Handle RDRAND failures.

I mistakenly believed that only RDSEED could fail. However, the Intel
manuals state that RDRAND can fail too.

This change cherry-picks the following BoringSSL changes:

2cac3506 – Handle RDRAND failures.
248abbd7 – Add missing comma in .type pragma for rdrand code.

Change-Id: Icdc56a50ce36e9c525063583882c676a5312d313

1 files changed, 49 insertions, 1 deletions

diff --git a/win-x86_64/crypto/rand/rdrand-x86_64.asm b/win-x86_64/crypto/rand/rdrand-x86_64.asm
index a63ea69..4c03791 100644
--- a/win-x86_64/crypto/rand/rdrand-x86_64.asm
+++ b/win-x86_64/crypto/rand/rdrand-x86_64.asm
@@ -5,6 +5,9 @@ default	rel
 section	.text code align=64
 
 
+
+
+
 global	CRYPTO_rdrand
 
 ALIGN	16
@@ -16,7 +19,52 @@ $L$SEH_begin_CRYPTO_rdrand:
 	mov	rdi,rcx
 
 
-DB	0x48,0x0f,0xc7,0xf0
+	xor	rax,rax
+
+
+DB	0x48,0x0f,0xc7,0xf1
+
+	adc	rax,rax
+	mov	QWORD[rdi],rcx
+	mov	rdi,QWORD[8+rsp]	;WIN64 epilogue
+	mov	rsi,QWORD[16+rsp]
+	DB	0F3h,0C3h		;repret
+
+
+
+
+
+global	CRYPTO_rdrand_multiple8_buf
+
+ALIGN	16
+CRYPTO_rdrand_multiple8_buf:
+	mov	QWORD[8+rsp],rdi	;WIN64 prologue
+	mov	QWORD[16+rsp],rsi
+	mov	rax,rsp
+$L$SEH_begin_CRYPTO_rdrand_multiple8_buf:
+	mov	rdi,rcx
+	mov	rsi,rdx
+
+
+	test	rsi,rsi
+	jz	NEAR $L$out
+	mov	rdx,8
+$L$loop:
+
+
+DB	0x48,0x0f,0xc7,0xf1
+	jnc	NEAR $L$err
+	mov	QWORD[rdi],rcx
+	add	rdi,rdx
+	sub	rsi,rdx
+	jnz	NEAR $L$loop
+$L$out:
+	mov	rax,1
+	mov	rdi,QWORD[8+rsp]	;WIN64 epilogue
+	mov	rsi,QWORD[16+rsp]
+	DB	0F3h,0C3h		;repret
+$L$err:
+	xor	rax,rax
 	mov	rdi,QWORD[8+rsp]	;WIN64 epilogue
 	mov	rsi,QWORD[16+rsp]
 	DB	0F3h,0C3h		;repret