random-util: Add an environment variable to disable RDRAND.

SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims to support it. All other values have no effect. Fixes: #17112
2020-09-23 14:19:09 -07:00 · 2020-09-23 14:19:09 -07:00 · fbccb980e5
parent 6de6f4891f
commit fbccb980e5
2 changed files with 13 additions and 0 deletions
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -80,6 +80,9 @@ All tools:
  honoured on systems built with libxcrypt and is ignored on systems using
  glibc's original, internal crypt() implementation.)

+* `$SYSTEMD_RDRAND=0` — if set, the RDRAND instruction will never be used,
+  even if the CPU supports it.
+
 systemctl:

 * `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@ -21,6 +21,7 @@
 #endif

 #include "alloc-util.h"
+#include "env-util.h"
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
@ -116,6 +117,15 @@ int rdrand(unsigned long *ret) {
 #endif

                have_rdrand = !!(ecx & bit_RDRND);
+
+                if (have_rdrand > 0) {
+                        /* Allow disabling use of RDRAND with SYSTEMD_RDRAND=0
+                           If it is unset getenv_bool_secure will return a negative value. */
+                        if (getenv_bool_secure("SYSTEMD_RDRAND") == 0) {
+                                have_rdrand = false;
+                                return -EOPNOTSUPP;
+                        }
+                }
        }

        if (have_rdrand == 0)