A Random Number Generation Engine for OpenSSL making use of the Arm instruction RNDR.
- CMake
- OpenSSL Development files (ie openssl-devel/libssl-dev)
- The development files' versions must match the version of OpenSSL which will run the engine.
- C compiler
- OpenSSL
- Perl
- Target Host of Arm 64 CPU
- OpenSSL
- Host running on Arm 64 CPU which has access to RNDR and RNDRRS instructions
Run once:
mkdir build
cd build
cmake ../
make
make install
cmake ../
Run cmake --help
for details regarding configuration options.
Some useful configuration options are:
-DCMAKE_INSTALL_PREFIX=DIR install library to specified directory prefix
-DCMAKE_INSTALL_LIBDIR=DIR install library to specified directory
-DOPENSSL_ROOT_DIR=DIR set destination for OpenSSL root directory
-DCMAKE_C_FLAGS=FLAGS set additional CFLAGS for compilation
Installing to a non-default engine location
Engine libraries (eng_rndr.so
) are installed by default to
${CMAKE_INSTALL_LIBDIR}
where ${CMAKE_INSTALL_LIBDIR}
usually refers to
/usr/local/lib/
. This location can be overwritten in the
configurations using -DCMAKE_INSTALL_PREFIX=DIR
.
i.e. To install the engine library to /usr/lib/aarch64-linux-gnu/engines-1.1/
cmake -DCMAKE_INSTALL_PREFIX=/usr/lib/aarch64-linux-gnu/engines-1.1/ ../
Verify that random number generation functions for the engine work.
make test ARGS="-V"
The output will generate test run messages.
Loading test...
Running 'sanity_check_rndr_bytes'...
Test succeeded
Running 'sanity_check_rndrrs_bytes'...
Test succeeded
Test the engine built successfully and can be installed
openssl engine -t -c src/.libs/libeng_rndr.so
This will generate the engines details and availability.
(eng_rndr) Arm RNDR engine
Loaded: (rndr) Arm RNDR engine
[RAND]
[ available ]
Test random number generating using the engine.
openssl rand -engine build/libeng_rndr.so -hex 10
This will display the randomly generated 10 hex numbers.
engine "rndr" set.
01c1269d93d9f01ebff4
Installation may require root privileges. To install, run:
make install
Environment Variable
Set export OPENSSL_ENGINES=INSTALLATION_DIR
environment variable in shell
startup files. This will allow openssl to find the RNDR engine.
If using OpenSSL 1.0.2, the engine will be called eng_rndr
. If using OpenSSL
1.1.1 or above the engine will be called libeng_rndr
.
Verify installation works
openssl engine -t -c libeng_rndr
...
(rndr) Arm RNDR engine
[RAND]
[ available ]
Dynamic Engine Installation
After installing update openssl.cnf
to contain the following.
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
eng_rndr = eng_rndr_section
[eng_rndr_section]
engine_id = libeng_rndr
dynamic_path = <PATH TO INSTALLED libeng_rndr.so>
init = 0
Verify installation works
openssl engine -t -c
...
(rndr) Arm RNDR engine
[RAND]
[ available ]
See CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.