *s1 = rmalloc(&size); - char *s2 = rmalloc(&size); + char *s1 = NULL; + char *s2 = NULL; - if (scmp(s1, s2, BUFSIZ + 1, &rval) >= 0 && - rval == 0) + if (size != size2) + return 0; + + s1 = mkrbuf(size); + s2 = mkrbuf(size); + + if (!memcmp(s1, s2, size)) rval = 1; /* winner! */ else rval = 0; - (void) scat(s1, s2, BUFSIZ << 1, buf); - free_if_null(&s1); free_if_null(&s2); return rval; } +size_t +rsize(void) +{ + size_t rval = 0; + size_t size = 67108864; + + /* clamp rand to prevent modulo bias */ + size_t limit = SIZE_MAX - (SIZE_MAX % size); + + do { + rset(&rval, sizeof(rval)); + } while (rval >= limit); + + return rval % size; +} + + void * rmalloc(size_t *rval) { + size_t size = 16777216; + /* clamp rand to prevent modulo bias */ - size_t limit = SIZE_MAX - (SIZE_MAX % BUFSIZ); + size_t limit = SIZE_MAX - (SIZE_MAX % size); if (if_err(rval == NULL, EFAULT)) return NULL; do { rset(rval, sizeof(*rval)); - } while (*rval >= limit); + } while (*rval >= limit || *rval == 0); - return mkrstr(*rval %= BUFSIZ); + return mkrstr(*rval %= size); } char * diff --git a/util/libreboot-utils/lottery.c b/util/libreboot-utils/lottery.c index 8157d7a9..4c3b0f70 100644 --- a/util/libreboot-utils/lottery.c +++ b/util/libreboot-utils/lottery.c @@ -7,15 +7,12 @@ #endif #include -#include #include "include/common.h" int main(int argc, char *argv[]) { - char *s1 = NULL; - int rval = 0; - + int lucky; #if defined(__OpenBSD__) && defined(OpenBSD) #if (OpenBSD) >= 509 if (pledge("stdio", NULL) == -1) @@ -24,16 +21,10 @@ main(int argc, char *argv[]) #endif setvbuf(stdout, NULL, _IONBF, 0); - if (win_lottery(&s1)) - rval = 1; - - if (s1 != NULL) { - printf("%s\n\n", s1); - free(s1); - } + lucky = win_lottery(); - printf("%s\n", rval ? "You won!" : "You lose! Sorry!"); - return rval? EXIT_SUCCESS : EXIT_FAILURE; + printf("%s\n", lucky ? "You won!" : "You lose! Sorry!"); + return lucky ? EXIT_SUCCESS : EXIT_FAILURE; }/* ( >:3 ) -- cgit v1.2.1