2 * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include "internal/cryptlib.h"
16 #if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
17 defined(__x86_64) || defined(__x86_64__) || \
18 defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
20 size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
21 size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
26 #if defined(__aarch64__) && defined(OPENSSL_CPUID_OBJ)
27 # define IS_AARCH_64 1
28 # include "arm_arch.h"
30 size_t OPENSSL_rndr_bytes(unsigned char *buf, size_t len);
31 size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len);
33 # define IS_AARCH_64 0
36 #if (IS_X_86 || IS_AARCH_64)
37 static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t),
38 int rounds, int min_failures, int max_retries, int max_zero_words)
41 unsigned char prior[31] = {0}, buf[31] = {0}, check[7];
42 int failures = 0, zero_words = 0;
45 for (i = 0; i < rounds; i++) {
49 for (retry = 0; retry < max_retries; retry++) {
50 generated = rng(buf, sizeof(buf));
51 if (generated == sizeof(buf))
57 * Verify that we don't have too many unexpected runs of zeroes,
58 * implying that we might be accidentally using the 32-bit RDRAND
59 * instead of the 64-bit one on 64-bit systems.
62 for (j = 0; j < sizeof(buf) - 1; j++) {
63 if (buf[j] == 0 && buf[j+1] == 0) {
68 if (!TEST_int_eq(generated, sizeof(buf)))
70 if (!TEST_false(!memcmp(prior, buf, sizeof(buf))))
73 /* Verify that the last 7 bytes of buf aren't all the same value */
74 unsigned char *tail = &buf[sizeof(buf) - sizeof(check)];
75 memset(check, tail[0], 7);
76 if (!TEST_false(!memcmp(check, tail, sizeof(check))))
79 /* Save the result and make sure it's different next time */
80 memcpy(prior, buf, sizeof(buf));
83 if (!TEST_int_le(zero_words, max_zero_words))
86 if (!TEST_int_ge(failures, min_failures))
96 static int sanity_check_rdrand_bytes(void)
98 return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes, 1000, 0, 10, 10);
101 static int sanity_check_rdseed_bytes(void)
104 * RDSEED may take many retries to succeed; note that this is effectively
105 * multiplied by the 8x retry loop in asm, and failure probabilities are
106 * increased by the fact that we need either 4 or 8 samples depending on
109 return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes, 1000, 1, 10000, 10);
112 static int sanity_check_rndr_bytes(void)
114 return sanity_check_bytes(OPENSSL_rndr_bytes, 1000, 0, 10, 10);
117 static int sanity_check_rndrrs_bytes(void)
119 return sanity_check_bytes(OPENSSL_rndrrs_bytes, 1000, 0, 10000, 10);
123 int setup_tests(void)
125 #if (IS_X_86 || IS_AARCH_64)
126 OPENSSL_cpuid_setup();
129 int have_rdseed = (OPENSSL_ia32cap_P[2] & (1 << 18)) != 0;
130 int have_rdrand = (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0;
133 ADD_TEST(sanity_check_rdrand_bytes);
137 ADD_TEST(sanity_check_rdseed_bytes);
140 int have_rndr_rndrrs = (OPENSSL_armcap_P & (1 << 8)) != 0;
142 if (have_rndr_rndrrs) {
143 ADD_TEST(sanity_check_rndr_bytes);
144 ADD_TEST(sanity_check_rndrrs_bytes);