RAND_bytes() returns zero in pre-boot environment

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

RAND_bytes() returns zero in pre-boot environment

baban devkate
Hello,

RAND_bytes() will use the proper OS-provided RNG e.g. /dev/urandom or /dev/randomon Linux and CryptGenRandom() on Windows.

I want to know how it works in Pre-boot environement?

In pre-boot environment, if RAND_bytes() returns zero then what does it mean?

Is it because PRNG is not properly seeded? If yes, how to resolve it?


~Baban
Reply | Threaded
Open this post in threaded view
|

Re: RAND_bytes() returns zero in pre-boot environment

baban devkate

  FYI -

RAND_bytes(buf, bytes) receives  correct parameters as bytes=256 for SHA256.

 
int RAND_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->bytes)
{
Print(L"   control is here\n");/////<---controll is here
return meth->bytes(buf,num);
}
Print(L"   RAND_bytes fails\n");

return(-1);
}


On Tue, Aug 13, 2013 at 3:35 PM, baban devkate <[hidden email]> wrote:
Hello,

RAND_bytes() will use the proper OS-provided RNG e.g. /dev/urandom or /dev/randomon Linux and CryptGenRandom() on Windows.

I want to know how it works in Pre-boot environement?

In pre-boot environment, if RAND_bytes() returns zero then what does it mean?

Is it because PRNG is not properly seeded? If yes, how to resolve it?


~Baban

Reply | Threaded
Open this post in threaded view
|

Re: RAND_bytes() returns zero in pre-boot environment

baban devkate

Issue is fixed.

FYI-
As I am working on pre-boot, no OS is present. Which was resulting in no seeding.
RAND_seed() has been called before using RAND_bytes().

Here is the code snippet.
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
RAND_seed(rnd_seed, sizeof rnd_seed); 


On Tue, Aug 13, 2013 at 6:16 PM, baban devkate <[hidden email]> wrote:

  FYI -

RAND_bytes(buf, bytes) receives  correct parameters as bytes=256 for SHA256.

 
int RAND_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->bytes)
{
Print(L"   control is here\n");/////<---controll is here
return meth->bytes(buf,num);
}
Print(L"   RAND_bytes fails\n");

return(-1);
}


On Tue, Aug 13, 2013 at 3:35 PM, baban devkate <[hidden email]> wrote:
Hello,

RAND_bytes() will use the proper OS-provided RNG e.g. /dev/urandom or /dev/randomon Linux and CryptGenRandom() on Windows.

I want to know how it works in Pre-boot environement?

In pre-boot environment, if RAND_bytes() returns zero then what does it mean?

Is it because PRNG is not properly seeded? If yes, how to resolve it?


~Baban


Reply | Threaded
Open this post in threaded view
|

Re: RAND_bytes() returns zero in pre-boot environment

Chris Gray-4
> Issue is fixed.

So long as it's OK to generate the same "random" bytes at each power-on.

This is quite a common problem with embedded devices: even after boot it
can be hard to find entropy with which to seed the PRNG.  The "usual"
sources which are used in a PC environment (keystrokes, ethernet activity,
...) are often absent.

The best solution is always hardware. If you wire up a digital i/o in such
a way that reading it produces an unpredictable series of 0's and 1's[1]
then at least you have some genuine entropy to work with.  It doesn't have
to be ERNIE[2] to be better than nothing.

[1] Exactly how to do this is off-topic for this list. Quaerendo invenietis.
[2] For non-Brits: <http://en.wikipedia.org/wiki/Premium_Bond#ERNIE>.

> FYI-
> As I am working on pre-boot, no OS is present. Which was resulting in no
> seeding.
> RAND_seed() has been called before using RAND_bytes().
>
> Here is the code snippet.
> static const char rnd_seed[] = "string to make the random number generator
> think it has entropy";
>  RAND_seed(rnd_seed, sizeof rnd_seed);
>
>
> On Tue, Aug 13, 2013 at 6:16 PM, baban devkate <[hidden email]> wrote:
>
>>
>>   FYI -
>>
>> RAND_bytes(buf, bytes) receives  correct parameters as bytes=256 for
>> SHA256.
>>
>>
>> int RAND_bytes(unsigned char *buf, int num)
>> {
>> const RAND_METHOD *meth = RAND_get_rand_method();
>>  if (meth && meth->bytes)
>> {
>> Print(L"   control is here\n");/////<---controll is here
>>  return meth->bytes(buf,num);
>> }
>> Print(L"   RAND_bytes fails\n");
>>
>> return(-1);
>> }
>>
>>
>> On Tue, Aug 13, 2013 at 3:35 PM, baban devkate <[hidden email]>
>> wrote:
>>
>>> Hello,
>>>
>>> RAND_bytes() will use the proper OS-provided RNG e.g. /dev/urandom or
>>> /dev/randomon Linux and CryptGenRandom() on Windows.
>>>
>>> I want to know how it works in Pre-boot environement?
>>>
>>> In pre-boot environment, if RAND_bytes() returns zero then what does it
>>> mean?
>>>
>>> Is it because PRNG is not properly seeded? If yes, how to resolve it?
>>>
>>>
>>> ~Baban
>>>
>>
>>
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]