Users, An update here: See that we have OPENSSL_RAND_SEED_OS defined on our VxWorks based system. Would it be a trusted entropy source ? The default for VxWorks seems to be OPENSSL_RAND_SEED_NONE.
Thanks, Prithvi From: Prithvi Raj R (Nokia) Sent: Tuesday, April 30, 2024 12:47 AM To: openssl-users@openssl.org Subject: Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source Hi Users, A beginner on cryptography and Open SSL here. First query - On our VxWorks 5.4.2 based system with Open SSL 1.1.1, I would like to know what entropy source would be used by RAND_priv_bytes() to generate random numbers. Does Vxworks not use an OS based entropy source ? I see so in the openssl link: https://mta.openssl.org/pipermail/openssl-users/2020-March/012087.html. In our implementation, we have the OPENSSL_RAND_SEED_NONE macro definition commented in the opensslconf.h file. What would be the default entropy source then if OS based sources are not used ? Which Open SSL config file/compile parameter can help me zero in on the correct entropy source being used ? Wanted to know if the source is a trusted one or not. See that rand_drbg_get_entropy is being used (no parent drbg ;_rand_pool_acquire_entropy is used with entropy factor 2 being set) and entropy available is greater than 0. Second query - Please confirm if the following are valid: 1. Understand the Entropy size by default is 256 bits. 2. Understand that RAND_priv_bytes() is cryptographically secure (depends on the entropy source again ?) Thanks, Prithvi