PRNG not available when multiple providers are configured?
Thomas Dwyer III
tomiii at tomiii.com
Tue Nov 3 00:55:00 UTC 2020
I'm having trouble getting RAND_status() to return 1 when my openssl.cnf
has both the default provider and the fips provider configured at the same
time:
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
fips = fips_sect
[default_sect]
activate = 1
.include /conf/openssl/fips.cnf
If I remove either default or fips from [provider_sect] then RAND_status()
returns 1. If I leave them both specified there, RAND_status() always
returns 0. Is this the expected behavior or am I doing something wrong? I
understand that I must specify properties when fetching algorithms in order
to get deterministic behavior with multiple providers loaded. Is there an
analogous API for the PRNG that I'm overlooking?
Interestingly, setting activate=0 for either provider is not sufficient to
work around this issue.
Thanks,
Tom.III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201102/0f650174/attachment.html>
More information about the openssl-users
mailing list