Skip to content

prefer RDRAND over getrandom() and /dev/urandom when we don't need the very best randomness #10676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 8, 2018
Merged

prefer RDRAND over getrandom() and /dev/urandom when we don't need the very best randomness #10676

merged 8 commits into from
Nov 8, 2018

Conversation

@poettering
Copy link
Member

This has the benefit that on x86-64 we won't drain the random pool so much.

Whenever we require randomness for the sake of keeping secrets stick to getrandom(), but for stuff such as UUID generation and seed generation for hash tables use RDRAND when it is available.

@poettering
random-util: rename acquire_random_bytes() → genuine_random_bytes()
3335dc2 
It's more descriptive, since we also have a function random_bytes()
which sounds very similar.

Also rename pseudorandom_bytes() to pseudo_random_bytes(). This way the
two functions are nicely systematic, one returning genuine random bytes
and the other pseudo random ones.
@poettering
random-util: handle if getrandom() returns 0
d68ccc0 
This should normally not happen, but given that the man page suggests
something about this in the context of interruption, let's handle this
and propagate an I/O error.
@poettering
random-util: fix indentation
afff8f1
@poettering
random-util: change high_quality_required bool parameter into a flags…
94d457e 
… parameter

No change in behaviour, just some refactoring.
@poettering
random-util: optionally enable blocking getrandom() behaviour
6853434 
When generating the salt for the firstboot password logic, let's use
getrandom() blocking mode, and insist in the very best entropy.
@poettering
random-util: if zero random bytes are requested we can always fulfill…
776cf74 
… the request
@poettering
random-util: introduce RANDOM_DONT_DRAIN
6fb6f13 
Originally, the high_quality_required boolean argument controlled two
things: whether to extend any random data we successfully read with
pseudo-random data, and whether to return -ENODATA if we couldn't read
any data at all.

The boolean got replaced by RANDOM_EXTEND_WITH_PSEUDO, but this name
doesn't really cover the second part nicely. Moreover hiding both
changes of behaviour under a single flag is confusing. Hence, let's
split this part off under a new flag, and use it from random_bytes().
@poettering
random-util: optionally allow randomness to be generated via RDRAND
cc83d51 
We only use this when we don't require the best randomness. The primary
usecase for this is UUID generation, as this means we don't drain
randomness from the kernel pool for them. Since UUIDs are usually not
secrets RDRAND should be goot enough for them to avoid real-life
collisions.
keszybz
keszybz reviewed Nov 8, 2018
View reviewed changes
Copy link
Member

@keszybz keszybz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great apart from this one small thing.

@poettering poettering mentioned this pull request Nov 8, 2018
Closed
@keszybz keszybz merged commit abdcb68 into systemd:master Nov 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keszybz keszybz keszybz left review comments

Assignees

No one assigned

Labels

util-lib

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@poettering @keszybz