Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source
Prithvi Raj R (Nokia)
prithvi.raj_r at nokia.com
Tue Apr 30 13:06:52 UTC 2024
Users,
An update here: See that we have OPENSSL_RAND_SEED_OS defined on our VxWorks based system. Would it be a trusted entropy source ? The default for VxWorks seems to be OPENSSL_RAND_SEED_NONE.
Thanks,
Prithvi
From: Prithvi Raj R (Nokia)
Sent: Tuesday, April 30, 2024 12:47 AM
To: openssl-users at openssl.org
Subject: Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source
Hi Users,
A beginner on cryptography and Open SSL here.
First query - On our VxWorks 5.4.2 based system with Open SSL 1.1.1, I would like to know what entropy source would be used by RAND_priv_bytes() to generate random numbers. Does Vxworks not use an OS based entropy source ? I see so in the openssl link: https://mta.openssl.org/pipermail/openssl-users/2020-March/012087.html.
In our implementation, we have the OPENSSL_RAND_SEED_NONE macro definition commented in the opensslconf.h file. What would be the default entropy source then if OS based sources are not used ? Which Open SSL config file/compile parameter can help me zero in on the correct entropy source being used ? Wanted to know if the source is a trusted one or not. See that rand_drbg_get_entropy is being used (no parent drbg ;_rand_pool_acquire_entropy is used with entropy factor 2 being set) and entropy available is greater than 0.
Second query - Please confirm if the following are valid:
1. Understand the Entropy size by default is 256 bits.
2. Understand that RAND_priv_bytes() is cryptographically secure (depends on the entropy source again ?)
Thanks,
Prithvi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240430/22c6c765/attachment.htm>
More information about the openssl-users
mailing list