From 8ba42323860a3978efa72bf0ef071b32407503e0 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Sun, 29 Nov 2015 14:43:12 -0500 Subject: [PATCH] Changed retry count for RDRAND and RDSEED. RDSEED appears to fail to fulfill requests at about 6 to 8 times the rate of RDRAND. --- rdrand.cpp | 26 ++++++++++++++++++++++---- rdrand.h | 17 +++++++++++------ 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/rdrand.cpp b/rdrand.cpp index b14359fa..1fd6f94c 100644 --- a/rdrand.cpp +++ b/rdrand.cpp @@ -17,8 +17,8 @@ // indirectly uses CRYPTOPP_BOOL_{X86|X32|X64} (via CRYPTOPP_CPUID_AVAILABLE) // to select an implementation or "throw NotImplemented". At runtime, the // class uses the result of CPUID to determine if RDRAND or RDSEED are -// available. A lazy throw strategy is used in case the CPU does not support -// the instruction. I.e., the throw is deferred until GenerateBlock is called. +// available. If not available, a lazy throw strategy is used. I.e., the +// throw is deferred until GenerateBlock() is called. // Here's the naming convention for the functions.... // MSC = Microsoft Compiler (and compatibles) @@ -196,7 +196,10 @@ static int ALL_RRI_GenerateBlock(byte *output, size_t size, unsigned int safety) else { if (!safety--) + { + assert(0); return 0; + } } } @@ -214,7 +217,10 @@ static int ALL_RRI_GenerateBlock(byte *output, size_t size, unsigned int safety) else { if (!safety--) + { + assert(0); return 0; + } } } @@ -275,7 +281,10 @@ static int GCC_RRA_GenerateBlock(byte *output, size_t size, unsigned int safety) else { if (!safety--) - break; + { + assert(0); + return 0; + } } } @@ -368,7 +377,10 @@ static int ALL_RSI_GenerateBlock(byte *output, size_t size, unsigned int safety) else { if (!safety--) + { + assert(0); return 0; + } } } @@ -386,7 +398,10 @@ static int ALL_RSI_GenerateBlock(byte *output, size_t size, unsigned int safety) else { if (!safety--) + { + assert(0); return 0; + } } } @@ -447,7 +462,10 @@ static int GCC_RSA_GenerateBlock(byte *output, size_t size, unsigned int safety) else { if (!safety--) - break; + { + assert(0); + return 0; + } } } diff --git a/rdrand.h b/rdrand.h index fc2b77b7..6f4901be 100644 --- a/rdrand.h +++ b/rdrand.h @@ -1,8 +1,7 @@ // rdrand.h - written and placed in public domain by Jeffrey Walton and Uri Blumenthal. // Copyright assigned to Crypto++ project. -//! \file -//! \headerfile rdrand.h +//! \file rdrand.h //! \brief Classes for RDRAND and RDSEED #ifndef CRYPTOPP_RDRAND_H @@ -15,8 +14,8 @@ // indirectly uses CRYPTOPP_BOOL_{X86|X32|X64} (via CRYPTOPP_CPUID_AVAILABLE) // to select an implementation or "throw NotImplemented". At runtime, the // class uses the result of CPUID to determine if RDRAND or RDSEED are -// available. A lazy throw strategy is used in case the CPU does not support -// the instruction. I.e., the throw is deferred until GenerateBlock() is called. +// available. If not available, a lazy throw strategy is used. I.e., the +// throw is deferred until GenerateBlock() is called. // Microsoft added RDRAND in August 2012, VS2012. GCC added RDRAND in December 2010, GCC 4.6. // Clang added RDRAND in July 2012, Clang 3.2. Intel added RDRAND in September 2011, ICC 12.1. @@ -43,7 +42,10 @@ public: //! \param retries the number of retries for failed calls to the hardware //! \details RDRAND() constructs a generator with a maximum number of retires //! for failed generation attempts. - RDRAND(unsigned int retries = 8) : m_retries(retries) {} + //! \details Empirical testing under a 6th generaton i7 (6200U) shows RDSEED fails + //! to fulfill requests at about 6 to 8 times the rate of RDRAND. The default + //! retries reflects the difference. + RDRAND(unsigned int retries = 12) : m_retries(retries) {} virtual ~RDRAND() {} @@ -122,7 +124,10 @@ public: //! \param retries the number of retries for failed calls to the hardware //! \details RDSEED() constructs a generator with a maximum number of retires //! for failed generation attempts. - RDSEED(unsigned int retries = 8) : m_retries(retries) {} + //! \details Empirical testing under a 6th generaton i7 (6200U) shows RDSEED fails + //! to fulfill requests at about 6 to 8 times the rate of RDRAND. The default + //! retries reflects the difference. + RDSEED(unsigned int retries = 64) : m_retries(retries) {} virtual ~RDSEED() {}