Enable RDRAND for all x86_64 except known prohibitively slow CPU models

[torben-hansen]

Description of changes:

Remove the need to have a "fast" rdrand. Instead flip the model to exclude known prohibitively slow rdrand implementations. In particular, this includes the AMD Zen1 and Zen2 generation microarchitectures. See q/VxC3AiwXpAjJ for some data on that.

This change is made to increase the usage of prediction resistance.

Testing:

To test the new family detection, I patched like this:

$ git diff
diff --git a/crypto/fipsmodule/cpucap/cpu_intel.c b/crypto/fipsmodule/cpucap/cpu_intel.c
index 8504ec3c4..96bdb6199 100644
--- a/crypto/fipsmodule/cpucap/cpu_intel.c
+++ b/crypto/fipsmodule/cpucap/cpu_intel.c
@@ -242,7 +242,10 @@ void OPENSSL_cpuid_setup(void) {
     }
 
     if (amd_rdrand_maybe_apply_restrictions(family, model) != 0) {
+      printf("amd_rdrand_maybe_apply_restrictions() returned 1\n");
       ecx &= ~(1u << 30);
+    } else {
+      printf("amd_rdrand_maybe_apply_restrictions() returned 0\n");
     }
   }

and ran the code on both a c5a and c6a instance. The former is Zen2 based, the latter is Zen3 based.

c5a:

$ ./tool/bssl version
amd_rdrand_maybe_apply_restrictions() returned 1

c6a:

$ ./tool/bssl version
amd_rdrand_maybe_apply_restrictions() returned 0

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 80.00000% with 2 lines in your changes missing coverage. Please review.

Project coverage is 78.73%. Comparing base (2637eda) to head (a8bb430).

Files with missing lines	Patch %	Lines
crypto/fipsmodule/cpucap/cpu_intel.c	71.42%	2 Missing ⚠️

Additional details and impacted files

@@                    Coverage Diff                    @@
##           randomness_generation    #2135      +/-   ##
=========================================================
+ Coverage                  78.71%   78.73%   +0.01%     
=========================================================
  Files                        608      608              
  Lines                     102793   102800       +7     
  Branches                   14586    14586              
=========================================================
+ Hits                       80917    80939      +22     
+ Misses                     21167    21146      -21     
- Partials                     709      715       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[justsmth]

We should just remove kHaveFastRdrand.

[torben-hansen]

Ahh correct. Will do when re-writing the tests.