> Issue is fixed. So long as it's OK to generate the same "random" bytes at each power-on.
This is quite a common problem with embedded devices: even after boot it can be hard to find entropy with which to seed the PRNG. The "usual" sources which are used in a PC environment (keystrokes, ethernet activity, ...) are often absent. The best solution is always hardware. If you wire up a digital i/o in such a way that reading it produces an unpredictable series of 0's and 1's[1] then at least you have some genuine entropy to work with. It doesn't have to be ERNIE[2] to be better than nothing. [1] Exactly how to do this is off-topic for this list. Quaerendo invenietis. [2] For non-Brits: <http://en.wikipedia.org/wiki/Premium_Bond#ERNIE>. > FYI- > As I am working on pre-boot, no OS is present. Which was resulting in no > seeding. > RAND_seed() has been called before using RAND_bytes(). > > Here is the code snippet. > static const char rnd_seed[] = "string to make the random number generator > think it has entropy"; > RAND_seed(rnd_seed, sizeof rnd_seed); > > > On Tue, Aug 13, 2013 at 6:16 PM, baban devkate <baban...@gmail.com> wrote: > >> >> FYI - >> >> RAND_bytes(buf, bytes) receives correct parameters as bytes=256 for >> SHA256. >> >> >> int RAND_bytes(unsigned char *buf, int num) >> { >> const RAND_METHOD *meth = RAND_get_rand_method(); >> if (meth && meth->bytes) >> { >> Print(L" control is here\n");/////<---controll is here >> return meth->bytes(buf,num); >> } >> Print(L" RAND_bytes fails\n"); >> >> return(-1); >> } >> >> >> On Tue, Aug 13, 2013 at 3:35 PM, baban devkate <baban...@gmail.com> >> wrote: >> >>> Hello, >>> >>> RAND_bytes() will use the proper OS-provided RNG e.g. /dev/urandom or >>> /dev/randomon Linux and CryptGenRandom() on Windows. >>> >>> I want to know how it works in Pre-boot environement? >>> >>> In pre-boot environment, if RAND_bytes() returns zero then what does it >>> mean? >>> >>> Is it because PRNG is not properly seeded? If yes, how to resolve it? >>> >>> >>> ~Baban >>> >> >> > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
