git.ipfire.org Git - thirdparty/systemd.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Mon, 7 Mar 2022 05:15:44 +0000 (22:15 -0700)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Mon, 14 Mar 2022 19:47:13 +0000 (19:47 +0000)
commit	ffa047a03e4c5f6bd3af73b7eecb99cd230fe204
tree	ec7d89170b956d63cb5ac04a4e77251d77aea7bc	tree \| snapshot
parent	e28770e3674c42365eb22adf35a556e8cccb9bfb	commit \| diff

random-util: remove RDRAND usage

/dev/urandom is seeded with RDRAND. Calling genuine_random_bytes(...,
..., 0) will use /dev/urandom as a last resort. Hence, we gain nothing
here by having our own RDRAND wrapper, because /dev/urandom already is
based on RDRAND output, even before /dev/urandom has fully initialized.

Furthermore, RDRAND is not actually fast! And on each successive
generation of new x86 CPUs, from both AMD and Intel, it just gets
slower.

This commit simplifies things by just using /dev/urandom in cases where
we before might use RDRAND, since /dev/urandom will always have RDRAND
mixed in as part of it.

And above where I say "/dev/urandom", what I actually mean is
GRND_INSECURE, which is the same thing but won't generate warnings in
dmesg.

NEWS		diff \| blob \| blame \| history
docs/ENVIRONMENT.md		diff \| blob \| blame \| history
docs/PORTING_TO_NEW_ARCHITECTURES.md		diff \| blob \| blame \| history
docs/RANDOM_SEEDS.md		diff \| blob \| blame \| history
src/basic/random-util.c		diff \| blob \| blame \| history
src/basic/random-util.h		diff \| blob \| blame \| history
src/libsystemd/sd-id128/sd-id128.c		diff \| blob \| blame \| history
src/test/test-random-util.c		diff \| blob \| blame \| history
src/udev/net/link-config.c		diff \| blob \| blame \| history