• Theodore Ts'o's avatar
    random: add new get_random_bytes_arch() function · 7f5d5266
    Theodore Ts'o authored
    commit c2557a30 upstream.
    
    Create a new function, get_random_bytes_arch() which will use the
    architecture-specific hardware random number generator if it is
    present.  Change get_random_bytes() to not use the HW RNG, even if it
    is avaiable.
    
    The reason for this is that the hw random number generator is fast (if
    it is present), but it requires that we trust the hardware
    manufacturer to have not put in a back door.  (For example, an
    increasing counter encrypted by an AES key known to the NSA.)
    
    It's unlikely that Intel (for example) was paid off by the US
    Government to do this, but it's impossible for them to prove otherwise
    7f5d5266
random.c 43.6 KB