[openssl-users] Openssl FIPS uses /dev/urandom by default?
xxiao8
xxiao8 at fosiao.com
Thu Nov 12 16:08:27 UTC 2015
in e_os.h I saw
======
#ifndef DEVRANDOM
/* set this to a comma-separated list of 'random' device files to try out.
* My default, we will try to read at least one of these files */
#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
# endif
======
this basically sets /dev/urandom as the default which really is not
FIPS-friendly, is there a way to override this during compilation to set
the default to /dev/random instead? I'm not supposed to modify the
source code as it will invalidate openssl-FIPS certificate.
Thanks,
xxiao
More information about the openssl-users
mailing list