From 10ecf32e33ca6a099dd9fe206e070584eb62b629 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Thu, 26 Mar 2026 09:32:11 +0000
Subject: libreboot-utils: improved randomness test

and the module bias handling is fully correct

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/libreboot-utils/lib/rand.c | 57 +++++++++++++++++++++++++----------------
 1 file changed, 35 insertions(+), 22 deletions(-)

(limited to 'util/libreboot-utils/lib/rand.c')

diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c
index 63cb3fcd..58cb211e 100644
--- a/util/libreboot-utils/lib/rand.c
+++ b/util/libreboot-utils/lib/rand.c
@@ -72,49 +72,62 @@
  * or your program dies.
  */
 
-#ifndef BUFSIZ
-#define BUFSIZ 8192 /* reasonably on modern 64-bit systems */
-#elif (BUFSIZ <= 0)
-#error defined buffer size BUFSIZ below or equal to zero
-#endif
+#define MAX_ALLOC (2 << 16)
 
 int
-win_lottery(char **buf) /* are u lucky? */
+win_lottery(void) /* are u lucky? */
 {
-	size_t size = 0;
-	int rval;
+	size_t size = rsize();
+	size_t size2 = rsize();
+	char *s = NULL; 
+
+	if (size &&
+	    size == size2 &&
+	    size <= MAX_ALLOC << 1) {
+
+		if (!memcmp(s = mkrbuf(size << 1),
+		    s + size, size))
+			size2 = 1; /* winner! */
+		else
+			size2 = 0;
+	} else {
+		return 0;
+	}
 
-	char *s1 = rmalloc(&size);
-	char *s2 = rmalloc(&size);
+	free_if_null(&s);
+	return (int)size2;
+}
 
-	if (scmp(s1, s2, BUFSIZ + 1, &rval) >= 0 &&
-	    rval == 0)
-		rval = 1; /* winner! */
-	else
-		rval = 0;
+size_t
+rsize(void)
+{
+	size_t rval = 0;
 
-	(void) scat(s1, s2, BUFSIZ << 1, buf);
+	/* clamp rand to prevent modulo bias */
+	size_t limit = SIZE_MAX - (SIZE_MAX % MAX_ALLOC);
 
-	free_if_null(&s1);
-	free_if_null(&s2);
+	do {
+		rset(&rval, sizeof(rval));
+	} while (rval >= limit);
 
-	return rval;
+	return rval % MAX_ALLOC;
 }
 
+
 void *
 rmalloc(size_t *rval)
 {
 	/* clamp rand to prevent modulo bias */
-	size_t limit = SIZE_MAX - (SIZE_MAX % BUFSIZ);
+	size_t limit = SIZE_MAX - (SIZE_MAX % MAX_ALLOC);
 
 	if (if_err(rval == NULL, EFAULT))
 		return NULL;
 
 	do {
 		rset(rval, sizeof(*rval));
-	} while (*rval >= limit);
+	} while (*rval >= limit || *rval == 0);
 
-	return mkrstr(*rval %= BUFSIZ);
+	return mkrstr(*rval %= MAX_ALLOC);
 }
 
 char *
-- 
cgit v1.2.1