random-util: Add an environment variable to disable RDRAND.

SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims
to support it. All other values have no effect.

Fixes: #17112

2 files changed, 13 insertions, 0 deletions

diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index ea433a497a..38752c9169 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -80,6 +80,9 @@ All tools:
   honoured on systems built with libxcrypt and is ignored on systems using
   glibc's original, internal crypt() implementation.)
 
+* `$SYSTEMD_RDRAND=0` — if set, the RDRAND instruction will never be used,
+  even if the CPU supports it.
+
 systemctl:
 
 * `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus
diff --git a/src/basic/random-util.c b/src/basic/random-util.c
index 6eeed9af34..2031262389 100644
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@@ -21,6 +21,7 @@
 #endif
 
 #include "alloc-util.h"
+#include "env-util.h"
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
@@ -116,6 +117,15 @@ int rdrand(unsigned long *ret) {
 #endif
 
                 have_rdrand = !!(ecx & bit_RDRND);
+
+                if (have_rdrand > 0) {
+                        /* Allow disabling use of RDRAND with SYSTEMD_RDRAND=0
+                           If it is unset getenv_bool_secure will return a negative value. */
+                        if (getenv_bool_secure("SYSTEMD_RDRAND") == 0) {
+                                have_rdrand = false;
+                                return -EOPNOTSUPP;
+                        }
+                }
         }
 
         if (have_rdrand == 0)