[openssl-users] force to use /dev/random for openssl fips module
xxiao8
xxiao8 at fosiao.com
Wed Dec 9 04:25:42 UTC 2015
I don't know how critical is the DEVRANDOM for openssl-fips, in e_os.h I
saw this:
----
#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
----
we have a hardware RNG that is feeding /dev/random via:
----
/sbin/rngd -r /dev/hwrng -W 4000
----
so the /dev/random will never block, I thus change e_os.h to force usage
of /dev/random(per our fips code reviewer's request, who thinks I need
change that for fips):
----
#define DEVRANDOM "/dev/random"
----
this looks fine, however I don't know if it's really the right thing to
do, after this change my system starts to have issues(silent reboot),
changing this line back everything runs normally.
any help is appreciated.
xxiao
More information about the openssl-users
mailing list