[cryptography] RDRAND not really random with Oracle Studio 12.3 + patches

David Johnston dj at deadhat.com
Mon Jun 13 00:16:22 EDT 2016


On 6/10/2016 4:50 PM, Jeffrey Walton wrote:
> Ouch... just came across this...
> https://community.oracle.com/thread/2565486?start=0&tstart=0
>
> I did not think it was possible to foul the hardware generated random
> numbers (sans an occasional underflow).
>
> Jeff
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

While the code doesn't follow the SDG guidelines (I.E. it doesn't check 
for the return status and it doesn't check for the instruction support) 
it should work because RdRand doesn't underflow in any of our chips. Is 
this running in a VM or on bare metal? A VM intercept could cause it to 
happen. Also if you did get an underflow the resulting value passed to 
the pointed to location would be 0.

I tried compiling that code on an Ivy Bridge machine running Linux, but 
it failed to compile..

 >gcc rdrand.c -o rdrand
rdrand.c:1:29: fatal error: sys/immintrin.h: No such file or directory
compilation terminated.

So I pointed the header to the right place and spend an eternity finding 
I needed the -mrdrnd target to make the intrinsic happy.

#include <sys/immintrin.h>  --> #include <immintrin.h>

 >gcc -mrdrnd rdrand.c -o rdrand

and of course it worked.. (also check out this fine example of Benford's 
law resulting from the base change to decimal)

 >./rdrand
  47548    1558559191     2755117154251474975
  50537    3898659232     2936332874890231466
  40031    1552195508    10170037297392088344
   5444    1986582987    12501565610254954363
  51634    1349842509    17357073879924565963
  59068    1088061637     3243797942283965136
  25115    1206811090    13419374814453446609
   5749    1685023546    13986067242084897708
  36940    1839303180    17932264519825487916
  20741    1220949897     4022801322442653892

So it must be some sort of compiler bug or VM problem.

We work with many vendors to make sure the RdRand and RdSeed support is 
done correctly and securely. So I'd like to make sure this is resolved.

DJ





More information about the cryptography mailing list