Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source

[Prithvi Raj R (Nokia)]

Users,

An update here: See that we have OPENSSL_RAND_SEED_OS  defined on our VxWorks based system. Would it be a trusted entropy source ? The default for VxWorks seems to be OPENSSL_RAND_SEED_NONE.

Thanks,
Prithvi
From: Prithvi Raj R (Nokia)
Sent: Tuesday, April 30, 2024 12:47 AM
To: openssl-users at openssl.org
Subject: Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source

Hi Users,

A beginner on cryptography and Open SSL here.

First query - On our VxWorks 5.4.2 based system with Open SSL 1.1.1, I would like to know what entropy source would be used by RAND_priv_bytes() to generate random numbers. Does Vxworks not use an OS based entropy source ?  I see so in the openssl link: https://mta.openssl.org/pipermail/openssl-users/2020-March/012087.html.
In our implementation, we have the OPENSSL_RAND_SEED_NONE macro definition commented in the opensslconf.h file. What would be the default entropy source then if OS based sources are not used ? Which Open SSL config file/compile parameter can help me zero in on the correct entropy source being used ?  Wanted to know if the source is a trusted one or not. See that rand_drbg_get_entropy is being used (no parent drbg ;_rand_pool_acquire_entropy is used with entropy factor 2 being set) and entropy available is greater than 0.

Second query - Please confirm if the following are valid:

  1.  Understand the Entropy size by default is 256 bits.
  2.  Understand that RAND_priv_bytes() is cryptographically secure (depends on the entropy source again ?)

Thanks,
Prithvi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240430/22c6c765/attachment.htm>