diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-05-10 11:15:16 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-05-10 11:15:16 +0200 |
| commit | 0497c4c28ae2446a58ec0869f5993305bc8e29e0 (patch) | |
| tree | e48d786d838feec55865df10362f42243da464d1 /src/basic/missing_random.h | |
| parent | random-util: use ERRNO_IS_NOT_SUPPORTED() macro (diff) | |
| download | systemd-0497c4c28ae2446a58ec0869f5993305bc8e29e0.tar.xz systemd-0497c4c28ae2446a58ec0869f5993305bc8e29e0.zip | |
random-util: make use of GRND_INSECURE when it is defined
kernel 5.6 added support for a new flag for getrandom(): GRND_INSECURE.
If we set it we can get some random data out of the kernel random pool,
even if it is not yet initializated. This is great for us to initialize
hash table seeds and such, where it is OK if they are crap initially. We
used RDRAND for these cases so far, but RDRAND is only available on
newer CPUs and some archs. Let's now use GRND_INSECURE for these cases
as well, which means we won't needlessly delay boot anymore even on
archs/CPUs that do not have RDRAND.
Of course we never set this flag when generating crypto keys or uuids.
Which makes it different from RDRAND for us (and is the reason I think
we should keep explicit RDRAND support in): RDRAND we don't trust enough
for crypto keys. But we do trust it enough for UUIDs.
Diffstat (limited to 'src/basic/missing_random.h')
| -rw-r--r-- | src/basic/missing_random.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/basic/missing_random.h b/src/basic/missing_random.h index 2e76031b32..17af87a3ae 100644 --- a/src/basic/missing_random.h +++ b/src/basic/missing_random.h @@ -14,3 +14,7 @@ #ifndef GRND_RANDOM #define GRND_RANDOM 0x0002 #endif + +#ifndef GRND_INSECURE +#define GRND_INSECURE 0x0004 +#endif |