Hi All,
OpenSSL 1.0.1e is not loading Intel's hardware random number
generator. ENGINE_load_rdrand() silently fails:
/*** eng_rand.c ***/
void ENGINE_load_rdrand (void)
{
extern unsigned int OPENSSL_ia32cap_P[];
if (OPENSSL_ia32cap_P[1] & (1<<(62-32)))
{
ENGINE *toadd = ENGINE_rdrand();
if(!toadd) return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
}
When I check capabilities:
int rdrand = OPENSSL_ia32cap_P[1] & (1<<(62-32));
if(rdrand)
fprintf(stdout, "rdrand is available\n");
else
fprintf(stderr, "rdrand is not available\n");
I receive a message that rdrand is not available.
OpenSSL Capable 1.0.1e was configured with hardware and engines:
./config fips -no-comp -no-dso -no-sslv2 -no-sslv3
--openssldir=/usr/local/ssl/darwin
--with-fipsdir=/usr/local/ssl/darwin
And the engine appears to be present:
$ nm /usr/local/ssl/darwin/lib/libcrypto.a | egrep -i rdrand | sort -k 3
...
U _ENGINE_load_rdrand
U _OPENSSL_ia32_rdrand
/usr/local/ssl/darwin/lib/libcrypto.a(eng_rdrand.o):
0000000000000000 T _ENGINE_load_rdrand
0000000000000208 S _ENGINE_load_rdrand.eh
0000000000000270 T _OPENSSL_ia32_rdrand
000000000002ace0 T _fips_openssl_ia32_rdrand
00000000000000a0 t _rdrand_init
0000000000000230 s _rdrand_init.eh
0000000000000140 d _rdrand_meth
The failure occurs with and without calling FIPS_mode_set().
Any ideas?
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
