wolfcrypt/src/random.c: add sanity check in wc_GenerateSeed_IntelRD() to work around buggy RDSEED by disabling it if it generates three identical 64 bit words consecutively;

douzzer · douzzer · commit b91272c9a5cf · 2026-01-20T15:24:43.000-06:00
wolfssl/wolfcrypt/settings.h: if DEBUG_WOLFSSL &amp;&amp; !WC_NO_VERBOSE_RNG, set WC_VERBOSE_RNG, and add WOLFSSL_NO_DEBUG_CERTS to allow inhibition of WOLFSSL_DEBUG_CERTS.
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
@@ -802,6 +802,7 @@ WOLFSSL_NO_COPY_KEY
 WOLFSSL_NO_CRL_DATE_CHECK
 WOLFSSL_NO_CRL_NEXT_DATE
 WOLFSSL_NO_CT_MAX_MIN
+WOLFSSL_NO_DEBUG_CERTS
 WOLFSSL_NO_DECODE_EXTRA
 WOLFSSL_NO_DER_TO_PEM
 WOLFSSL_NO_DH186
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
@@ -1935,12 +1935,46 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
 {
     int ret;
     word64 rndTmp;
+    static int rdseed_sanity_status = 0;
 
     (void)os;
 
     if (!IS_INTEL_RDSEED(intel_flags))
         return -1;
 
+    if (rdseed_sanity_status == 0) {
+        static word64 sanity_words[2] = {0, 0};
+
+        ret = IntelRDseed64_r(&sanity_words[0]);
+        if (ret != 0)
+            return ret;
+
+        ret = IntelRDseed64_r(&sanity_words[1]);
+        if (ret != 0)
+            return ret;
+
+        if (sanity_words[0] == sanity_words[1]) {
+            ret = IntelRDseed64_r(&sanity_words[0]);
+            if (ret != 0)
+                return ret;
+
+            if (sanity_words[0] == sanity_words[1]) {
+                rdseed_sanity_status = -1;
+#ifdef WC_VERBOSE_RNG
+                WOLFSSL_DEBUG_PRINTF(
+                    "WARNING: RDSEED disabled due to repeating word 0x%lx -- "
+                    "check CPU microcode version.", sanity_words[1]);
+#endif
+                return -1;
+            }
+        }
+
+        rdseed_sanity_status = 1;
+    }
+    else if (rdseed_sanity_status < 0) {
+        return -1;
+    }
+
     for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
                                                     output += sizeof(word64)) {
         ret = IntelRDseed64_r((word64*)output);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -369,12 +369,22 @@
     #warning "No configuration for wolfSSL detected, check header order"
 #endif
 
-/* Ensure WOLFSSL_DEBUG_CERTS is always set when DEBUG_WOLFSSL is enabled */
-#ifdef DEBUG_WOLFSSL
-    #undef  WOLFSSL_DEBUG_CERTS
+/* Ensure WOLFSSL_DEBUG_CERTS is set when DEBUG_WOLFSSL is enabled, unless
+ * expressly requested otherwise.
+ */
+#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_NO_DEBUG_CERTS) && \
+    !defined(WOLFSSL_DEBUG_CERTS)
     #define WOLFSSL_DEBUG_CERTS
 #endif
 
+/* Ensure WC_VERBOSE_RNG is set when DEBUG_WOLFSSL is enabled, unless expressly
+ * requested otherwise.
+ */
+#if defined(DEBUG_WOLFSSL) && !defined(WC_NO_VERBOSE_RNG) && \
+    !defined(WC_VERBOSE_RNG)
+    #define WC_VERBOSE_RNG
+#endif
+
 #include <wolfssl/wolfcrypt/visibility.h>
 
 /*------------------------------------------------------------*/
