Hi Graeme,
I've had the same problem. What I did was feed the entropy pool with
anything I could find that was at least a bit 'random'. Yes, almost all
these things are highly dependent on your embedded environment.
So I editted RAND_poll() to add to the pool:
* Hardware Realtime Clock data (if available. you might need to check your
hardware manual and embedded OS Ref manual to see which calls you need to
access the device)
* User & Task info if available. Though this is a VERY dubious source for,
ahem, randomness.
* Values from any hardware registers that are (a little) unpredictable:
free-running counters, A/D converter input registers (finally we have some
use for the 0.5 to 2 bit noise on these inputs ;-) ), digital I/O lines
connected to external devices (switches, etc.).
If this is not enough for you, you might need to continue to seek additional
random input sources:
* time delays on DHCP responses, etc.
* Anything else that may (slightly) differ every time the device has
executed a warm or cold start.
It all depends a bit on what you want. If you wish to offer strong
cryptography, you should spend a significant effort on the 'entropy
collection' task. Or you might want to delegate this to your hardware people
and demand they throw in a white/grey/...-noise generator on the embedded
board, which you than sample in your software (RAND_poll()). (Very basic
solution is taking a ZENER diode, a dumb high-gain amp and a digital I/O
pin, but I digress)
If you wish to offer 'low quality' crypto, you should be fine when you only
use a few randomness sources (such as your hardware RTC).
And you might want to 'store' your entropy pool in a piece of your Flash
(i.e. call RAND_bytes() with a nice buffer (say: 2KByte) and dump that stuff
in Flash for the next time you reboot.) If you do this too, all randomness
collected before RAND_bytes()+write-to-Flash can be added to the data you
collect in RAND_poll() otherwise.
Groetjes/Greetinx,
Ger
----------------------------------------------------------------------------
--
Ger Hobbelt a.k.a. Insh_Allah mailto:[EMAIL PROTECTED]
----------------------------------------------------------------------------
--
Peter Pan can fly when he thinks his Happy Thought.
I want to fly too.
My Happy Thought is... one part Prozac and one part LSD...
Wow! Awesome, dude!
----- Original Message -----
From: "Graeme English" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, 02 March, 2001 15:21
Subject: What to do when there is no /dev/random ??
> I'm porting the library (0.9.6) to an embedded device without a
/dev/random.
>
> I've undefined DEVRANDOM in e_os.h but this only results in the following
> error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
>
> If I hard code some bytes into the RAND_poll function using the RAND_add
things 'work', however I'm sure the security implications are bad (how bad
I'm not sure...any comment?)
>
> Has anyone encountered a similar problem or can anyone offer advice ?
>
> Thanks
>
> Graeme English
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
