[openssl-users] force to use /dev/random for openssl fips module
xxiao8 at fosiao.com
Wed Dec 9 04:25:42 UTC 2015
I don't know how critical is the DEVRANDOM for openssl-fips, in e_os.h I
#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
we have a hardware RNG that is feeding /dev/random via:
/sbin/rngd -r /dev/hwrng -W 4000
so the /dev/random will never block, I thus change e_os.h to force usage
of /dev/random(per our fips code reviewer's request, who thinks I need
change that for fips):
#define DEVRANDOM "/dev/random"
this looks fine, however I don't know if it's really the right thing to
do, after this change my system starts to have issues(silent reboot),
changing this line back everything runs normally.
any help is appreciated.
More information about the openssl-users