2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/opensslconf.h>
16 #if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
17 defined(__x86_64) || defined(__x86_64__) || \
18 defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
20 size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf
, size_t len
);
21 size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf
, size_t len
);
23 void OPENSSL_cpuid_setup(void);
25 extern unsigned int OPENSSL_ia32cap_P
[4];
27 static int sanity_check_bytes(size_t (*rng
)(unsigned char *, size_t),
28 int rounds
, int min_failures
, int max_retries
, int max_zero_words
)
31 unsigned char prior
[31] = {0}, buf
[31] = {0}, check
[7];
32 int failures
= 0, zero_words
= 0;
35 for (i
= 0; i
< rounds
; i
++) {
39 for (retry
= 0; retry
< max_retries
; retry
++) {
40 generated
= rng(buf
, sizeof(buf
));
41 if (generated
== sizeof(buf
))
47 * Verify that we don't have too many unexpected runs of zeroes,
48 * implying that we might be accidentally using the 32-bit RDRAND
49 * instead of the 64-bit one on 64-bit systems.
52 for (j
= 0; j
< sizeof(buf
) - 1; j
++) {
53 if (buf
[j
] == 0 && buf
[j
+1] == 0) {
58 if (!TEST_int_eq(generated
, sizeof(buf
)))
60 if (!TEST_false(!memcmp(prior
, buf
, sizeof(buf
))))
63 /* Verify that the last 7 bytes of buf aren't all the same value */
64 unsigned char *tail
= &buf
[sizeof(buf
) - sizeof(check
)];
65 memset(check
, tail
[0], 7);
66 if (!TEST_false(!memcmp(check
, tail
, sizeof(check
))))
69 /* Save the result and make sure it's different next time */
70 memcpy(prior
, buf
, sizeof(buf
));
73 if (!TEST_int_le(zero_words
, max_zero_words
))
76 if (!TEST_int_ge(failures
, min_failures
))
84 static int sanity_check_rdrand_bytes(void)
86 return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes
, 1000, 0, 10, 10);
89 static int sanity_check_rdseed_bytes(void)
92 * RDSEED may take many retries to succeed; note that this is effectively
93 * multiplied by the 8x retry loop in asm, and failure probabilities are
94 * increased by the fact that we need either 4 or 8 samples depending on
97 return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes
, 1000, 1, 10000, 10);
100 int setup_tests(void)
102 OPENSSL_cpuid_setup();
104 int have_rdseed
= (OPENSSL_ia32cap_P
[2] & (1 << 18)) != 0;
105 int have_rdrand
= (OPENSSL_ia32cap_P
[1] & (1 << (62 - 32))) != 0;
108 ADD_TEST(sanity_check_rdrand_bytes
);
112 ADD_TEST(sanity_check_rdseed_bytes
);
121 int setup_tests(void)