librandombytes
Intro
Download
Install
API
Security

Prerequisites: python3; gcc and/or clang; OpenSSL. Currently tested only under Linux, but porting to other systems shouldn't be difficult.

For sysadmins

To install in /usr/local/{include,lib,bin}:

    ./configure && make -j8 install

If you're running an old Linux system and see that the cpucycles-info output says randombytes source kernel-devurandom (this will happen on Linux kernels before 3.17), add the lines

    dd count=1 bs=64 if=/dev/random of=/dev/urandom status=none \
    && findmnt -t tmpfs -T /var/run >/dev/null \
    && touch /var/run/urandom-ready &

to your boot scripts to improve librandombytes startup time. On new Linux systems, cpucycles-info should instead say kernel-getrandom and startup time should be fine in any case, unaffected by these lines.

If you're running a Linux virtual machine (old or new) and see startup delays, you probably need the host to provide virtio-rng.

For developers with an unprivileged account

Typically you'll already have

    export LD_LIBRARY_PATH="$HOME/lib"
    export LIBRARY_PATH="$HOME/lib"
    export CPATH="$HOME/include"
    export PATH="$HOME/bin:$PATH"

in $HOME/.profile. To install in $HOME/{include,lib,bin}:

    ./configure --prefix=$HOME && make -j8 install

For distributors creating a package

Run

    ./configure --prefix=/usr && make -j8

and then follow your usual packaging procedures for the build/0/package files:

    build/0/package/man/man3/randombytes.3
    build/0/package/include/randombytes.h
    build/0/package/lib/librandombytes*
    build/0/package/bin/randombytes-info

Note that librandombytes-kernel and librandombytes-openssl are alternative implementations of the same librandombytes API. There are default symlinks to librandombytes-kernel, but you should allow the sysadmin to change these symlinks to librandombytes-openssl by simply installing a librandombytes-openssl package. The OpenSSL dependency is for librandombytes-openssl; the rest of librandombytes is independent of OpenSSL.

More options

You can run

    ./configure --host=amd64

to override ./configure's guess of the architecture that it should compile for. However, cross-compilers aren't yet selected automatically.

Inside the build directory, 0 is symlinked to amd64 for --host=amd64. Running make clean removes build/amd64. Re-running ./configure automatically starts with make clean.

A subsequent ./configure --host=arm64 will create build/arm64 and symlink 0 -> arm64, without touching an existing build/amd64.

Compilers tried are listed in compilers/default. Each compiler includes -fPIC to create a shared library, -fvisibility=hidden to hide non-public symbols in the library, and -fwrapv to switch to a slightly less dangerous version of C. The first compiler that seems to work is used to compile everything.

Version: This is version 2023.01.26 of the "Install" web page.