A microprocessor that includes a random number generator (RNG) and an instruction for storing random data bytes generated by the generator. The RNG includes multiple buffers for buffering the random bytes and counters associated with each buffer for keeping a count of the number of bytes in each buffer. The instruction specifies a destination for the bytes to be stored to. In one embodiment, the number of bytes written to memory is variable and is the number of bytes available when the instruction is executed; in another, the instruction specifies the number. If variable, the instruction atomically stores a count specifying the number of valid bytes actually stored. In one embodiment the destination is a location in system memory. The count may be stored to memory with the bytes; or the count may be stored to a user-visible register. An x86 REP prefix may be used.

A microprocessor that includes a random number generator (RNG) that saves and restores its own state on a task switch without operating system (OS) support. The RNG includes a control and status register (CSR) for storing control values that affect the generation of random numbers. The CSR is not saved and restored by the OS. The RNG shadows the CSR with an SSE register that is saved and restored by the OS. A new instruction loads the CSR, and also loads the shadowed SSE register. Whenever the SSE register is restored from memory, the RNG sets a flag indicating that a possible task switch occurred. Whenever the processor executes a new instruction that stores the random data to memory, it checks the flag and copies the control values from the SSE register to the CSR if the flag is true, discards previously generated bytes, and restarts random number generation.

A microprocessor including a random number generator (RNG) that performs a self-test on reset and selectively enables/disables itself based on the self-test results is disclosed. The RNG includes a self-test unit that performs the self-test to determine whether the RNG is functioning properly in response to either a power-up or warm reset. If the self-test fails, the microprocessor disables the RNG. Disabling the RNG may include returning extended function information indicating the RNG is not present in response to execution of a CPUID instruction. Disabling the RNG may include generating a general protection fault in response to execution of a RDMSR or WRMSR instruction specifying an MSR associated with the RNG. Disabling the RNG may include generating an invalid opcode fault in response to execution of an instruction that attempts to obtain random numbers from the RNG. In one embodiment, the self-test is specified by FIPS 140-2.

A microprocessor with multiple random bit generators is disclosed. The multiple random bit generators each generate a stream of random bits. One of the streams of random bits is selected to be used to accumulate into random bytes for provision to application programs. Which of the multiple random bit generator random bit streams is selected is determined by a selection value stored in a control register of the microprocessor. The selection value is programmable by an instruction executed by the microprocessor.

An apparatus and method for reducing sequential bit correlation in a random number generator. The method includes generating a stream of random bits and selecting every Nth bit from the stream for accumulation and delivery to the requesting software application rather than delivering all the bits in the stream, where N is a programmable value. In one embodiment, the apparatus for carrying out the method includes a microprocessor that includes elements such as an arithmetic and logic unit, store unit, branching circuitry, and registers that execute instructions specified in microcode stored in a microcode memory. In another embodiment, the apparatus includes a plurality of multiplexers that select every Nth bit. In one embodiment, N is specified as an input parameter to a microprocessor instruction that stores the random bits selected.