This function is the exported kernel interface. It returns some
number of good random numbers, suitable for key generation, seeding
TCP sequence numbers, etc.
Here is the accepted commit that makes get_random_bytes() use RDRAND directly:
A year later, Ted Ts'o made get_random_bytes() go through the usual entropy pool and added get_random_bytes_arch() for a consumer that doesn't want to go through the entropy pool. (The core kernel does not currently use get_random_bytes_arch() anywhere.)
Note that the heated discussion came before v3 of Anvin's patch, and thus /dev/urandom was included. Matt's objections were perhaps not expressed very clearly, but Linus was pretty cavalier in overruling Matt Mackall (the /dev/random maintainer at that time) and I think his retort to George Spelvin's very rational objection was unreasonable:
I find it scary that these commits made it as far as they did. Note also that on the day of the leaks (ironic timing), Ts'o had to shoot down a RedHat engineer proposing to once again make get_random_bytes() bypass the kernel entropy pool.
As for other locations, the point is to be undetectable while deployed at massive scale. Keyloggers and active backdoors are much higher risk. Great for a targeted investigation, but terrible for untargeted passive surveillance.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.g...
Note that this was version 3 of that patch. Versions 1 and 2 also took control of /dev/urandom. Here is v2:
http://thread.gmane.org/gmane.linux.kernel/1173350/focus=117...
A year later, Ted Ts'o made get_random_bytes() go through the usual entropy pool and added get_random_bytes_arch() for a consumer that doesn't want to go through the entropy pool. (The core kernel does not currently use get_random_bytes_arch() anywhere.)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.g...
Note that the heated discussion came before v3 of Anvin's patch, and thus /dev/urandom was included. Matt's objections were perhaps not expressed very clearly, but Linus was pretty cavalier in overruling Matt Mackall (the /dev/random maintainer at that time) and I think his retort to George Spelvin's very rational objection was unreasonable:
http://thread.gmane.org/gmane.linux.kernel/1173350/focus=117...
I find it scary that these commits made it as far as they did. Note also that on the day of the leaks (ironic timing), Ts'o had to shoot down a RedHat engineer proposing to once again make get_random_bytes() bypass the kernel entropy pool.
https://lkml.org/lkml/2013/9/5/212
As for other locations, the point is to be undetectable while deployed at massive scale. Keyloggers and active backdoors are much higher risk. Great for a targeted investigation, but terrible for untargeted passive surveillance.
https://plus.google.com/u/0/117091380454742934025/posts/XeAp...