[openssl-users] RDRAND and engine (was: how to generate EC public key from EC private key)

Jeffrey Walton noloader at gmail.com
Wed Mar 23 00:11:07 UTC 2016

On Tue, Mar 22, 2016 at 6:54 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> Now one small question: how do I ensure that ‎RAND_engine (and therefore Intel RDRAND output) is being used for the key generation in
>>    EVP_PKEY_keygen(ctx, &newkey);
>> Is just loading RAND_engine enough for that?‎
> To verify it, I think you need to inspect the default RAND method. Its
> going to look something like:
>   RAND_METHOD* rm = RAND_get_rand_method();
>   if(rm == RAND_SSLeay())
>   {
>       printf("Using default generator\n");
>   }
> Also see https://wiki.openssl.org/index.php/Random_Numbers#Generators.
> RDRAND is discussed there, too. But I don't recall how much detail is
> provided.

Ah, its right there. I should have checked earlier

To ensure RAND_bytes uses the [RDRAND] hardware engine, you must
perform three steps:

   * load the rdrand engine
   * acquire a handle to the engine
   * set the default RAND_method to the engine

It also provides the sample code.


More information about the openssl-users mailing list